Why Can't Americans Vote Online?

Many ask the valid question of why we cannot vote like we live in 2016 – online. We bank, shop, work, talk, and do just about everything else online, so why not voting? Some smaller countries do it – Chile and Estonia, for example, but in general there is a substantial risk to hacking.

The unfortunate truth is that our online banking and email are only as secure as they are, which depending whether you have two factor authentication and complex passwords might not be too secure, because most of us aren't important enough to be the focus of targeted hacking. It is often called 'security through obscurity' – we blend into the crowd.

A United States election online would not be secure by blending in, there are too many parties (both internal and external) with vested interest in the outcome of the election. The election would be a major target to hackers from every corner of the planet, and it would bring out the best of the best as private bounties are offered for anyone who can generate a return on that investment. Consider how incentivized a single hacker would be for $10M (I made that number up) and how trivial that sum would be to the person/group offering if they could place investments such that they'd benefit orders of magnitude more than that with a controlled outcome.

The biggest hurdle is in verifying the identity of who is trying to vote. You can either make it really challenging and risk violating privacy as well as prevent a large number of (generally lower income) people from voting, or you can make it less challenging and almost guarantee it is compromised. 

So let's dive into what those might look like. If you made it more secure, you could verify fingerprints which would require the entire nation to be fingerprinted (expensive, time consuming, and a major imposition on privacy). You can do ID scanning which would require having an ID (many don't), a good enough camera to scan it clearly (which many don't have), and this still doesn't address the issue that, as many 19 year olds will attest, IDs are relatively easy to fake. The website would have to be encrypted, of course, but on places like college campuses a bad actor on the network could spoof the SSL certificate and intercept, decrypt, and change, all voting traffic that takes place on that network.

If you made it less secure, then there is nothing to stop people from voting en masse for the millions of American's whose personal information is readily available for sale on the darker corners of the internet. It is unsettling, but nearly everyone has some amount of their personal information for sale somewhere, and if you use common passwords or predictable security questions, it would be trivial to submit a vote on your behalf before you even figure out who you're voting for.

I'm sure this is just the tip of the iceberg. Suffice it to say that even with strict identification practices, it would be a challenge. All of this ignores the nontrivial portion of this country without a reliable internet connection, computer access, or technical wherewithal to actually vote online even if it is an option.

It will be interesting to see what they come up with, but unfortunately the most secure scenarios I can think of will really upset the libertarian-minded citizens, as they'd basically require submitting biometric data to the government (never mind how expensive that effort would be).