Redistributed as a Service of the National Library for the Environment*
RS20639: Internet Voting: Issues and Legislation
Richard M. Nunno
Updated January 16, 2001
Among the many issues in the ongoing, national discussion about the Internet is its use in the voting process. Because voting determines who runs the government and entails two absolute requirements--the secret ballot and security from fraud--the stakes are higher than for many other transactions routinely conducted via the internet. Public confidence about Internet security is increasing, but many feel that voting online requires a degree of security from fraud beyond the current standard for everyday internet use.
Aside from voting issues, observers often refer to a "digital divide" that exists between those who have access to computers and the Internet (and the skills to use it) and those who do not. While Internet access is increasing, estimates show that those with higher incomes and education levels are more likely to have Internet access, and black and Hispanic access lags behind that of whites. Also part of the debate are issues concerning political tradition, public confidence in Internet voting, and equal access to the ballot. Proponents of internet voting suggest it could increase turnout, particularly among younger voters who are familiar with internet technology. In the meantime, several experiments with Internet voting in public elections have taken place this election year and more are likely in the future as the technology for online voting evolves. This report will be updated to reflect new developments.
Overview. As computer ownership increased in the early 1990s, the Internet introduced the concept of electronic democracy to a wide audience. By 1996, the national parties and scores of candidates maintained websites to disseminate information, attract donors and volunteers, and communicate directly with supporters. As an ever larger segment of the population uses the Internet to conduct business, find news, pursue leisure activities, and so on, the potential to use it for more than campaign purposes--to conduct elections-- has become part of the discussion of applying technology to the democratic process. Electing officeholders via the Internet requires a level of security from fraud beyond what exists with current online use, according to many observers. (1) For example, credit card fraud on the Internet, "is recognized at the level of 10% of all transactions," according to one estimate. (2) Such a level of potential fraud in an election would undermine its legitimacy, which depends on a fair and accurate count of the ballots cast. An Internet voting system, even one used on a limited basis in conjunction with traditional voting methods, needs to be at least as secure as current voting methods in its ability to safeguard a voter's identity and provide an accurate vote count.
Officials of Election.com, the company that conducted Arizona's online Democratic primary last spring, claim that adequate security measures exist which make it possible to conduct public elections on the Internet now. But other vendors, election officials, and interested observers vigorously dispute this assertion and point out that security problems with online voting could undermine future voter confidence in online elections. (3) As for the expense of conducting elections online, a number of observers suggest that internet voting will lower election costs for local officials. And at least one public opinion poll supports the widely reported notion that younger voters are especially enthusiastic about voting online (61% favor it) and their rates of participation, notoriously low compared to other groups, will increase as online voting becomes an option. (4)
Internet voting has been widely reported on in the press, and policy makers at the federal and state levels are studying its implications. In Congress, Representative Jesse Jackson Jr. introduced H.R. 3232 on Nov. 5, 1999, which directs the President to appoint a commission to study Internet voting and make recommendations about its use in the future. In December 1999, the President directed the National Science Foundation (NSF) to conduct a one-year study of Internet voting. Under contract with the NSF, the Internet Policy Institute (IPI) conducted a workshop on October 10 and 11, 2000; panelists included federal and state government officials, social scientists, and technical experts, whose discussions will be part of the NSF study due for release in January or February 2001. (5)
On January 18, 2000 an Internet Task Force organized by California's Secretary of State issued its report. The Task Force report said "At this time, it would not be legally, practically or fiscally feasible to develop a comprehensive remote Internet voting system that would completely replace the current paper process." The Task Force recommended phasing in Internet voting, with remote voting as the last phase. (6) In Arizona and Alaska, some voters cast ballots on the Internet during the 2000 presidential primary season and several other voting trials are scheduled for the November general election.
Types of Internet Voting. Two types of Internet voting are possible, and both were used in voting trials in 2000. One method, the more basic from a technical standpoint, is Internet voting at a traditional polling site, with computer voting machines connected to the Internet and where election officials authenticate voters before ballots are cast. The other method, more technically advanced, is to cast ballots over the Internet from remote locations using electronic authentication and computer security technologies. The Arizona Democratic primary, for example, used both methods; voters could cast their ballots from remote locations or at any polling place. Some observers believe that remote Internet voting should not be attempted until voters become comfortable with polling site Internet voting and when procedures are well established to ensure accurate voter authentication, ballot secrecy, and security. Others, however, argue that polling site Internet voting will have little value to voters, who want the convenience of remote Internet voting.
Technologies Behind Internet Voting. Internet voting systems use several technologies to ensure authentication, secrecy, and security. These include encryption (the scrambling of information in data transmissions to provide confidentiality), and electronic signatures (methods that use such techniques as passwords, personal identification numbers (PINs), smart cards, biometrics, and digital signatures) to verify the identity of the voter and provide data integrity (i.e., assurance that the data is not altered during transmission). Other computer security technologies, such as firewalls, antivirus programs, and intrusion detection systems, are also used to prevent unauthorized hacker access to computer systems used in the election process. (7)
Different types of elections require different standards for voter verification, data integrity for ballots, and assurance against tampering. For example, private sector elections (conducted and funded by private organizations and regulated by the sponsoring organization) typically have lower standards for these factors than public sector elections (conducted, funded, and regulated by government). Private sector elections have been conducted using the Internet to a far greater extent than public sector elections.
The Current Debate: Issues and Challenges. While the computer security technologies mentioned above are well established in theory, they have not yet been used on a wide scale. Some government agencies, large companies, and financial institutions use encryption, electronic signatures, and other computer security techniques in conducting business transactions with established suppliers and customers. Some analysts predict that computer security technologies will proliferate at an accelerated rate in the next few years. Few businesses, however, have implemented these technologies for use with the general public today. Some argue that the public needs to become more familiar and comfortable with the Internet in other aspects of life, such as by engaging in Internet commerce, before governments should adopt Internet voting systems. Internet voting systems could be phased in over time, from the use of Internet-connected computers at state and local government-controlled polling sites, to remote Internet voting from users' home PCs. The new voting systems must also be user-friendly enough that many voters will prefer to use the Internet method over the traditional method of voting. Many current security components to computer systems are thought to be cumbersome for users. The following areas are the principal concerns with Internet voting at present:
Security issues. Protecting the voting process from electronic attacks is a fundamental challenge both for vendors who design online voting systems and election administrators who run elections. As with current voting systems, any vulnerability that could allow for voting more than once, changing a voted ballot or the election tally, or otherwise compromising the integrity of the process, raises the potential for fraud. In addition, Internet voting systems could be vulnerable to "denial-of-service" attacks in which the system is flooded with e-mail messages, causing it to shut down. Internet voting, like absentee voting, entails casting a vote from remote location and raises a possibility of bribery or vote tampering that does not exist with in-person voting. Safeguards can be provided through the establishment of computer security procedures that prevent unauthorized individuals from seeing the contents of a ballot. Establishing public trust in the security features of Internet voting systems may take time and perhaps the use of an independent oversight or auditing organization. Negative public perceptions of Internet voting security could be significant in the early stages of a transition to online voting, although acceptance might increase along with advances in technology and the successful online voting trials. According to a July 1999 public opinion poll, 62 % believed that it will be many years before Internet voting can be made secure from fraud; 24 % thought it could be made secure soon; and 7 % believed it will never happen. (8)
Ballot secrecy. Ballot secrecy must be ensured in any election in order to prevent vote-buying and other kinds of fraud. Traditional voting at a polling place entails two separate steps for confirming a voter's identity and casting a ballot. The voter signs in at the precinct poll and then proceeds to the voting booth to cast a ballot. With Internet voting, the two steps are combined. An individual's identity must be confirmed and then the ballot is provided to the voter, increasing the possibility that the voted ballot, while in transit over the Internet, could be observed, changed, or recorded along with the voter's identity. While encryption and electronic signatures can provide privacy for voters, there seems to be no technical means of preventing these activities under remote Internet voting systems.
Access. While remote Internet voting from home or the workplace will not likely occur on a large scale for some time, it will probably raise questions concerning equal access to the ballot. Before providing Internet voting for its 2000 Presidential primary, the Arizona Democratic Party sought and received clearance from the Justice Department concerning Voting Rights Act restrictions on instituting changes to the electoral process. In addition, a non-profit group, the Voting Integrity Project, filed a federal lawsuit that alleged the Internet voting plan diluted minority participation (see discussion in the section on internet voting in the 2000 elections). Issues regarding access to computers and the Internet--the digital divide--are likely to continue because of disparities between certain groups in the electorate.
Social and political implications. Some observers are critical of Internet voting on the basis of tradition, arguing that it will erode and eventually replace the most basic form of citizen participation in the democratic process. Some have voiced concerns about the loss of a civic ritual in which democracy, in its simplest form, is based on citizens going to the polls. They say that "Reducing a vote to a mere key stroke of a personal computer may diminish, not heighten, the significance of the act. At a minimum, voters who bother to actually go to the polls tend to be people who are motivated enough to learn about issues.... The solution to a lack of commitment of voters is not to reduce the necessary commitment needed to vote." (9)
Internet Voting in Elections of 2000. During the 2000 election cycle, a number of limited Internet voting trials were held in both primary and general elections. Arizona's Democratic party launched what it called "the first-ever, legally-binding public election over the Internet" from March 7-March 11. The election was conducted by Election.com, a New York-based company. Voters cast ballots from their homes or offices between March 7th and 10th, or at polling locations on March 11. (10) The party mailed a personal identification number (PIN) to all 843,000 eligible voters, who could subsequently vote their ballot via the Internet by logging on to the party's website, entering their PIN, and providing two kinds of personal identification. Voters who used the polls could also cast their vote by paper ballot or computer at the polls. According to the Arizona Democratic Party, about 41% of the 86,907 ballots cast in the election were sent via the Internet from remote locations. (11)
The Arizona trial election created problems for some Internet voters, and resulted in confusion in some locations because of the new procedures. Some voters with Macintosh computers were unable to vote because their software was incompatible with the security system used in the election. The party added phone lines in the last few days of voting to field calls from Macintosh users and from voters who lost their PIN and could not vote online without it. In response to a federal lawsuit, the Party also increased the number of polling places in the month before the primary. The Voting Integrity Project, a nonprofit organization, filed the lawsuit in U.S. District Court in Arizona charging that the process violated the Voting Rights Act by creating a disparity between voters with computers and those who lacked computer access, resulting in a dilution of minority votes. While the Democratic Party increased the number of polling places in response to the suit, it had difficulty finding locations with dedicated phone lines to allow for Internet connections (although paper ballots were available at all polling locations). (12) U.S. District Court Judge Paul G. Rosenblatt permitted the election to proceed; the Voting Integrity Project did not appeal the decision, but continues to pursue its lawsuit in district court.
Also during the Presidential primary season, voters in three election districts in Alaska cast ballots via the Internet in the Republican Party's Presidential straw poll on January 24, 2000. The project was conducted by VoteHere.net, an Internet voting company located in Bellevue, Washington, and provided 3,500 voters in remote areas the opportunity to cast ballots in the straw poll. In the past, it was difficult for voters in these areas to participate in the straw poll.
In the November general election, some members of the military and citizens living abroad were eligible to vote via the Internet on November 7. Voters who were covered by the Uniformed and Overseas Citizens Absentee Voting Act (42 U.S. Code 1973ff) and whose legal residence was one of fourteen counties participating in the project in Florida, South Carolina, Texas and Utah were eligible to participate. (13) The pilot project was limited to a total of 350 voters who could request and vote an absentee ballot via the Internet; 84 voters (representing 28 states and territories, and 12 countries) cast ballots under the program.
Legislation in the 107th Congress. Representative DeFazio introduced H.R. 57 on January 3, 2001, which establishes a commission to study and make recommendations on the electoral process , including the study of the advantages and disadvantages of Internet voting. In the 106th Congress, Representative Jesse Jackson, Jr. introduced H.R. 3232 on November 5, 1999; it was referred to the Committee on House Administration. The bill directs the President to conduct a study of issues of Internet voting in consultation with an advisory group and to report its findings within six months of approval of the measure. The report would include recommendations to address issues raised in the report, including legislative measures.
1. (back)For example, the Love Bug virus of May 4, 2000, affected an estimated one million computers, including those at many federal agencies, and caused an estimated $1 to $10 billion in damage. Such large-scale "hacking" is only part of the problem, and attempts to breech public and private systems occur regularly. The Pentagon estimates that its networks are hacked 250,000 times a year, of which an estimated 500 are serious attempts to access classified systems. Scott Nance, "'I Love You' Doesn't Sway CERT," New Technology Week, May 8, 2000, p. 5, and Gregory Vistica, "Inside the Secret Cyberwar," Newsweek, Feb. 21, 2000, p 48.
2. (back)Ed Gerck, "From Voting to Internet Voting," The Bell, vol. 1, May 2000, p. 5. Another estimate noted that "about 5 percent to 6 percent of a typical Net retailer's transactions are fraudulent, compared to less than half of one percent for brick-and-mortar retailers. Fraudulent transactions account for about 10 percent of Net retailer's total sales." Craig Bickenell, "Credit Card Fraud Bedevils Web," WiredNews, http://www.wired.com/news/business/0,1367,18904,00.html, visited Apr. 3, 1999.
http://live.altavista.com/e?efi=901&ei=228983&ern=y, visited Oct. 30, 2000.
7. (back)For a background on these technologies, see CRS Report 98-67, Internet: An Overview of Key Technology Policy Issues Affecting its Use and Growth.
Turley, "The Mouse That Roared ... and Voted,"
10. (back)Press release, Arizona Democratic Party Announces Internet Voting Registration Procedures for World's First Legally-Binding Public Election http://www.election.com/press/pr2000/0113.html, visited Feb. 18, 2000. Federal District Court Judge Paul G. Rosenblatt allowed the election to take place despite a lawsuit that asserted that Internet voting would discriminate against minorities; the court could set aside the election if minorities were under-represented among voters.
http://www.azdem.org/breakdown.html, visited June 8, 2000.
13. (back)The jurisdictions include Orange and Oskaloosa counties, FL; Dallas County, TX; Weber County, UT; and in South Carolina, Beaufort, Greenville, Greenwood, Horry, Lancaster, Laurens, Lexington, McCormick, Orangeburg, Pickens, and York counties.
|National Council for Science and the Environment
1725 K Street, Suite 212 - Washington, DC 20006
202-530-5810 - info@NCSEonline.org