McAfee, think tank push online voting, but recognize security risks

A new paper calls for a push to solve security problems related to Internet voting

The U.S. and other nations should look toward Internet voting to make it easier for disabled and elderly people to cast ballots, and to increase participation among young people, but online security remains a huge hurdle, according to a new paper for the Atlantic Council and McAfee.

Online voting has "the power to revolutionize the democratic process around the world," said the paper, released Wednesday by the think tank and Intel's security division. However, online security will "need to be vastly improved."

With the paper, the Atlantic Council and McAfee are pushing to "change the nature of the cybersecurity debate," said Tom Gann, McAfee's vice president of government relations. "Our goal is to move the public discussion from one that all too often focuses on gloom and doom, to one that focuses on the age of the possible."

The paper lists several potential solutions to the security problems, including broader use of encryption, biometric identification, and preconfigured bootable USB sticks or CDs containing voting software that could be sent to voters.

But as the U.S heads toward a national election in November, large-scale online voting systems in the country are a long way off, some security and e-voting experts said during a discussion of the paper at the think tank.

With the underlying and ongoing security problems of the Internet, secure online voting on a large scale may still be 30 to 40 years away, said Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology.

"You hear about all these breaches; every day there's a new news story," said Pamela Smith, president of Verified Voting, a group that has pushed for electronic voting audit trails. "You wonder sometimes where the idea of sending something as valuable as votes over the Internet, how did that get to be a good idea?"

In the U.S., local governments, many with tiny IT budgets, run elections, Smith said. Many local governments don't have the resources to fix problems or fight off attacks against online voting systems, she said.

Much of the focus on security for online elections has until now focused on securing the network, but vulnerabilities on voters' devices could also cause problems, said Representative Jim Langevin, a Rhode Island Democrat. "Relying on a voter's PC or smartphone to honestly represent her intentions is simply naive with malware as prevalent as it is," he said.

In addition, online voting compounds one of the stickier problems of earlier electronic voting machines, in that it can be difficult to verify and audit votes after they are cast, Hall noted. "If you don't have something to audit, if you don't have something to recount, that is independent of the software, you may be in a world of hurt," he said.

Other panelists disagreed about the maturity of online voting systems. A handful of countries including Brazil, Estonia and Switzerland have already rolled out online voting systems, noted Damon Wilson, the executive vice president of Atlantic Council.

Other countries are moving toward online voting in the near future, added Jordi Puiggali, chief security officer at elections technology vendor Scytl. It is possible now to run secure online elections using encryption and other security measures, he said.

"It's impossible to say in 20 years, 'now the Internet is secure,'" he said. "We will have new threats."

With a huge number of potential benefits, technologists and policymakers should focus on improving online voting security independent of the underlying network, said Kent Landfield, McAfee's director of standards and technology policy.

"We don't want wait 30 years to get the Internet as stable as it could be for electronic voting online," he said. "We need to start looking at how to design the voting system to ride on top of that kind of infrastructure, knowing the infrastructure itself is not as secure as we want."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Tom GannVerified VotingDamon WilsonAtlantic CouncilKent LandfieldPamela SmithJim LangevinScytle-votingmcafeesecurityJoseph Lorenzo HallJordi PuiggaliCenter for Democracy and Technologygovernmentintel

More about AtlanticIDGIntelIslandNewsSwitzerlandTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts