Order Code RS20639
Updated January 31, 2003
CRS Report for Congress
Received through the CRS Web
Internet Voting
Kevin Coleman
Analyst in American National Government
Government and Finance Division
Summary
Among the many issues in the ongoing national discussion about the Internet is its
use in the voting process. Because voting determines who runs the government and
entails two absolute requirements—the secret ballot and security from fraud—the stakes
are higher than for many other transactions routinely conducted via the Internet. Public
confidence about Internet security is increasing, but many feel that voting online requires
a degree of security from fraud beyond the current standard for everyday Internet use.
The National Defense Authorization Act for FY2002 and the Help America Vote Act
of 2002 included provisions to extend a pilot project for Internet voting on a limited
basis and to conduct an in-depth study for Congress on the feasibility of Internet voting
on a national basis.
Aside from voting issues, observers often refer to a “digital divide” that exists
between those who have access to computers and the Internet (and the skills to use it)
and those who do not. While Internet access is increasing, estimates show that those
with higher incomes and education levels are more likely to have Internet access, and
black and Hispanic access lags behind that of whites. Also part of the debate are issues
concerning political tradition, public confidence in Internet voting, and equal access to
the ballot. Proponents of Internet voting suggest it could increase turnout, particularly
among younger voters who are familiar with Internet technology. In the meantime,
several experiments with Internet voting in public elections took place in the 2000
election year, and more are likely in the future as the technology for online voting
evolves. This report will be updated to reflect new developments.
Overview. As computer ownership increased in the early 1990s, the Internet
introduced the concept of electronic democracy to a wide audience. By 1996, the national
parties and scores of candidates maintained websites to disseminate information, attract
donors and volunteers, and communicate directly with supporters. As an ever larger
segment of the population uses the Internet to conduct business, find news, pursue leisure
activities, and so on, the potential to use it for more than campaign purposes—to conduct
elections—has become part of the discussion of applying technology to the democratic
process. Electing officeholders via the Internet requires a level of security from fraud
Congressional Research Service ˜ The Library of Congress
CRS-2
beyond what exists with current online use, according to many observers.1 For example,
credit card fraud on the Internet “is recognized at the level of 10% of all transactions,”
according to one estimate.2 Such a level of potential fraud in an election would
undermine its legitimacy, which depends on a fair and accurate count of the ballots cast.
An Internet voting system, even one used on a limited basis in conjunction with
traditional voting methods, needs to be at least as secure as current voting methods in its
ability to safeguard a voter’s identity and provide an accurate vote count.
Officials of Election.com, the company that conducted Arizona’s online Democratic
primary last spring, claim that adequate security measures exist which make it possible
to conduct public elections on the Internet now. But other vendors, election officials, and
interested observers vigorously dispute this assertion and point out that security problems
with online voting could undermine future voter confidence in online elections. 3 As for
the expense of conducting elections online, a number of observers suggest that internet
voting will lower election costs for local officials. And at least one public opinion poll
supports the widely reported notion that younger voters are especially enthusiastic about
voting online (61% favor it) and that their rates of participation, notoriously low
compared to other groups, will increase as online voting becomes an option.4
Internet voting has been widely reported on in the press, and policy makers at the
federal and state levels are studying its implications. In Congress, Representative Jesse
Jackson Jr. introduced H.R. 3232 on Nov. 5, 1999, which directs the President to appoint
a commission to study Internet voting and make recommendations about its use in the
future. In December 1999, the President directed the National Science Foundation (NSF)
to conduct a one-year study of Internet voting. Under contract with the NSF, the Internet
Policy Institute (IPI) conducted a workshop on October 10 and 11, 2000; panelists
included federal and state government officials, social scientists, and technical experts.5
The NSF study, available at [http://www.internetpolicy.org/research/results.html], was
released in March 2001.
1 For example, the Love Bug virus of May 4, 2000, affected an estimated one million computers,
including those at many federal agencies, and caused an estimated $1 to $10 billion in damage.
Such large-scale “hacking” is only part of the problem, and attempts to breach public and private
systems occur regularly. The Pentagon estimates that its networks are hacked 250,000 times a
year, of which an estimated 500 are serious attempts to access classified systems. Scott Nance,
“‘I Love You’ Doesn’t Sway CERT,” New Technology Week, May 8, 2000, p. 5, and Gregory
Vistica, “Inside the Secret Cyberwar,” Newsweek, Feb. 21, 2000, p 48.
2 Ed Gerck, “From Voting to Internet Voting,” The Bell, vol. 1, May 2000, p. 5. Another estimate
noted that “about 5 percent to 6 percent of a typical Net retailer’s transactions are fraudulent,
compared to less than half of one percent for brick-and-mortar retailers. Fraudulent transactions
account for about 10 percent of Net retailer’s total sales.” Craig Bickenell, “Credit Card Fraud
Bedevils Web,” WiredNews, [http://www.wired.com/news/business/0,1367,18904,00.html],
visited Apr. 3, 1999.
3 Anick Jesdanun, Resistance Continues for Web Voting, Associated Press wire service,
[http://www.shapethefuture.org/content/news_100800shadow_elec13.htm], visited Oct. 30, 2000.
4 Six Out of Ten Young Voters Say Yes to Internet Voting, Business Wire,
[http://www.VoteHere.net/content/press/990723.asp], visited Oct. 8, 1999.
5 Internet Security Experts Tell Panel Remote Online Voting Not Yet Feasible, Election
Administration Reports, vol. 30, Oct. 26, 2000, p. 1.
CRS-3
On January 18, 2000 an Internet Task Force organized by California’s Secretary of
State issued its report. The Task Force report said “At this time, it would not be legally,
practically or fiscally feasible to develop a comprehensive remote Internet voting system
that would completely replace the current paper process.” The Task Force recommended
phasing in Internet voting, with remote voting as the last phase.6 In Arizona and Alaska,
some voters cast ballots on the Internet during the 2000 presidential primary season and
several other voting trials are scheduled for the November general election.
Types of Internet Voting. Two types of Internet voting are possible, and both
were used in voting trials in 2000. One method, the more basic from a technical
standpoint, is Internet voting at a traditional polling site, with computer voting machines
connected to the Internet and where election officials authenticate voters before ballots
are cast. The other method, more technically advanced, is to cast ballots over the Internet
from remote locations using electronic authentication and computer security technologies.
The Arizona Democratic primary, for example, used both methods; voters could cast their
ballots from remote locations or at any polling place. Some observers believe that remote
Internet voting should not be attempted until voters become comfortable with polling site
Internet voting and until procedures are well established to ensure accurate voter
authentication, ballot secrecy, and security. Others, however, argue that polling site
Internet voting will have little value to voters, who want the convenience of remote
Internet voting.
Technologies Behind Internet Voting. Internet voting systems use several
technologies to ensure authentication, secrecy, and security. These include encryption (the
scrambling of information in data transmissions to provide confidentiality) and electronic
signatures (methods that use such techniques as passwords, personal identification
numbers (PINs), smart cards, biometrics, and digital signatures) to verify the identity of
the voter and provide data integrity (i.e., assurance that the data is not altered during
transmission). Other computer security technologies, such as firewalls, antivirus
programs, and intrusion detection systems, are also used to prevent unauthorized hacker
access to computer systems used in the election process.7
Different types of elections require different standards for voter verification, data
integrity for ballots, and assurance against tampering. For example, private sector
elections (conducted and funded by private organizations and regulated by the sponsoring
organization) typically have lower standards for these factors than public sector elections
(conducted, funded, and regulated by government). Private sector elections have been
conducted using the Internet to a far greater extent than public sector elections.
The Current Debate: Issues and Challenges. While the computer security
technologies mentioned above are well established in theory, they have not yet been used
on a wide scale. Some government agencies, large companies, and financial institutions
use encryption, electronic signatures, and other computer security techniques in
conducting business transactions with established suppliers and customers. Some
6 California Internet Voting Task Force, A Report on the Feasibility of Internet Voting, Jan.,
2000, p. 1.
7 For a background on these technologies, see CRS Report 98-67, Internet: An Overview of Key
Technology Policy Issues Affecting its Use and Growth.
CRS-4
analysts predict that computer security technologies will proliferate at an accelerated rate
in the next few years. Few businesses, however, have implemented these technologies
for use with the general public today. Some argue that the public needs to become more
familiar and comfortable with the Internet in other aspects of life, such as by engaging in
Internet commerce, before governments should adopt Internet voting systems. Internet
voting systems could be phased in over time, from the use of Internet-connected
computers at state and local government-controlled polling sites, to remote Internet voting
from users’ home PCs. The new voting systems must also be user-friendly enough that
many voters will prefer to use the Internet method over the traditional method of voting.
Many current security components to computer systems are thought to be cumbersome
for users. The following areas are the principal concerns with Internet voting at present.
Security Issues. Protecting the voting process from electronic attacks is a
fundamental challenge both for vendors who design online voting systems and for
election administrators who run elections. As with current voting systems, any
vulnerability that could allow for voting more than once, changing a voted ballot or the
election tally, or otherwise compromising the integrity of the process, raises the potential
for fraud. In addition, Internet voting systems could be vulnerable to “denial-of-service”
attacks in which the system is flooded with e-mail messages, causing it to shut down.
Internet voting, like absentee voting, entails casting a vote from remote location and raises
a possibility of bribery or vote tampering that does not exist with in-person voting.
Safeguards can be provided through the establishment of computer security procedures
that prevent unauthorized individuals from seeing the contents of a ballot. Establishing
public trust in the security features of Internet voting systems may take time and perhaps
the use of an independent oversight or auditing organization. Negative public perceptions
of Internet voting security could be significant in the early stages of a transition to online
voting, although acceptance might increase along with advances in technology and
successful online voting trials. According to a July 1999 public opinion poll, 62%
believed that it will be many years before Internet voting can be made secure from fraud;
24% thought it could be made secure soon; and 7% believed it will never happen.8
Ballot Secrecy. Ballot secrecy must be ensured in any election in order to prevent
vote-buying and other kinds of fraud. Traditional voting at a polling place entails two
separate steps for confirming a voter’s identity and casting a ballot. The voter signs in at
the precinct poll and then proceeds to the voting booth to cast a ballot. With Internet
voting, the two steps are combined. An individual’s identity must be confirmed and then
the ballot is provided to the voter, increasing the possibility that the voted ballot, while
in transit over the Internet, could be observed, changed, or recorded along with the voter’s
identity. While encryption and electronic signatures can provide privacy for voters, there
seems to be no technical means of preventing these activities under remote Internet voting
systems.
Access. While remote Internet voting from home or the workplace will not likely
occur on a large scale for some time, it will probably raise questions concerning equal
access to the ballot. Before providing Internet voting for its 2000 Presidential primary,
the Arizona Democratic Party sought and received clearance from the Justice Department
8 ABC News Poll, July 21, 1999 (based on interviews with 1,018 adults nationally between July
17 and 18).
CRS-5
concerning Voting Rights Act restrictions on instituting changes to the electoral process.
In addition, a nonprofit group, the Voting Integrity Project, filed a federal lawsuit that
alleged the Internet voting plan diluted minority participation (see discussion in the
section on internet voting in the 2000 elections). Issues regarding access to computers
and the Internet—the digital divide—are likely to continue because of disparities between
certain groups in the electorate.
Social and Political Implications. Some observers are critical of Internet voting
on the basis of tradition, arguing that it will erode and eventually replace the most basic
form of citizen participation in the democratic process. Some have voiced concerns about
the loss of a civic ritual in which democracy, in its simplest form, is based on citizens
going to the polls. They say that “Reducing a vote to a mere key stroke of a personal
computer may diminish, not heighten, the significance of the act. At a minimum, voters
who bother to actually go to the polls tend to be people who are motivated enough to learn
about issues.... The solution to a lack of commitment of voters is not to reduce the
necessary commitment needed to vote.”9
Internet Voting in 2000 Elections. During the 2000 election cycle, a number
of limited Internet voting trials were held in both primary and general elections.
Arizona’s Democratic party launched what it called “the first-ever, legally-binding public
election over the Internet” from March 7 to March 11. The election was conducted by
Election.com, a New York-based company. Voters cast ballots from their homes or
offices between March 7th and 10th, or at polling locations on March 11.10 The party
mailed a personal identification number (PIN) to all 843,000 eligible voters, who could
subsequently vote their ballot via the Internet by logging on to the party’s website,
entering their PIN, and providing two kinds of personal identification. Voters who used
the polls could also cast their vote by paper ballot or computer at the polls. According to
the Arizona Democratic Party, about 41% of the 86,907 ballots cast in the election were
sent via the Internet from remote locations.11
The Arizona trial election created problems for some Internet voters, and resulted in
confusion in some locations because of the new procedures. Some voters with Macintosh
computers were unable to vote because their software was incompatible with the security
system used in the election. The party added phone lines in the last few days of voting
to field calls from Macintosh users and from voters who had lost their PIN and could not
vote online without it. In response to a federal lawsuit, the Party also increased the
number of polling places in the month before the primary. The Voting Integrity Project,
a nonprofit organization, filed the lawsuit in U.S. District Court in Arizona charging that
the process violated the Voting Rights Act by creating a disparity between voters with
9 Jonathan Turley, “The Mouse That Roared ... and Voted,” Los Angeles Times, Jan. 17, 2000.
10 Press release, Arizona Democratic Party Announces Internet Voting Registration Procedures
for World’s First Legally-Binding Public Election,
[http://www.election.com/us/pressroom/pr2000/0113.htm], visited Feb. 18, 2000. Federal
District Court Judge Paul G. Rosenblatt allowed the election to take place despite a lawsuit that
asserted that Internet voting would discriminate against minorities; the court could set aside the
election if minorities were under-represented among voters.
11 Arizona Democrats, “Paper Ballots vs. Internet Votes,”
[http://www.azdem.org/breakdown.html], visited June 8, 2000.
CRS-6
computers and those who lacked computer access, resulting in a dilution of minority
votes. While the Democratic Party increased the number of polling places in response to
the suit, it had difficulty finding locations with dedicated phone lines to allow for Internet
connections (although paper ballots were available at all polling locations).12 U.S. District
Court Judge Paul G. Rosenblatt permitted the election to proceed; the Voting Integrity
Project did not appeal the decision, but continues to pursue its lawsuit in district court.
Also during the Presidential primary season, voters in three election districts in
Alaska cast ballots via the Internet in the Republican Party’s Presidential straw poll on
January 24, 2000. The project was conducted by VoteHere.net, an Internet voting
company located in Bellevue, Washington, and provided 3,500 voters in remote areas the
opportunity to cast ballots in the straw poll. In the past, it was difficult for voters in these
areas to participate in the straw poll.
In the November general election, some members of the military and citizens living
abroad were eligible to vote via the Internet on November 7. Voters who were covered
by the Uniformed and Overseas Citizens Absentee Voting Act (42 U.S. Code 1973ff) and
whose legal residence was one of fourteen counties participating in the project in Florida,
South Carolina, Texas, and Utah were eligible to participate.13 The pilot project was
limited to a total of 350 voters who could request and vote an absentee ballot via the
Internet; 84 voters (representing 28 states and territories, and 12 countries) cast ballots
under the program. A report (available at [http://www.fvap.ncr.gov/voi.html]) evaluating
the program was issued by the Federal Voting Assistance Program, which administers the
federal law, in June 2001.
Internet Voting in Recent Legislation.The Defense Authorization Act for
FY2002 (P.L. 107-107), included a number of provisions concerning uniformed services
voters, one of which continued the Internet voting pilot program administered by the
Federal Voting Assistance Program. It was signed into law by the President on December
28, 2001. The program permits some absentee uniformed services voters to cast ballots
in federal elections through an electronic voting system. It is expected that the program
will include more states than the four that participated in 2000, and should be accessible
for both registration and voting beginning with primary elections in 2004.
The Help America Vote Act (P.L. 107-252) included a requirement that the Election
Assistance Commission established under the law conduct a thorough study of the
potential for registering and voting on the Internet. Study topics include the requirements,
impact, and cost of Internet registration and voting, as well as the means of ensuring
equity of access to all citizens. The law calls for submission of a report to Congress 20
months after enactment.
12 “Internet Voting Off to Rocky Start in Arizona Democratic Party-Run Primary,” Election
Administration Reports, vol. 30, Mar. 20, 2000, p. 4.
13 The jurisdictions include Orange and Oskaloosa counties, FL; Dallas County, TX; Weber
County, UT; and in South Carolina, Beaufort, Greenville, Greenwood, Horry, Lancaster, Laurens,
Lexington, McCormick, Orangeburg, Pickens, and York counties.