Internet voting is not secure and should not be used in public elections



With the spread of the Internet,

the ban on online election campaigns has been lifted in Japan, but as of the time of writing, the Public Offices Election Act does not permit online voting. While the introduction of online voting is being discussed in Japan, some countries around the world already use it . However, the CITP Blog , run by Princeton University's Center for Information Technology Policy, explains that online voting is not secure and should not be used in public elections.

Internet voting is insecure and should not be used in public elections - CITP Blog
https://blog.citp.princeton.edu/2026/01/16/internet-voting-is-insecure-and-should-not-be-used-in-public-elections/



The small European country of Estonia uses internet voting for national elections , but security experts have long argued that internet voting is insecure and that the technology to make it secure does not yet exist, and likely never will.

However, there are still vendors offering internet voting systems that continue to claim that their new systems are different from the conventional ones and that insecurity is not an issue. These claims are misleading and dangerous, the CITP Blog pointed out.



◆All Internet voting systems are insecure
All internet voting systems are insecure. This insecurity is more serious than that of properly operated traditional paper voting systems, because a small number of individuals could potentially have the power to change some or all of the votes going through the system without being detected. The CITP Blog lists the following three major weaknesses of internet voting:

1: If a voter's smartphone or PC is infected with malware, the vote sent may be different from the one selected and confirmed by the voter.
Voters use a variety of devices (Android, iPhone, Windows, Mac) and are constantly under malware attack. Malware or insiders on servers can change voting results. Internet servers are constantly being hacked from around the world, often with serious consequences.

'If online voting documents are printed and scanned at election offices, malware could potentially tamper with the results. The CITP Blog also points out that the computers used for elections are not as secure as other government or commercial servers. They are regularly hacked, causing devastating damage,' the blog said.

UK Electoral Commission apologises for cyber attack that included access to personal information of 40 million voters - GIGAZINE



2: Malware or insiders on the server could change the results of the vote.
Internet servers are constantly being hacked from all over the world, often with serious consequences.

3: Malware infiltrating election offices could lead to alteration of voting results.
The CITP Blog pointed out that in the case of a system where online voting documents are printed and scanned at election offices, there is a risk that the election office's computers could be hacked and the voting results altered. The CITP Blog pointed out that election office computers are not as secure as other government or commercial servers, and are regularly hacked, causing devastating damage.

While traditional paper ballots are not completely secure, the problem with internet voting is that a single attacker could potentially alter the results of a huge number of votes with a single large-scale attack, which would be much more difficult with handwritten paper ballots, the CITP Blog points out.

Even end-to-end verifiable internet voting systems are not secure
There is also the concept of an 'end-to-end verifiable internet voting system' (E2E-VIV). This system allows voters to verify that their votes have been correctly recorded and counted, and has been proposed to address the weaknesses of existing internet voting systems. However, the CITP Blog points out that E2E-VIV also has the following weaknesses:

1. Voters have to rely on computer apps for verification, but if those verification apps are infected with malware, they could lie to voters.

2: Voters should not be able to prove to others how they voted. The technical term is ' receipt-free .' Otherwise, attackers could build an automated system to buy large numbers of votes over the Internet. However, the CITP Blog pointed out that a receipt-free E2E-VIV system is complex and counterintuitive to people.

3) Creating a reliable, receipt-free E2E-VIV checking app is difficult. The best known solution is to check only discarded ballots and only allow unchecked ballots to be cast. This is also 'highly counterintuitive for most voters,' the CITP Blog pointed out.

4. The check app must be separate from the voting app. Otherwise, malware protection will not work at all. However, due to human nature, very few voters will take the extra steps to run the check protocol. If they rarely use the checker, the checker will be largely ineffective.

5. Even if some voters use the Check App, if the system detects fraud (which is the purpose of the Check App), there is no way for the voter to prove it to election officials. This means there is no effective dispute resolution protocol.

The problem with known E2E-VIV systems proposed so far is that the 'verification' part does not provide any useful security. Even if a small percentage of voters use the check protocol and notice that the system is occasionally cheating, the system can still steal the votes of all voters who do not use the check protocol. While one might think that 'if some voters notice the system cheating, election officials can take appropriate measures,' the CITP Blog points out that appropriate measures are impossible.

Election officials cannot cancel an election just because a few voters claim without evidence that the system is rigged. 'This is why there is no dispute resolution protocol,' the CITP Blog noted.

There is a voting system called 'VoteSecure' that is end-to-end verifiable, but it has also been pointed out to have serious security flaws, and the CITP Blog also states that 'VoteSecure is not secure.'

VoteSecure - Privacy-Preserving Blockchain Voting
https://votesecure.net/



The scientific consensus that internet voting cannot be secured using existing technology has been building for decades. While research into future technologies is certainly worthwhile, the CITP Blog argues that decades of research into E2E-VIV systems has not produced any solutions, or even the hope of solving, the fundamental problems.

The CITP Blog wrote, 'When it comes to internet voting systems, election authorities and journalists should pay particular attention to 'science from the press release,' because one day, internet voting solutions may be proposed that can withstand scientific scrutiny. The most reliable way to evaluate them is through peer-reviewed scientific papers. Reputable cybersecurity conferences and academic journals publish many excellent scientific papers in this field.'

Related Posts:

in Security, Posted by logu_ii