The Independent Media Institute’s Voting Booth project obtained a copy of Iowa’s RFP and asked industry and academic experts in remote voting and election cyber-security to assess Iowa’s envisioned telephone-based system. The experts’ top concerns—based on observing similar voting systems used in Canada and abroad, Utah’s Republican caucuses in 2016 and 2018, and in private-sector elections—were, surprisingly, not a reprise of 2016’s Russian hacking. Instead, the experts cited other likely problems that could mar the caucus’s credibility….
The top red flags concerned potentially thousands of older people having trouble with using a new and unfamiliar telephone system. Specifically, the experts cited voters having to be authenticated by entering serial numbers on their government ID cards and a PIN sent by email (after registering weeks before), and then having to rank the five top candidates in a lengthy and possibly clumsy process.
“Twenty-three candidates? Do you know how long that will take to listen to have that list read out?” said Aleksander Essex, a cybersecurity and cryptography expert who focuses on telephone and online systems and runs the Western Information Security and Privacy Research Laboratory at Ontario’s Western University. “‘If you want candidate one, press one… If you want candidate two, press two…’ That’s the problem with telephone voting from a usability perspective, aside from everything else. You have to sit there.”
The “everything else” that Essex and other experts alluded to also begins at the starting line of the remote voting process, such as people other than the voter trying to access and submit their ballots. The concerns continue with cracks in the layers of technology that lie below the surface of any phone, web or app-based interface, and possibly could be exploited. And there’s any accusation, factual or not, that casts doubt on the outcome.