The Cyber Risks of Online Voting: Breaking Down the Barriers to Trust

Loading the Elevenlabs Text to Speech AudioNative Player...

Can online voting truly balance convenience and the appeal of higher turnouts with the need for ironclad security? It’s a tough question; the cybersecurity risks present tough challenges in ensuring trust in democratic processes. Here’s more on the cyber risks of online voting and potential ways to break down the barriers to trust.

The Allure of Online Voting

Interesting research from the US back in 2021 found that 74 percent of survey respondents would be equally or more likely to vote online if they had the option. A similar fascinating finding in Germany was that 63% of German voters would have liked to cast their vote for the federal election in 2021 online. This appeal stems from a variety of factors.

Convenience

One key attraction of online voting lies in its promise to make the voting process as simple as a few clicks. By eliminating the need to physically visit polling stations, online voting could revolutionize participation for:

  • People living in remote or rural areas, who often face logistical challenges in accessing polling stations. Online voting offers a practical solution, particularly for countries with vast geographical barriers.
  • The mllions of citizens living abroad who often struggle to vote due to cumbersome absentee ballot systems. For instance, Estonia’s online voting system, in place since 2005, allows expatriates to vote from anywhere in the world, which dramatically increases participation.
  • People with mobility issues or other physical issues that make showing up to polling stations a hassle.

Increased Voter Turnout

When you offer people a more convenient way to vote that takes far less time from their day, it makes intuitive sense to expect increased voter turnouts. This is a particularly important point among younger generations, who are often disengaged with traditional voting methods and, therefore, underrepresented in terms of their say in elections. Millennials and Gen Z are accustomed to managing life digitally—from banking to social interactions.

Also, many people cite lack of time as a reason for not voting. Online systems could allow voters to participate even during a quick coffee break on a hectic workday or after putting their children to bed.

The Core Cyber Risks Of Online Voting

In a world increasingly defined by digital interactions, the expectation for online voting aligns with broader societal trends. So it’s natural to wonder why the implementation of online voting hasn’t yet gained much adoption or traction. And a huge factor here is the substantial cybersecurity risks. Voting systems are unique—they carry an exceptionally high bar for integrity, confidentiality, and availability, all of which are constantly threatened in an online context by risks like:

1. Voter Authentication Challenges

Online voting must ensure that only eligible voters can cast their ballots and that each person votes only once. However, verifying voter identity securely without compromising privacy is a tough challenge.

Digital systems are vulnerable to identity theft and impersonation. An attacker could exploit weak authentication mechanisms to submit fraudulent votes. The Voatz mobile voting app, used in limited U.S. midterm elections, faced criticism when MIT researchers demonstrated that hackers could intercept sensitive voter data. This raised concerns about the authentication protocols used. In-person voting benefits from physical ID checks and human oversight, which are far harder to replicate securely in a digital environment.

2. Susceptibility to Hacking

Online voting systems are high-value targets for nation-state actors, hacktivists, and cybercriminals. Attackers could exploit vulnerabilities to tamper with results or disrupt the voting process entirely.
Hackers could intercept votes during transmission and alter their content to undermine the integrity of an election. Centralized servers used for storing and counting votes could be targeted, which would risk the mass manipulation of election results. A public intrusion test conducted on Swiss Post’s e-voting system uncovered flaws that could’ve allowed attackers to manipulate votes undetected.

3. Lack of Auditability and Transparency

One of the greatest strengths of traditional voting methods is their auditability. Paper ballots provide a tangible, verifiable trail, while online voting systems struggle to offer equivalent transparency. Even with technologies like blockchain, verifying individual votes while maintaining voter anonymity is technically and ethically challenging. Without an easy way to audit results, even minor suspicions of tampering can erode public trust in the electoral process.

4. Denial-of-Service (DoS) Attacks

Election infrastructure must be available to voters during a specific timeframe. Online voting systems are particularly vulnerable to DoS or Distributed Denial-of-Service (DDoS) attacks, where attackers flood servers with traffic, rendering them inaccessible. These attacks leverage huge networks of bots to inundate systems and take them offline.

An interesting incident highlighted this risk just recently in Georgia, in October 2024. Hackers tried to crash the US state’s online portal for absentee ballot requests with at least 420,000 IP addresses accessing the site at once. Even a short-lived outage during voting hours can disenfranchise voters, skew results, and undermine trust in the system.
Transparency and Trust: The Achilles’ Heel

The Future of Secure Elections

The pressure to modernize election systems continues to grow as the world becomes increasingly digitized. Online voting remains a tantalizing prospect that feels within reach, yet somehow too prone to cybersecurity risks. Innovation, collaboration, and rigorous security measures could make such systems viable, though. The future of secure elections lies in balancing technological advancements with uncompromising safeguards for trust, transparency, and integrity.

One potential way to secure elections is to adopt a hybrid model by combining traditional voting methods with selective digital enhancements. For example, secure digital platforms can simplify voter registration, ensuring accuracy and accessibility. This would offer a way to show these systems can work and gain trust in the process.

The integrity of elections is a universal concern, which makes global cooperation essential. Standardized frameworks for developing and testing secure voting systems could accelerate progress here.

Continuous Security Validation

The evolving and never-ending nature of cyber threats makes continuous validation of online voting system security imperative. Election systems must not only withstand current threats but also anticipate future ones. Here, penetration testing emerges as a vital practice for simulating adversarial attacks and identifying vulnerabilities.

Transparent communication about the results of penetration tests can bolster confidence in the system’s resilience; when a team of experts has tried to hack it and can’t, you know security is robust. Mandating penetration tests as part of the certification process for any online voting platform could set a new standard for security, but those tests should be repeated regularly too.

At DIESEC, we can find security vulnerabilities by comprehensively testing your IT systems.
After all, it’s not just voting systems that demand rigorous protection—IT environments in everything from financial networks to healthcare platforms need to maintain trust, integrity, and functionality in the face of evolving threats. Our team of experts provide clear results on the current security status of your infrastructure, the exact potential for improvement, and where there is a general need for action.

Contact us to learn more.