In an open, expert-endorsed letter to U.S. Governors, the American Association for the Advancement of Science (AAAS) argues that internet voting should not be used for public elections, as it currently has no means of conducting valid audits of results:
"“Scientists and security experts express concern regarding a number of potential vulnerabilities facing any internet voting platform, including malware and denial of service attacks; voter authentication; ballot protection and anonymization; and how disputed ballots are handled. Importantly, there is no way to conduct a valid audit of the results due to the lack of a meaningful voter-verified paper record.”
The letter additionally claims that the use of blockchain architecture fails to address such issues with voting but, rather, creates a larger surface area for attacks. The AAAS also questioned how information would be stored, decrypted and transferred to a durable paper record. Steve M. Newell, project director at the AAAS, notes that such findings are supported by the 2018 NASEM report and comments on the letter’s timing: with the Covid-19 outbreak leading many state officials to consider alternatives to traditional voting methods, it is more important than ever to recognize the scientific communities consensus on internet voting’s shortcomings.
The letter suggests that, other things considered equal, blockchain systems do not add additional security and privacy when it comes to the practice of voting in general elections. Contrarily, the AAAS assets that such systems create substantial risks for voter privacy and avenues for election manipulation: “ information captured from voters exposes them to serious risk of identity theft, and information from overseas military voters risks potentially providing adversaries with intelligence regarding military deployments, endangering the lives of service members and national security.” The findings on blockchain systems in the letter are primarily supported by an in-depth study of ‘Voatz’, a voting dApp, with MIT researchers reporting, among other potential vulnerabilities, that “Voatz’s servers are vulnerable to manipulation ‘surreptitiously violating user privacy, altering the user’s vote, and controlling the outcome of the election.’”