Security researchers pretty much uniformly agree that letting people vote online is a very bad idea, one that is fraught with risks and vulnerabilities that could have unknowable consequences for the future of democracy.

This week, the Utah GOP is going to give it a whirl anyway.

On Tuesday, registered Republicans in Utah who want to participate in their state's caucus will have the option to either head to a polling station and cast a vote in person or log onto a new website and choose their candidate online. To make this happen, the Utah GOP paid more than $80,000 to the London-based company Smartmatic, which manages electronic voting systems and internet voting systems in 25 countries and will run the Utah GOP caucus system.

Smartmatic's system allows people to register to vote online. Then they receive a unique PIN code to their mobile phones or emails, which they use to vote on election day. Once the vote has been cast, the system generates a unique code, which voters can use to look themselves up on a public-facing bulletin board. Each code will match up to the name of a candidate, so people can check that their votes have been properly recorded. As of Monday morning, 59,000 Utah Republicans had registered to vote online.

The new online process was spearheaded by Utah GOP chairman James Evans, who was looking for ways to make the caucus process more convenient and accessible for voters. That stands to reason, given the fact that voter participation in Utah has been in decline in recent years.

Evans says he was aware of the potential security risks, but in a call with WIRED last week, he dismissed many of these oft-cited vulnerabilities as “far-fetched" and said that as a private political party, the Utah GOP isn’t held to the same security standards as the government.

“We are a private political organization, so we can choose the acceptable level of risk that we choose,” he said, “and we will not be compared to a government-run election.”

That idea alone should give anyone who cares about the integrity of this country’s elections pause. Just because a political party accepts a certain level of risk when it comes to online voting, should we?

The Devil You Don't Know

While the Utah GOP may be the latest to experiment in Internet-based elections, it’s far from the first group to do so. These elections have been tried in Alaska and Washington DC, as well as in countries around the world, from Australia to Estonia to Canada. Every time, researchers have detected substantial vulnerabilities in the systems that ran them. Similar attempts by the Department of Defense to create a central portal for military members to vote online have been shot down for the same reasons.

As Poorvi Vora, a computer science professor specializing in voting technology at George Washington University, put it: "It’s a particularly bad idea. It’s a near unanimous opinion."

That’s because while companies like Smartmatic may take every possible security precaution they can, it's impossible to secure the laptops, smartphones, and other personal devices that voters will use to vote online. Smartmatic's program director of Internet voting, Mike Summers, admits as much. "Anyone who has a laptop runs the risk of downloading malware," he says, adding that's why it's critical to educate voters on how the process works and give them a way to verify their votes later on.

In an era in which anything and everything seems possible online, it makes sense for political leaders to want voting to be possible online, too. If it worked securely, it would be a wonderful way to make voting easier. As President Obama recently pointed out at South by Southwest, there’s a substantial argument to be made that our current voting system disenfranchises many Americans, by forcing them to stand in line for sometimes hours on end to cast a paper ballot that may be subject to ballot stuffing or miscalculation of votes by unscrupulous county officials.

The whole reason a company like Smartmatic exists, says CEO Antonio Mugica, is because the paper system is so disorderly. "If you look at all other forms of voting like postal voting which actually has become very, very popular in many parts of the United States, the security features and reliability of our online system is 100 times better than any postal voting system," he says.

And so, leaders like Evans end up choosing between a highly flawed and problematic in-person voting system and the unknowable potential risk of expanding voting access by holding elections online. In other words, it's the devil they know or the devil they don't.

“We’re not going to be held to a higher standard than the human error of regular voting,” Evans says. “I can accept those concerns when I have the same level of concerns about just the corruption that goes on in everyday voting.”

Let's Make It Worse

Researchers say that logic is flawed, because while paper ballots may be imperfect, online voting can introduce issues on a much larger scale that are much tougher to control and in some cases, impossible to detect.

“I hear a lot of arguments that there are a lot of problems with the existing voting system," says Avi Rubin, a professor of computer science at Johns Hopkins University, who has been studying electronic voting since 2003, "but I don’t think the answer to that is, ‘Ok, let’s make it worse.’”

It's not that Smartmatic takes its responsibility lightly. The company has been developing its Internet voting technology in Estonia since 2014. That's one of the reasons why Evans was comfortable choosing Smartmatic as a partner. It uses end-to-end encryption and, in Utah, it's also using blockchain technology to monitor any inconsistencies that could arise once a vote has been cast. Every interaction with its system is logged and cryptographically protected, so that even if someone wanted to hack the logs to cover up their tracks, it would be hard to access them.

Under the Utah GOP's insistence, Smartmatic created a bulletin board that will allow voters to verify that their vote was counted and report any inconsistencies they detect.

They fail to address the single biggest problem with online voting: the fact that people's personal devices are nearly impossible to secure.

Still, while researchers say these are important features, they're far from iron-clad, as an extensive study of Estonia's Internet voting system found. That's because they fail to address the single biggest problem with online voting: the fact that people's personal devices are nearly impossible to secure. "The end points that people are voting on are all so susceptible to malware and remote controls," Rubin says.

That means, for instance, that a hacker could launch an attack on the voter's device, which redirects that voter to a hoax website, where he thinks he's casting a vote that's never actually processed. Or, Rubin says, they could launch a denial of service attack on a certain geographic area that tends to support one candidate over another and slow their Internet service to the point where they just give up on voting. Or, he adds, they could launch a so-called man-in-the-middle attack, which could block votes for certain candidates from getting through.

The list goes on. Both Evans and Summers say that's where the verification process comes in. But that not only requires every voter to actually take the time to verify their vote; it requires them to know that the verification process exists to begin with. Plus, it requires them to actually get a receipt, which wouldn't happen if, for instance, they were redirected to a hoax site. "There are all these ways that you wouldn't even be able to tell if something went wrong," Vora says.

Smartmatic, for one, says it's never had an issue with any of its elections, but Vora says that's not enough to claim a victory. "It doesn't mean that nothing went wrong," she says. "It just means that we didn't notice."

No Longer So Private

It's not just potential attacks that make this such a controversial idea. There's also the fact that online voting opens people up to all sorts of privacy breaches. There's a reason polling booths are built for one person at a time. If it's possible to vote with someone else looking over your shoulder or if you can prove how you voted by showing someone your receipt, then what's to stop people from bribing or coercing each other to vote a certain way? Online voting bursts that can of worms wide open.

"For things like elections, there’s so much involved that on both sides, there could be people who want to rig an election," says Vora.

When asked about this possibility, Evans said, "That doesn't make any sense. You're saying that in my house, I elect to vote online, and you came into my house and forced me?"

Of course, that answer ignores the fact that vote-buying is already a very real phenomenon, which takes place in one-to-one deals in elections across the country. Online, where everyone receives a receipt, these schemes could become much larger in scale and much easier to enforce, Vora says, adding that even the existence of these questions could lead to massive amounts of doubt and voter backlash in the event that an election doesn't go the way it was expected to.

"Then folks start questioning if something went wrong, then nobody knows what happened," she says. "Everything just breaks down."

Rubin agrees: "It's not healthy to have a system where the losers aren't going to be willing to accept the results."

But of all of the risks associated with online voting, however, perhaps the biggest one is simply the fact that it requires handing control over to a single, private corporation. It's an issue that arises not just online, but with in-person electronic voting machines that are manufactured by a small number of vendors. "You've got a vendor who has all the keys to the kingdom," Rubin says. "They shouldn't have that power."

In a perfect world, in which armies of hackers around the world didn't exist, online voting would seem to be the ideal way to expand the voting rights that are too often taken away from US citizens today. But this isn't a perfect world. Not even close.