States are under pressure to use online voting for the US presidential election when COVID-19 could remain a threat in November, but those platforms might not be as secure as you’d like. MIT and the University of Michigan have published a report detailing security problems in Democracy Live’s OmniBallot, the voting and ballot delivery system that will be used by some citizens in Delaware, New Jersey and West Virginia. The system apparently takes a number of risks with data, including personal info.

The online vote relies on a “simplistic approach” that isn’t software-independent or verifiable from start to finish, the researchers said. They also lean heavily on third parties like Amazon and Google to host functions. Delaware’s take on the system sends your identity and vote to Democracy Live even if you intend to print and mail your ballot, while all systems send personal info like names, addresses and partial social security numbers. There’s also a chance that even blank ballots could be “misdirected or subtly manipulated” to lead to incorrect vote counts.