The Voting News Daily: HAVA scary Halloween. In DC internet voting test, hackers were the GOOD guys

In D.C.’s Web voting test, the hackers were the good guys…HAVA Scary Halloween: Ten years older and deeper in debt, yet far from credible elections..”Ballot boxing: The problem with electronic voting machines” interview w/natl experts..THE UNDEAD UNDEAD VOTER CLAIM…Overdone “undervote” warning in 67 Illinois cnties using Diebold scanners..N. Carolina voting machines hearing today. Court docs…

Verified Voting Blog: In D.C.’s Web Voting Test, the Hackers Were the Good Guys

Last month, the District conducted an Internet voting experiment that resulted in a team from the University of Michigan infiltrating election computers so completely that they were able to modify every ballot cast and all election outcomes without ever leaving their offices. They also retrieved the username and password for every eligible overseas voter who had signed up to participate. The team even defended the system against attackers from China and Iran. More than any other event in recent years, this test illustrates the extreme national security danger of Internet voting.

Though the District’s Board of Elections and Ethics prudently dropped the plan to use the most dangerous parts of the system in Tuesday’s midterms, the board still claims Internet voting is the wave of the future. By contrast, the consensus of the computer security community is that there is no secure Internet voting architecture suitable for public elections. The transmission of voted ballots over the Internet, whether by Web, e-mail or other means, threatens the integrity of the election. Simply fixing the problems identified in the District’s test will not prove the system secure. Almost certainly the next test will discover new vulnerabilities yielding a similar disastrous result.

People frequently ask: If we can bank online, why can’t we vote online? The answer is that because every banking transaction must be associated with a customer, banks know what their customers are doing, and customers get monthly statements that can be used to detect unauthorized transactions. There is no banking equivalent of the requirement for a secret ballot untraceable to the voter. While banks have huge budgets for mitigating security problems, they still lose substantial sums due to online fraud. In addition, while banks may tolerate the costs of online theft, because they save money overall, elections cannot tolerate a “small” amount of vote theft. For more than a decade, computer security scientists have been warning of certain core dangers related to Internet voting. The successful Michigan incursion confirmed many of them.

The Voting News Daily: NC GOP sues over touch-screen problems. Beware bogus online ballots in CT, NH

USA Today: A Decade After Florida Fiasco,Voting Remains a Hodgepodge…Paperless e-voting a concern this election..Nearly 1 in 4 voters in Tuesday’s elections will use e-voting systems with no paper records..Voters in Connecticut & New Hampshire beware of bogus online ballots…N.Carolina’s GOP Party filed suit in fed court over touch-screen vote flipping…Internet voting ‘an electronic disaster’…

The Voting News Daily: E-Voting ‘a hopelessly dangerous concept’. NC GOP threatens suit over vote flipping

New database on state recount & audit laws…Verified Voting new map of voting tech in US…IL Dems botch absentee early voting push..NC GOP threatens suit over touch-screen voting machines..NY voter cross fingers…SC voting machines not reliable says Computer Science Prof Dr. Duncan Buell …NM & VA voter reg. databases bogged down…9 voting machines unattended overnight…

The Voting News Daily: E-Voting, E-Nightmare. 3rd NC County has vote flipping. Canada internet vote fiasco

See it on iTunes: Dan Rather’s “Digital Democracy in Doubt”…TX vote flip video is on internet again..3rd NC county reports vote flipping…VerifiedVoting on Vote Flipping & Touch Screen Calibration…NH voters beware internet voting scam…S Carolina voting system needs overhaul..Report vote probs by cell phone 866-OUR-VOTE..Still Time for Overseas Voters to get ballot…Serious system failures in…

National: Vote Flipping and Touch Screen Calibration

Again this election cycle, stories have emerged about “vote flipping”, most notably in Texas, where a video of erratic touchscreen behavior was posted on several sites, and in several North Carolina counties. (link, link, link, link) As voting technology expert Douglas Jones wrote several years ago, it seems unlikely that vote flipping is evidence of intentional hacking. However, these incidents do highlight the lack of transparency of software-generated election results and undermine confidence in elections generally. Vote flipping can be caused by a voter touching the screen in two places, for example resting one hand on the machine while making selections with the other (see pp. 20-22 here), but the most likely cause of “vote-flipping” is miscalibration. As Rice University computer scientist Dan Wallach explains in a post at ACCURATE:

The screen shows pictures of buttons with labels for the various candidates, which the voter selects by touching the screen with their finger. Some voters using these machines have reported problems where they pressed the button for one candidate and a different candidate was selected. These issues are most likely the result of poor touchscreen calibration rather than any security problems with the voting machines’ software.

The clear, touch-sensitive layer is separate from the part of the screen that displays the buttons. The thickness of the touch-sensitive layer directly implies that when different voters are looking at the screen from different angles, they will naturally want to touch the screen at different locations. This can be partly addressed by “calibrating” the touchscreen in advance. The calibration process, familiar to anyone who owns a PDA, involves the machine displaying a series of cross-hairs and asking the user to press on the center of each cross-hair. The machine then computes a correction to ensure that selections are mapped to the correct part of the screen below. Of course, if the calibration was done incorrectly, or even if the voter is notably taller or shorter than the person who did the calibration, then presses on the screen might still be misinterpreted. Furthermore, different voters may use different parts of their finger (ranging from the fingernail to the whole finger), which may differ from how the system was calibrated. (See also “Touch Screen Usability: Election Edition!” and “Vote Flipping and Touchscreens“) Vote flipping was investigated in several articles during the 2008 election cycle. Computerworld interviewed both voting machine vendor and election integrity activists for “Are design issues to blame for vote ‘flipping’ in touch-screen machines?” and Wired magazine posted an article about the potential for maliscious calibration as detailed in the Ohio EVEREST report.

Editorials: A Common Sense Solution to Defective Voting | Lawrence Norden/The Hill Blog

In a week, millions of Americans will exercise their most important civil right – the right to vote. But as surely as some campaigns will end in a deluge of confetti and others in popped balloons, there will also be problems with vote tallies. Some votes will be counted more than once, some votes will be counted not at all, and some votes will appear as if by magic. This state of affairs is not caused by corruption. It is caused by malfunctioning voting machines. Since 2002, federal, state and local governments have spent billions on electronic voting systems. These systems are complex, consisting of tens of thousands of lines of computer code. And when, as is inevitable, some machines malfunction on the first Tuesday in November, it is election officials who will be asked to explain. They will struggle to cope with these problems while under enormous pressure to produce timely and accurate results. One would think that information about voting machine malfunctions would be just as open as the democracy for which, they are, quite literally the linchpin. Instead, defects or failures in voting machines are treated as secrets. For the most part, voting system manufacturers are under no obligation to publicly report malfunctions to a central authority. Officials in each of the nation’s approximately 4,700 election jurisdictions are left to fend for themselves.

The Voting News Daily: Touchscreen vote flips ‘a known class of problems..’ New Dan Rather e-vote report

‘Dan Rather Reports’ new investigative report on E-Voting Tues Oct. 26th @ 8pm…Tech-Savvy College Students wanted as Poll Workers..Early voting by itself depresses the vote?…Texas E-Voting Suit Reveals Frailties of the Ballot Box..CNN asks Does Your Vote Count?.. Vote flipping: “This is a known class of problems with touch screen voting machines.” ~ Alex Halderman,…

The Voting News Daily: Internet Voting – A Real Possibility? iPhone App for reporting voter fraud

Where’s My Ballot? There’s Still Time for Overseas Voters in 2010…Report Voter Fraud: There’s an App for that…Comprehensive Map of US Voting Equipment Released…Routt County Colorado must copy mailed ballots after error..There’s an iPhone app to report voter fraud, how about one to report voting machine failures or voter disenfranchisement?…Internet Voting — A Real Possibility?…

The Voting News Daily: “Halderman’s Hackers”: How safe, online voting? Vote by mail – 1 in 5 ballots ‘lost’

“Halderman’s Hackers”: How Safe is Online Voting?..Consider the hidden costs to voting by mail. A study of 2008 election shows a “lost rate” of 20% for vote by mail ballots…Small Improvements & New Problem in Connecticut Post-Election Audits..Travis County officials OK change to paper ballot after 2012..WA State Under Fire for Emailed Overseas Ballots..Afghanistan rules…

Verified Voting Blog: Hacking the D.C. Internet Voting Pilot

The District of Columbia is conducting a pilot project to allow overseas and military voters to download and return absentee ballots over the Internet. Before opening the system to real voters, D.C. has been holding a test period in which they’ve invited the public to evaluate the system’s security and usability. This is exactly the kind of open, public testing that many of us in the e-voting security community — including me — have been encouraging vendors and municipalities to conduct. So I was glad to participate, even though the test was launched with only three days’ notice. I assembled a team from the University of Michigan, including my PhD students, Eric Wustrow and Scott Wolchok, and Dawn Isabel, a member of the University of Michigan technical staff. Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters’ secret ballots. In this post, I’ll describe what we did, how we did it, and what it means for Internet voting.

The Voting News Daily: N Carolina Touchscreens flip votes. Will internet voting cause election debacle?

Chicago’s voting machines mis-spelled Green Pty candidate’s name as ‘Rich Whitey’. The election board is reprogramming 4,200 machines…Stunned voters watched touchscreens flip their votes in New Hanover CO NC..Vote PA needs your help in fight for paper ballots….”Overseas and military voters have unprecedented options for requesting, receiving and casting their ballots in 2010.” says Pres…

The Voting News Daily: Internet voting a national security question. Unredacted AVC Edge report

Computer scientist Dan Wallach News8 Austin TV: “Texas Supreme Court to weigh in on e-voting”…..Computer Scientists, Election Integrity Advocates Question Feasibility of “Digital Democracy”:”If I’m going to steal an election, I probably won’t mess with these little pilots…”I’m going to wait until there’s this groundswell for Internet voting.” ~ Dr. Barbara Simons….Court permits release of…

Verified Voting Blog: States May Use Federal HAVA Funds for Post-Election Audits

Post-election audits of electronic vote tallies are inexpensive.  The process is simple: a sample of precincts (or batches of ballots that have been tallied electronically) is chosen randomly, counted by hand, and compared to the corresponding computer tally.  To mention just two examples, North Carolina conducted an audit of  the Presidential election in 275 precincts (almost 10% of the total precincts in the state) for a statewide total of $31,000, and  Connecticut’s November 2008 audit costed 11 cents per audited race on each ballot.

Still, in these straightened times, States and counties with auditable voting systems might be concerned about the costs of manually counting ballots.  In May, the U.S. Election Assistance Commission gave such jurisdictions excellent but little-noticed news: the Commission ruled that States may use Federal Help America Vote Act (HAVA) funds to pay for the cost of post-election audits.  The EAC concluded that funds allocated under either Section 101 or Section 251 of HAVA may be used to fund audits.

The Voting News Daily: Internet Voting, totally owned. TX Court hears evoting lawsuit

New: radio interview with Dr. David Jefferson, Livermore Natl Laboratories, computer scientist and cyber security expert and VerifiedVoting.org’s Internet Voting expert with NEW UNREPORTED BOMBSHELLS on breath-taking D.C. Internet Vote Hack. Iranian, Chinese Computers tried to hack D.C. Board of Elections…NY BOE survey finds thousands of voters have ‘major issues’ with new machines…Paper Trail for…

Verified Voting Blog: Dangers of Internet Voting Confirmed

For years, computer security experts have said that casting ballots using the Internet cannot be done securely. Now, after a team from the University of Michigan successfully hacked the Washington D.C. Board of Elections and Ethics (DCBOEE) public test of Internet voting, we have a visceral demonstration of just how serious the threats really are.…

Verified Voting Blog: Coalition Calls For Halt to Washington State E-mail Ballot Program

This week, as University of Michigan computer technologists revealed in stark fashion the risks of Internet voting, Verified Voting, Common Cause, and Voter Action worked to halt an effort to expand the electronic return of voted ballots in Washington State. The Secretary of State of Washington  has proposed an emergency rule that would allow voters to send their votes home to election officials via e-mail.  In a letter to the Secretary this week, the three organizations and a cooperating attorney wrote that e-mail balloting is not required by Federal or State law, and exposes voters’ ballots to unacceptable risk of error or fraud.

This week, Dr. Alex Halderman and his students at the University of Michigan provided a powerful demonstration of the wisdom of avoiding the electronic submission of voted ballots for the foreseeable future.  Professor Halderman’s team hacked the District of Columbia’s pilot Internet voting portal for the District’s overseas and military voters, changing the contents of encrypted ballots and re-encrypting them,discovering the identities and user PINs of voters – as well as noting attempts by users in Iran and China to gain access to the DC voting system.

Verified Voting Public Commentary: Verified Voting Lauds Successful Test Hack of Internet Voting Pilot

Verified Voting applauds the decision of the District of Columbia Board of Elections and Ethics to suspend their plan to offer overseas voters the dangerous option of returning their voted ballots by a “digital vote by mail” Internet voting system. The District’s plans to continue other Internet-based ballot return methods (including email and fax) for the District’s military and civilian overseas voters still raise concerns among voting security experts. DC election officials made the decision after inviting technology experts to hack the Board’s prototype voting system during a trial period. The test pilot was apparently attacked successfully shortly after it began by a team of academic experts led by Prof. J. Alex Halderman at the University of Michigan.

The attack caused the University of Michigan fight song to be played for test voters when they completed the balloting process. Full details of the hack and its impact on submitted test ballots are expected to become available in the coming days. In addition to the Michigan team’s breach of the voting system, Verified Voting’s Board Chair Dr.David Jefferson documented a very serious vote loss problem that caused voters to inadvertently return blank ballots while believing that they had submitted complete ballots. The disenfranchising bug was noted in at least two widely used computer/browser configurations. It is possible that the same problem would affect voters trying to use email or some fax systems to return voted ballots.

Verified Voting Blog: The meaning of Alex Halderman’s successful attack on the DC Internet voting system

University of Michigan Prof. Alex Halderman has now released some details about his successful attack on the District of Columbia’s proposed Internet voting system which has been under test for the last week. (See www.freedom-to-tinker.com.) It is now clear that Halderman and his team were able to completely subvert the entire DC Internet voting system remotely, gaining complete control over it and substituting fake votes of their choice for the votes that were actually cast by the test voters. What is worse, they did so without the officials even noticing for several days. Let there be no mistake about it: this is a major achievement, and supports in every detail the warnings that security community have been giving about Internet voting for over a decade now. After this there can be no doubt that the burden of proof in the argument over the security of Internet voting systems has definitely shifted to those who claim that the systems can be made secure.