As we approach the 2012 presidential election, concerns are being raised about the likelihood of cyber attacks leading up to and during that event. There are many individuals, groups and rogue nation states that would like nothing better than to disrupt this year’s election. Remember back in 2010 there were reports of a cyber attack that allowed hackers to gain access to online voting system in the District of Columbia. Now add to that the activity of hackers during last year’s elections in Russia, as well as the cyber fire exchanged during the last Iranian elections. We shouldn’t forget the cyber attacks back in 2008 that targeted the Obama and McCain campaigns. With all this activity it is easy to see why cyber security practitioners have a heightened state of awareness and are on cyber guard. In an election that looks like it will be too tight to call, all they have to do is to create a reason for the results to be called into question.
During their news conference Friday, Iowa’s Republican secretary of state, Matt Schultz, and Democratic attorney general, Tom Miller, presented evidence suggesting there are non-citizens who have registered to vote illegally and that some of these illegal registrants have voted. Clearly, further investigation is called for, and if indeed these people have voted, they should be prosecuted. I am worried, however, about the effort to run a database matching effort to ferret out and remove non-citizens from the voting rolls. The central problem here is that we have no requirement of registering to vote under the same name as we use for other purposes.
For a driver’s license, you present a birth certificate, so your name on the driver’s license will match your birth certificate. To register to vote, you can use your employer ID card and a phone bill. As it turns out, my voter registration is in the same name as my driver’s license. That’s because I used my license to register about 32 years ago. On the other hand, my employer’s ID card lists my name differently (just a middle initial). I could have registered to vote with that card, had I wanted to. There is no legal requirement that I use the same name everywhere, and in fact, I use a variety of names and nicknames:
- Most people know me as Doug Jones.
- Some know me as Douglas Jones.
- To my employer, I’m Douglas W. Jones.
- And on my driver’s license, I’m Douglas Warren Jones.
I’m not trying to confuse people. It’s just that, at various times, I’ve used different and obvious variations on my full name.
Verified Voting Blog: Rush Holt’s Voter Confidence and Increased Accessibility Act of 2011 (HR 5816)
On May 17, US Rep. Rush Holt (D-NJ) re-introduced The Voter Confidence and Increased Accessibility Act of 2011 (HR 5816), together with 98 co-sponsors. The language in the bill matches that of HR 2894, introduced by Mr. Holt in the 111th Congress in 2009 and would require voter-marked paper ballots in all federal elections. The bill would authorize funding for states to purchase voting equipment, require hand-counted audits of electronic vote tallies, and reform the process of testing voting equipment. The language of HR 5816 is also included as Title VI of the omnibus election reform bill, The Voter Empowerment Act (HR 5799.) It was referred to the Subcommittee on Election of the Committee on House Administration and the Committee on Science, Space, and Technology.
As with earlier versions of Mr. Holt’s legislation, Verified Voting is proud to endorse HR 5816. Verified Voting President Pamela Smith notes “this bill provides a baseline standard for our voting systems that’s so essential the voter confidence — not just that the outcome is correct, but that it actually means something when they take the time to go and vote.” Reflecting the added urgency of Mr. Holt’s legislation since it was first introduced, Smith adds “the funding called for in this bill to support the movement to more resilient and reliable voting systems is urgently needed in many states and counties where voting systems are aging rapidly and need to be replaced.”
In 2010, over 60 percent of the nation’s voters cast their votes on paper ballots that were read by electronic scanning devices. In the last several years, voter-marked paper ballots have become the most popular means of providing a paper record of each vote. “Paper trail” printers attached to voting machines are an alternative method of providing a paper record, but have reliability problems, such as printer jams. They are cumbersome to recount, raise privacy concerns because they store all votes on a continuous roll, and go unchecked by significant numbers of voters. Three-fourths of the states have adopted voting systems that provide some form of voter-verifiable paper record, but a significant number still use electronic voting machines that offer no voter-verifiable backup. In at least ten states in the 2012 elections, most or all of the votes will be cast on paperless electronic voting systems. These include Indiana, Virginia, and Pennsylvania, as well as Delaware, Georgia, Kansas, Louisiana, South Carolina, and Texas.
A series of problems with electronic voting machines has raised fresh questions about election technology as newer computerized systems gain ground for the 2012 US election. As many as 25 percent of Americans are expected to use paperless electronic voting machines in the upcoming November elections, according to the Verified Voting Foundation, but confidence has been eroded by incidents showing vulnerabilities. The foundation, which seeks more reliable election systems, contends that voting machines in 11 states are all-electronic, with no paper systems for recounts, and that many other jurisdictions have some of these systems in place. Last year, Microsoft Research published a paper describing vulnerabilities to what had been described as “fully verifiable” direct recording electronic (DRE) systems in which a hacker can “undetectably alter large numbers of votes.” Separately, scientists at Argonne National Laboratory described a way to tamper with certain electronic voting machines by inserting a $10 component along with a $15 radio frequency device to alter vote results. Pamela Smith of the Verified Voting Foundation said these incidents highlight the fact “that you can have insider challenges as well as outsider hacks. It points out that you have to be able to check the system.”
On February 23, the Maryland State Board of Elections held meeting a proposed system for remote absentee voting was discussed. Verified Voting submitted testimony (see below) about the system, which includes the use of ballot marking wizard software. We maintain that such software — regardless of any other program it may be bundled or used…
On February 14, 2012, Colorado Secretary of State Scott Gessler held a hearing on proposed changes to existing regulations governing county procedures for the security of ballots, voting equipment, and other election materials. The public was invited to comment. Verified Voting reviewed the proposed rules changes (which can be found here) and made the following comment, highlighting concerns about changes to chain procedures of custody of ballots and equipment. Submitted February 21, 2012
Thank you for this opportunity to comment upon proposed revisions to Colorado Election Rules governing county procedures for securing election equipment and materials. Verified Voting is a national nonpartisan organization working to safeguard elections in the digital age. We seek to promote the deployment of election systems and practices that vouchsafe the accessibility, reliability, and transparency of public elections. We believe that the proposed revision contains several positive changes, as well as some that cause concern, or call for more clarity.
Internet voting systems are inherently insecure and should not be allowed in the upcoming general elections, a noted security researcher said at the RSA Conference 2012 being held in San Francisco this week. David Jefferson, a computer scientist at Lawrence Livermore National Laboratories and chairman of the election watchdog group Verified Voting, called on election officials around the country to drop plans to allow an estimated 3.5 million voters to cast their ballots over the Internet in this year’s general elections. In an interview with Computerworld US on Wednesday, Jefferson warned that the systems that enable such voting are far too insecure to be trusted and should be jettisoned altogether.
Jefferson is scheduled to participate in a panel discussion on the topic at RSA on Thursday. Also on the panel are noted cryptographer and security guru Ron Rivest, who is the “R” in RSA, and Alex Halderman, an academic whose research on security vulnerabilities in e-voting systems prompted elections officials in Washington to drop plans to use an e-voting system in 2010. “There’s a wave of interest across the country, mostly among election officials and one agency of the [Department of Defense] to offer Internet voting,” to overseas citizens and members of the military, Jefferson said. “From a security point of view, it is an insane thing to do.”
Computer security experts have warned that the 2013 Oscars ballot may be vulnerable to a variety of cyber attacks that could falsify the outcome but remain undetected, if the Academy of Motion Picture Arts and Sciences follows through on its decision to switch to internet voting for its members. The Academy announced last week that it would be ditching its current vote-by-mail system and allowing its members to fill out electronic ballots from their home or office computers to make their choices for best picture and the other big Hollywood prizes, starting in 2013. It announced a partnership with Everyone Counts, a California-based company which has developed software for internet elections from Australia to Florida, and boasted it would incorporate “multiple layers of security” and “military-grade encryption techniques” to maintain its reputation for scrupulous honesty in respecting its members’ voting preferences. The change will be a culture shock for an Academy voting community that tends to skew older and more conservative: indeed, concerns are already surfacing whether all of the Academy voters even have email addresses. And the claims have been met with deep scepticism by a computer scientist community which has grappled for years with the problem of making online elections fully verifiable while maintaining ballot secrecy – in other words, being rigorous about auditing the voting process but still making sure nobody knows who voted for what. So far, nobody has demonstrated that such a thing is possible. “Everybody would like there to be secure internet voting, but some very smart people have looked at the problem and can’t figure out how to do it,” said David Dill, a professor of computer science at Stanford University and founder of the election transparency group Verified Voting. “The problem arises as soon as you decouple the voter from the recorded vote. If someone casts a ballot for best actor A and the vote is recorded for best actor B, the voter has no way of knowing the ballot has been altered, and the auditor won’t be able to see it either.”
Republicans during Tuesday’s New Hampshire primary will use a technology recognizable to Washington and Lincoln to make their choices Posted at Scientific American: Voters in the recent Iowa caucuses and Tuesday’s New Hampshire primary will rely on paper ballots as they have for generations. In the very next primary on January 21, South Carolinians will vote with backlit touch-screen computers. In an age of electronic banking and online college degrees, why hasn’t the rest of the nation gone the way of the Palmetto State? The reason is simple and resonates with the contentious debate that has yet to be resolved after at least 15 years of wrangling over the issue of electronic voting. No one has yet figured out a straightforward method of ensuring that one of the most revered democratic institutions—in this case, electing a U.S. president—can be double checked for fraud, particularly when paperless e-voting systems are used. Voters can cast their ballot in a variety of ways, depending upon the method adopted by their election district. This includes paper ballots, punch cards, two different types of touch-screen electronic voting system (one that prints out a receipt verifying your vote and one that does not), optical scanners used to digitize paper ballots, or some combination of these. New Hampshire, like nearly two-thirds of the country, has a paper ballot system that voters mark up and turn in to election officials who count the ballots either by electrical scanners or by hand. With the optical-scan approach, if the ballot is not filled out properly or is unreadable, the scanner will not accept the vote and the voter can fix his or her ballot before leaving the polling place, Dill says.
When it comes to elections, what does California do well? What could California do better? How have we led, and how have we perhaps lagged behind? These are questions that a diverse group of individuals and organizations asked themselves and one another over the course of three months, with an aim to envision the future of California’s elections. It turned out to be an extraordinary conversation and a process which could very well serve as a model for other states as well. One driving force in the process was the convening organization, the James Irvine Foundation, which has long worked on issues of importance to Californians. The participants included a diverse range of representatives with a concern for voters and not-yet voters, for elections and how they function, and for California’s democracy.
One of the challenges faced by advocates of election audits and transparency is that current voting systems each record and store election file data in unique ways. This is no surprise given that vendors have long claimed that their systems are proprietary. But the current model of storing election data in ways that prevent easy sharing and analysis is proving difficult for election officials, statisticians, election integrity advocates, and even voting systems vendors. Because of these problems, serious discussion is taking place about what can be done about standardizing election data.
Often, within a single state there are many different voting systems from multiple vendors. At the same time, many elections, including most federal and statewide races, cross election jurisdictions so that votes for the same race are reported in different ways, depending on the system type used in each district. Even a single polling place may have different types of equipment – an optical scanner and a touch screen device for accessible voting for example – which report results in incompatible ways but which must be combined after the polls close.
Attorney Charles A. Pascal, Jr., has filed a Motion For Reconsideration on behalf of members of the specially appointed Venango County Election Board. The filing was made this afternoon in response to President Judge Oliver J. Lobaugh’s order dismissing the Board yesterday. Citing ongoing investigations into serious voting machine problems reported during the May 17 primary election, the specially appointed Election Board requested that they be allowed to continue their work until 11:59 PM on December 31, 2011.
“The members of the specially appointed Board of Elections believes that it is necessary to continue their work in order to assure the voters of the County of Venango of the integrity of the election process in the county,” the Motion states, “and to assure that any possible violations of policy, protocol, best practices, or the law, or any directive of the Pennsylvania Secretary of State, are not repeated in future elections.”
There is widespread pressure around the country today for the introduction of some form of Internet voting in public elections that would allow people to vote online, all electronically, from their own personal computers or mobile devices. Proponents argue that Internet voting would offer greater speed and convenience, particularly for overseas and military voters and, in fact, any voters allowed to vote that way.
However, computer and network security experts are virtually unanimous in pointing out that online voting is an exceedingly dangerous threat to the integrity of U.S. elections. There is no way with current technology to guarantee that the security, privacy, and transparency requirements for elections can all be met with any security technology in the foreseeable future. Anyone from a disaffected misfit individual to a national intelligence agency can remotely attack an online election, modifying or filtering ballots in ways that are undetectable and uncorrectable of just disrupting the election and creating havoc. There are a host of such attacks that can be used singly or in combination. In the cyber security world today almost all of the advantages are with attackers, and any of these attacks can result in the wrong persons being elected, or initiatives wrongly passed or rejected.
Nonetheless, the proponents point to the fact that millions of people regularly bank and shop online every day without apparent problems,. They note that an online voting transaction resembles an ecommerce transaction, at least superficially. You connect your browser to the appropriate site, authenticate yourself, make your choices with the mouse, click on a final confirmation button, and you are done! All of the potential attacks alluded above apply equally to shopping and banking services, so what is the difference? People ask, quite naturally, “If it is safe to do my banking and shopping online, why can’t I vote online?”
This is a very fair question, and it deserves a careful, thorough answer because the reasons are not obvious. Unfortunately it requires substantial development to explain fully. But in brief, our answer is in two-parts:
1. It is not actually “safe” to conduct ecommerce transactions online. It is in fact very risky, more so every day, and essentially all those risks apply equally to online voting transactions.
2. The technical security, privacy, and transparency requirements for voting are structurally different from, and much more stringent than, those for ecommerce transactions. Even if ecommerce transactions were safe, the security technology underpinning them would not suffice for voting. In particular, the security and privacy requirements for voting are unique and in tension in a way that has no analog in the ecommerce world.
I visited Estonia in mid-July of this year at the invitation of Edgar Savisaar, the country’s first prime minister and current mayor of Tallinn. Mr. Savisaar is the leader of the Centre Party, which placed second in recent national elections. The Centre Party and Mr. Savisaar have been questioning the outcome of the Internet voting portion of those elections. They invited me to Estonia because of a presentation I made at a European Parliament panel on the risks of Internet voting.
I told my hosts that I was happy to discuss the risks of Internet voting, but I would not comment on internal Estonian politics. When asked whether or not I thought the national election was rigged, I refused to comment, aside from saying that no one could prove that it was or was not rigged, because there is no way to conduct a recount of an Internet election.
The Internet portion of the 2011 election lasted from February 24 to March 2, with paper balloting conducted on March 6. The Internet vote was counted the evening of March 6. Estonian law allows complaints to be submitted only during the 3 days immediately following the procedure being challenged. Since Internet voting is considered separate from paper voting, the final day for submitting complaints about Internet voting was March 5. Graduate student Paavo Pihelgas was the only person who submitted a complaint by the deadline. (The Centre Party and independent candidates tried to file complaints, but they did not do so within the required 72 hour time frame).
Verified Voting Blog: Let the MOVE Act have a chance to work before considering electronic return of ballots
Military and overseas voters saw improvements in their ability to vote in 2010, thanks to the Military and Overseas Voter Empowerment Act (MOVE) passed in late 2009, according to a report to Congress last month by the Military Postal Service Agency (MPSA). The report indicates that MOVE will improve things further as its provisions become better known and implemented.
The MOVE Act required states to send ballots to military and overseas voters at least 45 days before election-day in federal elections so they have time to return their voted ballot. MPSA must pick up ballots for return to election offices no later than 7 days before election day. MOVE also sped up the process by requiring states to offer electronic transmission (website, email, fax) of blank ballots and registration materials. The law stopped short of establishing electronic return of voted ballots because ballots cannot be secured against undetected interception and manipulation over the internet. New procedures were implemented for 2010, coordinating MPSA with USPS, including the use of Express Military Mail Service (EMMS) for uniformed overseas service members and their families.
In the August 3 primary in Mississippi voters experienced voting machine problems: candidates’ names and entire contests missing from the voting machine screens and equipment failing to booting up properly. Problems were reported in Hinds County, which uses the Advanced Voting Systems Winvote and in several counties that use the Premier (Diebold) TSx equipped with…
India: Election Commission to introduce electronic voting machine and VVPAT system for more transparent electronic voting | The Economic Times
In an effort to ensure more transparent electronic voting, the Election Commission is planning to introduce EVM and Voter Verifiable Paper Audit Trail (VVPAT), whose first field trials would be conducted in simulated elections at selected polling stations.
The Burmese Election Commission has threatened the politician-activist Bauk Ja that her political party could be dissolved because of her advocacy for 19 Kachin students living in Rangoon who were ordered by the authorities to return home, according to the National Democratic Force (NDF).
The Voting News Daily: House to vote on repealing Election Assistance Commission set up after Bush-Gore, White Again Denied Immunity for Recount Commission Testimony
National: House to vote on repealing election commission set up after Bush-Gore | The Hill The House is scheduled to vote Tuesday on whether to repeal an election commission set up after the controversial 2000 presidential election. Members plan to vote on H.R. 672, which would repeal the Election Assistance Commission. That commission was established in…
I am very concerned about the widespread push toward Internet voting in the U.S., of which email voting is just one kind. Neither the Internet itself, nor voters’ computers, nor the email vote collection servers are secure against any of a hundred different cyber attacks that might be launched by anyone in the world from…
Verified Voting Blog: Report on second risk-limiting audit under AB 2023 in Monterey County California
The second risk-limiting audit under California AB 2023 was conducted on May 6 in Monterey County. The contest was a Special all-mail election for Monterey Peninsula Water Management District Director, Division 1. Monterey uses Sequoia equipment. There were two candidates: Brenda Lewis and Thomas M. Mancini, and write-ins. 2111 ballots were cast in all. The reported totals were 1353 reported for Lewis, 742 for Mancini, and 13 write-ins. The remaining 3 ballots were recorded as undervotes and overvotes. Lewis was reported to have 64.18% of the valid votes.
Two members of the public observed the entire audit process, which took roughly 90 minutes including some preliminary explanation of the procedure. They confirmed that their interpretation of the ballots agreed with mine and the elections officials’, and they helped roll the dice used to select ballots at random. In conversations afterward, they seemed quite satisfied with the transparency of the procedure (although perhaps not utterly convinced by the mathematics that justified the details).
The audit was performed as follows. After the ballots had been tabulated officially, elections officials Bates-stamped each with a unique serial number (1962 ballots that were scanned had been stamped prior to audit day; the remaining 149 were stamped as part of the audit). It is my understanding that stamping the ballots took about 5 person-hours in all.
Online voting is an appealing option to speed voting for military and overseas voters. Yet it is actually “Democracy Theater”, providing an expensive, risky illusion of supporting our troops. Technologists warn of the unsolved technical challenges, while experience shows that the risks are tangible and pervasive. There are safer, less expensive solutions available. This year, the Government Administration and Elections Committee held hearings on a bill for online voting for military voters. Later they approved a “technical bill”, S.B. 939. Tucked at the end was a paragraph requiring that the Secretary of the State “shall, within available appropriations, establish a method to allow for on-line voting by military personnel stationed out of state.”
In 2008, over thirty computer scientists, security experts and technicians signed the “Computer Technologists’ Statement on Internet Voting,” listing five unsolved technical challenges and concluding: “[W]e believe it is necessary to warn policymakers and the public that secure internet voting is a very hard technical problem, and that we should proceed with internet voting schemes only after thorough consideration of the technical and non-technical issues in doing so.” The prevailing attitude seems to be, if voters and election officials like it and see no obvious problems then it must be safe.
Oak Ridge National Labs (one of the US national energy labs, along with Sandia, Livermore, Los Alamos, etc) had a bunch of people fall for a spear phishing attack (see articles in Computerworld and many other descriptions). For those not familiar with the term, spear phishing is sending targeted emails at specific recipients, designed to…
Verified Voting Blog: Flawed Wisconsin Race Proves Need for Transparency, Accountability in Election Procedures
When Wisconsin voters flocked to the polls on April 5, one of the factors driving the high turnout was the State Supreme Court contest between incumbent Justice David Prosser and challenger JoAnne Kloppenburg. Prosser, whose term ends July 31, often casts the deciding vote on the seven-member court. He is a conservative Republican former Speaker of the Assembly seen as closely allied to Wisconsin’s controversial Gov. Scott Walker. Kloppenburg, a virtual unknown who was given little chance of success when she entered the race several months ago, was buoyed by the high passions stirred by Walker’s actions to strip government employees of their collective bargaining rights. Though the race is officially nonpartisan, it was seen as both a referendum on Walker and a chance to affect the Supreme Court’s ruling on Walker’s actions, which are likely to be reviewed by the Court in its next term. Election night results were considered too close to call, but the next day when seemingly all the votes had been tallied, Kloppenburg claimed victory with a margin of 204 votes of the more than 1.4 million total votes cast. A recount seemed inevitable.
[pullquote align=”left”][media url=”http://www.youtube.com/watch?v=ldCVBB-ruKY” width=”360″ height=”240″ jwplayer=”controlbar=bottom”][/pullquote]Then one day later, County Clerk Kathy Nickolaus of Republican stronghold Waukesha County suddenly announced in a dramatic press conference that she had forgotten to include the votes of the county’s second-largest city, Brookfield, in her tabulation. The more than 14,000 votes she added now gave Prosser a lead of almost 7,316 votes of the 1,498,880 votes cast, or 0.488%. Wisconsin picks up the tab for recounts where the margin of victory is less than 0.5%, so this falls just barely within the margin of a state-funded recount.
It has been nothing short of astonishing that, within a few weeks, the brave people of Tunisia and Egypt toppled corrupt dictators who ruled for decades. One of the protesters’ key demands was for democratic elections — the right to choose a government that is responsive to the people’s needs. That is also what protesters in Bahrain, Yemen, Iran, Jordan and Libya are demanding as they call for the dissolution of their autocratic and oppressive governments. As the protesters know all too well, voting does not mean that one’s vote will be counted. In Egypt’s 2005 elections, Hosni Mubarak was reelected with 88.6 percent of the vote. In 2009, Tunisia’s Zine El Abidine Ben Ali was reelected with an 89.6 percent landslide victory. In both cases allegations of fraud and corruption surrounded the elections.
What nobody is talking about is how votes will be cast in emerging democracies. For elections to be legitimate in such countries, it is critical to use voting technology that counts votes accurately. In the 21st century, chances are high that computers will be used in some form in the coming elections in Egypt and Tunisia. But voting computers, like heads of state, must be held accountable to the people they serve. It is a tenet of computer science that computers can be programmed to do anything, including play “Jeopardy!” and steal votes.
A bill aimed at reducing restriction to voting for military and other overseas voters passed the Washington State Senate by a 47-1 vote on Friday. Senate Bill 5171 contains many provisions that will certainly make voting easier for Washington citizens living overseas including moving the primary election date two weeks earlier and meeting requirements of…
The Voting News Daily: Oklahoma chooses Hart Intercivic, Kentucky SoS to depart, Connecticut panel advocates reforms
“In many cases, we see security devices or electronic voting machines where we really have to wonder, ‘Did anybody spend 60 seconds figuring out the security issues?” That question was posed by an Argonne National Laboratories security expert in an interview published today. There is a good deal of news to share today: Oklahoma has…
The Voting News Daily: Montana’s vote by mail legislation expected to move, New Jersey election dispute rekindles
Montana’s Legislature will once again consider vote by mail legislation, Missouri’s will consider early voting, and unopened ballots may change a recount result in New Jersey. All this and more in today’s Voting News below. AR: Martin names top aids for secretary of state’s office Martin announced his leadership team Thursday, including Family Council lawyer…
AK: Miller Will Not Appeal Federal Ruling; Concedes Alaska’s U.S. Senate Race to Murkowski – The BRAD BLOG (Dec. 31) In a press conference held this afternoon in Juneau, Alaska’s GOP nominee for the U.S. Senate, Joe Miller, finally conceded the election to write-in candidate and incumbent Republican Senator Lisa Murkowski. He has decided not…
The Voting News Daily: ES&S ‘Glitch’ in Champaign Co. IL Explained, NY State Assembly Contest May Go to Court, No voting Rights for Puerto Rico
CA: Secetrary of State Bowen unveils four-year strategic plan – Kim Alexander’s Weblog http://kimalex.blogspot.com/2011/01/sos-bowen-unveils-four-year-strategic.html At her inauguration ceremony today, Secretary of State Debra Bowen announced that her office was implementing a four-year strategic plan focused on three priorities: ensuring fair and secure elections, doing business, and protecting rights and state treasures. She also listed six…