National: Many hurdles preventing emergence of online voting | Purdue News

The search for solutions to increase voter numbers on Election Day continues as states rack up underwhelming turnouts in both presidential and non-presidential election years. But Eugene Spafford, a computer science professor at Purdue University, says online voting is not one of those solutions. The most important aspects of an election are privacy and accuracy for citizens and, from the standpoint of candidates, the vote total accountability. However, current online technology available to the average citizen dictates that you can’t have it all, says Spafford, the executive director of Purdue’s Center for Education and Research in Information Assurance and Security. “Voting by Internet sounds attractive, but either we have to give up the anonymity of the ballot, which is not a good practice, or we have to give up the ability to confirm that the count is correct,” he said.

National: Could the Election Be Hacked? | Government Technology

With the surge in data breaches over the past several years, the prevailing wisdom is that no online data is completely safe from hackers. Banks, governments, insurance companies and small businesses globally have lost billions of dollars to cybercrime. Last year, the top security breaches affected something more precious than personally identifiable information. Data breaches included the most intimate details and actions in life — with the loss of millions of records containing biometrics like fingerprints, career backgrounds, family relationships, secret liaisons, hospital records and much more. Which leads to the big question that’s being asked with renewed fervor: Could the 2016 presidential election be disrupted, or somehow manipulated, via unauthorized computer hacking or denial of service attacks?

National: Tech tiptoes into the voting process | GCN

While the country is probably still a long way from online voting, some states are testing the waters and building technology into election-related processes. For the 2016 presidential election, Ohio will incorporate a common data format in its election management systems that will help election officials quickly and accurately collect election data from precincts with non-interoperable election management systems, and then quickly release that information to the public and news outlets. It’s hoped that the common formats will reduce the opportunities for error on election nights, when deadlines are tight and pressure for results is keen. Ohio’s changes are based on the methods outlined in the National Institute of Standards and Technology’s special publication: A Common Data Format for Election Results Reporting. … Many believe that no matter how strong companies like Smartmatic make their security, it’s impossible to secure votes across the hardware and networks that would make up an electronic voting system.

Verified Voting in the News: Blockchains & Elections: Don’t Believe the Hype | Free & Fair

The cryptocurrency Bitcoin has risen into public consciousness over the past few years. It is the first digital currency to reach this level of success and notoriety. Bitcoin is based on a decades old cryptographic concept called a blockchain. As people and companies seek new ways to conduct elections that make better sense in our high tech world, several startups have proposed using blockchains, or even Bitcoin itself, to conduct elections. Using Bitcoin (or a blockchain) as an election system is a bad idea that really doesn’t make sense. While blockchains can be useful in the election process, they are only appropriate for use in one small part of a larger election system. A blockchain is basically a public database of information that is distributed across many different computers so that all users are able to verify that they have the same overall data even if some of the computers go down. There is no need to trust a central server or authority. A blockchain is a fundamental concept in cryptography that existed for decades prior to being used in cryptocurrencies like Bitcoin.

Utah: Online Caucus Gives Security Experts Heart Attacks | Wired

Security researchers pretty much uniformly agree that letting people vote online is a very bad idea, one that is fraught with risks and vulnerabilities that could have unknowable consequences for the future of democracy. This week, the Utah GOP is going to give it a whirl anyway. On Tuesday, registered Republicans in Utah who want to participate in their state’s caucus will have the option to either head to a polling station and cast a vote in person or log onto a new website and choose their candidate online. To make this happen, the Utah GOP paid more than $80,000 to the London-based company Smartmatic, which manages electronic voting systems and internet voting systems in 25 countries and will run the Utah GOP caucus system. Smartmatic’s system allows people to register to vote online. Then they receive a unique PIN code to their mobile phones or emails, which they use to vote on election day. Once the vote has been cast, the system generates a unique code, which voters can use to look themselves up on a public-facing bulletin board. Each code will match up to the name of a candidate, so people can check that their votes have been properly recorded. As of Monday morning, 59,000 Utah Republicans had registered to vote online. The new online process was spearheaded by Utah GOP chairman James Evans, who was looking for ways to make the caucus process more convenient and accessible for voters. That stands to reason, given the fact that voter participation in Utah has been in decline in recent years. Evans says he was aware of the potential security risks, but in a call with WIRED last week, he dismissed many of these oft-cited vulnerabilities as “far-fetched” and said that as a private political party, the Utah GOP isn’t held to the same security standards as the government. “We are a private political organization, so we can choose the acceptable level of risk that we choose,” he said, “and we will not be compared to a government-run election.” That idea alone should give anyone who cares about the integrity of this country’s elections pause. Just because a political party accepts a certain level of risk when it comes to online voting, should we?

Utah: Republicans Open Caucuses to Online Voters | Wall Street Journal

In what is expected to be one of the biggest online votes conducted so far in the U.S., Utah residents will have the option of casting ballots in the Republican presidential contest using computers, tablets and smartphones next week. In-person caucuses and absentee voting also will remain options for GOP voters in the March 22 contest. Democrats aren’t offering an online option. It is the largest experiment with online presidential voting since 2004, when Michigan allowed Democrats to vote in a party caucus via the Internet. Estonia has had online voting in national elections since 2005, while Norway, France, Canada and Australia have experimented with it. … Although trials, pilots and experiments in online voting have been conducted over the past 20 years, it has been slow to be adopted—in part over security concerns about election integrity. “It’s the internet. It was not built for security when it was built. It was built for open communications,” said Pamela Smith, president of the nonpartisan nonprofit Verified Voting, which advocates for secure, verifiable elections and voting standards.

National: Starting from principles: remote ballot marking systems | Center for Civic Design

Remote ballot marking systems are one of the new uses of technology in election administration. As part of a vote-by-mail system, they allow voters to receive a blank ballot to mark electronically, print, and then cast by returning the printed ballot to the elections office. In a recent project, NIST, the Center for Civic Design, Verified Voting Foundation and experts in security, accessibility, usability, and election administration set out to answer the question: Can we make remote ballot marking systems both accessible and secure, so voters can use and trust them? We were pleased to discover that these goals can co-exist in a well-designed system, and in many cases they support each other. Following the lead of state election directors, we started with strong principles and supporting guidelines for remote ballot marking systems focusing on the important goals for any election system.

Utah: GOP caucus will be online, but don’t expect Internet voting to take hold elsewhere | Deseret News

When it comes to innovative ways to increase voter turnout, Utah seems to break all the rules. This is a state that lets you vote by mail, vote early and, at least for a three-year trial period, lets you register on the day you vote. Conventional wisdom says that if Republicans run your state, you aren’t supposed to have all those things. “When I go to national election conventions, people are all scratching their heads,” Mark Thomas, chief deputy to Lt. Gov. Spencer Cox, told me. “We’re doing things that only some of the liberal states are doing.” So it shouldn’t be terribly surprising that, if you are a registered Republican in Utah, you will have the chance to vote online in the upcoming presidential preference caucus March 22. That’s just another bold step in a conservative state that’s surprisingly progressive about elections, right? Well, it’s bold all right. As Shakespeare said, “Boldness be my friend.” But as English essayist Charles Lamb said, “’Tis the privilege of friendship to talk nonsense, and to have her nonsense respected.”

New Zealand: Is internet voting secure enough to use? | Radio New Zealand

Serious weaknesses exposed in an online election in Australia are a warning for upcoming New Zealand local body elections, a computer security expert is warning. Eight councils throughout New Zealand are due to trial online voting in local body elections later this year: Selwyn, Wellington, Porirua, Masterton, Rotorua, Matamata Piako, Palmerston North and Whanganui. University of Melbourne computing expert Vanessa Teague did an analysis of the iVote internet voting system used in the New South Wales (NSW) state election last year, and she and the University of Michigan’s Alex Halderman have found a way to break into the system and interfere with votes. She told Nine To Noon there had been a lot of assurances about the safety of the system, and she wanted to test it and see if this was true.

National: Voter targeting becomes voter surveillance | CSO Online

Political candidates have always done everything in their power to target voters. But in the current election cycle, with primary election season officially under way, technology is giving them a lot more power than before. It is at the point where privacy advocates are referring to it as “voter surveillance.” Bruce Schneier, author, blogger and CTO of Resilient Systems, wrote in his recent book “Data and Goliath” that voter surveillance data can cause “unique harms” to the political process due to, “personalized marketing’s capability to discriminate as a way to track voting patterns and better ‘sell’ a candidate or policy position.”

National: Could the US election really be hacked? | International Business Times

The United States presidential election is a complex, drawn-out affair. After months of raucous campaigning at the expense of hundreds of millions of dollars, the lengthy voting process to choose Barack Obama’s successor finally got underway with the Iowa caucuses. Once the two main political parties – Democratic and Republican – choose their respective nominees through party-sponsored contests in each of the states and overseas territories, the process of electing the 45th President of the United States in the general elections scheduled for November will begin. But how secure is the all-important process of marking and casting ballots and then collecting and counting them? Could the use of outdated electronic voting systems with dubious safety controls compromise the integrity of the entire electoral process, or is the threat exaggerated?

Iowa: Microsoft’s vote tallying app worked, web sites didn’t | USA Today

Despite rumors on Twitter to the contrary, by almost all accounts the Microsoft app used to tally unverified caucus votes in Iowa worked exactly as it was supposed to. What broke were the web sites where Republicans and Democrats posted close to real-time information about those votes, which at times crashed under the crush of people eager for news of their candidates. That didn’t surprise Douglas W. Jones, the recording secretary for the Democratic caucus, precinct 4 in Iowa City, Iowa. “In the modern, media-driven world, we’re desperate for results,” he said. His son Nathaniel Douglas, 32, send their caucus results in to the county Democratic party using the app built by Microsoft for the purpose, which he said “worked as advertised.” In precincts where workers didn’t have smart phones, the older updating system of calling in and pressing buttons on a touch-tone phone after inputting a PIN for security was used. “Both systems worked fine,” Douglas said. … At their heart, they are a way for Iowa voters to chose delegates to county, district and state political conventions who will then go on to chose their candidate. That process is heavily scrutinized and has very reliable and very old security baked into it — “it all happens on paper, which we’ve been using for elections going back to Roman times,” said Jones, who is also a professor of computer science at the University of Iowa and an expert on online voting systems.

National: Why You (Still) Can’t Vote Online | National Journal

When Hur­ricane Sandy hit in 2012, it threw New Jer­sey in­to an ad hoc ex­per­i­ment in on­line vot­ing. … Had New Jer­sey’s ex­per­i­ment gone well, it would have been a ma­jor vic­tory for ad­voc­ates of on­line vot­ing, who’ve long ar­gued that the in­ter­net could be a valu­able tool to pro­tect the right to vote and in­crease dis­mal U.S. vot­ing rates. It did not, however, go well at all: Email serv­ers were over­whelmed, leav­ing voters un­able to re­quest or re­turn their bal­lots. In an at­tempt to fix the situ­ation, one elec­tions of­fi­cial gave out his per­son­al email ad­dress to voters to sub­mit their bal­lot re­quests—and a se­cur­ity re­search­er dis­covered that his pass­word re­cov­ery ques­tion was ap­par­ently his moth­er’s maid­en name after look­ing at Hot­mail’s pass­word-re­set form. The of­fi­cial says he was nev­er hacked. … Se­cur­ity ex­perts cried foul at the elec­tion, which saw an es­tim­ated 50,000 bal­lots cast elec­tron­ic­ally. They were con­cerned that voters’ per­son­al data was po­ten­tially ex­posed, and were wor­ried that there was an op­por­tun­ity for bal­lots to go un­coun­ted. “We don’t know how many of these votes were ac­tu­ally coun­ted or shouldn’t have been coun­ted versus lost, or how many people tried to use this sys­tem but were un­able to get bal­lots,” Ed Fel­ten, who was then the dir­ect­or of Prin­ceton Uni­versity’s Cen­ter for In­form­a­tion Tech­no­logy Policy, told Al Jaz­eera in 2014. “We can’t meas­ure it, but cer­tainly there are in­dic­a­tions of over­flow­ing mail­boxes, big back­logs and prob­lems pro­cessing re­quests. So I don’t think you could con­clude at all that this was a suc­cess­ful ex­per­i­ment.”

National: Internet voting is just too hackable, say security experts | USA Today

Three ballot initiatives have been proposed in California to require the state to allow online voting, but security experts and some voting officials say the technology is nowhere near secure enough for something so crucial as the democratic process. “When people stop me in the supermarket and ask, ‘When am I going to be able to vote on my cell phone?’ I say ‘Pretty soon—in about 20 years,’” said Dana DeBeauvoir, the county clerk for Travis County, Texas. She was one of three speakers Wednesday in a session on online voting and security issues at Enigma 2016, a computer security conference held in San Francisco. So much of daily life now happens online, including shopping, banking, communication, that voters naturally wonder why voting can’t too, said J. Alex Halderman, a professor of computer science at the University of Michigan in Ann Arbor, Mich. who researches voting and security. However, the ongoing litany of breaches, hacks and crashes in those realms are an object lesson in why voting shouldn’t happen there. It’s just too important, he said. “Imagine the incentives of a rival country to come in and change the outcome of a vote for national leadership. Elections require correct outcomes and true ballot secrecy,” Halderman said.

Editorials: Paper trail is simply prudent | Tim Kalich/The Greenwood Commonwealth

Elmus Stockstill and Edward Course surely have no devious intentions in wanting to get the external printers off Leflore County’s touch-screen voting machines. But the county’s two top election officials are just wrong — and obviously not well-schooled — on how susceptible electronic voting machines are to hacking and why these printers are the only safeguard against it. Just 10 minutes on the Internet will turn up a decade worth of studies and reports showing that all it takes is access, a basic knowledge of electronics and a few minutes to rig voting machines like those used in Leflore County. I recommend the Board of Supervisors spends 30 minutes reading the study summaries or watching the videos produced by university and government researchers demonstrating the vulnerabilities of so-called “direct recording electronic” (DRE) voting equipment made by Diebold or any of the other touch-screen manufacturers. If the supervisors educated themselves the tiniest bit on this subject, they would see how comical it was of Stockstill, the circuit clerk, to talk — in response to a column I wrote last Sunday — of the memory card inserted in the machines as some kind of fail-safe against hacking. The memory card is actually one likely conduit for introducing a vote-stealing virus.

National: When Will We Be Able to Vote Online? | Scientific American

Sooner or later everything seems to go online. Newspapers. TV. Radio. Shopping. Banking. Dating. But it’s much harder to drag voting out of the paper era. In the 2012 presidential election, more than half of Americans who voted cast paper ballots—0 percent voted with their smartphones. Why isn’t Internet voting here yet? Imagine the advantages! … It’s all about security, of course. Currently Internet voting is “a nonstarter,” according to Aviel D. Rubin, technical director of Johns Hopkins University’s Information Security Institute and author of the 2006 book Brave New Ballot. “You can’t control the security of the platform,” he told me. The app you’re using, the operating system on your phone, the servers your data will cross en route to their destination—there are just too many openings for hacker interference. “But wait,” you’re entitled to object, “banks, online stores and stock markets operate electronically. Why should something as simple as recording votes be so much more difficult?” Voting is much trickier for a couple of reasons. Whereas monetary transactions are based on a firm understanding of your identity, a vote is supposed to be anonymous. In case of bank trouble, investigators can trace a credit-card purchase back to you, but how can they track an anonymous vote? And credit-card and bank fraud goes on constantly. It’s just a cost of doing business. But the outcome of an election is too important; we can’t simply ignore a bunch of lost or altered votes.

Editorials: The Challenges of Digital Voting | David Pogue/Scientific American

In researching my Scientific American column about the dismal prospects for online voting, I interviewed Avi Rubin, Professor of Computer Science at Johns Hopkins University, technical director of Johns Hopkins’s Information Security Institute, and author of Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting. He’s been deeply immersed in the research surrounding electronic voting for decades. Since I have more room on the Web than I do on the printed page, I would like to share more of our conversation here.

David Pogue: Are there any steps that would make you, a security researcher, comfortable with electronic voting?

Avi Rubin: In principle, I think that paper ballots are far superior to electronic voting machines. Even if the machines are high quality (and none of the current ones on the market have proven to be that), the inability to manually recount, to audit, and to prevent rigging and the potential for widespread, wholesale fraud are deal breakers for purely electronic voting. Paper ballots are not a panacea, but without them there is an opportunity for fraud that is much more widespread.

Editorials: Online Voting Is the Future — And It Could Lead to Absolute Disaster | Jack Smith IV/Mic

This year, we’re going to choose a new president. We’ll debate with disgruntled friends on Facebook, monitor every debate on Twitter and use Google to find polling places. And then, those of us who are willing to make the trek will drive, walk, carpool or take trains to small outposts in order to vote. It’s 2016. Why don’t we have an app on our smartphones that allows us to vote remotely and instantly? … What’s holding back online voting? In short, security risks. If we’ve learned anything from the past few years of cybersecurity scandals — like the Office of Personnel Management hack, the Sony Pictures Entertainment fiascoor the Ashley Madison breach — it’s that no digital system can be proven to be totally safe. There’s a common refrain that digital voting experts are tired of hearing: “If I can bank online, why can’t I vote online?” If the internet is safe enough to store our money, shop, file our taxes and perform other sensitive tasks, why can’t it be used to vote? The truth is, we don’t bank or shop safely online. Major retailers and banking systems deal with hacking, fraudulent charges and identity theft every day. Companies like Amazon are used to a small percentage of transactions being fraudulent. And when fraud occurs in a financial transaction, those problems can be fixed after the fact.

National: Legacy voting machines ripe for tampering, breakdowns | GCN

As America preps for the next presidential election, its voting machines are in need of a serious update. Almost every state is using electronic touchscreen and optical-scan voting machines that are at least 10 years old, according a recent Wired article, with Florida, Kentucky, Massachusetts, New Hampshire, Texas and Virginia are all using voting machines that are at least 15 years old. When these machines were introduced, dial-up Internet was used by most of the country, and the voting technology was equally primitive. These outdated machines have a litany of problems including degrading touchscreens, worn-out modems and failing memory cards. And this is before one considers the cybersecurity issues.

National: Outdated Voting Machine Technology Poses Security and Election Risks | StateTech

Votes being registered for the wrong candidate. Voting machines running out of memory. Election officials searching eBay for outdated notebook computers. These are just a few of the nightmarish scenarios state and local officials face as the country’s voting machines age and break down. A recent report by the Brennan Center for Justice at New York University School of Law found that the expected lifespan of core components in electronic voting machines purchased since 2000 is between 10 and 20 years, and for most systems it is probably closer to 10 than 20. Experts surveyed by the Brennan Center agree that the majority of machines in use today are either “perilously close to or exceed these estimates.”

International: Voting From the Privacy of Your Couch | Bloomberg

Electoral fraud has been pervasive in Nigeria since it returned to civilian rule in 1999. This year, to prevent tampering with ballots on the way to the capital, poll workers nationwide used technology from a Spanish software maker called Scytl to scan the tallies and transmit them electronically. Despite predictions of violence, voters elected an opposition candidate—removing an incumbent from office for the first time—in a process Human Rights Watch described as “mostly peaceful.” Governments in 42 countries are using software from Scytl (rhymes with “title”) to bring elements of their elections online, from registering voters to consolidating results. “If you look at the way elections are being run in most countries, it’s still the same way they used to be run 50 years ago,” says Chief Executive Officer Pere Vallès. Using Scytl’s technology, he says, a country can more easily stop fraud and announce winners “in a few hours instead of a few days.” … Many election watchdogs say software isn’t yet secure enough to be trusted, and they’re concerned that Scytl and its competitors haven’t developed a way for third parties to independently verify results. “Murphy’s Law says something is going to go wrong in pretty much every election,” says Pamela Smith, the president of election watchdog Verified Voting in Carlsbad, Calif. “Transmitting actual votes is too high-risk for using online technology.” No current online system has “the level of security and transparency needed for mainstream elections,” according to a July report prepared for the U.S. Vote Foundation, a nonprofit that advocates for expanded absentee voting.

National: Old Voting Tech Puts 2016 Election at Risk | Security Intelligence

In just under a year, Americans will head to the polls to cast their ballots: Democrat or Republican? Carson or Clinton, perhaps Sanders or Trump? But even 12 months out, political and tech experts are starting to worry that current voting technology won’t be able to keep up with citizen demand. Worst case? A repeat of the 2000 election debacle in Florida, which is still under investigation today. Best case? The country gets on board with at least some electoral advancements to help safeguard the process. What options are available to current voters looking to cast their ballot in the upcoming election? USA.gov’s “Voting and Registering to Vote” page provides the basics: Citizens can turn up in person at their local polling station with applicable ID, or if they’re away from home, they may vote using a mail-in absentee ballot. Making the process more complicated is the fact that citizens must register to vote in federal elections at the state level, and all states have their own registration methods in place. For example, 23 states allow voters to register online, while others only accept a hard copy of the National Mail Voter Registration Form. But there’s a twist: Certain states like North Dakota and Wyoming, along with territories such as American Samoa, Guam and Puerto Rico, don’t accept the National Mail Voter Registration Form, meaning citizens must register in person at specific government offices.

Florida: Proposed bills put greater scrutiny on Florida’s voter purges | News13

Seeking to hold Gov. Rick Scott to a higher level of scrutiny should his administration call for a purge of Florida’s voting rolls in 2016, Democratic lawmakers have filed measures to mandate the listing of purged voters according to party affiliation. Under SB 736 and HB 523, election supervisors would be required to give the Florida Department of State bi-annual lists of purged Democrats, Republicans and those who belonged to other party affiliations in each of the state’s 67 counties. The Scott administration has been roundly criticized by election supervisors and voting rights groups for ordering a problem-riddled voter purge in 2012. From a list of roughly 180,000 voters the administration believed to be non-citizens and therefore illegally registered, just 85 were identified as such and removed from the voting rolls.

National: The First Bitcoin Voting Machine Is On Its Way | Motherboard

America’s voting machines are archaic and rundown, a recent study showed, and security experts have warned that voter machines are vulnerable to hacking. Enter Blockchain Technologies Corp, a company that hopes to replace existing proprietary machines with secure, open-source voting machines that use the blockchain, the technology behind Bitcoin. … Advocates say blockchain-based elections are transparent and secure. They’ve been tested by the Liberal Alliance in Denmark and the European Pirate Party. And now, Blockchain Technologies Corp. is developing an actual voting machine that will record votes using a blockchain. … However, there’s only so much that blockchain technology can do. “Blockchain technology can provide untamperable audit trails, but it doesn’t solve the hard problem that erroneous or malicious software in the voting machine may cast votes other than how the voter intended, and the voter will never be able to know,” explains Jeremy Epstein, senior computer scientist at SRI International who actively warned about the security of Virginia’s machines.

Australia: E-voting: Why Australia isn’t voting electronically on election day | Daily Telegraph

We are the pioneers of the secret ballot electoral system, but when it comes to electronic voting, Australia has long been behind the pack. Kazakhstan, India, Brazil and Estonia are among the countries who long ago swapped pencil-and-paper ballots for e-voting at polling stations or over the internet. Meanwhile, in Australia, most of us continue to bemoan the chore of queuing for hours at the polling booth. … During the NSW state election in March, residents who were vision impaired, disabled or out of town on election day were able to cast their vote with the remote voting system, iVote, in what was the biggest-ever test of e-voting in the country. … But the success of iVote was marred by reports two security experts had exposed a major security hole that could potentially affect huge numbers of ballots and maybe even change the election outcome. University of Melbourne research fellow Vanessa Teague said she and Prof Alex Halderman from the University of Michigan found iVote had a vulnerability to what’s called a man-in-the-middle attack when they tested the system with a practice server in the lead-up to the election. “We could expose how the person intended to vote, we could manipulate that vote, and we could interfere with the return of the receipt number and thus prevent the person from logging into the verification server afterwards,” she told news.com.au.

Australia: To defend iVote, the NSW electoral commission went to Switzerland | The Mandarin

Last month, the New South Wales Electoral Commission’s ongoing battle to defend the integrity of its online voting system took chief information officer Ian Brightwell all the way to Switzerland — the last bastion of modern direct democracy. After requests from commissioner Colin Barry were knocked back by two other academic conferences, Brightwell finally got his chance to explain the NSW experience of implementing iVote in direct response to a pair of crusading academics who have doggedly attacked the online voting platform both in Australia and abroad. The organisers of the VoteID 2015 conference, held last month in Bern, Switzerland, deemed the claims and counter-claims interesting enough to design a special session around them. By now, most people who’ve heard about online voting in NSW would have also heard the persistent warnings of Vanessa Teague, a research fellow at the University of Melbourne, and J. Alex Halderman, an associate professor of computer science and engineering from the University of Michigan.

Editorials: VW scandal and cheating software | Bruce Schneier/CNN

For the past six years, Volkswagen has been cheating on the emissions testing for its diesel cars. The cars’ computers were able to detect when they were being tested, and temporarily alter how their engines worked so they looked much cleaner than they actually were. When they weren’t being tested, they belched out 40 times the pollutants. Their CEO has resigned, and the company will face an expensive recall, enormous fines and worse. Cheating on regulatory testing has a long history in corporate America. It happens regularly in automobile emissions control and elsewhere. What’s important in the VW case is that the cheating was preprogrammed into the algorithm that controlled cars’ emissions. Computers allow people to cheat in ways that are new. Because the cheating is encapsulated in software, the malicious actions can happen at a far remove from the testing itself. Because the software is “smart” in ways that normal objects are not, the cheating can be subtler and harder to detect. We’ve already had examples of smartphone manufacturers cheating on processor benchmark testing: detecting when they’re being tested and artificially increasing their performance. We’re going to see this in other industries.

National: Alex Halderman Strengthens Democracy Using Software | Popular Science

In 2010, the District of Columbia decided to test its online absentee voter system. So officials held a mock election and challenged the public to do their best to hack it. It was an invitation that Alex Halderman, a computer-security expert at the University of Michigan, couldn’t resist. “It’s not every day that you’re invited to hack into government computers without going to jail,” he says. In less than 48 hours, Halderman and his students gained complete control of the system and rigged it to play the Michigan fight song each time a vote was cast. The students were ecstatic, but Halderman, who has a long history of exposing cybersecurity weaknesses, takes a more sober view. “This is the foundation of democracy we’re talking about,” he says.

National: Faulty Voting Machines Put US Democracy at Risk | Al Jazeera America

Fifteen years after voting problems in Florida left the United States without a clear winner in its presidential election for five traumatizing weeks, a disturbing proportion of voting machines in use across the nation are old and prone to malfunction, according to the findings of a major new study issued Tuesday by the Brennan Center for Justice at the NYU School of Law. From counties still using analog modems, dot-matrix printers and software that works only with Windows 2000 to touchscreen machines with surfaces so degraded that votes can be recorded for the wrong candidates, the the 68-page report raises alarms about the condition of election equipment and the potential for Election Day 2000-style failures. Forty-three states have counties using machines that will be at least 10 years old by Election Day 2016, and counties in 14 states will be using machines that will be more than 15 years old, co-authors Lawrence Norden and Christopher Famighetti found. They put their national estimate for replacement equipment at more than $1 billion, but they believe that using off-the-shelf technology like tablet computers could considerably reduce immediate and long-term expenses.

Verified Voting in the News: Virginia Finally Drops America’s ‘Worst Voting Machines’ | Wired

If you voted in a Virginia election any time between 2003 and April of this year, your vote was at serious risk of being compromised by hackers. That’s the assessment reached by Virginia’s board of elections, which recently decertified some 3,000 WINVote touchscreen voting machines after learning about security problems with the systems, including a poorly secured Wi-Fi feature for tallying votes. The problems with the machines are so severe that Jeremy Epstein, a computer scientist with SRI International who tried for years to get them banned, called them the worst voting machines in the country. If the WINVote systems weren’t hacked in a past election, he noted in a recent blog post and during a presentation last week at the USENIX security conference, “it was only because no one tried.” The decision to decommission the machines, which came after the state spent a decade repeatedly ignoring concerns raised by Epstein and others, is a stark reminder as the nation heads into the 2016 presidential election season that the ongoing problem of voting machine security is still not taken seriously by election officials. Virginia officials only examined the WINVote systems after Governor Terry McAuliffe tried to vote with one during the state’s general elections last November.