Russia: How Russia could easily hack its neighbors’ elections | Washington Post

In 2007, the Estonian government came under a massive denial-of-service attack that crippled the country’s banking, government and law enforcement infrastructure. Nobody took responsibility for the flood of bogus Internet traffic, but some suspected Russia was the culprit. Given what we know about Russia’s aggressive border policies, it’s a plausible theory. The Kremlin, after all, had a motive: Estonia had recently taken down a Soviet-era statue, and ethnic Russians were up in arms about it. If Moscow wanted to take the opportunity to meddle in Estonia’s affairs, according to research by an international team of security experts, it could do so cleanly and silently without anyone being the wiser. The attack could come via Estonia’s online voting system. Estonia’s is one of the only such ballot systems in the world, which makes it a fascinating test case for other countries or governments weighing the costs and benefits of e-voting. Unfortunately, the researchers discovered, this system is vulnerable to hacking in ways that could change the outcome of entire elections.

National: Problem at the polls: Tech stuck in past | The Hill

In the world of iPads, Google Glass and even bitcoin, voting technology remains stuck in a virtual dark age. Nearly 14 years after the 2000 election recount debacle in Florida, election officials now face the challenge of replacing voting machines that are on their last legs in a rapidly changing tech world that’s moved even beyond the changes spurred by that voting mess. Transitioning to modern voting machines, however, won’t be easy due to a lack of advanced machines, small budgets and a burdensome regulatory process. The next frontier to replace aging and unreliable machines should be commercially made and software-only products, the Presidential Commission on Election Administration said in a January report. “Tablet computers such as iPads are common components of these new technologies. They can be integrated into the check-in, voting and verification processes in the polling place,” the report said.

Delaware: Pew report praises Delaware voter registration, questions voting machines | Delaware Public Media

The Pew Charitable Trust’s examination of 17 areas such as polling station wait times placed Delaware in the top twenty-five percent of states overall when it comes to “election performance” – so says Pew’s manager of election initiatives Zachary Markovitz. “Delaware really is a pioneer leading the states, especially in improving their voter registration system,” said Markovitz. That improvement comes in the form of the “e-signature” program, which the First State implemented in 2009. The initiative lets Delaware residents complete the entire voter registration process at the DMV, instead of having to fill out paperwork, send it in by mail, wait for a response…. and very possibly, and understandably, have something get messed up along the way. The e-signature program was even praised by a task force commissioned by President Obama after the 2012 elections to find ways to improve election performance around the country. Still, Pew’s report found room for improvement in Delaware. Markovitz points to Delaware’s “residual vote rate” — basically, the number of votes cast in an election versus those actually counted. And when those numbers don’t match up, it could imply that some people’s votes are slipping through the cracks. …

Verified Voting in the News: Problems and questions face D.C. following primary | electionlineWeekly

The complaining on social media began almost as soon as the polls in Washington, D.C. closed at 8 p.m. on the April 1 primary. Where were the first results? Why haven’t we heard anything? While certainly the 8 p.m. naysayers could be dismissed for their short attention spans and need for instant gratification, when 9 p.m. came and went with no results, not even those from early voting, even calmer heads started to wonder: Again? Why are there no results? Whoever was running the D.C. Board of Elections’ Twitter page was doing their best to keep people informed, but by 9:30 the Twitterati and local media were having none of it. Finally at 9:55 p.m. the first results began to trickle in, but there were discrepancies in the numbers between what reporters were given and what was appearing on the DCBOE’s website. It was near 2 a.m. before the final votes were tallied in an election that had the lowest election turnout in 30 years. … In D.C. there are not just two different voting systems but multiple electronic systems. Poll workers had to go through a complex-sounding process to transfer the results from one DRE to the other so that all the votes in the precinct were reported together. “When you have two systems, you have more shutting down and more reconciling to do. You have more checks to do and more checklists to check,” said Dana Chisnell with the Center for Civic Design. “You also have to reconcile *between* the systems, so it wouldn’t be surprising to me if there was confusion around that.”

National: Verified Voting Marks 10 Years of Safeguarding US Elections | Scoop News

In 2004, Verified Voting began working to make U.S. voting systems more secure. The organization sprang from the energy created when founder David Dill issued the Resolution on Electronic Voting, which today has 10,000+ endorsers including top computer security experts and elected officials. Dill was subsequently appointed to the California Ad Hoc Task Force on Touch Screen Voting by then-Secretary of State Kevin Shelley (now a Verified Voting Board member). Click here to read Dave and Kevin’s look back at the origin of their relationship… What a difference a decade makes! At the time, fewer than one-sixth of the states had a requirement for voters to be able to verify their vote on a paper record or ballot: today, nearly three-fourths do. Yet, this November, sixteen states will use voting systems that do not provide an independent means of verifying individual votes, and nearly half the states will not conduct post-election audits to verify the accuracy of election results.

Editorials: Online balloting: good intent, bad law | Justin Moore/ Richmond Times-Dispatch

This week the General Assembly has been considering an important election-reform bill that could greatly affect the security of the ballots of our troops and the integrity of elections in Virginia. HB 759 would allow military voters to send marked ballots back over the Internet via email. The bill is intended to address the very real challenges facing military voters, but allowing ballots to be returned over the Internet creates extraordinary risks both to the votes of our men and women in uniform and to the electoral infrastructure of our state. The Internet provides great opportunities, but also tremendous risks. The skill and stealth of hackers continues to outpace our ability to secure Internet-based services. Target, Adobe, Sony, Google, Apple, Facebook, Citigroup and others have all been victims, as have the Department of Defense and the State of South Carolina. Government security experts are raising increasingly urgent warnings regarding computer attacks. The rise of organized, well-funded, state-sponsored hackers has made the cyber world less secure now than ever before. Gen. Keith Alexander, head of the National Security Agency and the Department of Defense’s U.S. Cyber Command, stated that between 2009 between 2011 there was a 1,700 percent increase in computer attacks against American infrastructure initiated by criminal gangs, hackers and other nations. At the direction of Congress, scientists at the federal National Institute of Standards and Technology (NIST) have been conducting research into the use of online systems for military voters. NIST has stated that with the security tools currently available, secure online ballot return is not feasible and that more research is needed.

Ohio: Aging voting machines could jeopardize elections, officials say | The Columbus Dispatch

Across much of the country, voters are casting ballots at voting machines with expired warranties or outdated components. For the next election, these machines will likely suffice, but these decade-old machines could fail in the next few years. The problem is two-fold: Many Ohio counties say they do not have the money to purchase replacements for their 2005-era machines, and anyway, there’s little incentive for them to update. Voting-machine technology hasn’t advanced much since the federal government last revised its certification standards — in 2005.

Maryland: Experts remain concerned about Maryland election fraud threat | Baltimore Sun

By now, just about everyone connected to the Internet is familiar with this process: Required to fill out and sign a form of some kind, you ask for and receive a hyperlink via email. You open the link, find the form you need (perhaps a pdf), download it, print it, fill it out and mail it off. That’s a common practice, though increasingly old-school by today’s online standards. There doesn’t seem to be anything particularly risky about the transaction; few would think twice about conducting business that way. But while integrity is important in all transactional realms, it rises to precious when we’re talking about voting. And that’s why a similar process, new this year and slated to be part of Maryland’s primary election in June, has some civic-minded computer security experts sounding alarms about the potential for fraud. … The three experts who wrote to the board about this in 2012 were David Jefferson, a computer scientist based at the Lawrence Livermore National Laboratory in California; J. Alex Halderman, assistant professor of electrical engineering and computer science at the University of Michigan; and Barbara Simons, a retired IBM computer scientist and an expert on electronic voting. They are part of network of vigilant computer security experts who independently assess state elections systems and report their concerns.

South Carolina: Clemson program could bring online voting to South Carolina | The State

As the calendar rolls into 2014, the political season moves into hyper mode as state voters prepare to go to the polls to elect a governor and two U.S. senators and make other decisions in a mid-term election. Memories of long lines at the polls and questions about the state’s electronic voting machines are likely to recur. A Clemson University professor says he has some technological solutions to those problems. Juan Gilbert, chair of human-centered computing at Clemson, envisions a time when voters will be able to cast their ballots online without leaving home, and when each vote can be verified without relying solely on electronic data. …  The state spent more than $34 million for about 11,400 iVotrinic voting machines in 2004 and 2005, according to a report released last year by the state Legislative Audit Council. That’s about $3,000 per machine, compared to about $500 for an iPad.

South Dakota: Military voting abroad gets a technology boost | Argus Leader

A new system unveiled Monday will help overseas South Dakota military personnel exercise their right to vote even as they defend that right for those at home, Secretary of State Jason Gant said Monday. It will make it easier for military personnel to obtain absentee ballots and register to vote. That process can take as long as 60 days now, but the new system will allow ballots to be filled out in a few minutes. No other state is doing anything like it, Gant said. “We wanted to truly be innovative in the country,” Gant said. “We didn’t want to copy what another state had done.” The system will enable service members to use the cameras on electronic devices, such as iPads or smartphones, to scan the bar code on their common access cards, the identification cards issued to all service members. … While the system uses online technology, it is not online voting because it requires users to print and mail the ballot. Online voting is controversial because opponents fear that voting information can be intercepted or altered.

Texas: Comal County will seek a recount over election oddities | San Antonio Express-News

Comal County wants to recount Tuesday’s ballots by hand to resolve problems with both the initial election results from electronic voting machines and the revised tallies those machines produced Wednesday. The revised numbers didn’t change the outcome of any race. Confidence in them, though, plummeted this week because they indicate 649 ballots were cast in the contest for Place 3 on the Schertz City Council, despite only 540 voters being registered in the part of the town that’s in Comal County, officials said. County Judge Sherman Krause conferred with the machine vendor, Election Systems & Software, and the secretary of state’s office. The balloting included three at-large council races in Schertz, a Comal Independent School District bond election and a contested seat on the Cibolo Municipal Authority board. An audit of all 179 voting machines Wednesday showed 16,101 votes were cast countywide, not the 13,686 reported Tuesday night. The Schertz numbers didn’t shrink, they grew.

Verified Voting in the News: California College Vote Hack | David Jefferson/Election Law Blog

I just read Doug Chapin’s article on the vote rigging at Cal State San Marcos, and I would add several observations.  Had this been a public election conducted via Internet voting, it would have been much more difficult to identify any problem or to capture the perpetrator, Mr. Weaver. Mr. Weaver was captured because he was voting from school-owned computers. This was networked voting but not really Internet voting. The IT staff was able to notice “unusual activity” on those computers, and via remote access they were able to “watch the user cast vote after vote”. But in a public online election people would vote from their own private PCs, and through the Internet, not on a network controlled by the IT staff of election officials. There will likely be no “unusual activity” to notice in real time, and no possibility of “remote access” to allow them to monitor activity on a voter’s computer.  Note also that university IT staff were able to monitor him while he was voting, showing that they were able to completely violate voting privacy, something we cannot tolerate in a public election.

Verified Voting in the News: Cybersecurity panel hears about security risks of internet voting | WVTF

A special cybersecurity panel of the Joint Commission on Technology and Science has voted to move forward with crafting state legislation to enable many deployed military voters to cast their absentee ballots on-line.  The panel decided that the pilot program should focus on active-duty military personnel based outside of the continental U.S.–instead of also including spouses and other employees. As proposed, the bill would require signing and scanning of each ballot, a witness, and use of a military smart-ID card that’s encrypted. Local officials would compare the ballots received with matching absentee voting applications and investigate any irregularities. But SRI International’s Jeremy Epstein warned of potential problems, including viruses.

Estonia: E-voting source code publishes on GitHub | Ars Technica

Estonia, which created the world’s first nationwide Internet-based voting system, has finally released its source code to the public in an attempt to assuage a longstanding concern by critics. “This is the next step toward a transparent system,” said Tarvi Martens, chairman of Estonia’s Electronic Voting Committee, in an interview Friday with ERR, Estonia’s national broadcaster. “The idea, which was the result of joint discussion between numerous Estonian IT experts and the Electronic Voting Committee, was implemented today. We welcome the fact that experts representing civil society want to contribute to the development and security of the e-elections.” Martens and his colleagues have now put the entire source code on GitHub—previously it was only made available after signing a confidentiality agreement.

Canada: Liberal Party Holds Online Primaries While Security Experts Scowl | TechPresident

Canada’s Liberal party elected a new leader last week. And for the first time in the party’s history, the voting took place online. Justin Trudeau, the telegenic son of the late Pierre Trudeau, Canada’s most famous prime minister, won in a landslide with over 80 per cent of the vote. But online voting critics say that despite the decisive results, the Internet remains an unsafe place to cast your vote. “If the Conservative party want to select the next Liberal party leader, this provides them with the perfect opportunity,” says Dr. Barbara Simons, an online voting expert, and co-author (with Douglas Jones) of Broken Ballots: Will Your Vote Count? “I am not saying the Conservatives would do this — I’m just saying this is a very foolish and irresponsible thing for Liberals to be doing, because they open themselves up to vote-rigging that would be almost untraceable, and impossible to prove.”

Verified Voting in the News: California Assembly committee passes Internet voting bill with secret amendments | Kim Alexander’s Weblog

Last Tuesday at the California Assembly Elections committee hearing,AB 19 by Assemblyman Phil Ting (D-San Francisco) was heard and passed on a 4-3 vote. If enacted, the bill would create a California online voting pilot program. Over the weekend, while cleaning out some old papers, I had deja vu moment when I came across a December 4, 2000 news release issued by then-Assembly Majority Leader Kevin Shelley announcing the introduction of AB 55, which among other things, as originally introduced would have established an online voting pilot program under the direction of the Secretary of State. That provision was ultimately amended out, and Mr. Shelley would go on to become the Secretary of State of California and one of the nation’s first political leaders to support a voter verified paper audit trail and mandatory election recounts.

Editorials: Internet voting for overseas military puts election security at risk | Pamela Smith/Hartford Courant

Connecticut lawmakers are considering legislation to allow military voters to cast ballots over the Internet. The intention of this legislation is well-meaning — Connecticut does need to improve the voting process for military voters — but Internet voting is not the answer. Every day, headlines reveal just how vulnerable and insecure any online network really is, and how sophisticated, tenacious and skilled today’s attackers are. Just last week, we learned that the U.S. has already experienced our first-ever documented attack on an election system, when a grand jury report revealed that someone hacked into the Miami-Dade primary elections system in August 2012. A chilling account in The Washington Post recently reported that most government entities in Washington, including congressional offices, federal agencies, government contractors, embassies, news organizations, think tanks and law firms, have been penetrated by Chinese hackers. They join a long list that includes the CIA, FBI, Department of Defense, Bank of America, and on and on. These organizations have huge cybersecurity budgets and the most robust security tools available, and they have been unable to prevent hacking. Contrary to popular belief, online voting systems would not be any more secure.

Ohio: Electronic poll books seem conceptually simple but may be vulnerable to hacking and cyber attacks, experts say | cleveland.com

Cuyahoga County elections officials plan to experiment with electronic poll books to verify the registration of in-person voters despite warnings that the devices are vulnerable to hacking and even politically motivated cyber attacks. Two experts contacted by The Plain Dealer said the so-called e-poll books also have spotty performance records in several places where they have been tested and could be especially challenging for Cuyahoga County because of its larger number of voters and past troubles with new election technology. “E-poll books are similar to other computer-based technologies in voting – full of promise and lousy execution in most locations,” said Candice Hoke, a Cleveland State University law professor and an authority on laws governing election technologies. “Our counties should be extremely chary of adopting them, but definitely a pilot project is a good way to proceed.”

National: First Known Election Fraud Hack Attempted in 2012 Florida Primary | E-Week

In the first known example of an attempt to hack a U.S. election, an online attacker took advantage of the lax security surrounding the online process of requesting absentee ballots in the 2012 primary in Miami-Dade County, Florida, to order more than 2,500 ballots. The scheme could have actually worked if it was done with more skill, stated a grand jury report released in December, but whose findings only recently came to light. The attack failed to affect the outcome of the election, but succeeded in verifying the dangers of election processes that allow voters to cast their ballots via email over the Internet. While voting irregularities have cropped up in numerous U.S. elections, no known hack of a live election has been attempted, said David Jefferson, computer scientist at Lawrence Livermore National Laboratory and a member of the board of directors of Verified Voting and the California Voter Foundation.

Kentucky: Democrats say online voting would be more secure than vulnerable Florida system | The Courier-Journal

As Kentucky Democrats make a last-minute push to allow U.S. military to vote online, Florida is reporting what appears to be the first case of someone trying to manipulate U.S. voting through the Internet. A Miami-Dade County grand jury report reveals Internet requests from computers in locations such as Ireland, England and India sought more than 2,500 absentee ballots during the primary election last August. The report said officials blocked the ballots from going out when they saw “an extraordinary number” of ballot requests from the same group of computers. Secretary of State Alison Lundergan Grimes said her proposal for Kentucky differs from the Florida system, which didn’t require users to sign in with a password. “That example isn’t applicable to what Kentucky is trying to do,” Grimes said. But Candice Hoke, a law professor and director of the Center For Election Integrity at Cleveland State University in Ohio, said the Florida case shows that Internet voting is a potential target and that there may have been other attempts to manipulate the voting that haven’t been uncovered.

National: First-ever cyberattack on US election points to broad vulnerabilities | CSMonitor.com

Over a 2-1/2 week period last July, more than 2,500 online “phantom requests” for absentee ballots were made to Miami-Dade County election headquarters, marking the first known cyberattack on a US election. The fake requests for ballots targeted the Aug. 14 statewide primary and included requests for Democratic ballots in one congressional district and Republican ballots in two state House districts, according to a recent Miami Herald report. The fake requests were done so clumsily that they were red-flagged and did not foul up the election. In any case, they would not have been enough to change the outcome. But now confirmed as the first cyberattack aimed at election fraud, the incident is further evidence that the vote-counting process is vulnerable, particularly as elections become more reliant on the Internet. “This is significant because it’s the first time we’ve seen a very well documented case of attempted computer election fraud in the US,” says J. Alex Halderman, a cybersecurity researcher at the University of Michigan who focuses on election-system vulnerabilities. “This should be a real wakeup call because it illustrates the sort of computer voting attacks that many scientists have been warning were possible for years.”

National: Cyberattack on Florida election is first known case in US, experts say | NBC

An attempt to illegally obtain absentee ballots in Florida last year is the first known case in the U.S. of a cyberattack against an online election system, according to computer scientists and lawyers working to safeguard voting security. The case involved more than 2,500 “phantom requests” for absentee ballots, apparently sent to the Miami-Dade County elections website using a computer program, according to a grand jury report on problems in the Aug. 14 primary election. It is not clear whether the bogus requests were an attempt to influence a specific race, test the system or simply interfere with the voting. Because of the enormous number of requests – and the fact that most were sent from a small number of computer IP addresses in Ireland, England, India and other overseas locations – software used by the county flagged them and elections workers rejected them. Computer experts say the case exposes the danger of putting states’ voting systems online – whether that’s allowing voters to register or actually vote. “It’s the first documented attack I know of on an online U.S. election-related system that’s not (involving) a mock election,” said David Jefferson, a computer scientist at Lawrence Livermore National Laboratory who is on the board of directors of the Verified Voting Foundation and the California Voter Foundation.

National: U.S. Election Assistance Commission and NIST trumpet innovation in voting technology | California Forward

Last week, the National Institute of Standards and Technology (NIST) and the U.S. Election Assistance Commission hosted a Future of Voting Systems Symposium. The three-day meeting outside of Washington, DC was designed to look at the latest developments in the field of voting technology and assess how such developments mesh with the current federal structure for testing and certification. The takeaway from the meeting was sobering and exciting; while it is increasingly clear that existing testing and certification requirements aren’t working, there is a burst of creativity underway by election officials, technologists and other stakeholders in the effort to design a different and better approach.

California: Path toward online voting stymied by fear of hacking | California Forward

While we can do just about everything on the Internet these days, like buy groceries, pay bills, and most importantly, waste hours watching cat videos, we can’t yet cast a ballot online. But the idea of e-Voting, as it’s called, isn’t so far-fetched. Eight years ago the small Baltic country of Estonia became the first country in the world to allow voters to cast ballots over the Internet, and it has actually worked rather well. After the successful launch of online voter registration last year, which allowed roughly 600,000 Californians to register online in the final 45 days before the 2012 election, electronic voting would seem like the logical next step. Furthermore, it’s reasonable to believe that California, home to Silicon Valley and birthplace of the Internet revolution, would lead the charge toward cyberspace voting. Don’t rush out and buy an iPad just yet; it’s unlikely that you’ll be voting for president, governor, or mayor on one anytime soon. In fact, voting security experts like Pamela Smith, president of Verified Voting Foundation, a nonpartisan nonprofit dedicated to safeguarding elections in the digital age, hope to slow any expansion to Internet voting, for now anyway. Smith warns that online voting is a “dangerous idea” as there is currently no way to guarantee the security, integrity, and privacy of ballots cast over the Internet.

National: Could Online Oscar Voting Lead to Online Public Elections? | Government Technology

If online voting is good enough for the Oscars, why isn’t it good enough for public elections? A panel of experts assembled on Feb. 14 to consider whether the Academy of Motion Picture Arts and Sciences’ decision to capture votes online for this year’s Oscars means that technology has matured to the point where public elections can be held online. According to an article in The Hollywood Reporter, voting to determine who would receive a nomination for an Academy Award began Dec. 17 and ended Jan. 3. While a majority of Academy members registered to take advantage of the online voting option, the process was not without its snags. Many confessed to password trouble, while others worried about hackers jeopardizing voter intent. … David Jefferson, a computer scientist at Lawrence Livermore National Laboratory and chairman of the board for the nonprofit Verified Voting, outlined several major differences between private elections, like those conducted for the Academy Awards, and public elections. Public elections, Jefferson said, inherently have much higher standards for security, privacy and transparency. “Just because this works for private elections or is useful for private elections, we don’t want people thinking … it is appropriate for public elections.”

Verified Voting in the News: Internet voting, the third-rail of elections | electionlineWeekly

There are no two words that get elections officials, scholars, vendors and geeks more riled up than Internet voting. The emotions on both sides often run so high that at times it can seem almost impossible to even have a conversation about the concept of casting a ballot online. But with concerns about long lines on Election Day, with the U.S. Postal Service cutting services, and elections officials concerned about getting ballots to voters overseas or in times of emergency, is it possible to discuss the possibilities? “Is there anything not controversial related to voting?  If voting machines had to go through acceptance that Internet voting is facing, they wouldn’t have been rolled out,” said Brian Newby, Johnson County, Kan. election commissioner. “The movement has pretty successfully been slowed by emotion and in particular, emotion masquerading as fact.” According to Newby, beyond the technological issues, there are some who are very impassioned because it takes away the spirit of community that comes with voting. “I respect that opposition because at least they are saying they don’t like Internet voting because of the way they feel. That’s an emotional argument that’s fair because it’s called out from the beginning as being emotional. Newby acknowledged that it is a difficult conversation, in part, because the country is no closer to Internet voting in the United States, really, than it was five or 10 years ago. “Discussion has been successfully stonewalled, so why fight with success?” Newby said. ”The best argument that could be made would be that there is a growing use of Internet voting options for military and overseas voters, but even those options have been much more evolutionary than revolutionary.”

Vatican City: How secure is the papal election? | Bruce Schneier/CNN.com

As the College of Cardinals prepares to elect a new pope, security people like me wonder about the process. How does it work, and just how hard would it be to hack the vote? The rules for papal elections are steeped in tradition. John Paul II last codified them in 1996, and Benedict XVI left the rules largely untouched. The “Universi Dominici Gregis on the Vacancy of the Apostolic See and the Election of the Roman Pontiff” is surprisingly detailed. Every cardinal younger than 80 is eligible to vote. We expect 117 to be voting. The election takes place in the Sistine Chapel, directed by the church chamberlain. The ballot is entirely paper-based, and all ballot counting is done by hand. Votes are secret, but everything else is open. First, there’s the “pre-scrutiny” phase. “At least two or three” paper ballots are given to each cardinal, presumably so that a cardinal has extras in case he makes a mistake. Then nine election officials are randomly selected from the cardinals: three “scrutineers,” who count the votes; three “revisers,” who verify the results of the scrutineers; and three “infirmarii,” who collect the votes from those too sick to be in the chapel. Different sets of officials are chosen randomly for each ballot. Each cardinal, including the nine officials, writes his selection for pope on a rectangular ballot paper “as far as possible in handwriting that cannot be identified as his.” He then folds the paper lengthwise and holds it aloft for everyone to see. When everyone has written his vote, the “scrutiny” phase of the election begins.

National: Online voting: Safe for Oscars, but not yet for elections? | TechHive

For the first time ever, this year’s Oscar winners were selected online. The Academy of Motion Picture Arts and Sciences decided to let its members vote online, but cybersecurity and elections experts say that casting Internet ballots in public elections is still a long way off. Even picking Best Picture winners led to serious snafus. The voting deadline for the Oscars was extended in early January after some members had issues with account registration (password requests were answered by snail mail rather than email). But in public elections, deadlines can’t be extended. A group of cybersecurity and elections experts last week reiterated the dangers of modeling public elections after private ones. Companies who design online voting systems for award shows or corporate shareholder meetings may suggest these systems can also be used in congressional or presidential races. Those claims should be met with skepticism, said computer scientist David Jefferson, chairman of the nonprofit Verified Voting Foundation. “There are major differences between private and public elections: the degree of security required, the degree of privacy required, the degree of transparency required,” Jefferson said in a telephone press conference Thursday. “In a public election we’re talking about a national security situation.”

National: Online Voting For Academy Awards Must Not Become Model For Public Elections, Cyber Security & Voting Rights Experts Warn | Paramus Post

A group of concerned cyber security experts and voting rights advocates released a statement today warning that Internet voting for this year’s Academy Awards must not become a model for public elections. The group includes advocacy organizations Common Cause and Verified Voting and some of the most renowned figures in computer science including Ron Rivest, co-founder of RSA and Verisign and recipient of the Turing Award;[1] and Dr. Barbara Simons, former President of ACM and author of Broken Ballots: Will Your Vote Count? “When the Academy of Motion Picture Arts and Sciences announced that it would be using an online voting system to help its members choose this year’s Oscar nominees and finalists, thereby adding to the “credibility” of online voting, we found ourselves compelled to remind the general public that it is dangerous to deploy voting by email, efax, or through internet portals in public governmental elections at this time,” the experts said. “Public elections run by municipal, local and state governments should not be compared to elections like the one run by the Academy.”

National: Computer security experts and advocates: Internet voting poses risk | Politico.com

Just because online voting is possible, doesn’t mean the U.S. government should try it for national elections any time soon. That’s the message computer security experts and advocates for voting rights are trying to get across to American voters. David Jefferson, a Lawrence Livermore computer scientist, said Thursday that hosting a national election online poses a national security threat. Jefferson was part of a press conference hosted by Common Cause, a transparency advocacy organization. He pointed out three fundamental areas of attack by hackers or viruses, with no immediate solutions for online voting. “Client side” attacks would trigger malicious software in a voter’s computer or smartphone itself. “Server side” attacks could bring down the servers that would collect and count the votes and the “denial of service” attacks could actually prevent people from voting and take the server down. “There is no fundamental solution to any of these categories of problems, and at least for the client or server side, anyone in the world can initiate such an attack. It can be completely undetectable so the outcome would be wrong and no one would know about it,” said Jefferson, who serves on the board of the Verified Voting Foundation and California Voter Foundation. Even if a faulty outcome is discovered, he added, there would be no way to correct it as there would be no audit trail to “recount.”