Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system’s design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what’s going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly. “Most of the system is split across hundreds of different files, each configured at various levels,” Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England’s GCHQ intelligence agency, told Motherboard. “I’m used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding.”Full Article: Experts Find Serious Problems With Switzerland's Online Voting System.
Articles about voting issues in Europe.
At the headquarters of Ukraine’s SBU more than a dozen local and Western security experts watch a simulated foreign cyber attack on several big screens ahead of this month’s presidential vote. During the joint EU-Ukraine cyber security drills the Westerners pretend to be hackers attacking the country’s central election commission, while the Ukrainians seek to neutralise them. The exercises held in Kiev last week involved around a hundred experts and were part of efforts to prevent arch-foe Russia from interfering in the crucial March 31 election. Ukrainian security officials said they had registered a growing number of distributed denial-of-service attacks and phishing attempts to gain access to computers of the country’s ministries and other state structures in recent months.Full Article: Ukraine ready to take on Russian election hackers.
Facebook says it has removed more than 200 “inauthentic” accounts targeting people in Moldova, some of which were linked to government employees. Moldovans go to the polls on 24 February under a new electoral system. One of Europe’s poorest countries, it is politically split between pro-Western and pro-Russian factions. Facebook said the accounts posted about divisive political issues, shared manipulated photos, and impersonated a local fact checking-organisation.Full Article: Moldovan election prompts Facebook to remove accounts - BusinessGhana.
Swiss authorities are trumpeting the fact that more than 2,000 would-be hackers from around the world have taken up an invitation to try to find holes in Switzerland’s groundbreaking online voting system — and potentially earn tens of thousands of francs (dollars) if they succeed. The Federal Chancellery and Swiss regions, known as cantons, expressed satisfaction at the high response barely a week after launching a registration for IT experts to help crack a planned update to Switzerland’s 15-year-old e-voting system. Among countries in Europe, only Estonia has a similar online voting program, a Swiss official said. The effort amounts to a coming-of-age of Swiss e-voting, or online voting, systems: After over 200 trials and the rollout of e-voting already in 14 of Switzerland’s 26 cantons, authorities now believe they’ve developed “completely verifiable systems” that they hope to introduce for the first time this year.Full Article: Hackers flock to hunt for cracks in Swiss e-voting system - StarTribune.com.
Worries over election hacking have led officials in Europe and the U.S. to consider a return to hand-counting paper ballots. Switzerland, however, is moving in the opposite direction, toward absentee electronic voting. It’s a useful way of keeping turnouts from falling, and the systems can be made secure and reliable. Since the scare of 2016, when U.S. intelligence services asserted that malicious Russian actors came close to hacking electronic voting systems and even cracked some voter databases, at least one country – the Netherlands – went back to counting paper ballots by hand throughout the tabulation process, not just at local polling stations. Dozens of U.S. states used hand-counting either solely or for backup in the 2018 midterm elections, and the states that failed to do so were criticized for ignoring security. … Recent research shows that electronic voting doesn’t boost interest in elections by much. In Estonia, which introduced e-voting in 2005, more than 30 percent of the vote is now cast online but the total turnout has remained stable – and low. Yet studies have also shown that having e-voting as an option can arrest a decline in turnout: Easy absentee voting is habit-forming.Full Article: Election Hacking: Bucking the Trend, Swiss Rely on Online Voting - Bloomberg.
United Kingdom: Voter ID trials are dangerous. That’s why I’m taking the government to court | Neil Coughlan/The Guardian
On Wednesday, I received a date to attend the high court to fight against the government’s dangerous voter ID plans. This case is particularly significant for everyone who lives in my community because next May, for the first time ever, we will be asked to show identification in order to cast our vote at the local government election. Braintree district council, my local authority in Essex, is one of 10 boroughs across England taking part in the government’s pilot scheme, before it plans to roll out voter ID at the next general election. At first glance, these measures could appear reasonable, fair and innocuous. But on closer inspection, voter ID discriminates against people who are unable to provide identification with the ease that ministers, civil servants and most people take for granted – and naively think we all possess. As the Windrush scandal clearly demonstrated, many British citizens do not have official documentation, in fact, 3.5 million electors (7.5% of the electorate) do not have any photo ID.Full Article: Voter ID trials are dangerous. That’s why I’m taking the government to court | Neil Coughlan | Opinion | The Guardian.
An election in Moldova this month looks likely to produce a hung parliament, entrenching a split between pro-Western and pro-Russian forces at a time when concerns over corruption and democracy have soured its relations with the European Union. The EU forged a deal on closer trade and political ties with the tiny ex-Soviet republic in 2014 and showered it with aid but it has become increasingly critical of Chisinau’s track record on reforms. Sandwiched between EU member Romania and Ukraine, Moldova has been dogged by scandals and its pro-Western government has failed to lift low living standards, driving many voters towards the Socialists, who favour closer ties with Russia. Socialist leader Igor Dodon took the presidency in 2016. The presidency is not being contested in the February 24 election.Full Article: Election may keep Moldova in 'grey zone' between West and Russia | Reuters.
Serbian opposition parties said on Monday they had started to boycott parliamentary sessions in protest against what they see as the increasingly authoritarian rule of President Aleksandar Vucic and his ruling Serbian Progressive Party (SNS). Opposition parties and their backers accuse Vucic and the SNS of stifling media freedoms and carrying out attacks on political opponents and journalists in Serbia, a country seeking to join the European Union. They deny the accusations. The boycott move comes amid weekly protests by thousands of people that began in December and have spread from the capital Belgrade to a dozen other towns and cities. The protesters and opposition are also demanding Vucic’s resignation and snap elections.Full Article: Serbian opposition says to boycott parliament, demands snap election | Reuters.
Spain looks set for a snap general election — or slow agony for Pedro Sánchez. The Socialist prime minister had his 2019 budget plans rejected by parliament on Wednesday, prompting his office to say that on Friday he’ll announce if there will be an early ballot — which could be as soon as April. Catalan pro-independence lawmakers joined forces with the right-of-center opposition to defeat the budget proposal — paving the way for an electoral test that polls predict Sánchez will win but fall short of being able to put together a coalition. The news follows days of speculation about election dates, ranging from April 14 and 28 to May 26. The latter has already been dubbed “Super Sunday” because it would coincide with European, regional and local ballots.Full Article: Spain primed for early election after budget rejection – POLITICO.
Russian hackers are redoubling their efforts in the run-up to presidential elections in Ukraine, according to the head of Ukraine’s cyber-police. Serhii Demediuk said in an interview with The Associated Press that Russian-controlled digital saboteurs are stepping up attacks on the Central Elections Commission and its employees, trying to penetrate electronic systems in order to manipulate information about the March 31 election. “On the eve of the election and during the counting of votes there will be cyberattacks on certain objects of critical infrastructure. This applies to the work of the polling stations themselves, districts, and the CEC,” he said. “From what we are seeing, it will be manipulation aimed at distorting information about the results of elections, and calling the elections null or void,” Demediuk said.Full Article: Ukrainian official: Hacking intensifies as election nears | The Seattle Times.
“The online anarchy of election rules must end”: Věra Jourová, EU Commissioner for Justice, has good reasons to be nervous. From 23rd to 26th of May, all eyes will turn to Brussels as the next European elections will decide on the future trajectory almost half a billion EU citizens. But after the string of cyber attacks on elections from the USA to CEE countries Poland, Bulgaria, Latvia and the Czech Republic, it would be naive to assume that the EU elections would not be targeted. But is Brussels prepared? “With anti-Europeans on their way to winning more than one-third of seats in the next European Parliament, the stakes in the May 2019 election are unusually high”, warns a new report of the European Council of Foreign Relations published this month. The EU increasingly resembles a battleship drifting through a continent in crisis: Brexit looms over Europe, extreme right-wing and eurosceptic parties are mushrooming and political divisions seem to be digging its trenches deeper every week.Full Article: EU elections 2019: How vulnerable are we to cyber meddling? - 150sec.
The world’s internet infrastructure has no central authority. To keep it working, everyone needs to rely on everyone else. As a result, the global patchwork of undersea cables, satellites, and other technologies that connect the world often ignores the national borders on a map. To stay online, many countries must rely on equipment outside their own confines and control. Nation-states periodically attempt to exert greater authority over their own portions of the internet, which can lead to shutdowns. Last month, for example, the government of the Democratic Republic of Congo turned off its internet during a highly contested presidential election. Now Russia, too, wants to test whether it can disconnect itself from the rest of the world, local media reported last week. But Russia is much larger than the DRC, and it has significantly more sophisticated infrastructure. Cutting itself off would be an onerous task that could have myriad unintended consequences. If anything, the whole project illustrates just how entangled—and strong—the global internet has become. “What we have seen so far is that it tends to be much harder to turn off the internet, once you built a resilient internet infrastructure, than you’d think,” says Andrew Sullivan, CEO of Internet Society, a nonprofit that promotes the open development of the internet.Full Article: What Happens If Russia Cuts Itself Off From the Internet | WIRED.
Spain’s minority Socialist government plans to announce an early general election after its expected defeat in a budget vote on Wednesday following its refusal to negotiate Catalan self-determination, political sources said on Tuesday. Two small Catalan pro-independence parties, on whose votes the government has been relying to pass legislation, have so far maintained their blanket rejection of the budget. They said they were open to negotiate until the budget vote if the government promised them a dialogue on the right to self-determination, but that right is prohibited by the Spanish constitution.Full Article: Spanish PM to announce snap election soon after budget vote: sources | Reuters.
Bulgaria must be ready for malicious cyber attacks, Deputy Prime Minister Tomislav Donchev said on February 11, warning that there was no election process exempt from attempts to “hit” it. Election processes are within Donchev’s portfolio as deputy head of government. Bulgaria is scheduled to go to the polls twice in 2019, in European Parliament elections in May and mayoral and municipal elections in the autumn. Donchev’s comment came a day after Tsvetan Tsvetanov, parliamentary leader of Prime Minister Boiko Borissov’s centre-right GERB party, said that he was sure that Russia would try to interfere in Bulgaria’s elections this year.Full Article: Deputy PM: Bulgaria must be ready for malicious cyber attacks in elections.
Russian authorities and major internet providers are planning to disconnect the country from the internet as part of a planned experiment, Russian news agency RosBiznesKonsalting (RBK) reported last week. The reason for the experiment is to gather insight and provide feedback and modifications to a proposed law introduced in the Russian Parliament in December 2018. A first draft of the law mandated that Russian internet providers should ensure the independence of the Russian internet space (Runet) in the case of foreign aggression to disconnect the country from the rest of the internet.Full Article: Russia to disconnect from the internet as part of a planned test | ZDNet.
Spanish Prime Minister Pedro Sanchez’s budget plans are threatening to unravel amid reports that he’s considering calling a snap election for April. After his conservative rivals staged a show of strength by bringing tens of thousands of demonstrators onto the streets of Madrid, Efe news agency reported that Sanchez is considering calling elections for April 14. A press officer for the premier said the government is focused on getting its budget passed this week. Protesters in the heart of the Spanish capital on Sunday were demanding an election and accused the prime minister of being soft in talks with Catalan separatists. They waved Spanish flags and shouted “Long Live the Constitution, Long Live Spain.”Full Article: Spanish Premier Running Out of Options Amid Reports of Snap Vote - Bloomberg.
Democracy bases its legitimacy on the promise to adequately and appropriately represent the population. However, a look at Switzerland’s system reveals some shortcomings: women, young people, foreigners and the low-qualified are often absent from political institutions. Democratic rights don’t fall from the sky. They are the achievement of brave people who demanded and fought for political rights for themselves and for their fellow citizens. Such efforts fighting for equality were also seen in Switzerland. Almost 100 years ago, the social and political situation in the country was explosive, and many were dissatisfied with living and working conditions; factory workers, in particular, felt politicians had abandoned them.Full Article: Left behind and locked out of Swiss democracy - SWI swissinfo.ch.
Ukraine looks to have faced down both the Kremlin and the Organization for Security and Co-operation in Europe over the issue of Russian election observers at its presidential election in March. The OSCE was forced to change stance after Ukraine adamantly refused to accept Russian observers of the March 31 vote, and its parliament on Feb. 7 passed a law banning them from being accredited to the OSCE mission. The Russian Foreign Ministry announced a day later that Russia had decided not to send its observers to Ukraine. And the OSCE, while expressing regret over the Ukrainian authorities’ position, also backed down.Full Article: Ukraine wins fight to exclude Russian election observers | KyivPost.
A regime for “cyber sanctions” is taking shape — and it could already hit mischievous election hackers in May. The European Union is closing in on a procedure that would allow it to sanction foreign hacker groups when they target the upcoming EU election. A plan drafted by the EU’s diplomatic service has been presented to national cyber experts and will be forwarded to foreign affairs attachés later this month, three officials briefed on the plan told POLITICO, asking not to be named because of the sensitivity of the ongoing talks. The measures would not only allow EU countries to slap sanctions on hacker groups that succeed in intruding into IT systems, but also those attempting to get in, like the suspected Russian intelligence officers who allegedly plotted but failed to hack into the Hague-based Organisation for the Prohibition of Chemical Weapons last year, the officials said.Full Article: Europe hopes to fend off election hackers with ‘cyber sanctions’ – POLITICO.
Estonia is the first member state in the European Union that might be called Extremely Online. Over the past decade, the Baltic republic of 1.3 million people fully digitized its government services and medical data. More than 30 percent of Estonians voted online in the last elections, and most critical databases don’t have paper backups. To sleep a little better at night, the country has recruited volunteer hackers to respond to the kinds of electronic attacks that have flummoxed the U.S. and other countries in recent years. While many are civilians, these men and women, numbering in the low hundreds, have security clearances and the training to handle such attacks. Their sturdy, bearded commander, Andrus Padar, previously a military reservist and policeman, says the threat is taken as a given: “We have a neighbor that guarantees we will not have a boring life.”Full Article: A Russian Neighbor Has Cybersecurity Lessons for the Rest of Us - Bloomberg.