Experts put forward suggestions and recommendations at the second meeting of the e-election working group on Wednesday, commissioned by minister Kert Kingo (EKRE). Over the past month, committee members have submitted 30 suggestions for improvements. At the second meeting suggested proposals were put forward in three areas. Head of the working group Raul Rikk said that firstly more resources should be made available so that several independent auditors can check the processes of e-voting. He said this would increase their credibility in Estonia and around the world. The group is also proposing that the number of people involved in conducting and supervising elections should increase and to raise the number of independent observers at election counts. Rikk said this could be done, for example, by making it obligatory for a representative from each political party to attend the election counts. Experts could also be invited to follow the process or IT students could be encouraged to write reports. These changes would help to increase the number of people in society who have received training in the electoral process and understand the structure of the system, Rikk said.Full Article: E-voting workgroup recommends more audits and observers | news | ERR.
Articles about voting issues in Europe.
Finland’s National Bureau of Investigations (NBI) has joined forces with the National Cyber Security Centre (NCSC) to investigate a series of significant cyber attacks against state-run public services websites in the country in August. The most serious targeted attacks left the national police service and other public websites inaccessible to users. The NBI and the NCSC now plan to work more closely with public and private organisations to increase expertise and capability to better defend Finland’s critical IT infrastructure against cyber attacks. Hackers launched a sustained denial-of-service (DoS) assault on a number of popular public websites on 21 August that caused serious disruption to server functionality, connectivity and public services. The DoS strike was latest hostile cyber assault by hackers targeting high-profile public services websites in Finland. Previously, hackers had launched attacks against the City of Lahti’s municipal computer system and the IT system managing the official online results for the Finnish parliamentary elections in April.Full Article: Finland’s security agencies collaborate after cyber attacks.
Italy: The Five Star digital voting platform that could threaten a government deal in Italy | Franck Iovene/AFP
If Italy’s political parties can agree on a government deal, it would still need to clear a final hurdle: the online voting platform of the Five Star Movement (M5S), which has long championed so-called ‘digital democracy’.
The platform, named after the 18th-century French philosopher Jean-Jacques Rousseau, is supposed not only to empower ordinary citizens but guarantee transparency — but it has been slammed as secretive and vulnerable to cyber attacks. Launched in 2016, it currently has some 100,000 members, M5S chief Luigi Di Maio said in July. But critics have lamented a lack of official documentation or certification from a third party to attest that this figure is correct. The M5S’s blog says the number of people registered on “Rousseau” rose from 135,000 in October 2016 to nearly 150,000 in August 2017, before dropping to 100,000 a year later. But political analysts say it cannot be seen as representative of M5S supporters, as the membership numbers are a drop in the ocean compared to the 10.7 million Italians who voted for M5S in the 2018 general election.
Russia: Moscow’s blockchain-based internet voting system uses an encryption scheme that can be easily broken | Sugandha Lahoti/Security Boulevard
Russia is looking forward to its September 2019 elections for the representatives at the Parliament of the city (the Moscow City Douma). For the first time ever, Russia will use Internet voting in its elections. The internet-based system will use blockchain developed in-house by the Moscow Department of Information Technology. Since the news broke out, security experts have been quite skeptical about the overall applicability of blockchain to elections. Recently, a French security researcher Pierrick Gaudry has found a critical vulnerability in the encryption scheme used in the coding of the voting system. The scheme used was the ElGamal encryption, which is an asymmetric key encryption algorithm for public-key cryptography. Gaudry revealed that it can be broken in about 20 minutes using a standard personal computer and using only free software that is publicly available. The main problem, Gaudry says is in the choice of three cyclic groups of generators. These generators are multiplicative groups of finite fields of prime orders each of them being Sophie Germain primes. These prime fields are all less than 256-bit long and the 256×3 private key length is too little to guarantee strong security. Discrete logarithms in such a small setting can be computed in a matter of minutes, thus revealing the secret keys, and subsequently easily decrypting the encrypted data. Gaudry also showed that the implemented version of ElGamal worked in groups of even order, which means that it leaked a bit of the message. What an attacker can do with these encryption keys is currently unknown, since the voting system’s protocols weren’t yet available in English, so Gaudry couldn’t investigate further.Full Article: Moscow’s blockchain-based internet voting system uses an encryption scheme that can be easily broken - Security Boulevard.
Russia: Prominent journalist Alexey Venediktov has accused ‘Meduza’ of cheating to prove Moscow’s online voting system is hackable. He’s wrong. | Mikhail Zelenskiy/Meduza
This September’s elections for the Moscow City Duma have already gained renown for inspiring regular mass protests, but they are also remarkable for another reason: In three of the Russian capital’s districts, voters will be able to use an online system to select their new representatives. Moscow’s Information Technology Department held intrusion tests on GitHub in late July to verify the integrity of the system: Officials gave programmers several opportunities to attempt to decrypt mock voting data, and each round of data was subsequently published so that it could be compared to the results of those hacking attempts. On August 16, Meduza reported on French cryptographer Pierrick Gaudry’s successful attempt to break through the system’s encryption. To confirm that the encryption keys used in the system are too weak, we also implemented Gaudry’s program ourselves. City Hall officials responded to the successful hackings by refusing to post its private keys and data, thereby preventing outsiders from confirming that the system had indeed been hacked. Instead, Ekho Moskvy Editor-in-Chief Alexey Venediktov, who is also leading the citizens’ board responsible for the elections, accused Meduza of abusing the testing process. Here’s why he’s wrong.Full Article: Prominent journalist Alexey Venediktov has accused ‘Meduza’ of cheating to prove Moscow's online voting system is hackable. He's wrong. — Meduza.
The publicly-owned company Swiss Post, which had abandoned its electronic voting system in July over security concerns, has developed a new version. “We have already proposed a solution” to cantons, said general manager Roberto Cirillo in an interview published by the La Liberté newspaper on Friday. According to Cirillo, the company is in the process of defining the rules for testing the new system with cantons. He stressed that the new version will “contain universal verifiability”. At the beginning of July, Swiss Post abandoned its electronic voting system, which means it now cannot be used for the October federal parliamentary elections. The decision was made after subjecting the e-voting system to an intrusion test by thousands of hackers last spring. According to Swiss Post, they were unable to penetrate the electronic ballot box, but found serious errors in the source code, which had to be corrected. The cantons of Neuchâtel, Fribourg, Thurgau and Basel City had adopted this e-voting system, which only offered individual verifiability. Three of them already plan to demand compensation from Swiss Post for failure to deliver.Full Article: Swiss post rolls out more secure version of e-voting platform - SWI swissinfo.ch.
A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for the 2019 Moscow City Duma election. Pierrick Gaudry, an academic at Lorraine University and a researcher for INRIA, the French research institute for digital sciences, found that he could compute the voting system’s private keys based on its public keys. This private keys are used together with the public keys to encrypt user votes cast in the election. Gaudry blamed the issue on Russian officials using a variant of the ElGamal encryption scheme that used encryption key sizes that were too small to be secure. This meant that modern computers could break the encryption scheme within minutes. “It can be broken in about 20 minutes using a standard personal computer, and using only free software that is publicly available,” Gaudry said in a report published earlier this month. “Once these are known, any encrypted data can be decrypted as quickly as they are created,” he added.Full Article: Moscow's blockchain voting system cracked a month before election | ZDNet.
Belarus plans to use semitransparent ballot boxes and electronic voting in the future, Chairperson of the Central Election Commission (CEC) of Belarus Lidia Yermoshina said in an interview to the STV channel, BelTA has learned. “We are gradually introducing different standards. Some things we have not introduced yet are no longer used in other countries. For example, we have always been pressurized to use transparent ballot boxes everywhere. I can say that this is no longer in fashion. Moreover, it contradicts the international standards. Transparent ballot boxes do not secure the secret expression of voters’ will. Today’s trend is to use semitransparent boxes and apply e-voting. I believe we will be introducing this in the future,” Lidia Yermoshina said. Speaking about the rotation of the parliament, the CEC chair said that the head of state insists on some one third of MPs to stay for the second term. At the same time, the term of office for every MP should not exceed two terms in a row. “We support and select future candidates taking into consideration all the proportions,” she stressed.Full Article: Belarus to use semitransparent ballot boxes, e-voting.
Russia: Blockchain Voting System in Moscow Municipal Elections Vulnerable to Hacking: Research Report | Trevor Holman/CryptoNewsZ
A recent research report by a French cryptographer demonstrates that a blockchain voting framework utilized in Moscow’s municipal elections is susceptible to hacking. The researcher at the French government research establishment CNRS, Pierrick Gaudry, have examined the open code of the e-voting platform dependent on Ethereum in his paper. Gaudry inferred that the encryption plan utilized by a portion of the code is “totally insecure.” The research report titled, “Breaking the encryption scheme of the Moscow internet voting system” by Pierrick Gaudry, a researcher from CNRS, French governmental scientific institution had examined the encryption plan used to verify the open code of the Moscow city government’s Ethereum-based platform for e-voting. Gaudry concluded that the encryption scheme utilized by a portion of the code is entirely insecure by clarifying –
We will show in this note that the encryption scheme used in this part of the code is completely insecure. It can be broken in about 20 minutes using a standard personal computer and using only free software that is publicly available. More precisely, it is possible to compute the private keys from the public keys. Once these are known, any encrypted data can be decrypted as quickly as they are created.Full Article: Blockchain Voting System in Moscow Municipal Elections Vulnerable to Hacking: Research Report - CryptoNewsZ.
United Kingdom: Subcontractor’s track record under spotlight as London Mayoral e-counting costs spiral | Kat Hall/The Register
Concerns have been raised over a key supplier of an e-counting system for the London Mayoral elections in 2020. The contract, split between Canadaian integrator CGI and Venezuelan-owned Smartmatic, will cost nearly £9m – more than double the procurement cost of £4.1m for the system at the last election in 2016. During a July hearing about the 2020 elections at the London Assembly Oversight Committee, members heard that Smartmatic, which builds and sells electronic voting tech, had worked on the Scottish elections. However, the London Assembly has since confirmed to The Register that Smartmatic was not involved. The company was also recently blamed for a number of technical glitches in the Philippine elections. The London Assembly was told costs had increased because the new vote-counting system offered better functionality than the previous procurement.Full Article: Subcontractor's track record under spotlight as London Mayoral e-counting costs spiral • The Register.
The team of Ukrainian President Volodymyr Zelensky is working on a project that will allow Ukrainians to vote online during elections. “We have already ‘The Vote’ project,” Zelensky’s advisor Mykhailo Fedorov said in an interview to Liga.net. According to him, at the first stage, the platform will be used for surveys, thanks to which the president, prime minister and others will learn the real opinion of the population. The identification system in this project is implemented through Mobile ID, electronic signature, BankID. Fedorov assures Ukrainians will be able to vote online in elections in 2024.Full Article: Zelensky's team working on electronic voting in Ukraine - news politics | UNIAN.
The idea of e-voting in Switzerland has been a bold dream, but the future of the entire project is now in doubt. Sceptics seem to have won the day, at least for the moment. So what issues do experts have with it? We talk to two of them. Let us first remember what has happened. The federal government put out a proposal to use an e-voting system but opponents, in this case computer scientists, were sceptical and critical. There followed an emotional debate among politicians, civil servants and the computer scientists, leading to an informed decision. It was decided that the danger of vote manipulation is too great, for it runs the risk of breaking Switzerland’s political backbone of direct democracy. Democracy also means, however, that no decision is ever cast in stone.Full Article: These are the arguments that sank e-voting in Switzerland - SWI swissinfo.ch.
United Kingdom: Former Cambridge Analytica director, Brittany Kaiser, dumps more evidence of Brexit’s democratic trainwreck | Natasha Lomas/TechCrunch
A UK parliamentary committee has published new evidence fleshing out how membership data was passed from UKIP, a pro-Brexit political party, to Leave.EU, a Brexit supporting campaign active in the 2016 EU referendum — via the disgraced and now defunct data company, Cambridge Analytica. In evidence sessions last year, during the DCMS committee’s enquiry into online disinformation, it was told by both the former CEO of Cambridge Analytica, and the main financial backer of the Leave.EU campaign, the businessman Arron Banks, that Cambridge Analytica did no work for the Leave.EU campaign. Documents published today by the committee clearly contradict that narrative — revealing internal correspondence about the use of a UKIP dataset to create voter profiles to carry out “national microtargeting” for Leave.EU. They also show CA staff raising concerns about the legality of the plan to model UKIP data to enable Leave.EU to identify and target receptive voters with pro-Brexit messaging. The UK’s 2016 in-out EU referendum saw the voting public narrowing voting to leave — by 52:48.Full Article: Former Cambridge Analytica director, Brittany Kaiser, dumps more evidence of Brexit’s democratic trainwreck | TechCrunch.
One of the world’s most secure email services has been caught up in a sophisticated cyber attack aimed at investigative journalists and other experts who are probing Russian intelligence activities. Those targeted have used Swiss-based ProtonMailexternal link to share sensitive information related to their probes of Moscow’s military intelligence directorate, the GRU. Its agents have been accused of complicity in the downing of MH17 over Ukraine in 2014, and the attempted assassination of Sergei Skripal and his daughter last year in Britain. ProtonMail, which bills itself as the world’s most secure email platform, because of its cutting edge cryptography and protections against attack, became aware of the attempt to compromise its users on Wednesday. The company, founded in 2014 by a team of former scientists from the European particle research laboratory CERNexternal link, has been in touch with Swiss authorities to help shut down the web domains used to try to dupe its clients and has taken action to block phishing emails. Its own systems and servers have not been hit in any way, it emphasised.Full Article: Cyber attack hits email users probing Russian intelligence - SWI swissinfo.ch.
Russia: More than 1,000 people detained in Moscow amid clashes over city council election, monitor says | Anton Troianovski and Siobhán O’Grady/The Washington Post
Russian police in riot gear detained more than 1,000 protesters Saturday at a demonstration against the exclusion of opposition politicians from the ballot for an upcoming city council election, a monitoring group said, marking another flare of anti-government defiance a week after Moscow’s largest opposition rally in years. Police said around 3,500 people gathered near City Hall for the unauthorized protest organized by prominent opposition figure Alexei Navalny. Earlier this week, a Russian court sentenced Navalny to 30 days in jail for calling for the demonstration. A handful of other prominent opposition politicians also were arrested before the rally took place. OVD-Info, a monitoring group that tracks political arrests in Russia, said more than 1,000 people were detained during police sweeps Saturday. State-run news agencies, including Tass, also reported more than 1,000 detentions, citing police. In previous mass detentions, many people were released after being held for several hours. The Moscow police had earlier said they had made 295 arrests, the Associated Press reported, but did not offer a final number. Police also stormed a TV studio belonging to Navalny that was live-streaming the protests on YouTube, and arrested Vladimir Milono, who was in charge of the program. Navalny previously ran unsuccessfully for mayor of Moscow in 2013.Full Article: More than 1,000 people detained in Moscow amid clashes over city council election, monitor says - The Washington Post.
Ukraine: Poorly regulated and rich in reach: online technologies in Ukraine’s elections | Tetyana Bohdanova/Global Voices
On Sunday July 21, Ukrainian voters went to the polls to vote in a snap parliamentary election, called after President Volodymyr Zelensky, elected in March 2019, announced a controversial decision to dissolve the parliament during his inauguration. Online misinformation, cyber-attacks, and the overall threat of external interference in the election were not last minute concerns; these issues were raised several months before the election. Ultimately, the election passed without major disruptions; Zelensky’s Servant of the People party took a majority of seats in parliament. So while some of these concerns turned out to be unjustified, the role of the internet in Sunday’s elections was more important than ever; according to 2019 data from the country’s State Statistical Service, 26 million Ukrainians are online and at least half that number actively use social networks. Ukrainian social media users have always actively discussed political topics online; the 2014 Euromaidan protests were famously sparked by a single Facebook post. This year, which also included a presidential election in March, was no exception. According to analysis by Internews Ukraine and data analytics company Singularex, Sunday’s elections provoked a tsunami of activity on social networks, with election-related posts surging immediately after the announcement of the parliament’s dissolution.Full Article: Poorly regulated and rich in reach: online technologies in Ukraine’s elections · Global Voices.
United Kingdom: Cost of vote counting in London elections set to double | Jessie Mathewson/East London and West Essex Guardian
The Greater London Authority (GLA) has used e-counting since its first election in 2000. But critics have branded the new contract for the London Assembly and mayoral elections “the biggest waste of money at City Hall since the Garden Bridge”. GLA officials say the new contract will ensure better cyber-security and allow more testing ahead of the count, after a technical glitch delayed results in 2016. Speaking at a meeting of the GLA Oversight committee last week, Greater London’s deputy returning officer Alex Conway said the new contract was within budget. He said: “The money is sort of not the point – the point is to run a successful election.” But Pascal Crowe, democracy officer for scrutiny group Open Rights, said the GLA should release details of how it chose the winning bid. He said: “Given that the cost of the contract has more than doubled, taxpayers will want to know that their money is being spent wisely.” “This must be the biggest waste of money at City Hall since the Garden Bridge.”Full Article: Cost of vote counting in London elections set to double | East London and West Essex Guardian Series.
Ukraine: Monitors declare election fair but with campaign violations | Igor Kossov, Teah Pelechaty and Bermet Talant/KyivPost
Ukrainian and international election observers have announced that the July 21 parliamentary election was held in a fair and competitive manner. “No systemic violations that could affect the vote result or the counting process were recorded,” said Olga Aivazovska, head of Ukrainian election watchdog Opora, at a press briefing on July 22, adding that there were many procedural violations, however. “Being able to conduct three elections in a four-month period, and at the same time engage in the defense of a country against a foreign aggressor that has invaded Ukraine, is an extraordinary feat,” said Stephen Nix, Eurasia Director at the International Republican Institute. According to a preliminary count, President Volodymyr Zelensky’s party, Servant of the People, won the party vote and the majority of single-member districts. It is followed by Opposition Platform — For Life, former President Petro Poroshenko’s European Solidarity, former Prime Minister Yulia Tymoshenko’s Batkivshchyna, and rock musician Svyatoslav Vakarchuk’s Voice. This results were largely confirmed by Opora’s parallel vote count. The official count continues.Full Article: Monitors declare election fair but with campaign violations | KyivPost - Ukraine's Global Voice.
Russia: Protests return to Moscow as opposition candidates are banned from a crucial election | Vladimir Kara-Murza/The Washington Post
More than 20,000 Muscovites gathered Saturday on Andrei Sakharov Avenue — the site of the mass anti-Putin protests in 2011 — to demand that the authorities rescind their ban on opposition candidates participating in a crucial Moscow election. “We do not exist for them, they only notice us when it’s time to pay taxes,” Alexei Navalny, Russia’s most prominent anticorruption activist, told the rally. “From now on, there will be no taxation without representation. … I am proposing a peaceful public compromise: either you register every candidate, or next Saturday we will gather for a rally at Moscow City Hall!” The election for the Moscow City Duma — the legislative body that passes laws and adopts the budget for Russia’s 12-million-strong capital and its most important political center — will be held on Sept. 8. But the most consequential fraud has already been committed. Last week, Moscow’s electoral commissions — bodies that are supposed to act as impartial arbiters in administering elections but are in reality the first line of defense for the incumbent government — disqualified nearly all viable opposition candidates from the ballot. For weeks, some of Moscow’s (and Russia’s) best-known democracy activists — including Dmitri Gudkov, once the lone opposition voice in the country’s parliament; Ilya Yashin, a colleague of the late opposition leader Boris Nemtsov who was recently elected to lead one of the city’s municipal districts; and Lyubov Sobol, the lead lawyer at Navalny’s Anticorruption Foundation — raced to meet an impossible threshold: collect some 5,000 signatures each to get on the ballot. The task was made more formidable not only by logistical challenges in the midst of the vacation season, but also because each signature on the petition means volunteering one’s personal information for the government’s database of opposition supporters.Full Article: Protests return to Moscow as opposition candidates are banned from a crucial election - The Washington Post.
Lithuania: Meet the Elves, Lithuania’s digital citizen army confronting Russian trolls | Kim Sengupta/The Independent
When the dark acts of the trolls became particularly harmful, the Elves felt they had no choice but to get together and fight back, and the fierce battle which then began has since been waged with no sign of ending. Industrial-scale spreading of disinformation; manipulating elections; undermining democratic institutions; orchestrating racial and sectarian strife have become potent weapons of modern hybrid warfare. Lithuania is along the frontline in this conflict between Russia and the west. The European Union’s Cyber Rapid Response Force has its headquarters in the country and the region, with the other Baltic states, is a focal point for Nato strategy. Thus, it is not surprising that it was in Lithuania that the citizens’ online army of the elves started five years ago to take on the Russian trolls. It now has an international force of thousands of volunteers. The vast majority of them are based down the length of Russia’s border from the Nordic states to Armenia. But there is also rising interest from countries in the west, including Britain, as the arena of the internet warriors continues to spread.Full Article: Meet the Elves, Lithuania’s digital citizen army confronting Russian trolls | The Independent.