National: Is Secure Online Voting Too Good To Be True? (For Voatz, It Might Be) | Chitra Ragavan/Swaay

When Amelia Powers Gardner won political office as county clerk and auditor in Utah County, Utah, in January 2019, she was determined to fix what she viewed as the county’s archaic and dysfunctional voting mechanisms. Around that same time, nearly 800 miles northwest, Christine Walker, the long-time county clerk in Jackson County, Oregon, had been deploying various hardware and software products to revamp her county’s voting technology and processes with little success. She was ready for something new.  Walker and Gardner don’t know each other. But when they each learned about a small Boston-based tech startup, called Voatz, that had built the first mobile voting app and platform secured by blockchain technology, they were immediately intrigued. And upon discovering that West Virginia and Colorado were already testing the app for absentee military voters overseas, the two election leaders were even more eager to put their counties on the map as trailblazers in online voting.  “I like to be the person that’s kind of setting the pace, not just following along,” says Walker, who prides herself on her tech-savvy leadership. Gardner, a former Caterpillar executive, automotive technologist, and business efficiency expert, is similarly technologically inclined. Noble intentions aside, Walker and Gardner’s vote of confidence in Voatz may be misplaced, say members of the cybersecurity community who have repeatedly warned the U.S. government that the app is vulnerable to hacking. These experts, along with several members of Congress, have criticized Voatz for its failures in transparency, lack of accountability, and refusal to release its source code so that it can be better tested for security flaws.

Full Article: Is Secure Online Voting Too Good To Be True? (For This Company, It Might Be)

Philippines: Biometric election solution providers pitch on remote online voting systems | Heart Castañeda/Manila News

Biometric technology providers Voatz and Smartmatic will pitch their remote online voting systems as two of four companies being considered by the Philippines government in a four-day set of consultations, the Philippine Canadian Inquirer reports. Meetings between the Office for Overseas Voting (OFOV), the Commission on Elections (Comelec), and the four companies, which also include Dominion Voting Systems and Indra, are expected to wrap up this week. “The purpose of the consultation is to be able to gather enough information on online voting that can be presented to Congress for its consideration,” Comelec spokesperson James Jimenez said, according to the Inquirer. “If and when such a system is eventually put into action depends on Congress.” Jimenez also said the solutions may not be in place for the upcoming elections in 2022. The Philippines began automating its election system in 2010, and utilized vote counting machines in 2019.

Full Article: Biometric election solution providers pitch Philippines on remote online voting systems – Manila News

Utah: Cast your next vote by phone? Lawmakers approve pilot proposal | Art Raymond/Deseret News

Even as the tumult surrounding 2020 election processes and results continues, Utah lawmakers are looking ahead to potential new ways to help residents easily and securely engage their civic voting duties. An interim legislative committee this week advanced a proposal from Rep. Mike Winder aiming to expand opportunities for Utah cities interested in testing new, internet-based systems that allow voters to cast their ballots via smartphone. … Committee member Rep. Suzanne Harrison, D-Draper, said she was concerned about public reports from cybersecurity experts critical of internet-based voting systems and, in particular, the Voatz system that’s been in use by Utah County. “There have been a host of articles highlighting the concerns with electronic voting and even specific critiques of the Voatz app that Utah County has been using,” Harrison said. “MIT came out with a research paper … also Homeland Security itself had concerns. There’s too many cybertechnology experts that say it’s impossible to secure these devices and these apps and that the technology is just not where it needs to be to expand these projects.”

Full Article: Cast your next vote by phone? Utah lawmakers approve pilot proposal – Deseret News

National: A ruling against expanding online voting is a win for cybersecurity advocates | Joseph Marks/The Washington Post

A federal judge yesterd
ay dismissed a lawsuit that sought to dramatically expand online voting by military service members and other citizens living overseas, halting an effort that critics say could have made the election far more vulnerable to hacking.The overseas voters who brought the suit hail from seven states and said they fear restrictions and slowdowns between the U.S. Postal Service and the postal services where they live raise dangers their ballots won’t arrive in time to be counted. They wanted an option of submitting the ballots as PDF attachments to emails or using a secure fax system managed by the Defense Department. Similar voting methods are available to overseas voters from 30 other states. The ruling underscores how efforts to make voting easier during the pandemic can sometimes clash with efforts to protect the election against foreign interference.

National: There’s so much unjustified hype and hope about online voting | Susan Greenhalgh and Michael Fernandez/The Fulcrum

The coronavirus pandemic has upended everyone and everything, creating a new normal: living over the internet. Members of the House who fear the health risks of coming to the Capitol have even been permitted to transmit electronically their votes for legislation. But this shouldn’t be seen as any green light for states to consider online voting in our elections. Unlike Congress, which has insisted that transparency be central to its first-ever foray into proxy voting, the American electoral system relies on the citizens’ choices remaining secret. A ballot cast over the internet could be undetectably manipulated by hackers. House members’ remote votes are public record, delivered in writing and then announced verbally during each roll call, so any attempted hacking would be easily exposed. To keep voters safe during the Covid-19 outbreak, many states are making it easier to vote by mail and thereby avoid close contact at polling places. Their plans must also include adequate accommodations for disabled voters, But any proposal that we move to online voting is contrary to the evidence. Architects of the internet and cybersecurity warn that online voting is still inherently insecure.

National: Cybersecurity Experts Caution Against Calls to Expand Online Voting | Aila Slisco/Newsweek

Calls for an expansion of online voting are being met with concern from cybersecurity experts who caution that votes could be easily manipulated if the practice is widely adopted. West Virginia Secretary of State Mac Warner has recently called for states to expand online voting for overseas military members and people with disabilities that prevent them from voting in person without assistance. West Virginia is one of several states that allow online and mobile voting for overseas military and this year expanded the practice to include disabled people, with 180 voting in a pilot program during the June primary, including 25 disabled people. In 2018, the state was the first to offer voting using a mobile app for service members, with 144 using the technology to vote in that year’s general election, according to a report from the Military Times. In Georgia’s DeKalb County, lawmakers last month called for online voting to become available for all voters throughout the state, according to The Champion. Similar calls have been made by officials and advocates in other states, along with prominent figures like former presidential candidate Andrew Yang, who tweeted about the issue last week. However, cybersecurity experts caution that online voting could present major threats to the integrity of elections since ballots transmitted online are especially vulnerable to attacks from hackers. Limited online voting has been experimented with for years in the U.S., and used on a larger scale in a handful of other countries, but experts say that vulnerabilities are inevitably found in systems when they are examined closely.

West Virginia: West Virginia officials want other states to adopt online voting for deployed troops | Zach England/Military Times

West Virginia was the first state to allow a mobile voting app option for military members — and officials there are hoping others will follow. In 2018, the state offered overseas and military voters the option of using a mobile phone or tablet to vote in an election. In the general election that year, 144 voters stationed in 31 different countries were able to vote using the technology. The mobile voting app was the result of West Virginia Secretary of State Mac Warner’s interest in breaking down barriers preventing servicemembers from easy access to the polls. During almost three decades in the Army, Warner experienced the difficulties of voting overseas. Roughly 200,000 Americans are deployed overseas and in 2016, less than 20 percent of active duty troops voted, Warner said in an op-ed submission earlier this month. “The less than 20% figure weighs on me heavily,” he wrote. “This is an appalling statistic, and one that should be personally offensive to every American. The current COVID-19 pandemic should serve as the catalyst to leverage technology to correct the disenfranchisement of the men and women who put their lives on the line to protect our democracy.”

National: DNC’s email voting plan limits hacking risk but can’t eliminate it | Joseph Marks/The Washington Post

The Democratic National Committee’s virtual convention next month will mark a major test for whether Internet-based voting can be done safely and securely. The DNC, which is moving its convention online because of the coronavirus pandemic, released a plan Friday for delegates to vote by email for the Democratic presidential nominee and planks in the party’s platform. Internet voting presents far fewer risks in this case than it would during a regular election because delegates’ ballots aren’t secret. That means they can verify their votes weren’t altered either by hackers or technological snafus and correct any errors after the fact. There’s also no drama about the outcome of the most important vote because former vice president Joe Biden has basically already secured the Democratic nomination. But it still presents numerous opportunities for hackers from Russia or elsewhere to disrupt the voting process, sow confusion about results or use disinformation operations to spread conspiracy theories or gin up hostilities between rival camps supporting Biden and Sen. Bernie Sanders (I-Vt.). And any disruption is likely to spark painful memories of 2016 when information Russia hacked and leaked from the DNC helped wreak havoc on Hillary Clinton’s campaign. That means the DNC must be hyper-prepared to knock back any allegations of digital interference or rapidly respond to attacks even as it runs a convention unlike any in history.

Texas: Judge denies Harris County request to allow email voting for those infected with COVID-19 | Zach Despart/Houston Chronicle

A state district judge on Friday denied a request by Harris County Clerk Christopher Hollins to allow thousands of voters who recently tested positive for coronavirus, and now are quarantined, to vote online in the primary runoff election. The novel voting method never has been used in Harris County, but was permitted for the small-scale North Texas Ebola outbreak in 2014. Judge Larry Weiman, however, said he shared concerns raised by the Harris County Republican Party that online voting was not secure. Weiman, a Democrat, also said at the emergency telephone hearing that the county clerk had not produced an example of a voter being disenfranchised by exposure to coronavirus. “The plaintiff hasn’t shown any injured party,” Weiman said. Hollins sought to allow the estimated 10,000 residents who have tested positive for COVID-19 after the July 2 deadline to apply for a mail ballot. Forcing infected residents to vote in person would put “thousands of other voters at risk,” County Attorney Vince Ryan wrote in the clerk’s court filing.

Malaysia: Government looking into internet voting, Law Minister says | The Straits Times

The Malaysian government is engaging various stakeholders to look into the feasibility of introducing e-voting for the next general election, says Minister in the Prime Minister’s Department Takiyuddin Hassan. Datuk Takiyuddin, who is the de-facto Law Minister, said electronic voting would involve several issues pertaining to data confidentiality, security, cost and voter education. He said the Election Commission (EC) is still not satisfied with the confidentiality and security issues involving e-voting. “Therefore, the EC will continue to engage with the relevant quarters before any decision is put forward to the government,” he said during question time in Parliament on Thursday (July 16). The issue of e-voting has been raised amid talk that the four-month old Perikatan Nasional (PN) government might call for snap elections amid the coronavirus pandemic. The 15th general election isn’t due until 2023 but might be called soon due to the thin parliamentary majority held by PN.

Lithuania: Central Electoral Commission may not be able to roll out e-voting in time for general election | The Baltic Times

Lithuania’s Central Electoral Commission (CEC) will draw a plan on the rollout of online voting for the Lithuanians living abroad but the panel’s chair, Laura Matjosaityte, doubts that it will be implemented in time for the upcoming general election. “We have discussed legal regulation pertaining to the legalization of online voting for those who cast their ballots abroad in cases where diplomatic representations cannot organize live voting, also for those who are in self-isolation, and we all have agreed that there is very little time for getting ready for high quality solutions,” she told BNS. The Commission on Thursday organized a discussion on possibilities to create an online voting system, as established in the legislative amendments recently passed by the Seimas, in time for the upcoming general election. Participants of the discussion included representatives of the president’s office, the office of the government, the ministry of justice and the cyber security center. According to Matjosaityte, it is difficult to tell whether it may still be possible to roll out online voting in time for the election in October.

Georgia: DeKalb Commissioner Cochran-Johnson sponsors bill to expand to online voting | Roz Edward/Atlanta Daily World

As voting irregularities ranging from technical issues to poorly trained staff emerge across Georgia following the June primary elections, Commissioner Lorraine Cochran-Johnson has presented a resolution requesting the Georgia General Assembly research and expand voting options to include online capabilities. The resolution presented by the Governing Authority of DeKalb County requests the General Assembly to establish online voting to create a more secure, convenient and accessible opportunity for citizens to exercise a fundamental principle of American democracy. Through the establishment of online voting, the State of Georgia, counties and local municipalities will be able to reduce the financial burden associated with staffing various elections.

Canada: ‘I don’t think it should be used’: Northwest Territories legislators hear expert’s concerns on online voting | Hilary Bird/CBC

When election officials in the Northwest Territories announced last year that the territory would be the first jurisdiction to use online voting in any provincial or territorial election, there was some public excitement. But that excitement quickly became overshadowed by warnings from cybersecurity experts who claimed the online voting systems of the day just weren’t secure enough to be used in an election. Regardless of those concerns, Elections NWT went ahead with its online voting plans and in the October 2019 election, 3.7 per cent of voters in the N.W.T. used the Montreal-based Simply Voting online platform to cast their ballot. The controversy surrounding the N.W.T. ‘s use of online voting is back in the public realm this month as a committee of MLAs is spending several days studying the process to see if it should be used in future elections. In her report to the N.W.T. Legislature on last year’s election, the territory’s chief electoral officer Nicole Latour is recommending thevernment amend the N.W.T. Elections and Plebiscites Act so that she can develop a set of procedures so that online voting can be a permanent part of future territorial elections. But in a presentation to the standing committee on rules and procedures Tuesday, one of the world’s leading election cyber security experts Aleksander Essex recommended the opposite.

Australia: Electoral legislation amendments leave door open to internet voting | Asha Barbaschow/ZDNet

Australia’s Electoral Legislation Amendment (Miscellaneous Measures) Bill 2020 is currently before the House of Representatives Electoral Matters Committee to review the changes put forward by Minister for Finance Mathias Cormann. The changes within the Bill [PDF] would amend the Commonwealth Electoral Act to modify electoral donation and disclosure laws and “address anomalies” in entity registration and public election funding rules; as well as the intention to improve electoral processes, electoral administration, vote issuing procedures, and improve workforce flexibility for the Australian Electoral Commission (AEC). But as cryptographer Dr Vanessa Teague highlighted late Monday, by way of introducing the capability to expand electronically assisted voting methods to Australians working in Antarctica, the Bill somewhat forces the AEC to accept internet voting. While legislation currently allows for electronic voting to be performed by those with vision impairment, the Bill seeks to replace the phrase “sight-impaired people to vote by an electronically assisted voting method” with “an electronically assisted voting method to be used by sight-impaired people to vote”.

Voting Blogs: Russia scales up e-voting for key referendum – but misses security issues | Alex Hardy/openDemocracy

The delayed Russian referendum on constitutional reform goes ahead this week as the country emerges from many of the quarantine measures imposed over the past few months to control the spread of the Covid-19 virus. The referendum is being held to amend the Russian constitution, and was unveiled in January. The proposed changes most notably mean that President Putin can legally remain in power until 2036 by making him eligible to stand in a further two Presidential elections, should he wish to do so. Holding a referendum for these changes is not required by law. Such amendments can and have now been authorised by Russia’s regional legislative assemblies. However, the referendum is seen as a show of public legitimacy for these changes. As such, it is important for the authorities that the turnout is seen to be suitably high. Divided opposition movements have been in debate as to whether or not the vote should be boycotted. Meanwhile, the move towards online voting has been presented by the authorities as a move to protect public safety during the Covid-19 pandemic but it also represents an opportunity for the Kremlin to encourage higher voter turnout.

National: Security Flaws in US Online Voting System Raises Alarm Over Potential Vote Manipulation | Byron Muhlberg/CPO Magazine

As the 2020 US presidential election draws nearer, concern is beginning to mount over the potential threat of vote manipulation. Alarm over vote manipulation was once again raised after OmniBallot, an online voting system, was found to be riddled with a host of security risks according to the findings of a recent research paper by Massachusetts Institute of Technology (MIT) and the University of Michigan computer scientists. The research paper, which hit the press on June 7, revealed that OmniBallot’s designer Democracy Live leaves the ballots that it processes susceptible to vote manipulation. What’s more, the researchers found that Democracy Live actively collects sensitive voter information and does not ensure adequate protection of the information while online. As a result, according to the paper, the online voting system runs the risk of providing easy pickings for sophisticated cybercriminals—especially those using ransomware—one that is only exacerbated by the fact that no technology currently exists to mitigate the risks in question.

National: Why You Can’t Just Vote on Your Phone During the Pandemic | Sue Halpern/The New Yorker

When Alex Howard, a resident of Washington, D.C., failed to receive an absentee ballot for the city’s June 2nd primary, he assumed that he would have to vote in person. Then, by chance, on the day of the election, he saw a Twitter post alerting voters of the option to vote remotely over the Internet. Howard, a digital-governance expert at Demand Progress, an advocacy group for good governance, decided to give it a try. “I’m a poker and a prodder and a professional evaluator of government I.T. programs,” he told me. “I like to see how things work.” He was directed to a Web site typically reserved for members of the military, which sent him to a site where he confirmed his date of birth and address. He then logged on to another site to vote. A few minutes later, he e-mailed his completed ballot to the Board of Elections. “There were people who stood in line for hours and hours to vote, and here I was, voting at home on my laptop,” he said. “It was really good for my family from a health standpoint, but whether it’s a good idea at scale—I don’t think so.” He is still waiting to hear if his ballot was received.

Delaware: Election Commission Quietly Fielded An Online Voting System, But Now Is Backing Away | Sophia Schmidt/NPR

Delaware briefly deployed a controversial internet voting system recently but scrapped it amid concerns about security and public confidence. Before the online option was shuttered, voters returned more than 2,700 ballots electronically — and those votes still will be counted, according to the state, along with conventional votes in the upcoming July primary. Delaware Election Commissioner Anthony Albence said the decision to stop using the cloud-based return option was made to protect public perception of the election. “We have had no problems with the system,” said Albence. “We have confidence in the system, but we want everyone to be fully confident in anything that we do.” The coronavirus pandemic has sent election officials nationwide scrambling for creative solutions to voting problems this year, but it’s becoming clear that there remains very little appetite for new internet voting platforms as part of that conversation. After NPR reported in April that three states were moving toward statewide pilot programs to allow voters with disabilities to return their ballots over the internet, two of those states have since backed away from those plans after intense criticism from the cybersecurity community.

Delaware: Election officials back out of mobile voting weeks before primary | Benjamin Freed/StateScoop

Delaware election officials backed off a plan to offer an online ballot-return method to voters in its primary next month, citing a recent report from security experts that found that the platform being used is vulnerable to hacking that could expose or manipulate how a person’s ballot was cast without being detected by either voters or the vote counters. The platform, OmniBallot, allows election administrators to send ballots to hard-to-reach voters, like deployed military members, civilians living abroad and voters with disabilities, giving them the option to return their completed ballots through a variety of methods, including postal mail, email and fax. But Delaware was also one of a handful of states that planned to test out OmniBallot’s ability to transmit ballots online, which raised concern with some election security analysts who argue that the internet is a dangerous venue for voting. In a June 7 paper, J. Alex Halderman, a computer scientist at the University of Michigan, and Michael Specter, a doctoral student at the Massachusetts Institute of Technology, wrote that OmniBallot “is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers” who can compromise software made by OmniBallot’s developer, Democracy Live.

Voting Blogs: New Jersey agrees No Internet voting in July, vague about November | Andrew Appel/Freedom to Tinker

A formal settlement agreement has been submitted to the NJ Superior Court regarding online ballot access in the 2020 elections. On May 4, 2020,  New Jersey’s Division of Elections was caught trying to adopt vote-by-Internet on the stealth, even though the law forbids it.  That is, not only is Internet voting inherently insecurable, there’s a 2010 Court Order still in effect that says, “computers utilized for election-related duties shall at no time be connected to the Internet.”  That’s based on the New Jersey Superior Court’s finding that “As long as computers, dedicated to handling election matters, are connected to the Internet, the safety and security of our voting systems are in jeopardy,” in the case of Gusciora v. Corzine. Penny Venetis, attorney for the Gusciora plaintiffs, filed a motion (in early May) with the Court, to make the State abandon its plans for online voting, on the basis that receiving ballots e-mailed or uploaded on the Internet clearly violates this order.  The Court ordered the parties to reach a settlement by June 8, or report their separate positions.

National: Why Can’t People Vote Online? Election Security Analysts Weigh In | Chris Iovenko/Observer

The coronavirus pandemic has radically changed the way we live; it is also upending the way we vote. Traditional polling stations, which often have long lines and use crowded indoor spaces and shared voting equipment, pose substantial risks for spreading the disease. Unless there is a massive switch to remote voting, the predicted second wave of COVID-19 this fall could be catastrophically escalated by large in-person turnouts at polling stations. And in turn, efforts to prevent increased infections can be used as an excuse for targeted, discriminatory curtailment of in-person voting, with the outrageous events in Georgia’s primary election on Tuesday a clear example of the potential derailment of democracy. Currently, the most common way to vote remotely is by mail. It’s a proven, convenient, and safe technique; in the 2016 election,  1 in 4 Americans voted by mail. However, President Donald Trump (who himself votes by mail) and his allies have falsely attacked vote-by-mail as wide-open to fraud and an attempt by Democrats to steal the election. The Republican National Committee has launched a lawsuit in California contesting expansion of vote-by-mail and in states controlled by Republicans obstacles to voting by mail will likely be greater than those faced by voters in other states.

National: Cybersecurity Concerns with Online Voting for 2020 Presidential Election | 2020-06-11 | Security Magazine

A new report by researchers at the Massachusetts Institute of Technology (MIT) and University of Michigan discusses the cybersecurity vulnerabilities associated with OmniBallot, a we-based system for blank ballot delivery, ballot marking and (optionally) online voting. Three states – Delaware, West Virginia and New Jersey – recently announced they would allow certain voters to cast votes using OmniBallot. Researcher Michael A. Specter at MIT and J. Alex Halderman at the University of Michigan reverse engineered the client-side e portion of OmniBallot, as used in Delaware, in order to detail the system’s operation and analyze its security. “We find that OmniBallot uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare,” the researchers explain. In addition, Democracy Live, which appears to have no privacy policy, receives sensitive personally identifiable information— including the voter’s identity, ballot selections, and browser fingerprint— that could be used to target political ads or disinformation campaigns, the report says.

National: Researchers say online voting tech used in 5 states is fatally flawed | Timothy B. Lee/Ars Technica

OmniBallot is election software that is used by dozens of jurisdictions in the United States. In addition to delivering ballots and helping voters mark them, it includes an option for online voting. At least three states—West Virginia, Delaware, and New Jersey—have used the technology or are planning to do so in an upcoming election. Four local jurisdictions in Oregon and Washington state use the online voting feature as well. But new research from a pair of computer scientists, MIT’s Michael Specter and the University of Michigan’s Alex Halderman, finds that the software has inadequate security protections, creating a serious risk to election integrity. Democracy Live, the company behind OmniBallot, defended its software in an email response to Ars Technica. “The report did not find any technical vulnerabilities in OmniBallot,” wrote Democracy Live CEO Bryan Finney. This is true in a sense—the researchers didn’t find any major bugs in the OmniBallot code. But it also misses the point of their analysis. The security of software not only depends on the software itself but also on the security of the environment on which the system runs. For example, it’s impossible to keep voting software secure if it runs on a computer infected with malware. And millions of PCs in the United States are infected with malware.

National: Some states have embraced online voting. It’s a huge risk. | Eric Geller/Politico

Some West Virginians voting in Tuesday’s primary will be allowed to tap on their phones or laptops instead of heading to the polls. Some in Delaware will get to do the same next month. And the trend may spread into November, as the coronavirus pandemic inspires a search for voting methods that don’t expose people to the deadly disease. But moving elections to the internet poses huge risks that the United States is unprepared to handle — endangering voters’ privacy, the secrecy of the ballot and even the trustworthiness of the results. The problems: The internet is riddled with security flaws that hackers can exploit. So are voters’ computers, smartphones and tablets. And the U.S. has never developed a centralized digital identity system like the one in Estonia, a tiny, digitally savvy nation that has held its elections online since 2005. “Securing the return of voted ballots via the internet while ensuring ballot integrity and maintaining voter privacy is difficult, if not impossible, at this time,” four federal agencies, including the Department of Homeland Security’s cybersecurity arm and the FBI, warned in a bulletin last month. They called it far riskier than mail-in voting, the technology that has drawn the bulk of the political debate during the pandemic. On Sunday, researchers at the Massachusetts Institute of Technology and the University of Michigan revealed numerous security flaws in the product that West Virginia and Delaware are using, saying it “represents a severe risk to election security and could allow attackers to alter election results without detection.”

National: Democracy Live Internet Voting System Can Be Hacked, Researchers Warn | Lucas Ropek /Government Technology

An online voting platform that has seen recent adoption by numerous state and county governments has vulnerabilities that could be exploited to change votes without the knowledge of election officials, a new report alleges. The OmniBallot, which is a product of Seattle-based tech firm Democracy Live, purports to offer “secure, accessible remote balloting for all voters” and is being used by state or county governments in Oregon, Washington, Colorado, Ohio, Florida, New Jersey and West Virginia. The company developed a number of contracts for limited Internet voting pilot programs with states earlier this year, after COVID-19 threatened to disrupt primary elections nationwide. These programs are fairly limited in scope and largely focus on overseas voters and the disabled. However, computer science researchers say what the company really offers is an insecure platform. The recently published report from professors Michael J. Specter, of MIT, and J. Alex Halderman, of the University of Michigan, states that the company “uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare [its partners].”

Editorials: Will Vote-by-App Ever Be Safe? | Scott White/Dark Reading

Even with strong security measures, Internet voting is still vulnerable to abuse from state-sponsored actors and malicious insiders. The push for online voting has been happening for years, but now that a major pandemic has hit the US, there is more incentive than ever for states and counties to try out online and mobile voting services. This summer, Delaware and West Virginia will allow online voting in their primaries, and New Jersey is also testing it in a municipal election. The Utah GOP recently used mobile voting in a virtual state convention. Other states and counties are likely to follow. These solutions are far from perfect; to call them “experimental” is putting it nicely. Most of the current providers are new companies with relatively small development teams. Multiple researchers like MIT and Trail of Bits have found vulnerabilities in the voting app created by Voatz. It’s also concerning that the app developer appears to be antagonistic to the security community about such vulnerability research. And let’s not forget what happened to Shadow Inc.’s IowaReporterApp during the Iowa Democratic presidential caucus this past February. The inherent vulnerability of app-based voting is a serious cause for concern, but governments and political parties are likely to pursue them anyway. So, let’s take a closer look at where the problems are.

Voting Blogs: Democracy Live internet voting: unsurprisingly insecure, and surprisingly insecure | Andrew Appel/Freedom to Tinker

The OmniBallot internet voting system from Democracy Live finds surprising new ways to be insecure, in addition to the usual (severe, fatal) insecurities common to all internet voting systems. There’s a very clear scientific consensus that “the Internet should not be used for the return of marked ballots” because “no known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.” That’s from the National Academies 2018 consensus study report, consistent with May 2020 recommendations from the U.S. EAC/NIST/FBI/CISA. So it is no surprise that this internet voting system (Washington D.C., 2010) is insecure , and this one (Estonia 2014) is insecure, and that internet voting system is insecure (Australia 2015) , and this one (Sctyl, Switzerland 2019), and that one (Voatz, West Virginia 2020) A new report by Michael Specter (MIT) and Alex Halderman (U. of Michigan) demonstrates that the OmniBallot internet voting system from Democracy Live is fatally insecure. That by itself is not surprising, as “no known technology” could make it secure. What’s surprising is all the unexpected insecurities that Democracy Live crammed into OmniBallot–and the way that Democracy Live skims so much of the voter’s private information.

Russia: Moscow Said to Hire Kaspersky to Build Voting Blockchain With Bitfury Software | Anna Baydakova/CoinDesk

Voting and blockchain have been a controversial couple but Moscow appears determined to use the technology for a national referendum involving President Vladimir Putin. Russia will vote on changing its constitution, adopted in 1993, on July 1. The main issue to be decided is whether to allow Russia’s president to stay in power for more than the current limit of two consecutive six-year terms. Most of the nation will use traditional paper ballots, but residents of Moscow and the Nizhny Novgorod region will have the option of casting their votes electronically and, at least in the Muscovites’ case, having them recorded on a blockchain. According to an official page dedicated to electronic voting, Moscow’s Department of Information Technologies, which is working on the technical solution, plans to use Bitfury’s open-source enterprise blockchain, Exonum. “The blockchain technology is working in the Proof of Authority mode,” the page says in Russian. “A smart contract for the ballot ledger will be recording the votes in the system, and after the voting is complete it will decode them and publish them in the blockchain system.” The Department of Information Systems did not respond to CoinDesk’s request for comment by press time. Bitfury’s spokesperson declined to comment on the company’s involvement in the project.

National: Online Voting System Used in Florida and Elsewhere Has Severe Security Flaws, Researchers Find | Kim Zetter/OneZero

New research shows that an internet voting system being used in multiple states this year is vulnerable to hacking, and could allow attackers to alter votes without detection. On Sunday, researchers published a report that details how votes in OmniBallot, a system made by Seattle-based Democracy Live, could be manipulated by malware on the voter’s computer, insiders working for Democracy Live, or external hackers. OmniBallot is currently used in Colorado, Delaware, Florida, Ohio, Oregon, Washington, and West Virginia. Though online voting has typically been used by overseas military and civilian voters, it could expand to more voters in the future due to the pandemic. The researchers found that bad actors could gain access to ballots by compromising Democracy Live’s network or any of the third-party services and infrastructure that the system relies on, including Amazon, Google, and Cloudflare. “At worst, attackers could change election outcomes without detection, and even if there was no attack, officials would have no way to prove that the results were accurate,” the researchers, Michael Specter at the Massachusetts Institute of Technology and J. Alex Halderman of the University of Michigan, write. “No available technology can adequately mitigate these risks, so we urge jurisdictions not to deploy OmniBallot’s online voting features.”