Internet Voting

Tag Archive

National: Voatz has raised $7 million in Series A funding for its mobile voting technology | Connie Loizos/TechCrunch

Voatz, the four-year-old, Boston, Mass.-based voting and citizen engagement platform that has been at the center of debate over the merits and dangers of mobile voting, has raised $7 million in Series A funding. The round was co-led by Medici Ventures and Techstars, with participation from Urban Innovation Fund and Oakhouse Partners. Voatz, which currently employs 17 people, is modeled after other software-as-a-service companies but geared toward election jurisdictions, working with state and local governments to conduct elections and provide related election management and cybersecurity services. As we reported back in March, the city of Denver agreed to implement a mobile voting pilot in its May municipal election using Voatz’s technology, an opportunity that was offered exclusively to active-duty military, their eligible dependents and overseas voters using their smartphones.

Full Article: Voatz has raised $7 million in Series A funding for its mobile voting technology | TechCrunch.

Verified Voting Blog: Verified Voting Letter in Support of Congressional Election Cybersecurity Legislation

This letter was sent to Senators Cory Gardner (R-CO), Mark Warner (D-VA) and Representatives Derek Kilmer (D-WA) and Michael McCaul (R-TX) on May 14, 2019. Download the PDF.

Thank you for introducing legislation aimed at increasing cybersecurity at the state and local levels of government. We recognize the need for this important legislation, which is aimed at hardening cyber resiliency efforts and preventing vulnerabilities from becoming nightmare realities. For the states that would respond to the proposed grants in H.R. 2130 and S.1065, and for the protection of the citizens who live in them, we applaud your support in the battle against cyberattacks.

At the same time that you are bolstering cybersecurity defenses, we encourage you to add provisions specifically prohibiting these funds from being used for internet-based voting. Cybersecurity experts agree that internet return of marked ballots lacks sufficient safeguards for security and privacy. We urge you to specifically name internet voting as a threat and prohibit the funding provided by your legislation from being used to support internet voting programs and pilots.

Cybersecurity experts agree that no current technology, including blockchain voting, can guarantee the secure, verifiable, and private return of voted ballots over the internet. Both because vote-rigging malware could already be present on the voter’s computer and because electronically returned ballots could be intercepted and changed or discarded en route, local elections officials would be unable to verify that the voter’s ballot accurately reflects the voter’s intent. Furthermore, even if the voter’s selections were to arrive intact, the voted ballot could be traceable back to the individual voter, violating voter privacy.

Russia: E-voting bill faces second reading in Russia’s lower house of parliament | RAPSI

The State Duma will consider a bill envisaging a test remote voting via electronic communications during the elections to the Moscow parliament in the second reading on May 16, the Moscow City Duma Chairman Alexey Shaposhnikov has told journalists. Under the draft law, the test voting is to be conducted in only one city district. The remote voting would require changes and development of public control over the elections, Alexander Brod, a member of the Presidential Council of Human Rights, said earlier. Previously, the Central Election Commission (CEC) proposed to ease the procedure governing the elections of municipal deputies.

Full Article: E-voting bill faces second reading in Russia’s lower house of parliament | RAPSI.

Australia: Federal election 2019: why can’t we just vote online? | Crikey

Every time election season comes around, the same question crops up again and again: why can’t we just vote online? We can shop, order takeaway and request an Uber from our phones; why can’t we vote over the internet as well? The main reason: maintaining the security and integrity of elections is actually a lot more complicated than it seems. But let’s take a closer look. While we can secure things like online banking to a reasonable degree, our elections are based on the principle of anonymity and this makes it far more challenging to protect them. Our online banking systems permanently record how much people spend and where, so that we can verify whether our balances are correct. But a record of each person’s vote would be extremely limiting to democracy because it would open up the door to peer pressure and coercion. This could stop people from truly expressing their democratic will. The need to keep elections anonymous brings up some major problems: without records, how can we ensure that the final vote tally is an accurate representation of what the people want? How do we know that the result hasn’t been meddled with by a political party or a foreign power? In paper-based voting systems, we rely on simplicity and having observers from each side at every step of the process. This has been relatively effective at preventing large-scale compromises and errors. When we use electronic and internet-based voting systems, we can’t see what’s actually going on inside the computers and servers, and the vast majority of the electorate doesn’t have the specific knowledge to understand the technical processes that underlie these systems. Electronic and internet-based systems also open up the possibility for widespread election tampering that could slip by undetected, corrupting the entire system. This isn’t feasible in a paper-based election because it would require collusion between far too many people, which would surely be discovered.

Full Article: Federal election 2019: why can't we just vote online? - Crikey.

Switzerland: Trapdoor commitments in the SwissPost e-voting shuffle proof | Vanessa Teague

Verifiability is a critical part of the trustworthiness of e-voting systems. Universal verifiability means that a proof of proper election conduct should be verifiable by any member of the public. The SwissPost e-voting system, provided by Scytl, aims to offer a partial form of verifiability, called “complete verifiability”, which resembles universal verifiability but adds the assumption that at least one of the components on the server-side, i.e., the computers running the voting system, behaves correctly. (Universal verifiability offers guarantees even if all server-side components are malicious.) In the SwissPost system, encrypted electronic votes need to be shuffled to protect individual vote privacy. Each server who shuffles votes is supposed to prove that the set of input votes it received corresponds exactly to the differently-encrypted votes it output. This is intended to provide an electronic equivalent of the publicly observable use of a ballot box or glass urn. We show that the mixnet specification and code recently made available for analysis does not meet the assumptions of a sound shuffle proof and hence does not provide universal or complete verifiability. We give two examples of how an authority who implemented or administered a mix server could produce a perfectly-verifying transcript while actually – undetectably – manipulating votes.

Full Article: Trapdoor commitments in the SwissPost e-voting shuffle proof.

National: Blockchain Voting: Unwelcome Disruption or Senseless Distraction? | U.S. Vote Foundation

It really gets old being a guinea pig. Not because of the cagey confines, but for the insistence of those who try their ideas out on you. Overseas and military voters continue to be the guinea pigs for unvetted online voting ideas, the new one being “blockchain voting”. We have been here before. Overseas and military voters do need continued meaningful reforms across all states, and it is good when people truly care enough to examine and invest in solutions. What we do not need is a distraction that introduces new threats to overseas and military ballot integrity. The cliché “disruption model” doesn’t belong in our elections. Particularly in light of Russia’s cyber-interference in elections in Ukraine in 2014 and the US in 2016, we should consider with extra caution the idea of putting the entire voting process online. Russia itself is pushing to use this same technology for voting. Maybe it is worth a deeper look at it before we rush to its implementation? Perhaps investment in a threat detection system, which most state election offices cannot yet afford, would, at minimum, be a wise first course of action. Typically election systems must undergo formal testing and certification. Public access and examination is crucial. With a fully online system, that requirement is far more serious. Internet voting is not the same sort of simple transaction as is online banking; it is far more complex due to the fact that there must be a separation of the transaction from the identity of the person executing it. Just because there is a “blockchain” for the transaction doesn’t make the total voting system secure. The bottom line: it should not be possible to implement these systems in real elections without full and complete public examination. It is not sufficient to declare a technology as “tested” when it is used only in private elections and by outside companies hired to do “security audits”.

Full Article: Blockchain Voting: Unwelcome Disruption or Senseless Distraction? | U.S. Vote Foundation.

Switzerland: Swiss Post’s e-voting system pulled for May votes | SWI

SwitzerlandThe e-voting system operated by Swiss Post will not be available for nationwide votes on May 19. This is the consequence of “critical errors” found during a public intrusion test, the Federal Chancellery and Swiss Post announced on Friday. The Federal Chancellery said in a statementexternal link it would review the licensing and certification procedures for e-voting systems. It added that it had no indication that these flaws had resulted in votes being manipulated in previous ballots. Swiss Post’s e-voting system had been in use in four cantons: Basel City, Fribourg, Neuchâtel and Thurgau. The Organisation of the Swiss Abroad said on Fridayexternal link it was deeply disappointed by the news, describing it as a blow against online voting “and thus a denial of the democratic rights of the Swiss Abroad”.

Full Article: Swiss Post’s e-voting system pulled for May votes - SWI swissinfo.ch.

Switzerland: Additional flaw found in Swiss Post e-voting system | SWI

SwissPostA second error in the Swiss Post planned e-voting system has been discovered as the public intrusion test phase comes to an end. The Federal Chancellery announced the need for action and confirmed a review of the e-voting certification and approval process. The same computer experts who discovered a critical error in the source code of Swiss Post’s new e-voting system earlier this month announced they discovered a further security gap. It was identified as part of the public intrusion test that has been running since February 25, during which the e-voting source code was released. The bug affects universal verifiability – the same area of the system as the first error. However, in this case the error would not make it possible for arbitrary manipulation of any possible votes to go unnoticed, according to the Federal Chancellery. That said, votes could be made invalid without being discovered by the mathematical evidence. René Lenzin, deputy head of communications at the Federal Chancellery, told the Swiss news agency Keystone-SDA that the error confirmed a “need for action”. The error discovered on March 12 had already shown that universal verifiability and thus the “heart of the system” had not worked. The system had to recognise if manipulation had taken place.

Full Article: Additional flaw found in Swiss Post e-voting system - SWI swissinfo.ch.

Switzerland: Second flaw found in Swiss election system could change ‘valid votes into nonsense,’ researchers say | CyberScoop

CyberScoopResearchers have uncovered a second security flaw in the electronic voting system employed by the Swiss government. The vulnerability involves a problem with the implementation of a cryptographic protocol used to generate decryption proofs, a weakness that could be leveraged “to change valid votes into nonsense that could not be counted,” researchers Sarah Jamie Lewis, Olivier Pereira and Vanessa Teague wrote in a paper published Monday. This disclosure comes weeks after the same team of researchers announced they had uncovered a flaw in the e-voting system that could allow hackers to replace legitimate votes with fraudulent ones. Swiss Post, the country’s national postal service, which developed the system along with Spanish technology maker Scytl, said earlier this month that first vulnerability had been resolved. Researchers said at the time that the vulnerability demonstrated what can go wrong when governments shift to electronic voting with no alternative plan. The security and integrity of electronic voting systems vary by country, and the vulnerabilities outlined in this research are specific to Switzerland, but other areas of the world increasingly are moving toward a voting infrastructure where it could soon be impossible to verify whether vote tampering has occurred. Christopher Krebs, head of the U.S. Cybersecurity and Infrastructure Agency told Congress last month election officials must have the ability to audit election results.

Full Article: Second flaw found in Swiss election system could change 'valid votes into nonsense,' researchers say.

Australia: Fury as online voting system crashes on NSW election day | Australian Associated Press

Some New South Wales voters have had trouble casting their ballot as issues plaguing the state’s electronic voting system ran into election day. Technical issues began on Friday night but continued Saturday morning as thousands flooded iVote to register and cast their ballot. Frustrated voters then turned to the telephone registration system, which itself was then overloaded, with some told to call back later. Some New South Wales voters have had trouble casting their ballot as issues plaguing the state’s electronic voting system ran into election day. Technical issues began on Friday night but continued Saturday morning as thousands flooded iVote to register and cast their ballot.

Full Article: Fury as online voting system crashes on NSW election day  | | Express Digest.

Colorado: Denver Offers Blockchain Voting to Military, Overseas Voters | The Denver Post

The city of Denver will allow thousands of voters to cast their ballots with a smartphone application this year. The pilot program is one of the first U.S. deployments of a phone-based voting system for public elections — but it will only be available to military members and voters living in other countries. The city has invited all of its international voters — about 4,000 people — to use the app in the May 2019 election. The idea of digital voting has been met with skepticism from some elections security experts, but Denver officials say it could make life easier for a limited set of voters. “This pilot enables us to offer that convenience for our military and overseas citizens who have the most difficult time voting and participating in the democratic process here at home,” said Deputy Elections Director Jocelyn Bucaro.

Full Article: Smartphone voting coming to Denver in May election.

Switzerland: Experts Find Serious Problems With Switzerland’s Online Voting System | Motherboard

Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system’s design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what’s going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly. “Most of the system is split across hundreds of different files, each configured at various levels,” Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England’s GCHQ intelligence agency, told Motherboard. “I’m used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding.”

Full Article: Experts Find Serious Problems With Switzerland's Online Voting System.

Switzerland: Hackers flock to hunt for cracks in Swiss e-voting system | Associated Press

Swiss authorities are trumpeting the fact that more than 2,000 would-be hackers from around the world have taken up an invitation to try to find holes in Switzerland’s groundbreaking online voting system — and potentially earn tens of thousands of francs (dollars) if they succeed. The Federal Chancellery and Swiss regions, known as cantons, expressed satisfaction at the high response barely a week after launching a registration for IT experts to help crack a planned update to Switzerland’s 15-year-old e-voting system. Among countries in Europe, only Estonia has a similar online voting program, a Swiss official said. The effort amounts to a coming-of-age of Swiss e-voting, or online voting, systems: After over 200 trials and the rollout of e-voting already in 14 of Switzerland’s 26 cantons, authorities now believe they’ve developed “completely verifiable systems” that they hope to introduce for the first time this year.

Full Article: Hackers flock to hunt for cracks in Swiss e-voting system - StarTribune.com.

Switzerland: The Swiss Go Against the Flow With Online Voting | Bloomberg

Worries over election hacking have led officials in Europe and the U.S. to consider a return to hand-counting paper ballots. Switzerland, however, is moving in the opposite direction, toward absentee electronic voting. It’s a useful way of keeping turnouts from falling, and the systems can be made secure and reliable. Since the scare of 2016, when U.S. intelligence services asserted that malicious Russian actors came close to hacking electronic voting systems and even cracked some voter databases, at least one country – the Netherlands – went back to counting paper ballots by hand throughout the tabulation process, not just at local polling stations. Dozens of U.S. states used hand-counting either solely or for backup in the 2018 midterm elections, and the states that failed to do so were criticized for ignoring security. … Recent research shows that electronic voting doesn’t boost interest in elections by much. In Estonia, which introduced e-voting in 2005, more than 30 percent of the vote is now cast online but the total turnout has remained stable – and low. Yet studies have also shown that having e-voting as an option can arrest a decline in turnout: Easy absentee voting is habit-forming.

Full Article: Election Hacking: Bucking the Trend, Swiss Rely on Online Voting - Bloomberg.

Editorials: There’s No Good Reason to Trust Blockchain Technology | Bruce Schneier/WIRED

In his 2008 white paper that first proposed bitcoin, the anonymous Satoshi Nakamoto concluded with: “We have proposed a system for electronic transactions without relying on trust.” He was referring to blockchain, the system behind bitcoin cryptocurrency. The circumvention of trust is a great promise, but it’s just not true. Yes, bitcoin eliminates certain trusted intermediaries that are inherent in other payment systems like credit cards. But you still have to trust bitcoin—and everything about it. Much has been written about blockchains and how they displace, reshape, or eliminate trust. But when you analyze both blockchain and trust, you quickly realize that there is much more hype than value. Blockchain solutions are often much worse than what they replace. First, a caveat. By blockchain, I mean something very specific: the data structures and protocols that make up a public blockchain. These have three essential elements. The first is a distributed (as in multiple copies) but centralized (as in there’s only one) ledger, which is a way of recording what happened and in what order. This ledger is public, meaning that anyone can read it, and immutable, meaning that no one can change what happened in the past.

Full Article: There's No Good Reason to Trust Blockchain Technology | WIRED.

Switzerland: Government invites hackers to penetration-test its e-voting system | ZDNet

The Swiss government will make its future e-voting system available for a public intrusion test and is now inviting companies and security researchers to have a go at it. “Interested hackers from all over the world are welcome to attack the system,” the government said in a press release. “In doing so, they will contribute to improving the system’s security.” … A mock e-voting session is planned on the last day of the testing period, on March 24, but participants can attack the e-voting system before that, as well. To participate, companies and security researchers will have to sign up in advance of the PIT session’s official start. Signing up will give participants the legal permission to attack the system, will ensure the cash rewards will reach those who first report an issue, and it enforces a set of rules and restrictions on participants.

Full Article: Swiss government invites hackers to pen-test its e-voting system | ZDNet.

Switzerland: Government offers reward for hacking its electronic vote system | AFP

The Swiss government has issued a 150,000 Swiss franc (US$149,790) challenge to online hackers; break into our new generation electronic voting system and we’ll reward you. The federal chancellery announced a dummy run election will be held from February 25 to March 24 and invited anyone who wants to display their online piracy talents to sign up at https://onlinevote-pit.ch. They can then “try to manipulate the vote count, to read the votes cast, to violate voting secrecy or to bypass security systems,” it said in a statement. The amount of the reward paid out will depend upon the level of intrusion achieved by each hacker.

Full Article: Swiss govt offers reward for hacking its electronic vote system | AFP.com.

Switzerland: Swiss look into online manipulation ahead of federal polls | SWI

Several federal offices in Switzerland are investigating whether online manipulation could affect upcoming elections, says a newspaper report. The Federal Office of Communicationsexternal link (OFCOM) has set up a government working group to look into the effects of artificial intelligence on the media and public opinion, writes the NZZ am Sonntag paper. This group was set up last September and is headed by the education and research ministry, spokesman Francis Meier told the paper. Last October Swiss intelligence chief Jean-Philippe Gaudin also warned that foreign actors could try to influence the next federal elections through online artificial intelligence, saying he would propose appropriate measures to the government.

Full Article: Swiss look into online manipulation ahead of federal polls - SWI swissinfo.ch.

Estonia: Russia unlikely to meddle with upcoming general election, expert thinks | ERR

Communications expert Ilmar Raag thinks that Russian meddling in the upcoming general election on 3 March is unlikely, not least because the situation in Estonia is stable, and even a large-scale disinformation effort wouldn’t change much. In a piece for weekly Eesti Ekspress (link in Estonian), Mr Raag writes that given the current political situation and support of political parties in Estonia, Russia is unlikely to make an attempt at influencing the outcome of the 3 March general election—simply because it doesn’t stand to gain much. For a serious attempt at influencing political opinion in Estonia, the main means at the disposal of the Russian state services is the repetition of whatever story they carry. In practice, this would mean at least five major stories about Estonia on Russian state TV, which at the moment isn’t happening.

Full Article: Russia unlikely to meddle with upcoming general election, expert thinks | News | ERR.

Virginia: Electronic return of ballots worries aired | Daily Press

One of the toughest things for the digital world to manage is keeping a transaction private while at the same time assuring everyone it has accurately recorded the deal. That’s what Virginia Wesleyan University mathematician Audrey Malagon, an adviser to the non-profit group Verified Voting, has been telling legislators. Her concern is with a particular transaction: voting when voters far from their polling place return their ballots electronically. Del. Nick Rush, R-Christiansburg, wants to launch a pilot program to allow military personnel serving overseas to do just that. He’s hoping the same kind of blockchain technology used in cybercurrency dealings will make it easier for them to vote. But the problem, Malagon told legislators, is preserving the anonymity of the voting booth or absentee ballot while letting both voter and vote-counter know that a vote was accurately recorded.

Full Article: Electronic return of ballots worries aired - Daily Press.