Internet Voting

Tag Archive

Editorials: As Washington State’s chief elections officer, I don’t think electronic voting is worth the risk | Kim Wyman/The Seattle Times

The integrity of our elections and our democracy is under attack. Bad actors — both foreign and domestic — seek to damage election infrastructure, manipulate results and sow discourse. Washington has made critical strides in shoring up security for upcoming elections and beyond, but safeguarding our elections is a race without a finish line. With cybersecurity experts warning of the severe vulnerabilities with online or mobile voting, including electronic ballot return methods, I am recommending the Legislature act on a bill I requested to protect Washington voters from cyber intrusion. Currently, Washington allows military and civilian overseas voters to return their ballots by email or fax. Cybersecurity experts, including the Department of Homeland Security, the Federal Bureau of Investigation, the National Security Agency and the Massachusetts Institute of Technology, are imploring states to eliminate these glaring vulnerabilities. Heeding their warnings, I partnered with a bipartisan group of legislators to eliminate email and fax ballot return options for voters serving or living overseas.

Full Article: As the state’s chief elections officer, I don’t think electronic voting is worth the risk | The Seattle Times.

Canada: Nova Scotia could see limited internet voting for military with proposed changes | Keith Doucette/The Canadian Press

Limited internet voting for the military and financial reimbursement for candidate expenses related to family care feature in a series of proposed changes to Nova Scotia’s Elections Act tabled Friday. Justice Minister Mark Furey said the changes would reduce barriers to running in elections and make voting easier for members of the military who are serving elsewhere in Canada or overseas. Under the changes, candidates would be reimbursed for extra expenses such as child and spousal care, elder care or care for a person with a disability. “Public service is foundational to our democracy, and my hope is that these changes will reduce barriers to running, especially for women who are primary care givers in so many elements of their family,” Furey said.

Full Article: (1) Nova Scotia could see limited internet voting for military with proposed changes - Halifax | Globalnews.ca.

Nevada: Will there be more presidential caucus chaos? ‘Nevada is just praying’ | Seema Mehta and Matt Pearce/Los Angeles Times

Dozens of Democratic volunteers scurried around Doña Maria Mexican Restaurant in polite pandemonium last week as they staged a mock caucus to prepare for the real thing on Saturday in Nevada. A dining area filled with cries of “Salma Hayek!” “Jennifer Lopez!” “Salma Hayek!” as the volunteers playfully grouped themselves by favorite celebrity rather than by favorite candidate to familiarize themselves with the state’s caucus process. That was the fun part. But when it came time to actually count votes — not a mere act of addition but a whole range of subtraction, multiplication and division to award delegates — the room fell quiet as participants stared at a whiteboard spreadsheet more than eight columns wide. The complexity of Nevada’s new rules, which now include adding absentee early voters to the mix, had set in. Democratic officials and campaigns in Nevada are desperately hoping to avoid another caucus meltdown like the one this month in Iowa, where campaigns devoted millions of dollars and deployed hundreds of volunteers in the hopes of emerging as clear winners, only to see the results delayed, misreported and still under challenge of recount. In recent weeks, the Nevada Democratic Party ditched a new app it had planned to use to report results and trained caucus volunteers on new procedures. Meanwhile, campaigns pressured party officials behind the scenes to release more information about how, exactly, the state planned to avoid a retread of the Iowa fiasco. “Everybody in Nevada is just praying and focused on not being Iowa,” said Tick Segerblom, a commissioner in Clark County, which includes Las Vegas. “I think we’ve learned our lesson.”

Full Article: Will there be more presidential caucus chaos? 'Nevada is just praying' - Los Angeles Times.

Nevada: ‘A complete disaster’: Fears grow over potential Nevada caucus malfunction | Laura Barrón-López

The process will break down like this: On caucus day, each precinct chair will be given a party-purchased iPad that will have a link to a Google form — dubbed a “caucus calculator” — saved on it. Pre-loaded on the form will be the early vote total from that precinct. The precinct chair will then input vote totals after the first and second votes. Under caucus rules, voters choose their preferred candidate at the outset, known as the first alignment. But if their candidate fails to reach 15 percent, they can switch to a different candidate, or seek to persuade supporters of another candidate who fails to reach 15 percent to help their candidate clear that threshold during the second alignment. The prompts on the Google form are expected to look similar to how they appear on the physical caucus reporting sheet. When the first and second alignments are completed, the totals will be relayed over the cloud to the Nevada Democratic Party via the Google form, which on the back end appears as a Google spreadsheet. Separately, the precinct chair or site lead will take the printed caucus reporting sheets — each campaign must sign off on them first — and call the Nevada Democratic Party boiler room via a secure hotline. (Site leads oversee multiple precinct chairs in caucusing at a single large location.)

Full Article: ‘A complete disaster’: Fears grow over potential Nevada caucus malfunction - POLITICO.

Editorials: There’s always a threat to voting online | Huntingdon Herald-Dispatch

It shouldn’t take an MIT genius to figure out that any internet-based voting system can be hacked, but apparently it did. Last week researchers at the Massachusetts Institute of Technology said the Voatz app, which has been used in West Virginia and elsewhere by absentee voters and military personnel, has vulnerabilities that could allow hackers to change a person’s vote without detection. The Voatz developer said the analysts used an older version of the app. It accused them of acting in “bad faith.” So far the app has been used by fewer than 600 voters in nine pilot elections. Voatz was used in West Virginia’s elections in 2018 by fewer than 200 voters. No problems were reported. Last month, the Legislature approved a bill that would allow voters with physical disabilities to use the Voatz app in this year’s election. The bill awaits the governor’s signature or veto.

Full Article: Editorial: There's always a threat to voting online | Opinion | herald-dispatch.com.

Iowa: Caucus app chaos shows why American elections should stay analog for now | Brinkwire

Like everything created by humans, code has flaws. One major way to defend against potential problems brought on by the flaws is testing an app before you use it. Unfortunately, it seems like the Iowa Democratic Party did little in the way of testing the app it used to track results from the Iowa caucuses, wreaking havoc on the tenuous Democratic presidential-nominating process. “The situation in Iowa makes the average voter’s confidence in the election process worse than before,” said Ron Gula, a former National Security Agency (NSA) white hat hacker who now invests in startup cybersecurity firms. “Whether or not they might believe the Russians hacked the election before, this is another thing that will make them go ‘wow, we really don’t trust this.’ It’s not a great situation for voter confidence in general.” This was a screw up on a state level, a state that happens to hold a lot of significance for U.S. democracy. “The situation with Iowa’s caucus reveals the risks associated with technology, in this case with a mobile app, but more importantly that there needs to be a low-tech solution in order to recover from technological failures — no matter the cause,” said Marian K. Schneider, president of Verified Voting, in a statement to Digital Trends. Verified Voting is a voting accuracy nonprofit that works to eliminate or reduce the use of systems that “cannot be audited or secured, such as internet voting.” Schneider noted it was lucky that Iowa kept paper records of the vote. “It’s clear that mobile apps are not ready for prime time,” she said.

Full Article: Iowa caucus app chaos shows why American elections should stay analog for now – Brinkwire.

National: Is technology consistent with electoral integrity? The hard lessons of Iowa | Sarah E. Hunt/Salon

In the modern era, much of American greatness is derived from the conception that the United States maintains the integrity of its elections, thus ensuring the fair representation of its citizens in the halls of government. Such elections brought about the suffragist and civil rights movements, which marked evolutionary tectonic shifts in American democracy that aligned the nation more closely with the ideals set forth in its Constitution. When revolutionary action is called for, our country has the ability and will to better itself and defend its values. The chaos surrounding the 2020 Iowa caucus two weeks ago was a bellwether, heralding another transformational moment. Our willingness to take action will define America’s trajectory. The events unfolding in the heartland of our country are a wake-up call to the entire nation. They highlight the importance of protecting the security and integrity of our electoral system.

Full Article: Is technology consistent with electoral integrity? The hard lessons of Iowa | Salon.com.

National: Security experts raise concerns about voting app used by military voters | Brian Fung/CNN

Security researchers are reporting flaws in a smartphone-based voting app that’s been used by military voters overseas and is now being tested for use in the US. The vulnerabilities could allow nation-state hackers to view, block or even change smartphone ballots before they’re counted, according to a new paper written by three researchers at the Massachusetts Institute of Technology. The app is designed by the company Voatz, whose technology has been piloted so far in West Virginia, Colorado and Utah. The company called the report “flawed” in a statement posted to its website Thursday. “We want to be clear that all nine of our governmental pilot elections conducted to date, involving less than 600 voters, have been conducted safely and securely with no reported issues,” Voatz said in the statement. “The researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion.” The report comes amid rising concern about the use of apps and online voting tools in the 2020 election following the failure of reporting tools in the Iowa caucuses.

Full Article: Security experts raise concerns about voting app used by military voters - CNNPolitics.

National: Smartphone voting stirs interest — and security fears | AFP

West Virginia’s disabled residents and overseas military personnel will be able to vote by smartphone in the US presidential election this year, the latest development in a push to make balloting more accessible despite persistent security fears. Rising interest in electronic voting has heightened concerns among security experts who fear these systems are vulnerable to hacking and manipulation that could undermine confidence in election results. Overseas service members from West Virginia first voted by smartphone in 2018 with the blockchain-powered mobile application Voatz, which is now being tested in some elections in Colorado, Utah, Oregon and Washington state. West Virginia recently expanded the program to people with physical disabilities. A report released Thursday by Massachusetts Institute of Technology researchers uncovered Voatz “vulnerabilities” which could allow votes to be altered and potentially allow an attacker to recover a user’s secret ballot.

Full Article: Smartphone voting stirs interest -- and security fears - RFI.

Nevada: Democrats Say They’ll Replace Their Caucus App With iPads And A Google Form | Kaleigh Rogers/FiveThirtyEight

In just two days, Nevadans will begin early voting in the state’s Democratic caucuses. For the past few weeks, it’s been unclear how those votes would be integrated into the overall vote tallies after Nevada Democrats were spooked by the chaos in Iowa’s Democratic primary and decided to toss a previous plan to use an app. But today, the state Democratic party revealed how it intends to incorporate those early votes into the live caucuses on Feb. 22: “a simple, user-friendly calculator.” What that means, exactly, is still a bit unclear. In a memo sent to campaigns Thursday and shared with FiveThirtyEight, the party wrote that “the caucus calculator will only be used on party-purchased iPads provided to trained precinct chairs and accessed through a secure Google web form.” The memo didn’t provide any specifics about whether the calculator would be accessed through the Google form, or whether the Google form itself is the calculator. It’s also not clear if early-vote tallies will live on the web, or if they’ll be pre-loaded onto each district’s iPad. The state party did not immediately respond to our request for further comment.

Full Article: Nevada Democrats Say They’ll Replace Their Caucus App With iPads And A Google Form | FiveThirtyEight.

Editorials: Paper ballots still the best election system | Medford Mail Tribune

Sometimes, the old ways are still the best ways. We would argue that especially applies to election systems, despite continuing pressure to offer voters the option of casting ballots using smartphones or other devices. Jackson County is one of two Oregon counties that experimented with a smartphone app that allowed county residents overseas — most of them in the military — to vote in the Nov. 5, 2019, special election. Of 213 Jackson County voters eligible to participate, only 27 did. One reason could have been that the November ballot had only one item on it — a proposed bond levy to upgrade the county’s emergency communications system. Maybe a full ballot would have enticed more county voters stationed overseas to use the smartphone app. Maybe not. But the turnout isn’t the primary concern here. Anything that gives voters more options to participate is a good thing, in theory. In practice, voting systems that use the internet to transmit votes are inherently more vulnerable to hackers seeking to manipulate the outcome. They are also more likely to simply fail to perform as designed.

Full Article: Paper ballots still the best election system | Wire Commentary | heraldandnews.com.

International: Tech-augmented democracy is about to get harder in this half-baked world | Chris Duckett for Null Pointer/ZDNet

For the wondrous benefits the internet has brought, it is not without its drawbacks. This has manifested itself in two ways when it comes to democracy: A headlong rush into internet voting and a shattering of the polity. As a scientific critique on the act of voting, associate professor Vanessa Teague discussed electronic voting in her recent keynote at Linux.conf.au 2020. Teague has more than enough experience in this area, and has been involved in finding flaws in the iVote system that is increasingly used in New South Wales, as well as the Scytl system used in Swiss elections that iVote is based on. “I think there are some reasonable ways of doing electronic voting in a polling place … but we just don’t know how to do remote electronic voting properly in a way that really safeguards the election against manipulation [via] software bugs,” Teague said last month. The issue Teague sees with remote voting is subtle bugs, such as those involved in shuffling and verifying votes, which can undermine the security of the whole system. “That’s a little bit different from the occasional problems that happen in paper-based systems because you don’t as a result of one little subtle problem hand over a capacity for total manipulation of all of the votes to one entity,” she said. “In summary, I think there are some reasonable ways of doing electronic voting in a polling place … but we just don’t know how to do remote electronic voting properly in a way that really safeguards the election against manipulation on software bugs.”

Full Article: Tech-augmented democracy is about to get harder in this half-baked world | ZDNet.

National: Voatz of no confidence: MIT boffins eviscerate US election app, claim fiends could exploit flaws to derail democracy | Thomas Claburn/The Register

Only a week after the mobile app meltdown in Iowa’s Democratic Caucus, computer scientists at MIT have revealed their analysis of the Voatz app used in West Virginia’s 2018 midterm election. They claim the Android app is vulnerable to attacks that could undermine election integrity in the US state. Based on their findings, published today in a paper [PDF] titled, “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections,” researchers Michael Specter, James Koppel, and Daniel Weitzner conclude that internet voting has yet to meet the security requirements of safe election systems. “We find that Voatz has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote, including a side-channel attack in which a completely passive network adversary can potentially recover a user’s secret ballot,” their paper states. “We additionally find that Voatz has a number of privacy issues stemming from their use of third-party services for crucial app functionality.” Specifically, the researchers discovered that malware or some miscreant with root access to a voter’s mobile device can bypass the host protection provided by mobile security software known as the Zimperium SDK.

Full Article: Voatz of no confidence: MIT boffins eviscerate US election app, claim fiends could exploit flaws to derail democracy • The Register.

National: MIT researchers find vulnerabilities in Voatz voting app used in multiple states | Maggie Miller/The Hill

A voting app used in multiple states during the 2018 midterms elections to allow for more accessible voting has cyber vulnerabilities that could allow for votes to be changed or exposed, researchers at the Massachusetts Institute of Technology (MIT) found. In a paper published Thursday, three MIT researchers found that Voatz had vulnerabilities that “allow different kinds of adversaries to alter, stop, or expose a user’s vote” and that the app also had several privacy issues due to the use of third-party services to ensure the app functioned. The researchers found that if an individual were able to gain remote access to the device used to vote on the Voatz app, vulnerabilities could have allowed that person to discover and change the votes cast. The researchers described their findings as being part of the first “public security analysis of Voatz” and noted that they used reverse engineering of the Android Voatz app to come to their conclusions. The Voatz app was used during the 2018 midterms in some municipal, state or federal elections in West Virginia, Colorado, Oregon and Utah. The company allows voters to cast their votes via an app and was rolled out in West Virginia as a way for overseas military personnel and other voters unable to physically go to the polls to cast their votes.

Full Article: MIT researchers find vulnerabilities in voting app used in multiple states | TheHill.

Colorado: MIT study: voting app that Denver used could be hacked | Matt Mauro/KDVR

An app that some Denver voters used in 2019 has significant security issues, according to a new study from the Massachusetts Institute of Technology. The study that was released Thursday said hackers could potentially block or change a vote and steal a voter’s personal information from the app Voatz. The Denver Elections Division used Voatz in the May and June municipal elections for about 300 military and overseas voters. The Division did not report any security issues. “We were very happy with it,” said Director of Elections Jocelyn Bucaro. Burcaro said voter turnout increased significantly with Voatz. Traditionally, military members and others who are overseas and vote electronically would have to print a ballot, sign an affidavit, scan the documents and email them. Voatz allowed the voters to submit their ballots by just using a smartphone. Also, the division used a three-step process to ensure the app and votes were secure. “We are really grateful for the MIT researchers and releasing that report because we’ve been wanting more security review of the Voatz application and other vendors in this space,” Bucaro said.

Full Article: MIT study: voting app that Denver used could be hacked | FOX31 Denver.

Iowa: Caucus Meltdown Proved Transparency Is Essential, Election-Watchers Say | Miles Parks/NPR

As the Democratic primary season rolls on, one big lesson already is sinking in from the party’s caucus-night meltdown in Iowa: Secrecy isn’t a strategy. State Democratic chair Troy Price declined to answer questions a month ago about what sorts of tests were conducted on the smartphone app the party was planning to use on caucus night or detail backup plans should it fail. But he did promise some sort of transparency. “We’ll be able to give a preview to the press of what the app will look like in the days leading up to the caucuses,” Price said in mid-January, in his first interview about the app, with NPR and Iowa Public Radio. That preview never happened. And the reporting system then failed in a major way. The state party announced over the weekend that it was still adjusting results for 3 percent of the state’s total precincts, and updating its projected national delegate allocations.

Full Article: Iowa Caucus Meltdown Proved Transparency Is Essential, Election-Watchers Say : NPR.

Iowa: What the Iowa Caucus Tells Us About Cavalier Approaches to Technology | Cillian Kieran/CPO Magazine

As details emerge about the tech issues that have delayed the results of the Iowa caucus and thrown the public into states of confusion and frustration, I marvel at the familiarity of the story to anyone who has spent long enough working on the front lines of enterprise technology. It should be noted that the dust is still settling on events in the Hawkeye State, and so it may be a few more days until we know with absolute certainty what transpired and how exactly, in 2020, the results of the caucus are taking longer to arrive than in pre-internet days. But reports so far focus on the haphazard roll-out of a new voting app designed to facilitate (ostensibly) the transmission of results from caucus locations to centralized election monitors. A number of problems appear to have occurred with this process – ranging from caucus-site volunteers being unable to log-in to report results to rumored compromising by outside parties to scramble the results-logging process. Whatever the final assessment, it’s certainly not too early to call this a disaster, with a bungled roll-out as catalyst.

Full Article: What the Iowa Caucus Tells Us About Cavalier Approaches to Technology - CPO Magazine.

Nevada: Volunteers and campaigns worry about results reporting ahead of Nevada caucuses | Holmes Lybrand, Dianne Gallagher, Pamela Kirkland and Dan Merica/CNN

With the Nevada Democratic caucuses only a week away, both caucus workers and presidential campaigns are worried about the lack of detail the state party is providing about how the results reporting process will work. The worries come after the state party stopped working with Shadow Inc., the company behind the app whose “coding errors” were at the heart of the chaos of the Iowa caucuses. Having scrapped plans to use a pair of Shadow’s apps, the parties will instead use a “caucus calculator,” as outlined in a new memo released by the Nevada State Democratic Party Thursday. Described as “user friendly,” the calculator will be used to add early voting data into each precinct and calculate totals on caucus day, February 22, along with paper work sheets. The tool, which the party does not consider an app, will be available on iPads owned by the party and “accessed through a secure Google web form.” A similar memo was sent to the presidential campaigns on Monday.

Full Article: Volunteers and campaigns worry about results reporting ahead of Nevada caucuses - CNNPolitics.

West Virginia: State Expands Online Voting as Security Worries Grow | Patrick Groves/Government Technology

West Virginia, which has become an early tester of blockchain voting, is expanding Internet voting to include those with physical disabilities. But the move comes just as researchers from the Massachusetts Institute of Technology (MIT) have published a paper asserting that Voatz — the app West Virginia has been using in its pilot tests — has serious flaws, including the ability of bad actors to change votes without voters’ knowledge. Gov. Jim Justice signed SB 94 into law last week giving the secretary of state permission to create a system that allows people with physical disabilities to vote electronically. The Office of the Secretary of State lauded its success with Boston-based vendor Voatz that tallied 144 ballots from uniformed and overseas citizens in 2018. The Secretary of State’s Office may choose the startup again to enact the new law’s mandate for the 2020 primary and general elections. But election security experts and computer scientists have grown increasingly skeptical of the cybersecurity surrounding voting apps, especially after a mobile app used during the Iowa Caucus recorded data accurately but only reported it partially due to a coding error.

Full Article: West Virginia Expands Online Voting as Security Worries Grow.

National: Voting on Your Phone: New Elections App Ignites Security Debate | Matthew Rosenberg/The New York Times

For more than a decade, it has been an elusive dream for election officials: a smartphone app that would let swaths of voters cast their ballots from their living rooms. It has also been a nightmare for cyberexperts, who argue that no technology is secure enough to trust with the very basis of American democracy. The debate, long a sideshow at academic conferences and state election offices, is now taking on new urgency. A start-up called Voatz says it has developed an app that would allow users to vote securely from anywhere in the world — the electoral version of a moonshot. Thousands are set to use the app in this year’s elections, a small but growing experiment that could pave the way for a wider acceptance of mobile voting. But where optimists see a more engaged electorate, critics are warning that the move is dangerously irresponsible. In a new report shared with The New York Times ahead of its publication on Thursday, researchers at the Massachusetts Institute of Technology say the app is so riddled with security issues that no one should be using it.

Full Article: Voting on Your Phone: New Elections App Ignites Security Debate - The New York Times.