In order to ensure the security of online voting systems used in Switzerland, the government needs to issue a challenge to the worldwide hacker community, offering rewards to anyone who can “blow holes in the system”, says a computer scientist in parliament. Since it began in 2000, Switzerland’s e-voting project has been a matter of controversy. While some have been calling for its introduction to be fast-tracked in all the country’s 26 cantons, others would like to see the project slowed. In parliament there has been a call for a moratorium on electronic voting in the whole country for four years, except for the Swiss abroad. To put an end to all the concerns and convince the critics that security and secrecy of online voting can be guaranteed, Radical Party parliamentarian Marcel Dobler thinks there needs to be an unequivocal demonstration that systems used in Switzerland are proof against computer piracy. The best way to do this, he says, is to invite hackers to target them.
Kaspersky, the Russian cybersecurity company accused of helping the Kremlin spy on the U.S. intelligence agencies as part of its 2016 election meddling, has launched a new product aimed at helping secure online voting and make elections more transparent and open. Polys, an online voting platform built using the same blockchain technology that underpins bitcoin, allows anyone to conduct “secure, anonymous, and scalable online voting with results that cannot be altered by participants or organizers,” the company said. Kaspersky is already speaking to a number of “politicians and political organizations in Europe” about using the system, and it says that countries in western Europe, Scandinavia and Asia are technologically and mentally ready to make the change to online voting. But one place Kaspersky will not be hawking Polys is Washington.
Estonia, where citizens use their digital identity to get access to government services online, has identified a security flaw in 760,000 digital ID cards. Estonia shut down access to online services last weekend due to an encryption vulnerability in the chips of affected smartcards. The security issue was first identified in September, and plagues other cards, chips and systems made by the card manufacturer. While the manufacturer has resolved the problem last month, Estonian owners of affected cards still needed to apply for updated certificates. Police stations and other government offices were packed with citizens trying to update their IDs, mostly due to the fact that the online service for updates kept crashing last week.
For the past two and a half months, Estonia has been facing the biggest security crisis since a wave of cyberattacks hit its banks and critical national infrastructure in 2007. At the heart of the current debacle is the latest version of its national ID card, which has been a mandatory identification document for citizens of Estonia since 2002 and serves as a cornerstone of Estonia’s e-state. The hardware behind the ID cards was found to be vulnerable to attacks, which could theoretically have led to identity thefts of Estonian citizens and also e-residents, something which its government has denied occurring.
Estonia has suspended its digital ID cards for residents and overseas “e-residents” after discovering a security flaw that could lead to identity theft. It is estimated that about 760,000 people in Estonia were affected, or about half of the nation’s population. According to Reuters, the eID chip was manufactured by German semiconductor manufacturer Infineon Technologies. For security reasons, Estonian authorities immediately blocked access to the digital services of the eID card until owners can update to a new security certificate, the Hong Kong Economic Journal reported. They have until March 2018 to do so.
Estonia’s police and border guard service offices have reportedly been swamped with people seeking to obtain new eID cards.
About 12 years ago, Estonia, a country in the Baltic region of Northern Europe, launched its eID programme which can serve as an ID card to travel within the European Union and can be used for filing tax claims, online voting, electronic prescriptions and logging into bank accounts.
Full Article: Estonia blocks eID card services after security flaw found.
Estonia has frozen the digital ID cards for its popular e-residency programme, two months after discovering a major security flaw that could enable identity theft. The ID cards are used by Estonian citizens and foreign “e-residents” and underpin services like banking, online voting, tax, medical records, and travel. The e-residency programme is also popular with British entrepreneurs who want to set up their company within the EU, particularly after the Brexit vote. According to Wired, more than 1,000 UK entrepreneurs have applied for the programme so far.
Estonia’s residents use their mandatory national IDs to access pretty much anything, from online banking to online voting. So, it was a huge blow to the program when experts found a security flaw in the chip the ID used that makes it possible for bad players to impersonate and steal the identities of all 760,000 affected individuals. That might not sound like a huge number, but that’s half the small country’s population. Now, the country has blocked most of its residents from accessing all its online services for a weekend, so it can go in and and fix the vulnerability.
Estonia: A test case for Russian hacking threat – e-voting grows despite tampering concerns | Global Journalist
Tiny Estonia might seem an unlikely place to see the future of technology. With just 1.3 million people, the country has fewer people than San Diego and is just three decades removed from Soviet rule. But “E-stonia,” as its known, has also brought the world Skype as well as up-and-coming startups like robotics firm Starship Technologies and payments provider TransferWise. Yet Estonia’s technology prowess has also made it something of a laboratory for the dangers of the threats posed by hackers backed by neighboring Russia. In a country where 90 percent use online banking, 95 percent file taxes online and 30 percent cast their ballots from a computer, Estonia is a target-rich environment for cyberattacks. Indeed the NATO-member country is the site of what may have been the world’s first politically-motivated digital attack in 2007. In that year, Estonia angered Russia by relocating a World War II era memorial to Soviet troops. Soon, the networks of government ministries, banks and leading Estonian newspapers went down, the result of a massive and sophisticated botnet attack.
Iraq: Thousands of attempts to crash e-voting site for Kurdistan referendum “failed,” developer says | Kurdistan24
The company who developed the website for people in the Diaspora to cast their ballot in the Kurdistan Referendum announced it had successfully stopped thousands of attempts to take down the e-voting site. Speaking to Kurdistan 24, Gohdar Jadir Ibrahim, Director of Awrosoft Company, the website developer responsible for the Kurdistan Referendum e-voting portal, confirmed there were hacking attempts to prevent people of the Kurdistan Region in the Diaspora from voting, but that they had “all failed.” “In three days, we received 815,000 visits.
Responding to a question about when there might be online voting in Idaho, Phil McGrane, chief deputy to the Ada County clerk, didn’t waste words: “Not in my lifetime.” In 2010, Washington, D.C., experimented with an electronic voting system, inviting hackers to interfere with a mock school board election. Within hours, a University of Michigan professor and two graduate students had broken into the system, elected Futurama character Bender to the D.C. school board, replaced the “Thank you for voting” message with “Owned,” and programmed it to play the University of Michigan fight song, “Hail to the Victors.” The changes went unnoticed for 48 hours. “Unless you want Bender as president—and some of you might want that right now—we won’t be voting online,” McGrane told a contingent from the League of Women Voters Sept. 13 at the Ada County Courthouse.