Canada: P.E.I. Opposition calls for calls for electronic voting, despite security concerns | The Guardian

Opposition Leader James Aylward is calling on government to adopt electronic voting in P.E.I. for the next provincial election, in spite of concerns raised by a panel of independent auditors about the potential for serious security breaches. Aylward issued the call earlier this week via press release, saying electronic voting could be a way to revolutionize democratic accessibility and increase voter engagement. “It’s the way of the future,” he told The Guardian Thursday. … P.E.I.’s 2016 plebiscite on electoral reform was the first province-wide electronic vote ever held in Canada. Because this introduced possible new risks, an independent audit of the results was required by the province’s Plebiscites Act.

United Kingdom: Welsh Assembly announces plans to introduce e-voting | Sky News

The Welsh Government has proposed pilots exploring the use of electronic voting in local elections and by-elections. Alongside providing 16 and 17-year-olds with the ability to vote on devolved matters for the first time in the UK, e-voting is aimed at boosting participation in the political process. … The security of ballot counting systems has never been a problem in the UK, where ballots are counted by hand. However, in countries such as the US and Germany, security researchers have warned that machines used to count votes could be hacked to manipulate the results – although there is no evidence of this having taken place.

Pakistan: NADRA to develop internet voting system for expats: report | Pakistan Today

With the Supreme Court’s approval, the country’s biggest database manager has started working on the development of an integrated internet voting system aimed at extending the right of franchise to over seven million Pakistanis living abroad in time for the next general elections, according to a report by a private media outlet. According to a presentation given by the National Database and Registration Authority (NADRA) to the apex court on Wednesday, a three-tier electronic mechanism – named the Internet Voting System for Overseas Pakistanis – will be developed at a cost of Rs150 million and within a period of four months. The ECP would provide the required funds for the project.

Latvia: Constitution Protection Bureau: e-voting to create security risks in Latvia | The Baltic Course

Introducing an electronic voting system in Latvia would create security risks, Janis Maizitis, Chief of the Constitution Protection Bureau or the top national security agency in Latvia, said on the public Latvian Radio, cites LETA. He said he was not prone to phobias but, based on the information that he knew as the head of the national security agency, he believed that it would best if Latvia kept to the existing voting procedure, using paper ballots. “That way it would be safer, and we will avoid security risks,” Maizitis said.

Estonia: Court rejects current ID card manufacturer’s appeal against Estonia | ERR

Tallinn Administrative Court on Thursday rejected an appeal by ID card manufacturer Gemalto AG against Estonia’s Police and Border Guard Board (PPA), which will allow the latter to continue with preparations for the manufacture of new electronic ID cards. “Today’s decision by Tallinn Administrative Court not to satisfy the complaint of Gemalto AG regarding the procurement procedure for the contract to manufacture ID cards means certainty for the PPA that we can move forward with preparations for the fulfilment of the agreement on the manufacture of ID-cards concluded in spring,” said Margit Ratnik, head of the Development Department of the PPA. The police authority is planning to begin issuing electronic ID cards with new security elements and a new design, manufactured by the company Idemia, in fall 2018.

Finland: Ministry working group says ‘not yet’ to online voting in Finland | Yle Uutiset

Finland should not consider setting up an online voting system for its elections just yet, according to a Justice Ministry working group. The risks in doing so at this point are much higher than benefits that e-voting might bring, they said. Some risks the group identified in an online e-voting system include: widespread manipulation of election results, disruption of elections through denial of service attacks and the potential for the loss of voter anonymity through hacks or other methods. The working group said that while current technology is not yet advanced enough, further development of e-voting technologies could bring new opportunities down the road. The basic tech to set up an online voting system for elections is possible today. For example, Finland’s nearby Baltic neighbour Estonia has utilised e-voting for longer than a decade now. According to the country’s website e-estonia.com, some 30 percent of the Estonian electorate voted through online services in their last elections.

United Kingdom: Scottish electoral reform proposals set out | BBC

The Scottish government has set out a range of potential changes to how MSPs and councillors are elected. A public consultation has been launched on proposals for widespread reform of Scotland’s electoral systems. These include term limits for Holyrood and councils, expanding the voting franchise to all residents and trying out “innovative” electronic voting. Government business minister Joe Fitzpatrick said it was “a good time to think about modernising” the system. Holyrood took on new powers over the running of elections under the 2016 Scotland Act.

Australia: New South Wales prepares for broader e-voting scheme | iTnews

The NSW Electoral Commission has invited pitches from suppliers to replace the core system behind iVote in preparation for increased use of the online voting system at the next state election. It follows the passage of legislation allowing previously ineligible voters to use technology-assisted voting in NSW’s general elections and by-elections. The existing iVote system was originally introduced for the 2011 state election as a way for blind and vision impaired citizens to vote independently and privately. It has since been expanded to support those voting from overseas or interstate.

International: E-Government Sounds Great Until the First Hack | Bloomberg

A group of Czech security researchers earlier this year discovered a way to steal identities from electronic ID cards used in a number of countries, known in the cryptography industry as a ROCA vulnerability. So far, the vulnerability has caused problems in Estonia — the country with perhaps the most comprehensive e-identification and e-government system in the world — and in Spain. Former Estonian President Toomas Hendrik Ilves, a tireless promoter of his country’s e-democracy, has said that other countries and institutions have the same problem, too; they’re just not talking openly about it. He’s very likely right. The discovery poses an important question: Could we perhaps be overeager to adopt technological solutions to problems that don’t necessarily require them?

Estonia: Digital ID shutdown brings security to the spotlight | GovInsider

Estonia, where citizens use their digital identity to get access to government services online, has identified a security flaw in 760,000 digital ID cards. Estonia shut down access to online services last weekend due to an encryption vulnerability in the chips of affected smartcards. The security issue was first identified in September, and plagues other cards, chips and systems made by the card manufacturer. While the manufacturer has resolved the problem last month, Estonian owners of affected cards still needed to apply for updated certificates. Police stations and other government offices were packed with citizens trying to update their IDs, mostly due to the fact that the online service for updates kept crashing last week.

Estonia: ID card crisis: How e-state’s poster child got into and out of trouble | ZDNet

For the past two and a half months, Estonia has been facing the biggest security crisis since a wave of cyberattacks hit its banks and critical national infrastructure in 2007. At the heart of the current debacle is the latest version of its national ID card, which has been a mandatory identification document for citizens of Estonia since 2002 and serves as a cornerstone of Estonia’s e-state. The hardware behind the ID cards was found to be vulnerable to attacks, which could theoretically have led to identity thefts of Estonian citizens and also e-residents, something which its government has denied occurring.

Estonia: Government blocks eID card services after security flaw found | ejinsight

Estonia has suspended its digital ID cards for residents and overseas “e-residents” after discovering a security flaw that could lead to identity theft. It is estimated that about 760,000 people in Estonia were affected, or about half of the nation’s population. According to Reuters, the eID chip was manufactured by German semiconductor manufacturer Infineon Technologies. For security reasons, Estonian authorities immediately blocked access to the digital services of the eID card until owners can update to a new security certificate, the Hong Kong Economic Journal reported. They have until March 2018 to do so.

Estonia: Popular e-residency ID cards frozen because of a massive security flaw | Business Insider

Estonia has frozen the digital ID cards for its popular e-residency programme, two months after discovering a major security flaw that could enable identity theft. The ID cards are used by Estonian citizens and foreign “e-residents” and underpin services like banking, online voting, tax, medical records, and travel. The e-residency programme is also popular with British entrepreneurs who want to set up their company within the EU, particularly after the Brexit vote. According to Wired, more than 1,000 UK entrepreneurs have applied for the programme so far.

Estonia: Government freezes resident ID cards due to security flaw | Engadget

Estonia’s residents use their mandatory national IDs to access pretty much anything, from online banking to online voting. So, it was a huge blow to the program when experts found a security flaw in the chip the ID used that makes it possible for bad players to impersonate and steal the identities of all 760,000 affected individuals. That might not sound like a huge number, but that’s half the small country’s population. Now, the country has blocked most of its residents from accessing all its online services for a weekend, so it can go in and and fix the vulnerability.

Estonia: A test case for Russian hacking threat – e-voting grows despite tampering concerns | Global Journalist

Tiny Estonia might seem an unlikely place to see the future of technology. With just 1.3 million people, the country has fewer people than San Diego and is just three decades removed from Soviet rule. But “E-stonia,” as its known, has also brought the world Skype as well as up-and-coming startups like robotics firm Starship Technologies and payments provider TransferWise.  Yet Estonia’s technology prowess has also made it something of a laboratory for the dangers of the threats posed by hackers backed by neighboring Russia. In a country where 90 percent use online banking, 95 percent file taxes online and 30 percent cast their ballots from a computer, Estonia is a target-rich environment for cyberattacks. Indeed the NATO-member country is the site of what may have been the world’s first politically-motivated digital attack in 2007. In that year, Estonia angered Russia by relocating a World War II era memorial to Soviet troops. Soon, the networks of government ministries, banks and leading Estonian newspapers went down, the result of a massive and sophisticated botnet attack. 

Iraq: Thousands of attempts to crash e-voting site for Kurdistan referendum “failed,” developer says | Kurdistan24

The company who developed the website for people in the Diaspora to cast their ballot in the Kurdistan Referendum announced it had successfully stopped thousands of attempts to take down the e-voting site. Speaking to Kurdistan 24, Gohdar Jadir Ibrahim, Director of Awrosoft Company, the website developer responsible for the Kurdistan Referendum e-voting portal, confirmed there were hacking attempts to prevent people of the Kurdistan Region in the Diaspora from voting, but that they had “all failed.” “In three days, we received 815,000 visits. 

Idaho: Phil McGrane, Ada County Elections and Bender | Boise Weekly

Responding to a question about when there might be online voting in Idaho, Phil McGrane, chief deputy to the Ada County clerk, didn’t waste words: “Not in my lifetime.” In 2010, Washington, D.C., experimented with an electronic voting system, inviting hackers to interfere with a mock school board election. Within hours, a University of Michigan professor and two graduate students had broken into the system, elected Futurama character Bender to the D.C. school board, replaced the “Thank you for voting” message with “Owned,” and programmed it to play the University of Michigan fight song, “Hail to the Victors.” The changes went unnoticed for 48 hours. “Unless you want Bender as president—and some of you might want that right now—we won’t be voting online,” McGrane told a contingent from the League of Women Voters Sept. 13 at the Ada County Courthouse.

Switzerland: How long before all Swiss expats can use e-voting? | SWI

The use of electronic voting in Switzerland has been making slow progress amid setbacks over security concerns. The Organisation of the Swiss Abroad (OSA) is pushing for the introduction of e-voting for all Swiss expats by the next parliamentary elections in October 2019. Critics complain that the number of cantons offering their registered Swiss citizens abroad the option of e-voting falls short of expectations. In all, 775,000 Swiss citizens live overseas and if you consider that e-voting trials using online technology have been underway since 2004, the number of potential beneficiaries is rather modest. About 158,000 expats from eight cantons (see map below) have the option of participating in the September 24 votes on the controversial old age pension reform, food security and some cantonal issues using a secure computer programme. Eighteen other cantons, including the populous cantons of Zurich and Vaud, do not offer e-voting.

Estonia: Possible security risk affects 750,000 Estonian ID-cards | Estonian World

An international team of researchers has informed the Estonian authorities of a vulnerability potentially affecting digital use of Estonian ID cards issued since October 2014; all the cards issued to e-residents are also affected. On 30 August, an international team of researchers informed the Estonian Information System Authority (RIA) of a vulnerability potentially affecting the digital use of Estonian ID cards. The possible vulnerability affects a total of almost 750,000 ID-cards issued starting from October 2014, including cards issued to e-residents. The ID-cards issued before 16 October 2014 use a different chip and are not affected. Mobile-IDs are also not impacted. …  In the light of current events, some Estonian politicians called to postpone the upcoming local elections, due to take place on 16 October. In Estonia, approximately 35% of the voters use digital identity to vote online.

Australia: How a nonbinding mail-in vote on marriage equality backfired in Australia | The Week

If Australian conservatives thought young people would ignore a nonbinding postal survey on marriage equality, they were wrong. Under pressure from his party’s vocal right wing, Australian Prime Minister Malcolm Turnbull announced on Aug. 8 that a nonbinding plebiscite (or vote) of the nation’s citizens will be held by mail to determine whether Australians support legalizing same-sex marriage. Notwithstanding that we already know the stance of most Australians on marriage equality — they support it, according to a number of recent polls — the option of a plebiscite had been strongly opposed by LGBT communities and marriage equality advocates. They’d pushed for a vote in Parliament that would have changed the marriage law. In early September, Australia’s High Court will consider whether the planned plebiscite is unconstitutional. Critics say the postal survey is little more than an opinion poll — one designed to defer action on marriage equality and perhaps skew results in favor of older, more conservative respondents.

Estonia: Potential security risk could affect 750,000 Estonian ID cards | ERR

Last Thursday, Estonia’s Information System Authority (RIA) was informed by an international group of researchers that a potential security risk had been detected affecting all national ID cards issued in Estonia after October 2014. Estonian experts have determined that the potential risk does indeed exist, affecting 750,000 currently valid ID cards issued after Oct. 17, 2014. ID cards issued prior to this date use a different chip and are unaffected by this risk. Likewise unaffected is the SIM card-based Mobile-ID system, which the government is recommending people sign up for.

Iraq: Kurdistan electoral commission vows to fix online register for referendum following complaints | Kurdistan24

People of the Kurdistan Region currently living abroad or traveling on Sep. 25, the day of the referendum on independence, have expressed complaints regarding the list of the requirements needed to register online to vote. The people of the Kurdistan Region are heading toward a historic day, to decide whether to remain a part of Iraq or secede from the rest of the country as a newly-born independent state. Last week, the Independent High Elections and Referendum Commission (IHERC) in the Kurdistan Region launched the website(www.khec17.net) for Diaspora Kurdistanis to register to vote in the referendum. Registration will be open for seven days, starting from September 1 until September 7. The list of the requirements, however, has concerned many Diaspora Kurdistanis as they are asked to register their ration card number, Iraqi national ID card, Citizenship card, and passport as well as sending in proof for some of the documents.

Australia: ‘Paperless option’ confirmed for same-sex marriage postal plebiscite | SBS

Australians who are based overseas or who cannot get material by post; those who are blind or with low vision or other disability; and those who are aged care residents may be given the option to vote via the paperless method, but this is in limited circumstances. Voters who are eligible will be able to request a secure access code which will then allow them to indicate their response to the plebiscite. The Australian Bureau of Statistics (ABS) said: “Whilst it is expected that nearly all eligible people in Australia will be able to participate using the postal service, the ABS will implement a number of strategies to ensure all eligible Australians have the opportunity to respond to the survey.”

Australia: The Electoral Commission is building an app for enrollment, polling info | iTnews

The Australian Electoral Commission is hoping that when it next comes time to vote, citizens will have no difficulty finding a polling station or working out exactly how long they will be waiting. The agency is preparing to develop two mobile applications – one for public usage and the other for its election workforce – to provide better access to its services and information. The public app will allow citizens to check their enrolment status and details of federal, state or local electoral divisions, and use GPS to identify the closest polling station and wait time. … The agency makes no mention of the use of the app for electronic voting, and it remains unlikely that this will change in the short term, as the agency wrestles with aging IT systems that need immediate rectification. 

Estonia: Internet Voting System to Get New Hacking Defenses | Bloomberg

Estonia, the only country in the world where voters elect their leaders through online balloting, is taking steps to fend off potential hacking attacks as cyber-security fears intensify. A software overhaul for the system, introduced in 2005, is ready for testing before local elections in October, according to Tarvi Martens, the National Electoral Committee’s head of e-voting. The upgrade includes anti-tampering features known as end-to-end verifiability that addresses security concerns from groups such as the Organization for Security and Cooperation in Europe, he said. “End-to-end verifiability is the ‘Holy Grail’ for electronic voting,” Martens said this month in a phone interview. “When we talk about international criticism, the new software now addresses it.”

Editorials: A startling reality: Hacking democracy easier than you think | David Shipley/CBC

It’s hard to imagine that people thousands of miles away are able to sit at a computer and change the course of an election. But as we’ve seen in the United States, that’s not just a troubling concept, it’s a startling reality that has profound implications for voters, politicians, political parties and the media. When it comes to Canada, most experts agree it’s not a matter of if or even when (we experienced some limited interference in 2015), but of how badly nation-states, organized crime, activists and thrill seekers will want to sow chaos, confusion and manipulation.

Canada: Online voting still too risky, cybersecurity expert says | The Record

Online voting is not a secure way for electors to choose a new government, says the chief technology officer of a Cambridge-based cybersecurity firm eSentire. “As a technologist and someone who is very concerned about the integrity of our elections, I would not be a fan or supportive of any electronic voting system,” said Mark McArdle. Online voting is expected to be used by 150 to 200 Ontario municipalities in the next round of municipal elections in October 2018. One of those cities will be Cambridge, which allowed online voting and telephone voting for a two-week advance voting period in 2014. In the next election in 2018, Cambridge will expand early voting to three weeks, and allow internet and telephone voting on election day.

Australia: Cloud infrastructure, biometric ID could be used by New South Wales’s iVote system | Computerworld

The New South Wales Electoral Commission (NSWEC) is eyeing potential changes to its iVote platform ahead of the NSW’s 2019 election. iVote offers both browser-based Internet voting and telephone voting. It was used in the 2011 and 2015 NSW state elections, and as well as in the 2017 Western Australia election and a number of by-elections. … In 2015, cyber security researchers uncovered a vulnerability in iVote that could potentially be exploited to stage man-in-the-middle attacks to subvert votes. “We found a serious security hole that exposed the browsing session both to an attack called the FREAK attack and another attack called the Logjam attack,” one of the researchers, Dr Vanessa Teague from the University of Melbourne, last year told the hearing of a NSW parliamentary inquiry.

Editorials: Congress should require paper voter ballots, electronic cybersecurity | Bruce Fein/Washington Times

Something is rotten in the state of our electronic voting practices. They are recklessly wandering towards online voting despite their high vulnerable to hacking and manipulation by cyberspace clowns, partisans, enemies, or all three. Congress should invoke its power under Article I, section 4 of the Constitution to require in federal elections use of paper ballots or electronic voting machines that produce voter-verified paper ballots. Congress should encourage States to do likewise for state elections through a federal grant-in-aid program. Firewalls should also be required between internet and voter registration, vote-tabulating machines, ballot delivery, and election management systems. Before certification of final election results, a random sample of electronic voting system totals should be compared with hand counts of the votes on the corresponding paper ballots to detect hacking or error. Elections are too important to be left to amateurs or to luck, which Congress seems not to understand.

Editorials: The Russians will be back: America’s election infrastructure is a sitting duck for foreign adversaries | Joe Mohen/Salon

Russia’s apparent attempt to interfere with the 2016 presidential election continues to make news. Some reports have suggested that voting systems were attacked — by unknown parties and in various ways — in at least 39 states. These attacks make it increasingly obvious just how vulnerable American voting systems are. This is not the first time our voting systems have been tested. After the 2000 presidential election, voting systems were updated to prevent simple counting errors. The margin of victory in Florida in the infamous 2000 presidential election was a mere 537 votes, less than the margin of error of the voting procedures then in use. We will never know who would have become president had the systems used at that time been more accurate. Less well known is that earlier that same year Al Gore won the first (and only) significant U.S. election ever run over the internet — the Arizona Democratic primary. My company at that time had been contracted to run that primary, and we assumed that every hacker in the world would be trying to sabotage that statewide election.