Iowa: Here’s the Shadow Inc. App That Failed in Iowa Last Night | Jason Koebler and Emanuel Maiberg/VICE

Jonathan Green said that everything was going well until he had to use the IowaReporterApp. “On the ground, it went great,” Green, the chair of the Democractic presidential primary caucuses in Iowa’s Fremont Township and Lone Tree precincts and an IT systems administrator for a financial services firm, said. “I got pissed off four years ago at how my precinct was run, which is why I volunteered to do it this time around,” he said. “We had 113 people and everyone was pleasant. I had to recruit a secretary once we were going—I couldn’t find one ahead of time. Everyone was patient and in good cheer. I know that’s not likely the case today. My girlfriend, especially, is distraught. She has poured her life and soul into this thing, and for naught.” Green, like many other precinct chairs, faced problems reporting the results of the caucus to Iowa’s Democratic Party using the app. Due to a coding error, the app, created by a company called Shadow Inc., wasn’t reporting the correct data, according to the Iowa Democratic Party. The error resulted in the Democrats delaying all public reporting of the results of Monday’s caucuses, and has sown chaos and confusion in a hotly contested and deeply important primary.

Ukraine: Zelensky hopes to hold online voting through smartphone at elections in Ukraine | InterFax

President of Ukraine Volodymyr Zelensky has set a goal to bring all relations between a citizen and the government to a digital dimension, in particular to hold online voting during presidential, parliamentary and local elections. “In general, our goal is to make sure that all relations with the state can be carried out with the help of a regular smartphone and the Internet. In particular, voting. This is our dream and we will make it real at presidential, parliamentary or local elections. It is a challenge. Ambitious yet achievable,” he said during the presentation of the Diia mobile application in Kyiv on Thursday. Zelensky also said that The State in a Smartphone project changes the attitude of the government to a citizen and saves citizens’ time, money and nervous system.

Editorials: The internet and elections don’t mix. So why do we keep trying? | Jack Morse/Mashable

When it comes to conducting secure elections, keeping things old-fashioned is often the best bet. This simple reality can be broken down into two digestible nuggets of security wisdom: The internet and voting don’t mix. And auditable paper trails beat fancy digital recording devices every time. Security experts beat us over the head with these admonitions time and time again. And yet, as yesterday’s Iowa caucus screwup shows, we still have a lot of listening left to do. The Iowa caucuses — trending on Twitter at the time of this writing as the “#IowaCaucusDisaster” — represent a spectacular failure in modern day election reporting. According to numerous reports, a shoddily tested app was employed to relay caucus results to party officials. That app failed to properly function, throwing presidential candidates’ campaigns — and the country — into a brief fit.  Importantly, we should be clear that Iowa caucus-goers did not vote using the app. Rather, the caucus results — which were recorded on paper cards like the one shown above — were, after being tallied, reported to Democratic party officials via the app. Or, at least they were supposed to be. It was in this reporting phase that things took a turn for the terrible, with reports that the app had malfunctioned and perhaps tabulated results incorrectly.

National: Caucus Meltdown Tied to Democrats’ Little-Tested Mobile App | Michaela Ross, Kartikay Mehrotra and Chris Strohm/Bloomberg

The breakdown in reporting results from Iowa’s Democratic caucuses appears tied to failures in a mobile application that wasn’t ready for the load of a statewide election and which the head of the Homeland Security Department said wasn’t subjected to a cybersecurity test by his agency. “This is more of a stress or load issue as well as a reporting issue that we’re seeing in Iowa,” acting Department of Homeland Security Secretary Chad Wolf said in a Fox News interview Tuesday. Wolf said there’s little evidence of hacking of the app, which precinct officials struggled to use on Monday night. He said that his department’s cyber division had offered to test the software for vulnerabilities but was declined.… But the failure spotlights the need for hard-copy backups across election systems, as a handful of states are still using voting machines that don’t produce a paper receipt, according to Marian Schneider, president of the voting advocacy group Verified Voting and former deputy secretary for elections of Pennsylvania. “It’s clear that mobile apps are not ready for prime time, but thankfully Iowa has paper records of their vote totals and will be able to release the results from those records,” Schneider said.

National: Iowa Caucus chaos likely to set back mobile voting | Lucas Mearian/Computerworld

A coding flaw and lack of sufficient testing of an application to record votes in Monday’s Iowa Democratic Presidential Caucus will likely hurt the advancement and uptake of online voting. While there have been hundreds of tests of mobile and online voting platforms in recent years – mostly in small municipal or corporate shareholder and university student elections – online voting technology has yet to be tested for widespread use by the general public in a national election. “This is one of the cases where we narrowly dodged a bullet,” said Jeremy Epstein, vice chair of the Association for Computing Machinery’s US Technology Policy Committee (USTPC). “The Iowa Democratic Party had planned to allow voters to vote in the caucus using their phones; if this sort of meltdown had happened with actual votes, it would have been an actual disaster. In this case, it’s just delayed results and egg on the face of the people who built and purchased the technology.” The vote tallying app used Monday in the Iowa Caucus was created by a small Washington-based vendor called Shadow Inc.; the app was funded in part by a nonprofit progressive digital strategy firm named Acronym. Today, Acronyn strived to make it clear through a tweet it did not supply the technology for the Iowa Caucus, and it is no more than an investor.

Iowa: Caucus debacle shakes public confidence in 2020 security | Joseph Marks/The Washington Post

The biggest security lesson from last night’s Iowa caucuses: It doesn’t take a hack for technology to undermine confidence in an election. The spectacular failure of a mobile app that was supposed to forward caucus results last night — which are still not out, as of this morning — is a striking example of how faulty technology can spark questions about election results and create an opening for misinformation and conspiracy theories. “These kinds of technical issues and operational delays play right into the game plan of malicious actors,” Maurice Turner, an election security expert at the Center for Democracy and Technology, told me. “[They] can leverage these small facts and turn them into viral misinformation messages speculating about hacking or corruption being behind the irregularities.”  The Democratic Party have surged its focus on cybersecurity to combat foreign interference by Russia or other actors that U.S. intelligence officials warn may seek a repeat of 2016. While an Iowa Democratic Party spokeswoman insisted the app “did not go down and this is not a hack or an intrusion,” the technical snags largely achieved the effects officials have long sought to avoid. Even candidates questioned whether the results were tainted: Vice President Joe Biden’s campaign complained about “considerable flaws” in the reporting system and demanded an explanation of the app’s quality controls before any results were released publicly.

Iowa: Democrats Should Have Known Better Than To Use An App | Kaleigh Rogers/FiveThirtyEight

More than 14 hours after the Iowa caucuses began, we still don’t have any official results, and it’s becoming clear that an app is at least partly to blame. An app designed to let caucus leaders report results seems to have had problems including user error, lack of connectivity and an insufficient backup plan, demonstrating exactly why it’s so difficult — and risky — to introduce new technology into elections. “Right now, a lot of the election security community is trying to, as nicely as possible, say ‘We told you so,’” said Maggie MacAlpine, a co-founder of Nordic Innovation Labs, a firm of security consultants whose specialties include safeguarding elections. This year, the Iowa Democratic Party, which runs the state’s Democratic caucuses, introduced a smartphone app that local precinct chairs could use to send in tallies from their caucus sites. Immediately, election security experts raised concerns because the party wouldn’t reveal who built the app, what testing had been done, or who they had consulted to make sure it was secure. The party insisted, however, that thorough security measures had been put in place, and besides, precinct chairs could always fall back on the reporting technology they’ve been using for decades: a phone-in hotline. One problem: Multiple precinct chairs reported hours-long wait times, and even getting cut off, when they tried to use that hotline.

Iowa: DHS chief says offer to vet Iowa caucus app was declined | Maggie Miller/The Hill

Acting Homeland Security Secretary Chad Wolf said Tuesday that an offer to vet the app used by the Iowa Democratic Party to tabulate votes during the Iowa caucuses was turned down. “Our Cybersecurity and Infrastructure Security Agency has offered to test that app from a hacking perspective,” Wolf said during an appearance on Fox News’s “Fox & Friends.” Wolf said the offer was “declined” and noted that “we’re seeing a couple of issues with it.” “I would say right now, we don’t see any malicious cyber activity going on,” he added. The Iowa Democratic Party said Tuesday morning that the app used to tabulate votes as part of the first-in-the-nation caucuses, which CNN confirmed was built by the firm Shadow, had a “coding issue in the reporting system” that slowed down the reporting of vote totals.

Nevada: Democrats won’t use app that caused Iowa caucus fiasco | Adam Edelman/NBC

Nevada’s Democratic Party said Tuesday it will not use the trouble-plagued app that has contributed to ongoing delays in the reporting of results in the Iowa Democratic caucuses. Democrats in Nevada had planned to use the app for their caucus on Feb. 22. The same company developed the app for both states. But the state’s Democratic Party said Tuesday that it had previously created backup plans for its reporting systems and was in the process of “evaluating the best path forward.” “NV Dems can confidently say that what happened in the Iowa caucus last night will not happen in Nevada on February 22nd. We will not be employing the same app or vendor used in the Iowa caucus,” Nevada State Democratic Party Chair William McCurdy II said in a statement.

Nevada: Democrats won’t use app at center of Iowa delays | Chris Mills Rodrigo/The Hill

The Nevada Democratic Party on Tuesday announced that it will not use the election results app that has been blamed for the delay in results from the Iowa caucuses. “NV Dems can confidently say that what happened in the Iowa caucus last night will not happen in Nevada on February 22nd. We will not be employing the same app or vendor used in the Iowa caucus,” Nevada State Democratic Party Chairman William McCurdy said in a statement. “We had already developed a series of backups and redundant reporting systems, and are currently evaluating the best path forward.” The announcement comes after the results of the Iowa caucuses, which began on Monday at 8 p.m. EST, have yet to be released amid confusion over the app used to transmit results, triggering uproar from supporters and political pundits. The slow rollout has lead many to question Iowa’s first-in-the-nation status. Price told campaigns early Tuesday afternoon that presidential campaigns should expect that a “majority” of the caucus results will be released at 5 p.m. EST, a source on the call told The Hill.

West Virginia: Security dangers of online voting don’t deter West Virginia | The Fulcrum

West Virginia is looking to become the first state to allow disabled people to vote using their smartphones. Republican Gov. Jim Justice is expected to sign legislation, which breezed through the GOP-controlled Legislature last month, requiring all counties to provide an online balloting option to anyone who cannot use a regular voting machine because of physical disability. The new law puts West Virginia more firmly on one side of the ease-versus-security divide in the debate over modernizing voting systems. In the wake of hacking attempts by Russian operatives during the 2016 election, almost all the experts on ways to prevent such interference are opposed to online voting of any sort. At the same time, advocates are pushing hard for methods making voting plausible for the one in eight Americans with a disability. In 2018 West Virginia became the first state to create a mobile application for voting, but it was only available to members of the military stationed abroad. It was used by 147 West Virginians with homes in 24 countries to cast their midterm ballots for Congress and state offices.

West Virginia: State plans to make smartphone voting available to disabled people for 2020 election | Kevin Collier/NBC

West Virginia is moving to become the first state to allow people with disabilities to use technology that would allow them to vote with their smartphones in the 2020 election. Gov. Jim Justice, a Republican, plans to sign a bill by early next week that will require all counties to provide some form of online ballot-marking device to every voter with physical disabilities, according to West Virginia Secretary of State Mac Warner. Warner, the state’s chief election official, said that he would most likely provide counties with the smartphone app Voatz or a similar app, making the choice easy for cash-strapped counties. But cybersecurity experts have long railed against apps like Voatz, saying that any kind of online voting unnecessarily increases security risks. “Mobile voting systems completely run counter to the overwhelming consensus of every expert in the field,” said Matt Blaze, a computer scientist at Georgetown University and a seasoned election security researcher. “This is incredibly unwise.”

Philippines: Comelec to test 4 suppliers’ mobile app voting system | Philippine Star

The Commission on Elections (Comelec) is seriously looking into activating a mobile app voting system in the May 2022 elections, with four suppliers ready to showcase their computer program’s capability. Comelec Commissioner Rowena Guanzon, who is pushing for these new modes of casting votes in the national and local elections, over the weekend said it pays to see what new technologies in the market can offer. “Four suppliers of mobile app voting program/system offered to conduct a test run for the Comelec,” Guanzon posted on Twitter. She declined to provide other details on the proposed system, saying it is still premature, but assured the public of transparency when this mobile app enabling Filipinos to vote electronically is tested.

Puerto Rico: Internet Voting Plan Threatens Election Security: ACLU | Shannon Bond/ NPR

Puerto Ricans could be casting their ballots online only in the next eight years, according to a bill that is expected to pass this week. Civil liberties advocates are ringing alarm bells over this plan to shift voting online, warning that the move threatens election security and voting rights. The American Civil Liberties Union and its Puerto Rico chapter urged the island’s governor, Wanda Vázquez, to veto a bill containing the Internet voting plan. “There is no secure way to hold elections online,” they wrote in a letter to the governor on Wednesday. “This measure is misguided, dangerous, and will needlessly expose Puerto Rico’s voting system to hacking and disruption.” The ACLU said “such disruption will only result in greater public mistrust of key democratic institutions.” The online voting plan is part of a bill to reform the U.S. territory’s electoral code. The bill is expected to be approved by the legislature by the end of this week. The measure calls for Puerto Rico’s electoral commission to create an Internet voting program that could overhaul the way all the island’s citizens cast their ballots within eight years.

Washington: Voting by Phone Gets a Big Test, but There Are Concerns | Emily S. Rueb/The New York Times

More than a million registered voters in the Seattle area can now cast a ballot for an obscure election using a smartphone or computer. Organizers are calling the pilot program the largest mobile voting effort in the country. Julie Wise, the director of elections in King County, said the election would be “a key step in moving toward electronic access” for voters across the region, in a statement released on Wednesday from Tusk Philanthropies, the nonprofit partnering with the county’s board of elections. The vote in King County, Wash., which includes Seattle, will fill an open spot on the board of the King Conservation District, an agency that manages natural resources. Beginning this week, eligible voters will be able to use a smartphone or computer to log into a portal created by Democracy Live, a Seattle-based company that receives government funding. “There’s no special app, there’s no electronic storage of votes. Instead a voter’s choice is recorded onto a PDF, which they then verify before submission,” Ms. Wise said in an email on Thursday. Once the ballots are received, the board will follow the same processing protocols that are used for mail-in ballots, she added.

West Virginia: Bill To Allow Internet Voting For West Virginians With Disabilities Passes Legislature | West Virginia Public Broadcasting

The West Virginia House of Delegates has passed a bill that would allow voters with certain disabilities to vote electronically in the upcoming election.  Senate Bill 94 will provide West Virginians with disabilities the same electronic voting ability the West Virginia Secretary of State allowed for overseas military members in 2018. It’s the first bill both chambers of the Legislature have voted on this year. The bill now heads to the governor’s desk for final approval. Donald Kersey, general counsel to the Secretary of State’s office, said Thursday qualifying voters will know within a month what kind of electronic voting methods will be available to them, assuming Gov. Jim Justice signs the bill. He said because Tusk-Montgomery Philanthropies, a mobile voting advocacy group, has offered to pay for the associated equipment, implementing the bill won’t cost anything to the state or the counties responsible for offering and collecting the ballots. The same group covered mobile voting costs in the last election.

Editorials: Resist push for online ballot box | The Seattle Times

The ubiquity of online life comes with devastating vulnerabilities. Even one of the world’s richest men, Jeff Bezos, is reportedly not safe from hackers of electronic devices. Despite this well-established risk, Washington elections officials are moving in disjointed directions about internet security. In Olympia, Secretary of State Kim Wyman wants to bar emailed ballot returns because of potential fraud and network tampering via attachment. In King County, Elections Director Julie Wise is aiding a local public agency’s experiment with online voting. The King County move is a badly flawed approach to broadening elections access. Washington’s elections must — without exception — be kept safe from online tampering. The best way to do this is to keep elections computers entirely off the internet. House Bill 2647 and Senate Bill 6412 are Wyman’s request legislation that would ban returning ballots by email. The proposal would close a vulnerability without meaningfully limiting access for military and overseas voters. Their current extended voting window of 30 or 45 days to download, print and return ballots reasonably allows for international postal delays.

Washington: Secretary of state questions online, mobile voting plan in King County race | David Gutman/The Seattle Times

Washington Secretary of State Kim Wyman expressed concerns Wednesday with newly announced plans to allow voters in one obscure King County election to vote online through mobile devices. The plan, which went into effect Wednesday, allows voters to cast ballots through a touch-screen device in the race for King Conservation District Board of Supervisors. That election, which is held annually for a volunteer position on a board with no regulatory power, has traditionally drawn voter turnout of only about 1%. Because of a quirk in state law, the conservation district has to hold its elections in the first three months of the year, so voting can’t piggyback on the primary or general election ballots in August or November. And, sending out paper ballots to all 1.2 million eligible voters in the district would eat up about a quarter of the small agency’s annual budget. So, they’re trying voting by mobile device, the first election in the country to offer that technology to every eligible voter. “Any time you connect a system online, it becomes vulnerable to attack,” said Wyman, a Republican, who oversees most of the state’s elections, but not those of conservation districts.

National: Amid hacking fears, key caucus states to use app for results | Ryan J. Foley and Christina A. Cassidy/Associated Press

Two of the first three states to vote in the Democratic presidential race will use new mobile apps to gather results from thousands of caucus sites — technology intended to make counting easier but that raises concerns of hacking or glitches. Democratic Party activists in Iowa and Nevada will use programs downloaded to their personal phones to report the results of caucus gatherings to the state headquarters. That data will then be used to announce the unofficial winners. Paper records will later be used to certify the results. The party is moving ahead with the technology amid warnings that foreign hackers could target the 2020 presidential campaign to try to sow chaos and undermine American democracy. Party officials say they are cognizant of the threat and taking numerous security precautions. Any errors, they say, will be easily correctable because of backups.

West Virginia: Mobile absentee voting proposed for people with disabilities | Steven Allen Adams/News and Sentinel

A mobile phone app used by deployed military service members to vote overseas could be the answer for helping people with disabilities and the blind to vote absentee, though concerns were raised Monday about potential hacking. Senate Bill 94 was introduced Jan. 8 by Senate Judiciary Committee Chairman Charles Trump, R-Morgan, at the request of Secretary of State Mac Warner. The bill would provide West Virginians with physical disabilities the ability to vote by an electronic absentee ballot. The bill easily made it through the state Senate eight days later, passing unanimously Jan. 15 as the first bill to cross over from the Senate to the House of Delegates. The House Judiciary Committee took up the bill Monday morning and was still talking about the bill Monday afternoon. The bill was recommended for passage and will be sent to the full House.

Iowa: Caucus results will be compiled over the internet, hacking threat aside | The Fulcrum

The first votes of the presidential election will be tabulated after the Iowa caucuses next month using the sort of internet-connected system that worries election security experts. They say preventing the sort of interference that sullied the 2016 election should be more of a priority than speed in compiling the returns. But the Iowa Democratic Party plans to deploy a smartphone app to officials running the caucuses across the state for use in calculating and transmitting the results the night of Feb. 3. Putting such vote totals into cyberspace makes them readily vulnerable to nefarious hacking. Party leaders say they are aware of the potential problems but believe their system will repel them. If that doesn’t happen, the opening round of the intense contest for the Democratic nomination will be condemned to global ridicule.

National: Internet voting Is happening now and it could destroy our elections | Rachel Goodman and J. Alex Halderman/Slate

Russian hackers will try to disrupt American voting systems during the 2020 election cycle, as they did in 2016. This time, they’ll be joined by hackers from all over the world, including some within the United States. What unites them all is an eagerness to undermine free and fair elections, the most basic mechanism of American democracy. There are some hard questions about what to do about all this, but one piece is surprisingly straightforward: We need to keep voting systems as far away from the internet as possible. There’s a growing and clear consensus on this point. Federal guidelines for new voting machines might soon prohibit voting systems from connecting to the internet and even using Bluetooth. At the same time, though, voter turnout in this country remains abysmal. Allowing people to vote on their phones seems intuitively like it could help, especially for young people who vote at especially low rates. It could also be helpful for some military and overseas voters, as well as some voters with disabilities, who face challenges getting a physical ballot cast, returned, and counted. So why not try it? Well, put mildly, security vulnerabilities introduced by internet voting could destroy elections.

Iowa: Despite Election Security Fears, Iowa Caucuses Will Use New Smartphone App | Kate Payne, Miles Parks/NPR

Iowa’s Democratic Party plans to use a new internet-connected smartphone app to help calculate and transmit results during the state’s caucuses next month, Iowa Public Radio and NPR have confirmed. Party leaders say they decided to opt for that strategy fully aware of three years’ worth of warnings about Russia’s attack on the 2016 election, in which cyberattacks played a central role. Iowa’s complicated caucus process is set to take place Feb. 3 in gymnasiums, churches, rec centers, and other meeting places across the state. As opposed to a primary in which voters cast ballots in the same way they would for a general election, Iowa’s caucuses are social affairs; caucus-goers gather in person and pledge their support for a candidate by physically “standing in their corner” in designated parts of a room.

National: Voting by app is a thing, and it’s spreading, despite the fears of election security experts | Mark Sullivan/Fast Company

In this age of extreme concern—even paranoia—over election security, you might be a little surprised to hear that some voters in parts of the country are voting from home, using an app. So far the vote-by-app option has been reserved for military people serving overseas and elderly people who might have physical difficulty getting to the polls. One state (West Virginia) and a number of cities and counties have already used a voting app called Voatz in elections, mainly small ones. Voatz, a Boston-based startup that’s raised almost $10 million in venture capital, birthed its app at a SXSW hackathon in 2016, and went through the TechStars incubator. Its technology is unique in that it utilizes the biometric security features (such as fingerprint readers and facial recognition cameras) of newer smartphones to verify the voter’s identity. Those security technologies are already used to secure sensitive transactions like sharing financial information and making online purchases. But election security people have raised concerns about internet-connected voting technologies. The Mueller report exposed numerous attempts by foreign hackers to infiltrate U.S. voting systems via the internet during the 2016 election. Since then, states and counties have rushed to disconnect all voting systems–including voting machines, tabulators, and administrative technologies–from the public internet. The Voatz app’s use of the internet is the main reason it’s caught the attention of the election security community.

West Virginia: Judiciary Committee Will Recommend Electronic Absentee Voting Bill For People With Disabilities | Emily Allen/West Virginia Public Broadcasting

Members of the Joint Judiciary Committees voted Monday to recommend a bill to their respective chambers, allowing voters with certain physical disabilities to cast absentee ballots electronically. Currently, West Virginia allows voters with qualifying impairments to cast paper mail-in votes, as long as they’re on a special absentee voting list maintained by the West Virginia Secretary of State’s office. But, according to Jeremiah Underhill, legal director for the group Disability Rights of West Virginia, navigating a piece of paper can be an impediment for someone who has a serious hand or visual impairment. “Voting is a fundamental right that is preserved in the U.S. Constitution,” Underhill told the committee. “Everyone is afforded a legal opportunity to vote.”

Estonia: E-election taskforce report complete, includes 25 improvement proposals | ERR

The e-election taskforce has completed a report which includes 25 proposals for supplementing Estonia’s e-election system, improving its reliability and managing its risks. Minister of Foreign Trade and Information Technology Kaimar Karu said that the report provided a useful overview of the issues surrounding e-elections. “The current e-election system has been in development and use since 2005 already, and, as with any other complex system, it requires continued further development and improvement,” Karu said in a press release on Thursday. The report by the taskforce, which was launched by previous IT minister Kert Kingo (EKRE), will serve as one input in agreeing on further concrete steps in cooperation with other involved ministries and agencies. “The e-election system can definitely be viewed as part of the state’s core infrastructure by now, and its funding and development are an extremely high priority,” he said. “We must continue to be sure that we are using the best technology currently available while also taking into account, to the extent possible, future changes in both cryptography and technology capabilities in general.”

Kentucky: Officials Say Online Voting Not Coming Soon | Jacob Mulliken/Government Technology

The discussion about a digitized polling system has election officials and experts throughout the nation stepping up to avoid a potentially crippling move for the American electoral system, said Kentucky Secretary of State-elect Michael Adams. “I think concerns, especially surrounding hacking, are well-founded right now,” he said. “People want to confirm that their vote can’t be hacked and that the machine tallies the votes offline and that they are collected and processed, offline. The most secure elections are cast in person because there are checks and balances requiring some sort of identification and oversight. When you see fraud, and we have it, it most often happens outside of the purview of election officials. “An online method system out west may work where there is less history of election fraud, but not in places like Kentucky where fraud is still endemic. Internet voting in Kentucky is not anywhere near ready for primetime.”

Australia: Flaws found in New South Wales iVote system yet again | Stilgherrian/ZDNet

The “Days since last vulnerability found” indicator for the iVote system used in New South Wales’ elections was reset to zero on Wednesday thanks to a new research note from University of Melbourne cryptographer Dr Vanessa Teague. Or rather, the software vendor was notified 45 days earlier to keep with the terms of the source code access agreement while the rest of us found out today. iVote was purchased from Scytl Australia, a subsidiary of Barcelona-based election technology vendor Scytl Secure Electronic Voting, and is based on the system used by SwissPost. In March this year, Teague and her colleagues Sarah Jamie Lewis and Olivier Pereira found a flaw in the proof used by SwissPost system to prevent electoral fraud. Later that month, they detailed a second flaw that could be exploited to result in a tampered election outcome. NSWEC claimed it was safe from the second flaw, and had patched the first. In July, NSWEC ordered Scytl to release parts of the source code in a bid to prove it contained no further vulnerabilities. Vulnerabilities have now been found. “I examined the decryption proof and, surprise, it can easily be faked while passing verification,” Teague tweeted on Wednesday morning. “This exposes NSW elections to undetectable electoral fraud by trusted insiders & suppliers, people who guessed the passwords of the trusted insiders, people who successfully phished the trusted insiders, etc.” Teague’s analysis is detailed in the 8-page Faking an iVote decryption proof [PDF]

National: Voatz smartphone voting app needs security review, senator says | Ben Popken/NBC

A smartphone voting app that has been tested in local elections around the United States should undergo a cybersecurity review, Sen. Ron Wyden, D-Ore., said Friday. In a letter sent to Defense Secretary Mark Esper, Wyden requested the review of the Voatz voting app, which has been used in elections in Colorado, Oregon and Utah as a way to make it easier for military and overseas voters to cast their ballots. According to the developer, the app combines “mobile voting” and blockchain technology to create a secure way for people to vote without having to visit a voting booth. But Wyden wrote that he is “very concerned about the significant security risks associated with voting over the internet.” He cited the National Academy of Sciences, which recommended in 2018 that no internet voting be used until much stricter security measures can be put into place. “No known technology guarantees the secrecy, security and verifiability of a marked ballot transmitted over the Internet,” the academy authors wrote. Wyden also wrote that Voatz has said it has conducted independent audits but hasn’t published the results or identified the auditors. The FBI is currently investigating an attempt to hack the Voatz app.

National: I study blockchain. It’s not ready to use in our elections | Nir Kshetri/Fast Company

A developing technology called blockchain has gotten attention from election officials, startups, and even Democratic presidential candidate Andrew Yang as a potential way to boost voter turnout and public trust in election results. I study blockchain technology and its potential use in fighting fraud, strengthening cybersecurity, and securing voting. I see promising signs that blockchain-based voting could make it more convenient for people to vote, thereby boosting voter turnout. And blockchain systems can be effective at strengthening the security of devices, networks, and critical systems such as electricity grids, as well as protecting personal privacy. The few small-scale tests run so far have identified problems and vulnerabilities in the digital systems and government administrative procedures that must be resolved before blockchain-based voting can be considered safe and trustworthy. Therefore I don’t see clear evidence that it can prevent, or even detect, election fraud.