National: Online voting is a security nightmare, say experts | Fast Company

Online banking, ecommerce, e-filing taxes. Moving print documents and in-person services online–even those full of sensitive information–has been an inexorable trend for decades. And voting has moved in that direction too, in 32 U.S. states and several countries, starting in those simpler times of the 1990s and early 2000s. That was a giant security blunder, according to a new report from tech and election experts that urges a return to good old paper ballots. “This is a position consistently that computer scientists have been saying for a decade, and computer scientists are the ones who you think would be the most favorable to the idea [of online voting] because, we invent the things.” So says Jeremy Epstein, vice chair of the U.S. Technology Policy Council at the ACM, billed as the largest association of computing experts.

National: Election security groups warn of cyber vulnerabilities for emailed ballots | The Hill

Election security groups are sounding the alarm about emailed ballots ahead of the November midterm elections, warning in a new report that PDF and JPEG ballot attachments sent to election officials could be exploited by hackers. The organizations, including watchdog group Common Cause, issued a report Wednesday that found election workers who receive emailed ballots are at risk of clicking on unsafe attachments, sent from unknown sources, that could contain malware. “In jurisdictions that receive ballots by PDF or JPEG attachment, election workers must routinely click on documents from unknown sources to process emailed or faxed ballots, exposing the computer receiving the ballots — and any other devices on the same network — to a host of cyberattacks that could be launched from a false ballot laden with malicious software,” the report says. “An infected false ballot would enter the server like any other ballot, but once opened, it would download malware that could give attackers backdoor access to the elections office’s network.”

National: Can Elections Be Hacked? Online Voting Threatens 32 States, Report Says | Newsweek

Voters cast a minimum of 100,000 ballots using insecure internet methods in the 2016 election, highlighting an overlooked threat to election integrity, according to a report released Wednesday. Thirty-two states permit some voters—primarily overseas military personnel—to return ballots by email, fax or internet, according to “Email and Internet Voting: The Overlooked Threat to Election Security,” a report produced by the Association for Computing Machinery, Common Cause, the National Election Defense Coalition and R Street. “There are two concerns with email voting,” in which ballots and voter identification information are typically attached as a PDF or JPEG. “One—the ballots can be intercepted and undetectably altered or deleted. This hack was performed at DEF CON in August. And it’s something academics have long known,” Susannah Goodman, one of the authors of the report, told Newsweek. “Second—emailed ballots can be easily spoofed in a spear phishing attack designed to put malware on a county election official’s computer.”

National: Voting Experts: Why the Heck Are People Still Voting Online? | Nextgov

The government’s all-hands effort to secure election systems after a Russian assault on the 2016 contest missed one glaring vulnerability: online ballots, according to a Wednesday report by voting security experts. Online voting is not common in the U.S., but Americans cast at least 100,000 online ballots in the 2016 election, according to the authors’ tally. Many of those ballots were cast by military members overseas taking advantage of state laws that allow them to return ballots by email or digital fax. In total, 32 states allow some subset of residents to return ballots by email, fax or through an internet portal, and Alaska and Hawaii offer electronic ballot return for all voters, according to the report from security experts at the Association for Computing Machinery US Technology Policy Committee, Common Cause Education Fund, the National Election Defense Coalition and the R Street Institute.

West Virginia: Critics call for halt of West Virginia program to vote by app | McClatchy

Four advocacy groups for elections and cybersecurity called Wednesday for the halt of a pilot project in West Virginia that allows military personnel posted overseas and other U.S. citizens living abroad to cast ballots for the 2018 midtersm using a smartphone app. “Military voters … deserve any help the government can give them to participate in democracy equally with all other citizens. However, in this threat environment, online voting endangers the very democracy the U.S. military is charged with protecting,” the groups said. Proponents argued that with voter turnout so low, technology like the app is worth the risk. The report was issued by the New York-based National Election Defense Coalition, the nonpartisan watchdog group Common Cause, the center-right think tank R Street Institute, and the Technology Policy Committee of the Association for Computing Machinery, a group that says it provides neutral input on issues involving computing technology.

Verified Voting in the News: State moves forward with first mobile voting app, despite fears from security experts | TechRepublic

During the 2018 midterms, deployed military personnel from West Virginia will be the first in the nation to vote in a federal election on their smartphones using a blockchain-based app—despite numerous concerns from cybersecurity experts. Concern over voting security in the midterm elections is rising, after the Department of Homeland Security detected Russian hackers targeting voter registration databases in at least 21 states in 2016. While most of the systems were not breached, and there is no evidence that Russian agents were able to manipulate voter data or election results, it’s likely that the cybercriminals were scanning them for vulnerabilities to potentially exploit in the future, the department said. … Cybersecurity experts are less confident in the safety and viability of a system like Voatz. “This is the last thing that people need to be thinking about when it comes to voting right now,” said Joseph Lorenzo Hall, chief technologist at the nonpartisan Center for Democracy and Technology. “There are so many more boring pieces of low-hanging fruit, like two-factor authentication, password management, and defending against phishing attacks. But that’s unfortunately not as exciting to most people as the blockchain voting stuff.”

New Zealand: Councils warned electronic voting will not be secure | Stuff.co.nz

Plans to allow online voting in next year’s councils elections have run into a wall of opposition from technology experts, who say internet voting can’t be secure. Local Government New Zealand will issue a tender for an online system that would be used in nine council elections, including in Auckland, Hamilton and Wellington, alongside postal voting. The decision to shop for an online voting system comes amid growing international concern about election interference by foreign powers in the wake of the United States 2016 presidential election and Britain’s Brexit vote. …  James Valentine, chief technology officer of Wellington IT company Fronde, was among dozens of technologists who took to social media to oppose the local government plan, tweeting there were “lots of concerns” including security and ballot secrecy.

Malaysia: Dump e-voting for manual system, urges Pahang PKR chief | New Straits Times

A manual voting system would be better for the PKR elections this time around, as the e-voting system which had been used in the abortive polling in Penang and Kedah appeared to have many weaknesses. State PKR chairman Datuk Fauzi Abdul Rahman said this was his personal opinion on the matter, adding that the e-voting system was perhaps better used for the future. He said it was brave of PKR to introduce the e-voting system, but it now appeared to not be so appropriate due to several obstacles, such as the slow Internet speeds in some areas.

Verified Voting in the News: Blockchain-enabled voting has started in West Virginia | StateScoop

est Virginia residents living overseas have started casting their ballots this November’s elections using a mobile app that runs on blockchain encryption, state officials announced Monday. The votes that have come in so far are the first general-election ballots in the state’s experiment with a new form of voting technology that has drawn scrutiny from election-security analysts. Overseas voters started using the app for the November elections starting last Friday. … But the prospect of casting votes with a mobile app has been roundly criticized by people who study election technology. Marian Schneider, the president of Verified Voting, told StateScoop last month that ballots submitted over the internet face the same threats as other online transactions. “All the problems with internet voting are present in the app West Virginia is using,” she said.

New Zealand: Plans for online voting at local govt elections ‘dangerous’ | Radio New Zealand

An Australian IT expert says New Zealand would be crazy to adopt online voting for local government elections and would be opening itself up to widespread electoral fraud. Nine councils including Auckland, Wellington, Hamilton and Tauranga want to use it at next year’s elections, despite there being few examples overseas of where it is being used successfully or safely. Online voting was first used at government elections in Estonia in 2005. Its take up by the rest of the world since then has been limited at best, in large part due to vulnerabilities in its systems that allowed hackers to cast fake votes and rig elections. Australian IT expert Vanessa Teague alerted authorities to faults in the 2015 New South Wales state elections, where a quarter of a million voted online. There were plenty of hackers worldwide happy to take money from a vested interest looking to manipulate an election in their favour, she said.

Pakistan: I-voting drive draws tepid response from overseas Pakistanis | Dawn

The campaign to register overseas Pakistanis for internet-voting in the upcoming by-polls evoked a lukewarm response, with only 7,419 expatriates out of the total 632,000 registering to avail the facility offered to them for the first time in the country’s electoral history. The process of registration of overseas Pakistanis from the 37 constituencies where by-elections are to be held on Oct 14 had started on Sept 1 and came to a close on Monday at 9am. According to a statement released by the Election Commission of Pakistan (ECP), the website for the overseas voters remained functional 24/7 throughout the registration process and did not face any technical problems.

Pakistan: Overseas Pakistanis pay no heed to the call for I-Voting | Dunya News

A lack of interest of Pakistanis living aboard flagrantly evident as deadline for registration of Internet voting has been ended today. Out of above five hundred thousand Pakistanis residing overseas, only seven thousand and four hundred registered themselves for internet voting which is not an encouraging trend for the present PTI led government which worked hard to give the expats the right to vote. Five hundred and twenty thousand overseas Pakistanis showed an unexpected and strange attitude towards the lack of interest in the electoral and political system of Pakistan. Only seven thousand and four hundred Pakistanis living and settled in foreign countries – being registered to the internet voting for the by elections scheduled to be held in October 2018 – can take part in the voting process now. According to the election commission sources, two hundred thousand individuals have visited the internet voting website.

Pakistan: I-voting gets lukewarm response | The Nation

As the deadline extended by the Election Commission of Pakistan for overseas Pakistanis to register as voters for I-voting in the upcoming by-election scheduled for October 14 expires today (Monday), only 6,319 expatriates have registered as voters in 37 constituencies. A day earlier, the ECP extended the deadline for registration of overseas Pakistanis till 9 am on Monday to register as many voters as possible. The commission had asked the overseas Pakistanis to take advantage of the extended time and ensure their registration so that they could vote in the upcoming by-election.

Switzerland: Opponents of e-voting suffer setback in parliament | Expatica Switzerland

Parliament has thrown out attempts to stall the permanent introduction of electronic voting – a decision welcomed by the Organisation of the Swiss Abroad (OSA). Two proposals by representatives of right and leftwing parties cited data security concerns, including cyberattacks, and were aimed at effectively blocking plans by the government to conclude more than 15 years of trials and enshrine e-voting in law as a third option – besides going to the polls and the postal vote. The House of Representatives earlier this week rejected the proposals by parliamentarians of the Swiss People’s Party and the Greens, thereby refusing to draft a bill for discussion.

National: Report: Blockchain tech is not ready to be used for voting | CryptoNewsReview

Blockchain technology is unsuitable for use in voting systems until they are verified as secure, a scientific report has warned. The study, from the US National Academies of Sciences, Engineering, and Medicine, concludes that internet-based voting systems are not ready for current use, although they “may seem promising” for use in the future. “Insecure internet voting is possible now, but the risks currently associated with internet voting are more significant than the benefits,” the report reads. “Secure internet voting will likely not be feasible in the near future.

Pakistan: Overseas Pakistanis showing little interest in I-voting | The News

The overseas Pakistanis have so far shown little interest in getting themselves registered for first-ever I-voting in the upcoming by-election in 37 constituencies and so far just 6,000 have got themselves registered for their voting right. Sources in the Election Commission of Pakistan (ECP) said there are estimated 0.520 million expats, who could exercise their voting right with regard to these constituencies. But hitherto, just 3,000 qualified for this and were ready to vote in by-election. “These qualified persons will be using their respective passwords to take part in voting,” they explained.

National: Online-only voting? Don’t do it, experts say in report on election security | GeekWire

Chastened by Russian interference and hacking attempts in the 2016 election, academic experts on voting technology say electronic voting machines that don’t leave a paper trail should be phased out as soon as possible. “Every effort should be made to use human-readable paper ballots in the 2018 federal election,” the experts write in a report issued today by the National Academies of Science, Engineering and Medicine. “All local, state and federal elections should be conducted using human-readable paper ballots by the 2020 presidential election.” That’s already the case for Washington, Oregon and Colorado, where mail-only voting has become the norm. (The report notes that “vote-by-mail” is something of a misnomer, since most ballots are still returned by hand. “Ballot delivery by mail” comes closer to the mark.)

Pakistan: Internet voting being pushed to rig polls, says Raza Rabbani | Dawn

Former Senate chairman Raza Rabbani has alleged that the internet-voting system is being introduced in the country to rig and manipulate elections. “The i-voting system being put into place is flawed from its inception and has the ingredients of becoming a tool in the hands of forces that may want to manipulate elections in Pakistan,” warned the Pakistan Peoples Party (PPP) leader. Talking to Dawn here on Wednesday, Mr Rabbani called for a thorough discussion on the issue in parliament before introducing the system. The former senator recalled that the task force set up by the Election Commission of Pakistan (ECP) itself had already expressed reservations over the move to allow overseas Pakistanis to use their right of vote through internet.

Japan: Tsukuba first in Japan to deploy online voting system | The Japan Times

A new online voting system based on the My Number identification system and blockchain technology has been introduced in Tsukuba, Ibaraki Prefecture. Tsukuba, well known as a center for scientific research, is the first in the country to start using such a voting system, according to the city. The system allows voters to cast ballots via a computer display after placing the My Number card on a card reader. Blockchain technology is used to prevent the voting data from being falsified or read.

United Kingdom: Government rejects online voting for disabled voters amid electoral fraud fears | Sky News

The government has rejected calls to provide online voting access to disabled voters, claiming it increases the risk of electoral fraud. E-voting could make elections more accessible for disabled voters, campaigners have argued, and requests to trial online voting were submitted to a recent government report. “There may be potential benefits for some groups in using e-voting but there are significant concerns about the security of online voting,” said the government in response to those submissions. The “increased risk of electoral fraud” alongside “providing unproven systems to people who are already vulnerable […] would not be helpful,” the government explained. It was argued that online voting would help people with sight loss, where audio support and other forms of assistive technology such as screen-readers are available via their computers.

West Virginia: Mobile Blockchain Ballot Trial Raises Voting Security Questions | Security Intelligence

Smartphone voting will get a trial run during November’s U.S. elections. As part of a new pilot program, West Virginia has partnered with Voatz, a Boston-based technology startup, to allow some members of the military stationed overseas to cast ballots with devices connected to a blockchain-enabled vote recording system. Security experts have had mixed reactions to the plan, with some saying blockchain technologies aren’t yet ready for important tasks such as voting security. But defenders say the pilot program will allow veterans stationed in remote locations to make their voices heard during the midterm elections — as long as proper security measures are put in place. Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, a digital rights group, believes smartphone voting is too unproven to use during this year’s elections. “I don’t know why everyone’s solution to things lately is ‘rub some blockchain on it,’” he said. “Blockchain voting methods typically mean you are doing internet voting — which is a horrifically bad idea — and committing encrypted ballots to the blockchain.”

Pakistan: Election Commission apprehensive of I-voting for expats | The Nation

As the process of by-elections on vacant seats of National and Provincial Assemblies will start from Tuesday (tomorrow), the Election Commission of Pakistan remains jittery over use of internet voting (I-voting) for overseas Pakistanis because of technical complications. The ECP spokesperson said that I-voting facility would be extended to overseas Pakistanis in coming by-elections in compliance with the Supreme Court orders. The spokesperson said that the court had ordered the ECP to go for I-voting in the coming by-elections, even though the ECP had planned a pilot project that would not impact the actual poll results.

West Virginia: Technology experts have concerns about West Virginia’s mobile voting | WV News

West Virginia voters who will be overseas during the November general election might qualify to use a new mobile app to cast their vote more easily than traditional absentee ballots. Several computer and technology experts have questioned whether the system will be secure enough during the first federal election after the 2016 Russian hacking. Officials with the Secretary of State’s office say the app is a calculated risk to allow more people to vote. … The mobile app, run by a company called Voatz, uses blockchain technology. That it a distributed ledger technology used to record transactions across many computers so that the record cannot be altered after the fact. The mobile app voting was tested earlier this year in the primary election, and Kersey said its still in a pilot phase.

National: Are Blockchains the Answer for Secure Elections? Probably Not | Scientific American

With the U.S. heading into a pivotal midterm election, little progress has been made on ensuring the integrity of voting systems—a concern that retook the spotlight when the 2016 presidential election ushered Donald Trump into the White House amid allegations of foreign interference. A raft of start-ups has been hawking what they see as a revolutionary solution: repurposing blockchains, best known as the digital transaction ledgers for cryptocurrencies like Bitcoin, to record votes. Backers say these internet-based systems would increase voter access to elections while improving tamper-resistance and public auditability. But experts in both cybersecurity and voting see blockchains as needlessly complicated, and no more secure than other online ballots. Existing voting systems do leave plenty of room for suspicion: Voter impersonation is theoretically possible (although investigations have repeatedly found negligible rates for this in the U.S.); mail-in votes can be altered or stolen; election officials might count inaccurately; and nearly every electronic voting machine has proved hackable. Not surprisingly, a Gallup poll published prior to the 2016 election found a third of Americans doubted votes would be tallied properly.

West Virginia: Smartphone voting brings new security concerns | The Daily Swig

Election turnouts around the world are often dismally poor; meanwhile, consumers are wedded to their smartphones and using them for new applications all the time. One obvious solution is to allow people to vote by phone. Two years ago, indeed, a Consumer Reports survey revealed that a third of Americans reckoned they’d be more likely to vote if they could do it on their phone. And now, following a pilot involving military voters earlier this year, West Virginia is planning to allow voters living overseas to cast their ballot via smartphone in the upcoming mid-term elections. The plan is to use a blockchain-based system from the company Voatz.

Editorials: Pakistan: The vulnerable e-vote | The Express Tribune

Around six million Pakistani citizens are residents of other countries and many of them are eligible to vote. With e-voting being trialled around the world the National Database and Registration Authority (NADRA) was tasked with finding an internet solution to their voting needs. It did so and duly submitted a proposal to the Election Commission of Pakistan (ECP) which set up a task force to investigate the proposal and its viability — and it now stands rejected. The Internet Voting Task Force (IVTF) conducted a technical audit of the proposed i-Vote and found there were flaws, specifically risks to the transparent conduct of voting.

Pakistan: Internet Voting Task Force: Foreign spy agencies may disrupt internet voting | The Nation

The Internet Voting Task Force (IVTF) on Overseas Pakistanis’ Voting Rights has said that internet voting was likely to be attacked by foreign governments and intelligence agencies. In a report, the IVTF said the applications such as internet banking and e-commerce were typically targeted by insiders, hackers or in organised gangs, whereas an internet voting system used in binding political election results was far more likely to be attacked by foreign governments and intelligence agencies. It stated that foreign government agencies posed an entirely different class of threat as compared to standard hackers adding these organizations typically had unsurpassed resources and capabilities at their disposal. “We have the example of Skynet, a US NSA operation, specifically deployed in Pakistan.

National: Researchers show how to alter emailed ballots in use in 30 states | McClatchy

Top computer researchers gave a startling presentation recently about how to intercept and switch votes on emailed ballots, but officials in the 30 or so states said the ease with which votes could be changed wouldn’t alter their plans to continue offering electronic voting in some fashion. Two states — Washington and Alaska — have ended their statewide online voting systems. The developments, amid mounting fears that Russians or others will try to hack the 2018 midterm elections, could heighten pressure on officials on other U.S. states to reconsider their commitment to online voting despite repeated admonitions from cybersecurity experts. But a McClatchy survey of election officials in a number of states that permit military and overseas voters to send in ballots by email or fax — including Alabama, Kansas, Missouri, North Carolina, South Carolina and Texas — produced no immediate signs that any will budge on the issue. Some chief election officers are handcuffed from making changes, even in the name of security, by state laws permitting email and fax voting. … Researchers at the DefCon convention were sharply critical of any sort of electronic voting, including voting by smartphone, which will occur for the first time in November. West Virginia announced last week that it will allow military personnel posted overseas and registered to vote in West Virginia to vote via smartphone in the Nov. 6 election, using an app created by Voatz, a Boston-based startup.

Pakistan: Election Commission’s task force highlights flaws in proposed e-voting mechanism for overseas Pakistanis | Dawn

A task force set up by the Election Commission of Pakistan on the directives of the Supreme Court (SC), to test the viability of implementing an online voting mechanism for overseas citizens, has recommended against implementing the e-voting system, DawnNews TV reported. The Internet Voting Task Force (IVTF) was formed by the Election Commission of Pakistan (ECP) in April on the SC’s orders, to conduct a technical audit of the Internet voting solution process that was proposed by National Database and Registration Authority (Nadra). In a report submitted before the top court on Tuesday, the IVTF said that while overseas Pakistanis have the right to vote in the elections, the e-voting platform that Nadra had proposed to use for the purpose, iVote, has drawbacks that pose risks to the conduct of transparent voting.

Verified Voting in the News: Voting by Smartphone: Quick and Easy, Just Not Very Secure | Der Spiegel

A small number of Americans will be able to vote in the midterm elections this November by taking a selfie-style video and downloading an app. West Virginia is the first and only state to test out Voatz, a voting app for smartphones. The experiment, which is largely directed at military personnel serving overseas, will allow the soldiers to cast their votes digitally as an alternative to cumbersome absentee ballots. … Ultimately, no one can say with certainty whether Voatz’s app is secure. Nimit Sawhney’s startup launched the software several years ago, and it went on to win a number of awards. But there is very little proof that it is invulnerable.

To start with, the infrastructure that Voatz uses cannot be secured — i.e., the voters’ smartphones and the networks used to transfer the data. Marian K. Schneider, president of the U.S. advocacy group Verified Voting, lobbies to make voting in the digital era transparent and secure. She has profound reservations about smartphone voting: “Even putting aside the authentication and verifiability issues, nothing in these systems prevents malware on smartphones, interception in transit or hacking at the recipient server end.” She also thinks it wouldn’t be too difficult to tamper with the identity authentication process. And even a targeted interruption of the connection could be enough to influence an election.