National: Will the US elections be hacked? It’s doubtful, but machines could be ‘rigged’ | The Guardian

It’s been a topic of debate ever since hackers – presumably working for Russia – stole thousands of private emails from the Democratic National Committee and leaked them on the net. Could a nation state or other adversary hack our elections and determine the next president of the United States? The answer depends on how they try to go about it, says Avi Rubin, computer science professor at Johns Hopkins University and technical director of the university’s Information Security Institute. Election hacking is highly unlikely, he says. Attackers reaching into the ballot box from thousands of miles away won’t happen, simply because the vast majority of election machines are not connected to the internet. Some 31 states offer voting via internet, email, or fax, but nearly all only allow it as an option for military families and Americans living overseas – a very small percentage of the electorate. Only Alaska allows any voter to cast a ballot across the net, according to Verified Voting. But election rigging is a potential threat, says Rubin. That’s where adversaries attack the electronic voting machines themselves, altering the software inside the machines to favor one candidate. “There are a thousand points of vulnerability,” says Rubin. “Anyone with access to the machines at any stage could attack them.”

Utah: Online Caucus Gives Security Experts Heart Attacks | Wired

Security researchers pretty much uniformly agree that letting people vote online is a very bad idea, one that is fraught with risks and vulnerabilities that could have unknowable consequences for the future of democracy. This week, the Utah GOP is going to give it a whirl anyway. On Tuesday, registered Republicans in Utah who want to participate in their state’s caucus will have the option to either head to a polling station and cast a vote in person or log onto a new website and choose their candidate online. To make this happen, the Utah GOP paid more than $80,000 to the London-based company Smartmatic, which manages electronic voting systems and internet voting systems in 25 countries and will run the Utah GOP caucus system. Smartmatic’s system allows people to register to vote online. Then they receive a unique PIN code to their mobile phones or emails, which they use to vote on election day. Once the vote has been cast, the system generates a unique code, which voters can use to look themselves up on a public-facing bulletin board. Each code will match up to the name of a candidate, so people can check that their votes have been properly recorded. As of Monday morning, 59,000 Utah Republicans had registered to vote online. The new online process was spearheaded by Utah GOP chairman James Evans, who was looking for ways to make the caucus process more convenient and accessible for voters. That stands to reason, given the fact that voter participation in Utah has been in decline in recent years. Evans says he was aware of the potential security risks, but in a call with WIRED last week, he dismissed many of these oft-cited vulnerabilities as “far-fetched” and said that as a private political party, the Utah GOP isn’t held to the same security standards as the government. “We are a private political organization, so we can choose the acceptable level of risk that we choose,” he said, “and we will not be compared to a government-run election.” That idea alone should give anyone who cares about the integrity of this country’s elections pause. Just because a political party accepts a certain level of risk when it comes to online voting, should we?

Utah: Republicans Open Caucuses to Online Voters | Wall Street Journal

In what is expected to be one of the biggest online votes conducted so far in the U.S., Utah residents will have the option of casting ballots in the Republican presidential contest using computers, tablets and smartphones next week. In-person caucuses and absentee voting also will remain options for GOP voters in the March 22 contest. Democrats aren’t offering an online option. It is the largest experiment with online presidential voting since 2004, when Michigan allowed Democrats to vote in a party caucus via the Internet. Estonia has had online voting in national elections since 2005, while Norway, France, Canada and Australia have experimented with it. … Although trials, pilots and experiments in online voting have been conducted over the past 20 years, it has been slow to be adopted—in part over security concerns about election integrity. “It’s the internet. It was not built for security when it was built. It was built for open communications,” said Pamela Smith, president of the nonpartisan nonprofit Verified Voting, which advocates for secure, verifiable elections and voting standards.

National: When Will We Be Able to Vote Online? | Scientific American

Sooner or later everything seems to go online. Newspapers. TV. Radio. Shopping. Banking. Dating. But it’s much harder to drag voting out of the paper era. In the 2012 presidential election, more than half of Americans who voted cast paper ballots—0 percent voted with their smartphones. Why isn’t Internet voting here yet? Imagine the advantages! … It’s all about security, of course. Currently Internet voting is “a nonstarter,” according to Aviel D. Rubin, technical director of Johns Hopkins University’s Information Security Institute and author of the 2006 book Brave New Ballot. “You can’t control the security of the platform,” he told me. The app you’re using, the operating system on your phone, the servers your data will cross en route to their destination—there are just too many openings for hacker interference. “But wait,” you’re entitled to object, “banks, online stores and stock markets operate electronically. Why should something as simple as recording votes be so much more difficult?” Voting is much trickier for a couple of reasons. Whereas monetary transactions are based on a firm understanding of your identity, a vote is supposed to be anonymous. In case of bank trouble, investigators can trace a credit-card purchase back to you, but how can they track an anonymous vote? And credit-card and bank fraud goes on constantly. It’s just a cost of doing business. But the outcome of an election is too important; we can’t simply ignore a bunch of lost or altered votes.

Editorials: The Challenges of Digital Voting | David Pogue/Scientific American

In researching my Scientific American column about the dismal prospects for online voting, I interviewed Avi Rubin, Professor of Computer Science at Johns Hopkins University, technical director of Johns Hopkins’s Information Security Institute, and author of Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting. He’s been deeply immersed in the research surrounding electronic voting for decades. Since I have more room on the Web than I do on the printed page, I would like to share more of our conversation here.

David Pogue: Are there any steps that would make you, a security researcher, comfortable with electronic voting?

Avi Rubin: In principle, I think that paper ballots are far superior to electronic voting machines. Even if the machines are high quality (and none of the current ones on the market have proven to be that), the inability to manually recount, to audit, and to prevent rigging and the potential for widespread, wholesale fraud are deal breakers for purely electronic voting. Paper ballots are not a panacea, but without them there is an opportunity for fraud that is much more widespread.

National: Privacy advocates sue Pentagon over Internet voting test results | The Washington Post

Privacy advocates, worried that the Defense Department is sinking millions of dollars into unproven online voting systems, are suing the Pentagon for the release of long-promised test results on whether Internet-based voting is safe. The subtext of the lawsuit is that after spending millions on online voting experiments — in 2010 alone, the Defense Department’s Federal Voting Assistance Program received $9 million from Congress to design and test Internet-based voting — privacy advocates worry that online voting could spread in the United States without proper vetting. The Electronic Privacy Information Center, a D.C.-based advocacy group, filed a lawsuit last month against the Pentagon, under the Freedom of Information Act, to compel the release of the results of the department’s test of its online voting system. Ginger McCall is the director of EPIC’s open government project. “Voting is an integral part of our democratic system,” she said, “and it is imperative that the public have information about whether or not e-voting systems are really secure and reliable before they are used or more money is spent on their acquisition.”

California: Is California Ready for Online Voting? | KQED

It sounds logical enough. If we can buy stock, see medical records and book flights online, we should be able to cast ballots online as well. And at least one politicians thinks California should move in that direction. When State Sen. Leland Yee (D-San Francisco) announced on Monday that he is running for secretary of state in 2014, he said online voting is one of the primary planks in his platform. … That made me wonder exactly why I am still showing up at the basement of a church in my neighborhood to fill in bubbles with a pen. The answer, according to Johns Hopkins University computer security expert Avi Rubin, is that there is no way to guarantee an accurate vote count online. “I’m pretty disgusted to hear that someone is running for secretary of state with this platform,” he said.