For years, Barbara Simons was the loneliest of Cassandras—a technologist who feared what technology had wrought. Her cause was voting: Specifically, she believed that the electronic systems that had gained favor in the United States after the 2000 presidential election were shoddy, and eminently hackable. She spent years publishing opinion pieces in obscure journals with titles like Municipal World and sending hectoring letters to state officials, always written with the same clipped intensity. Simons, who is now 76, had been a pioneer in computer science at IBM Research at a time when few women not in the secretarial pool walked its halls. In her retirement, however, she was coming off as a crank. Fellow computer scientists might have heard her out, but to the public officials she needed to win over, the idea that software could be manipulated to rig elections remained a fringe preoccupation. Simons was not dissuaded. “They didn’t know what they were talking about and I did,” she told me. She wrote more articles, wrote a book, badgered policy makers, made “a pain of myself.” Though a liberal who had first examined voting systems under the Clinton administration, she did battle with the League of Women Voters (of which she is a member), the ACLU, and other progressive organizations that had endorsed paperless voting, largely on the grounds that electronic systems offered greater access to voters with disabilities.Full Article: The Computer Scientist Who Prefers Paper - The Atlantic.
Editorials: Internet voting and paperless machines have got to go | Barbara Simons/Minneapolis Star Tribune
“They’ll be back in 2020, they may be back in 2018, and one of the lessons they may draw from this is that they were successful because they introduced chaos and division and discord and sowed doubt about the nature of this amazing country of ours and our democratic process.” — Former FBI Director James Comey, testifying about the Russian government before a House Intelligence Committee hearing, March 20, 2017
We are facing a major national security threat. As former Director Comey stated, we know that Russia attacked our 2016 election, and there is every reason to expect further attacks on our elections from nations, criminals and others until we repair our badly broken voting systems. Despite a decade of warnings from computer security experts, 33 states allow internet voting for some or all voters, and a quarter of our country still votes on computerized, paperless voting machines that cannot be recounted and for which there have been demonstrated hacks. If we know how to hack these voting systems, so do the Russians and Chinese and North Koreans and Iranians and ….Full Article: Internet voting and paperless machines have got to go - StarTribune.com.
Five days after Donald Trump was elected president, Alex Halderman was on a United Airlines flight from Newark to Los Angeles when he received an urgent email. A respected computer scientist and leading critic of security flaws in America’s voting machines, Halderman was anxious to determine whether there had been foul play during the election. Had machines in Wisconsin or Michigan been hacked? Could faulty software or malfunctioning equipment have skewed the results in Pennsylvania? “Before the election, I had been saying I really, really hope there’s not a hack and that it’s not close,” he says. “Afterwards, I thought, ‘Wait a minute, there’s enough reason here to be concerned.’ ” Now, wedged into a middle seat on the cross-country flight, Halderman stared in disbelief at the email from Barbara Simons, a fellow computer scientist and security expert. Working with Amy Rao, a Silicon Valley CEO and major Democratic fundraiser, Simons had arranged a conference call with John Podesta, Hillary Clinton’s campaign chair, to make the case for taking a closer look at the election results. Could Halderman be on the call in 15 minutes? United’s wi-fi system didn’t allow for in-flight phone calls. But Halderman wasn’t fazed. “I’m blocked,” he emailed Simons, “but I can try.” Within minutes, Halderman had circumvented the wi-fi and established an interface with computers at the University of Michigan, where at 36 he is the youngest full professor in the history of the computer science department. He dialed in to the call but did not speak, afraid of drawing attention to the fact that he was violating the airline’s phone ban.Full Article: Inside the Recount | New Republic.
Major websites were inaccessible to people across wide swaths of the United States on Friday after a company that manages crucial parts of the internet’s infrastructure said it was under attack. Users reported sporadic problems reaching several websites, including Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud and The New York Times. The company, Dyn, whose servers monitor and reroute internet traffic, said it began experiencing what security experts called a distributed denial-of-service attack just after 7 a.m. Reports that many sites were inaccessible started on the East Coast, but spread westward in three waves as the day wore on and into the evening. And in a troubling development, the attack appears to have relied on hundreds of thousands of internet-connected devices like cameras, baby monitors and home routers that have been infected — without their owners’ knowledge — with software that allows hackers to command them to flood a target with overwhelming traffic. … The attacks were not only more frequent, they were bigger and more sophisticated. The typical attack more than doubled in size. What is more, the attackers were simultaneously using different methods to attack the company’s servers, making them harder to stop. The most frequent targets were businesses that provide internet infrastructure services like Dyn. “DNS has often been neglected in terms of its security and availability,” Richard Meeus, vice president for technology at Nsfocus, a network security firm, wrote in an email. “It is treated as if it will always be there in the same way that water comes out of the tap.”Full Article: Hackers Used New Weapons to Disrupt Major Websites Across U.S. - The New York Times.
Since hackers have targeted the election systems of more than 20 states, cyber-security experts say Michigan should change its policy and routinely audit a sample of its paper ballots to protect against election fraud. Voter registration lists were hacked recently in Arizona and Illinois. The U.S. Department of Homeland Security would not acknowledge whether those particular systems were breached, but Secretary Jeh Johnson said hackers “in a few cases … gained access to state voting-related systems.” The department would not disclose whether Michigan was one of “a large number of state systems” scanned by hackers in preparation for possible attacks, but the Michigan Secretary of State’s office said the state’s voter registration lists have not been targeted or affected. … Audits in Michigan are only triggered in certain circumstances, according to the Secretary of State’s office. Automatic recounts for presidential ballot results happen when the leading candidates are 2,000 or fewer votes apart, while a losing candidate can request a recount for a district or certain precincts, according to the Secretary of State’s office. “It should be done routinely in order to provide a strong degree of confidence,” said University of Michigan cyber-security expert Alex Halderman. “That’s an opportunity for Michigan to improve its election procedures. You should audit every election.”Full Article: Experts: State should audit election results.
Did Republican nominee Donald Trump just ask Russian strongman Vladimir Putin to cast the deciding vote in the US presidential election? On Wednesday morning, Trump said he hoped Russia would find and publish 30,000 e-mail messages deleted by his Democratic rival, Hillary Clinton, from the personal server she used as secretary of state. It was a startling spectacle: a presidential candidate urging a foreign government to play a role in America’s game of thrones. But there’s a chance Putin is already a player. The trove of embarrassing e-mails stolen from the Democratic National Committee, which were leaked to the press just in time for this week’s party convention in Philadelphia, were probably swiped by Russian hackers, according to US intelligence officials and independent cybersecurity companies. Russia’s apparent election tampering — and Trump’s call for the Russians to expose Clinton’s deleted e-mails — shows that the insecurity of America’s data networks could undermine our ability to hold free and fair elections. But if the Russian president would go this far to pick our next president, why not take the direct approach? Why not tamper with the computers that manage the nation’s voting systems? Maybe that has already happened. Those voting systems are certainly vulnerable.Full Article: Trump, Putin and the hacking of an American election - The Boston Globe.
Verified Voting, the nation’s leading election integrity organization, today announced the appointment of John DeCock as our new Executive Director.
“We are delighted to have John join our team,” said Verified Voting President Pamela Smith. “John’s appointment signals an important step in our efforts to safeguard elections and to support each voter’s right to cast an effective ballot. John’s exceptional skills and experience will support our outreach and ability to share our resources with a broad range of communities, from voters to policymakers to election officials and more. Working together with John, I am certain that we will continue making vital contributions towards achieving reliable and publicly verifiable elections.”
“There is nothing more fundamental to our Democracy than the right to vote and the knowledge that each vote matters and will be properly counted,” said DeCock. “I am looking forward to working with the talented staff and board at Verified Voting, as well as with the many experts who have collectively achieved so much. There still is much to do to improve the systems by which we cast our votes and to guarantee that every voter knows that his or her vote is counted as cast.”
Today Americans are voting in an election that could shift control of the U.S. Senate and significantly impact the direction our nation will take in the next few years. Yet, 31 states will allow over 3 million voters to cast ballots over the Internet in this election, a practice that computer security experts in both the federal government and the private sector have warned is neither secure nor trustworthy. Most states’ online voting is limited to military and overseas voters, but Alaska now permits all voters to vote over the Internet. With a hotly contested Senate seat in Alaska, the use of an online voting system raises serious concerns about the integrity of Alaska’s election results. Alaska’s State Election Division has even acknowledged that its “secure online voting solution” may not be all that secure by posting this disclaimer on its website: “When returning the ballot through the secure online voting solution, your are [sic] voluntarily waving [sic] your right to a secret ballot and are assuming the risk that a faulty transmission may occur.” Unfortunately, faulty transmission is only one of the risks of Internet voting. There are countless ways ballots cast over the Internet can be hacked and modified by cyber criminals.Full Article: Online voting rife with hazards: Column.
Internet voting, a technology often cited as a solution to the United States’ problematic voting machines, received failing security and accessibility grades in the latest in-depth audit conducted by the City of Toronto. Two of the three vendors audited by the city currently have contracts with over a dozen U.S. jurisdictions for similar technologies. The accessibility report, prepared by researchers at the Inclusive Design Research Centre at OCAD University, and the security report, prepared by researchers at Concordia and Western universities, were obtained by Al Jazeera America through a Freedom of Information Act request. … The reports highlight the difficulty in creating a voting system that isn’t more susceptible to corruption than existing voting technology and that is easy enough to use for voters with a variety of personal computer setups, including those with disabilities who often use alternatives to traditional mice, keyboards and screens. … “It’s clear from the report for Toronto that the systems being considered don’t meet the minimum accessibility standards required,” said Barbara Simons, a board member of Verified Voting, and co-author of the book “Broken Ballots: Will your Vote Count?” who also obtained the reports through a Freedom of Information request.Full Article: Latest Internet voting reports show failures across the board | Al Jazeera America.
A recent presidential commission report on election administration characterizes the state of U.S. voting machines as an “impending crisis.” According to the report, created in response to a presidential order, existing voting machines are reaching the end of their operational life spans, jurisdictions often lack the funds to replace them, and those with funds find market offerings limited because several constraints have made manufacturing new machines difficult. On Election Day, these problems could translate into hours-long waits, lost votes and errors in election results. In the long term, such problems breed a lack of trust in the democratic process, reducing the public’s faith in government, experts say. According to Barbara Simons, a member of the board of advisers to the federal Election Assistance Commission (EAC), the problem can’t be avoided any longer. “People died for the right to vote as recently as the civil rights movement,” she said. “The American Revolution was all about being able to control our own democracy, and that means voting … We know that a lot of machines were breaking in the 2012 election. It’s not that it’s an impending crisis. This crisis is already here.” Also, outdated voting machines can present security risks both in hardware deficiencies (some machines use generic keys to protect sensitive panels) and in software flaws that are difficult if not impossible to detect when compromised, according to security audits. Assessing the security of many of these systems is difficult, however, since companies insist proprietary software and hardware may not be disclosed to third parties. Government audits are often not fully public. The current problem is rooted in the short-term fixes that were implemented to solve the last major voting crisis, in 2000, when unreliable punchcard machines led to ambiguous ballots in Florida, putting the presidential election into question. After further issues in the 2002 midterm elections, Congress passed the Help America Vote Act (HAVA) that fall. HAVA gave states millions of dollars to replace punchcard machines and created the EAC, charged with establishing standards for voting systems.Full Article: Voting's 'impending crisis' | Al Jazeera America.
The debate over whether Americans should be permitted to vote via the Internet has long pitted voting system manufacturers, who frame it to election officials as inevitable and modern, against top cybersecurity experts who insist it cannot be done without inviting wide-scale fraud. In recent months, however, a powerful new force has joined the fight: people with disabilities, insisting that using electronic ballots from their homes ought to be seen as a right guaranteed by the Americans With Disabilities Act. Most notably, a federal judge in Maryland is scheduled next month to hear arguments as to whether the state board of elections must certify a system that involves the Internet-based delivery and marking of absentee ballots for people with disabilities. The lawsuit’s main plaintiff is the National Federation for the Blind (NFB), joined by a man with cerebral palsy and a woman who is deaf and blind. Separately, the Utah legislature in March passed the Internet Voting Pilot Project Act to permit county election officials to develop systems for people with disabilities to vote online. No actual system has been proposed or adopted yet. … Those systems are worrisome to opponents, but for the most part they represent a relatively small number of voters scattered across the nation. The focus on Maryland is the result of both limited resources and the fear of a federal precedent, said Susan Greenhalgh of Verified Voting, a watchdog group that raises concerns about vulnerabilities in electronic voting systems of all types. “The concern is that if this lawsuit succeeds, it could persuade others that to be compliant with the ADA you must have an online ballot-marking system,” Greenhalgh said. “That could be very, very damaging to require that all over the country.” Rutgers Constitutional Rights Clinic co-director Penny Venetis, who works with Verified Voting, went further, warning, “You get one federal court decision that says that, we will have Internet voting.”Full Article: Court case: Voting via the Internet is a civil rights issue for disabled | Al Jazeera America.
In the digital age, it seems strange that people all around the world still use paper to vote. Of course, given bitcoin’s promise to remove paper from the financial system, many in the industry are beginning to ask if the same block chain technology can be applied to help modernize the democratic process. … Forget it, says Barbara Simons. “At this point we cannot do Internet voting securely,” warns the former IBM computer scientist who has conducted extensive research into Internet voting. Readers will point out that Internet voting is already happening, but she’s saying that we cannot guarantee its integrity. Simons, a former president of the Association for Computing Machinery, participated in a National Workshop on Internet Voting commissioned by former US President Bill Clinton, and authored a book, ‘Broken Ballots‘. She is a long-standing critic of online voting, and her research caused the US Department of Defense to nix an Internet voting system it was considering. “A lot of people think ‘I can bank online, so why can’t I vote online?’,” says Simons. “But, millions disappear from online bank accounts each year.”Full Article: How Block Chain Technology Could Usher in Digital Democracy.
Some Brockton residents are upset with council’s decision to go with electronic voting in the municipal election this fall. Council has approved a contract with Dominion Voting to provide telephone and Internet voting at a cost of $1.70 for each 7,600 potential voters. Pauline Gay and Barb Klages left last Monday’s council meeting critical of council’s decision. They want the municipality to stick with paper ballots. “I’m disappointed because they don’t seem to consider the security of my computer if I choose to vote with it . . . and there is no way to do a valid recount with an electronic vote,” said Klages. During the meeting council heard from former IBM employee and computer scientist Barbara Simons, who addressed council by teleconference from California. She cited cost, lack of security and the inability to have a recount in a close election as reasons to reject electronic voting. She also said Internet voting doesn’t increase voter participation.Full Article: Switch to e-voting still an issue in Brockton | The Post.
By now, just about everyone connected to the Internet is familiar with this process: Required to fill out and sign a form of some kind, you ask for and receive a hyperlink via email. You open the link, find the form you need (perhaps a pdf), download it, print it, fill it out and mail it off. That’s a common practice, though increasingly old-school by today’s online standards. There doesn’t seem to be anything particularly risky about the transaction; few would think twice about conducting business that way. But while integrity is important in all transactional realms, it rises to precious when we’re talking about voting. And that’s why a similar process, new this year and slated to be part of Maryland’s primary election in June, has some civic-minded computer security experts sounding alarms about the potential for fraud. … The three experts who wrote to the board about this in 2012 were David Jefferson, a computer scientist based at the Lawrence Livermore National Laboratory in California; J. Alex Halderman, assistant professor of electrical engineering and computer science at the University of Michigan; and Barbara Simons, a retired IBM computer scientist and an expert on electronic voting. They are part of network of vigilant computer security experts who independently assess state elections systems and report their concerns.Full Article: Experts remain concerned about Maryland election fraud threat - baltimoresun.com.
Estonia, which created the world’s first nationwide Internet-based voting system, has finally released its source code to the public in an attempt to assuage a longstanding concern by critics. “This is the next step toward a transparent system,” said Tarvi Martens, chairman of Estonia’s Electronic Voting Committee, in an interview Friday with ERR, Estonia’s national broadcaster. “The idea, which was the result of joint discussion between numerous Estonian IT experts and the Electronic Voting Committee, was implemented today. We welcome the fact that experts representing civil society want to contribute to the development and security of the e-elections.” Martens and his colleagues have now put the entire source code on GitHub—previously it was only made available after signing a confidentiality agreement.Full Article: Estonia publishes its e-voting source code on GitHub | Ars Technica.
Canada’s Liberal party elected a new leader last week. And for the first time in the party’s history, the voting took place online. Justin Trudeau, the telegenic son of the late Pierre Trudeau, Canada’s most famous prime minister, won in a landslide with over 80 per cent of the vote. But online voting critics say that despite the decisive results, the Internet remains an unsafe place to cast your vote. “If the Conservative party want to select the next Liberal party leader, this provides them with the perfect opportunity,” says Dr. Barbara Simons, an online voting expert, and co-author (with Douglas Jones) of Broken Ballots: Will Your Vote Count? “I am not saying the Conservatives would do this — I’m just saying this is a very foolish and irresponsible thing for Liberals to be doing, because they open themselves up to vote-rigging that would be almost untraceable, and impossible to prove.”Full Article: Canada's Liberal Party Holds Online Primaries While Security Experts Scowl | TechPresident.
National: Online Voting For Academy Awards Must Not Become Model For Public Elections, Cyber Security & Voting Rights Experts Warn | Paramus Post
A group of concerned cyber security experts and voting rights advocates released a statement today warning that Internet voting for this year’s Academy Awards must not become a model for public elections. The group includes advocacy organizations Common Cause and Verified Voting and some of the most renowned figures in computer science including Ron Rivest, co-founder of RSA and Verisign and recipient of the Turing Award; and Dr. Barbara Simons, former President of ACM and author of Broken Ballots: Will Your Vote Count? “When the Academy of Motion Picture Arts and Sciences announced that it would be using an online voting system to help its members choose this year’s Oscar nominees and finalists, thereby adding to the “credibility” of online voting, we found ourselves compelled to remind the general public that it is dangerous to deploy voting by email, efax, or through internet portals in public governmental elections at this time,” the experts said. “Public elections run by municipal, local and state governments should not be compared to elections like the one run by the Academy.”Full Article: Online Voting For Academy Awards Must Not Become Model For Public Elections, Cyber Security & Voting Rights Experts Warn - The Paramus Post - Greater Paramus News and Lifestyle Webzine.
Just because online voting is possible, doesn’t mean the U.S. government should try it for national elections any time soon. That’s the message computer security experts and advocates for voting rights are trying to get across to American voters. David Jefferson, a Lawrence Livermore computer scientist, said Thursday that hosting a national election online poses a national security threat. Jefferson was part of a press conference hosted by Common Cause, a transparency advocacy organization. He pointed out three fundamental areas of attack by hackers or viruses, with no immediate solutions for online voting. “Client side” attacks would trigger malicious software in a voter’s computer or smartphone itself. “Server side” attacks could bring down the servers that would collect and count the votes and the “denial of service” attacks could actually prevent people from voting and take the server down. “There is no fundamental solution to any of these categories of problems, and at least for the client or server side, anyone in the world can initiate such an attack. It can be completely undetectable so the outcome would be wrong and no one would know about it,” said Jefferson, who serves on the board of the Verified Voting Foundation and California Voter Foundation. Even if a faulty outcome is discovered, he added, there would be no way to correct it as there would be no audit trail to “recount.” See Verified Voting Blog: Statement on the Dangers of Internet Voting in Public Elections
Voting Blogs: You’ve Got Mail, Mr. President: Two New Letters Weigh In on Voting Technology Issues | Election Academy
For the past month, the election community has been focused to different degrees on President Obama’s Election Night observation that “we need to fix” problems that caused long lines at the polls on Election Day. Recently, the President received two separate letters from computer scientists and advocates concerned about the role of technology in elections. The first, from California Voter Foundation founder and President Kim Alexander and 28 co-signers, focuses heavily on the concept of verifiable voting systems and urges the Administration to put a federal stamp on the problem. The second letter, signed by computer scientist Barbara Simons and 49 co-signers (many of whom appear on the first letter but also including some election officials), covers much of the same territory but contains stronger language on the perceived danger of Internet voting.Full Article: You've Got Mail, Mr. President: Two New Letters Weigh In on Voting Technology Issues - Election Academy.
Perhaps it’s because the U.S. Constitution does not guarantee Americans the right to vote. Perhaps it’s because election officials believe (or hope) that the public has forgotten what democracy means or what fair elections are all about. Perhaps both parties opportunistically seek an advantage through fraud. Perhaps people are simply stupid. Nevertheless, it remains an almost inconceivable screw-up: in many states, including critical swing states, government officials have not guaranteed that votes can be counted, either, in some cases, counted accurately or, in others, counted at all. The mechanics of U.S. voting systems, by international standards, languish at the level of a dismal third world failure.Full Article: The Threat of a Stolen Election - In These Times.