A leaked intelligence document outlining alleged attempts by Russian military intelligence to hack into U.S. election systems is the latest evidence suggesting a broad and sophisticated foreign attack on the integrity of the nation’s elections. And it underscores the contention of security experts and computer scientists that the highly decentralized, often ramshackle U.S. election system remains profoundly vulnerable to trickery or sabotage. The document, purportedly produced by the U.S. National Security Agency, does not indicate whether actual vote-tampering occurred. But it adds significant new detail to previous U.S. intelligence assessments that alleged Russia-backed hackers had compromised elements of America’s electoral machinery. It also suggests that attackers may also have been laying groundwork for future subversive activity. The operation described in the document could have given attackers “a foothold into the IT systems of elections offices around the country that they could use to infect machines and launch a vote-stealing attack,” said J. Alex Halderman, a University of Michigan computer scientist. “We don’t have evidence that that happened,” he said, “but that’s a very real possibility.”
Georgia: As millions pour into Georgia’s congressional runoff, the voting machinery is among the worst in America | Salon
There are so many disturbing aspects to the special election happening in Georgia’s sixth congressional district, it’s hard to know where to begin. For starters, the election runs on Microsoft Server 2000. That is not a typo. “That’s a crap system,” said Douglas Jones, a computer science professor at the University of Iowa in a phone interview; adding that the database in use, Microsoft Access is a “toy database” that should never be used for industrial applications. nFulton County Elections Director Richard Barron acknowledged in testimony on the troubled first round of the election, that the system is “inflexible.” But delving into his testimony further, and speaking to both local and national computer experts it’s evident that the results of the first round of the election on April 18th are legitimately suspect and that no election running on this type of computer system can be verified as accurate.
Interference by hackers is just one of the nightmare scenarios that worry computer scientists about the upcoming election. The other is a race so close that calling the result is beyond the capacity of today’s voting technology. Experts who’ve delved into the accuracy of these apparatuses — from punch cards and mechanical levers to electronic voting machines — say that no system is perfect. In most cases the error rates are unknown, or are only measured in artificial test settings and not as they would be used in the real world. Computer scientist Douglas Jones of the University of Iowa, who co-authored the book “Broken Ballots: Will Your Vote Count?,” came to realize that voters usually blame themselves when something goes wrong in the voting booth — a tendency that could mask intentional hacking or equipment error. When Jones set up experiments with electronic voting machines rigged to switch votes away from the subjects’ choices, the people casting ballots assumed they had done something wrong. “People tend to trust the machines,” he said — even when the machines don’t work. Electronic voting machines use proprietary software, making it hard for outside researchers to get a measure of their error rates, according to computer scientist Rebecca Mercuri, founder of the company Notable Software and an expert on electronic voting systems. “In polling they say the results are plus or minus 3 points or so, but they don’t say that about voting machines,” she said. “If it’s a really close election, you’re looking at a crapshoot.”
Despite rumors on Twitter to the contrary, by almost all accounts the Microsoft app used to tally unverified caucus votes in Iowa worked exactly as it was supposed to. What broke were the web sites where Republicans and Democrats posted close to real-time information about those votes, which at times crashed under the crush of people eager for news of their candidates. That didn’t surprise Douglas W. Jones, the recording secretary for the Democratic caucus, precinct 4 in Iowa City, Iowa. “In the modern, media-driven world, we’re desperate for results,” he said. His son Nathaniel Douglas, 32, send their caucus results in to the county Democratic party using the app built by Microsoft for the purpose, which he said “worked as advertised.” In precincts where workers didn’t have smart phones, the older updating system of calling in and pressing buttons on a touch-tone phone after inputting a PIN for security was used. “Both systems worked fine,” Douglas said. … At their heart, they are a way for Iowa voters to chose delegates to county, district and state political conventions who will then go on to chose their candidate. That process is heavily scrutinized and has very reliable and very old security baked into it — “it all happens on paper, which we’ve been using for elections going back to Roman times,” said Jones, who is also a professor of computer science at the University of Iowa and an expert on online voting systems.
Canada’s Liberal party elected a new leader last week. And for the first time in the party’s history, the voting took place online. Justin Trudeau, the telegenic son of the late Pierre Trudeau, Canada’s most famous prime minister, won in a landslide with over 80 per cent of the vote. But online voting critics say that despite the decisive results, the Internet remains an unsafe place to cast your vote. “If the Conservative party want to select the next Liberal party leader, this provides them with the perfect opportunity,” says Dr. Barbara Simons, an online voting expert, and co-author (with Douglas Jones) of Broken Ballots: Will Your Vote Count? “I am not saying the Conservatives would do this — I’m just saying this is a very foolish and irresponsible thing for Liberals to be doing, because they open themselves up to vote-rigging that would be almost untraceable, and impossible to prove.”
Few want to even think about it, but the 2012 US election result could be clouded by problems with voting machines … again. Twelve years after the Florida punch card debacle in which thousands of votes went uncounted in the crucial state, some experts cite similar concerns about voting technology. “I’m not sure we’ve made forward progress since 2000,” said Douglas Jones, a University of Iowa computer scientist and co-author of a book published this year, “Broken Ballots.” “We’ve put a tremendous effort into changing the voting systems, but in many cases we’ve discarded systems too quickly and replaced them with systems that we haven’t examined enough.”
Few people — the security expert Rebecca Mercuri being the notable exception — thought much about the mechanics of voting before the Bush-versus-Gore presidential election in 2000. A few weeks of watching diligent poll workers holding up ballots to look for hanging chads changed all that. The timing — coincidental with both the rise of the internet and the dot-com bust — suddenly put voting technology on everyone’s agenda. The UK, like a number of European countries, had a brief flirtation with electronic voting. Notably, the Netherlands reverted to pencil-and-paper after a group of technical experts proved their point by getting the voting machines to play chess. E-counting is still on the UK’s agenda, however, despite objections from the Open Rights Group on technical and cost grounds. Most recently, it was used in London’s May 2012 mayoral elections. In the US, Bush v. Gore led to the passage of the Help America Vote Act (HAVA), which mandated the updating of voting equipment and set off substantial controversy.
Editorials: Challenging the market power of one voting machine maker | Sean Flaherty/Iowa City Press Citizen
I am co-chairman of Iowans for Voting Integrity, a nonpartisan citizen group that works for voting systems worthy of the public trust. We have worked for six years for two reforms that both we and many of the world’s leading computer technologists consider essential to fair elections: First, we believe that all computer voting systems must provide a reliable paper record of every ballot cast, and Second, we believe that following every election, election officials should routinely conduct a manual tally of a sample of cast ballots to check against electronic tallies. This column revisits an issue well-known both to the small community of advocates and technology experts who work on electronic voting issues and to an untold number of conspiracy theorists around the nation, but largely unknown outside those communities. This issue is the centralized marked power of the nation’s leading vendor of election equipment and services, Election Systems and Software (ES&S), and the opacity of ES&S’s ownership. I’d like to share some highly judicious and disturbing comments about ES&S that I heard June 7 at a reading at Prairie Lights by University of Iowa computer scientist Douglas Jones. Along with his co-author Barbara Simons, Jones recently published an important book, “Broken Ballots.” The reading was livestreamed on the Internet, and and audio archive should be available soon.
Carolyn Crnich likes to be second-guessed: The registrar of voters in Humboldt County, Calif., scans every ballot and makes the election results available, online or on disk, so that anyone, anywhere, can count them. Community activists do just that. The result: 100 percent audits of the supervisor’s results, a sharp contrast to Florida, which limits vote counts to a small number of ballots in a single race. “I don’t like saying to my constituents, ‘Hey, just trust me,’ ” Crnich said. “Now, I don’t have to. Count them yourself, and if you find anything out of the ordinary, I want to know.” In 2008, the Humboldt County Election Transparency Project did find something out of the ordinary: 197 ballots dropped by machines. That led to an examination of the elections software used in Humboldt, about 200 miles north of San Francisco. So many problems were found, the system was decertified for use in California. It continues counting ballots in two Florida counties without incident, although a state Division of Elections advisory urged counties to get an upgrade. But elections supervisors shouldn’t get too comfortable with any system, experts say.
A federal judge in Richmond agreed Wednesday to let three Republican presidential candidates join the lawsuit Texas Gov. Rick Perry brought after failing to qualify for Virginia’s GOP primary ballot. U.S. District Judge John A. Gibney Jr. granted a motion to intervene brought by former senator Rick Santorum (Pa.), former House speaker Newt Gingrich (Ga.) and former Utah governor Jon Huntsman. Rep. Michele Bachmann (R-Minn.), who also had sought to join the suit, was not included in the order. She dropped out of the race Wednesday after a last-place finish in the Iowa caucuses.
The ruling means the case against Virginia’s GOP chairman and members of the State Board of Elections would go forward even if Perry, who had a poor showing in Iowa, dropped out of the race, said Carl Tobias, a professor at the University of Richmond School of Law. “They would keep it alive,” he said. “Once they’re parties, they step into the shoes of the plaintiff.”
A Christmas scrooge stole credit card information from a Texas-based company Saturday, by hacking into its website. We’ve told you about a cyber threat that could impact the Iowa caucuses on January 3rd. Turns out, this latest internet breach could be affiliated with the same group of hackers, which released credit card information from Stratfor, a think-tank that concentrates on security issues, totaling losses of $1 million.
The group thought to be behind it is called Anonymous. That’s the same one responsible for threats made against the upcoming Iowa caucuses. How the group could hamper the process is unknown. University of Iowa professor, Douglas Jones, has two theories.