National: The White House Names Princeton University Professor Ed Felten as Deputy U.S. Chief Technology Officer | Planet Princeton

Edward Felten, a Princeton University computer scientist who is a leading expert on computer security, has been named deputy chief technology officer in the White House’s Office of Science and Technology Policy. The White House announced the appointment this afternoon. Felten has been teaching at Princeton University since 1993. In 2005, he was named director of Princeton’s Center for Information Technology Policy. His research interests include public policy issues related to information technology, including electronic voting, cybersecurity policy, technology for government transparency, and Internet policy.

Alaska: Hackers Could Decide Who Controls Congress Thanks to Alaska’s Terrible Internet Ballots | The Intercept

When Alaska voters go to the polls tomorrow to help decide whether the U.S. Senate will remain in Democratic control, thousands will do so electronically, using Alaska’s first-in-the-nation internet voting system. And according to the internet security experts, including the former top cybersecurity official for the Department of Homeland Security, that system is a security nightmare that threatens to put control of the U.S. Congress in the hands of foreign or domestic hackers. Any registered Alaska voter can obtain an electronic ballot, mark it on their computers using a web-based interface, save the ballot as a PDF, and return it to their county elections department through what the state calls “a dedicated secure data center behind a layer of redundant firewalls under constant physical and application monitoring to ensure the security of the system, voter privacy, and election integrity.” That sounds great, but even the state acknowledges in an online disclaimer that things could go awry, warning that “when returning the ballot through the secure online voting solution, your are voluntarily waving [sic] your right to a secret ballot and are assuming the risk that a faulty transmission may occur.”

National: Could e-voting machines in Election 2012 be hacked? Yes. | CSMonitor.com

Rapid advances in the development of cyberweapons and malicious software mean that electronic-voting machines used in the 2012 election could be hacked, potentially tipping the presidential election or a number of other races. Since the machines are not connected to the Internet, any hack would not be a matter of someone sneaking through cyberspace to change ballots. Rather, the concern is that an individual hacker, a partisan group, or even a nation state could infect voting machines by gaining physical access to them or by targeting the companies that service them.

National: New Research Result: Bubble Forms Not So Anonymous – Princeton researchers deanonymize optical scan ballots| Freedom to Tinker

by Will Clarkson Today, Joe Calandrino, Ed Felten and I are releasing a new result regarding the anonymity of fill-in-the-bubble forms. These forms, popular for their use with standardized tests, require respondents to select answer choices by filling in a corresponding bubble. Contradicting a widespread implicit assumption, we show that individuals create distinctive marks on these forms, allowing use of the marks as a biometric. Using a sample of 92 surveys, we show that an individual’s markings enable unique re-identification within the sample set more than half of the time. The potential impact of this work is as diverse as use of the forms themselves, ranging from cheating detection on standardized tests to identifying the individuals behind “anonymous” surveys or election ballots.

If you’ve taken a standardized test or voted in a recent election, you’ve likely used a bubble form. Filling in a bubble doesn’t provide much room for inadvertent variation. As a result, the marks on these forms superficially appear to be largely identical, and minor differences may look random and not replicable. Nevertheless, our work suggests that individuals may complete bubbles in a sufficiently distinctive and consistent manner to allow re-identification.