Voting Blogs: “Nobody Goes There Anymore, It’s Too Crowded”: Election Officials’ Responsibility for Handling Denial of Service Attacks | Election Academy

Over the weekend, Canada’s New Democrats (NDP) conducted a vote for a new leader. The vote was conducted online so that registered party members could vote both in person at the NDP convention site and remotely from home computers or smartphones. Sometime during the second round of voting, the system slowed considerably, and eventually it became known that the system had likely been the target of a “denial of service” (DoS) attack aimed at clogging the the system and thus preventing (or at least discouraging) voters from casting ballots. The NDP, its vendor and consultants have identified two IP addresses that appear to have been the source of the attack and are investigating now. The results of that investigation are still forthcoming, but in the meantime I wanted to focus on a discussion I saw online yesterday about whether and how NDP and its vendor should have prepared for the possibility of a DoS attack.

Canada: More than 10,000 IP addresses used in attack on NDP vote | CTV Winnipeg

The company that ran the online voting system used to help choose the winner of the weekend’s NDP leadership race is now blaming several hours of delays on a “malicious, massive” attack on its voting system. In a news release, Barcelona-based Scytl said “well over 10,000 malevolent IP addresses” were used in a Distributed Denial of Service attack, which generated hundreds of thousands of false voting requests to the system. “We deeply regret the inconvenience to NDP voters caused by this malicious, massive, orchestrated attempt to thwart democracy,” Susan Crutchlow, general manager of Scytl Canada said in a statement. The attack effectively “jammed up the pipe” into the voting system, delaying voter access, the statement said. “This network of malevolent computers, commonly known as a ‘botnet,’ was located on computers around the world but mainly in Canada.”

Canada: Halifax Regional Municipality to review e-voting contract after cyber attack on NDP leadership election | Metro

The Halifax Regional Municipality will be reviewing a decision to award a Spanish e-voting company a contract for this October’s election. This in the wake of e-voting delays that plagued the federal NDP leadership convention in Toronto on Saturday. Scytl, the Spanish company that oversaw the convention’s e-voting, was awarded a contract in January to provide electronic voting for the upcoming HRM election. “With the events of the weekend … we certainly will be reviewing the situation with the company,” Mayor Peter Kelly said on Sunday. “(HRM will) determine whether or not this was an issue of just malfunction, or other factors as was indicated (by the NDP).”

Canada: Officials mum about source of cyber-attack meant to disrupt online voting | thestar.com

New Democrats remained tight-lipped Sunday about the cyber-attack that kept the country waiting for hours at Saturday’s leadership convention. Party brass refused to disclose the source of two Internet Protocol addresses that they say perpetrated an attack meant to disrupt its online voting system, as they tried to manage Thomas Mulcair’s first day as head of the federal NDP. The party is investigating the attack, in tandem with its voting system provider, Scytl, auditors Price Waterhouse Cooper and a number of “experts,” party president Rebecca Blaikie said on Sunday. “At this point, there is not a single point person,” Blaikie said of the investigation. “We’re going to investigate what (the attack) is, where it came from. . . As soon as we know that, we’ll be able to decide what to do next.” Blaikie said neither police nor Elections Canada have been contacted. The NDP identified the IP addresses, essentially identification tags assigned to web-wired devices, as perpetrators of a denial-of-service (DNS) attack. While the party insists the results were not compromised, some are questioning the integrity of the final, fourth-round ballot, which propelled Thomas Mulcair to victory after more than 12 hours of voting.

Canada: NDP determined to find source of cyber attack on electronic voting system | Winnipeg Free Press

The NDP has not yet called in the police to investigate an orchestrated attempt to sabotage the electronic voting system the party used to choose a new leader.
But it’s not ruling out the possibility once it unmasks the hacker responsible for repeated cyber-attacks that caused lengthy delays in Saturday’s leadership vote. The party had hoped to crown their new leader in time for supper-hour newscasts, before television viewers could switch to the Saturday night hockey games. The cyber attacks frustrated those plans; it was after 9 p.m. ET before Thomas Mulcair was declared the winner. Party president Rebecca Blaikie said Sunday that party officials, vote auditors and Scytl — the high-tech Spanish company hired to secure the electronic voting system — are still working to determine who was responsible. “What we know is that there was an organized attempt to clog the site,” Blaikie said.

China: Online poll in Hong Kong mocked by a million clicks | The Australian

A university website offering ordinary Hong Kongers a chance to vote for their next leader ahead of tomorrow’s election is under “systematic attack” from hackers, organisers said. Thousands of people who do not have the right to vote in the election are expressing their views through the unofficial poll organised by the University of Hong Kong. “The system has been very busy,” Robert Chung, director of the university’s respected Public Opinion Program, said yesterday. “We suspect it is under systematic attack as there are more than one million clicks on our system every second.” Mr Chung did not indicate who could be responsible for the disruption, but his team of pollsters has a history of aggravating mainland authorities with surveys indicating public opinion that is at odds with Beijing’s official line.

Canada: NDP says hackers caused online vote delays | CTV Edmonton

Delays in online voting at the NDP leadership convention have been blamed on hackers, with party officials saying they have found evidence of the attack. Jamey Heath, the NDP’s communications manager, said the party had managed to trace the Internet Protocol addresses of two perpetrators. “They’ve isolated it to individual IP addresses. Votes that have been cast are secure,” he said. The delays had threatened to become a full-scale public relations disaster for the party that even had some people questioning the integrity of the end result. There were lineups of more than an hour at the Metro Toronto Convention centre as the system slowed down. Eligible voters across the country were also getting online error messages.

Canada: Cyber-attack holds up cross-Canada voting for next leader of NDP | Medicine Hat News

An attempted cyber-attack on the NDP’s electronic voting system Saturday forced party officials to delay the process of choosing the next federal New Democrat leader for several hours, frustrating voters both at the convention in Toronto and across the country. Party officials insisted the integrity of the voting system was not compromised, but acknowledged that the would-be hacker managed to “mess” it up enough to cause lengthy delays. “The system has not been compromised,” said Brad Lavigne, a former party national director who was dispatched to explain the problem to reporters. “The system was not hacked. It was never even close to being hacked.” Lavigne said someone outside the party tried to get access to the system, triggering alarms that caused the system to shut down. “The analogy that can be used is that somebody was trying to break into our house and the alarm went off and the robbers were scared away.” He stopped short of suggesting someone was deliberately trying to sabotage the NDP leadership process.

China: Hong Kong election poll shot down by DDoS cyber attack | The Register

Two local men have been arrested after an online referendum organised by Hong Kong university to poll citizens on their choice of chief executive was disabled in an apparent denial of service attack. Broadcaster Radio Television Hong Kong (RTHK) reported that the men, aged 17 and 28, were arrested at the weekend after the online poll was disrupted for a large part of Friday and some of Saturday. … The system has been very busy,” Robert Chung, director of the university’s program, apparently told reporters. “We suspect it is under systematic attack as there are more than one million clicks on our system every second.” Chung was reportedly reticent about the potential motive for the attack but it is well known that the Chinese authorities are not a massive fan of free speech and probably viewed the referendum as undermining the result of the real vote – the outcome of which Beijing basically controls.

China: Hong Kong Mock Vote Draws 223,000 | WSJ

A mock vote that aimed to give ordinary Hong Kong citizens a voice in today’s chief executive poll drew 223,000 votes despite an earlier cyber attack that hit the ambitious project. The Chinese territory’s top political job will be decided by a 1,200 person election committee Sunday, but that hasn’t stopped many of the city’s seven million residents taking part in the University of Hong Kong’s civil referendum project. Beijing has promised the city universal suffrage by 2017. Over half (54%) posted a blank vote, meaning they wanted neither Hong Kong’s former no. 2, Henry Tang, nor its former cabinet head, Leung Chun-ying, to win. Mr. Leung won 18% of the vote, followed by Mr. Tang at 16% and Albert Ho, who chairs the city’s Democracy Party, at 11%.

China: Cyber Attack Targets Hong Kong Mock Vote | WSJ

A cyber attack has hit an ambitious project that sought to give ordinary Hong Kong citizens a voice in this weekend’s chief executive poll, with organizers scrambling to provide paper ballots to the tens of thousands wishing to participate in the mock vote. The Chinese territory’s top political job will be decided by a 1,200 person election committee Sunday, but that hasn’t stopped many of the city’s seven million residents keen to take part in the University of Hong Kong’s civil referendum project. Beijing has promised the city universal suffrage by 2017. Thousands of users logged online Friday morning or used the smart phone apps created by Dr. Robert Chung’s group at the University of Hong Kong to cast their vote, but pages didn’t load properly. Dr. Chung said an early-morning cyber intrusion appeared to disable their servers, and that the site had also been experiencing abnormally high hit rates that had overloaded their system, up to a million requests a second.

China: Hackers blamed for disrupted Hong Kong poll | rthk.hk

Organisers of a mock chief executive election say a suspected hacking attack has halted online voting. The Director of the University of Hong Kong’s Public Opinion Programme, Robert Chung, said the website became paralysed early this morning. Dr Chung said hackers had attacked it during tests a few days ago, and some of his colleagues’ passwords had been inexplicably changed. “We found incidents of abnormally high hit rates on March 21 … We registered about a million hits per second. We think there could not be another reason other than cyber attacks on us,” he said.

China: Organisers say Hong Kong mock poll ‘under cyber attack’ | BBC News

The organisers of a mock poll for Hong Kong’s chief executive say their online system “is under cyber attack” to prevent voting. Residents can vote online or by mobile phone in the publicly funded poll organised by Hong Kong University. The actual vote on Sunday is to limited 1,200 election committee members, but the desire for universal suffrage is strong. Henry Tang, CY Leung and Albert Ho are standing for chief executive.

National: Federal voting program’s objective: Make itself obsolete | FederalNewsRadio.com

Making sure such voters can cast ballots in federal elections is the mission of the Federal Voting Assistance Program (FVAP), a Defense Department office that offers assistance not just to military personnel, but to any U.S. citizen who needs help casting a ballot from overseas. It offers resources, including a wizard on its website that takes a voter through the entire process of registering to vote and casting a ballot in the appropriate jurisdiction. But Robert Carey, FVAP’s director, said his office’s assistance role to state and local governments is just as important. … Carey said 2009 was a watershed year in terms of election law changes designed to improve voter participation among servicemembers and overseas voters. Among other things, the Military and Overseas Voter Empowerment (MOVE) Act requires state and local elections officials to mail absentee ballots to servicemembers at least 45 days prior to an election in order to ensure a ballot can make its way to a remote location — and back to elections officials — in time to be counted.

Australia: Victorians to vote online next year | SC Magazine Australia

Some Victorians may get the chance to vote over the internet next year as the state electoral commission trials a new system it hopes will replace paper polling. The new system would be trialled in by-elections due to be held in 2013, before being made available to 10,000 eligible voters identified as remote or disadvantaged during wider station elections in 2014. It was expected online voting would provide an alternative to current paper systems for remote, overseas and postal voters which are deemed more at risk than those cast at the polling station, as they are handled by people outside the electoral commission.  The system — and indeed all voting platforms — was not imprevious to hacking. Rather, it was designed to meet or improve on the current level of risk experienced by remote and disadvantaged voters. Victorian Electoral Commission (VEC) electronic voting manager, Craig Burton, said the system was designed to return an accuracy rating of 99.35 per cent or higher chance of detecting any fraudulent, missing or damaged votes. By comparison, he estimated online banking would have an accuracy of no more than 95 per cent.  However, internet banking was markedly different to online voting as financial transactions could be validated and possibly contested after the fact, whereas votes could no longer be accessed by the voter once cast.

Canada: Yarmouth Nova Scotia opts for October e-vote | The Chronicle Herald

Voters in Yarmouth won’t be filling out paper ballots or using polling booths in this year’s municipal election. Yarmouth town council voted late last week to do away with paper and conduct the October vote entirely by computer and telephone. Some communities that have chosen electronic voting have also opted for a paper ballot backup system, but the Town of Yarmouth is not one of them, said Mayor Phil Mooney. If folks don’t want to vote from their living rooms or the front seats of their cars using a smartphone, they can still come to town hall and use equipment set up there, said Mooney. “There’s going to be one central poll,” he said Saturday.

Verified Voting in the News: Internet voting way too risky, say experts | Marketplace

Every time an election rolls around, you hear about some pitifully low percentage of people who actually bother to go to the polling place and cast a ballot. At the same time, one can’t help notice the decline in many bricks and mortar retail stores and the attendant growth of online shopping. So why not put two and two together here? Why not vote over the Internet? Skip all that hassle of looking up where you’re supposed to vote, getting there, parking, waiting in line. Just log on, in your pajamas if you want, and cast a ballot the same way you would order some shoes. “It would be something that would be more convenient for voters, you could just do it from the privacy of your own home,” says J. Alex Halderman, Assistant professor of electrical engineering and computer science at the University of Michigan. “That has the potential to increase voter turnout, which is a very good thing. But, the problem is internet voting presents very serious security challenges that we don’t know how to solve, and might not know how to solve anytime soon.”

Canada: Ottawa considering limited online voting in municipal elections | Ottawa Citizen

The city is looking to let some people vote through the Internet in the next election as it replaces the voting system that’s served since the 1997 municipal election. The existing machines, made by Diebold, were built to last 15 years, according to tender documents the city posted this week, and since 15 years are up, it’s time to buy or rent new ones. The city has published a “request for qualifications,” aiming to make a shortlist of bidders who will then fight it out in a second competition for city business. The new gear is supposed to be ready for 2014 and the city anticipates using it in any subsequent byelections and probably again in 2018.

Voting Blogs: The Details On How To Elect Futurama’s Bender To Whatever Election Is Using Online Voting | Techdirt

Back in October of 2010, we wrote about how some “hackers” had broken into a test of the Washington DC e-voting system, and had managed to have the system play the University of Michigan “fight song” every time people voted — University of Michigan being where the researchers (led by e-voting security expert J. Alex Halderman) were from. A day later, we discussed some more details of the hack, noting how just a tiny vulnerability could take down the integrity of the entire system.

Voting Blogs: Hacking the Polls: Vulnerability in Electronic Voting Systems | Independent Voter Network

Among those who advocate for the “modernization” of our voting systems, internet-based electronic voting and registration platforms are often offered as an ideal solution to the problems inherent in our current registration and voting processes. A newly published paper describes the ease with which a small group of researchers was able to hack a Washington D.C. based internet voting pilot project, demonstrating that these new systems are not ready for take-off. In 2010, the Washington D.C. Board of Elections and Ethics announced that it would offer a “Digital Vote-by-Mail Service” that would have allowed overseas voters registered in the District to cast their votes over the internet. The federally-funded project ran a mock election allowing for public testing of its functionality and security ahead of the November election. A research team from the University of Michigan at Ann Arbor reports that it was able to gain “near complete control of the election server” in under two days time. Even more disturbingly, the hackers state that elections officials were effectively incapable of discerning that their system had been compromised.

Voting Blogs: In Theory And Practice, Why Internet-Based Voting Is a Bad Idea | Slashdot

A few countries, like Estonia, have gone for internet-based voting in national elections in a big way, and many others (like Ireland and Canada) have experimented with it. For Americans, with a presidential election approaching later this year, it’s a timely issue: already, some states have come to allow at least certain forms of voting by internet. Proponents say online elections have compelling upsides, chief among them ease of participation. People who might not otherwise vote — in particular military personnel stationed abroad, but many others besides — are more and more reached by internet access. Online voting offers a way to keep the electoral process open to them. With online voting, too, there’s no worry about conventional absentee ballots being lost or delayed in the postal system, either before reaching the voter or on the way back to be counted. The downsides, though, are daunting. According to RSA panelists David Jefferson and J. Alex Halderman, in fact, they’re overwhelming. Speaking Thursday afternoon, the two laid out their case against e-voting.

District of Columbia: Hackers Elect Futurama’s Bender to the Washington DC School Board | PCWorld

Electronic voting has earned a pretty bad reputation for being insecure and completely unreliable. Well, get ready to add another entry to e-voting’s list of woes. One Bender Bending Rodríguez was elected to the 2010 school board in Washington DC. A team of hackers from the University of Michigan got Bender elected as a write-in candidate who stole every vote from the real candidates. Bender, of course, is a cartoon character from the TV series Futurama. This was not some nefarious attack from a group of rogue hackers: The DC school board actually dared hackers to crack its new Web-based absentee voting system four days ahead of the real election. University of Michigan professor Alexander Halderman, along with two graduate students, did the deed within a few hours.

United Kingdom: Data-matching: Electoral Commission throws a spanner in the database | politics.co.uk

Government plans to meddle with who gets to vote in British elections appear to have suffered another setback today. All parties support moves to switch from household registration to individual electoral registration (IER). But there are fears six million voters could fall off the list of those eligible to vote, and the coalition has been under serious pressure to come up with ways to fix this. Its solution is ‘data-matching’, which would see the government use its other databases – for driving licences, benefit payments and the like – to retain up to two-thirds of the current electoral register. Ministers have placed great store by this – constitutional reform minister Mark Harper, as recently as February 9th, stated: “I am confident we now have a set of proposals behind which we can all unite.”

National: Academy Awards Partners with Everyone Counts for 2013 Internet Oscar Ballots | Thompson on Hollywood

The Academy will mail final ballots for the 84th Awards on February 1 to 5,783 voting members. The completed ballots are due at 5 PM February 21. Most members–whether in London, New York or Borneo–will anxiously mail their ballots or, if they are in Los Angeles, walk them into PricewaterhouseCooper’s offices. After tabulating the votes, PricewaterhouseCoopers will place winners’ names in the sealed envelopes that are opened on the Oscar show February 26. This seems positively archaic in the digital age. Why can’t Academy voting take place online? The Broadcast Film Critics, the Canadian Genies, BAFTA and others do it that way. Academy president Tom Sherak told TOH last year that the Academy starting considering electronic ballots because they wanted to move up the Awards date: online voting was a prerequisite of making that happen. But Sherak was afraid that the Oscars offered a fat juicy target. “I’ve yet to be convinced that you couldn’t find someone to hack into it,” he said. “Nobody has said to me, ‘you can’t get in.’ The Academy is as pure as the driven snow.” Until Sherak was convinced that no one could influence the voting by hacking into an online voting system, he was sticking with paper ballots, he said. “They can hack into the Pentagon!” he says. “The chances of getting online ballots are slim to none.”

Voting Blogs: It’s here – Global centralization of elections, privatized | GlobalResearch

In a major step towards global centralization of election processes, the world’s dominant Internet voting company has purchased the USA’s dominant election results reporting company. When you view your local or state election results on the Internet, on portals which often appear to be owned by the county elections division, in over 525 US jurisdictions you are actually redirected to a private corporate site controlled by SOE software, which operates under the name ClarityElections.com.

Austria: E-Voting Pilot in Austria Cancelled by Constitutional Court | wu.ac.at

The Austrian Federal Constitutional Court cancelled the Austrian e-voting pilot conducted in 2009, cf. the Ruling of 13.12.2011 (in German). The pilot had been conducted in the 2009 Elections for the Austrian Student Association, which is an official representative body. Out of more than 230,000 students, only 2,000 had used e-voting.  The pilot was objected to by several student groups as (i) unconstitutional, (ii) using a system that violated basic voting principles and (iii) violating privacy; those student groups then filed a formal complaint after the election. On December 13, 2011, the Court ruled that the e-voting pilot of 2009 was null and void and furthermore canceled those parts of the Electoral Regulations for the Student Elections 2005 (in German) issued by the Ministry of Science and Research that enabled and regulated e-voting. The Austrian e-voting pilot 2009 can hence be considered as failed.

National: Internet picks presidential candidate if Ackerman gets his way | The News Journal

It’s just after 8 a.m. on Nov. 11, and Peter Ackerman is staring at red numbers flashing on an electronic board. He sees 2,008,069. “That’s 2 million Americans who have signed on to having another candidate on the presidential ballot,” he says, beaming, in the Manhattan offices of the marketing agency for Americans Elect, the group he’s backing with more than $5 million. Ackerman, 65, who made more than $300 million working alongside Michael Milken at Drexel Burnham Lambert Inc.’s Beverly Hills, California, offices in the 1980s, is Americans Elect’s chairman and top donor. He wants to circumvent U.S. politics-as-usual by letting voters choose a presidential candidate via the Internet who, with a running mate from a different political party, will appear on every state ballot for the 2012 election, Bloomberg Markets magazine reports in its February issue.

Iowa: GOP explains moving vote tabulation away from HQ | Politico.com

Iowa GOP chair Matt Strawn was largely mum when I asked yesterday about a tip I got that the state party was moving the vote-tabulation away from their headquarters to an “undisclosed location.” But after the Iowa GOP HQ was flooded today with questions from Ron Paul backers and conspiracy-minded types about why the Republicans were compiling the votes from the state’s 99 counties in private, the state party’s executive director confirmed that they were going off-site and said it was only to avoid a sabotage.

“The Party is simply moving off-site in the event that protesters or others attempt to disrupt the reporting process by cutting phone lines, etc,” said party ED Chad Olsen. He added: “Every vote is counted. Every vote is reported. The vote-counting process is carried out in public.”

Voting Blogs: Election Results Websites Heading to the Cloud | GovTech

As more people go online to see polling results on Election Day, the increased traffic can wreak havoc on IT infrastructure not designed for huge spikes in demand. But experts agree that the cloud is starting to gain momentum for hosting those sites, due to the belief that the cloud is more reliable and can upscale quickly to avoid crashes.

Andy Pitman, industry solutions manager for Microsoft, said in addition to the technical benefits of the cloud, by not maintaining expensive infrastructure for a capability that’s only used sporadically each year, using cloud technology for elections reporting and results can also save governments money.

California: Americans Elect Candidate Will Be on California Ballot | ABC News

Americans Elect, an organization trying to draft a nonpartisan presidential ticket through online voting, has achieved what it called a “major milestone” in its effort, securing access to the ballot in California, the group announced today.

After collecting a record-breaking 1.62 million signatures, Americans Elect announced its nominee will be on the ballot in California, making the largest state in the nation’s 55 electoral votes up for grabs for an independent presidential candidate in 2012. “It’s a huge hurdle,” said Americans Elect Spokeswoman Ileana Wachtel. “It is probably the hardest state to get access in. Once California is accomplished I think anything could be accomplished. Any state is doable.”

Americans Elect now has a spot on the ballot in 12 states. It joins six other parties on the California ballot including, of course, Republicans and Democrats but also the Green Party, the Libertarian Party, the American Independent Party and the Peace and Freedom Party.