Australia: NSW’s online gamble: why internet and phone voting is too risky | The Conversation

Up to 250,000 votes are expected to be cast using the iVote electronic voting system between March 16 and the close of polls on March 28 in the New South Wales election. That would represent a massive increase on the 46,864 votes at the 2011 state election and could mean about 5% of the total vote is cast electronically, using a telephone or via the internet. It looks set to be by far the biggest test of electronic voting in Australia, which has largely been limited to small trials in the past, and one of the largest online votes worldwide. If the NSW election proves to be close, those electronic votes could prove crucial. But before electronic voting begins on Monday, people in NSW should be warned: there are many unanswered questions about the integrity and privacy of those votes. Late last year, the federal Joint Standing Committee on Electoral Matters recommended against electronic voting in federal elections. Its report concluded that:

Australia is not in a position to introduce any large-scale system of electronic voting in the near future without catastrophically compromising our electoral integrity.

Australia: NSW state election 2015: China may seek to hack electronic votes: report | The Canberra Times

If you thought Chinese intelligence agencies had more on their minds than the NSW election, you should think again, according to a security analysis that found our key trading partner may seek to disrupt the state’s democratic big day. A report commissioned by the NSW Electoral Commission warned cyber attacks could be waged against iVote, an electronic system that will allow eligible people to vote in the March 28 election using the internet or a phone. Up to 200,000 voters are expected to register. The consultants’ report, parts of which have been labelled “silly”, lumped groups such as al-Qaeda and the governments of China, North Korea and Iran with the home-grown “threat” of anti-coal and refugee activists. It claimed covert groups with a “broad spectrum of capability” may use “offensive actions” to influence the NSW election result, embarrass authorities or gain media attention.

Canada: Online voting still years away at the federal level | Northern Life

While it was a success in Greater Sudbury last October, online voting is still years away at the federal level, says Canada’s chief electoral officer. Marc Mayrand, who was in Sudbury on Sunday getting local election workers ready for this year’s federal election, said there are still too many issues with online voting for it to be done on a scale as big as a national vote. “The technology is there,” Mayrand said. “But there’s still issues around security (and) verification … Hackers are getting ever more sophisticated. And there are also concerns around transparency.” There’s also worry about switching from a system where election officials personally witness people voting, to one where voters use a PIN number to cast a ballot at home, or wherever they happen to be.

Tajikistan: Dirty Tricks Discredit Opposition Ahead of Tajikistan’s “Vote” | Transitions Online

Less than a month before elections to Tajikistan’s rubber-stamp parliament, members of the embattled opposition say the authoritarian-minded government is resorting to new tactics and old – sex tapes and arrests – to discredit them. A flurry of allegations about alleged sexual impropriety among members of the Islamic Renaissance Party of Tajikistan (IRPT) has surfaced on social media and state television in recent months. Meanwhile, another opposition group has seen several members arrested on what supporters call spurious charges. For longtime observers, the harassment in the run-up to the 1 March parliamentary elections is an unsurprising attempt to discredit opponents of President Imomali Rakhmon. In its most recent report on Tajikistan, Freedom House ranked the country’s electoral process a 6.75 out of 7, with 7 representing the farthest a country can be from democracy. The Central Asian state has never held an election judged free and fair by independent observers, though it regularly goes through the motions of holding polls. Eight parties, several of them loyal to the president, will field candidates in the elections next month.

Illinois: Voters to be placed in nationwide database | The Southern

At a time when computer systems of major corporations have been under attack by hackers, Illinois is poised to join other states in a first-ever national database of voter registration information. But, despite concerns from scholars and others who monitor online security, state and national officials involved in the Electronic Registration Information Center program say every registered voter’s information will be safe. “We make a pretty good argument that we do more to protect the data than the states do themselves. We follow above normal security protocols,” said John Lindback the executive director of the Washington D.C.-based ERIC program. In one of his final acts as governor, former Illinois Gov. Pat Quinn signed legislation that put Illinois on track to join other states in the program. The law was just one piece of a larger overhaul of state election law that included changes to absentee voting and ballot counting.

Poland: Hackers, IT problems disrupt Polish local elections | My Broadband

Poland’s president on Wednesday sought to calm a row over key weekend local and regional elections after computer glitches left the final tally up in the air. Exit polls in the Sunday vote, seen as a test for the centre-right government ahead of next year’s general election, showed voters handing a surprise victory to the conservative Law and Justice (PiS) opposition. But final results have not yet been released due to repeated crashes by the PKW national election commission’s servers. “We cannot allow for the integrity of the ballot to be called into question, namely through calls for the elections to be repeated. That’s complete madness,” said President Bronislaw Komorowski. He pledged after discussing the matter with justice officials that the votes would be counted “honestly”.

Spain: Catalonia ‘suffered cyber attack in independence vote’ | AFP

Catalan authorities suffered a massive cyberattack while the region was voting in an independence ballot outlawed by Madrid, their leader said on Tuesday. On polling day Sunday, the regional government’s computer systems received 60,000 times more hits than usual in “hard, organised cybernetic attacks”, said its president Artur Mas. “They tried to take down the Catalan government’s computer systems.” He was speaking to reporters in his first public address since Sunday’s polls, in which 2.3 million people turned out to vote on whether the rich region should break away from Spain.

Alaska: Online Voting Leaves Cybersecurity Experts Worried | IEEE Spectrum

Some Americans who lined up at the ballot boxes on Tuesday may have wished for the convenience of online voting. But cybersecurity experts continue to argue that such systems would be vulnerable to vote tampering — warnings that did not stop Alaska from allowing voters to cast electronic ballots in a major election that had both a Senate seat and the governorship up for grabs. There was no evidence of tampering during the first use of Alaska’s online voting system in 2012. But cybersecurity experts have gone on the record as saying that hackers could easily compromise or alter online voting results without being detected. Alaska’s own election site includes a disclaimer about votes cast through online voting or by fax. “When returning the ballot through the secure online voting solution, your are voluntarily waiving your right to a secret ballot and are assuming the risk that a faulty transmission may occur,” according to Alaska’s Division of Elections website.

Alaska: Hackers Could Decide Who Controls Congress Thanks to Alaska’s Terrible Internet Ballots | The Intercept

When Alaska voters go to the polls tomorrow to help decide whether the U.S. Senate will remain in Democratic control, thousands will do so electronically, using Alaska’s first-in-the-nation internet voting system. And according to the internet security experts, including the former top cybersecurity official for the Department of Homeland Security, that system is a security nightmare that threatens to put control of the U.S. Congress in the hands of foreign or domestic hackers. Any registered Alaska voter can obtain an electronic ballot, mark it on their computers using a web-based interface, save the ballot as a PDF, and return it to their county elections department through what the state calls “a dedicated secure data center behind a layer of redundant firewalls under constant physical and application monitoring to ensure the security of the system, voter privacy, and election integrity.” That sounds great, but even the state acknowledges in an online disclaimer that things could go awry, warning that “when returning the ballot through the secure online voting solution, your are voluntarily waving [sic] your right to a secret ballot and are assuming the risk that a faulty transmission may occur.”

Canada: Rise of e-voting is inevitable, as is risk of hacking | The Globe and Mail

It took just one typo in one line of code to elect a malevolent computer program mayor of Washington, D.C. In the fall of 2010, the District staged a mock election to test out a new online voting system, and invited hackers to check its security. A team from the University of Michigan took them up on the offer. They quickly found a flaw in the code and broke in. They changed every vote. Master Control Program, the self-aware software that attempts to take over the world in the film Tron, was a runaway write-in candidate for mayor. Skynet, the system that runs a robot army in the Terminator franchise, was elected to Congress. And Bender, the hard-drinking android in the cartoon Futurama, became a member of the school board. Incredibly, it took D.C. officials two days to realize they had been hacked. …The use of Internet voting is exploding. Nearly 100 Ontario municipalities are using it in Monday’s election – including one that will even ditch paper ballots entirely. Proponents contend it is not only more convenient, but more equitable, giving people who cannot get to physical polling stations the same opportunity to vote as everyone else. But the expansion of e-voting has also caused consternation for some security researchers and municipal officials. They worry that entrusting this pillar of democracy to computers is too great a risk, given the potential for software problems – or hackers determined to put beer-swilling robots on the school board.

Ukraine: Hackers target Ukraine’s election website | AFP

Hackers attacked Ukraine’s election commission website on Saturday on the eve of parliamentary polls, officials said, but they denied Russian reports that the vote counting system itself had been put out of action. The www.cvk.gov.ua site, run by the commission in charge of organising Sunday’s election, briefly shut down. Ukrainian security officials blamed a denial-of-service (DDoS) attack, a method that can slow down or disable a network by flooding it with communications requests. “There is a DDoS attack on the commission’s site,” the government information security service said on its Facebook page. The security service said the attack was “predictable” and that measures had been prepared in advance to ensure that the election site could not be completely taken down. “If a site runs slowly, that doesn’t mean it has been destroyed by hackers,” the statement said. A report on Russia’s state news agency RIA Novosti quoted a statement on the personal website of the Ukrainian prosecutor general saying that the electronic vote counting system was out of order and that Sunday’s ballots would have to be counted by hand. The commission spokesperson, Kostyantyn Khivrenko, called the RIA Novosti report a “fake”.

National: Three years later, Pentagon unit still hides Internet voting test results | McClatchy

A nonprofit watchdog group is suing an obscure Defense Department unit over its failure for three years to disclose the results of testing on the security safeguards of Internet voting systems that are increasingly being used to cast absentee ballots. The Pentagon unit, the Federal Voting Assistance Program, has effectively bankrolled many states’ shift to online voting, disbursing tens of millions of dollars in grants for the purchase of equipment that includes Internet balloting options. Its actions have drawn consternation from cyber experts, who have warned for years that Internet voting is an easy target for hackers who could tamper with or even fix election results. The government’s premier technology testing agency also has refused to endorse these systems. Now, on the eve of another federal election in which at least 31 states plan to use some form of online voting, the Electronic Privacy Information Center is pressing a Freedom of Information Act lawsuit demanding disclosure of the test results so it can disseminate the information nationwide.

Tennessee: Nine Losing Candidates Challenge August Vote | Memphis Daily News

Nine losing candidates from the August elections are contesting the results in a Shelby County Chancery Court lawsuit. … It was filed earlier in General Sessions Court before the new filing in Chancery Court. The lawsuit, filed pro se by Brown and Ross against the Shelby County Election Commission, seeks “a vote recount and/or the setting aside of the election results as they are individually affected and a declaration declaring them to have won the election.” The action also seeks an open inspection of records from the election, including computer records.

Maryland: Testimony ends in federal online ballot tool case | The Washington Post

A judge said Tuesday that he expects to rule “very quickly” on a lawsuit seeking to force Maryland officials to implement an online ballot-marking tool for the blind, a case that could impact other states that don’t use the tool. Lawyers for the National Federation of the Blind are hoping to have the tool in place in time for November’s elections. Their lawsuit, filed in U.S. District Court in Baltimore, contends that the state is in violation of the Americans with Disabilities Act for not using the technology, which they say would safeguard blind voters’ privacy. During three days of testimony that wrapped up Tuesday, Maryland Assistant Attorney General Dan Friedman argued that officials should not be forced to use something that has not been certified by the Maryland State Board of Elections. And another advocacy group for the blind, the Maryland chapter of the American Council of the Blind, said they think the tool could be vulnerable to hackers.

Maryland: Ballots for blind residents case heard in court | The Washington Post

A federal lawsuit to require the state of Maryland to provide online absentee ballots designed to protect the privacy of blind and disabled voters went before a federal judge on Wednesday. The ballot-marking system enables the blind to mark their voting selections on a computer. Then, they would print out their ballot as a bar code that could not be read by someone who mails the ballot in for them. Attorneys for the American Federation of the Blind, which filed the lawsuit, are trying to persuade U.S. District Judge Richard Bennett to require Maryland to use the ballots in November’s election. Sixteen other states use the tool. However, attorneys for the American Council of the Blind in Maryland argued in court against implementing the Web-based ballot-marking system, saying it is subject to fraud and computer hackers.

National: Court case: Voting via the Internet is a civil rights issue for disabled | Al Jazeera

The debate over whether Americans should be permitted to vote via the Internet has long pitted voting system manufacturers, who frame it to election officials as inevitable and modern, against top cybersecurity experts who insist it cannot be done without inviting wide-scale fraud. In recent months, however, a powerful new force has joined the fight: people with disabilities, insisting that using electronic ballots from their homes ought to be seen as a right guaranteed by the Americans With Disabilities Act. Most notably, a federal judge in Maryland is scheduled next month to hear arguments as to whether the state board of elections must certify a system that involves the Internet-based delivery and marking of absentee ballots for people with disabilities. The lawsuit’s main plaintiff is the National Federation for the Blind (NFB), joined by a man with cerebral palsy and a woman who is deaf and blind. Separately, the Utah legislature in March passed the Internet Voting Pilot Project Act to permit county election officials to develop systems for people with disabilities to vote online. No actual system has been proposed or adopted yet. …  Those systems are worrisome to opponents, but for the most part they represent a relatively small number of voters scattered across the nation. The focus on Maryland is the result of both limited resources and the fear of a federal precedent, said Susan Greenhalgh of Verified Voting, a watchdog group that raises concerns about vulnerabilities in electronic voting systems of all types.

Australia: AEC concerned about safety of electronic voting | The Australian

Australians are unlikely to be able to cast their votes electronically in a federal election any time soon. Acting Australian Electoral Commissioner Tom Rogers today poured cold water on the push to introduce a trial of e-voting at the next federal poll, conceding his comments risked caricaturing him as a cautious bureaucrat. Mr Rogers voiced concerns about whether the AEC could implement e-voting safely. … “I would have to be honest with you and say I’m concerned about our ability to introduce some form of electronic voting safely.

Australia: AEC warns against e-voting trial before next election | ZDNet

The Australian Electoral Commission (AEC) does not have the internal capabilities to safely carry out an e-voting trial prior to the next federal election, according to the acting Electoral Commissioner, Tom Rogers. Rogers, who spoke today at a parliamentary committee hearing investigating electoral matters, said that he was not confident the AEC could safely introduce electronic voting. “I’m concerned about our ability to introduce some form of electronic voting, safely,” he said. “We could introduce something, but we may end up back in a WA sort of situation if we’re not careful, in a short space of time. “I would be worried about any form large scale adoption before the next election, even a trial. We would not have the internal ability now to do that. We would have already had to have started that process,” he said. “I’m concerned, as the acting commissioner, about whether I can tell you faithfully that we can implement a safe solution.”

Utah: Committee to investigate electronic voting options in Utah | Daily Herald

A new committee created by Utah’s lieutenant governor will look at what it will take to move the state to the point where it can hold elections online.  Lt. Gov. Spencer Cox’s office announced the formation of the committee Tuesday. The group, which is officially named the iVote Advisory Committee, is made up of state legislators, election officials in the state and individuals who have a strong background in Internet security.  “This is the beginning of just trying to understand electronic voting,” said Mark Thomas, director of elections for the state of Utah.  … Cox and Thomas both explained there are a number of hurdles that need to be crossed before Utah could host an online election. First would be how to create a process that allows for a ballot to be cast and kept confidential but provide a way for the election to be audited. Another hurdle would be how to protect the integrity of the vote count from hackers.

Canada: Toronto cancels plan to allow online, phone voting for disabled citizens in 2014 | Toronto Star

Toronto’s government has cancelled a plan to allow disabled residents to vote online and by phone in the 2014 election, saying there is not enough time to build and test the system. Council only approved the online and phone voting in February, a month into the campaign period. The city clerk said she had the authority to call off the project “to protect the integrity of the election” if key deadlines were not met. She did so this month. “The clerk engaged independent third-party experts, including an accessibility and usability expert, two security and cryptographic experts, an external auditing firm and a testing firm,” city officials wrote in a report to council. “There is insufficient time for the third-party experts to conduct a full assessment of the security and accessibility of the (system) before the start of Internet and telephone voting registration on September 8, 2014.”

Indonesia: Volunteer Indonesia Vote Count Website Under Attack | The Jakarta Globe

A website built by volunteers to trawl through publicly available General Election Commission (KPU) data and conduct its own informal vote count came under attack from hackers on Thursday, according to the site’s founder — a day after it published data showing Joko Widodo in the lead. “Our team is fighting; there are only five of us against hundreds,” KawalPemilu.com founder Ainun Najib told news portal Tempo.co on Thursday. Ainun, a former International Math Olympiad champion, said the attacks began on Wednesday afternoon after news spread that the site had posted data showing Joko Widodo and running mate Jusuf Kalla ahead with just under 53 percent of the vote.

Indonesia: As Indonesia’s democracy is on the verge of crisis, hackers and fakers attack crowdsourced vote counts | Tech Asia

Indonesia’s young democracy is on the verge of a crisis with two presidential candidates claiming victory after last week’s general election. Both candidates have declared that they have received the people’s mandate to lead the country, and the nation is gearing up towards July 22 when the General Elections Commissions (KPU) will be announcing the winner based on the official vote tally. But both candidates are likely going to challenge the count, possibly leading to a stalemate and a constitutional emergency. So the KPU has done something breathtaking in Indonesia: releasing the vote tally documents to the public. Indonesians now can go to the KPU site and download all the scanned documents and count the votes themselves. This has sparked people to start up initiatives such as Kawal Suara, a site that crowdsources the count, and Kawal Pemilu, where a 700-man team of volunteers is counting the ballots in a “secret Facebook group” and publishing the count results in real-time on their website. Other initiatives include a Tumblr site called C1 Yang Aneh, which collects ballot documents which have unusual data, like a wrong tally or, worse, documents with no numbers. Even the KPU recently suggested its members to check the website to help identify the documents. C1 Yang Aneh now has over 100 verified “weird” documents after 900 documents were flagged by crowdsourced helpers.

Tunisia: Voter registration disrupted by hackers | BBC

Hackers have briefly disrupted online voter registration for elections in Tunisia later this year, the election commission has said. Registration on the internet and by SMS was temporarily suspended following a “pirate attack”, it added. The commission, known as Isie, did not say who was behind the hacking. The elections in October and November will be the second in Tunisia since long-serving ruler Zine al-Abidine Ben Ali was ousted in 2011.

Oregon: Website breach: State officials failed to patch ‘high risk’ software problem | OregonLive.com

The hackers who breached the Oregon Secretary of State’s website in February probably exploited software that cybersecurity websites had identified as vulnerable but that state IT officials had not patched, documents and information obtained by The Oregonian show. On Friday, agency spokesman Tony Green said the hackers first gained access to the site Jan. 21. That’s one week earlier than previously disclosed and two weeks before the breach was detected Feb. 4. The attack, possibly from China or North Korea, prompted officials to take the state’s campaign finance and business registry databases offline for about three weeks. State officials also closed international access to the entire website for weeks, and this week declined to say what controls on foreign traffic remain.

China: San Francisco firm defends Hong Kong vote from online attack | Los Angeles Times

Two weeks ago, Matthew Prince, the chief executive of San Francisco tech company CloudFlare, had no clue that people in Hong Kong were preparing to hold a controversial online referendum on democratic reforms. By Thursday night, half a world away from the southern Chinese city, he found himself on the front lines of a battle to defend the nonbinding, unofficial vote from sabotage. Amazon Web Services and Hong Kong’s UDomain had initially been onboard to support and protect the voting website. But at the last minute, both bowed out, saying the expected size of the cyberassault could affect their other customers. That was a somewhat worrying sign for Prince and team, whose small, 5-year-old company specializes in making websites run more quickly and smoothly and preventing disruptions and recently launched a pro bono service for situations just like this.

China: Herculean hacking attack takes aim at Hong Kong’s dreams of democracy | The Globe and Mail

The full fury of the Internet attack started three hours before polls opened. As people in Hong Kong prepared to cast electronic ballots in an effort to show Chinese authorities their hunger for democracy, hackers opened fire with a potent effort to derail the vote. Suddenly, a flood of data swarmed the servers designed to handle the voting in a poll held by Occupy Central with Love and Peace, a burgeoning protest movement that has sought the right for Hong Kong people to nominate and elect their own chief executive, the territory’s most powerful position. But the informal vote on universal suffrage was attacked by at least 300 gigabits of data per second – and perhaps as high as 600, a level not before reached in a publicly disclosed hacking attack. The torrent reached 200 million packets, or tiny bits of data, per second. It was “just a stunning amount of traffic,” said Matthew Prince, chief executive officer of CloudFlare, the San Francisco-based Internet security company that managed to keep the website online.

Oklahoma: Democrats blame hacker for shoe sales pitch — State party website leads to Nike shoe site | Muskogee Phoenix

Perhaps neon yellow Nike running shoes are a tongue-in-cheek allusion to Democratic candidates “running” for office and trying to get people to the polls. Because when many visitors checked the state Democratic Party’s website Thursday, they were promised “Absolute flexibility for a natural run” and told to “Just Do It.” The problem: Those messages came from Nike, not Democrats.

China: Beijing Implicated As Hong Kong Vote Sites Crash Under Massive DDoS | Infosecurity

Even Amazon Web Services servers couldn’t cope with traffic overload. A major anti-Beijing news site and an online voting platform have been hit by major DDoS attacks rendering them unusable, just days before an unofficial referendum in Hong Kong on universal suffrage. The websites of the popular Apple Daily newspaper in Hong Kong and Taiwan were both inaccessible for much of Wednesday, while the Public Opinion Programme at the University of Hong Kong was still down at the time of writing. The university was appointed, along with Center for Social Policy Studies at the Hong Kong Polytechnic University, to carry out an online referendum on voting rights in the Special Administrative Region (SAR) of China. Occupy Central, a movement striving for universal suffrage, organized the vote from June 20-22.

China: Cyber Security Breach Threatens Hong Kong’s Democratic Reform ‘Referendum’ | International Business Times

One of the people in charge of a Hong Kong voting website has claimed that distributed denial-of-service attacks (DDoS) have crashed the site a few days before it is running a poll on whether citizens want democratic reform in the former British colony. The unofficial referendum is meant to be a litmus test over how Hong Kong citizens view the pace of political reforms in the country after Communist Party leaders in Beijing promised change when it reverted back to Chinese rule in 1997. However, according to the site’s organiser Benny Tai, the system was flooded with “billions of visits” meaning that the poll on political dissatisfaction cannot be reached by voters at this time.

China: Electoral reform referendum voting hours to be extended after cyberattacks | South China Morning Post

Occupy Central organisers will extend the voting hours of their three-day citywide ballot on electoral reform to buffer the exercise against a deluge of cyberattacks. The electronic system that had been set up to accept advance registrations came under more than 10 billion cyberattacks in a total of 20 hours over the past few days, the organisers said. One internet security expert said “the scale of attack was unprecedented in the history of Hong Kong” and believed at least 5,000 computers were involved. The June 20-22 “referendum” can also accept votes at 15 polling stations set up across the city – but these would be opened only on Sunday and could accommodate a total of about 70,000 votes at most, Occupy organiser Dr Chan Kin-man said yesterday.