State law enforcement officials served a search warrant Monday morning in the investigation of two men accused of hacking the Lee County supervisor of elections website. “There was an attempted hacking of the website, but this is an ongoing investigation,” said Vicki Collins, spokeswoman for the Lee County Supervisor of Elections. “The info they accessed was an old server with no (useful) information on it … Nobody is compromised.” Dan Sinclair is running for supervisor position against the incumbent Supervisor of Elections Sharon Harrington. He appeared in a video of the hacking posted to YouTube with David Levin, CEO of Vanguard Cybersecurity, walking through how Levin hacked into the Lee elections website a couple of weeks ago.
An unprecedented hack attack to which the Central Election Commission of Bulgaria and several ministries were exposed on local elections day last week will not affect voting results, officials say. On Sunday, as Bulgarians were casting ballots in local and municipal elections and in a national referendum on e-voting, the so-called “distributed denial-of-service” (DDoS) attack hit the commission’s website which provided updates on voter turnout. The incident began just hours into the election, with over 65 000 000 simultaneous sessions targeting the website. That would be equal to an attempt by 65 000 000 users to access the website at the same time, while Bulgaria’s population numbers just 7.2 million.
As voting day unfolded, there were various controversies in Bulgaria’s October 25 2015 municipal elections and national referendum on whether to introduce online voting. After many complaints, the Central Election Commission said that it had instrructed polling stations to issue voters with ballots for the referendum as well as for the local elections. Posts on social networks and media reports said that there were cases where voters were either not given ballot papers for the referendum or were asked whether or not they wanted one. Another major concern was a delay in announcing up-to-date figures on voter turnout, which according to the Central Election Commission was because of its website being brought down by the weight of traffic as municipal election commissions reported these figures.
New Zealand: Wellington opts into online election despite Ashley Madison-style hack warnings | The Dominion Post
Wellington has been warned it faces an Ashley Madison-style election hack as it opts for online voting for 2016. In a split vote, councillors have agreed to join a trial of online voting for next year’s election – despite warnings from IT experts about potential security risks with e-voting. At Wednesday’s extraordinary full council meeting, software developer Nigel McNie said online voting opened up the process to “massive risk”. “Hacking is a risk. Consider the Ashley Madison hack, which I’m sure most of you have heard of.” He said “one small hole” in the adultery hookup site led to its hack, and eventual destruction. In July, it was revealed about 36 million members globally had their details leaked in the 9.7-gigabyte data dump on the dark web.
Hackers in California attacked several of the Russian government’s websites over the weekend, Russian officials said on Monday, just as the country was trying to conduct elections. “Someone attempted to hack our website and alter the data there, making 50,000 requests per minute,” said Vladimir Churov, chairman of the Central Election Commission of Russia, according to a report in the state-funded Russia Today. Such an attack is known as a distributed denial of service, which is designed to crash a website.
Fears of voter fraud and security breaches have led the Christchurch City Council to ditch plans to participate in an online voting trial. The council had provisionally registered its interest in being part of an online voting trial the Government is proposing to run at next year’s local body elections, but councillors on Thursday decided they wanted no part of it. Their decision followed a deputation from a group of IT experts who told them the security risks with online voting were too high and could open the election up to fraud. … Group spokesman Jonathan Hunt, who has more than 25 years experience in the IT field, said online voting brought inherent risks compared with postal voting, such as hacking and phishing, and the risks to democracy were too great to attempt it. Overseas experiences with online voting had generally been disastrous and many of the countries that had trialled it had subsequently abandoned it. “Secure online voting is a tantalising mirage,” said Hunt.
A proposal for 10 local authorities to move to online voting at next year’s elections is seriously flawed, an IT expert says. Five councils have already signed up to the trial, with a further five, including Christchurch, Wellington and Hamilton, yet to decide. Local body elections are currently carried out via postal voting. Local Government New Zealand, which proposed the trial, said online voting would future-proof elections from the eventual demise of postal services. President Lawrence Yule said an increasing number of activities were carried out safely online and there was no reason why voting should not be as well. “If we took the worry about fraud or hacking to its logical extreme, then nobody would use online banking for instance, and people do by their millions. So I think it’s a matter of balancing up the risks and the benefits of this.” An IT expert, who has previously advised the Government on security problems with online voting, said the trial carried a lot of risk in return for very few benefits. Dave Lane said there was currently no way to guarantee an online voting system would be safe from a hacking attack. “It is possible, for a trivial amount of money … to engage sufficient computing resources internationally to completely knock over any online or electronic voting system we have, just for fun.”
A recent government decision to deny nine cantons the ability to offer e-voting for the upcoming federal elections has come under fire. Critics say it threatens the broader use of electronic voting in the future. In a press release last month, the government said an audit of the electronic voting system developed by American company Unisys revealed major security flaws in the protection of voting secrecy. The machine was proposed by a consortium of nine cantons to be used in the upcoming elections. The government’s decision means that despite significant progress in introducing e-voting to Switzerland in recent years, just four of 13 cantons that applied to offer e-voting during the October parliamentary elections have been authorised to do so. Critics of the decision say that a large majority of the 142,000 Swiss abroad registered to vote will now not be able to do so by electronic means. “The government’s decision is not only incomprehensible, but it is also likely to call into question the people’s confidence in the credibility of e-voting,” says Peter Grünenfelder, chancellor of Aargau and president of the consortium of nine cantons based in the Zurich region that were refused access to electronic voting. Grünenfelder believes that by rejecting the use of the American-developed technology, the government is hoping to support publicly developed e-voting systems, such as the one used by Geneva, rather than private ones. However, government spokesman André Simonazzi rejects this hypothesis and says the cantons have had 18 months to ensure the electronic voting system met the required security conditions. “In the area of protecting voting secrecy in particular, some serious deficiencies were noted,” Simonazzi said. “In the case of a cyber-attack, hackers would have been able to reveal the electors’ vote, which is not tolerable in a democracy.”
What if a foreign head of state had the power to handpick our next President? It sounds like the plot of a movie, but it actually might be in the realm of possibility.Most people take our elections for granted. The few who don’t often suspect that one party might be trying to steal votes from the other. But they don’t envision that the theft could be coming from outside US borders.What experts are telling us, though, is that our voting machines are so insecure that all elections, whether at the national, state, or local level, are vulnerable to being attacked by hackers in other countries. … Given that the security at some of our most protected institutions can be breached, and given that US elections pose an enticing target for our adversaries, what would prevent a foreign agent from hacking our ballot boxes? The answer: Not much. Experts indicate that the election systems in place today do not provide the adequate protection that would be able to stop a foreign hacker — a hacker anywhere, in fact — from rigging our races. Even worse, these attacks could go undetected.
Could hackers swing a U.S. election? With the 2016 presidential race already well underway, it’s time for us to take cyber threats to our electoral process much more seriously. Over the years, a number of security researchers, ‘ethical hackers’ and government agencies have warned about the risks, but little has been done to prevent these attacks. Hacking just a few electoral districts could allow an attacker to swing an election in a close race. The U.S. has had close elections multiple times in the past. In 1960, John F. Kennedy squeaked out a victory over Richard Nixon by just 0.1%. In the 2000 presidential election, the decision came down to just a few votes in Florida. In the end, the Supreme Court had to determine the winner.
Editorials: Bruce Schneier movie-plot threat contest: Winning entry imagines online voting gone wrong. | Slate
Imagine this: It’s the morning of Election Day, 2020. Americans across the country cast secure, encrypted votes from their smartphones and laptops, electronically choosing their president for the first time in history. Turnout reaches record highs. Live results online show that it’s a close race between the two leading candidates. But by early afternoon, an independent candidate—a sketchy figure with ties to multiple terrorist organizations and no public support whatsoever—mysteriously takes the lead. At 4 p.m., he officially wins the election. The American people rise up in protest: Clearly, hacking, bribery, or other nefarious activity has taken place. However, because the voting software is designed with end-to-end encryption to ensure anonymity, no audit or recount is possible. America’s next president is a terrorist. This is the hypothetical scenario that won Bruce Schneier’s annual online “movie-plot threat” contest by popular vote this past weekend.
National: Weak Internet Security Leaves U.S. Elections Agency Vulnerable to Hackers, Reports Find | Wall Street Journal
Weak Internet-security measures at the Federal Election Commission could impair the agency’s ability to carry out one of its primary missions: making information about who is funding U.S. elections available to the public. The FEC hasn’t implemented improvements that were recommended after a series of attacks on its website—including at least one successful hack—leaving it vulnerable to future breaches, according to three previously unreported internal reports. It took the agency weeks to get its campaign-finance disclosure system fully back up to speed after an attack by hackers in China disrupted its operation during the October 2013 government shutdown, when all of the agency’s 335 employees had been furloughed.
Editorials: As Utah’s GOP looks to an Internet presidential primary in 2016, be cautious, inclusive in adopting online voting | Richard Davis/Deseret News
The world of politics is changing dramatically. A few years ago, the notion of voting online was a dream. Now, it is becoming a reality. Universities are holding student elections online. Corporations are now using online voting to conduct shareholder meetings. In a few nations such as Canada, Estonia and Switzerland, online voting conducted by governments in official elections is becoming routine. Online voting is not common in the United States. The Reform Party selected its presidential candidate through online voting in 1996. The Democratic Party in Arizona held an online primary election in 2000. Some states have experimented with online voting for military personnel overseas. Those are rare exceptions. Why is online voting still a distant prospect? Security! Experiments of online voting systems have found them susceptible to hacking, which has made governments cautious about using them to determine electoral outcomes.
People can shop, date and bank online. How feasible would it be to allow internet voting at the general election? Imagine democracy had just been invented. Would the UK government decide to set up 50,000 polling stations on Thursday 7 May? Or would the vote be taking place online instead? Until the 1870s those people allowed to vote did so openly with no privacy. The 1872 Ballot Act changed this with the invention of the “modern” polling station – the church hall with its wooden booths, a pencil on string and piles of ballot papers handed out by earnest election workers. Since then the way we vote has hardly changed. Today people shop, find a partner and bank online. Surely voting online is possible? The government says not. In January, Sam Gyimah, the constitution minister, told the House of Commons: “I feel [that] moving to electronic voting would be a huge task for any government. We can’t be under any illusion that this would be easy to achieve.” Remote voting was “incredibly rare” around the world and would require a “very robust and secure” system, Gyimah said.
Mayor Len Brown wants the Government to rethink its ban on Auckland taking part in the online voting trial at the 2016 local body elections. Auckland has been excluded at this stage because, with 1,050,000 electors, the bureaucrats are worried about their ability “to mitigate any risk”. Auckland Council sees online voting as part of its campaign to lift voter turnout to “at least” the 2013 national average of around 40 per cent at next year’s poll. In 2013, only 34 per cent of enrolled Auckland voters bothered. … In the aftermath of the 2013 low turnout, Local Government Minister Chris Tremain announced plans to fast-track trials of online voting. Last December, the Cabinet agreed to a limited number of local authorities trialling it in 2016. But not Auckland. Their fears about risk seem well placed.
The Supreme Court of India has directed the Government of India to enable e-voting facility for the Indians living abroad. This historical decision will let the NRIs to vote online making things better for the Electorate. Earlier, NRIs used to fly back home to cast their vote during elections but now they can vote for their favourite candidate with a click of a mouse. The Election Commission had earlier recommended e-ballot voting for Indian passport holders abroad. The Government had given voting rights to the NRIs in 2010, but as per the rule – the voter has to be present in their constituency on the day of voting. But with this things might change for better. The Central Government had told the Supreme Court that the EC’s recommendation to extend voting rights to NRIs through postal ballots have been accepted in letter and spirit. Taking note of the submissions, a bench comprising Chief Justice HL Dattu and AK Sikri asked the Government to inform it about “further steps taken to implement the suggestions.”
Australians won’t have the chance to vote electronically any time soon, after a parliamentary committee put the idea on ice. Beloved of netizens for at least 20 years, ‘net voting – as distinct from other ways in which IT&T change our electoral processes – was pitched to the committee on the basis that people “would rather be online than in line” (as the committee’s chair Tony Smith writes in the introduction). However, there’s no chance that with only two years remaining before the next federal election, a suitable system could be selected and rolled out, the Joint Parliamentary Committee on Electoral Matters says in the report posted here. Not only would the logistics be catastrophic, the report states: there’s no way to verify that someone voting over the Internet doesn’t have someone else standing over them, and the lack of privacy “opens up a market” for votes to be bought. The report notes that “technological convenience must be balanced against electoral integrity”. The report also makes the inevitable nod towards the risk of hacking.
Computer hackers have attacked the website of Poland’s electoral commission, which is still unable to publish full returns from local elections because of an unrelated computer glitch, officials said Wednesday. The State Electoral Commission said while the website hacking incident didn’t add further difficulties to the vote counting process, it ordered its officials to change their passwords. The problems have undermined the credibility of Sunday’s vote, which has been seen as a test of strength for new Prime Minister Ewa Kopacz before next year’s general election.
Here’s a view of the super storm Sandy disruption you may not have heard about — a new step in Garden State voting some think was a big failure. After Sandy, Lieutenant Gov. Kim Guadagno in her dual role as secretary of state told county clerks she issued an emergency order granting any registered voter displaced by Sandy to ability to cast votes via email or fax. Journalist Steve Friess writes the Constitutional Rights Clinic at Rutgers Law School-Newark spent the past 18 months following a public document trail to show how that went. The team was led by law professor Penny Venetis. “There was mass confusion among county officials and voters alike,”‘ the 83-page report, called “The Perfect Storm: Voting in New Jersey in the Wake of Superstorm Sandy,” said.
On the eve of Brazil’s presidential election, the Superior Electoral Court has dismissed reports that the country’s electronic voting system is vulnerable to hacking. The court’s president, Jose Dias Toffoli, has acknowledged that hackers make frequent attempts to break into the electronic ballots. But the system was “safe and fraud-proof”, Mr Toffoli said. More than 142 million Brazilians will go to the polls on Sunday. … O Globo newspaper has reported that the voting machines were the target of 200,000 cyber attacks per second two weeks ago.
Pennsylvania: State Supreme Court Hears Arguments Over Electronic Voting Machines | The Legal Intelligencer
The state Supreme Court on Wednesday heard arguments as to whether electronic voting machines that do not produce simultaneous paper records of each vote cast violate the Pennsylvania Election Code. The 24 petitioners in the matter, whose case was argued by Michael Daly of Drinker Biddle & Reath, are seeking a declaratory judgment that would direct Carol Aichele, the secretary of the commonwealth of Pennsylvania, to decertify the direct-recording electronic voting systems. Before the justices, Daly contended the direct-recording electronic (DRE) machines do not provide a permanent physical record of each vote cast, as the code mandates. Although the machines can print records on request, Daly explained to the court that neither the printed records nor the electronic records satisfied the code’s requirement. Daly highlighted the petitioners’ argument that the digital records couldn’t be considered physical records since they were software-dependent, and the data could be altered or used for a fraudulent purpose without detection. He added that the machines were “utterly incapable” of verifying that a vote was cast the way the voter intended it to be.
Police may be called in to probe the suspected hacking of the online voting system used to elect Jim Prentice as Alberta Tory party leader and premier-designate, a senior party official said Sunday. PC party executive director Kelley Charlebois said it appears there were multiple attempts to infiltrate the website during the 36 hours of voting that ended at 6 p.m. Saturday. “Attempts were made throughout the voting process to hack into the system,” Charlebois said in an interview. He said there appear to have been several cyberattacks on the website and possibly the telephone voting system. “I can’t say if it was organizations or individuals, I just know that different attempts were made through different IP addresses.” Charlebois stressed the attempts to infiltrate the system were thwarted by internal security systems. He said the party is still waiting for a full report from the company hired to conduct the online vote and will call in police to investigate once the attacks are confirmed. “We certainly feel it is our responsibility — if we suspect the law has been broken — that we contact the appropriate authorities,” he said. “We haven’t reached a point yet where we have confirmed all the information.”
New Zealand’s electoral commission is confident no one can hack into its servers and access election results, but there’s still a possibility cyber criminals could target its website. Amid an election campaign that has been dominated by emails of controversial blogger Cameron Slater leaked by a hacker known as Rawshark, it seems no system is impenetrable to rogues with the right skills and network. Hackers in the United States have also previously shown how they can circumvent the security measures on electronic voting machines to change votes. Despite the risk of manipulation, there’s been no reported instances of votes in the US being compromised. New Zealand’s Electoral Commission doesn’t want to disclose how it fights cyber attacks, but says it has a robust system in place for the September 20 election. “The Electoral Commission takes information security and privacy very seriously,” said chief electoral officer Robert Peden.
Australia: Government rejects Senate order to disclose Electoral Commission software code | Sydney Morning Herald
The government has rejected a Senate demand to disclose the Australian Electoral Commission’s secret computer code used to electronically count Senate preference votes. The motion, passed by the Senate last week, was prompted by the AEC’s refusal to comply with a freedom of information request made by digital activist Michael Cordover. He wanted to scrutinise the source code for the EasyCount application, but the AEC’s chief legal officer Paul Pirani instead declared him “vexatious”. The Senate motion, introduced by Greens senator Lee Rhiannon, called on Special Minister of State Michael Ronaldson to table the source code, as well as correspondence and documents relevant to the decision to have Mr Cordover declared a “vexatious” applicant and the assertion he “colluded” with another activist to “harrass” the AEC. … Mr Ronaldson said the government would not table any documents or correspondence relating to Mr Cordover’s FOI request, because the matter would soon appear before the Administrative Appeals Tribunal. He also refused to publish the source code for the Senate counting system.
Here’s an idea for streamlining our national elections. Once people have voted, how about we scoop up all the ballot papers, put them into a big sack, and hand it to a group of masked strangers? They take the sack away somewhere — somewhere secret, so no-one can interfere with them — and some time later they return and just tell us who won. I reckon it’d be cheaper and a lot less trouble for everyone than all this slow, manual counting in front of scrutineers, right? No? Don’t like it? Well, boys and girls, given that the Australian government is refusing to show us the source code for the Australian Electoral Commissions’s EasyCount software, that’s pretty much exactly how your votes for the Senate are being counted right now. Your Senate votes, the ones where you’ve carefully specified your preferences for dozens of candidates, go into the black box of EasyCount, magic happens, and out pops the result.
The Australian Electoral Commission has refused a Senate order to reveal the underlying source code of the EasyCount software used to tabulate votes in upper house elections. A motion moved by Greens Senator Lee Rhiannon on 10 July directed Special Minister of State Michael Ronaldson to table the source code as well as correspondence between Ronaldson’s office and the AEC relating to a freedom of information request for the source code. In October, following the fraught outcome of the Senate election in WA, Hobart lawyer Michael Cordover filed a freedom of information application with the AEC requesting the release of the source code and documentation of any data formats used by the software. The AEC rejected the FOI application, citing section 45 of the FOI Act, which exempts “documents that disclose trade secrets”.
In 2007, the Estonian government came under a massive denial-of-service attack that crippled the country’s banking, government and law enforcement infrastructure. Nobody took responsibility for the flood of bogus Internet traffic, but some suspected Russia was the culprit. Given what we know about Russia’s aggressive border policies, it’s a plausible theory. The Kremlin, after all, had a motive: Estonia had recently taken down a Soviet-era statue, and ethnic Russians were up in arms about it. If Moscow wanted to take the opportunity to meddle in Estonia’s affairs, according to research by an international team of security experts, it could do so cleanly and silently without anyone being the wiser. The attack could come via Estonia’s online voting system. Estonia’s is one of the only such ballot systems in the world, which makes it a fascinating test case for other countries or governments weighing the costs and benefits of e-voting. Unfortunately, the researchers discovered, this system is vulnerable to hacking in ways that could change the outcome of entire elections.
Iowa: Democratic National Committee Discusses Rules, Iowa Thinks Internet Options | US News & World Report
Iowa Democrats are mulling a slate of ways to boost participation in their next presidential caucuses, including permitting Internet voting, a controversial method that would mark the first time in history the web is utilized to cast an official ballot preference for president. Hawkeye State Democrats are in the midst of surveying how to most effectively expand access to those who would like to participate in the unique caucus process, but cannot due to residency or military service overseas or age or physical restrictions that keep them in hospitals and nursing homes. It could also enfranchise participation among blue-collar workers who have shifts during the evening hours when caucuses are held. … A co-chair of the committee noted that the DNC would likely need to amend the existing rule to permit caucus states to exercise the Internet option. Currently the existing rule only applies to party-run state primaries. “I didn’t even know the damn thing was there,” remarked DNC committeeman Harold Ickes about the Internet option. The remark prompted laughter in the ballroom, but the implications of online voting would be serious.
Secretary of State Kate Brown has informed the Oregon Legislature that she’ll be asking for money to hire a security contractor to fix her website, which was taken offline after hackers broke in. Brown’s office hired a contractor to review security upgrades and another to help manage communication with website users, said Tony Green, a spokesman for the secretary of state’s office. Brown’s office has cut off access to the state’s business registry and campaign finance records since the hacking was discovered Feb. 4. Officials have said little about what information was compromised or when the website will work, but they insist personal information is safe. The hackers did not get access to the state’s central voter registration database, officials say. Green declined again Friday to say when the website might return or whether the public can be assured of having access to campaign finance information before the primary in May or local elections next month. The office has suspended fines for businesses that are late in paying annual fees.
More than two weeks after the Oregon secretary of state’s office said it detected and stopped an intrusion into the agency’s website, the breach could now be the subject of a federal investigation. Spokesman for the secretary of state’s office, Tony Green, told the On Your Side Investigators that the agency reached out to the FBI after its campaign finance portion of the website was compromised in early February. They also contacted the Oregon State Police, which investigates cybercrimes. “This appears to be an orchestrated intrusion from a foreign entity and not the result of any employee activities,” according to the agency’s website.