Russia’s president Vladimir Putin on Saturday approved changes to the country’s electoral law, allowing the public to vote electronically or by mail in future polls, the Kremlin said. The new law allows the Central Election Commission to organise voting by mail or via the Internet. The gathering of signatures needed to qualify for elections can be conducted through a special government website. Supporters of the new system say it will help stop the spread of the coronavirus. Critics complain that an electronic system will be easier to manipulate and that Russians will not be able to protest against the changes because of the coronavirus lockdown. In January, Putin proposed changes to the constitution that could pave the way for his indefinite rule, and remained secretive about the reforms he proposed, saying that they were intended to strengthen government bodies.
Download the following letter sent on behalf of the Brennan Center for Justice at NYU School of Law, Common Cause, and Verified Voting, to express our concern about the use of internet voting options in New Jersey elections.
Dear Governor Murphy, Attorney General Grewal, Secretary Way, and Director Giles:
We write concerning the use of internet voting options in recent local elections, as well as statements from state officials that this limited implementation will serve as a pilot for potential expanded use in future elections. We agree with the legal conclusions expressed in Professor Penny Venetis’s May 7th letter, that the use of internet voting would violate the statewide court order issued in Gusciora v. Corzine, and we are aware of new litigation brought by Mercer County Assemblyman Reed Gusciora and New Jersey citizen groups arguing the same. As Judge Feinberg recognized in Gusciora, “as long as computers, dedicated to handling election matters, are connected to the Internet, the safety and security of our voting systems are in jeopardy.” While we recognize the challenges that the pandemic poses for our democracy and the need to expand voting options to ensure free and safe elections, these expansions should not be done in a way that jeopardizes election security. And the overwhelming consensus among security experts is that no method of internet voting can be conducted in a secure manner at this time. For this reason, we strongly urge you to refrain from any further use of internet or mobile voting systems in 2020.
It is often said, “every vote counts.” In West Virginia, every voter counts, too. For too long, segments of voters have been disenfranchised from our democratic process through no fault of their own. Deployed armed services members often lack access to mail, printers, and scanners — components needed for casting paper ballots from remote locations. Similarly, voters living with a physical disability are often prevented from marking and casting a ballot secretly when they cannot make it to the polls in person. Technological advancements have torn down barriers to convenient interaction with government and private entities and have increased accessibility without sacrificing a person’s privacy. It is common for people to bank, transfer money, sign documents, shop and receive sensitive medical information via mobile devices, regardless their location around the world. Not only is technology available to help people vote, West Virginia law now requires it. On February 3, 2020, West Virginia took a huge step forward to expand the voting franchise with the signing into law of SB 94. This law requires election officials to make absentee voting fully accessible to voters with physical disabilities who are prevented from voting in-person at the polls and from marking ballots without assistance. These absentee voters with physical disabilities now have an option to mail or electronically submit their ballot back to their county clerk using approved technology.
The idea of e-voting in Switzerland has been a bold dream, but the future of the entire project is now in doubt. Sceptics seem to have won the day, at least for the moment. So what issues do experts have with it? We talk to two of them. Let us first remember what has happened. The federal government put out a proposal to use an e-voting system but opponents, in this case computer scientists, were sceptical and critical. There followed an emotional debate among politicians, civil servants and the computer scientists, leading to an informed decision. It was decided that the danger of vote manipulation is too great, for it runs the risk of breaking Switzerland’s political backbone of direct democracy. Democracy also means, however, that no decision is ever cast in stone.
National: The vote-by-phone tech trend is scaring the life out of security experts | Eric Halper/Los Angeles Times
With their playbook for pushing government boundaries as a guide, some Silicon Valley investors are nudging election officials toward an innovation that prominent coders and cryptographers warn is downright dangerous for democracy. Voting by phone could be coming soon to an election near you. As seasoned disruptors of the status quo, tech pioneers have proven persuasive in selling the idea, even as the National Academies of Science, Engineering and Medicine specifically warn against any such experiment. The fight over mobile voting pits technologists who warn about the risks of entrusting voting to apps and cellphones against others who see internet voting as the only hope for getting most Americans to consistently participate on election day. “There are so many things that could go wrong,” said Marian Schneider, president of Verified Voting, a coalition of computer scientists and government transparency advocates pushing for more-secure elections. “It is an odd time for this to be gaining momentum.”
This article originally appeared on Electronic Frontier Foundation’s website on February 4th, 2019 Experts agree: Internet voting would be an information security disaster. Unfortunately, the Commonwealth of Virginia is considering a pair of bills to experiment with online voting. Pilot programs will do nothing to contradict the years of unanimous empirical research showing that online voting…
The future of voting should not involve your cellphone, according to a leading cybersecurity expert. In a first-of-its-kind pilot program, West Virginia will test blockchain encrypted mobile phone voting for members of the U.S. military. But Joe Hall, chief technologist and director of internet architecture at the Center for Democracy & Technology, warned that the plan presents a host of risks. “West Virginia has taken the ridiculous step of deciding that they’re going to not only vote on a mobile device, which in and of itself is just a bad idea, but use a blockchain mechanism, something associated with crypto-currency or bitcoin,” Hall told Grant Burningham, host of the Yahoo News podcast “Bots & Ballots.” In a September interview with Burningham, venture capitalist Bradley Tusk argued that his foundation’s plan to test cellphone voting was a way to boost voter participation in the U.S. However, Hall believes the risks outweigh the possible benefits.
Amid suspicions of interference in the 2016 elections, states must be more careful than ever to provide heightened security in this year’s primaries. Yet, West Virginia has just introduced a more vulnerable form of voting for deployed military personnel. West Virginia is now the first state to pilot blockchain technology, to allow some deployed soldiers to vote through mobile phones. Yet cyber security experts warn that this technology, also used for cryptocurrencies, poses dangers for voting. Instead of pioneering voting’s future, West Virginia is paving the way for future election hacking. Blockchain technology addresses only part of the security process currently used by those administering U.S. elections. It’s like installing a high-tech lock and alarm system in your home, and then leaving a front door key and the alarm pass code under the doormat. The alarm system may work perfectly, but until the keys and pass codes are also secure, your home won’t be secure, either.
Dr. Vanessa Teague is one frustrated cryptographer. A researcher at the University of Melbourne in Australia, Teague has twice demonstrated massive security flaws in the online voting systems used in state elections in Australia — including one of the largest deployments of online voting ever, the 2015 New South Wales (NSW) state election, with 280,000 votes cast online. The response? Official complaints about her efforts to university administrators, and a determination by state election officials to keep using online voting, despite ample empirical proof, she says, that these systems are not secure.
The Election Commission of Pakistan (ECP) has formed a committee to conduct a technical audit of the Internet voting solution process that was proposed by the National Database and Registration Authority (Nadra). The task force formed on the directions of the Supreme Court is mandated to assess the technical soundness of the web-based automated system that has been designed to help overseas Pakistanis vote through the Internet. Only expatriates who have been issued national identity cards for overseas Pakistanis and valid machine-readable passports will be eligible to use the system to cast their votes.
Editorials: Blockchain is not only crappy technology but a bad vision for the future | Kai Stinchcombe/Medium
Blockchain is not only crappy technology but a bad vision for the future. Its failure to achieve adoption to date is because systems built on trust, norms, and institutions inherently function better than the type of no-need-for-trusted-parties systems blockchain envisions. That’s permanent: no matter how much blockchain improves it is still headed in the wrong direction. This December I wrote a widely-circulated article on the inapplicability of blockchain to any actual problem. People objected mostly not to the technology argument, but rather hoped that decentralization could produce integrity.
IT experts on Thursday raised objections over an e-voting software prepared by National Database and Registration Authority (NADRA) to enable overseas Pakistanis to cast their votes in the forthcoming elections. A three-member bench of the Supreme Court, led by Chief Justice Saqib Nisar, Thursday resumed hearing of a case pertaining to voting rights to overseas Pakistanis. During the hearing, the NADRA chairman briefed the SC bench, officials of the Election Commission of Pakistan (ECP) and representatives of different political parties on the e-voting system. The official said that providing e-voting facility to around 7 million overseas Pakistanis would cost Rs150 million.
Bradley Tusk is best known as the former political operative who invented lobbying for the sharing economy. He’s the guy who claims credit for turning hordes of Uber customers into city-hall picketers whenever the ride-hailing company objected to new taxi regulations in New York, Washington, or a half-dozen other cities. When states tried to crack down on fantasy sports websites that offer daily cash prizes, one of the biggest, Fanduel, hired Tusk to mobilize its user base to hit back at attorneys general. When a local government suggests that the the people who pick up home-improvement jobs through Handy should be classified as employees entitled to benefits, the app calls in Tusk to argue that those workers are independent contractors. … But Tusk’s financial backing and the Warner family’s enthusiasm shouldn’t be taken as proof that elections can be conducted securely over the internet, says Duncan Buell, a computer science professor at the University of South Carolina who focuses on voting systems and election integrity. “I am strongly opposed to electronic voting, and I think the whole notion of internet voting is completely nuts,” Buell says. “There are a number of issues that come up. The first is authentication. How do you verify who’s at the other end?”
Security concerns have re-emerged to further frustrate the Finnish government’s plans to launch a national e-voting system. But the country’s Ministry of Justice (MoJ) working group, which is leading the project, insists the venture is delayed rather than mothballed. Finland’s online e-voting project will now enter a problem-solving phase to identify advanced, effective and best practice solutions to protect a future e-voting system. … The MoJ estimates that the cost of launching and operating an e-voting system, based on a 15-year timespan, will be about €32m. But the risks attached to launching online voting in Finland currently outweigh its benefits, said Johanna Suurpää, chair of the MoJ’s e-voting working group (eVWG). “Our present position is that online voting should not be introduced in general elections as the risks are greater than the benefits,” said Suurpää. In its project feasibility report presented to the MoJ, the eVWG conceded that although a Finnish online e-voting system is technically possible, the technology available is not yet at a “sufficiently high level to meet all the requirements”.
The Alaska Division of Elections has announced it will suspend a little-used absentee voting program in an effort to improve the security of the state’s elections. In a note released last week, the division said it had received a “B” grade for election security in a recent study conducted by the Center for American Progress, a progressive public policy group. “B” was the highest grade awarded to any state in the country; 11 states received the ranking, the report indicated. Alaska’s report drew attention to the way the state handles absentee ballots submitted from overseas.
A leading data protection expert has warned of future security breaches if the government’s plan to introduce e-voting at a nationwide level goes ahead. Bruno Baeriswyl, data protection commissioner in canton Zurich, urged the authorities to give up plans, announced last April, for online voting across Switzerland. Speaking on the occasion of this year’s European Data Privacy Day at the end of January, Baeriswylexternal link said that current technology could not guarantee that ballots remain secret in votes and elections. He and other cantonal data protection commissioners argued that digitalisation could undermine democratic principles even while online systems help to simplify procedures. “The current systems for e-voting override the secret ballot in votes and elections. But it is imperative that all transactions must always be verifiable in a secure system. As a result, either we have ballot secrecy or we don’t have a secure method,” Baeriswyl said. “And this is highly risky for our democracy.”
National Database and Registration Authority (Nadra) Chairman Usman Mobin is set to apprise the Supreme Court on Monday of “non-technical challenges” and the minimum time required to develop an integrated internet voting system to enable overseas Pakistanis to cast their votes in the upcoming general elections. During the last hearing of the petitions seeking the right of vote for overseas Pakistanis, the Nadra chairman had tried to make a presentation before a SC bench, headed by Chief Justice Saqib Nisar, on the internet voting system, but at the outset he was intercepted by the chief justice when he sought a five-month time for developing the system. … Nadra spokesman Faik Ali, when contacted, said that after the court’s directive a Nadra team headed by the chairman held meetings with the ECP officials to discuss modalities, time frame and non-technical challenges related to the mechanism. He said the Nadra chairman would apprise the Supreme Court of the outcome of these meetings on Monday.
Kaspersky, the Russian cybersecurity company accused of helping the Kremlin spy on the U.S. intelligence agencies as part of its 2016 election meddling, has launched a new product aimed at helping secure online voting and make elections more transparent and open. Polys, an online voting platform built using the same blockchain technology that underpins bitcoin, allows anyone to conduct “secure, anonymous, and scalable online voting with results that cannot be altered by participants or organizers,” the company said. Kaspersky is already speaking to a number of “politicians and political organizations in Europe” about using the system, and it says that countries in western Europe, Scandinavia and Asia are technologically and mentally ready to make the change to online voting. But one place Kaspersky will not be hawking Polys is Washington.
In order to ensure the security of online voting systems used in Switzerland, the government needs to issue a challenge to the worldwide hacker community, offering rewards to anyone who can “blow holes in the system”, says a computer scientist in parliament. Since it began in 2000, Switzerland’s e-voting project has been a matter of controversy. While some have been calling for its introduction to be fast-tracked in all the country’s 26 cantons, others would like to see the project slowed. In parliament there has been a call for a moratorium on electronic voting in the whole country for four years, except for the Swiss abroad. To put an end to all the concerns and convince the critics that security and secrecy of online voting can be guaranteed, Radical Party parliamentarian Marcel Dobler thinks there needs to be an unequivocal demonstration that systems used in Switzerland are proof against computer piracy. The best way to do this, he says, is to invite hackers to target them.
Many of the 11,000 voting machines in New Jersey are so old, officials said, they will soon have to be replaced. Amid concerns about hacking, state lawmakers are examining how to make sure new machines will be more secure. While there’s no evidence of hacking, the machines are hackable, said Assemblyman Andrew Zwicker, D-Middlesex. And Princeton computer science professor Andrew Appel said he could quickly break the security seals on a voting machine, replace the chip that records the results, and reseal it so the tampering would be undetectable. “I was able to get a bunch of them and figure out what their weaknesses are,” he said during a hearing before lawmakers Thursday. “So if you have three or four seals on there, it’ll take me 10 minutes to get them off.”
The Supreme Court of Estonia rejected the appeal of the Conservative People’s Party of Estonia (EKRE) of the National Electoral Committee’s Sept. 6 decision not to ban electronic voting at the local government council elections taking place next month. The Supreme Court explained that, according to the Local Government Council Election Act, the National Electoral Committee has the right not to start electronic voting if the security or reliability of the electronic voting system cannot be ensured in such way that electronic voting could be conducted pursuant to the requirements of the act. The National Electoral Committee is not, however, required to cancel e-voting if it receives information indicating the possibility of adverse consequences.
The Conservative People’s Party of Estonia (EKRE) has submitted an appeal to Estonia’s National Electoral Committee challenging the committee’s decision to allow e-voting in the local elections this October despite a detected security risk that could affect 750,000 ID cards.
According to EKRE parliamentary group chairman Martin Helme, the party finds that the Sept. 6 decision of the National Electoral Committee to still allow e-voting in the upcoming elections opens them up to vote manipulation and the influencing of election results, party spokespeople said. The party is seeking to have e-voting called off and the elections to be held with paper ballots exclusively.
Estonia suffered an embarrassing blow to its much-vaunted ID cards that underpin everything from electronic voting to online banking, just days before hosting a big EU exercise on cyber warfare. International scientists have informed Estonian officials that they have found a security risk that affects almost 750,000 ID cards and that would enable a hacker to steal a person’s identity. The Baltic country of just 1.3m people stressed there was no evidence of a hack of what it has proclaimed to be the world’s most advanced IT card system. The cards are used to access a wide range of digital services from signing documents to submitting tax returns and checking medical records, as well as by foreigners who are e-residents in the country.
Editorials: Internet voting and paperless machines have got to go | Barbara Simons/Minneapolis Star Tribune
“They’ll be back in 2020, they may be back in 2018, and one of the lessons they may draw from this is that they were successful because they introduced chaos and division and discord and sowed doubt about the nature of this amazing country of ours and our democratic process.” — Former FBI Director James Comey, testifying about the Russian government before a House Intelligence Committee hearing, March 20, 2017
We are facing a major national security threat. As former Director Comey stated, we know that Russia attacked our 2016 election, and there is every reason to expect further attacks on our elections from nations, criminals and others until we repair our badly broken voting systems. Despite a decade of warnings from computer security experts, 33 states allow internet voting for some or all voters, and a quarter of our country still votes on computerized, paperless voting machines that cannot be recounted and for which there have been demonstrated hacks. If we know how to hack these voting systems, so do the Russians and Chinese and North Koreans and Iranians and ….
Editorials: Online Voting Won’t Save Democracy – but letting people use the internet to register to vote is a start | Bruce Schneier/The Atlantic
Technology can do a lot more to make our elections more secure and reliable, and to ensure that participation in the democratic process is available to all. There are three parts to this process. First, the voter registration process can improved. The whole process can be streamlined. People should be able to register online, just as they can register for other government services. The voter rolls need to be protected from tampering, as that’s one of the major ways hackers can disrupt the election. Second, the voting process can be significantly improved. Voting machines need to be made more secure. There are a lot of technical details best left to the voting-security experts who can deal with the technical details, but such machines must include a paper ballot that provides a record verifiable by voters. The simplest and most reliable way to do that is already practiced in 37 states: optical-scan paper ballots, marked by the voters, counted by computer but recountable by hand. We need national security standards for voting machines, and funding for states to procure machines that comply with those standards. This means no Internet voting.
The Liberal government says it will not pursue mandatory or online voting for federal elections. The Liberals had raised the ideas for consideration in their 2015 election platform and tasked the special committee on electoral reform with studying the possibilities. But MPs on the special committee were divided on the merits of mandatory voting and concerned about the security of online voting, and recommended against pursuing either. In a formal response to the committee’s report, submitted on Monday, Minister of Democratic Institutions Karina Gould said the government agrees with the committee. “While Canadians feel that online voting in federal elections would have a positive effect on voter turnout, their support is contingent on assurances that online voting would not result in increased security risks,” Gould wrote. “We agree.”
Australia: Western Australia’s Web votes have security worries, say ‘white hat’ security experts | The Register
The Western Australian government is pushing back against concerns about the security of its implementation of the iVote electoral system. iVote is an electronic system already used in another Australian State, New South Wales, primarily as an accessibility tool because it lets the vision-impaired and others with disabilities vote without assistance. Perhaps in response to last year’s Census debacle, Western Australia has decided to put in place denial-of-service (DoS) protection, and that’s attracted the attention of a group of veteran electronic vote-watchers. Writing at the University of Melbourne’s Pursuit publication, the group notes that the DoS proxy is not in Australia: it’s provided by Imperva’s Incapsula DoS protection service. That raises several issues, the academics (Dr Chris Culnane and Dr Vanessa Teague of the University of Melbourne, Dr Yuval Yarom and Mark Eldridge of the University of Adelaide, and Dr Aleksander Essex of Western University in Canada) note. First: the TLS certificate iVote uses to secure its communications is signed not by the WA government, but by Incapsula; and second, that means Incapsula is decrypting votes on their way from a voter to the State’s Electoral Commission.
Casting a secret ballot in the upcoming election might not be so secret or secure depending on where – and how – you vote, according to a new report The Secret Ballot at Risk: Recommendations for Protecting Democracy. The report was coauthored by three leading organizations focused on voting technology, the Electronic Privacy Information Center (EPIC), Verified Voting and Common Cause.
Caitriona Fitzgerald, State Policy Coordinator for EPIC and a co-author of the report, said, “The secret ballot is a core value in all 50 states. Yet states are asking some voters to waive this right. That threatens voting freedom and election integrity. This report will help safeguard voter privacy.”
This year 32 states will allow voting by email, fax and internet portals – mostly for overseas and military voters. In most states, voters using Internet voting must waive their right to a secret ballot.
Giving up the right to a secret ballot threatens the freedom to vote as one chooses, argue the report authors. The report cites several examples of employers making political participation a condition of employment — such as an Ohio coal mining company requiring its workers to attend a Presidential candidate’s rally – and not paying them for their time.
“On Election Day, we all are equal. The Secret Ballot ensures voters that employers’ political opinions stop at the ballot box,” said Susannah Goodman, director of Common Cause’s national Voting Integrity Campaign. “The Secret Ballot was established for a reason. The Secret Ballot ensures that we can all vote our conscience without undue intimidation and coercion.”
Marc Rotenberg, EPIC President, agreed, “The secret ballot is the cornerstone of modern democracy. The states must do more to protect the privacy of voters.”
United Kingdom: Former MI6 chief warns over hacking risk to electronic voting in UK elections | Telegraph
A former head of MI6 has warned against switching elections to electronic voting because of the risk of hacking and cyber attacks. Sir John Sawers said the traditional method of pencil and paper voting in polling booths was more secure than electronic alternatives. The retired spy chief spoke after his successor recently warned that cyber attacks and attempts to subvert democracy by states like Russia pose a fundamental threat to British sovereignty. Fears of high tech meddling in polls have been heightened by American accusations that Kremlin-backed cyber gangs hacked US political organisations and leaked sensitive emails to deliberately undermine the presidential elections. All parliamentary and council elections in the UK are currently carried out with ballot papers, but a commission set up by the speaker, John Bercow, in 2015 called for secure online voting to be available by 2020.
National: Here Are All the Ways That Technology Could Screw Up Today’s Election | MIT Technology Review
As millions of people head to polling stations to cast their votes, there can be no denying that today will have its fair share of drama—and much of it could be influenced by technology. For one thing, hackers could send polling stations into chaos. They probably won’t mess with your ballot, though—if they do try to skew results, it would be by tampering with voter registration information. So if you turn up to the booths and are unable to cast your vote, there’s a chance that hackers are to blame. Then there’s the issue of Internet voting. In total, 31 states use the Internet to collect votes in some way—and in Alaska, anyone’s allowed to vote through a website. That’s despite the fact that it’s demonstrably a risky practice, open to hacking and manipulation.