The Conservative People’s Party of Estonia (EKRE) has submitted an appeal to Estonia’s National Electoral Committee challenging the committee’s decision to allow e-voting in the local elections this October despite a detected security risk that could affect 750,000 ID cards. According to EKRE parliamentary group chairman Martin Helme, the party finds that the Sept. 6 decision of the National Electoral Committee to still allow e-voting in the upcoming elections opens them up to vote manipulation and the influencing of election results, party spokespeople said. The party is seeking to have e-voting called off and the elections to be held with paper ballots exclusively.
Estonia suffered an embarrassing blow to its much-vaunted ID cards that underpin everything from electronic voting to online banking, just days before hosting a big EU exercise on cyber warfare. International scientists have informed Estonian officials that they have found a security risk that affects almost 750,000 ID cards and that would enable a hacker to steal a person’s identity. The Baltic country of just 1.3m people stressed there was no evidence of a hack of what it has proclaimed to be the world’s most advanced IT card system. The cards are used to access a wide range of digital services from signing documents to submitting tax returns and checking medical records, as well as by foreigners who are e-residents in the country.
Editorials: Internet voting and paperless machines have got to go | Barbara Simons/Minneapolis Star Tribune
“They’ll be back in 2020, they may be back in 2018, and one of the lessons they may draw from this is that they were successful because they introduced chaos and division and discord and sowed doubt about the nature of this amazing country of ours and our democratic process.” — Former FBI Director James Comey, testifying about the Russian government before a House Intelligence Committee hearing, March 20, 2017
We are facing a major national security threat. As former Director Comey stated, we know that Russia attacked our 2016 election, and there is every reason to expect further attacks on our elections from nations, criminals and others until we repair our badly broken voting systems. Despite a decade of warnings from computer security experts, 33 states allow internet voting for some or all voters, and a quarter of our country still votes on computerized, paperless voting machines that cannot be recounted and for which there have been demonstrated hacks. If we know how to hack these voting systems, so do the Russians and Chinese and North Koreans and Iranians and ….
Editorials: Online Voting Won’t Save Democracy – but letting people use the internet to register to vote is a start | Bruce Schneier/The Atlantic
Technology can do a lot more to make our elections more secure and reliable, and to ensure that participation in the democratic process is available to all. There are three parts to this process. First, the voter registration process can improved. The whole process can be streamlined. People should be able to register online, just as they can register for other government services. The voter rolls need to be protected from tampering, as that’s one of the major ways hackers can disrupt the election. Second, the voting process can be significantly improved. Voting machines need to be made more secure. There are a lot of technical details best left to the voting-security experts who can deal with the technical details, but such machines must include a paper ballot that provides a record verifiable by voters. The simplest and most reliable way to do that is already practiced in 37 states: optical-scan paper ballots, marked by the voters, counted by computer but recountable by hand. We need national security standards for voting machines, and funding for states to procure machines that comply with those standards. This means no Internet voting.
The Liberal government says it will not pursue mandatory or online voting for federal elections. The Liberals had raised the ideas for consideration in their 2015 election platform and tasked the special committee on electoral reform with studying the possibilities. But MPs on the special committee were divided on the merits of mandatory voting and concerned about the security of online voting, and recommended against pursuing either. In a formal response to the committee’s report, submitted on Monday, Minister of Democratic Institutions Karina Gould said the government agrees with the committee. “While Canadians feel that online voting in federal elections would have a positive effect on voter turnout, their support is contingent on assurances that online voting would not result in increased security risks,” Gould wrote. “We agree.”
Australia: Western Australia’s Web votes have security worries, say ‘white hat’ security experts | The Register
The Western Australian government is pushing back against concerns about the security of its implementation of the iVote electoral system. iVote is an electronic system already used in another Australian State, New South Wales, primarily as an accessibility tool because it lets the vision-impaired and others with disabilities vote without assistance. Perhaps in response to last year’s Census debacle, Western Australia has decided to put in place denial-of-service (DoS) protection, and that’s attracted the attention of a group of veteran electronic vote-watchers. Writing at the University of Melbourne’s Pursuit publication, the group notes that the DoS proxy is not in Australia: it’s provided by Imperva’s Incapsula DoS protection service. That raises several issues, the academics (Dr Chris Culnane and Dr Vanessa Teague of the University of Melbourne, Dr Yuval Yarom and Mark Eldridge of the University of Adelaide, and Dr Aleksander Essex of Western University in Canada) note. First: the TLS certificate iVote uses to secure its communications is signed not by the WA government, but by Incapsula; and second, that means Incapsula is decrypting votes on their way from a voter to the State’s Electoral Commission.
Casting a secret ballot in the upcoming election might not be so secret or secure depending on where – and how – you vote, according to a new report The Secret Ballot at Risk: Recommendations for Protecting Democracy. The report was coauthored by three leading organizations focused on voting technology, the Electronic Privacy Information Center (EPIC), Verified Voting and Common Cause.
Caitriona Fitzgerald, State Policy Coordinator for EPIC and a co-author of the report, said, “The secret ballot is a core value in all 50 states. Yet states are asking some voters to waive this right. That threatens voting freedom and election integrity. This report will help safeguard voter privacy.”
This year 32 states will allow voting by email, fax and internet portals – mostly for overseas and military voters. In most states, voters using Internet voting must waive their right to a secret ballot.
Giving up the right to a secret ballot threatens the freedom to vote as one chooses, argue the report authors. The report cites several examples of employers making political participation a condition of employment — such as an Ohio coal mining company requiring its workers to attend a Presidential candidate’s rally – and not paying them for their time.
“On Election Day, we all are equal. The Secret Ballot ensures voters that employers’ political opinions stop at the ballot box,” said Susannah Goodman, director of Common Cause’s national Voting Integrity Campaign. “The Secret Ballot was established for a reason. The Secret Ballot ensures that we can all vote our conscience without undue intimidation and coercion.”
United Kingdom: Former MI6 chief warns over hacking risk to electronic voting in UK elections | Telegraph
A former head of MI6 has warned against switching elections to electronic voting because of the risk of hacking and cyber attacks. Sir John Sawers said the traditional method of pencil and paper voting in polling booths was more secure than electronic alternatives. The retired spy chief spoke after his successor recently warned that cyber attacks and attempts to subvert democracy by states like Russia pose a fundamental threat to British sovereignty. Fears of high tech meddling in polls have been heightened by American accusations that Kremlin-backed cyber gangs hacked US political organisations and leaked sensitive emails to deliberately undermine the presidential elections. All parliamentary and council elections in the UK are currently carried out with ballot papers, but a commission set up by the speaker, John Bercow, in 2015 called for secure online voting to be available by 2020.
National: Here Are All the Ways That Technology Could Screw Up Today’s Election | MIT Technology Review
As millions of people head to polling stations to cast their votes, there can be no denying that today will have its fair share of drama—and much of it could be influenced by technology. For one thing, hackers could send polling stations into chaos. They probably won’t mess with your ballot, though—if they do try to skew results, it would be by tampering with voter registration information. So if you turn up to the booths and are unable to cast your vote, there’s a chance that hackers are to blame. Then there’s the issue of Internet voting. In total, 31 states use the Internet to collect votes in some way—and in Alaska, anyone’s allowed to vote through a website. That’s despite the fact that it’s demonstrably a risky practice, open to hacking and manipulation.
Tens of thousands of military and overseas Americans casting ballots online this fall face a high risk of being hacked, threatening to cause chaos around Election Day if their votes get manipulated or they transmit viruses to state and local election offices. More than 30 states — including battlegrounds such as Colorado, Florida, Iowa, Nevada and North Carolina — allow various methods of online voting for citizens living outside the U.S. While state officials insist their ballots will be counted without any serious problems, ample warnings are nonetheless being sounded from the left, right and even inside the federal government that internet votes can’t be securely transmitted in today’s everything-is-hackable environment. “It’s not something you would do with your Social Security number. You shouldn’t do it with your ballot,” warned Susannah Goodman, director of voting integrity at Common Cause. It’s a point of pride for many states that Americans abroad and overseas troops can even cast a ballot online using the latest in technology, giving these voters a say on their next commander in chief even if they’re stationed in a remote or even hostile location, like Afghanistan or Iraq.