Kaspersky, the Russian cybersecurity company accused of helping the Kremlin spy on the U.S. intelligence agencies as part of its 2016 election meddling, has launched a new product aimed at helping secure online voting and make elections more transparent and open. Polys, an online voting platform built using the same blockchain technology that underpins bitcoin, allows anyone to conduct “secure, anonymous, and scalable online voting with results that cannot be altered by participants or organizers,” the company said. Kaspersky is already speaking to a number of “politicians and political organizations in Europe” about using the system, and it says that countries in western Europe, Scandinavia and Asia are technologically and mentally ready to make the change to online voting. But one place Kaspersky will not be hawking Polys is Washington.
In order to ensure the security of online voting systems used in Switzerland, the government needs to issue a challenge to the worldwide hacker community, offering rewards to anyone who can “blow holes in the system”, says a computer scientist in parliament. Since it began in 2000, Switzerland’s e-voting project has been a matter of controversy. While some have been calling for its introduction to be fast-tracked in all the country’s 26 cantons, others would like to see the project slowed. In parliament there has been a call for a moratorium on electronic voting in the whole country for four years, except for the Swiss abroad. To put an end to all the concerns and convince the critics that security and secrecy of online voting can be guaranteed, Radical Party parliamentarian Marcel Dobler thinks there needs to be an unequivocal demonstration that systems used in Switzerland are proof against computer piracy. The best way to do this, he says, is to invite hackers to target them.
Many of the 11,000 voting machines in New Jersey are so old, officials said, they will soon have to be replaced. Amid concerns about hacking, state lawmakers are examining how to make sure new machines will be more secure. While there’s no evidence of hacking, the machines are hackable, said Assemblyman Andrew Zwicker, D-Middlesex. And Princeton computer science professor Andrew Appel said he could quickly break the security seals on a voting machine, replace the chip that records the results, and reseal it so the tampering would be undetectable. “I was able to get a bunch of them and figure out what their weaknesses are,” he said during a hearing before lawmakers Thursday. “So if you have three or four seals on there, it’ll take me 10 minutes to get them off.”
The Supreme Court of Estonia rejected the appeal of the Conservative People’s Party of Estonia (EKRE) of the National Electoral Committee’s Sept. 6 decision not to ban electronic voting at the local government council elections taking place next month. The Supreme Court explained that, according to the Local Government Council Election Act, the National Electoral Committee has the right not to start electronic voting if the security or reliability of the electronic voting system cannot be ensured in such way that electronic voting could be conducted pursuant to the requirements of the act. The National Electoral Committee is not, however, required to cancel e-voting if it receives information indicating the possibility of adverse consequences.
The Conservative People’s Party of Estonia (EKRE) has submitted an appeal to Estonia’s National Electoral Committee challenging the committee’s decision to allow e-voting in the local elections this October despite a detected security risk that could affect 750,000 ID cards. According to EKRE parliamentary group chairman Martin Helme, the party finds that the Sept. 6 decision of the National Electoral Committee to still allow e-voting in the upcoming elections opens them up to vote manipulation and the influencing of election results, party spokespeople said. The party is seeking to have e-voting called off and the elections to be held with paper ballots exclusively.
Estonia suffered an embarrassing blow to its much-vaunted ID cards that underpin everything from electronic voting to online banking, just days before hosting a big EU exercise on cyber warfare. International scientists have informed Estonian officials that they have found a security risk that affects almost 750,000 ID cards and that would enable a hacker to steal a person’s identity. The Baltic country of just 1.3m people stressed there was no evidence of a hack of what it has proclaimed to be the world’s most advanced IT card system. The cards are used to access a wide range of digital services from signing documents to submitting tax returns and checking medical records, as well as by foreigners who are e-residents in the country.
Editorials: Internet voting and paperless machines have got to go | Barbara Simons/Minneapolis Star Tribune
“They’ll be back in 2020, they may be back in 2018, and one of the lessons they may draw from this is that they were successful because they introduced chaos and division and discord and sowed doubt about the nature of this amazing country of ours and our democratic process.” — Former FBI Director James Comey, testifying about the Russian government before a House Intelligence Committee hearing, March 20, 2017
We are facing a major national security threat. As former Director Comey stated, we know that Russia attacked our 2016 election, and there is every reason to expect further attacks on our elections from nations, criminals and others until we repair our badly broken voting systems. Despite a decade of warnings from computer security experts, 33 states allow internet voting for some or all voters, and a quarter of our country still votes on computerized, paperless voting machines that cannot be recounted and for which there have been demonstrated hacks. If we know how to hack these voting systems, so do the Russians and Chinese and North Koreans and Iranians and ….
Editorials: Online Voting Won’t Save Democracy – but letting people use the internet to register to vote is a start | Bruce Schneier/The Atlantic
Technology can do a lot more to make our elections more secure and reliable, and to ensure that participation in the democratic process is available to all. There are three parts to this process. First, the voter registration process can improved. The whole process can be streamlined. People should be able to register online, just as they can register for other government services. The voter rolls need to be protected from tampering, as that’s one of the major ways hackers can disrupt the election. Second, the voting process can be significantly improved. Voting machines need to be made more secure. There are a lot of technical details best left to the voting-security experts who can deal with the technical details, but such machines must include a paper ballot that provides a record verifiable by voters. The simplest and most reliable way to do that is already practiced in 37 states: optical-scan paper ballots, marked by the voters, counted by computer but recountable by hand. We need national security standards for voting machines, and funding for states to procure machines that comply with those standards. This means no Internet voting.
The Liberal government says it will not pursue mandatory or online voting for federal elections. The Liberals had raised the ideas for consideration in their 2015 election platform and tasked the special committee on electoral reform with studying the possibilities. But MPs on the special committee were divided on the merits of mandatory voting and concerned about the security of online voting, and recommended against pursuing either. In a formal response to the committee’s report, submitted on Monday, Minister of Democratic Institutions Karina Gould said the government agrees with the committee. “While Canadians feel that online voting in federal elections would have a positive effect on voter turnout, their support is contingent on assurances that online voting would not result in increased security risks,” Gould wrote. “We agree.”
Australia: Western Australia’s Web votes have security worries, say ‘white hat’ security experts | The Register
The Western Australian government is pushing back against concerns about the security of its implementation of the iVote electoral system. iVote is an electronic system already used in another Australian State, New South Wales, primarily as an accessibility tool because it lets the vision-impaired and others with disabilities vote without assistance. Perhaps in response to last year’s Census debacle, Western Australia has decided to put in place denial-of-service (DoS) protection, and that’s attracted the attention of a group of veteran electronic vote-watchers. Writing at the University of Melbourne’s Pursuit publication, the group notes that the DoS proxy is not in Australia: it’s provided by Imperva’s Incapsula DoS protection service. That raises several issues, the academics (Dr Chris Culnane and Dr Vanessa Teague of the University of Melbourne, Dr Yuval Yarom and Mark Eldridge of the University of Adelaide, and Dr Aleksander Essex of Western University in Canada) note. First: the TLS certificate iVote uses to secure its communications is signed not by the WA government, but by Incapsula; and second, that means Incapsula is decrypting votes on their way from a voter to the State’s Electoral Commission.