National: Military, overseas votes raise risk of hacked election | Politico

Tens of thousands of military and overseas Americans casting ballots online this fall face a high risk of being hacked, threatening to cause chaos around Election Day if their votes get manipulated or they transmit viruses to state and local election offices. More than 30 states — including battlegrounds such as Colorado, Florida, Iowa, Nevada and North Carolina — allow various methods of online voting for citizens living outside the U.S. While state officials insist their ballots will be counted without any serious problems, ample warnings are nonetheless being sounded from the left, right and even inside the federal government that internet votes can’t be securely transmitted in today’s everything-is-hackable environment. “It’s not something you would do with your Social Security number. You shouldn’t do it with your ballot,” warned Susannah Goodman, director of voting integrity at Common Cause. It’s a point of pride for many states that Americans abroad and overseas troops can even cast a ballot online using the latest in technology, giving these voters a say on their next commander in chief even if they’re stationed in a remote or even hostile location, like Afghanistan or Iraq.

National: E-Voting Refuses to Die Even Though It’s Neither Secure nor Secret | Scientific American

In theory, using the internet or e-mail to vote for the U.S. president sounds like a good idea. It would be easier than rushing to the nearest polling station before or after work, and it might pull in notoriously apathetic younger voters already living most of their lives via screens. But in reality these online channels have proved to be terribly insecure, plagued by cyber attacks and malicious software able to penetrate supposedly well-protected financial, medical and even military systems. Such security concerns are the most frequent and convincing arguments against online voting—there is no way to fully secure e-voting systems from cyber attack. Online voting systems are also expensive and often require voters to waive their right to a secret ballot. Still, at least 31 states and the District of Columbia do let military and expatriate voters use the internet to submit marked ballots via e-mailed attachments, fax software or a Web portal according to Verified Voting, a nonprofit organization that studies the security of electronic voting systems. Twenty-one of those states and D.C. let voters e-mail or fax in their ballots, and another five states allow some people to cast their votes via special Web sites. “You can make voting more secret with a Web site because there is no e-mail address to trace a vote back to but the information about a person’s vote and their voter ID number are still out there on a server,” says Jeremy Epstein, a senior computer scientist at nonprofit research organization SRI International.

National: Forget rigged polls: Internet voting is the real election threat | Reveal

The hackers settled in, arranged their laptops on a small table and got right to work. The clock was ticking. They began by carefully combing through the online voting system’s code, rapping at their keyboards and exchanging a pitter-patter of techie jargon. They toggled between screens. One displayed the unblemished interface that prospective voters would see. The other was black, threaded with lines of code: a sketch of their half-drafted attack. The first few hours were full of dead ends: a rejected ballot; an unexpected security fix, made in real time by election officials to thwart their efforts. Had they been found out? Suddenly, one of the four hackers paused midscroll. He’d found a seemingly trivial mistake, the code equivalent of an unlocked window. “Let’s steal things! Yes, let’s steal,” one of them said, tugging at his mop of dark hair. “Let’s get their ballot public key – GPG export or Base64 out to a file.” University of Michigan computer science professor Alex Halderman and his team of graduate students demonstrated in 2010 that it’s possible for a few hackers to quickly manipulate online voting systems. This was not a war room in Russia, where hackers allegedly have worked to infiltrate email servers to disrupt this year’s election. It was the office of Alex Halderman, a computer science professor at the University of Michigan. The hackers were graduate students, proving a point about Washington, D.C.’s fledgling voting system: that internet voting is vulnerable, a hunk of cybersecurity Swiss cheese. It was Sept. 29, 2010, just a few weeks before the city’s system was to be launched.

National: The Security Challenges of Online Voting Have Not Gone Away | IEEE Spectrum

Online voting is sometimes heralded as a solution to all our election headaches. Proponents claim it eliminates hassle, provides better verification for voters and auditors, and may even increase voter turnout. In reality, it’s not a panacea, and certainly not ready for use in U.S. elections. Recent events have illustrated the complex problem of voting in the presence of a state-level attacker, and online voting will make U.S. elections more vulnerable to foreign interference. In just the past year, we have seen Russian hackers exfiltrate information from the Democratic National Committee and probe voter databases for vulnerabilities, prompting the U.S. government to formally accuse Russia of hacking. In light of those events, the U.S. Department of Homeland Security may soon classify voting systems as critical infrastructure, underscoring the significant cybersecurity risks facing American elections. Internet voting would paint an even more attractive target on the ballot box for Russian adversaries with a record of attempting to disrupt elections through online attacks.

Canada: ‘Not a fool-proof system,’ Elections Prince Edward Island says of online vote | CBC News

This month Elections P.E.I. sent out more than a hundred thousand voter information packages to Islanders registered to vote in the plebiscite on electoral reform. Each letter contains a unique personal identification number (PIN) which can be used to vote online or over the phone. The only other information needed to cast a ballot using that PIN is the person’s date of birth. Inevitably, some PINs have been delivered to the wrong people. All that might be needed to use that person’s PIN to cast a ballot could be a visit to their Facebook page. “This is not a fool-proof system,” said chief electoral officer Gary McLeod. “And that’s one of the risks that we have right now.” It is illegal under P.E.I.’s Plebiscite Act to vote for someone else, McLeod pointed out. Offenses can lead to fines of up to $2,000 or imprisonment for up to two years. “We can track where the vote is put on from— if somebody notices that somebody’s voted and it wasn’t them – we can actually go in and track where that vote came from” using their IP address, McLeod said.

National: Web-Based Overseas Ballots May Be Most Vulnerable to Tampering | Wall Street Journal

If there is a weak spot in the voting process, it could be the practice followed in more than half the states of allowing overseas voters, including members of the U.S. military, to return their ballots online, experts say. Twenty-two states and the District of Columbia permit some registered voters living outside of the U.S. to cast their pick for president by email, according to data compiled by the National Conference of State Legislatures. Another 30 states permit the return of some ballots by fax, while five states allow ballots to be uploaded through a web portal. The changes were implemented to make voting easier, but, with polls showing increasing concerns about rigging and hacking of the system, the one area with the most vulnerability may be this relatively small cache of ballots, the experts said. Most U.S. voting electronic machines aren’t internet-enabled, meaning that they would have to be physically accessed to tamper with the results. The few that do have wireless or other network capabilities generally are paper-ballot scanners that leave a physical trail that can be checked in a recount or audit.

National: We’re Not Ready for Online Voting | Gizmodo

As we move forward, online voting seems shimmeringly imminent, particularly because virtually everything we do, we already do online. But voting is far different than banking, shopping, and communicating. It’s trickier and more complex. However precariously, voting in the United States is hoisted up as an essential part of the political system. In theory, casting ballots gives ordinary citizens a means of control—change is always just one election away. It’s crucial for voters to believe that the mechanisms through which their views are delivered are legitimate, and if those mechanisms are tinkered with or updated, that trust should be preserved. As it stands, there are legitimate concerns involved with current and near-future voting technology. There’s still a long way to go, and with something as vital as voting, there is an infinitely small margin for error. … “You need physical security for your ballots,” Pamela Smith, Verified Voting’s president, says. “Let’s say you return a ballot by email. You’ll have a printed record, but it might not match, if something happened with it in transit.”

Editorials: Internet Voting: Not Ready for Prime Time | Association for Computing Machinery/Huffington Post

Yahoo, the DNC, Federal Reserve, Ashley Madison, US Office of Personnel Management, Google, Sony, Jeep, Charles Schwab, JP Morgan, Target, Symantec, Northrop-Grumman, the US State Department…

The above is a partial list of corporations and agencies that have been hacked in the past few years. Given the incredible computer security resources available to each of them, it is reasonable to expect that it is not a matter of “if” but of “when” any widely used Internet voting system will be hacked. This year 30 states plus Washington, DC are allowing overseas military and civilians to return their voted ballots over the Internet; Alaska allows any Alaskan to vote over the Internet. States typically implement Internet voting with the hope of increasing voter access, especially of military voters, or reducing electoral costs. But it is critical to consider the prospective impact of hacks on election outcomes before allowing voted ballots to be delivered over the Internet. A safer option for military voters with access to postal mail is provided by the 2009 MOVE Act, which requires the posting of blank ballots online at least 45 days in advance of an election. Overseas voters can download the blank ballot, print it, mark it, and then return the marked ballot via postal mail.

National: Dyn DDoS Attack Proves Internet Voting Is Still a Terrible Idea | The Daily Dot

Adding to the already mile-long list of reasons why the United States should never adopt a centralized online voting system, widespread internet outages on Friday serve as yet another example of how the U.S. election system benefits from keeping it old school. High-profile security breaches targeting politicians and alarms raised by the U.S. intelligence community over the possibility of an election day disruption by a malicious foreign actor have already led some states to engage in war-game-like exercises against their own election systems. But denial-of-service attacks, like the one experienced by millions in the U.S. on Friday, is a very different animal from the type of infiltration keeping lawmakers up at night. … “This is a reminder of how effective an attack on one can be an effective attack on many,” said Steve Grobman, chief technology officer for Intel Security. “An attacker seeking to disrupt services to multiple websites may be successful simply by hitting one service provider such as this, a DNS provider, or providers of multiple other Internet infrastructure systems.” The idea of creating a centralized online voting system to enable Americans to vote electronically has been roundly dismissed as bad by government and private industry experts alike. It is also very enticing, perhaps because at first blush it feels only natural to evolve in that direction.

National: This Is Why We Still Can’t Vote Online | Motherboard

Online voting sounds like a dream: the 64 percent of citizens who own smartphones and the 84 percent of American adults with access to the internet would simply have to pull out their devices to cast a ballot. And Estonia—a northern European country bordering the Baltic Sea and the Gulf of Finland—has been voting online since 2005. But ask cybersecurity experts and they’ll tell you it’s really a nightmare. We are nowhere close to having an online voting system that is as secure as it needs to be. Ron Rivest, a professor at MIT with a background in computer security and a board member of Verified Voting, said it is a “naive expectation” to even think online voting is on the horizon. One of the most compelling arguments made in favor for online voting is that it could potentially increase voter turnout. Which is a problem in the US: In 2012, 61.6 percent of those eligible to vote turned out to cast a ballot as opposed to the 58.2 percent that came out in 2008—a 3.4 percentage point decrease. According to the Pew Research Center, the American voter turnout in 2012 was low in comparison to elections in other nations, too. But Rivest said there’s no “hard evidence” to prove that making the process more accessible via the Internet will result in increased voter turnout. And even if one were to accept the unverified assumption that online voting would boost the number of people who vote, a larger dilemma still exists.

New Zealand: No Silver Bullet: Online voting and local election turnout | Scoop News

Local body election time is over for another three years, and even before polls closed, there were laments over low turnout. A low turnout undermines the legitimacy of the winners and can point to wider problems: disillusionment with democratic processes, institutions and actors. It is also problematic because some groups are less likely to vote than others, and so candidates appeal to the interests of those who vote over those who don’t. Older people and home owners are more likely to vote in local body elections, which may explain the prevalence of ‘controlling rates’ as a campaign slogan. In the lead up to the 2016 local body elections, a trial of electronic voting was proposed and was some way towards implementation before being abandoned, because of security concerns. A number of commentators have argued the online voting will help turn around declining local body election turnouts, but I want to argue this is not necessarily the solution to the problem. I ask two simple questions: will the proposed solution solve the problem, and what new problems will it create? Not only should the solution work, but, when balancing all effects, it should be worthwhile.

National: Elections at Risk in Cyberspace, Part III: Vote Database Security Ultimately Could Determine an Election Result | SIGNAL Magazine

Any attempts to sabotage an election through cyber attacks ultimately would be geared to affecting the vote count, either to change the outcome of the race or to sow doubt on the validity of the election itself. Just as banks strive to secure their depositors’ assets, governments also work to ensure the fidelity of their election returns. But, as bank accounts are vulnerable to cyber attacks, so are vote totals—to varying degrees. While most tabulation databases are safe from everyday hacker threats, nation-states with highly advanced cyber operations theoretically might be able to mount an effective cyber attack on a U.S. national election by bringing their best offensive cyber capabilities to bear. State governments, which are responsible for the voting process, pay close attention to tabulation security. Ron Bandes is a network security analyst in the CERT division of the Software Engineering Institute of Carnegie Mellon University. He also is president of VoteAllegheny, a nonpartisan election integrity organization. Bandes points out that in many states, two tallies occur. One is done at the local level, usually by the county. The other is a statewide count comprising all the county totals. These counts are cross-validated. “The outputs from the voting machines have to match the inputs to the tally system,” Bandes points out.

National: Hacking the election: questions and answers | Phys.org

The US government’s accusation that Russian government-directed hacking aimed to disrupt the November election comes amid fears about the security of the voting process. The attacks have included breaches of emails of political organizations—blamed on Russia—as well as probes of state voter databases, for which US officials have said they cannot determine the source.
Here are some questions and answers: Can hackers affect the November election results? This is unlikely, voting experts say. There is no single, centralized hub to be hacked, and the system is comprised of over 100,000 precincts and polling places. “While no system is 100 percent hack-proof, elections in this country are secure, perhaps as secure as they’ve ever been,” David Becker of the Center for Election Innovation & Research told a recent congressional hearing. “There isn’t a single or concentrated point of entry for a hacker.” … Dan Wallach, a computer science professor at Rice University who studies voting systems, told lawmakers the biggest vulnerability is voter registration databases. Wallach testified at a House of Representatives hearing on election security that such an effort “can selectively disenfranchise voters by deleting them from the database or otherwise introducing errors.”

Verified Voting Blog: David Dill: Why Can’t We Vote Online? | KQED

This interview was posted at KQED on October 4, 2016, where audio of the interview can be heard.

david_dillWe can bank online and we can shop online so why can’t we vote online? To answer that question, we first need to agree on what it means, said David Dill, a computer science professor at Stanford and the founder of the Verified Voting Foundation. In other words, what do people mean when they ask: “Why can’t we vote online?”

“The reason people want internet voting is because they want the convenience to vote at home or vote on their smartphone,” Dill said. I have to agree. I want to vote online like I do everything else online. I want to vote anywhere, anytime and on any device. If that’s the case, Dill said the answer is simple: We can’t vote online because our personal devices are too easy to hack. “If we had online elections, we would never be able to trust the results of those elections,” Dill said. “These systems are just notoriously insecure.”

If you follow the news, you know that our smartphones and personal computers are constantly getting hacked. While antivirus companies try, no software can stop all viruses. In fact, you might have a virus on your computer right now and not realize it, Dill said. “Now you can imagine the impact on trying to cast a ballot on such a machine,” Dill said. “The technology does not exist for secure online voting.”

But aren’t there places that have voted online? Yes, but Dill says they’ve all been hacked.

National: Computer Science Professor: Many hurdles preventing emergence of online voting | Purdue Exponent

The search for solutions to increase voter numbers on Election Day continues as states have underwhelming turnouts in both presidential and non-presidential election years. But Eugene Spafford, computer science professor at Purdue, says online voting is not one of those solutions. The most important aspects of an election are privacy and accuracy for citizens and, from the standpoint of candidates, the vote total accountability. However, current online technology available to the average citizen dictates that you can’t have it all, says Spafford, the executive director of Purdue’s Center for Education and Research in Information Assurance and Security. “Voting by Internet sounds attractive, but either we have to give up the anonymity of the ballot, which is not a good practice, or we have to give up the ability to confirm that the count is correct,” he said in a press release.

Editorials: Hurricane Matthew could have devastating consequences for the election | Richard Hasen/Slate

If Hurricane Matthew is as devastating to Florida as forecasters have predicted, it could be a human tragedy costing people their lives, health, homes, and personal property. Beyond that initial tragedy, though, the storm also may have dire electoral implications, potentially affecting the outcome of the 2016 presidential election and landing emergency election litigation from Florida once again before the (now-deadlocked) United States Supreme Court. Florida is seen as a state key to Donald Trump’s chances of victory over Hillary Clinton for the presidency, and this storm could have major impacts on voter registration and voting. Voter registration in Florida closes in just five days. According to Professor Dan Smith of the University of Florida, in the last five days of registration in 2012, 50,000 Florida voters signed up to vote. Many who might normally sign up to vote at the last minute are now following Florida Gov. Rick Scott’s order to flee the affected areas of the state, and they are not likely to register to vote on their way out or drop ballots in closed post offices or soon-to-be-flooded post office boxes. Hillary Clinton’s campaign has already called for voter registration deadlines to be extended, but the Republican governor has already turned down that request.

Canada: U.S. stays with with controversial e-voting, but Canada still shy | IT World Canada News

At the best of times U.S. elections are heated, and these aren’t necessarily the best of times. We’ve already seen the discovery of data breaches at the Democratic party and candidate Hillary Clinton. This week one technology writer warned that the November U.S. presidential election “can be rigged and sabotaged, and we might never even know it happened.” He was referring to the use in 10 U.S. states of touch screen voting machines that don’t have paper backups, which some experts worry are vulnerable to malware.Even if cyber attackers do nothing more than play with electronic voter registration systems it could cause backups at voting stations, causing voters to leave and potentially affecting outcomes. For these and other reasons Canadian electoral officials are still cautious about adopting electronic voting here. Some municipalities are using machine-readable paper voting systems, but touch screen or online voting in federal and provincial elections is still taboo. “I have no plans to introduce online voting for 2019,” Marc Mayrand, Canada’s chief electoral officer told Parliament’s special committee on electoral reform in July. “I think there’s still a lot of research to be done, and there are many considerations. That’s what I would like to see the committee doing in its work, addressing some of the key considerations and giving us some direction on where we should go and how should we proceed to explore and test online voting at some point.

Maryland: Despite warnings from cyber-experts, Maryland moves forward with online voting | The Washington Post

Cybersecurity experts are warning that Maryland’s online absentee-ballot system is dangerously vulnerable to tampering and privacy invasions, both growing concerns in a year when hackers have breached the Democratic National Committee and attempted to access boards of elections in at least two states. The system allows voters who request an absentee ballot to receive the form by email and send back a printed hard copy, with their votes marked by hand or with a new online tool that allows users to mark the document with the click of a mouse or the touch of a keyboard, then print it for mail delivery. Until this year, in large part because of security concerns, the latter option was available only to people with disabilities. Critics say it is easy for impostors to use stolen credentials to request absentee ballots or for cyberthieves to hack in and retrieve data about who is requesting ballots or details of votes that were cast online. … A group of computer scientists and cybersecurity experts wrote to the board two days before its vote and urged it not to certify the system, saying the setup would “make Maryland one of the most vulnerable states in the U.S. for major election tampering.”

National: The Internet Is No Place for Public Elections | MIT Technology Review

This election year we’ve seen foreign hackers infiltrate the Democratic National Committee’s e-mail system as well as voter databases in Arizona and Illinois. These attacks have reinforced what political scientists and technical experts alike have been saying for more than a decade: public elections should stay offline. It’s not yet feasible to build a secure and truly democratic Internet-connected voting system.Researchers from government agencies and leading academic institutions studied the issue extensively following the debacle of the 2000 Presidential race, and the consensus emerged that it should not occur. That’s still the case, and today’s rampant cybercrime should be reason enough to keep voting systems disconnected. We have no good defense against malware on voters’ computers or denial of service attacks, and sophisticated adversaries like those behind the attacks on big corporations we’ve seen in recent years will find ways to get into connected voting systems, says Ron Rivest, a leading cryptographer and MIT professor. “It’s a war zone out there,” he says.

United Kingdom: Labour plan to expel members who join ‘tsunami of online abuse’ as voting closes in leadership contest | The Telegraph

New Labour members will be required to sign a code of conduct about online behaviour or face being barred from the party in a bid to tackle a “tsunami of online abuse”. Labour now has 551,000 members, reinforcing its position as the largest political party in Europe, but it has been beset with reports of members engaging in abusive exchanges, particularly with so-called “moderate” MPs who have opposed Jeremy Corbyn’s leadership. The new policy, agreed by Labour’s National Executive Committee on Tuesday, came hours before voting in the party’s leadership contest came to a close. Any votes received after midday today will not be counted.

National: Why Can’t Americans Vote Online? | Tom’s Guide

If we were to poll the readers of this article, we would likely find that the vast majority of readers — if not all — regularly shop online, make banking transactions online, fill out registrations and applications online, pay taxes online and maybe even vote for contestants in reality shows online. Yet Americans cannot vote for candidates for public office online. … But experts warn that online voting isn’t as simple as it sounds. Even though it has already been tried in a few places around the world, it probably can’t be secured. We already worry about hackers stealing our credit cards and our identities. If we voted online, we would have to worry about hackers stealing our elections, too.… Several countries have experimented with online voting, but none has forged ahead as far as the tiny Baltic country of Estonia, where nearly a third of ballots are cast online. But Estonia’s elections don’t look anything like those of the United States, where more votes are cast in some cities than in all of Estonia. The Estonian online voter must plug a national ID card — mandatory for all Estonians older than 15, and each of which has an embedded encrypted chip — into a card reader attached to his or her computer. It sounds secure, but two independent assessments, led by Verified Voting in 2011 and the University of Michigan in 2014, found serious flaws with the system.

Switzerland: Geneva mounts e-voting charm offensive | SWI

As competition heats up, the Geneva cantonal government has launched an e-voting promotional campaign in a bid to win additional partners and clients for its system of electronic voting. Currently, only six of Switzerland’s 26 cantons offer remote online voting to a limited number of their citizens. The long-term trials with e-voting suffered a severe setback last year after the Swiss government stopped the use of an American system on security grounds. Since then, there has been a head-to-head contest between two technologies licensed by the national authorities: a home-grown e-voting system, developed by the authorities of canton Geneva, and Swiss Post, which cooperates with the private Spanish company Scytl.

National: Voting machines are still too easy to hack | InfoWorld

People have trouble prioritizing risk. For example, you often hear about the threat of voter fraud, when all evidence suggests that the risks of such fraud are inconsequential. In truth, hacked voting machines are much more likely to affect an election’s outcome. Why would an election fraudster try to herd a flock of criminal participants to the polls when one mildly talented hacker could cause far more trouble? On a state-by-state level, most presidential elections are decided by many thousands of votes. For example, in 2012, Barack Obama beat Mitt Romney by more than 166,000 votes in the swing state of Ohio. Even in the 2000 election, the closest presidential contest ever, what sort of Houdini could have marshaled the miscreants necessary to cast a few hundred fake votes to tip the balance without getting caught? A hack of a single voting machine could accomplish the same objective.

Editorials: A vote for low-tech elections | Washington Times

Someone has been hacking into voter registration databases and the FBI is on it. After James Comey’s blowing off the evidence collected by his agents of Hillary Clinton’s email crimes, however, there’s considerable cause to be afraid, very afraid, for the legitimacy of the November elections. With the push to make elections more convenient at the price of security, penetration by outside actors has become nearly inevitable. That means one key part of the election process, the actual casting of votes, should be kept offline. If marked electronic ballots can be hacked, Americans can’t help wondering whether an election can be stolen. It wouldn’t be the first time.

Arizona: Russian hackers targeted Arizona election system | The Washington Post

Hackers targeted voter registration systems in Illinois and Arizona, and the FBI alerted Arizona officials in June that Russians were behind the assault on the election system in that state. The bureau described the threat as “credible” and significant, “an eight on a scale of one to 10,” Matt Roberts, a spokesman for Arizona Secretary of State Michele Reagan (R), said Monday. As a result, Reagan shut down the state’s voter registration system for nearly a week. It turned out that the hackers had not compromised the state system or even any county system. They had, however, stolen the username and password of a single election official in Gila County. … This spring, a DHS official cautioned that online voting is not yet secure. “We believe that online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results,” said Neil Jenkins, an official in the department’s Office of Cybersecurity and Communications.

Australia: Victorian Parliamentary Inquiry into online voting to begin public hearings | news.com.au

Just weeks after the trouble-plagued first online Census, Victoria is pressing forward with public hearings to examine the effectiveness of electronic voting as part of a Parliamentary Inquiry into the matter. Beginning today, the Electoral Matters Committee will hear from electoral commissions, technology specialists and community advocacy groups. The inquiry will hear from experts and stakeholders during sessions on Monday and Wednesday this week as they examine what has become an increasingly contentious issue. In the fallout from the bungled online Census, many commentators lamented the damage it had done on the movement towards online voting. … Plenty of advocates remain undeterred and would like to see the government explore ways to deliver comprehensive electronic voting in the future. But according to those who have provided submission to the inquiry, there are plenty of pitfalls to consider.

National: Voting Should Be Easier—But Not Like This | Mother Jones

The internet is the worst ballot box of all, according to three research and public-interest groups who are slamming states’ use of online voting and urging people to protect their privacy by physically mailing in their ballots instead. “Internet voting creates a second-class system for some voters—one in which their votes may not be private and their ballots may be altered without their knowledge,” write the authors of The Secret Ballot at Risk: Recommendations for Protecting Democracy. Caitriona Fitzgerald of the Electronic Privacy Information Center, Pam Smith of the Verified Voting Foundation, and Susannah Goodman of the Voting Integrity Campaign of Common Cause, who were the authors of the report, point out that states either have constitutional provisions or state statues guaranteeing the right to secret ballots, but that “because of current technological limitations…it is impossible to maintain separation of voters’ identities from their votes when Internet voting is used.”

National: Online voting could be really convenient. But it’s still probably a terrible idea. | The Washington Post

Election Day can sometimes feel like more of a headache than a patriotic celebration. Long lines and scheduling conflicts may leave voters wondering why there isn’t an easier way to cast their ballots. Some say there already is: online voting. Why head to the polls if you can vote from anywhere using your laptop or smartphone? But even as online voting is on the rise in the United States and elsewhere, experts warn its convenience isn’t worth its costs. Casting your vote online could mean sacrificing the right to a secret ballot and leaving elections more vulnerable to fraud, according to a report released Thursday by the Electronic Privacy Information Center, the Verified Voting Foundation and the Common Cause Education Fund. Security researchers also warn that online voting could be vulnerable to hackers who could digitally hijack elections. “The Internet is already as messed up as we can imagine, and adding critical electoral systems is just a bad idea,” said Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology.

National: Internet Voting Leaves Out a Cornerstone of Democracy: The Secret Ballot | MIT Technology Review

If the risk of hackers meddling with election results is not enough, here’s another reason voting shouldn’t happen on the Internet: the ballots can’t be kept secret. That’s according to a new report from Verified Voting, a group that advocates for transparency and accuracy in elections. A cornerstone of democracy, the secret ballot guards against voter coercion. But “because of current technical challenges and the unique challenge of running public elections, it is impossible to maintain the separation of voters’ identities from their votes when Internet voting is used,” concludes the report, which was written in collaboration with the Electronic Privacy Information Center and the anticorruption advocacy group Common Cause. When votes are returned via the Internet, it’s technically difficult to separate the voter’s identity from the vote, says Pamela Smith, president of Verified Voting, since the server has to know that identity in order to authenticate the voter and record the vote. In the systems that states are using now, “the authentication typically happens at the same time as the voting process,” she says. That’s problematic. A previous experiment tested giving voters PIN codes, but hackers working with the researchers were able to find those numbers and associate them with voters, says Smith.

National: Voting Online Means You’re Giving Up Privacy, Researchers Warn | Vocativ

Online voting—currently a limited option in 32 states and Washington, D.C.—usually forces voters to give up their legal right to a guaranteed private ballot, a new study shows. The study, a joint effort by nonprofit advocacy groups including the Verified Voting Foundation and the Electronic Privacy Information Center, notes that a right to a guaranteed private ballot is the law in every state in the U.S., and that in all but six, it’s protected by a state constitution—specifically because the integrity of a vote is predicated on the voter’s trust that they’re making their decision in private. Alabama’s Constitution reads, for instance, that “The right of individuals to vote by secret ballot is fundamental.”