internet voting

Tag Archive

Editorials: Internet voting and paperless machines have got to go | Barbara Simons/Minneapolis Star Tribune

“They’ll be back in 2020, they may be back in 2018, and one of the lessons they may draw from this is that they were successful because they introduced chaos and division and discord and sowed doubt about the nature of this amazing country of ours and our democratic process.” — Former FBI Director James Comey, testifying about the Russian government before a House Intelligence Committee hearing, March 20, 2017

We are facing a major national security threat. As former Director Comey stated, we know that Russia attacked our 2016 election, and there is every reason to expect further attacks on our elections from nations, criminals and others until we repair our badly broken voting systems. Despite a decade of warnings from computer security experts, 33 states allow internet voting for some or all voters, and a quarter of our country still votes on computerized, paperless voting machines that cannot be recounted and for which there have been demonstrated hacks. If we know how to hack these voting systems, so do the Russians and Chinese and North Koreans and Iranians and ….

Full Article: Internet voting and paperless machines have got to go - StarTribune.com.

Editorials: Online Voting Won’t Save Democracy – but letting people use the internet to register to vote is a start | Bruce Schneier/The Atlantic

Technology can do a lot more to make our elections more secure and reliable, and to ensure that participation in the democratic process is available to all. There are three parts to this process. First, the voter registration process can improved. The whole process can be streamlined. People should be able to register online, just as they can register for other government services. The voter rolls need to be protected from tampering, as that’s one of the major ways hackers can disrupt the election. Second, the voting process can be significantly improved. Voting machines need to be made more secure. There are a lot of technical details best left to the voting-security experts who can deal with the technical details, but such machines must include a paper ballot that provides a record verifiable by voters. The simplest and most reliable way to do that is already practiced in 37 states: optical-scan paper ballots, marked by the voters, counted by computer but recountable by hand. We need national security standards for voting machines, and funding for states to procure machines that comply with those standards. This means no Internet voting.

Full Article: Online Voter Registration Is Overdue - The Atlantic.

Canada: Liberals say no to mandatory and online voting | CBC

The Liberal government says it will not pursue mandatory or online voting for federal elections. The Liberals had raised the ideas for consideration in their 2015 election platform and tasked the special committee on electoral reform with studying the possibilities. But MPs on the special committee were divided on the merits of mandatory voting and concerned about the security of online voting, and recommended against pursuing either.  In a formal response to the committee’s report, submitted on Monday, Minister of Democratic Institutions Karina Gould said the government agrees with the committee. “While Canadians feel that online voting in federal elections would have a positive effect on voter turnout, their support is contingent on assurances that online voting would not result in increased security risks,” Gould wrote. “We agree.”

Full Article: Liberals say no to mandatory and online voting - Politics - CBC News.

Australia: Western Australia’s Web votes have security worries, say ‘white hat’ security experts | The Register

The Western Australian government is pushing back against concerns about the security of its implementation of the iVote electoral system. iVote is an electronic system already used in another Australian State, New South Wales, primarily as an accessibility tool because it lets the vision-impaired and others with disabilities vote without assistance. Perhaps in response to last year’s Census debacle, Western Australia has decided to put in place denial-of-service (DoS) protection, and that’s attracted the attention of a group of veteran electronic vote-watchers. Writing at the University of Melbourne’s Pursuit publication, the group notes that the DoS proxy is not in Australia: it’s provided by Imperva’s Incapsula DoS protection service. That raises several issues, the academics (Dr Chris Culnane and Dr Vanessa Teague of the University of Melbourne, Dr Yuval Yarom and Mark Eldridge of the University of Adelaide, and Dr Aleksander Essex of Western University in Canada) note. First: the TLS certificate iVote uses to secure its communications is signed not by the WA government, but by Incapsula; and second, that means Incapsula is decrypting votes on their way from a voter to the State’s Electoral Commission.

Full Article: Western Australia's Web votes have security worries, say 'white hat' mathematicians • The Register.

Verified Voting Blog: New Report: Internet Voting Threatens Ballot Secrecy

Casting a secret ballot in the upcoming election might not be so secret or secure depending on where – and how – you vote, according to a new report The Secret Ballot at Risk: Recommendations for Protecting Democracy. The report was coauthored by three leading organizations focused on voting technology, the Electronic Privacy Information Center (EPIC), Verified Voting and Common Cause.

Caitriona Fitzgerald, State Policy Coordinator for EPIC and a co-author of the report, said, “The secret ballot is a core value in all 50 states. Yet states are asking some voters to waive this right. That threatens voting freedom and election integrity. This report will help safeguard voter privacy.”

This year 32 states will allow voting by email, fax and internet portals – mostly for overseas and military voters. In most states, voters using Internet voting must waive their right to a secret ballot.

Giving up the right to a secret ballot threatens the freedom to vote as one chooses, argue the report authors. The report cites several examples of employers making political participation a condition of employment — such as an Ohio coal mining company requiring its workers to attend a Presidential candidate’s rally – and not paying them for their time.

“On Election Day, we all are equal. The Secret Ballot ensures voters that employers’ political opinions stop at the ballot box,” said Susannah Goodman, director of Common Cause’s national Voting Integrity Campaign. “The Secret Ballot was established for a reason. The Secret Ballot ensures that we can all vote our conscience without undue intimidation and coercion.”

Marc Rotenberg, EPIC President, agreed, “The secret ballot is the cornerstone of modern democracy. The states must do more to protect the privacy of voters.”

United Kingdom: Former MI6 chief warns over hacking risk to electronic voting in UK elections | Telegraph

A former head of MI6 has warned against switching elections to electronic voting because of the risk of hacking and cyber attacks. Sir John Sawers said the traditional method of pencil and paper voting in polling booths was more secure than electronic alternatives. The retired spy chief spoke after his successor recently warned that cyber attacks and attempts to subvert democracy by states like Russia pose a fundamental threat to British sovereignty. Fears of high tech meddling in polls have been heightened by American accusations that Kremlin-backed cyber gangs hacked US political organisations and leaked sensitive emails to deliberately undermine the presidential elections. All parliamentary and council elections in the UK are currently carried out with ballot papers, but a commission set up by the speaker, John Bercow, in 2015 called for secure online voting to be available by 2020.

Full Article: Former MI6 chief warns over hacking risk to electronic voting in UK elections.

National: Here Are All the Ways That Technology Could Screw Up Today’s Election | MIT Technology Review

As millions of people head to polling stations to cast their votes, there can be no denying that today will have its fair share of drama—and much of it could be influenced by technology. For one thing, hackers could send polling stations into chaos. They probably won’t mess with your ballot, though—if they do try to skew results, it would be by tampering with voter registration information. So if you turn up to the booths and are unable to cast your vote, there’s a chance that hackers are to blame. Then there’s the issue of Internet voting. In total, 31 states use the Internet to collect votes in some way—and in Alaska, anyone’s allowed to vote through a website. That’s despite the fact that it’s demonstrably a risky practice, open to hacking and manipulation.

Full Article: Here Are All the Ways That Technology Could Screw Up Today’s Election.

National: Military, overseas votes raise risk of hacked election | Politico

Tens of thousands of military and overseas Americans casting ballots online this fall face a high risk of being hacked, threatening to cause chaos around Election Day if their votes get manipulated or they transmit viruses to state and local election offices. More than 30 states — including battlegrounds such as Colorado, Florida, Iowa, Nevada and North Carolina — allow various methods of online voting for citizens living outside the U.S. While state officials insist their ballots will be counted without any serious problems, ample warnings are nonetheless being sounded from the left, right and even inside the federal government that internet votes can’t be securely transmitted in today’s everything-is-hackable environment. “It’s not something you would do with your Social Security number. You shouldn’t do it with your ballot,” warned Susannah Goodman, director of voting integrity at Common Cause. It’s a point of pride for many states that Americans abroad and overseas troops can even cast a ballot online using the latest in technology, giving these voters a say on their next commander in chief even if they’re stationed in a remote or even hostile location, like Afghanistan or Iraq.

Full Article: Military, overseas votes raise risk of hacked election - POLITICO.

National: E-Voting Refuses to Die Even Though It’s Neither Secure nor Secret | Scientific American

In theory, using the internet or e-mail to vote for the U.S. president sounds like a good idea. It would be easier than rushing to the nearest polling station before or after work, and it might pull in notoriously apathetic younger voters already living most of their lives via screens. But in reality these online channels have proved to be terribly insecure, plagued by cyber attacks and malicious software able to penetrate supposedly well-protected financial, medical and even military systems. Such security concerns are the most frequent and convincing arguments against online voting—there is no way to fully secure e-voting systems from cyber attack. Online voting systems are also expensive and often require voters to waive their right to a secret ballot. Still, at least 31 states and the District of Columbia do let military and expatriate voters use the internet to submit marked ballots via e-mailed attachments, fax software or a Web portal according to Verified Voting, a nonprofit organization that studies the security of electronic voting systems. Twenty-one of those states and D.C. let voters e-mail or fax in their ballots, and another five states allow some people to cast their votes via special Web sites. “You can make voting more secret with a Web site because there is no e-mail address to trace a vote back to but the information about a person’s vote and their voter ID number are still out there on a server,” says Jeremy Epstein, a senior computer scientist at nonprofit research organization SRI International.

Full Article: E-Voting Refuses to Die Even Though It's Neither Secure nor Secret - Scientific American.

National: Forget rigged polls: Internet voting is the real election threat | Reveal

The hackers settled in, arranged their laptops on a small table and got right to work. The clock was ticking. They began by carefully combing through the online voting system’s code, rapping at their keyboards and exchanging a pitter-patter of techie jargon. They toggled between screens. One displayed the unblemished interface that prospective voters would see. The other was black, threaded with lines of code: a sketch of their half-drafted attack. The first few hours were full of dead ends: a rejected ballot; an unexpected security fix, made in real time by election officials to thwart their efforts. Had they been found out? Suddenly, one of the four hackers paused midscroll. He’d found a seemingly trivial mistake, the code equivalent of an unlocked window. “Let’s steal things! Yes, let’s steal,” one of them said, tugging at his mop of dark hair. “Let’s get their ballot public key – GPG export or Base64 out to a file.” University of Michigan computer science professor Alex Halderman and his team of graduate students demonstrated in 2010 that it’s possible for a few hackers to quickly manipulate online voting systems. This was not a war room in Russia, where hackers allegedly have worked to infiltrate email servers to disrupt this year’s election. It was the office of Alex Halderman, a computer science professor at the University of Michigan. The hackers were graduate students, proving a point about Washington, D.C.’s fledgling voting system: that internet voting is vulnerable, a hunk of cybersecurity Swiss cheese. It was Sept. 29, 2010, just a few weeks before the city’s system was to be launched.

Full Article: Forget rigged polls: Internet voting is the real election threat | Reveal.

National: The Security Challenges of Online Voting Have Not Gone Away | IEEE Spectrum

Online voting is sometimes heralded as a solution to all our election headaches. Proponents claim it eliminates hassle, provides better verification for voters and auditors, and may even increase voter turnout. In reality, it’s not a panacea, and certainly not ready for use in U.S. elections. Recent events have illustrated the complex problem of voting in the presence of a state-level attacker, and online voting will make U.S. elections more vulnerable to foreign interference. In just the past year, we have seen Russian hackers exfiltrate information from the Democratic National Committee and probe voter databases for vulnerabilities, prompting the U.S. government to formally accuse Russia of hacking. In light of those events, the U.S. Department of Homeland Security may soon classify voting systems as critical infrastructure, underscoring the significant cybersecurity risks facing American elections. Internet voting would paint an even more attractive target on the ballot box for Russian adversaries with a record of attempting to disrupt elections through online attacks.

Full Article: The Security Challenges of Online Voting Have Not Gone Away - IEEE Spectrum.

Canada: ‘Not a fool-proof system,’ Elections Prince Edward Island says of online vote | CBC News

This month Elections P.E.I. sent out more than a hundred thousand voter information packages to Islanders registered to vote in the plebiscite on electoral reform. Each letter contains a unique personal identification number (PIN) which can be used to vote online or over the phone. The only other information needed to cast a ballot using that PIN is the person’s date of birth. Inevitably, some PINs have been delivered to the wrong people. All that might be needed to use that person’s PIN to cast a ballot could be a visit to their Facebook page. “This is not a fool-proof system,” said chief electoral officer Gary McLeod. “And that’s one of the risks that we have right now.” It is illegal under P.E.I.’s Plebiscite Act to vote for someone else, McLeod pointed out. Offenses can lead to fines of up to $2,000 or imprisonment for up to two years. “We can track where the vote is put on from— if somebody notices that somebody’s voted and it wasn’t them – we can actually go in and track where that vote came from” using their IP address, McLeod said.

Full Article: 'Not a fool-proof system,' Elections P.E.I. says of online vote - Prince Edward Island - CBC News.

National: Web-Based Overseas Ballots May Be Most Vulnerable to Tampering | Wall Street Journal

If there is a weak spot in the voting process, it could be the practice followed in more than half the states of allowing overseas voters, including members of the U.S. military, to return their ballots online, experts say. Twenty-two states and the District of Columbia permit some registered voters living outside of the U.S. to cast their pick for president by email, according to data compiled by the National Conference of State Legislatures. Another 30 states permit the return of some ballots by fax, while five states allow ballots to be uploaded through a web portal. The changes were implemented to make voting easier, but, with polls showing increasing concerns about rigging and hacking of the system, the one area with the most vulnerability may be this relatively small cache of ballots, the experts said. Most U.S. voting electronic machines aren’t internet-enabled, meaning that they would have to be physically accessed to tamper with the results. The few that do have wireless or other network capabilities generally are paper-ballot scanners that leave a physical trail that can be checked in a recount or audit.

Full Article: Web-Based Overseas Ballots May Be Most Vulnerable to Tampering - WSJ.

National: We’re Not Ready for Online Voting | Gizmodo

As we move forward, online voting seems shimmeringly imminent, particularly because virtually everything we do, we already do online. But voting is far different than banking, shopping, and communicating. It’s trickier and more complex. However precariously, voting in the United States is hoisted up as an essential part of the political system. In theory, casting ballots gives ordinary citizens a means of control—change is always just one election away. It’s crucial for voters to believe that the mechanisms through which their views are delivered are legitimate, and if those mechanisms are tinkered with or updated, that trust should be preserved. As it stands, there are legitimate concerns involved with current and near-future voting technology. There’s still a long way to go, and with something as vital as voting, there is an infinitely small margin for error. … “You need physical security for your ballots,” Pamela Smith, Verified Voting’s president, says. “Let’s say you return a ballot by email. You’ll have a printed record, but it might not match, if something happened with it in transit.”

Full Article: We're Not Ready for Online Voting.

Editorials: Internet Voting: Not Ready for Prime Time | Association for Computing Machinery/Huffington Post

Yahoo, the DNC, Federal Reserve, Ashley Madison, US Office of Personnel Management, Google, Sony, Jeep, Charles Schwab, JP Morgan, Target, Symantec, Northrop-Grumman, the US State Department…

The above is a partial list of corporations and agencies that have been hacked in the past few years. Given the incredible computer security resources available to each of them, it is reasonable to expect that it is not a matter of “if” but of “when” any widely used Internet voting system will be hacked. This year 30 states plus Washington, DC are allowing overseas military and civilians to return their voted ballots over the Internet; Alaska allows any Alaskan to vote over the Internet. States typically implement Internet voting with the hope of increasing voter access, especially of military voters, or reducing electoral costs. But it is critical to consider the prospective impact of hacks on election outcomes before allowing voted ballots to be delivered over the Internet. A safer option for military voters with access to postal mail is provided by the 2009 MOVE Act, which requires the posting of blank ballots online at least 45 days in advance of an election. Overseas voters can download the blank ballot, print it, mark it, and then return the marked ballot via postal mail.

Full Article: Internet Voting: Not Ready for Prime Time | Huffington Post.

National: Dyn DDoS Attack Proves Internet Voting Is Still a Terrible Idea | The Daily Dot

Adding to the already mile-long list of reasons why the United States should never adopt a centralized online voting system, widespread internet outages on Friday serve as yet another example of how the U.S. election system benefits from keeping it old school. High-profile security breaches targeting politicians and alarms raised by the U.S. intelligence community over the possibility of an election day disruption by a malicious foreign actor have already led some states to engage in war-game-like exercises against their own election systems. But denial-of-service attacks, like the one experienced by millions in the U.S. on Friday, is a very different animal from the type of infiltration keeping lawmakers up at night. … “This is a reminder of how effective an attack on one can be an effective attack on many,” said Steve Grobman, chief technology officer for Intel Security. “An attacker seeking to disrupt services to multiple websites may be successful simply by hitting one service provider such as this, a DNS provider, or providers of multiple other Internet infrastructure systems.” The idea of creating a centralized online voting system to enable Americans to vote electronically has been roundly dismissed as bad by government and private industry experts alike. It is also very enticing, perhaps because at first blush it feels only natural to evolve in that direction. 

Full Article: Dyn DDoS Attack Proves Internet Voting Is Still a Terrible Idea | The Daily Dot.

National: This Is Why We Still Can’t Vote Online | Motherboard

Online voting sounds like a dream: the 64 percent of citizens who own smartphones and the 84 percent of American adults with access to the internet would simply have to pull out their devices to cast a ballot. And Estonia—a northern European country bordering the Baltic Sea and the Gulf of Finland—has been voting online since 2005. But ask cybersecurity experts and they’ll tell you it’s really a nightmare. We are nowhere close to having an online voting system that is as secure as it needs to be. Ron Rivest, a professor at MIT with a background in computer security and a board member of Verified Voting, said it is a “naive expectation” to even think online voting is on the horizon. One of the most compelling arguments made in favor for online voting is that it could potentially increase voter turnout. Which is a problem in the US: In 2012, 61.6 percent of those eligible to vote turned out to cast a ballot as opposed to the 58.2 percent that came out in 2008—a 3.4 percentage point decrease. According to the Pew Research Center, the American voter turnout in 2012 was low in comparison to elections in other nations, too. But Rivest said there’s no “hard evidence” to prove that making the process more accessible via the Internet will result in increased voter turnout. And even if one were to accept the unverified assumption that online voting would boost the number of people who vote, a larger dilemma still exists.

Full Article: This Is Why We Still Can’t Vote Online | Motherboard.

New Zealand: No Silver Bullet: Online voting and local election turnout | Scoop News

Local body election time is over for another three years, and even before polls closed, there were laments over low turnout. A low turnout undermines the legitimacy of the winners and can point to wider problems: disillusionment with democratic processes, institutions and actors. It is also problematic because some groups are less likely to vote than others, and so candidates appeal to the interests of those who vote over those who don’t. Older people and home owners are more likely to vote in local body elections, which may explain the prevalence of ‘controlling rates’ as a campaign slogan. In the lead up to the 2016 local body elections, a trial of electronic voting was proposed and was some way towards implementation before being abandoned, because of security concerns. A number of commentators have argued the online voting will help turn around declining local body election turnouts, but I want to argue this is not necessarily the solution to the problem. I ask two simple questions: will the proposed solution solve the problem, and what new problems will it create? Not only should the solution work, but, when balancing all effects, it should be worthwhile.

Full Article: No Silver Bullet: Online voting and local election turnout | Scoop News.

National: Elections at Risk in Cyberspace, Part III: Vote Database Security Ultimately Could Determine an Election Result | SIGNAL Magazine

Any attempts to sabotage an election through cyber attacks ultimately would be geared to affecting the vote count, either to change the outcome of the race or to sow doubt on the validity of the election itself. Just as banks strive to secure their depositors’ assets, governments also work to ensure the fidelity of their election returns. But, as bank accounts are vulnerable to cyber attacks, so are vote totals—to varying degrees. While most tabulation databases are safe from everyday hacker threats, nation-states with highly advanced cyber operations theoretically might be able to mount an effective cyber attack on a U.S. national election by bringing their best offensive cyber capabilities to bear. State governments, which are responsible for the voting process, pay close attention to tabulation security. Ron Bandes is a network security analyst in the CERT division of the Software Engineering Institute of Carnegie Mellon University. He also is president of VoteAllegheny, a nonpartisan election integrity organization. Bandes points out that in many states, two tallies occur. One is done at the local level, usually by the county. The other is a statewide count comprising all the county totals. These counts are cross-validated. “The outputs from the voting machines have to match the inputs to the tally system,” Bandes points out. 

Full Article: Elections at Risk in Cyberspace, Part III: Vote Database Security Ultimately Could Determine an Election Result | SIGNAL Magazine.

National: Hacking the election: questions and answers | Phys.org

The US government’s accusation that Russian government-directed hacking aimed to disrupt the November election comes amid fears about the security of the voting process. The attacks have included breaches of emails of political organizations—blamed on Russia—as well as probes of state voter databases, for which US officials have said they cannot determine the source.
Here are some questions and answers: Can hackers affect the November election results? This is unlikely, voting experts say. There is no single, centralized hub to be hacked, and the system is comprised of over 100,000 precincts and polling places. “While no system is 100 percent hack-proof, elections in this country are secure, perhaps as secure as they’ve ever been,” David Becker of the Center for Election Innovation & Research told a recent congressional hearing. “There isn’t a single or concentrated point of entry for a hacker.” … Dan Wallach, a computer science professor at Rice University who studies voting systems, told lawmakers the biggest vulnerability is voter registration databases. Wallach testified at a House of Representatives hearing on election security that such an effort “can selectively disenfranchise voters by deleting them from the database or otherwise introducing errors.”

Full Article: Hacking the election: questions and answers.