Canada: Cities pondering move to online voting | Edmonton Journal

Edmonton, St. Albert and Strathcona County want to push ahead with Alberta’s first test of Internet voting during next year’s civic election. The three communities are interested in allowing people who can’t reach a regular polling booth to vote online instead of mailing in their ballots, according to a report released Thursday. The move requires a change to the provincial Local Authorities Election Act, and though Alberta Municipal Affairs is interested, it needs letters of support from councillors before it will act.

France: French E-voting portal requires insecure Java plugin | ZDNet

Imagine you’re an ordinary citizen who wants to vote online. As an IT security conscious user knowing that in 2012 the majority of vulnerabilities are found in third-party applications compared to Microsoft’s products, you regularly check Mozilla’s Plugin Check service to ensure that you’re not using outdated browser plugins exposing you to client-side exploitation attacks served by web malware exploitation kits. What seems to be the problem? According to Benoit Jacob, the problem starts if you’re a French citizen wanting to vote online, as the country’s E-voting portal currently doesn’t support the latest version of Java. If that’s not enough, the portal recommends users to switch to an alternative browser since Firefox blocks older Java plugins for security reasons, or use the insecure Java version 1.6.0_32.

National: Flame: Massive, advanced cyber threat uncovered | GovInfo Security

Highly sophisticated malware being used to spy on several countries, mostly in the Middle East, that has been around for more than two years has been discovered by Kaspersky Lab, the research arm of the Russian security products company announced May 28. Detected by researchers as Worm.Win32.Flame – or more simply, Flame – it’s designed to carry out cyber espionage and steal valuable information, including, but not limited to, computer display contents, information about targeted systems, stored files, contact data and audio conversations, Kaspersky Lab says.Kaspersky Lab’s chief security expert, Alex Gostev, characterizes Flame as a super-cyberweapon such as Stuxnet and Duqu, and in his blog contends it’s “one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage.”

National: Internet voting still faces hurdles in US | The Economic Times

Shop online. Bank online. Why not vote online? Pressure is building to make Internet voting widely available in the United States and elsewhere, even though technical experts say casting ballots online is far from secure. In the 2012 US elections, more than two dozen states will accept some form of electronic or faxed ballots, mostly from military or overseas voters, according to the Verified Voting Foundation. But there is a growing expectation that online voting will expand further. “The number one question I’m asked is when we will get to vote on the Internet,” Matt Masterson, Ohio’s deputy election administrator, told a Washington forum this month. “When you are doing everything else on the Internet and your comfort level is high, people expect to do that… You can adopt a child online, you can buy a house online without ever seeing it.” But computer security specialists say any system can be hacked or manipulated, and that unlike shopping and banking, the problem cannot be fixed by giving the customer a refund.

National: NIST: Internet voting not yet feasible | FierceGovernmentIT

Internet voting is not yet feasible, researchers from the National Institute of Standards and Technology have concluded. “Malware on voters’ personal computers poses a serious threat that could compromise the secrecy or integrity of voters’ ballots,” said Belinda Collins, senior advisor for voting standards within NIST’s information technology laboratory, in an May 18 statement. “And, the United States currently lacks an infrastructure for secure electronic voter authentication,” she added. Collins released the statement in response to an inquiry from Common Cause, a Washington, D.C. nonprofit active in campaign finance and election reform.

National: Americans Elect Ends Online Primary After No Candidates Qualify To Run | ABC News

Americans Elect, the group that aimed to nominate a third presidential candidate through an online primary, ended its nomination process today after no prospective candidates met their minimum requirements. To run in its online primary a candidate had to get 10,000 “clicks” of support (1,000 in at least 10 states). Buddy Roemer was the closest to reaching that goal, but he got less than 6,300 “supporters. As of this week, no candidate achieved the national support threshold required to enter the Americans Elect Online Convention in June,” the group said in a statement. “The primary process for the Americans Elect nomination has come to an end.”

Editorials: Americans Elect meets reality: third-party effort may be viable — just not now | Doyle McManus/latimes.com

What happens if you start a political party and nobody comes? Six months ago, a newfangled third party burst onto the scene, full of hope and promise. It was called Americans Elect, and it sought to give voters a choice many said they were looking for: “centrist” candidates who could break the partisan gridlock paralyzing Washington. In its founders’ heads danced visions of middle-of-the-road candidates who could transform American politics: Hillary Rodham Clinton, Colin Powell, Michael Bloomberg, Jon Huntsman Jr. Wealthy donors invested millions in a fancy website for an Internet primary, signed up 420,000 would-be “delegates” and got on the ballot in 29 states. Newspaper columnists, including me, pondered what effect it might have on the election. Then the grand idea collided with reality.

Editorials: Indie Block – Americans Elect Near the End? | TIME

When Americans elect announced last July that it was pouring millions into placing a third-party presidential candidate on the ballot in all 50 states, the political world snapped to attention. Barack Obama’s longtime political adviser David Axelrod revealed his concern by publicly criticizing the group, while pundits gushed. “Watch out,” declared New York Times columnist Thomas Friedman, who wrote that Americans Elect might change politics the way the iPod changed music. So far, Americans Elect is looking more like the Zune than the iPod. The group canceled a May 8 online caucus after no candidate met the necessary criterion of 1,000 backers in each of 10 states. More voting scheduled for later this month may also be scratched; it’s possible that Americans Elect won’t nominate a single candidate. That might say more about this well-intentioned effort’s shortcomings than it does about the durability of our two-party system. Founded by a group of political centrists, including former investment banker Peter Ackerman, Americans Elect had a promising plan: “break gridlock” and challenge “special interests” by helping elect a President beholden to no party. It invited people to join online, nominate candidates and ultimately select one through Internet voting. (To be eligible, candidates needed credentials meeting the group’s somewhat subjective criteria.)

Editorials: With Failures Rapidly Mounting, What Is Americans Elect’s End-Game? | AE Transparency

Having now been forced to cancel two primary ballots in a row due to the American electorate’sutter failure to respond to its spiel, Americans Elect may now be judged by any rational observer of the political scene to be an abject failure, and dead in the water. So what happens now? When Americans Elect’s predecessor, Unity08, failed similarly in 2008 (albeit much earlier in its existence, before a single ‘vote’ had been cast), that organization simply silently evaporated. That was really the only option available to Unity08’s leadership, because it was a worthless property: it was merely a thin web site, with no money behind it, and its founders had scattered to the four winds (many to their next failure, a ‘Draft Bloomberg’ initiative). So its operators simply abandoned it. Like a rusty old Buick up on cinder blocks in a weed-choked vacant lot, its twisted carcass had no significant scrap value.

Canada: Online voting system mulled in Alberta | Sherwood Park News

Strathcona County council gave its thumbs up at a meeting on April 24 to a partnership with the City of Edmonton and the City of St. Albert to establish an internet voting pilot project for the 2013 municipal election. Jacqueline Roblin, manager of Strathcona County Legislative and Legal Services (LLS), stated in her presentation to council that the pilot would be applied to solely the special ballot process for those people who will be absent from the jurisdiction during the 2013 election. She noted that administration wants to add an amendment allowing for any voter to vote through this process. “We’re taking it in a very small portion of our election so that we can test out our systems and that will gradually start to build voter confidence in the process,” Roblin said.

Canada: Elections Canada may roll out Internet voting in 2015 in spite of security concerns | CottageCountryNow

While Huntsville council tackles election topics such as ward boundaries, some residents believe the issue of electronic voting should be the primary concern. Grant Hallman, a retired resident who spent a career in software development, has said council’s decision to discuss in 2013 whether electronic voting or traditional paper ballots will be used in the 2014 municipal election will not give the municipality enough time for thorough debate. Hallman said it will likely not give the municipality enough time to switch back to paper ballots if council decides it does not want to use the telephone and Internet voting method used in the previous municipal election. There are several concerns Hallman and others have with the electronic voting method.

National: Why Online Voting Isn’t So Safe – FBI investigating student who hacked college election | Mobiledia

A California student tried to win a college government election by hacking into classmates’ accounts, which may lead to federal charges and increased privacy for not only colleges, but national and state elections as well. Matt Weaver, a junior, ran for student government president at California State San Marcos, located near San Diego, when school officials said he hacked into a computer and stole 700 voters’ passwords and identifications to alter the polling results. School police detained and released Weaver, but have yet charge him for the accusations, which include unlawful access to a computer, election fraud and identity theft. The FBI, which usually isn’t interested in the college student government results, is investigating Weaver’s hacking skills. School officials said they caught Weaver working on a school computer, and in possession of a device, used to steal passwords. … Federal authorities are also examining Weaver’s activities to decide if such hacking may interfere with state or national elections.

Estonia: Parliament Seeks to Make Internet Voting More Transparent | ERR

Parliament is looking to amend the electronic voting procedure in such a way as to make it possible for voters to check whether their votes have been registered correctly. Starting from 2005, e-voting has been used in five elections in Estonia. In order to make the system more reliable and trustworthy, legislators are now looking for a way to make it possible for voters to check whether their votes have been registered correctly. This solution was proposed in response to the concerns that arose during the last elections regarding the possibility of voters’ computers being tampered with, reported ETV. “In the case of a virus that blocks voting, a person may think that he has voted, when in fact the vote has not reached the system. This is why we came up with the idea of giving voters an opportunity to check their votes,” said Reform Party MP and member of Parliament’s Constitutional Committee Andrei Korobeinik. According to him, the voter’s computer is the weakest link in the chain and vote checking is one of the most complicated issues being tackled at the moment. “The initial idea is that the voter will be shown an image that he can photograph off the screen using his mobile phone, and then the system will tell him whether his vote has been registered correctly or not,” he explained.

National: Internet Voting Is Years Away, And Maybe Always Will Be | TechPinions

In today’s New York Times Magazine, political writer Matt Bai grumbles in a short piece about his inability to vote online in an era where nearly everything else can be done over the Internet. “The best argument against Internet voting,” he writes, “is that it stacks the system against old and poor people who can’t afford or use computers, but the same could be said about cars.” That, he argues, is a problem that could easily be solved by the electronic equivalent of giving people rides to a polling place. If only it were so simple. Voting, alas, has unique characteristics that make internet implementations all but impossible given current technology. The big problem is that we make two demands of it that cannot be met simultaneously. We want voting to be very, very secure. And we want it to be very, very anonymous.

National: Internet voting not ready for elections, says DHS official | FierceGovernmentIT

Unresolved technological problems means Internet voting should not yet be deployed to U.S. elections, a Homeland Security Department cybersecurity official told a conference of election officials and watchdogs. “It’s definitely premature to deploy Internet voting in real elections,” said Bruce McConnell, a senior cybersecurity counselor, speaking before the Election Verification Network conference in Santa Fe, N.M. on March 29. “The security infrastructure around Internet voting is both immature and under-resourced,” McConnell told the audience, citing National Institute of Standards and Technology internal reports that summarize technical research on particular subjects. NISTIR 7770 (.pdf), which addresses security considerations of remote electronic voting, states that “achieving a very strict notion of ballot secrecy remains a challenging issue in remote electronic voting systems,’” McConnell noted.

National: DHS official says online voting invites cybersecurity risks | CNET News

As the 2012 presidential election revs up, 33 states now permit some form of Internet ballot casting. However, a senior cybersecurity adviser at the U.S. Department of Homeland Security warned today that online voting programs make the country’s election process vulnerable to cyberattacks. “It is premature to deploy Internet voting in real elections at this time,” DHS cybersecurity adviser Bruce McConnell said at a meeting of the Election Verification Network, which is a group that works to ensure every vote is counted. He explained that all voting systems are susceptible to attacks and bringing in Internet voting invites added risk. Right now, 33 states allow completed ballots to be sent via the Web, typically through e-mail and efax. The main voting contingent that uses this cyber-feature are people in the military and those living overseas.

Editorials: There’s no democratic quick fix | Ottawa Citizen

As Canadians focus on cases of possible election fraud with the unfolding “robocalls” scandal, some people have suggested that Internet voting might be one way of stopping unscrupulous political activists from sending voters to non-existent polling stations. In fact, Internet voting is likely to increase, rather than decrease, electoral fraud. Since online voting requires passwords, there would be nothing to stop eligible voters from giving or selling their passwords to others. A few charismatic members of a community organization, or of a partisan political association, or of a family might then be able to control the votes of numerous citizens.

Canada: Internet voting carries risk as show by NDP experience | thestar.com

The recent New Democratic Party convention in Toronto may have done more than just select Thomas Mulcair as the party’s new leader. It may have also buried the prospect of online voting in Canada for the foreseeable future. While Internet-based voting supporters have consistently maintained that the technology is safe and secure, the NDP’s experience — in which a denial of service attack resulted in long delays and inaccessible websites — demonstrates that turning to Internet voting in an election involving millions of voters would be irresponsible and risky. As voter turnout has steadily declined in recent years, Elections Canada has focused on increasing participation by studying Internet-based voting alternatives. The appeal of online voting is obvious. Canadians bank online, take education courses online, watch movies online, share their life experiences through social networks online, and access government information and services online. Given the integral role the Internet plays in our daily lives, why not vote online as well? The NDP experience provides a compelling answer.

National: Online Voting ‘Premature’ Warns Government Cybersecurity Expert | WBUR

Warnings about the dangers of Internet voting have been growing as the 2012 election nears, and an especially noteworthy one came Thursday from a top cybersecurity official at the U.S. Department of Homeland Security. Bruce McConnell told a group of election officials, academics and advocacy groups meeting in Santa Fe, N.M., that he believes, “it’s premature to deploy Internet voting in real elections at this time.” McConnell said voting systems are vulnerable and, “when you connect them to the Internet that vulnerability increases.” He called security around Internet voting “immature and under-resourced.” McConnell’s comments echo those of a number of computer scientists who say there’s no way to protect votes cast over the Internet from outside manipulation. But right now a growing number of states are allowing overseas and military voters to return their marked ballots by digital fax or email, which experts say raises the same threat. It’s part of a recent push to make voting easier for millions of Americans overseas, who often are prevented from voting because of slow ballot delivery and missed deadlines.

Canada: NDP internet vote disruption worries experts | The Chronicle Herald

Although many people are attached at the hip to their laptops, few are conversant in software coding and even fewer are familiar with heavy encryption. Combine computers with the intricacies of elections, and that leaves only a handful of specialists worldwide who can claim to understand online voting. Questions about e-voting were raised after the NDP leadership convention was disrupted by a cyber attack. Not all of them have been answered satisfactorily, say software experts, despite reassurances from Scytl, the software company that handled the NDP election process, and from Halifax Regional Municipality, which has committed to use the company’s services in October’s municipal election. “Multibillion-dollar (software developers) like Windows, you know, Microsoft . . . can’t have their software bug-free. So I don’t think Scytl is able to do that,” said Daniel Sokolov, a Halifax information technology expert. Sokolov has examined several European elections that used e-voting and found at least three with troubling results.

Voting Blogs: “Nobody Goes There Anymore, It’s Too Crowded”: Election Officials’ Responsibility for Handling Denial of Service Attacks | Election Academy

Over the weekend, Canada’s New Democrats (NDP) conducted a vote for a new leader. The vote was conducted online so that registered party members could vote both in person at the NDP convention site and remotely from home computers or smartphones. Sometime during the second round of voting, the system slowed considerably, and eventually it became known that the system had likely been the target of a “denial of service” (DoS) attack aimed at clogging the the system and thus preventing (or at least discouraging) voters from casting ballots. The NDP, its vendor and consultants have identified two IP addresses that appear to have been the source of the attack and are investigating now. The results of that investigation are still forthcoming, but in the meantime I wanted to focus on a discussion I saw online yesterday about whether and how NDP and its vendor should have prepared for the possibility of a DoS attack.

Canada: More than 10,000 IP addresses used in attack on NDP vote | CTV Winnipeg

The company that ran the online voting system used to help choose the winner of the weekend’s NDP leadership race is now blaming several hours of delays on a “malicious, massive” attack on its voting system. In a news release, Barcelona-based Scytl said “well over 10,000 malevolent IP addresses” were used in a Distributed Denial of Service attack, which generated hundreds of thousands of false voting requests to the system. “We deeply regret the inconvenience to NDP voters caused by this malicious, massive, orchestrated attempt to thwart democracy,” Susan Crutchlow, general manager of Scytl Canada said in a statement. The attack effectively “jammed up the pipe” into the voting system, delaying voter access, the statement said. “This network of malevolent computers, commonly known as a ‘botnet,’ was located on computers around the world but mainly in Canada.”

Canada: Halifax Regional Municipality to review e-voting contract after cyber attack on NDP leadership election | Metro

The Halifax Regional Municipality will be reviewing a decision to award a Spanish e-voting company a contract for this October’s election. This in the wake of e-voting delays that plagued the federal NDP leadership convention in Toronto on Saturday. Scytl, the Spanish company that oversaw the convention’s e-voting, was awarded a contract in January to provide electronic voting for the upcoming HRM election. “With the events of the weekend … we certainly will be reviewing the situation with the company,” Mayor Peter Kelly said on Sunday. “(HRM will) determine whether or not this was an issue of just malfunction, or other factors as was indicated (by the NDP).”

Canada: NDP determined to find source of cyber attack on electronic voting system | Winnipeg Free Press

The NDP has not yet called in the police to investigate an orchestrated attempt to sabotage the electronic voting system the party used to choose a new leader.
But it’s not ruling out the possibility once it unmasks the hacker responsible for repeated cyber-attacks that caused lengthy delays in Saturday’s leadership vote. The party had hoped to crown their new leader in time for supper-hour newscasts, before television viewers could switch to the Saturday night hockey games. The cyber attacks frustrated those plans; it was after 9 p.m. ET before Thomas Mulcair was declared the winner. Party president Rebecca Blaikie said Sunday that party officials, vote auditors and Scytl — the high-tech Spanish company hired to secure the electronic voting system — are still working to determine who was responsible. “What we know is that there was an organized attempt to clog the site,” Blaikie said.

China: Online poll in Hong Kong mocked by a million clicks | The Australian

A university website offering ordinary Hong Kongers a chance to vote for their next leader ahead of tomorrow’s election is under “systematic attack” from hackers, organisers said. Thousands of people who do not have the right to vote in the election are expressing their views through the unofficial poll organised by the University of Hong Kong. “The system has been very busy,” Robert Chung, director of the university’s respected Public Opinion Program, said yesterday. “We suspect it is under systematic attack as there are more than one million clicks on our system every second.” Mr Chung did not indicate who could be responsible for the disruption, but his team of pollsters has a history of aggravating mainland authorities with surveys indicating public opinion that is at odds with Beijing’s official line.

Canada: NDP says hackers caused online vote delays | CTV Edmonton

Delays in online voting at the NDP leadership convention have been blamed on hackers, with party officials saying they have found evidence of the attack. Jamey Heath, the NDP’s communications manager, said the party had managed to trace the Internet Protocol addresses of two perpetrators. “They’ve isolated it to individual IP addresses. Votes that have been cast are secure,” he said. The delays had threatened to become a full-scale public relations disaster for the party that even had some people questioning the integrity of the end result. There were lineups of more than an hour at the Metro Toronto Convention centre as the system slowed down. Eligible voters across the country were also getting online error messages.

Canada: Cyber-attack holds up cross-Canada voting for next leader of NDP | Medicine Hat News

An attempted cyber-attack on the NDP’s electronic voting system Saturday forced party officials to delay the process of choosing the next federal New Democrat leader for several hours, frustrating voters both at the convention in Toronto and across the country. Party officials insisted the integrity of the voting system was not compromised, but acknowledged that the would-be hacker managed to “mess” it up enough to cause lengthy delays. “The system has not been compromised,” said Brad Lavigne, a former party national director who was dispatched to explain the problem to reporters. “The system was not hacked. It was never even close to being hacked.” Lavigne said someone outside the party tried to get access to the system, triggering alarms that caused the system to shut down. “The analogy that can be used is that somebody was trying to break into our house and the alarm went off and the robbers were scared away.” He stopped short of suggesting someone was deliberately trying to sabotage the NDP leadership process.

China: Hong Kong election poll shot down by DDoS cyber attack | The Register

Two local men have been arrested after an online referendum organised by Hong Kong university to poll citizens on their choice of chief executive was disabled in an apparent denial of service attack. Broadcaster Radio Television Hong Kong (RTHK) reported that the men, aged 17 and 28, were arrested at the weekend after the online poll was disrupted for a large part of Friday and some of Saturday. … The system has been very busy,” Robert Chung, director of the university’s program, apparently told reporters. “We suspect it is under systematic attack as there are more than one million clicks on our system every second.” Chung was reportedly reticent about the potential motive for the attack but it is well known that the Chinese authorities are not a massive fan of free speech and probably viewed the referendum as undermining the result of the real vote – the outcome of which Beijing basically controls.

China: Hong Kong Mock Vote Draws 223,000 | WSJ

A mock vote that aimed to give ordinary Hong Kong citizens a voice in today’s chief executive poll drew 223,000 votes despite an earlier cyber attack that hit the ambitious project. The Chinese territory’s top political job will be decided by a 1,200 person election committee Sunday, but that hasn’t stopped many of the city’s seven million residents taking part in the University of Hong Kong’s civil referendum project. Beijing has promised the city universal suffrage by 2017. Over half (54%) posted a blank vote, meaning they wanted neither Hong Kong’s former no. 2, Henry Tang, nor its former cabinet head, Leung Chun-ying, to win. Mr. Leung won 18% of the vote, followed by Mr. Tang at 16% and Albert Ho, who chairs the city’s Democracy Party, at 11%.

China: Cyber Attack Targets Hong Kong Mock Vote | WSJ

A cyber attack has hit an ambitious project that sought to give ordinary Hong Kong citizens a voice in this weekend’s chief executive poll, with organizers scrambling to provide paper ballots to the tens of thousands wishing to participate in the mock vote. The Chinese territory’s top political job will be decided by a 1,200 person election committee Sunday, but that hasn’t stopped many of the city’s seven million residents keen to take part in the University of Hong Kong’s civil referendum project. Beijing has promised the city universal suffrage by 2017. Thousands of users logged online Friday morning or used the smart phone apps created by Dr. Robert Chung’s group at the University of Hong Kong to cast their vote, but pages didn’t load properly. Dr. Chung said an early-morning cyber intrusion appeared to disable their servers, and that the site had also been experiencing abnormally high hit rates that had overloaded their system, up to a million requests a second.