Maryland: Takoma Park Board of Elections Eliminates Online Absentee Voting | Takoma Park, MD Patch

Takoma Park voters who use an absentee ballot this November will have to mail or deliver their paper ballot because the Board of Elections (BoE) decided not to accept online voting as an alternative to for filing a paper absentee ballot. However, the BoE opted to maintain the online system to confirm a paper absentee ballot has been recorded.

At its meeting Wednesday evening, the BoE passed a resolution directing paper absentee ballots have to be cast in order for the vote to be counted. That resolution is: “That the ballot of record for absentee ballots is the paper ballot, and we will not accept only the electronic record as a ballot vote.”

The need for the resolution was the result of the language for the Internet Confirmation Guidelines for absentee voters produced by Scantegrity, a security system for optical scan voting systems that uses confirmation codes to allow a voter to ensure their ballot has not been changed and is included in the final tally, and presented to the BoE by Filip Zagorski. The confirmation guidelines for the absentee ballot are listed under the heading “Internet Confirmation.”

Canada: Online banking not a model for Internet voting, says Elections B.C. | FierceGovernmentIT

Although a comparison is often made between them, online banking and Internet voting are very dissimilar, says a discussion paper from Elections B.C., the organization responsible for conducting elections in the Canadian province of British Columbia.

The paper, dated Aug. 31, notes that online banking was never introduced with the expectation that it would be fraud-proof. Rather, the business case for it rests on the assumption that fraud is offset by reduced operating costs and convenience benefits to clients. “The reality is that online banking fraud is increasing at a rapid pace and banks expend substantial resources on insurance,” the paper says.

Unlike fraud in the voting system, fraud in online banking does not directly affect the rest of society, the paper adds. In addition, should a bank’s website go down, whether because of a denial-of-service attack, network outage or other cause, clients can complete their transactions later–whereas voting must be concluded by a certain date, with no extensions.

Canada: Concern over security of online voting | Times Colonist

Internet voting could make it more convenient to cast a ballot in an election, but it is also riskier than the current in-person voting system, according to a new report from the province’s elections agency. While there may be increasing public pressure to modernize B.C.’s voting process with online voting, it’s up to provincial politicians to balance the security risks that keep ballots safe and confidential, Elections B.C. said in a discussion paper released this week.

“With the current state of technology, Internet voting is considered to be less effective than traditional, in-person and postal voting methods at protecting ballots against large-scale fraud, ensuring the secrecy of the vote, and providing a fully transparent and observable process that can be effectively audited,” the independent elections agency wrote in its paper.

“Because specialized computer skills are required to observe an Internet voting process, voters would have to delegate their trust to ‘experts’ to confirm that the election is conducted properly.”

Canada: Still a lot of challenges with online voting: Elections BC | News1130

Many cities have been calling for online voting to be available during elections starting in 2014, but that may be a lofty goal.

discussion paper from Elections BC says there are still a ton of kinks that need to be worked out. The main issue is still security, and UBC internet security expert Richard Rosenberg agrees: “The widespread use of online voting is a long way off as it has been for several years now. It’s very difficult to ensure the systems in use are accurate and haven’t been compromised either accidentally… or on purpose.”

Verified Voting Blog: Report on the Estonian Internet Voting System

I visited Estonia in mid-July of this year at the invitation of Edgar Savisaar, the country’s first prime minister and current mayor of Tallinn. Mr. Savisaar is the leader of the Centre Party, which placed second in recent national elections. The Centre Party and Mr. Savisaar have been questioning the outcome of the Internet voting portion of those elections. They invited me to Estonia because of a presentation I made at a European Parliament panel on the risks of Internet voting.

I told my hosts that I was happy to discuss the risks of Internet voting, but I would not comment on internal Estonian politics. When asked whether or not I thought the national election was rigged, I refused to comment, aside from saying that no one could prove that it was or was not rigged, because there is no way to conduct a recount of an Internet election.

The Internet portion of the 2011 election lasted from February 24 to March 2, with paper balloting conducted on March 6. The Internet vote was counted the evening of March 6. Estonian law allows complaints to be submitted only during the 3 days immediately following the procedure being challenged. Since Internet voting is considered separate from paper voting, the final day for submitting complaints about Internet voting was March 5. Graduate student Paavo Pihelgas was the only person who submitted a complaint by the deadline. (The Centre Party and independent candidates tried to file complaints, but they did not do so within the required 72 hour time frame).

Editorials: Allure of online voting may outweigh the risks? | Vancouver Sun

If you can trust your life savings to an online bank and pay your taxes over the Internet, why can’t you vote that way? The answer, according to a discussion paper on Internet voting released this week by Elections B.C., is that it’s harder to guarantee a fair election online than it is to safeguard your savings.

Banks anticipate some level of fraud and while that is a cost borne collectively by all of their customers, individuals are covered. An electoral system, on the other hand, has to be able to demonstrate that every vote cast is counted exactly as intended.

It also has to accomplish a couple of other, inherently contradictory tasks. It has to identify the person voting to ensure they are eligible and that they are only voting once. At the same time, it has to register the vote in a way that doesn’t connect the choice it expresses to the person casting the ballot. It also has to be transparent enough so that the public it serves can have faith that the outcome will reflect the will of the people, while remaining secure from hackers.

Canada: British Columbia municipalities press for online voting | Vancouver Sun

B.C. municipalities want access to online voting in time for the 2014 civic elections, hoping to boost voter turnout by making it easier to cast a ballot. At least three communities — Coquitlam, North Vancouver City and Fort St. John — have asked the Union of B.C. Municipalities to push the province for legislative changes to allow Internet voting, saying it would be beneficial to the young, elderly and out-of-town workers.

Vancouver had sought to have online voting in place for this November’s municipal election but the provincial government said it needed more time to consider the move.

Coun. Raymond Louie said voters need another incentive to vote. “It’s a bit challenging for all of us,” he said. “It just makes it easier for people if you don’t have to physically go down [and cast a ballot]. “It provides a wider diversity of opportunity for constituents to vote; it certainly does help those with mobility challenges or just in terms of having the opportunity to get out.”

New Zealand: Porirua mayor lobbies for internet voting test | dominion-post

Porirua Mayor Nick Leggett wants his city to be a testing ground for new e-voting technology. Today he said he would lobby the Government to bring online voting to Porirua for the 2013 local body elections.

“New Zealand is long overdue for offering the option of voting online. The 2001 Local Electoral Act allows it to be used, which means Cabinet can make it happen through simple regulatory action. Officials, perhaps understandably, are exhibiting excessive caution — but our political leaders should embrace the democratic possibilities offered by this technology,” he said.

Editorials: Canada isn’t ready for online voting | National Post

Elections Canada intends to seek approval to implement a system of online voting, according to a report released Wednesday.

Let me say first that, on the one hand, it’s positive that an organization that is as culturally-conservative and traditional as Elections Canada is even pondering exploring alternate methods of service delivery. Some years back I interviewed their chief information officer a few weeks into the job. He’d come from the private sector and was amazed at the degree of institutional resistance to even minor technological advancement. They had their way of doing things. It was all laid out step-by-step in a big binder.

On the other hand, while voter registration seems like an obvious step, I’d have a very hard time trusting Elections Canada to devise a secure and reliable system for online voting when every time I try to use their online contributions database, I want to cry over how unnecessarily complicated and cumbersome even simplest tasks is.

But online voting is one of those things that sounds great in theory — vote easily and quickly wherever you are, you don’t need to travel or wait in line — but, upon further reflection, loses some of its lustre.

Canada: Elections Canada lobbies for test of online voting | CBC News

The head of the agency in charge of federal elections says it’s time to modernize Canada’s elections, including testing online voting and ending a ban on publishing early election results. In a report on the May 2 election (pdf), released Wednesday, Chief Electoral Officer Marc Mayrand writes about his plan to test online voting and encourages parliamentarians to update the Elections Act. Improvements to the electoral process, Mayrand writes, will depend on changes to the law.

“Elections Canada has reached a point where the limited flexibility of the current legislation no longer allows us to meet the evolving needs of electors and candidates,” Mayrand reports. “We look forward to working with parliamentarians as we prepare for the 42nd general election.”

See also – Readers’ Responses: Would you trust your vote to a computer?

Voting Blogs: A review of the FVAP UOCAVA workshop | Freedom to Tinker

The US Federal Voting Assistance Program (FVAP) is the Department of Defense Agency charged with assisting military and overseas voters with all aspects of voting, including registering to vote, obtaining ballots, and returning ballots. FVAP’s interpretations of Federal law (*) says that they must perform a demonstration of electronic return of marked ballots by overseas military voters (**) in a Federal election at the first Federal election that occurs one year after the adoption of guidelines by the US Election Assistance Commission. Since the EAC hasn’t adopted such guidelines yet (and isn’t expected to for at least another year or two), the clock hasn’t started ticking, so a 2012 demonstration is impossible and a 2014 demonstration looks highly unlikely. Hence, this isn’t a matter of imminent urgency; however, such systems are complex and FVAP is trying to get the ball rolling on what such a system would look like.

As has been discussed previously on this blog, nearly all computer security experts are very concerned about the prospect of marked ballot return over the internet (which we will henceforth refer to as “internet voting”). Issues include vulnerability of client computers, issues with auditability, concerns about usability and coercion, etc. On the flip side, many states and localities are marching full steam ahead on their own internet voting systems, generally ignoring the concerns of computer scientists, and focusing on the perceived greater convenience and hoped-for increased turnout. Many of these systems include email return of marked ballots, which computer scientists generally consider to be even riskier than web-based voting.

India: Maharashtra governor calls for online voting | Mumbai DNA

The state governor, K Sankaranarayanan, has advocated major electoral reforms in the form of introduction of online voting system in elections. He was speaking at the launch of the official website of the state election commission at Yashwantrao Chavan Academy of Development Administration (Yashada), in Pune on Tuesday.

“If we can have online banking, why can’t we have online voting?’’ he asked, making a strong plea for the educated to be involved in the process of elections and the political system at large. “There is a general feeling that the political process is too corrupt to be involved in. It is wrong to blame politicians for all ills in society,’’ he said.

Verified Voting Blog: Let the MOVE Act have a chance to work before considering electronic return of ballots

Military and overseas voters saw improvements in their ability to vote in 2010, thanks to the Military and Overseas Voter Empowerment Act (MOVE) passed in late 2009, according to a report to Congress last month by the Military Postal Service Agency (MPSA). The report indicates that MOVE will improve things further as its provisions become better known and implemented.

The MOVE Act required states to send ballots to military and overseas voters at least 45 days before election-day in federal elections so they have time to return their voted ballot. MPSA must pick up ballots for return to election offices no later than 7 days before election day. MOVE also sped up the process by requiring states to offer electronic transmission (website, email, fax) of blank ballots and registration materials. The law stopped short of establishing electronic return of voted ballots because ballots cannot be secured against undetected interception and manipulation over the internet. New procedures were implemented for 2010, coordinating MPSA with USPS, including the use of Express Military Mail Service (EMMS) for uniformed overseas service members and their families.

National: Governments, IOC and UN hit by massive cyber attack | BBC News

IT security firm McAfee claims to have uncovered one of the largest ever series of cyber attacks. It lists 72 different organisations that were targeted over five years, including the International Olympic Committee, the UN and security firms.

McAfee will not say who it thinks is responsible, but there is speculation that China may be behind the attacks. Beijing has always denied any state involvement in cyber-attacks, calling such accusations “groundless”.

Speaking to BBC News, McAfee’s chief European technology officer, Raj Samani, said the attacks were still going on. “This is a whole different level to the Night Dragon attacks that occurred earlier this year. Those were attacks on a specific sector. This one is very, very broad.”

National: Security company infects client’s network with ‘Trojan mouse’ | InfoWorld

Security consulting company NetraGard has demonstrated that something as seemingly innocuous as a USB mouse, along with tidbits of information freely available on the Internet, can provide a hacker quick and easy access to a seemingly secure IT environment.

In a blog post on the company’s website, NetraGard founder Adriel Desautels explained that his company was hired to test the security of a client’s network while adhering to some very stringent restrictions: The NetraGard team could target only one IP address, offering no services, bound to a firewall. Further, the team couldn’t even use social engineering tactics, such as duping an employee to reveal information over the phone or via email. They couldn’t even physically access the client’s campus.

NetraGard’s solution: Transform a Logitech USB mouse into an HID (hacker interface device) by installing on it a mini-controller and a micro Flash drive loaded with custom malware. The blog post goes into explicit detail of the painstaking process of operating on the mouse.

Voting Blogs: Americans Elect Internet Vote for President? Consider how it worked in DC 2010 | Irregular Times

Apart from the various considerations of political ideology, influence and process regarding Americans Elect, there’s the simple matter of technology. Americans Elect plans to use all-internet-voting to nominate a presidential candidate and to broker the selection of the actual president in an Electoral College showdown. Will a binding internet vote be pulled off with accuracy and without getting hacked? Or is online voting subject to tampering?

Internet votes can be pulled off. The city of Honolulu managed an internet election for neighborhood councils in 2009. Estonia is often mentioned by internet-voting advocates, although more than 98% of votes cast in Estonia’s 2005 e-vote were old-fashioned paper ballots, and Estonia is a small country that had 9,681 electronic votes to verify that year.

Estonia: Tallinn Calls in Expert to Denounce E-Voting | ERR

Yesterday, July 20, the City of Tallinn bolstered its drive to bar the nation’s much-touted e-voting system from local elections, holding a press conference where prominent US computer scientist Barbara Simons said that such systems are inherently vulnerable.

The University of California, Berkeley PhD and former Association for Computing Machinery president spoke about risks such as malware, attacks on the server managing the election, insider threats and false websites.

Speaking in general terms, not about Estonia’s system in particular, she said that the nature of e-voting makes it impossible to audit or recount the votes. She also warned of the possibility of software viruses or worms that could infect a computer, casting votes without the user’s knowledge.

Estonia: Expert from USA: e-voting is not safe | bbn.ee

Barbara Simons, a reputable expert on IT-safety, who is visiting Tallinn, claims that as internet becomes more and more dangerous, most of the internet experts are certain that e-voting is everything but safe, writes Raepress.

Simons said that cyber criminals are able to gather all kinds of information and even attack different governments – as Russian hackers did with Estonian internet systems. Simons added that allegedly, the computer virus that attacked Iran was released by specialists from Israel and USA.

Simons was in Tallinn Town Hall yesterday, taking part in a forum dedicated to e-voting and today will hold a public lecture titled “Time is not ripe for e-voting”. On Wednesday Simons will give a press conference as well.

California: Internet Voting In California? | California Progress Report

Election integrity advocates recently launched a campaign to block a bill, SB908, that would have introduced email voting for Californians living overseas. We fought it for several reasons.

First, paperless voting itself is dangerous because there is no independent way to check the results claimed by the machines, and no way to recover when something goes wrong, and it will. Voting across the Internet is worse, because it opens up the voting system to several more types of attack, from anywhere in the world, all of them dangerous. Voting by email attachment is even worse, because no attempt is made to encrypt the ballot as it travels from computer to computer across the globe on the way to its destination.

Any of these computers is quite capable of “photoshopping” or simply blocking any ballot that passes through. A ballot sent from Afghanistan could pass through computers in China, Iran, Russia, or any other country interested in “fixing” ballots headed for California. This is only one of several severe vulnerabilities in Internet voting.

National: 24,000 Pentagon files stolen in major cyber breach, official says | The Washington Post

The Defense Department lost 24,000 files to “foreign intruders” in the spring in what appears to be one of the most damaging cyberattacks to date on the U.S. military, a top Pentagon official acknowledged Thursday.

Deputy Defense Secretary William J. Lynn III, who disclosed the March breach during a speech to roll out the Pentagon’s new cyber strategy, said the files were taken from a defense contractor. He did not say who was believed to be behind the attack or describe the nature of the files that were stolen.

But Lynn said that, over the past few years, all manner of data has been stolen, some of it mundane, some of it concerning “our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols.”

Egypt: No Internet voting in Egypt: Telecom Minister | Ahram Online

Egypt’s National Telecommunications Regulatory Authority (NTRA) presented new draft amendments to the telecommunications law, according Maged Osman, minister of communications and information technology.

… The minister dismissed the possibility of utilizing electronic voting through the internet in the upcoming elections. “It has been proven worldwide that there is a high risk of security compromises using such method in elections”

India: Citizens to decide fate of e-voting before Mumbai civic polls | Express India

Even as tenders have been invited for creating the online portal and supporting data systems to enable e-voting in the upcoming Brihanmumbai Municipal Corporation (BMC) elections in February next year, the process will be finalised only after citizens give their go-ahead.

The State Election Commission’s (SEC) plan to introduce e-voting met with some reservations because of which the mega experiment will be first carried out on a demo basis before seeking public opinion on taking it forward.

Estonia: Lessons from Estonia: Preparing for a major cyberattack | Nextgov

Visit “Governing Security in a Networked World” to see in-depth video interviews with top thinkers on cybersecurity.

In the spring of 2007, Estonia became the first nation to face a coordinated, nationwide cyberattack when a series of electronic bombardments struck down media, telecommunications, government and banking websites. Digital traffic from servers as far away as Peru, Vietnam and the United States flooded Estonian websites, drowning them in superfluous data. The attack knocked telephone exchanges offline for more than an hour, jeopardizing emergency services. It knocked out media and government portals, leaving citizens in an information vacuum. Beginning April 29, three waves of attacks during a two week period severely disrupted the ordinary tasks that fuel modern economies — shopping, pumping gas, withdrawing cash from automatic teller machines. A significant act of cyberterrorism posed an economic and political threat in a way no modern economy had previously experienced.

Norway: Election expert team to follow internet voting in Norway | Office for Democratic Institutions and Human Rights

The OSCE’s Office for Democratic Institutions and Human Rights (ODIHR) deployed an election expert team to Norway on 27 June 2011 to follow a pilot project on new voting technologies (NVT) that was put in place for the forthcoming 12 September municipal elections.

Norway intends to use NVT in 10 municipalities, where voters will be able to vote remotely or via the Internet. Voters will also be given the option of voting using traditional ballots.

Switzerland: Cabinet approves more e-voting trials for expats. – swissinfo

About 22,000 Swiss expatriates will be able to vote online in October’s parliamentary elections as part of ongoing trials with electronic voting.
Cabinet approved requests from four pioneering cantons – Basel City, St Gallen, Graubünden and Aargau – on Wednesday. In total these expat voters account for 0.4 per cent of the Swiss electorate.

It is the first time that ongoing trials with e-voting are being extended to federal elections, according to the Federal Chancellery. To date e-voting tests have been carried out in more than ten out of the 26 cantons for ballots on specific issues.

Ireland: Emigrants should have a vote in upcoming Irish general election | IrishCentral

With the General Election looming, millions of people around the globe will once again be robbed of their right to have a say in Ireland’s political destiny. Under Irish law if you are living abroad you cannot be entered into the register of electors. There are some exceptions for Irish diplomats, members of the defense and police forces who can apply for a postal vote if they are abroad in Election Day.

So for countless Irish abroad they are caught in diplomatic limbo. Not able to cast a vote in their homeland, and an immigrant in their new home, the act of voting becomes a thing of the past with your power to exercise your constitutional right stripped. More than 110 countries allow passport holders who live abroad the right to vote, however Ireland is not one of them. If you are not present in Ireland on polling day, then your vote is lost.

Maryland: Takoma Park, Md. tests online absentee voting | Electionline Weekly

Takoma Park has never been a city to shy away from trying something new. The small Maryland city is a nuclear-free zone. Non-citizen legal immigrants are allowed to vote in local elections and the city operates its own compost recycling program and silo for corn-burning stoves.

It’s ready to take the plunge into voting technology as well. Takoma Park is experimenting with online voting, hoping to pave the way for use in elections.  A small group of students, led by George Washington University computer science professor Poorvi Vora, spearheaded a test for online absentee voting in Takoma Park in partnership with Scantegrity and Remotegrity.

On a blistering hot day in this suburb of Washington, D.C,, 16 people participated in the trial of the system, using computers within the cool confines of the city’s Community Center.

Canada: Internet voting has high cost in Alberta | Grande Prairie Daily Herald Tribune

If Grande Prairie becomes the first city in Alberta to offer Internet voting in a municipal election, it will come at a cost – and a hefty one if implemented. City council’s General Government Services learned Wednesday that, for starters, a business case requested by the province may cost as much as $30,000.

That price tag in a report from administration surprised some councillors, who along with Mayor Bill Given directed administration to study the situation further by contacting Internet service providers (ISPs).

“I believe that we can build that business case for considerably less investment than what was suggested in the report,” Given said. “Other council members agreed with me.” In April, Municipal Affairs Minister Hector Goudreau requested the business case in order to formalize a city request to pilot online voting.

National: Phish and Chips: Why Cyber Attacks Are So Difficult to Trace Back to Hackers | Scientific American

Cyber attacks may not be a new phenomenon but the recent successes scored against high-profile targets including CitiGroup, Google, RSA and government contractors such as Lockheed Martin underscore the targets’ current failure to block security threats enabled by the Internet. Malicious hackers use the very same technology that enables online banking, entertainment and myriad other communication services to attack these very applications, steal user data, and then cover their own tracks.

One common practice that attackers employ to evade detection is to break into poorly secured computers and use those hijacked systems as proxies through which they can launch and route attacks worldwide. Although such attacks are an international problem, there is no international response, which frustrates local law enforcement seeking cooperation from countries where these  proxy servers typically reside.