National: Weak Internet Security Leaves U.S. Elections Agency Vulnerable to Hackers, Reports Find | Wall Street Journal

Weak Internet-security measures at the Federal Election Commission could impair the agency’s ability to carry out one of its primary missions: making information about who is funding U.S. elections available to the public. The FEC hasn’t implemented improvements that were recommended after a series of attacks on its website—including at least one successful hack—leaving it vulnerable to future breaches, according to three previously unreported internal reports. It took the agency weeks to get its campaign-finance disclosure system fully back up to speed after an attack by hackers in China disrupted its operation during the October 2013 government shutdown, when all of the agency’s 335 employees had been furloughed.

Editorials: You can transfer your paycheck, fill out your taxes and control airplanes online. Why can’t you vote? | Bangor Daily News

You can transfer your life’s earnings between bank accounts online. You can apply for a credit card and file your tax returns online. If you’re an air traffic controller, you probably use a Web-based system to direct the planes — and people’s lives — above you. So what’s the deal with voting? Why can’t you use your phone or computer to cast your ballot remotely? Experts don’t have faith in the ability of the Internet to maintain what’s needed in a voting system: keeping your vote secret, preventing coercion, verifying your identity, allowing you to vote only once, and recording your vote correctly. If not now, though, will the option to vote online be available in the future? … Skeptics of online voting are of course concerned about security breaches. Could a third party hack into the system and interfere with an election’s results? What about the potential for violations of voter privacy?

Colorado: Smartphone voting isn’t ready | The Durango Herald

Technology isn’t yet ready to allow voting on your smartphone, Colorado Secretary of State Wayne Williams said Tuesday during a visit to Durango. “Right now, the technology isn’t sufficiently secure for that,” he said during an interview with The Durango Herald’s editorial board. In commercial applications, Williams said, “There are security breaches occasionally. We’re just not there yet.”

United Kingdom: Why can’t the UK vote online? The answer is simple – we fail at passwords | Information Age

In an age where so many of us handle our banking, tax returns and bill paying online, many have asked why can’t we cast a vote via the internet as well? Last year, over eight in ten (83%) of UK adults were active online – just imagine if we saw this sort of turnout for 2020’s election. However, moving voting online has its own risks as well. And much of this is down to poor password security. Much of this insecurity is rooted in existing Electronic Voting Machines – or EVMs – which are already in use throughout the world. India, for example, adopted EVMs for its 2004 parliamentary elections, with 380 million voters casting their ballots on more than a million machines. In the United States, push button or touchscreen style EVMs have been used regularly since 1976. However, across the world, EVMs have been roundly criticized for being susceptible to hacking and fraud. In India, It was successfully demonstrated that the 2009 election victory of the Congress Party of India could easily have been rigged – forcing the election commission to review the current EVMs.

National: An online voting lobbyist’s misleading testimony | McClatchy

Introducing himself as a former Oregon state elections official, online voting industry lobbyist Donald DeFord vouched authoritatively to a Washington state legislative panel in late January as to the merits of statewide internet voting. Oregon, he testified, ultimately came to the “same solution” offered by a bill before the Washington state House that would allow everybody to cast their election ballots by email or fax – an option that top cyber security experts warn would expose elections to hackers. “First in a special congressional election and then statewide, we made our accessible online ballot delivery and return system available to any voter who was not able to use a paper ballot,” DeFord, a regional sales director for San Diego-based Everyone Counts, told the committee. There was a big problem with that testimony. Oregon doesn’t allow voters to send in marked ballots electronically, except for troops and citizens living abroad who have been prevented from mailing their absentee ballots due to an emergency or other extenuating circumstances. DeFord now says he “misspoke.”

National: Secure e-voting: 20 to 30 years away | Computer Weekly

Jeremy Epstein, senior computer scientist at non-profit research institute SRI International spoke to the Computer Weekly Developer Network blog this week to share his views on the possibility of electronic voting security. Epstein says that although some e-voting is happening in the US, Estonia and other countries — this is not *secure* e-voting, it’s just e-voting. Every system developed so far has been found to be insecure. “From a technical perspective, we’re at least 10 years away from secure e-voting, and many experts think we’re 20 or 30 years away,” he said.

Editorials: Is online voting a security risk? | ESET

The world is moving online and so too now is politics. But as online, electronic voting (e-voting) increasingly becomes a reality, are we opening ourselves up to vote rigging by power-hungry politicians or fame-seeking hackers? Voting has traditionally been a pen and paper exercise; a slip filled-in and placed into a sealed ballot, with results counted and recorded by independent volunteers. Of course, this doesn’t mean that the result can’t be swayed, unintentionally or otherwise. There have been some notorious examples of foul play – Slobodan Milošević was accused of rigging elections in 1996 and 2000 in Yugoslavia – while errors can also occur, as best illustrated by the 2000 US presidential election, when a fault with Florida’s ballot paper led some people to vote for the wrong candidate. … These risks are only magnified when voting systems are pushed online. Brazil, Belgium and Estonia are just a few examples of the countries to have taken to e-voting, and while they have seen the benefits from the improved speed, accessibility and legibility (no more illegible ticks or crosses), they are arguably more open to attack.

Utah: Democrats can’t afford their own online presidential primary | The Salt Lake Tribune

Utah Democrats said Wednesday they cannot afford the $100,000 needed to run their own online presidential primary next year, and instead simply will allow people to cast ballots at party caucuses. Lauren Littlefield, party executive director, blamed Republican infighting for blocking state funding needed for a true presidential primary and said that is forcing the alternative move that likely will hurt voter participation. Utah Republican Party Chairman James Evans said Democrats “are creating fiction.” He said his party can afford and will offer online presidential primary voting, along with voting at caucuses, which he predicted will increase turnout. The controversy comes after the GOP-controlled Legislature failed to pass HB329 this year, which would have provided $3 million for a 2016 presidential primary for all parties. Without it, parties are forced to fund their own presidential-nomination efforts.

Editorials: As Utah’s GOP looks to an Internet presidential primary in 2016, be cautious, inclusive in adopting online voting | Richard Davis/Deseret News

The world of politics is changing dramatically. A few years ago, the notion of voting online was a dream. Now, it is becoming a reality. Universities are holding student elections online. Corporations are now using online voting to conduct shareholder meetings. In a few nations such as Canada, Estonia and Switzerland, online voting conducted by governments in official elections is becoming routine. Online voting is not common in the United States. The Reform Party selected its presidential candidate through online voting in 1996. The Democratic Party in Arizona held an online primary election in 2000. Some states have experimented with online voting for military personnel overseas. Those are rare exceptions. Why is online voting still a distant prospect? Security! Experiments of online voting systems have found them susceptible to hacking, which has made governments cautious about using them to determine electoral outcomes.

Voting Blogs: Student Video Asks: “Should We Trust Internet Voting?” | Election Academy

Over the weekend, I received a link to a new Youtube video by Princeton undergraduate Kyle Dhillon, who created a 4-minute presentation on the topic of Internet voting as part of his coursework in a class taught by Princeton’s Andrew Appel. He also produced a paper, which is available here. Kyle starts out by saying how much he dislikes standing in line to vote – he waited over two hours in the last election – and so he was interested in the feasibility of casting votes over the Internet. After reading the literature and talking to experts, however, he concluded that the current threats to the process are so great that we are not yet at the point where Internet voting is ready for use in American elections.

United Kingdom: Security concerns prevent UK adopting electronic voting for the General Election | Mirror

As the country readies itself to trek down to the polling stations on May 7, some voters are questioning why they can’t simply cast their vote online. After all, many of us handle our banking, tax returns and bill paying online, so why shouldn’t we be able to cast a vote over the internet as well? Parts of the process have already made the transition to a digital environment. In preparation for next month’s election, the Electoral Commission launched an online registration scheme allowing all of us to quickly and efficiently register to vote. And putting the service online meant that many more people used it. According to the Electoral Commission’s statistics, over one million applications were made on the site over the first three-and-a-half weeks. But registering to vote and actually putting the mark next to your party of choice are two different things.

India: E-voting for Non-Resident Indians too risky, say Rajya Sabha members | The Times of India

Cutting across party lines, members of Rajya Sabha on Tuesday supported the calling attention notice by Leader of the Opposition Ghulam Nabi Azad about the risks involved in giving voting rights to Non-Resident Indians through proxy voting or e-postal ballots. The members also pointed out that government needs to do something about millions of migrant workers who are denied voting rights within the country. Bhupendra Singh, BJP member from Odisha, and NDA leaders like Anil Desai of Shiv Sena and Naresh Gujral of Akali Dal said wider consultation is needed for the proposal of e-ballot for NRIs as it may not be very secure and advised the government not to rush into amending the Representation of People’s Act. They said supremacy of Parliament in framing laws should not be usurped by the Supreme Court.

United Kingdom: How feasible would it be to introduce online voting? | BBC

People can shop, date and bank online. How feasible would it be to allow internet voting at the general election? Imagine democracy had just been invented. Would the UK government decide to set up 50,000 polling stations on Thursday 7 May? Or would the vote be taking place online instead? Until the 1870s those people allowed to vote did so openly with no privacy. The 1872 Ballot Act changed this with the invention of the “modern” polling station – the church hall with its wooden booths, a pencil on string and piles of ballot papers handed out by earnest election workers. Since then the way we vote has hardly changed. Today people shop, find a partner and bank online. Surely voting online is possible? The government says not. In January, Sam Gyimah, the constitution minister, told the House of Commons: “I feel [that] moving to electronic voting would be a huge task for any government. We can’t be under any illusion that this would be easy to achieve.” Remote voting was “incredibly rare” around the world and would require a “very robust and secure” system, Gyimah said.

Texas: Bill to expand email voting for soldiers in hostile zones | The Killeen Daily Herald

A program allowing soldiers in hostile fire zones to vote via email soon may come to Bell County, if a bill can make its way through the Texas Legislature. A pilot version of the program was held last year in Bexar County, which includes Fort Sam Houston and other military bases. The secretary of state reported 365 ballots were sent to soldiers overseas for the November election. Of those ballots, eight soldiers from Bexar County cast ballots in Texas’ general election in 2014. Bexar County Elections Administrator Jacquelyn Callanen said the eight emailed back represent “a huge success.” Now, a bill that expands the program is winding its way through the Texas Senate. The bill would allow the secretary of state’s office, which oversees elections, to extend the program to other counties, including Bell County for Fort Hood and El Paso County, home to Fort Bliss. … But voting via email and through the Internet can be a big red flag for cybersecurity experts.

National: As states warm to online voting, experts warn of trouble ahead | McClatchy DC

A Pentagon official sat before a committee of the Washington State Legislature in January and declared that the U.S. military supported a bill that would allow voters in the state to cast election ballots via email or fax without having to certify their identities. Military liaison Mark San Souci’s brief testimony was stunning because it directly contradicted the Pentagon’s previously stated position on online voting: It’s against it. Along with Congress, the Defense Department has heeded warnings over the past decade from cybersecurity experts that no Internet voting system can effectively block hackers from tampering with election results. And email and fax transmissions are the most vulnerable of all, according to experts, including officials at the National Institute of Standards and Technology, which is part of the Commerce Department. San Souci declined to comment. A Pentagon spokesman, Lt. Cmdr. Nathan Christensen, said the Defense Department “does not advocate for the electronic transmission of any voted ballot, whether it be by fax, email or via the Internet.”

Voting Blogs: Bexar County Texas successfully tests email ballots for military members | electionlineWeekly

Jacquelyn Callanen, elections administrator for Bexar County, Texas has been testing programs to help service members from the four military installations in her county vote since 2006. For almost a decade Callanen and her staff have been trying a number of different ways — including fax and email — to quickly and securely get ballots to and more importantly from service members serving abroad. And finally, with legislative approval, Callanen thinks they’ve found the solution. “We’re really excited about this,” Callanen said from her office while working to conduct yet another special election in the county. “We have worked really hard on this for many, many years.”

Australia: Votes gone walkabout after Australian election voting flaw | SC Magazine UK

As many as 66,000 votes in the New South Wales state election 2015 could have been tampered with. The election was held on  28 March 2015 and is now closed. Voters used the iVote system which is described by its makers as “private, secure and verifiable” in its operation. Further, the Australian Electoral Commission insists that all Internet votes are and were “fully encrypted and safeguarded” at this time. The iVote system is a form of voting where eligible voters can vote over the Internet or telephone as an alternative to voting at a physical polling station. Security is provided using an 8-digit iVote number, a 6-digit PIN and a 12-digit receipt number for each individual. Australia is arguably a perfect test case for electronic voting with its vast distances that prevent some voters from getting to a polling location. A system like this also benefits the disabled and other less mobile voters. However, the system has been derided by non-profit digital rights group the Electronic Frontier Foundation (EFF), “The problem is that the system was not ready to be one of the biggest online voting experiments in the world.” EFF’s Farbod Faraji says that a FREAK flaw has been discovered in the Australian system by Michigan Computer Science Professor J Alex Halderman and University of Melbourne Research Fellow Vanessa Teague.

Colorado: Internet voting in Colorado: What could go wrong? | Communities Digital News

On November 24, 2014 widely reported stories told of Sony Pictures being hacked, resulting in the loss of an incredible amount of intellectual property. Then last month, a massive cyberattack hacked Anthem Blue Cross, leading to a breach of over 11 million customers’ personal information. Now, with the end of the session less than four weeks away, legislators in Colorado—both Democrat and Republican—are working on a bill that could expand the use of internet voting, claiming that it is safe and secure. The bill, known as House Bill 15-1130, would mark the third year in a row that the legislature has tried to overhaul elections in Colorado. Each bill has been worse than the last. In the 2013 session, the Democrat-controlled legislature passed a bill that contained mandatory all mail-in ballots, same day voter registration and reduced residency requirements for any state-wide election. In 2014, they extended these bad ideas to local elections.

National: Technology aims to improve the voting experience | The Washington Post

In an age where people can transfer money using their mobile device, it’s not hard to envision a future where citizens wake up on Election Day, pull out their phones and choose the next leader of the Free World on the way to work. Last week, a federal election agency took a small step toward that futuristic vision. … The updated guidelines will allow manufacturers to test machines against modern security and disability standards and get them certified for use by states ahead of the 2016 presidential election. … When it comes to Internet-based voting systems, many experts argue there’s no clear solution to address the issues of security and verifiability. A securely designed online system also needs to be easy to use, and so far that goal has eluded researchers, said Poorvi Vora, an associate professor of computer science at George Washington University who has researched Internet voting systems. Vora is part of a group of academics, computer scientists, election officials and activists working on a project led by the Overseas Vote Foundation, an Arlington, Va.-based nonprofit, to answer one question: Is it possible to design a system that lets people vote remotely in a secure, accessible, anonymous, convenient and verifiable manner? The answer so far is no, but the group says it is close to a possible solution and will present its design to the election research community and federal agencies this summer. As with health records or financial data, online security remains an obstacle.

Australia: NSW iVote ballot mistake put down to human error | ZDNet

New South Wales Electoral Commission (NSWEC) CIO Ian Brightwell has defended the state’s online iVote system for the second time in as many weeks, after concerns were raised that a ballot error could put the state’s Legislative Council results in question for some seats. In the first two days of voting for the NSW state election, which was held on March 28, an error on the electronic ballot paper used for the online iVote system saw voters unable to vote above the line for two parties. … Brightwell’s defence of the NSW iVote system comes just two weeks after he fended off claims by online security researchers that the system had been vulnerable to a range of potential attacks, including those using the FREAK vulnerability. At the time, Brightwell played down the findings of the two researchers, Michigan Computer Science professor J Alex Halderman and University of Melbourne research fellow Vanessa Teague, saying that the vulnerability claims had been “overstated”.

Australia: New South Wales Attacks Researchers Who Found Internet Voting Vulnerabilities | Electronic Frontier Foundation

A security flaw in New South Wales’ Internet voting system may have left as many as 66,000 votes vulnerable to interception and manipulation in a recent election, according to security researchers. Despite repeated assurances from the Electoral Commission that all Internet votes are “fully encrypted and safeguarded,” six days into online voting, Michigan Computer Science Professor J. Alex Halderman and University of Melbourne Research Fellow Vanessa Teague discovered a FREAK flaw that could allow an attacker to intercept votes and inject their own code to change those votes, all without leaving any trace of the manipulation. (FREAK stands for Factoring RSA Export Keys and refers to the exploitation of a weakness in the SSL/TLS protocol that allows attackers to force browsers to use weak encryption keys.) But instead of taking the researchers’ message to heart, officials instead attacked the messengers.

Australia: Could NSW be facing a second Legislative Council election? | ABC Elections

As the count for the NSW Legislative Council creeps to a conclusion, there remains an outside possibility that an error in the NSW Electoral Commission’s iVote system could put the result at risk. For the first two days of voting for the election, the electronic ballot paper used for iVoting contained an error. Two of the groups on the ballot paper, the Outdoor Recreation Party in Group B, and the Animal Justice Party in Group C, were shown on the ballot paper without an above the line voting square. Around 19,000 iVotes were cast before the error was spotted. The error did not prevent votes being cast for candidate of the two parties, but it made voting for the two parties above the line impossible.

Illinois: Chicago mayor’s race: Why you aren’t voting from a smartphone | Chicago Tribune

As Chicagoans trek to the polls Tuesday for the city’s first-ever mayoral runoff election, some may wonder why they can’t yet vote from the palms of their hands. “For me the biggest benefit of online voting would be convenience,” said K.C. Horne, a 26-year-old accountant from Edgewater. “If I can file my taxes from my phone, I should be able to vote from my phone.” But so far, both technological and legislative hurdles have sharply limited the use of online voting. One major difference: The need to keep the user’s identity secret makes filing ballots different from other secure online transactions. “It’s an unconventional transaction where you have to be able to do business with me, but I can’t know exactly what you’re buying,” said Chicago Board of Election Commissioners spokesman Jim Allen.

Philippines: Comelec doubtful on touch screen technology | Philippines Star

Voters in the coming elections may not be able to try out the new automated election system (AES) after all. The Commission on Elections (Comelec) is reportedly having second thoughts on pilot-testing the touch screen technology and Internet voting system for the 2016 electoral exercise. A Comelec source, who spoke on condition of anonymity, said the commission is reviewing a previous decision to pilot test the Direct Recording Electronic (DRE) or touchscreen technology.

United Kingdom: E-voting is increasingly on the cards, but reformers remain sceptical | Computer Business Review

As the short campaign of the this year’s general election begins apace, technologists and electoral reformers are wondering whether this will be the last time the country goes to the polls without access to some form of online voting. Back in January the House of Commons speaker John Bercow again raised the possibility that the next election, expected in 2020 now that parliament has a five-year fixed term, could be the first in which citizens can vote online. Experiments in other countries have led some to question the wisdom of such a move. Having worked as an election official in the 2008 US presidential election, Paco Hope, principal consultant at software security firm Cigital, warns that fraud could rise if the technology is implemented. “I’m not sure that you can secure it,” he says, arguing that the voting process could be hijacked by hackers. “We can’t make websites that are resistant to the type of attacks that target an election.”

Australia: NSW state election 2015: Legal challenge looms over upper house iVote error | Sydney Morning Herald

A micro-party that is gunning for the final spot in the NSW upper house is likely to mount a legal challenge if it loses, potentially sending voters back to the ballot box. The Animal Justice Party is battling it out with the No Land Tax Party, and the three major parties, for the last of 21 upper house seats being contested at Saturday’s election. However an early hiccup with the state’s electronic voting system, iVote, saw AJP and another party left off the “above the line” section of the ballot paper. About 19,000 votes were cast before iVote was suspended and the problem, which was due to human error, was fixed.

United Kingdom: Why electronic voting isn’t secure – but may be safe enough | The Guardian

We do everything online – book doctors’ appointments, manage our bank accounts and find dates – but we still can’t yet vote from our PCs or smartphones. By 2020 that should be set to change, with a government report calling for online voting to be trialled again by that year. But critics continue to call for caution, saying electronic voting isn’t secure enough to trust for the basis of our democracy – and may never be. The UK has run trials for local elections before – in 2002, 2003 and 2007 – and Estonia famously became the first to offer online voting for its general election for parliament in 2007. However, Meg Hillier, Labour MP and member of the digital commission that wrote the 2020 report, admitted that the team was “not set up to investigate in detail the issues of security and the mechanisms for delivering that,” hoping that the Electoral Commission “and others will take that on”. …  Despite spending years developing GNU.FREE, an open-source online voting system, Jason Kitcat – leader of Brighton and Hove City Council – isn’t a fan of e-voting (nor is his party). “Through working on this I came to the conclusion, now shared by most computer scientists, that e-voting cannot be delivered securely and reliably with current technology. So I stopped developing the system but continued to campaign on and research the issues,” he said. That includes observing e-voting and e-counting systems used in the UK and Estonia. His reports don’t make for encouraging reading.

Australia: There’s a huge design flaw in the NSW online voting system which Labor wouldn’t be happy about | Business Insider

New South Wales goes to the polls today and despite incumbent Liberal Premier Mike Baird being the clear favourite there’s a huge design flaw on the online voting platform which could cost the Labor government votes. It’s all got to do with the user experience of the NSW Electoral Commission’s online iVote system which is clunky to start with. After registering to use the platform and figuring out how to commence the voting process the ballot paper for the lower house appears on the screen, all candidates can be viewed, you can scroll up and down, fine. The problem becomes apparent when voting above or below the line. Even when the paper is enlarged on a 24 inch monitor, it doesn’t render to fit so this is what voters see. However, to the right of that are all the other options (including the Labor party). And while there are big red arrows at the top, that’s not where a user usually focusses their attention, a user experience designer, who wished to not be named, told Business Insider.

Editorials: Online voting still faces security issues | Mark Pomerleau/GCN

For those interested in expanding voting access by allowing voters to cast their ballots over the Internet, one government expert/activist has bad news – the security and privacy risks associated with Internet voting won’t be resolved anytime soon. David Jefferson, computer scientist in the Lawrence Livermore’s Center for Applied Scientific Computing, has studied electronic voting and security for more than 15 years. He believes “security, privacy, reliability, availability and authentication requirements for Internet voting are very different from, and far more demanding than, those required for e-commerce.” In short, voting is more susceptible to attacks, manipulation and vulnerabilities. Some champions of Internet balloting believe the safeguards that protect online shoppers from hackers can also protect the sensitive information and meet the legal regulations associated with voting online. Advocates further believe that Internet voting will increase turnout, cut costs and improve accuracy. Jefferson refuted these claims by asserting that there currently is no strong authentication or verification solution for online shopping. Also, while proxy shopping is a common occurrence and is not against the law, proxy voting is not allowed.

New Zealand: Online voting is not the answer | Brian Rudman/New Zealand Herald

Mayor Len Brown wants the Government to rethink its ban on Auckland taking part in the online voting trial at the 2016 local body elections. Auckland has been excluded at this stage because, with 1,050,000 electors, the bureaucrats are worried about their ability “to mitigate any risk”. Auckland Council sees online voting as part of its campaign to lift voter turnout to “at least” the 2013 national average of around 40 per cent at next year’s poll. In 2013, only 34 per cent of enrolled Auckland voters bothered. … In the aftermath of the 2013 low turnout, Local Government Minister Chris Tremain announced plans to fast-track trials of online voting. Last December, the Cabinet agreed to a limited number of local authorities trialling it in 2016. But not Auckland. Their fears about risk seem well placed.