Maine: Cyberattack strikes Maine website for second day | WMTW

For the second day in a row, an apparent cyberattack took down the state of Maine’s website. A Twitter account with the handle Vikingdom2015 posted Tuesday morning that Maine.gov will be offline for more than five hours. Another post said other hackers helped make the website unaccessible. Service to Maine.gov was restored by 9:45 a.m.  The outages lasted about 2 1/2 hours. On Monday, Vikingdom2015 took credit for knocking out Maine.gov for three hours.

Australia: NSW election result could be challenged over iVote security flaw | The Guardian

The result of the NSW election this Saturday is likely to be challenged after a security flaw was identified that could potentially have compromised 66,000 electronic votes. A number of parties, including the Greens, the National party and the Outdoor Recreation party have told Guardian Australia they would consider all of their options after the “major vulnerability” was revealed in the iVote system, an internet voting program being trialled for the first time this year. But a senior NSW Electoral Commission official said fears of vote tampering were overblown and the work of “well-funded, well-managed, anti-internet voting lobby groups”. While the iVote website itself is secure, Melbourne University security specialist Vanessa Teague discovered on Friday that it loaded javascript from a third-party website that was “vulnerable to an attack called the FREAK attack”. “The implication is that an attacker who controls some point through which the user’s traffic is passing could substitute that code for a code of the attackers’ choice,” she said. In layman’s terms, a hacker could intercept a vote for party A and turn it into a vote for party B without alerting the voter or the NSW Electoral Commission.

Utah: GOP, Dems plan online Presidential Primary in 2016 | Fox13

Utah’s two major parties are poised to try something that could set an example for the rest of the country. One of them chose to do it, the other would rather focus on other things. Utah Democrats wanted Utah Legislators to pay $3 million to hold a statewide presidential primary during the 2016 election. Utah’s June primary for other races is too late for ballots to count in a party nomination.

Australia: NSW iVote security flaw may have affected thousands of votes: Researchers | Computerworld

Thousands of NSW state election votes submitted to iVote may have been affected by a server vulnerability according to two security researchers who discovered the issue. University of Melbourne Department of Computing and Information Systems research fellow, Vanessa Teague, and Michigan Centre for Computer Security and Society director ,J.Alex Halderman, posted a blog with their findings on March 22. “The iVote voting website, cvs.ivote.nsw.gov.au, is served over HTTPS. While this server appears to use a safe SSL configuration, the site included additional JavaScript from an external server,” wrote the researchers.

United Kingdom: Security bug in Australia’s online voting system throws doubt on Britain’s digital election goal | Information Age

Britain’s hopes of enabling online voting in general elections by 2020 have faced a dose of reality after a security vulnerability in an Australian system was exposed. The iVote system was introduced for the New South Wales (NSW) State Election in 2011 for voters who are more than 20 kilometres from a polling station, and has also been used in subsequent state by-elections. But its use in NSW’s state election this month has faced intense scrutiny after researchers discovered a major security hole that could allow a hacker to read and manipulate votes. With 66,000 online votes already cast by the time Vanessa Teague and J. Alex Halderman, of the University of Melbourne and University of Michigan respectively, disclosed their revelation, the legitimacy of the entire election has been called into doubt.

Utah: Democrats Planning Online Presidential Primary in 2016 | Utah Policy

When lawmakers failed to pass HB 329, it basically left Utah’s Democrats, and other parties, up the creek without a paddle for their 2016 presidential primary. Right now, Utah’s presidential primary is scheduled for the same date as the primary election in June of 2016. That date is too late for both the Republicans and Democrats as it puts Utah’s election too close to the national conventions. That’s a problem because it makes Utah “out of compliance,” meaning the parties could suffer penalties from the national parties, possibly losing delegates. HB329, sponsored by Rep. Jon Cox, R-Ephriam, allocated $3 million to move the primary from June to March. That didn’t happen, so Utah’s primary stays on the June date. The Utah Republicans already have a work around. Party Chair James Evans is pushing to switch to a caucus instead of a primary. He’s aiming to increase participation in their caucus meetings. He also is reportedly planning to charge candidates somewhere in the neighborhood of $50,000 each to participate.

Australia: International experts warn of the risks of Australian online voting tools | Sydney Morning Herald

Australia and other countries are a decade or longer away from safe methods of online voting in state and national elections and current tools pose a serious risk to democratic processes, people at a public lecture heard on Monday night. University of Michigan researcher J Alex Halderman and University of Melbourne research fellow Vanessa Teague said online voting in Saturday’s New South Wales election could have been seriously compromised through security weaknesses in the iVote system, being used in the upper house. The pair, in a a public lecture at the Australian National University, said that internet voting continued to raise some of the most difficult challenges in computer security and could not be considered completely safe. They reported faults in the NSW system to electoral authorities last week, ahead of as many as 250,000 voters using online systems to participate in the ballot.

Australia: NSW Electoral Commission downplays iVote flaw | CNET

The NSW Electoral Commission has responded to reports of a flaw in its iVote online voting portal, saying that although the risk of its website being compromised was low, it has taken action to fix the flaw. The Commission has also raised questions about the authors of the findings, noting that the two academics behind the research are also board members for a group that lobbies against online and electronic voting in the United States. According to the Chief Information Officer and Director of IT for the NSW Electoral Commission, Ian Brightwell, the flaw discovered in the iVote system required three or four preconditions in order to be exploited. While Brightwell said a hack was “unlikely,” he said the Commission moved swiftly to respond to the problem.

Australia: Online voting system may have FREAK bug | The Register

Next weekend, voters in the Australian State of New South Wales go to the polls to elect a new government. Some have already cast their votes online, with a system that may be running the FREAK bug. So say Vanessa Teague and J. Alex Halderman, respectively a research fellow in the Department of Computing and Information Systems at at the University of Melbourne and an assistant professor of computer science and engineering at the University of Michigan and director of Michigan’s Center for Computer Security and Society. The system in question is called iVote system and was launched in 2011 to assist voters who live 20 kilometres or more from a polling station, or those will be overseas or interstate on election day. But Teague and Halderman say their proof-of-concept probe on a “practice” system showed it is possible to “… intercepts and manipulate votes … though the same attack would also have succeeded against the real voting server,” the pair wrote in analysis.

Australia: NSW Electoral Commission scrambles to patch iVote flaw | ZDNet

The analytics service used by the New South Wales electronic voting system, iVote, left voters vulnerable to having their ballots changed, according to security researchers. The iVote system was originally implemented ahead of the 2011 state election for vision-impaired voters and those living in rural areas who have difficulty reaching polling places, but the government is expanding the use of the iVote system as part of the election on March 28, and has taken approximately 66,000 votes since early polling opened last week. Researchers Vanessa Teague from the Department of Computing and Information Systems at the University of Melbourne, and J Alex Halderman from the University of Michigan Centre for Computer Security, found that while the voting website uses a safe SSL configuration, it includes JavaScript from an external server that is used to track site visitors. This, they said, would leave the iVote site open to a range of attacks, including FREAK.

Australia: iVote flaw ‘allowed vote to be changed’; electoral commission fixes vulnerability | ABC

A “major security hole” that could allow an attacker to read or change someone’s vote has been discovered in the New South Wales online iVote platform, security experts say. The iVote system allows people to lodge their votes for Saturday’s state election online, instead of visiting a physical polling station. It aims to make voting easier for the disabled or for people who live long distances from polling booths. However computer security researchers said they found a critical issue and alerted the NSW Electoral Commission on Friday afternoon. University of Melbourne research fellow Vanessa Teague, who found the security vulnerability, said it was a difficult hack to pull off, but could potentially affect ballots en masse. “We’ve been told repeatedly that votes are perfectly secret and the whole system is secure and it can’t be tampered with and so on, and we’ve shown very clearly than that’s not true – that these votes are not secret and they can be tampered with,” Ms Teague said.

Australia: Security flaw in New South Wales puts thousands of online votes at risk | Freedom to Tinker

New South Wales, Australia, is holding state elections this month, and they’re offering a new Internet voting system developed by e-voting vendor Scytl and the NSW Electoral Commission. The iVote system, which its creators describe as private, secure and verifiable, is predicted to see record turnout for online voting. Voting has been happening for six days, and already iVote has received more than 66,000 votes. Up to a quarter million voters (about 5% of the total) are expected to use the system by the time voting closes next Saturday. Since we’ve both done extensive research on the design and analysis of Internet voting systems, we decided to perform an independent security review of iVote. We’ll prepare a more extensive technical report after the election, but we’re writing today to share news about critical vulnerabilities we found that have put tens of thousands of votes at risk. We discovered a major security hole allowing a man-in-the middle attacker to read and manipulate votes. We also believe there are ways to circumvent the verification mechanism.

Australia: Legal action considered over online voting glitch | Northern Star

Minor parties are threatening legal action after being omitted from the “above-the-line” section of the electronic ballot for the New South Wales election. About 19,000 votes were received before the NSW Electoral Commission realised the Animal Justice Party and the Outdoor Recreation Party had been left off the top section. In a preferential system, it is a major concern. Voters who do not wish to number their preferences can take the easy option and just write “1” next to the party they favour – above the line.

Australia: New South Wales online ballot error ‘disadvantaged’ parties, court action flagged | ABC

A political party accidentally left off online versions of ballot papers has indicated it could take court action after the New South Wales election. The iVote online voting system was suspended for much of yesterday after the NSW Electoral Commission was alerted to the error by the Outdoor Recreation Party’s Peter Whelan. The system is available to voters who are vision impaired, have reading difficulties, live more than 20 kilometres from a polling station or will be out of the state on election day. Mr Whelan said he was shocked when he logged on to the website yesterday. Despite his party having drawn a sought-after Group B “above the line” position on the Upper House ballot paper, it did not appear there on the electronic version. The Animal Justice party, which drew Group C on the ballot, was also omitted.

Australia: New South Wales e-vote system taken down | The New Daily

New South Wales’ online voting system was suspended for six hours because of an error on the Upper House ballot paper for the state election. The NSW Electoral Commission (NSWEC) “paused” the iVote system after two parties were omitted from a section of the paper. The iVote system is available to voters who are vision-impaired, have reading difficulties, live more than 20km from their nearest polling station or will be interstate or overseas on election day. The Animal Justice Party and the Outdoor Recreation Party were left off the “above the line” section of the paper, the ABC reports. By 5pm Tuesday the iVote website was back up and running.

National: Security risks and privacy issues are too great for moving the ballot box to the Internet | Phys.org

Contrary to popular belief, the fundamental security risks and privacy problems of Internet voting are too great to allow it to be used for public elections, and those problems will not be resolved any time soon, according to David Jefferson, who has studied the issue for more than 15 years. Jefferson, a computer scientist in the Lawrence Livermore’s Center for Applied Scientific Computing, discussed his findings in a recent Computation Seminar Series presentation, entitled “Intractable Security Risks of Internet Voting.” His study of Internet voting issues is independent of his Lawrence Livermore research work. Nonetheless, he reminded the audience that “election security is a part of national security,” noting that this is a primary reason he is so passionate about this issue. “I am both a technical expert on this subject and an activist,” Jefferson emphasized in his introductory remarks. “Election security is an aspect of national security and must be treated as such.” The view held by many election officials, legislators and members of the public is that if people can shop and bank online in relative security, there’s no reason they shouldn’t be able to vote on the Internet, Jefferson said. “Advocates argue (falsely) that Internet voting will increase turnout, reduce costs and improve speed and accuracy.” They promote the idea that “you can vote anytime, anywhere, even in your pajamas.”

Australia: NSW’s online gamble: why internet and phone voting is too risky | The Conversation

Up to 250,000 votes are expected to be cast using the iVote electronic voting system between March 16 and the close of polls on March 28 in the New South Wales election. That would represent a massive increase on the 46,864 votes at the 2011 state election and could mean about 5% of the total vote is cast electronically, using a telephone or via the internet. It looks set to be by far the biggest test of electronic voting in Australia, which has largely been limited to small trials in the past, and one of the largest online votes worldwide. If the NSW election proves to be close, those electronic votes could prove crucial. But before electronic voting begins on Monday, people in NSW should be warned: there are many unanswered questions about the integrity and privacy of those votes. Late last year, the federal Joint Standing Committee on Electoral Matters recommended against electronic voting in federal elections. Its report concluded that:

Australia is not in a position to introduce any large-scale system of electronic voting in the near future without catastrophically compromising our electoral integrity.

National: Why Internet voting remains a risky proposition | FCW

Voting in public elections via the Internet could be a national security risk, according to a researcher at Lawrence Livermore National Laboratory’s Center for Applied Scientific Computing. In a presentation titled “Intractable Security Risks of Internet Voting,” computer scientist David Jefferson said the risks of electronic ballots cast via the Web far outweigh the conveniences such systems can offer. He presented his conclusions at a recent LLNL Computation Seminar Series, though his efforts in that area are independent of his work at the lab. In addition to his research into high-performance computing applications at LLNL, he serves on a number of state and federal government panels that focus on election security issues, especially those related to electronic and Internet-based voting, and is on the board of directors of the California Voter Foundation.

Utah: Bill for presidential primary and limited internet voting advances | Standard Examiner

An Ephraim lawmaker’s bill to provide for Utah’s participation in a Western States Presidential Primary in March 2016, along with internet voting options for military personnel and people with disabilities advanced out of committee Thursday with a 7-1 vote. “We have two options in state statute and it is an appropriations decision,” Rep. Jon Cox, R-Ephraim, sponsor of HB329, said of the $3 million implementation cost. “If that’s something we feel is worth that expense, at certain times we’ve said yes in our state’s history and other times we’ve said no.” The other option Cox referenced is the caucus system where delegates select the party’s presidential nominee.

Australia: NSW state election 2015: China may seek to hack electronic votes: report | The Canberra Times

If you thought Chinese intelligence agencies had more on their minds than the NSW election, you should think again, according to a security analysis that found our key trading partner may seek to disrupt the state’s democratic big day. A report commissioned by the NSW Electoral Commission warned cyber attacks could be waged against iVote, an electronic system that will allow eligible people to vote in the March 28 election using the internet or a phone. Up to 200,000 voters are expected to register. The consultants’ report, parts of which have been labelled “silly”, lumped groups such as al-Qaeda and the governments of China, North Korea and Iran with the home-grown “threat” of anti-coal and refugee activists. It claimed covert groups with a “broad spectrum of capability” may use “offensive actions” to influence the NSW election result, embarrass authorities or gain media attention.

Canada: Online voting still years away at the federal level | Northern Life

While it was a success in Greater Sudbury last October, online voting is still years away at the federal level, says Canada’s chief electoral officer. Marc Mayrand, who was in Sudbury on Sunday getting local election workers ready for this year’s federal election, said there are still too many issues with online voting for it to be done on a scale as big as a national vote. “The technology is there,” Mayrand said. “But there’s still issues around security (and) verification … Hackers are getting ever more sophisticated. And there are also concerns around transparency.” There’s also worry about switching from a system where election officials personally witness people voting, to one where voters use a PIN number to cast a ballot at home, or wherever they happen to be.

Canada: Edmonton executive committee to petition the province to allow online voting | Edmonton Sun

Future elections are one step closer to including e-ballots as Edmonton’s executive committee voted Tuesday to petition the province to allow online voting. A brief report was brought to the committee at the request of Coun. Andrew Knack outlining what it would take for the city to include internet voting for future elections. “There’s no foolproof system,” admitted Knack, a proponent of online voting, in response to concerns raised about the potential threats that web-based elections may pose. Computer programmer Chris Cates voiced those concerns to the committee. “I see the Internet as full of risks,” Cates said. “In the long run, something is going to happen.” He referred to issues that were found in the online voting that the Alberta PC Party used when choosing Jim Prentice to lead them as an example of what can go wrong and warned that one person could seriously jeopardize the system. He added a recount would be relatively impossible because no paper ballots would be available to count.,

Kansas: Proposed bill would change out-of-state voting | The Salina Post

During the November mid-term election, state Sen. Oletha Faust-Goudeau’s daughter was unable to vote while attending college in Texas. She intended to vote but her advanced ballot did not arrive in the mail until after the election. Last week, the Senate Ethics Committee heard amendments to Senate Bill 41 that would allow students attending a college or university outside the state to vote electronically. Under current Kansas law, voters in the armed services and their families residing outside the U.S. may request to vote through electronic means either through their county elections officer or the secretary of state. SB 41 recognizes that out-of-state residents cannot always vote timely by mail. Faust-Goudeau, D-Wichita, the committee’s ranking minority member, said an electronic voting method would have allowed her daughter and other out-of-state students to cast their votes. “I just see…the students, especially in that age category, casting their vote electronically,” Faust-Goudeau said. “It’s what they do now.”

Canada: Internet voting isn’t a big draw for younger voters, researcher says | CBC

A researcher looking at internet voting says older Sudburians were more likely to use the internet to cast a ballot in the last municipal elections. Sudbury was one of 47 Ontario municipalities to use the internet in the October vote for mayor and council. The research director at the Centre for E-Democracy in Toronto said the results of questionnaires show more than half of internet voters in Sudbury in October were older — between 45 and 64 years old. Only 15 per cent were 34 years old and younger.

Editorials: 5 Ways To Fix America’s Dismal Voter Turnout Problem | ThinkProgress

Voter turnout in the U.S. during the last midterm election hit the lowest point since the 1940s. The number of Americans heading to the polls each election has been declining for the last fifty years and lawmakers have recently been pushing efforts to keep even more people away from the polls. People do not exercise their right to vote for various reasons, some of which are easier to solve than others. According to a U.S. … Voters can already use their smartphones in some cities to simplify daily tasks like tracking how long they have to wait for a bus or train. So why shouldn’t information about polling places be available online? Joe Kiniry, the principal investigator with computer science company Galois, said that while he was working in Denmark, he helped to build a system voters could use to figure out the length of lines at polling places. “Of course it’s doing that by watching people’s cell phones as they walk into the polling place and figuring out how long it took you to get to the front of the line, how long it took you to leave,” he said. “So in the adoption of this cheap, easy technology… we’ve now traded off the cost and efficiency of an election with the privacy of voters.”

Verified Voting Blog: Just Ducky

If it looks like a duck, walks like a duck, and quacks like a duck, it’s a duck.  It is not a seagull.  People will, understandably, refer to it as a duck.  Deciding to call it a seagull does not cause it to cease being a duck and does not transform it into a seagull.  With me so far?  An election held by a California city is an “advisory election” if its purpose is to enable only the city’s registered voters to voice their opinions on substantive issues in a non-binding manner.  City advisory elections are subject to the California Election Code’s general requirements and prohibitions.

Now consider the following scenario.  A small California city’s leaders, and the elections system vendor they hire, plan an election that in all respects is described by California Elections Code section 9603.  The city leaders and vendor publicly and consistently refer to the planned activity as an “advisory vote” and “advisory election.”  The city is notified that the election will be illegal, both because it will use an Internet voting system, prohibited by the Elections Code, and because the system is not state-certified, as required by the Elections Code.   With just two weeks to go, the city’s leaders and vendor respond by re-labeling the planned activity a “poll” or “community poll” but make no other changes.

Lithuania: Parliament to discuss legalizing online voting in elections | Xinhua

Lithuanian government approved an initiative on Monday under which online voting could be allowed as soon as in 2016. The proposal to allow e-voting in Lithuania has been put forward by two ministers of the Lithuanian social-democratic cabinet at a governmental meeting and given green light for the further discussions in the parliament. “We have discussed the proposal, it has been approved and forwarded for discussions in the parliament’s spring session,” Juozas Bernatonis, minister of justice, told journalists after the meeting.

Editorials: Can Open-Source Voting Tech Fix the U.S. Elections System? | Techonomy

American voting technology is trapped in the last millennium. This lifeline to democracy is kept secret—closed off from public inspection and controlled by large businesses. It is decades old to boot. Our voting methods ought to be at least as cutting edge as our selfie apps, but they’re not. “Our nation’s elections systems and technology are woefully antiquated. They are officially obsolete,” says Greg Miller of the TrustTheVote Project, an initiative to make our voting system accurate, verifiable, transparent, and secure. He adds: “It’s crazy that citizens are using twentieth-century technology to talk to government using twentieth-century technology to respond.” Miller and others are on a mission to change that with an entirely new voting infrastructure built on open-source technology. They say open source, a development model that’s publicly accessible and freely licensed, has the power to upend the entire elections technology market, dislodging incumbent voting machine companies and putting the electorate at the helm. With Miller’s system, we’d still go to the polls to vote and use a machine to cast our ballot. But the software on that machine would be completely open to public inspection. While coders wouldn’t be able to edit or tamper with the code, technically literate citizens would be able to, in effect, cross-examine the processes tabulating all of our votes, verifying their integrity and assuring accountability.

Washington: Bills would allow voters to vote through email, fax, and without postage | News Tribune

Two bills in the Legislature aim to simplify the process of voting: One through providing prepaid postage on ballots, and the other by allowing voters to return ballots by email and fax. … The state would reimburse counties for the cost of postage. Critics say they support the intent of the bill, but are concerned about where to find the money. The bill would require $2.7 million in the next two-year budget, according to the Office of the Secretary of State. Counties would have to pay for the postage initially until they get reimbursed by the state. … Another proposal to allow ballots and signed declarations to be faxed or emailed also is prompting concern. House Bill 1143 would allow voters to do so by election night, without having to turn in a hard copy of their ballots to the county auditor. Armed forces members and overseas voters vote this way.

California: Why not vote with your home computer? | San Diego Reader

Despite protests from a psychiatrist, Del Mar will be allowed to proceed with an online poll of local registered voters, an act city officials say does not constitute an election and thus is exempt from state laws prohibiting online voting. … Dr. Edward Mohns, however, sued the city and San Diego–based Everyone Counts Inc., the company that received the contract to set up and monitor the poll on January 29, arguing that the system “has not been certified by the California Secretary of State.” The courts acted swiftly, ruling the next day that Mohns’s request for an injunction could not go through because he could not demonstrate that he would specifically be harmed from the poll-taking.