Tens of thousands of military and overseas Americans casting ballots online this fall face a high risk of being hacked, threatening to cause chaos around Election Day if their votes get manipulated or they transmit viruses to state and local election offices. More than 30 states — including battlegrounds such as Colorado, Florida, Iowa, Nevada and North Carolina — allow various methods of online voting for citizens living outside the U.S. While state officials insist their ballots will be counted without any serious problems, ample warnings are nonetheless being sounded from the left, right and even inside the federal government that internet votes can’t be securely transmitted in today’s everything-is-hackable environment. “It’s not something you would do with your Social Security number. You shouldn’t do it with your ballot,” warned Susannah Goodman, director of voting integrity at Common Cause. It’s a point of pride for many states that Americans abroad and overseas troops can even cast a ballot online using the latest in technology, giving these voters a say on their next commander in chief even if they’re stationed in a remote or even hostile location, like Afghanistan or Iraq.
The United States presidential election is a complex, drawn-out affair. After months of raucous campaigning at the expense of hundreds of millions of dollars, the lengthy voting process to choose Barack Obama’s successor finally got underway with the Iowa caucuses. Once the two main political parties – Democratic and Republican – choose their respective nominees through party-sponsored contests in each of the states and overseas territories, the process of electing the 45th President of the United States in the general elections scheduled for November will begin. But how secure is the all-important process of marking and casting ballots and then collecting and counting them? Could the use of outdated electronic voting systems with dubious safety controls compromise the integrity of the entire electoral process, or is the threat exaggerated?
As America preps for the next presidential election, its voting machines are in need of a serious update. Almost every state is using electronic touchscreen and optical-scan voting machines that are at least 10 years old, according a recent Wired article, with Florida, Kentucky, Massachusetts, New Hampshire, Texas and Virginia are all using voting machines that are at least 15 years old. When these machines were introduced, dial-up Internet was used by most of the country, and the voting technology was equally primitive. These outdated machines have a litany of problems including degrading touchscreens, worn-out modems and failing memory cards. And this is before one considers the cybersecurity issues.
America’s voting machines are archaic and rundown, a recent study showed, and security experts have warned that voter machines are vulnerable to hacking. Enter Blockchain Technologies Corp, a company that hopes to replace existing proprietary machines with secure, open-source voting machines that use the blockchain, the technology behind Bitcoin. … Advocates say blockchain-based elections are transparent and secure. They’ve been tested by the Liberal Alliance in Denmark and the European Pirate Party. And now, Blockchain Technologies Corp. is developing an actual voting machine that will record votes using a blockchain. … However, there’s only so much that blockchain technology can do. “Blockchain technology can provide untamperable audit trails, but it doesn’t solve the hard problem that erroneous or malicious software in the voting machine may cast votes other than how the voter intended, and the voter will never be able to know,” explains Jeremy Epstein, senior computer scientist at SRI International who actively warned about the security of Virginia’s machines.
If you voted in a Virginia election any time between 2003 and April of this year, your vote was at serious risk of being compromised by hackers. That’s the assessment reached by Virginia’s board of elections, which recently decertified some 3,000 WINVote touchscreen voting machines after learning about security problems with the systems, including a poorly secured Wi-Fi feature for tallying votes. The problems with the machines are so severe that Jeremy Epstein, a computer scientist with SRI International who tried for years to get them banned, called them the worst voting machines in the country. If the WINVote systems weren’t hacked in a past election, he noted in a recent blog post and during a presentation last week at the USENIX security conference, “it was only because no one tried.” The decision to decommission the machines, which came after the state spent a decade repeatedly ignoring concerns raised by Epstein and others, is a stark reminder as the nation heads into the 2016 presidential election season that the ongoing problem of voting machine security is still not taken seriously by election officials. Virginia officials only examined the WINVote systems after Governor Terry McAuliffe tried to vote with one during the state’s general elections last November.
Like hundreds of thousands of other Virginians, I’ve been casting ballots for over a decade using Winvote voting machines. I now have physical proof of how catastrophically insecure those machines are. It’s a tiny key that opens the plastic door hiding the USB port on every Winvote terminal. This keepsake came my way at an eye-opening presentation about voting-machine security at this past Tuesday’s Usenix Security Symposium in Washington. Jeremy Epstein, a security scientist with SRI International, has spent years investigating the weaknesses of these and other electronic voting systems. But even he didn’t know how bad Winvote terminals were untilthis past April.
Jeremy Epstein, senior computer scientist at non-profit research institute SRI International spoke to the Computer Weekly Developer Network blog this week to share his views on the possibility of electronic voting security. Epstein says that although some e-voting is happening in the US, Estonia and other countries — this is not *secure* e-voting, it’s just e-voting. Every system developed so far has been found to be insecure. “From a technical perspective, we’re at least 10 years away from secure e-voting, and many experts think we’re 20 or 30 years away,” he said.
The world is moving online and so too now is politics. But as online, electronic voting (e-voting) increasingly becomes a reality, are we opening ourselves up to vote rigging by power-hungry politicians or fame-seeking hackers? Voting has traditionally been a pen and paper exercise; a slip filled-in and placed into a sealed ballot, with results counted and recorded by independent volunteers. Of course, this doesn’t mean that the result can’t be swayed, unintentionally or otherwise. There have been some notorious examples of foul play – Slobodan Milošević was accused of rigging elections in 1996 and 2000 in Yugoslavia – while errors can also occur, as best illustrated by the 2000 US presidential election, when a fault with Florida’s ballot paper led some people to vote for the wrong candidate. … These risks are only magnified when voting systems are pushed online. Brazil, Belgium and Estonia are just a few examples of the countries to have taken to e-voting, and while they have seen the benefits from the improved speed, accessibility and legibility (no more illegible ticks or crosses), they are arguably more open to attack.
On April 14, the Virginia State Board of Elections voted to immediately decertify use of the AVS WinVote touch-screen Direct Recording Electronic voting machine. That means that the machine, which the Washington Post says was used by “dozens of local governments” in Virginia, can’t be used any more, though the commonwealth is holding primaries in just two months. The move comes in light of a report that shows just how shoddy and insecure voting machines can be. As one of my colleagues taught me, BLUF—bottom line up front: If an election was held using the AVS WinVote, and it wasn’t hacked, it was only because no one tried. The vulnerabilities were so severe, and so trivial to exploit, that anyone with even a modicum of training could have succeeded. A hacker wouldn’t have needed to be in the polling place—he could have been within a few hundred feet (say, in the parking lot) and or within a half-mile if he used a rudimentary antenna built using a Pringles can. Further, there are no logs or other records that would indicate if such a thing ever happened, so if an election was hacked any time in the past, we will never know.
Verified Voting in the News: Voting machine password hacks as easy as ‘abcde’, details Virginia state report | Guardian
Touchscreen voting machines used in numerous elections between 2002 and 2014 used “abcde” and “admin” as passwords and could easily have been hacked from the parking lot outside the polling place, according to a state report. The AVS WinVote machines, used in three presidential elections in Virginia, “would get an F-minus” in security, according to a computer scientist at tech research group SRI International who had pushed for a formal inquiry by the state of Virginia for close to a decade. In a damning study published Tuesday, the Virginia Information Technology Agency and outside contractor Pro V&V found numerous flaws in the system, which had also been used in Mississippi and Pennsylvania. Jeremy Epstein, of the Menlo Park, California, nonprofit SRI International, served on a Virginia state legislative commission investigating the voting machines in 2008. He has been trying to get them decertified ever since.
Verified Voting in the News: Hacked Touchscreen Voting Machine Raises Questions About Election Security | NPR
Computer security experts have warned for years that some voting machines are vulnerable to attack. And this week, in Virginia, the state Board of Elections decided to impose an immediate ban on touchscreen voting machines used in 20 percent of the state’s precincts, because of newly discovered security concerns. The problems emerged on Election Day last November in Spotsylvania County. The AVS WINVote touchscreen machines used in precinct 302 began to shut down. “One machine would go and crash. They’d bring it back up. Another one would crash,” said Edgardo Cortes, the state’s elections commissioner. “Starting in the early afternoon, they brought in a piece of replacement equipment that experienced the same issues when they set it up in the precinct.” Cortes added that elections workers had a theory about what had caused the problem. “There was some interference,” he said, “potentially from a wireless signal from an election officer [who] was streaming music on their phone.”
Verified Voting in the News: Cybersecurity panel hears about security risks of internet voting | WVTF
A special cybersecurity panel of the Joint Commission on Technology and Science has voted to move forward with crafting state legislation to enable many deployed military voters to cast their absentee ballots on-line. The panel decided that the pilot program should focus on active-duty military personnel based outside of the continental U.S.–instead of also including spouses and other employees. As proposed, the bill would require signing and scanning of each ballot, a witness, and use of a military smart-ID card that’s encrypted. Local officials would compare the ballots received with matching absentee voting applications and investigate any irregularities. But SRI International’s Jeremy Epstein warned of potential problems, including viruses.
Canada’s Liberal party elected a new leader last week. And for the first time in the party’s history, the voting took place online. Justin Trudeau, the telegenic son of the late Pierre Trudeau, Canada’s most famous prime minister, won in a landslide with over 80 per cent of the vote. But online voting critics say that despite the decisive results, the Internet remains an unsafe place to cast your vote. “If the Conservative party want to select the next Liberal party leader, this provides them with the perfect opportunity,” says Dr. Barbara Simons, an online voting expert, and co-author (with Douglas Jones) of Broken Ballots: Will Your Vote Count? “I am not saying the Conservatives would do this — I’m just saying this is a very foolish and irresponsible thing for Liberals to be doing, because they open themselves up to vote-rigging that would be almost untraceable, and impossible to prove.”
In this November’s presidential election, Virginia voters will cast ballots on machines that use wireless technology state lawmakers barred five years ago to protect voting machines from hackers. Continued reliability and security concerns over electronic voting are not unique to Virginia, or to machines that use wireless technology, but the case illustrates the credibility issues that have plagued electronic voting machines in use across the country in the aftermath of the messy 2000 presidential election, when the federal government mandated changes to election systems and processes. Virginia’s election workers in some precincts use the wireless technology to upload ballots and tally vote totals from multiple machines at a polling station. The wireless electronic tallying is an effort to avoid the human error possible in a manual count. Fears that wireless transmission capabilities could present an opening to hackers led Virginia lawmakers to ban the use of the technology in voting machines in 2007. “It makes it easier to hack systems when you have an open interface that can be accessed remotely from outside the polling place, like in a parking lot,” said Jeremy Epstein, a computer researcher who helped draft the state’s legislation to bar wireless from polling stations. “It magnifies any other vulnerability in the voting system.”
As a security- and risk-assessment professional who is also a Virginia poll worker, I am disappointed by pending state legislation to tighten voter eligibility [“Voter ID fight heats up in Va.,” Metro, Feb. 4]. The proposed changes won’t have the claimed effect. Poll workers receive minimal training; in Virginia, they typically get two hours. Given the complexity of running a polling place, there isn’t time to teach how to check properly for fake IDs. Unlike police officers or supermarket clerks, who use such a skill every day, poll workers would use the skill at most a few days a year, so they won’t have enough practice for proficiency. Because of this, requiring an ID will not prevent voter fraud.
Voters in the recent Iowa caucuses and Tuesday’s New Hampshire primary will rely on paper ballots as they have for generations. In the very next primary on January 21, South Carolinians will vote with backlit touch-screen computers. In an age of electronic banking and online college degrees, why hasn’t the rest of the nation gone the way of the Palmetto State? The reason is simple and resonates with the contentious debate that has yet to be resolved after at least 15 years of wrangling over the issue of electronic voting. No one has yet figured out a straightforward method of ensuring that one of the most revered democratic institutions—in this case, electing a U.S. president—can be double checked for fraud, particularly when paperless e-voting systems are used.
One of the most common questions I get is “if I can bank online, why can’t I vote online”.
A recently released (but undated) document ”Supplement to Authentication in an Internet Banking Environment” from the Federal Financial Institutions Examination Counciladdresses some of the risks of online banking.