When Hurricane Sandy hit in 2012, it threw New Jersey into an ad hoc experiment in online voting. … Had New Jersey’s experiment gone well, it would have been a major victory for advocates of online voting, who’ve long argued that the internet could be a valuable tool to protect the right to vote and increase dismal U.S. voting rates. It did not, however, go well at all: Email servers were overwhelmed, leaving voters unable to request or return their ballots. In an attempt to fix the situation, one elections official gave out his personal email address to voters to submit their ballot requests—and a security researcher discovered that his password recovery question was apparently his mother’s maiden name after looking at Hotmail’s password-reset form. The official says he was never hacked. … Security experts cried foul at the election, which saw an estimated 50,000 ballots cast electronically. They were concerned that voters’ personal data was potentially exposed, and were worried that there was an opportunity for ballots to go uncounted. “We don’t know how many of these votes were actually counted or shouldn’t have been counted versus lost, or how many people tried to use this system but were unable to get ballots,” Ed Felten, who was then the director of Princeton University’s Center for Information Technology Policy, told Al Jazeera in 2014. “We can’t measure it, but certainly there are indications of overflowing mailboxes, big backlogs and problems processing requests. So I don’t think you could conclude at all that this was a successful experiment.”
A push to allow Internet voting in elections is growing stronger along with advances in the underlying technology, but systems are not yet secure enough to use with relative certainty that the vote counts will be accurate, according to a new report. Still, while “no existing system guarantees voter privacy or the correct election outcomes,” election officials could take several steps to significantly improve the security and transparency of Internet voting systems, said the report, commissioned by the U.S. Vote Foundation, an organization that helps U.S. residents vote. Election officials considering Internet voting must embrace an end-to-end verifiable Internet voting system, or E2E-VIV, said the report, released Friday. An E2E-VIV would be difficult to build, but it would allow voters to check that the system recorded their votes correctly, to check that it included their votes in the final tally and to double-check the announced outcome of the election, the report said. An Internet voting system must be transparent, useable and secure, said the report, echoing some recommendations security groups have made about other electronic voting systems. “An Internet voting system must guarantee the integrity of election data and keep voters’ personal information safe,” the report said. “The system must resist large-scale coordinated attacks, both on its own infrastructure and on individual voters’ computers. It must also guarantee vote privacy and allow only eligible voters to vote.”
In an age where people can transfer money using their mobile device, it’s not hard to envision a future where citizens wake up on Election Day, pull out their phones and choose the next leader of the Free World on the way to work. Last week, a federal election agency took a small step toward that futuristic vision. … The updated guidelines will allow manufacturers to test machines against modern security and disability standards and get them certified for use by states ahead of the 2016 presidential election. … When it comes to Internet-based voting systems, many experts argue there’s no clear solution to address the issues of security and verifiability. A securely designed online system also needs to be easy to use, and so far that goal has eluded researchers, said Poorvi Vora, an associate professor of computer science at George Washington University who has researched Internet voting systems. Vora is part of a group of academics, computer scientists, election officials and activists working on a project led by the Overseas Vote Foundation, an Arlington, Va.-based nonprofit, to answer one question: Is it possible to design a system that lets people vote remotely in a secure, accessible, anonymous, convenient and verifiable manner? The answer so far is no, but the group says it is close to a possible solution and will present its design to the election research community and federal agencies this summer. As with health records or financial data, online security remains an obstacle.
Voter turnout in the U.S. during the last midterm election hit the lowest point since the 1940s. The number of Americans heading to the polls each election has been declining for the last fifty years and lawmakers have recently been pushing efforts to keep even more people away from the polls. People do not exercise their right to vote for various reasons, some of which are easier to solve than others. According to a U.S. … Voters can already use their smartphones in some cities to simplify daily tasks like tracking how long they have to wait for a bus or train. So why shouldn’t information about polling places be available online? Joe Kiniry, the principal investigator with computer science company Galois, said that while he was working in Denmark, he helped to build a system voters could use to figure out the length of lines at polling places. “Of course it’s doing that by watching people’s cell phones as they walk into the polling place and figuring out how long it took you to get to the front of the line, how long it took you to leave,” he said. “So in the adoption of this cheap, easy technology… we’ve now traded off the cost and efficiency of an election with the privacy of voters.”
Threats to the integrity of Internet voting have been a major factor in keeping the practice to a bare minimum in the United States. On the heels of the recent midterm elections, researchers at Galois, a computer science research and development firm in Portland, Ore., sent another reminder to decision makers and voters that things still aren’t where they should be. Researchers Daniel M. Zimmerman and Joseph R. Kiniry published a paper called “Modifying an Off-the-Shelf Wireless Router for PDF Ballot Tampering” that explains an attack against common home routers that would allow a hacker to intercept a PDF ballot and use another technique to modify a ballot before sending it along to an election authority. PDF ballots have been used in Internet voting trials in Alaska, and in New Jersey as an voting alternative for those displaced by Hurricane Sandy. The ballots are downloaded, filled out and emailed; the email is equivalent to putting a ballot into a ballot box. Election authorities then either print the ballots and count them by hand, or count them with an optical scanner. The Galois attack is by no means the only attack that threatens Internet voting; malware on a voter’s machine could redirect traffic or cause a denial of service condition at the election authority. But the attack described in the paper is certainly a much more quiet attack that the researchers say is undetectable, even in a forensics investigation.
Basic cyberattacks could tamper with electronically submitted ballots, leaving no trace behind, according to research from computer science firm Galois. On the heels of election watchdog groups criticizing Alaska’s use of ballots submitted online, Galois demonstrated that electronic ballots could be modified through simply hacking into home routers, which often have minimal security measures. “An off-the-shelf home Internet router can be easily modified to silently alter election ballots,” said the researchers, Daniel Zimmerman and Joseph Kiniry. A few states now allow voters to receive and return a ballot electronically. Election officials argue it is a way to increase voter participation, while technologists insist heightened turnout isn’t worth the high risk of fraud.
It only took a couple days and tweaks to about 50 lines of code for a pair of security researchers from Portland-based Galois to demonstrate how hackers could change an election if email voting were to move beyond the pilot phase. Researchers Joseph Kiniry and Dan Zimmerman were able to show how files could be intercepted between the voter and election office through a relatively easy hack of standard router software. The duo looked at routers that are commonly used by household Internet Service Providers. “We did experiments on how it could be deployed if we were a bad guy,” Kiniry said. “Unfortunately, the state of security on these devices on the Internet is so poor.” Plus, he noted detecting that something was wrong was difficult and would take security experts to figure out the router was not working properly.
Alaska: Hackers Could Decide Who Controls Congress Thanks to Alaska’s Terrible Internet Ballots | The Intercept
When Alaska voters go to the polls tomorrow to help decide whether the U.S. Senate will remain in Democratic control, thousands will do so electronically, using Alaska’s first-in-the-nation internet voting system. And according to the internet security experts, including the former top cybersecurity official for the Department of Homeland Security, that system is a security nightmare that threatens to put control of the U.S. Congress in the hands of foreign or domestic hackers. Any registered Alaska voter can obtain an electronic ballot, mark it on their computers using a web-based interface, save the ballot as a PDF, and return it to their county elections department through what the state calls “a dedicated secure data center behind a layer of redundant firewalls under constant physical and application monitoring to ensure the security of the system, voter privacy, and election integrity.” That sounds great, but even the state acknowledges in an online disclaimer that things could go awry, warning that “when returning the ballot through the secure online voting solution, your are voluntarily waving [sic] your right to a secret ballot and are assuming the risk that a faulty transmission may occur.”