National: Overseas voting in 24 states vulnerable to hackers | Fox News

Few could forget the weekslong hubbub over vote-counting in Florida in 2000 that led to a recount, a Supreme Court ruling and a national debate about the veracity of the system by which voters cast their ballots. But 12 years later, the voting system is still far from fail-proof, according to a state-by-state report released Wednesday. Almost half of states use voting systems for overseas and military voters that could be susceptible to hackers, says the report by Rutgers Law School and two good-governance groups: Common Cause Education Fund and the Verified Voting Foundation. Dozens of states lack proper contingency plans, audit procedures or voting machines that produce backup paper records in case something goes wrong. Colorado, Delaware, Kansas, Louisiana, Mississippi and South Carolina are least prepared to catch problems and protect voter enfranchisement, the study showed. Minnesota, New Hampshire, Ohio, Vermont and Wisconsin are in the best shape.

Georgia: Kemp says lawmakers will have to consider ending runoff elections in Georgia | AJC

State lawmakers will have to consider getting rid of runoff elections in Georgia next year – at least those involving federal candidates in general elections – because of a recent ruling by a U.S. district judge requiring 45 days for ballots cast by members of the U.S. military to make their way home, Secretary of State Brian Kemp on Monday. Ballot requirements insisted on by the U.S. Justice Department and upheld by the court last week all but invalidate a current state law requiring that winners in all general elections receive 50 percent plus one vote, Kemp said – given that federal runoffs in those contests would have to be delayed until late December. “We’d be voting during Christmas. There may be people getting certified while other people are getting sworn in. It’s really a logistical nightmare,” Kemp said.

Bulgaria: Opposition criticises online voting | FOCUS

The Bulgarian Socialist Party (BSP) thinks that the electronic voting hides too many risks, said Mladen Chervenyakov, Chairperson of the BSP National Council, speaking at a press conference on Monday, organised to present socialists’ ideas for amendments to the Elections Code, FOCUS News Agency reporter informs. In Chervenyakov’s words, the Bulgarians are good hackers, adding that there were too high concerns that the online voting could be manipulated.

South Korea: Divided progressive party’s online leadership election marred by server error | Korea Times

The ongoing leadership election of the Unified Progressive Party (UPP) has been suspended due to errors in its server for online voting, party officials said Wednesday, amplifying uncertainties for the left-wing party beleaguered by an escalating factional conflict over alleged primary rigging earlier this year. The minor party with 13 seats in the 300-member National Assembly is set to elect its new leadership this week after a faction of alleged pro-North Korean forces lost power after it was found to be involved in the rigging of the party’s proportional representative primary for the April general election. … According to party officials, the server for online voting stopped at around midnight due to unidentified causes, resulting in a loss of the data collected since Monday. “Due to server problems, part of the voting results are missing and it is hard to restore them,” said an official of the party’s reformist emergency committee.

National: E- Voting: Trust but Verify | Scientific American

With the Presidential elections looming up, some have been asking why the United States is not making more of electronic voting. It’s being adopted in many other countries around the world, with India, Brazil, Estonia, Norway and Switzerland as notable examples.   However, the United States has several examples in recent years where it has backed out of electronic voting that it had already implemented. For example, in 2010, a trial system for remote voting over the Internet in Washington DC (known as the “Digital vote by mail”) was shown to be vulnerable, when it was penetrated by a research team from the University of Michigan, demonstrating how a real attack could render any results unsound, without detection. The attack was documented in a recent paper by researchers from the University of Michigan. So who is right?

Canada: Nova Scotia town approves online voting bylaw | The Vanguard

The Municipality of Argyle has voted to approve a bylaw that paves the way for electronic and telephone voting in this October’s municipal elections. The municipality held a public hearing on the bylaw prior to its June 12 meeting, although the hearing didn’t attract any members of the public. In the upcoming fall vote there will be no paper ballots in the Municipality of Argyle, but there will still be some polling stations. The Town of Yarmouth, which is also going strictly with electronic (computer) and telephone voting, also won’t have paper ballots in this fall’s vote. The town will have one polling station set up at the town hall with computers and telephones, and at which people can get assistance, if required, to vote.

Canada: Cities pondering move to online voting | Edmonton Journal

Edmonton, St. Albert and Strathcona County want to push ahead with Alberta’s first test of Internet voting during next year’s civic election. The three communities are interested in allowing people who can’t reach a regular polling booth to vote online instead of mailing in their ballots, according to a report released Thursday. The move requires a change to the provincial Local Authorities Election Act, and though Alberta Municipal Affairs is interested, it needs letters of support from councillors before it will act.

France: French E-voting portal requires insecure Java plugin | ZDNet

Imagine you’re an ordinary citizen who wants to vote online. As an IT security conscious user knowing that in 2012 the majority of vulnerabilities are found in third-party applications compared to Microsoft’s products, you regularly check Mozilla’s Plugin Check service to ensure that you’re not using outdated browser plugins exposing you to client-side exploitation attacks served by web malware exploitation kits. What seems to be the problem? According to Benoit Jacob, the problem starts if you’re a French citizen wanting to vote online, as the country’s E-voting portal currently doesn’t support the latest version of Java. If that’s not enough, the portal recommends users to switch to an alternative browser since Firefox blocks older Java plugins for security reasons, or use the insecure Java version 1.6.0_32.

National: Flame: Massive, advanced cyber threat uncovered | GovInfo Security

Highly sophisticated malware being used to spy on several countries, mostly in the Middle East, that has been around for more than two years has been discovered by Kaspersky Lab, the research arm of the Russian security products company announced May 28. Detected by researchers as Worm.Win32.Flame – or more simply, Flame – it’s designed to carry out cyber espionage and steal valuable information, including, but not limited to, computer display contents, information about targeted systems, stored files, contact data and audio conversations, Kaspersky Lab says.Kaspersky Lab’s chief security expert, Alex Gostev, characterizes Flame as a super-cyberweapon such as Stuxnet and Duqu, and in his blog contends it’s “one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage.”

National: Spanish company’s control of online voting in US is a disturbing trend | South Lake Press

Former Russian dictator Stalin said, “It’s not who votes that count, it’s who counts the votes.” Maybe President Obama knew something Americans didn’t know. In January, Congress allowed the largest vote-processing corporation in America, the Tampa-based software company SOE, to be bought by the Spanish online voting company SCYTL. This is a major step towards global centralization of all election processes. SCYTL, whose funding comes from international venture capital such as Balderton, is run by Goldman Sachs veterans Tim Bunting and Mark Evans. Based in Barcelona, Spain, it is rumored the CEO Pere Valles is a socialist who donated heavily to the 2008 Obama campaign. Valles lived in Chicago while Obama was a senator. SCYTL runs elections in numerous countries, such as England, France, Canada, Norway, Switzer-land, India, Australia, South Africa and the United Arab Emirates. In 2010, it was involved in modernizing election systems for the mid-term elections in 14 American states.

National: Internet voting still faces hurdles in US | The Economic Times

Shop online. Bank online. Why not vote online? Pressure is building to make Internet voting widely available in the United States and elsewhere, even though technical experts say casting ballots online is far from secure. In the 2012 US elections, more than two dozen states will accept some form of electronic or faxed ballots, mostly from military or overseas voters, according to the Verified Voting Foundation. But there is a growing expectation that online voting will expand further. “The number one question I’m asked is when we will get to vote on the Internet,” Matt Masterson, Ohio’s deputy election administrator, told a Washington forum this month. “When you are doing everything else on the Internet and your comfort level is high, people expect to do that… You can adopt a child online, you can buy a house online without ever seeing it.” But computer security specialists say any system can be hacked or manipulated, and that unlike shopping and banking, the problem cannot be fixed by giving the customer a refund.

National: NIST: Internet voting not yet feasible | FierceGovernmentIT

Internet voting is not yet feasible, researchers from the National Institute of Standards and Technology have concluded. “Malware on voters’ personal computers poses a serious threat that could compromise the secrecy or integrity of voters’ ballots,” said Belinda Collins, senior advisor for voting standards within NIST’s information technology laboratory, in an May 18 statement. “And, the United States currently lacks an infrastructure for secure electronic voter authentication,” she added. Collins released the statement in response to an inquiry from Common Cause, a Washington, D.C. nonprofit active in campaign finance and election reform.

National: Americans Elect Ends Online Primary After No Candidates Qualify To Run | ABC News

Americans Elect, the group that aimed to nominate a third presidential candidate through an online primary, ended its nomination process today after no prospective candidates met their minimum requirements. To run in its online primary a candidate had to get 10,000 “clicks” of support (1,000 in at least 10 states). Buddy Roemer was the closest to reaching that goal, but he got less than 6,300 “supporters. As of this week, no candidate achieved the national support threshold required to enter the Americans Elect Online Convention in June,” the group said in a statement. “The primary process for the Americans Elect nomination has come to an end.”

Editorials: Americans Elect meets reality: third-party effort may be viable — just not now | Doyle McManus/latimes.com

What happens if you start a political party and nobody comes? Six months ago, a newfangled third party burst onto the scene, full of hope and promise. It was called Americans Elect, and it sought to give voters a choice many said they were looking for: “centrist” candidates who could break the partisan gridlock paralyzing Washington. In its founders’ heads danced visions of middle-of-the-road candidates who could transform American politics: Hillary Rodham Clinton, Colin Powell, Michael Bloomberg, Jon Huntsman Jr. Wealthy donors invested millions in a fancy website for an Internet primary, signed up 420,000 would-be “delegates” and got on the ballot in 29 states. Newspaper columnists, including me, pondered what effect it might have on the election. Then the grand idea collided with reality.

Editorials: With Failures Rapidly Mounting, What Is Americans Elect’s End-Game? | AE Transparency

Having now been forced to cancel two primary ballots in a row due to the American electorate’sutter failure to respond to its spiel, Americans Elect may now be judged by any rational observer of the political scene to be an abject failure, and dead in the water. So what happens now? When Americans Elect’s predecessor, Unity08, failed similarly in 2008 (albeit much earlier in its existence, before a single ‘vote’ had been cast), that organization simply silently evaporated. That was really the only option available to Unity08’s leadership, because it was a worthless property: it was merely a thin web site, with no money behind it, and its founders had scattered to the four winds (many to their next failure, a ‘Draft Bloomberg’ initiative). So its operators simply abandoned it. Like a rusty old Buick up on cinder blocks in a weed-choked vacant lot, its twisted carcass had no significant scrap value.

Canada: Online voting system mulled in Alberta | Sherwood Park News

Strathcona County council gave its thumbs up at a meeting on April 24 to a partnership with the City of Edmonton and the City of St. Albert to establish an internet voting pilot project for the 2013 municipal election. Jacqueline Roblin, manager of Strathcona County Legislative and Legal Services (LLS), stated in her presentation to council that the pilot would be applied to solely the special ballot process for those people who will be absent from the jurisdiction during the 2013 election. She noted that administration wants to add an amendment allowing for any voter to vote through this process. “We’re taking it in a very small portion of our election so that we can test out our systems and that will gradually start to build voter confidence in the process,” Roblin said.

Switzerland: New study critical of e-voting systems being tested in Switzerland | swissinfo

Swiss e-voting systems lack transparency and are vulnerable to attack by malevolent software, a study has found. The authorities are looking for solutions but officials point out that there is no such thing as absolute security, even with the traditional ballot paper vote. With the systems used so far in electronic voting trials “citizens cannot verify if their vote has been registered and counted correctly. They are obliged to trust the administration and authorities completely,” Eric Dubuis, information technology professor at the Bern University of Applied Sciences, told swissinfo.ch. Under the mandate of the Federal Chancellery, Dubuis co-authored a study on verifiable e-voting systems – systems that allow the voter to trace all the steps of his or her vote and to check that there has been no manipulation and that the vote has been duly counted.

Canada: Elections Canada may roll out Internet voting in 2015 in spite of security concerns | CottageCountryNow

While Huntsville council tackles election topics such as ward boundaries, some residents believe the issue of electronic voting should be the primary concern. Grant Hallman, a retired resident who spent a career in software development, has said council’s decision to discuss in 2013 whether electronic voting or traditional paper ballots will be used in the 2014 municipal election will not give the municipality enough time for thorough debate. Hallman said it will likely not give the municipality enough time to switch back to paper ballots if council decides it does not want to use the telephone and Internet voting method used in the previous municipal election. There are several concerns Hallman and others have with the electronic voting method.

National: Why Online Voting Isn’t So Safe – FBI investigating student who hacked college election | Mobiledia

A California student tried to win a college government election by hacking into classmates’ accounts, which may lead to federal charges and increased privacy for not only colleges, but national and state elections as well. Matt Weaver, a junior, ran for student government president at California State San Marcos, located near San Diego, when school officials said he hacked into a computer and stole 700 voters’ passwords and identifications to alter the polling results. School police detained and released Weaver, but have yet charge him for the accusations, which include unlawful access to a computer, election fraud and identity theft. The FBI, which usually isn’t interested in the college student government results, is investigating Weaver’s hacking skills. School officials said they caught Weaver working on a school computer, and in possession of a device, used to steal passwords. … Federal authorities are also examining Weaver’s activities to decide if such hacking may interfere with state or national elections.

Estonia: Parliament Seeks to Make Internet Voting More Transparent | ERR

Parliament is looking to amend the electronic voting procedure in such a way as to make it possible for voters to check whether their votes have been registered correctly. Starting from 2005, e-voting has been used in five elections in Estonia. In order to make the system more reliable and trustworthy, legislators are now looking for a way to make it possible for voters to check whether their votes have been registered correctly. This solution was proposed in response to the concerns that arose during the last elections regarding the possibility of voters’ computers being tampered with, reported ETV. “In the case of a virus that blocks voting, a person may think that he has voted, when in fact the vote has not reached the system. This is why we came up with the idea of giving voters an opportunity to check their votes,” said Reform Party MP and member of Parliament’s Constitutional Committee Andrei Korobeinik. According to him, the voter’s computer is the weakest link in the chain and vote checking is one of the most complicated issues being tackled at the moment. “The initial idea is that the voter will be shown an image that he can photograph off the screen using his mobile phone, and then the system will tell him whether his vote has been registered correctly or not,” he explained.

Editorials: Digging deeper into the 2012 Scytl vote count controversy | Examiner.com

The news story being circulated around the alternative media concerning the Spanish company SCYTL and its contracts with 900 U.S. voter jurisdictions is a complicated one. And it is one that has tended to lend itself to broad generalizations and, in some cases, misinformation. Digging deeper into the vote tabulation controversy should help separate fact from fiction.  First, it is important to consider what has been discovered to be either fiction or at the very least unconfirmed speculation. Rumors, innuendo, and opinions that cannot be verified by the paper trail cannot be considered fact, although there may be some kernel of truth within them. A perfect example is the oft repeated claim that George Soros owns SCYTL. There is no evidence that the Leftwing billionaire has any financial stake in the company. SCYTL is funded by three sources, venture capital corporations that specialize in investing in privately owned companies. Those three sources are Balderton Capital, Nauta Capital, and Spinnaker SCR. SCYTL’s board of directors and information concerning its founder can be found at the corporate website. Information on the company’s management team can be found here. However, all attempts to discover who exactly owns SCYTL have come up empty. The company is listed in all official profiles as a “privately owned corporation,” but no information is given as to the identities of the private owners.

National: Internet Voting Is Years Away, And Maybe Always Will Be | TechPinions

In today’s New York Times Magazine, political writer Matt Bai grumbles in a short piece about his inability to vote online in an era where nearly everything else can be done over the Internet. “The best argument against Internet voting,” he writes, “is that it stacks the system against old and poor people who can’t afford or use computers, but the same could be said about cars.” That, he argues, is a problem that could easily be solved by the electronic equivalent of giving people rides to a polling place. If only it were so simple. Voting, alas, has unique characteristics that make internet implementations all but impossible given current technology. The big problem is that we make two demands of it that cannot be met simultaneously. We want voting to be very, very secure. And we want it to be very, very anonymous.

National: DHS official says online voting invites cybersecurity risks | CNET News

As the 2012 presidential election revs up, 33 states now permit some form of Internet ballot casting. However, a senior cybersecurity adviser at the U.S. Department of Homeland Security warned today that online voting programs make the country’s election process vulnerable to cyberattacks. “It is premature to deploy Internet voting in real elections at this time,” DHS cybersecurity adviser Bruce McConnell said at a meeting of the Election Verification Network, which is a group that works to ensure every vote is counted. He explained that all voting systems are susceptible to attacks and bringing in Internet voting invites added risk. Right now, 33 states allow completed ballots to be sent via the Web, typically through e-mail and efax. The main voting contingent that uses this cyber-feature are people in the military and those living overseas.

Editorials: There’s no democratic quick fix | Ottawa Citizen

As Canadians focus on cases of possible election fraud with the unfolding “robocalls” scandal, some people have suggested that Internet voting might be one way of stopping unscrupulous political activists from sending voters to non-existent polling stations. In fact, Internet voting is likely to increase, rather than decrease, electoral fraud. Since online voting requires passwords, there would be nothing to stop eligible voters from giving or selling their passwords to others. A few charismatic members of a community organization, or of a partisan political association, or of a family might then be able to control the votes of numerous citizens.

Canada: Internet voting carries risk as show by NDP experience | thestar.com

The recent New Democratic Party convention in Toronto may have done more than just select Thomas Mulcair as the party’s new leader. It may have also buried the prospect of online voting in Canada for the foreseeable future. While Internet-based voting supporters have consistently maintained that the technology is safe and secure, the NDP’s experience — in which a denial of service attack resulted in long delays and inaccessible websites — demonstrates that turning to Internet voting in an election involving millions of voters would be irresponsible and risky. As voter turnout has steadily declined in recent years, Elections Canada has focused on increasing participation by studying Internet-based voting alternatives. The appeal of online voting is obvious. Canadians bank online, take education courses online, watch movies online, share their life experiences through social networks online, and access government information and services online. Given the integral role the Internet plays in our daily lives, why not vote online as well? The NDP experience provides a compelling answer.

National: Online Voting ‘Premature’ Warns Government Cybersecurity Expert | WBUR

Warnings about the dangers of Internet voting have been growing as the 2012 election nears, and an especially noteworthy one came Thursday from a top cybersecurity official at the U.S. Department of Homeland Security. Bruce McConnell told a group of election officials, academics and advocacy groups meeting in Santa Fe, N.M., that he believes, “it’s premature to deploy Internet voting in real elections at this time.” McConnell said voting systems are vulnerable and, “when you connect them to the Internet that vulnerability increases.” He called security around Internet voting “immature and under-resourced.” McConnell’s comments echo those of a number of computer scientists who say there’s no way to protect votes cast over the Internet from outside manipulation. But right now a growing number of states are allowing overseas and military voters to return their marked ballots by digital fax or email, which experts say raises the same threat. It’s part of a recent push to make voting easier for millions of Americans overseas, who often are prevented from voting because of slow ballot delivery and missed deadlines.

Canada: NDP internet vote disruption worries experts | The Chronicle Herald

Although many people are attached at the hip to their laptops, few are conversant in software coding and even fewer are familiar with heavy encryption. Combine computers with the intricacies of elections, and that leaves only a handful of specialists worldwide who can claim to understand online voting. Questions about e-voting were raised after the NDP leadership convention was disrupted by a cyber attack. Not all of them have been answered satisfactorily, say software experts, despite reassurances from Scytl, the software company that handled the NDP election process, and from Halifax Regional Municipality, which has committed to use the company’s services in October’s municipal election. “Multibillion-dollar (software developers) like Windows, you know, Microsoft . . . can’t have their software bug-free. So I don’t think Scytl is able to do that,” said Daniel Sokolov, a Halifax information technology expert. Sokolov has examined several European elections that used e-voting and found at least three with troubling results.

Voting Blogs: “Nobody Goes There Anymore, It’s Too Crowded”: Election Officials’ Responsibility for Handling Denial of Service Attacks | Election Academy

Over the weekend, Canada’s New Democrats (NDP) conducted a vote for a new leader. The vote was conducted online so that registered party members could vote both in person at the NDP convention site and remotely from home computers or smartphones. Sometime during the second round of voting, the system slowed considerably, and eventually it became known that the system had likely been the target of a “denial of service” (DoS) attack aimed at clogging the the system and thus preventing (or at least discouraging) voters from casting ballots. The NDP, its vendor and consultants have identified two IP addresses that appear to have been the source of the attack and are investigating now. The results of that investigation are still forthcoming, but in the meantime I wanted to focus on a discussion I saw online yesterday about whether and how NDP and its vendor should have prepared for the possibility of a DoS attack.

Canada: More than 10,000 IP addresses used in attack on NDP vote | CTV Winnipeg

The company that ran the online voting system used to help choose the winner of the weekend’s NDP leadership race is now blaming several hours of delays on a “malicious, massive” attack on its voting system. In a news release, Barcelona-based Scytl said “well over 10,000 malevolent IP addresses” were used in a Distributed Denial of Service attack, which generated hundreds of thousands of false voting requests to the system. “We deeply regret the inconvenience to NDP voters caused by this malicious, massive, orchestrated attempt to thwart democracy,” Susan Crutchlow, general manager of Scytl Canada said in a statement. The attack effectively “jammed up the pipe” into the voting system, delaying voter access, the statement said. “This network of malevolent computers, commonly known as a ‘botnet,’ was located on computers around the world but mainly in Canada.”

Canada: Halifax Regional Municipality to review e-voting contract after cyber attack on NDP leadership election | Metro

The Halifax Regional Municipality will be reviewing a decision to award a Spanish e-voting company a contract for this October’s election. This in the wake of e-voting delays that plagued the federal NDP leadership convention in Toronto on Saturday. Scytl, the Spanish company that oversaw the convention’s e-voting, was awarded a contract in January to provide electronic voting for the upcoming HRM election. “With the events of the weekend … we certainly will be reviewing the situation with the company,” Mayor Peter Kelly said on Sunday. “(HRM will) determine whether or not this was an issue of just malfunction, or other factors as was indicated (by the NDP).”