New Zealand: Online voting cost alarms councillors | Wanganui Chronicle

Wanganui district councillors have agreed to try and be among local authorities trialling online voting next year but not without expressing concerns about the cost involved. The Government wants to trial online voting as an option in the 2016 local body elections and councils wanting to be the guinea pigs have been asked to indicate their interest. Noeline Moosman, the Wanganui electoral officer, said the council had platforms in place to handle the online voting. And she said the district’s high voter turnout could be another plus.

United Kingdom: Online voting is convenient, but if the results aren’t verifiable it’s not worth the risk | The Conversation

In one of the most fiercely contested elections in years, the turnout of the 2015 British general election was still stubbornly low at 66.1% – only a single percentage point more than in 2010, and still around 10 points lower than the ranges common before the 1990s. There has been all manner of hand-wringing about how to improve voter engagement and turnout. Considering the huge range of things we now do online, why not voting too? A Lodestone political survey suggested that 60% of respondents said they would vote if they could do so online, and this rose to around 80% among those aged 18-35. As recently as this year, the speaker of the House of Commons called for a secure online voting system by 2020. But designing a secure way to vote online is hard. An electronic voting system has to be transparent enough that the declared outcome is fully verifiable, yet still protect the anonymity of the secret ballot in order to prevent the possibility of voter coercion.

National: An online voting lobbyist’s misleading testimony | McClatchy

Introducing himself as a former Oregon state elections official, online voting industry lobbyist Donald DeFord vouched authoritatively to a Washington state legislative panel in late January as to the merits of statewide internet voting. Oregon, he testified, ultimately came to the “same solution” offered by a bill before the Washington state House that would allow everybody to cast their election ballots by email or fax – an option that top cyber security experts warn would expose elections to hackers. “First in a special congressional election and then statewide, we made our accessible online ballot delivery and return system available to any voter who was not able to use a paper ballot,” DeFord, a regional sales director for San Diego-based Everyone Counts, told the committee. There was a big problem with that testimony. Oregon doesn’t allow voters to send in marked ballots electronically, except for troops and citizens living abroad who have been prevented from mailing their absentee ballots due to an emergency or other extenuating circumstances. DeFord now says he “misspoke.”

Editorials: Is online voting a security risk? | ESET

The world is moving online and so too now is politics. But as online, electronic voting (e-voting) increasingly becomes a reality, are we opening ourselves up to vote rigging by power-hungry politicians or fame-seeking hackers? Voting has traditionally been a pen and paper exercise; a slip filled-in and placed into a sealed ballot, with results counted and recorded by independent volunteers. Of course, this doesn’t mean that the result can’t be swayed, unintentionally or otherwise. There have been some notorious examples of foul play – Slobodan Milošević was accused of rigging elections in 1996 and 2000 in Yugoslavia – while errors can also occur, as best illustrated by the 2000 US presidential election, when a fault with Florida’s ballot paper led some people to vote for the wrong candidate. … These risks are only magnified when voting systems are pushed online. Brazil, Belgium and Estonia are just a few examples of the countries to have taken to e-voting, and while they have seen the benefits from the improved speed, accessibility and legibility (no more illegible ticks or crosses), they are arguably more open to attack.

Utah: Democrats can’t afford their own online presidential primary | The Salt Lake Tribune

Utah Democrats said Wednesday they cannot afford the $100,000 needed to run their own online presidential primary next year, and instead simply will allow people to cast ballots at party caucuses. Lauren Littlefield, party executive director, blamed Republican infighting for blocking state funding needed for a true presidential primary and said that is forcing the alternative move that likely will hurt voter participation. Utah Republican Party Chairman James Evans said Democrats “are creating fiction.” He said his party can afford and will offer online presidential primary voting, along with voting at caucuses, which he predicted will increase turnout. The controversy comes after the GOP-controlled Legislature failed to pass HB329 this year, which would have provided $3 million for a 2016 presidential primary for all parties. Without it, parties are forced to fund their own presidential-nomination efforts.

Editorials: As Utah’s GOP looks to an Internet presidential primary in 2016, be cautious, inclusive in adopting online voting | Richard Davis/Deseret News

The world of politics is changing dramatically. A few years ago, the notion of voting online was a dream. Now, it is becoming a reality. Universities are holding student elections online. Corporations are now using online voting to conduct shareholder meetings. In a few nations such as Canada, Estonia and Switzerland, online voting conducted by governments in official elections is becoming routine. Online voting is not common in the United States. The Reform Party selected its presidential candidate through online voting in 1996. The Democratic Party in Arizona held an online primary election in 2000. Some states have experimented with online voting for military personnel overseas. Those are rare exceptions. Why is online voting still a distant prospect? Security! Experiments of online voting systems have found them susceptible to hacking, which has made governments cautious about using them to determine electoral outcomes.

United Kingdom: Security concerns prevent UK adopting electronic voting for the General Election | Mirror

As the country readies itself to trek down to the polling stations on May 7, some voters are questioning why they can’t simply cast their vote online. After all, many of us handle our banking, tax returns and bill paying online, so why shouldn’t we be able to cast a vote over the internet as well? Parts of the process have already made the transition to a digital environment. In preparation for next month’s election, the Electoral Commission launched an online registration scheme allowing all of us to quickly and efficiently register to vote. And putting the service online meant that many more people used it. According to the Electoral Commission’s statistics, over one million applications were made on the site over the first three-and-a-half weeks. But registering to vote and actually putting the mark next to your party of choice are two different things.

United Kingdom: How feasible would it be to introduce online voting? | BBC

People can shop, date and bank online. How feasible would it be to allow internet voting at the general election? Imagine democracy had just been invented. Would the UK government decide to set up 50,000 polling stations on Thursday 7 May? Or would the vote be taking place online instead? Until the 1870s those people allowed to vote did so openly with no privacy. The 1872 Ballot Act changed this with the invention of the “modern” polling station – the church hall with its wooden booths, a pencil on string and piles of ballot papers handed out by earnest election workers. Since then the way we vote has hardly changed. Today people shop, find a partner and bank online. Surely voting online is possible? The government says not. In January, Sam Gyimah, the constitution minister, told the House of Commons: “I feel [that] moving to electronic voting would be a huge task for any government. We can’t be under any illusion that this would be easy to achieve.” Remote voting was “incredibly rare” around the world and would require a “very robust and secure” system, Gyimah said.

National: As states warm to online voting, experts warn of trouble ahead | McClatchy DC

A Pentagon official sat before a committee of the Washington State Legislature in January and declared that the U.S. military supported a bill that would allow voters in the state to cast election ballots via email or fax without having to certify their identities. Military liaison Mark San Souci’s brief testimony was stunning because it directly contradicted the Pentagon’s previously stated position on online voting: It’s against it. Along with Congress, the Defense Department has heeded warnings over the past decade from cybersecurity experts that no Internet voting system can effectively block hackers from tampering with election results. And email and fax transmissions are the most vulnerable of all, according to experts, including officials at the National Institute of Standards and Technology, which is part of the Commerce Department. San Souci declined to comment. A Pentagon spokesman, Lt. Cmdr. Nathan Christensen, said the Defense Department “does not advocate for the electronic transmission of any voted ballot, whether it be by fax, email or via the Internet.”

Australia: Votes gone walkabout after Australian election voting flaw | SC Magazine UK

As many as 66,000 votes in the New South Wales state election 2015 could have been tampered with. The election was held on  28 March 2015 and is now closed. Voters used the iVote system which is described by its makers as “private, secure and verifiable” in its operation. Further, the Australian Electoral Commission insists that all Internet votes are and were “fully encrypted and safeguarded” at this time. The iVote system is a form of voting where eligible voters can vote over the Internet or telephone as an alternative to voting at a physical polling station. Security is provided using an 8-digit iVote number, a 6-digit PIN and a 12-digit receipt number for each individual. Australia is arguably a perfect test case for electronic voting with its vast distances that prevent some voters from getting to a polling location. A system like this also benefits the disabled and other less mobile voters. However, the system has been derided by non-profit digital rights group the Electronic Frontier Foundation (EFF), “The problem is that the system was not ready to be one of the biggest online voting experiments in the world.” EFF’s Farbod Faraji says that a FREAK flaw has been discovered in the Australian system by Michigan Computer Science Professor J Alex Halderman and University of Melbourne Research Fellow Vanessa Teague.

Florida: Online Voter Registration Bill Goes Before Florida House | WUWF

The Florida House is expected to take up a voter registration bill, which has the blessing of Florida’s 67 County Supervisors of Elections. Online registration is already in 20 states, with another four getting ready to implement it. Under the bill, HB 7143, the state Division of Elections would be required to develop a secure website that could be used to register first-time voters and update existing voter registrations. A companion bill in the Senate is sponsored by Democrat Jeff Clemens from Lake Worth. “It works, and not only is it more secure, but it saves us money, and I think that’s a big thing when we’re talking about having to spend money on voting machines and trying to make our process better,” said Clemens.

Spain: Election site in security cert warning screwup snafu | The Register

Website crypto problems on the Spanish online voting registration website are causing it to generate all manner of security warnings. Attempts to visit the sede.ine.gob.es site – run by Spain’s National Statistics Institute and introduced this year for municipal/regional elections – typically lead to users being confronted with a security warning. However, the warnings vary depending on the operating system and browser a surfer is using. Such website problems are sadly common, but the flaws in the Spanish voter registration website are more than normally important, since the site requests that users upload personal information, including copies of passports, ID cards and marriage certificates. El Reg learnt of the problem from reader Kulvinder Singh, who blogged about the topic.

National: Technology aims to improve the voting experience | The Washington Post

In an age where people can transfer money using their mobile device, it’s not hard to envision a future where citizens wake up on Election Day, pull out their phones and choose the next leader of the Free World on the way to work. Last week, a federal election agency took a small step toward that futuristic vision. … The updated guidelines will allow manufacturers to test machines against modern security and disability standards and get them certified for use by states ahead of the 2016 presidential election. … When it comes to Internet-based voting systems, many experts argue there’s no clear solution to address the issues of security and verifiability. A securely designed online system also needs to be easy to use, and so far that goal has eluded researchers, said Poorvi Vora, an associate professor of computer science at George Washington University who has researched Internet voting systems. Vora is part of a group of academics, computer scientists, election officials and activists working on a project led by the Overseas Vote Foundation, an Arlington, Va.-based nonprofit, to answer one question: Is it possible to design a system that lets people vote remotely in a secure, accessible, anonymous, convenient and verifiable manner? The answer so far is no, but the group says it is close to a possible solution and will present its design to the election research community and federal agencies this summer. As with health records or financial data, online security remains an obstacle.

Australia: New South Wales Attacks Researchers Who Found Internet Voting Vulnerabilities | Electronic Frontier Foundation

A security flaw in New South Wales’ Internet voting system may have left as many as 66,000 votes vulnerable to interception and manipulation in a recent election, according to security researchers. Despite repeated assurances from the Electoral Commission that all Internet votes are “fully encrypted and safeguarded,” six days into online voting, Michigan Computer Science Professor J. Alex Halderman and University of Melbourne Research Fellow Vanessa Teague discovered a FREAK flaw that could allow an attacker to intercept votes and inject their own code to change those votes, all without leaving any trace of the manipulation. (FREAK stands for Factoring RSA Export Keys and refers to the exploitation of a weakness in the SSL/TLS protocol that allows attackers to force browsers to use weak encryption keys.) But instead of taking the researchers’ message to heart, officials instead attacked the messengers.

Illinois: Chicago mayor’s race: Why you aren’t voting from a smartphone | Chicago Tribune

As Chicagoans trek to the polls Tuesday for the city’s first-ever mayoral runoff election, some may wonder why they can’t yet vote from the palms of their hands. “For me the biggest benefit of online voting would be convenience,” said K.C. Horne, a 26-year-old accountant from Edgewater. “If I can file my taxes from my phone, I should be able to vote from my phone.” But so far, both technological and legislative hurdles have sharply limited the use of online voting. One major difference: The need to keep the user’s identity secret makes filing ballots different from other secure online transactions. “It’s an unconventional transaction where you have to be able to do business with me, but I can’t know exactly what you’re buying,” said Chicago Board of Election Commissioners spokesman Jim Allen.

United Kingdom: E-voting is increasingly on the cards, but reformers remain sceptical | Computer Business Review

As the short campaign of the this year’s general election begins apace, technologists and electoral reformers are wondering whether this will be the last time the country goes to the polls without access to some form of online voting. Back in January the House of Commons speaker John Bercow again raised the possibility that the next election, expected in 2020 now that parliament has a five-year fixed term, could be the first in which citizens can vote online. Experiments in other countries have led some to question the wisdom of such a move. Having worked as an election official in the 2008 US presidential election, Paco Hope, principal consultant at software security firm Cigital, warns that fraud could rise if the technology is implemented. “I’m not sure that you can secure it,” he says, arguing that the voting process could be hijacked by hackers. “We can’t make websites that are resistant to the type of attacks that target an election.”

Australia: NSW state election 2015: Legal challenge looms over upper house iVote error | Sydney Morning Herald

A micro-party that is gunning for the final spot in the NSW upper house is likely to mount a legal challenge if it loses, potentially sending voters back to the ballot box. The Animal Justice Party is battling it out with the No Land Tax Party, and the three major parties, for the last of 21 upper house seats being contested at Saturday’s election. However an early hiccup with the state’s electronic voting system, iVote, saw AJP and another party left off the “above the line” section of the ballot paper. About 19,000 votes were cast before iVote was suspended and the problem, which was due to human error, was fixed.

United Kingdom: Why electronic voting isn’t secure – but may be safe enough | The Guardian

We do everything online – book doctors’ appointments, manage our bank accounts and find dates – but we still can’t yet vote from our PCs or smartphones. By 2020 that should be set to change, with a government report calling for online voting to be trialled again by that year. But critics continue to call for caution, saying electronic voting isn’t secure enough to trust for the basis of our democracy – and may never be. The UK has run trials for local elections before – in 2002, 2003 and 2007 – and Estonia famously became the first to offer online voting for its general election for parliament in 2007. However, Meg Hillier, Labour MP and member of the digital commission that wrote the 2020 report, admitted that the team was “not set up to investigate in detail the issues of security and the mechanisms for delivering that,” hoping that the Electoral Commission “and others will take that on”. …  Despite spending years developing GNU.FREE, an open-source online voting system, Jason Kitcat – leader of Brighton and Hove City Council – isn’t a fan of e-voting (nor is his party). “Through working on this I came to the conclusion, now shared by most computer scientists, that e-voting cannot be delivered securely and reliably with current technology. So I stopped developing the system but continued to campaign on and research the issues,” he said. That includes observing e-voting and e-counting systems used in the UK and Estonia. His reports don’t make for encouraging reading.

Australia: There’s a huge design flaw in the NSW online voting system which Labor wouldn’t be happy about | Business Insider

New South Wales goes to the polls today and despite incumbent Liberal Premier Mike Baird being the clear favourite there’s a huge design flaw on the online voting platform which could cost the Labor government votes. It’s all got to do with the user experience of the NSW Electoral Commission’s online iVote system which is clunky to start with. After registering to use the platform and figuring out how to commence the voting process the ballot paper for the lower house appears on the screen, all candidates can be viewed, you can scroll up and down, fine. The problem becomes apparent when voting above or below the line. Even when the paper is enlarged on a 24 inch monitor, it doesn’t render to fit so this is what voters see. However, to the right of that are all the other options (including the Labor party). And while there are big red arrows at the top, that’s not where a user usually focusses their attention, a user experience designer, who wished to not be named, told Business Insider.

Editorials: Online voting still faces security issues | Mark Pomerleau/GCN

For those interested in expanding voting access by allowing voters to cast their ballots over the Internet, one government expert/activist has bad news – the security and privacy risks associated with Internet voting won’t be resolved anytime soon. David Jefferson, computer scientist in the Lawrence Livermore’s Center for Applied Scientific Computing, has studied electronic voting and security for more than 15 years. He believes “security, privacy, reliability, availability and authentication requirements for Internet voting are very different from, and far more demanding than, those required for e-commerce.” In short, voting is more susceptible to attacks, manipulation and vulnerabilities. Some champions of Internet balloting believe the safeguards that protect online shoppers from hackers can also protect the sensitive information and meet the legal regulations associated with voting online. Advocates further believe that Internet voting will increase turnout, cut costs and improve accuracy. Jefferson refuted these claims by asserting that there currently is no strong authentication or verification solution for online shopping. Also, while proxy shopping is a common occurrence and is not against the law, proxy voting is not allowed.

Colorado: Imbroglio embroils election bill | The Colorado Statesman

The Legislature could be on the verge of approving sweeping changes to the way most municipalities conduct elections in the state, but not until a lawmaker intends to introduce last-minute changes before the final Senate vote on the legislation. As it’s written, the bill, HB 1130, would allow military and overseas voters in Colorado municipal elections the same opportunity to return ballots using so-called electronic transmission — via fax machines and email — as the same voters have been able to do for years in county, state and federal elections, among other changes to municipal elections law. But a flurry of protests that have reached a fever pitch this week claim that the bill’s language would open the door to all manner of online voting, including posting ballots to Twitter or texting votes to election clerks. What’s more, the bill’s critics charge, clerks in small towns aren’t equipped to verify emailed ballots, which they contend can easily be hacked, spoofed or diverted.

New Zealand: Online voting is not the answer | Brian Rudman/New Zealand Herald

Mayor Len Brown wants the Government to rethink its ban on Auckland taking part in the online voting trial at the 2016 local body elections. Auckland has been excluded at this stage because, with 1,050,000 electors, the bureaucrats are worried about their ability “to mitigate any risk”. Auckland Council sees online voting as part of its campaign to lift voter turnout to “at least” the 2013 national average of around 40 per cent at next year’s poll. In 2013, only 34 per cent of enrolled Auckland voters bothered. … In the aftermath of the 2013 low turnout, Local Government Minister Chris Tremain announced plans to fast-track trials of online voting. Last December, the Cabinet agreed to a limited number of local authorities trialling it in 2016. But not Auckland. Their fears about risk seem well placed.

Utah: GOP, Dems plan online Presidential Primary in 2016 | Fox13

Utah’s two major parties are poised to try something that could set an example for the rest of the country. One of them chose to do it, the other would rather focus on other things. Utah Democrats wanted Utah Legislators to pay $3 million to hold a statewide presidential primary during the 2016 election. Utah’s June primary for other races is too late for ballots to count in a party nomination.

Australia: NSW iVote security flaw may have affected thousands of votes: Researchers | Computerworld

Thousands of NSW state election votes submitted to iVote may have been affected by a server vulnerability according to two security researchers who discovered the issue. University of Melbourne Department of Computing and Information Systems research fellow, Vanessa Teague, and Michigan Centre for Computer Security and Society director ,J.Alex Halderman, posted a blog with their findings on March 22. “The iVote voting website, cvs.ivote.nsw.gov.au, is served over HTTPS. While this server appears to use a safe SSL configuration, the site included additional JavaScript from an external server,” wrote the researchers.

United Kingdom: Security bug in Australia’s online voting system throws doubt on Britain’s digital election goal | Information Age

Britain’s hopes of enabling online voting in general elections by 2020 have faced a dose of reality after a security vulnerability in an Australian system was exposed. The iVote system was introduced for the New South Wales (NSW) State Election in 2011 for voters who are more than 20 kilometres from a polling station, and has also been used in subsequent state by-elections. But its use in NSW’s state election this month has faced intense scrutiny after researchers discovered a major security hole that could allow a hacker to read and manipulate votes. With 66,000 online votes already cast by the time Vanessa Teague and J. Alex Halderman, of the University of Melbourne and University of Michigan respectively, disclosed their revelation, the legitimacy of the entire election has been called into doubt.

Utah: Democrats Planning Online Presidential Primary in 2016 | Utah Policy

When lawmakers failed to pass HB 329, it basically left Utah’s Democrats, and other parties, up the creek without a paddle for their 2016 presidential primary. Right now, Utah’s presidential primary is scheduled for the same date as the primary election in June of 2016. That date is too late for both the Republicans and Democrats as it puts Utah’s election too close to the national conventions. That’s a problem because it makes Utah “out of compliance,” meaning the parties could suffer penalties from the national parties, possibly losing delegates. HB329, sponsored by Rep. Jon Cox, R-Ephriam, allocated $3 million to move the primary from June to March. That didn’t happen, so Utah’s primary stays on the June date. The Utah Republicans already have a work around. Party Chair James Evans is pushing to switch to a caucus instead of a primary. He’s aiming to increase participation in their caucus meetings. He also is reportedly planning to charge candidates somewhere in the neighborhood of $50,000 each to participate.

Australia: International experts warn of the risks of Australian online voting tools | Sydney Morning Herald

Australia and other countries are a decade or longer away from safe methods of online voting in state and national elections and current tools pose a serious risk to democratic processes, people at a public lecture heard on Monday night. University of Michigan researcher J Alex Halderman and University of Melbourne research fellow Vanessa Teague said online voting in Saturday’s New South Wales election could have been seriously compromised through security weaknesses in the iVote system, being used in the upper house. The pair, in a a public lecture at the Australian National University, said that internet voting continued to raise some of the most difficult challenges in computer security and could not be considered completely safe. They reported faults in the NSW system to electoral authorities last week, ahead of as many as 250,000 voters using online systems to participate in the ballot.

Australia: NSW Electoral Commission downplays iVote flaw | CNET

The NSW Electoral Commission has responded to reports of a flaw in its iVote online voting portal, saying that although the risk of its website being compromised was low, it has taken action to fix the flaw. The Commission has also raised questions about the authors of the findings, noting that the two academics behind the research are also board members for a group that lobbies against online and electronic voting in the United States. According to the Chief Information Officer and Director of IT for the NSW Electoral Commission, Ian Brightwell, the flaw discovered in the iVote system required three or four preconditions in order to be exploited. While Brightwell said a hack was “unlikely,” he said the Commission moved swiftly to respond to the problem.

Australia: Online voting system may have FREAK bug | The Register

Next weekend, voters in the Australian State of New South Wales go to the polls to elect a new government. Some have already cast their votes online, with a system that may be running the FREAK bug. So say Vanessa Teague and J. Alex Halderman, respectively a research fellow in the Department of Computing and Information Systems at at the University of Melbourne and an assistant professor of computer science and engineering at the University of Michigan and director of Michigan’s Center for Computer Security and Society. The system in question is called iVote system and was launched in 2011 to assist voters who live 20 kilometres or more from a polling station, or those will be overseas or interstate on election day. But Teague and Halderman say their proof-of-concept probe on a “practice” system showed it is possible to “… intercepts and manipulate votes … though the same attack would also have succeeded against the real voting server,” the pair wrote in analysis.

Australia: NSW Electoral Commission scrambles to patch iVote flaw | ZDNet

The analytics service used by the New South Wales electronic voting system, iVote, left voters vulnerable to having their ballots changed, according to security researchers. The iVote system was originally implemented ahead of the 2011 state election for vision-impaired voters and those living in rural areas who have difficulty reaching polling places, but the government is expanding the use of the iVote system as part of the election on March 28, and has taken approximately 66,000 votes since early polling opened last week. Researchers Vanessa Teague from the Department of Computing and Information Systems at the University of Melbourne, and J Alex Halderman from the University of Michigan Centre for Computer Security, found that while the voting website uses a safe SSL configuration, it includes JavaScript from an external server that is used to track site visitors. This, they said, would leave the iVote site open to a range of attacks, including FREAK.