Switzerland: Swiss Post set to relaunch its e-voting system, purchases Scytl | Sonia Fenazzi/SwissInfo

The controversial issue of e-voting is back: Swiss Post, which had halted the development of a project in July 2019, has bought a Spanish-owned system and plans to propose a platform ready for testing by 2021. The purchase was reported on May 17 by the SonntagsBlick newspaper, who wrote that the deal between Swiss Post and Spanish firm Scytl had been settled for an unspecified amount. The deal follows the bankruptcy of the Spanish company, with whom Swiss Post had been working on a system until flaws discovered last year sparked a political debate, which ended in the government dropping e-voting plans for the time being. Swiss Post spokesperson Oliver Flüeler confirmed to swissinfo.ch that last summer, despite the opposition, his company decided to continue developing a system on its own, and “after several months of negotiations” it secured the rights to the source code from Scytl. The aim is now to propose an e-vote system by 2021 that “takes into account various federal particularities” and “responds even better to the high and specific requirements of a Swiss electronic voting system”, Flüeler said.

Philippines: Comelec to push test run of mobile voting app | Leslie Ann Aquino/Manila Bulletin

The Commission on Elections (Comelec) is pushing through with the plan to test run the mobile voting application for possible use in future poll exercises. Poll Commissioner Rowena Guanzon said they will hold the test run as soon as it is safe to conduct it. “We have to choose countries where there are very low risk of contamination,” she said. “We have to find ways to test it without personal contact with the providers,” she added. Guanzon, Comelec – Office for Overseas Voting (OFOV) commissioner-in-charge, said with the COVID-19 pandemic, there is more reason to push for mobile app voting by Filipinos overseas especially those in the United States and seafarers. The Comelec en banc had earlier approved the test run of the mobile voting application overseas for possible use in the May, 2022 polls.

National: Iowa Caucus chaos likely to set back mobile voting | Lucas Mearian/Computerworld

A coding flaw and lack of sufficient testing of an application to record votes in Monday’s Iowa Democratic Presidential Caucus will likely hurt the advancement and uptake of online voting. While there have been hundreds of tests of mobile and online voting platforms in recent years – mostly in small municipal or corporate shareholder and university student elections – online voting technology has yet to be tested for widespread use by the general public in a national election. “This is one of the cases where we narrowly dodged a bullet,” said Jeremy Epstein, vice chair of the Association for Computing Machinery’s US Technology Policy Committee (USTPC). “The Iowa Democratic Party had planned to allow voters to vote in the caucus using their phones; if this sort of meltdown had happened with actual votes, it would have been an actual disaster. In this case, it’s just delayed results and egg on the face of the people who built and purchased the technology.” The vote tallying app used Monday in the Iowa Caucus was created by a small Washington-based vendor called Shadow Inc.; the app was funded in part by a nonprofit progressive digital strategy firm named Acronym. Today, Acronyn strived to make it clear through a tweet it did not supply the technology for the Iowa Caucus, and it is no more than an investor.

Australia: Flaws found in New South Wales iVote system yet again | Stilgherrian/ZDNet

The “Days since last vulnerability found” indicator for the iVote system used in New South Wales’ elections was reset to zero on Wednesday thanks to a new research note from University of Melbourne cryptographer Dr Vanessa Teague. Or rather, the software vendor was notified 45 days earlier to keep with the terms of the source code access agreement while the rest of us found out today. iVote was purchased from Scytl Australia, a subsidiary of Barcelona-based election technology vendor Scytl Secure Electronic Voting, and is based on the system used by SwissPost. In March this year, Teague and her colleagues Sarah Jamie Lewis and Olivier Pereira found a flaw in the proof used by SwissPost system to prevent electoral fraud. Later that month, they detailed a second flaw that could be exploited to result in a tampered election outcome. NSWEC claimed it was safe from the second flaw, and had patched the first. In July, NSWEC ordered Scytl to release parts of the source code in a bid to prove it contained no further vulnerabilities. Vulnerabilities have now been found. “I examined the decryption proof and, surprise, it can easily be faked while passing verification,” Teague tweeted on Wednesday morning. “This exposes NSW elections to undetectable electoral fraud by trusted insiders & suppliers, people who guessed the passwords of the trusted insiders, people who successfully phished the trusted insiders, etc.” Teague’s analysis is detailed in the 8-page Faking an iVote decryption proof [PDF]

UAE: E-voting technology adopted by UAE a pioneering experiment in the region | Samir Salama/Gulf News

By adopting an election protection system, the National Election Committee reiterates its commitment to hold an election that is characterised by the highest degree of fairness and transparency by implementing the best internationally recognised practices used in the world’s most successful parliaments, said Dr Anwar Mohammad Gargash, Minister of State for Foreign Affairs, Minister of State for Federal National Council Affairs and Chairman of the National Election Committee. Dr Gargash said on the eve of the early voting that starts today at nine polling stations across the country, the highly accurate e-voting technology adopted by the NEC is a pioneering experiment in the region, which the UAE introduced during the first Federal National Council Elections in 2006.

Australia: Where’s the proof internet voting is secure? | Vanessa Teague/Pursuit

Victoria’s Electoral Commissioner, Warwick Gately AM, says that Victoria should legislate to allow Internet voting because “there is an inevitability about remote electronic voting over the internet.” According to Mr Gately, the NSW iVote system has, “proven the feasibility of casting a secret vote safely and securely over the internet”. The key word here is “proven”. Anyone can claim that their system is secure and protects people’s privacy, but how would we know? Elections have special requirements. Ballot privacy is mandated by law. And elections must demonstrate that the result accurately reflects the choice of the people. So, what has iVote proven? In 2015, our team found that the iVote site was vulnerable to an internet-based attacker who could read and manipulate votes. The attack wouldn’t have raised any security warnings at either the voter’s or the NSW Electoral Commission (NSWEC) end, but it should have been apparent from iVote’s telephone-based verification. When the NSWEC claimed that “some 1.7 per cent of electors who voted using iVote® also used the verification service and none of them identified any anomalies with their vote,” we took that as reasonable evidence that the security problem hadn’t been exploited. But it wasn’t true.

Australia: New South Wales iVote source code released for researchers to poke around in | Asha Barbaschow/ZDNet

Parts of the source code the New South Wales Electoral Commission (NSWEC) uses to conduct voting has been released, in a bid to prove it contains no vulnerabilities. Scytl, who was awarded a multi-year contract to refresh the NSW online and phone voting software also known as iVote, has on Tuesday made the code available to those that register, at the request of the NSWEC. “We have published the source code to allow independent researchers to review it in order to aid continuous improvement of the code base by finding and communicating any vulnerabilities they may find,” Scytl Asia-Pacific GM Sam Campbell said. “The terms of use are published with the source code and stipulate that any vulnerabilities discovered must be reported to Scytl and the NSW Electoral Commission.” In early March, a group of researchers found a flaw in the Swiss Internet voting system, which is the same system used by NSWEC. The flaw was found in the proof the SwissPost system uses to prevent electoral fraud. Later that month, researchers detailed a second flaw in the electronic voting system, discovering another method that could be exploited to result in a tampered election outcome.

Switzerland: Control-Alt-Delete? Swiss government puts the brakes on e-voting | James Walker/The Daily Swig

The Swiss Federal Council has suspended its plans to bring electronic voting (e-voting) into regular operation in Switzerland. Concerns surrounding the security and integrity of one online voting system were cited among the reasons for the U-turn. In December 2018, the Federal Council launched a consultation into proposed amendments to Switzerland’s Political Rights Act that would effectively make e-voting a third regular voting channel, alongside in-person and postal votes. This consultation is now over, and although a “clear majority” of the cantons and political parties were said to support the introduction of e-voting in principle, the Federal Council said it has decided to “provisionally forgo” the introduction into regular operation. “The political parties which support e-voting in principle consider that now is not the right time to take that step,” a statement reads. “The Federal Council has therefore decided not to proceed with the partial revision of the Political Rights Act at the present time.”

Switzerland: Experts Find Serious Problems With Switzerland’s Online Voting System | Motherboard

Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system’s design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what’s going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly. “Most of the system is split across hundreds of different files, each configured at various levels,” Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England’s GCHQ intelligence agency, told Motherboard. “I’m used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding.”

Malta: Vote counting hall transformed as electronic system in place for European elections | Malta Today

The vote counting hall in Naxxar has been transformed into one equipped with a fully-functional electronic system, which will be first used for the European Parliament and local council elections in May next year. The new system will see the old manual method of counting votes ditched in favour of an automated e-Counting process, which will mean less time is taken for all votes to be counted, and the chance of human error is minimised. E-counting will also be used for the general election and local council elections in 2024. Chief Electoral Commissioner Joseph Church told the press, at an event showcasing the system, that two mock counts are planned to identify any teething troubles in the new system, one scheduled for Saturday, and the other for December. The latter will be a full-scale simulation of the counting process for the European elections.

Australia: New South Wales Electoral Commission appoints Scytl for iVote refresh project | Computerworld

Scytl has won a $1.9 million contract to upgrade the NSW Electoral Commission’s iVote application. The 2017-18 state budget included funding to enhance the iVote system, which provides browser-based Internet voting and telephone voting. iVote has been used in two NSW elections, as well as the 2017 WA election and nine NSW by-elections. There have been two versions of iVote; Scytl developed the core voting system used by the application from the 2015 NSW election onward. iVote has three key components: A registration and credential management system, which were both developed by the NSW EC; the Scytl core voting system; and a telephone system built by the electoral commission for vote verification.

Australia: New South Wales Electoral Commission given $5.4m to rebuild iVote | iTnews

The NSW Electoral Commission scored $5.4 million in this year’s state budget to rebuild its iVote online voting system in time for the next state election in 2019. The funding is part of a $23 million package to improve the agency’s online systems, which will also see the introduction of “an end-to-end solution for the disclosure of political donations, expenditure and the lodgement of public funding claims,” budget documents state. Last month the NSWEC asked the market to suggest off-the-shelf software that could replace the online voting system’s current core platform. “The RFI [request for information] process will give suppliers the opportunity to demonstrate new or innovative solutions that may better meet the needs of the NSWEC,” the agency said at the time.

Switzerland: Geneva mounts e-voting charm offensive | SWI

As competition heats up, the Geneva cantonal government has launched an e-voting promotional campaign in a bid to win additional partners and clients for its system of electronic voting. Currently, only six of Switzerland’s 26 cantons offer remote online voting to a limited number of their citizens. The long-term trials with e-voting suffered a severe setback last year after the Swiss government stopped the use of an American system on security grounds. Since then, there has been a head-to-head contest between two technologies licensed by the national authorities: a home-grown e-voting system, developed by the authorities of canton Geneva, and Swiss Post, which cooperates with the private Spanish company Scytl.

New Zealand: Warning given over online voting trial | New Zealand Herald

Whanganui is getting too committed to being part of a costly online voting trial, according to councillor Rob Vinsen. Mr Vinsen has been a staunch opponent of Whanganui District Council being part of the test, which could happen in this October’s local body elections. While no final decision has been made, the council has put its hat into the ring and been shortlisted as one of eight local authorities to conduct the trial. The Government is expected to announce within days if the trial will go ahead and which councils will take part. Mr Vinsen said mayor Annette Main had given an assurance that councillors would get the chance to vote whether or not to be involved, but he was alarmed to read in the Manawatu Standard that the Palmerston North City Council believes Whanganui is committed to this trial. He said many of his council colleagues saw it as a waste of $75,000, which is the expected cost of the online voting trial.

International: Voting From the Privacy of Your Couch | Bloomberg

Electoral fraud has been pervasive in Nigeria since it returned to civilian rule in 1999. This year, to prevent tampering with ballots on the way to the capital, poll workers nationwide used technology from a Spanish software maker called Scytl to scan the tallies and transmit them electronically. Despite predictions of violence, voters elected an opposition candidate—removing an incumbent from office for the first time—in a process Human Rights Watch described as “mostly peaceful.” Governments in 42 countries are using software from Scytl (rhymes with “title”) to bring elements of their elections online, from registering voters to consolidating results. “If you look at the way elections are being run in most countries, it’s still the same way they used to be run 50 years ago,” says Chief Executive Officer Pere Vallès. Using Scytl’s technology, he says, a country can more easily stop fraud and announce winners “in a few hours instead of a few days.” … Many election watchdogs say software isn’t yet secure enough to be trusted, and they’re concerned that Scytl and its competitors haven’t developed a way for third parties to independently verify results. “Murphy’s Law says something is going to go wrong in pretty much every election,” says Pamela Smith, the president of election watchdog Verified Voting in Carlsbad, Calif. “Transmitting actual votes is too high-risk for using online technology.” No current online system has “the level of security and transparency needed for mainstream elections,” according to a July report prepared for the U.S. Vote Foundation, a nonprofit that advocates for expanded absentee voting.

Switzerland: The battle for the future of electronic voting | SWI

Government-owned Swiss Post has become the latest player to enter the electronic voting market, announcing that it will work with Neuchâtel to offer an e-voting system next year. But its partnership with Spanish firm Scytl has some questioning whether the use of foreign voting systems could leave the Swiss exposed to security concerns. The move by Swiss Post follows the government’s decision, on security grounds, to reject the use by a consortium of nine cantons of a voting system developed by American company Unisys during the October 18 parliamentary elections. Since the first trials at electronic voting in 2003, Swiss cantons have been wrestling with the development of secure e-voting systems. To date, canton Geneva has been the most successful in rolling out an approved system, due in large part to the platform being 100% publicly funded and locally developed. The model has so far been adopted by three other cantons: Lucerne, Basel City and Bern. Aside from the failed attempt by the consortium of nine cantons to introduce the use of an American e-voting system, Neuchâtel has been the only other canton to enter the fray. In partnership with Syctl, a global leader in the field, it has developed a unique online voting platform that offers the possibility of voting directly from a computer keyboard. Having eyed the market for some time, it is this system Swiss Post is banking on to provide its entry into the world of e-voting.

Switzerland: Swiss Post, Scytl to develop e-voting system | SWI

The Swiss Post is developing a new e-voting system with the Spanish company Scytl. Flüeler Oliver, a spokesman for the Swiss Post, told the NZZ am Sonntag on Sunday that the company hopes to compete with current cantonal e-voting projects, and is currently in talks with some, though no individual cantons were named. Two weeks ago, a system developed in the United States was rejected by the Swiss cabinet when it was proposed by nine cantons in an attempt to introduce e-voting for the parliamentary elections in October. Security flaws were cited as the reason for the rejection.

Australia: NSW iVote security flaw may have affected thousands of votes: Researchers | Computerworld

Thousands of NSW state election votes submitted to iVote may have been affected by a server vulnerability according to two security researchers who discovered the issue. University of Melbourne Department of Computing and Information Systems research fellow, Vanessa Teague, and Michigan Centre for Computer Security and Society director ,J.Alex Halderman, posted a blog with their findings on March 22. “The iVote voting website, cvs.ivote.nsw.gov.au, is served over HTTPS. While this server appears to use a safe SSL configuration, the site included additional JavaScript from an external server,” wrote the researchers.

Australia: International experts warn of the risks of Australian online voting tools | Sydney Morning Herald

Australia and other countries are a decade or longer away from safe methods of online voting in state and national elections and current tools pose a serious risk to democratic processes, people at a public lecture heard on Monday night. University of Michigan researcher J Alex Halderman and University of Melbourne research fellow Vanessa Teague said online voting in Saturday’s New South Wales election could have been seriously compromised through security weaknesses in the iVote system, being used in the upper house. The pair, in a a public lecture at the Australian National University, said that internet voting continued to raise some of the most difficult challenges in computer security and could not be considered completely safe. They reported faults in the NSW system to electoral authorities last week, ahead of as many as 250,000 voters using online systems to participate in the ballot.

Australia: NSW Electoral Commission downplays iVote flaw | CNET

The NSW Electoral Commission has responded to reports of a flaw in its iVote online voting portal, saying that although the risk of its website being compromised was low, it has taken action to fix the flaw. The Commission has also raised questions about the authors of the findings, noting that the two academics behind the research are also board members for a group that lobbies against online and electronic voting in the United States. According to the Chief Information Officer and Director of IT for the NSW Electoral Commission, Ian Brightwell, the flaw discovered in the iVote system required three or four preconditions in order to be exploited. While Brightwell said a hack was “unlikely,” he said the Commission moved swiftly to respond to the problem.

Australia: NSW Electoral Commission scrambles to patch iVote flaw | ZDNet

The analytics service used by the New South Wales electronic voting system, iVote, left voters vulnerable to having their ballots changed, according to security researchers. The iVote system was originally implemented ahead of the 2011 state election for vision-impaired voters and those living in rural areas who have difficulty reaching polling places, but the government is expanding the use of the iVote system as part of the election on March 28, and has taken approximately 66,000 votes since early polling opened last week. Researchers Vanessa Teague from the Department of Computing and Information Systems at the University of Melbourne, and J Alex Halderman from the University of Michigan Centre for Computer Security, found that while the voting website uses a safe SSL configuration, it includes JavaScript from an external server that is used to track site visitors. This, they said, would leave the iVote site open to a range of attacks, including FREAK.

Australia: Security flaw in New South Wales puts thousands of online votes at risk | Freedom to Tinker

New South Wales, Australia, is holding state elections this month, and they’re offering a new Internet voting system developed by e-voting vendor Scytl and the NSW Electoral Commission. The iVote system, which its creators describe as private, secure and verifiable, is predicted to see record turnout for online voting. Voting has been happening for six days, and already iVote has received more than 66,000 votes. Up to a quarter million voters (about 5% of the total) are expected to use the system by the time voting closes next Saturday. Since we’ve both done extensive research on the design and analysis of Internet voting systems, we decided to perform an independent security review of iVote. We’ll prepare a more extensive technical report after the election, but we’re writing today to share news about critical vulnerabilities we found that have put tens of thousands of votes at risk. We discovered a major security hole allowing a man-in-the middle attacker to read and manipulate votes. We also believe there are ways to circumvent the verification mechanism.

Australia: NSW’s online gamble: why internet and phone voting is too risky | The Conversation

Up to 250,000 votes are expected to be cast using the iVote electronic voting system between March 16 and the close of polls on March 28 in the New South Wales election. That would represent a massive increase on the 46,864 votes at the 2011 state election and could mean about 5% of the total vote is cast electronically, using a telephone or via the internet. It looks set to be by far the biggest test of electronic voting in Australia, which has largely been limited to small trials in the past, and one of the largest online votes worldwide. If the NSW election proves to be close, those electronic votes could prove crucial. But before electronic voting begins on Monday, people in NSW should be warned: there are many unanswered questions about the integrity and privacy of those votes. Late last year, the federal Joint Standing Committee on Electoral Matters recommended against electronic voting in federal elections. Its report concluded that:

Australia is not in a position to introduce any large-scale system of electronic voting in the near future without catastrophically compromising our electoral integrity.

South Dakota: Election review board may propose legislation changes | Argus Leader

A committee reviewing election issues in Minnehaha County moved one meeting closer to releasing what its chairman later called “a series of recommendations and critiques,” some of which could require changes made in the state Legislature. Election night issues last November kept the state’s largest county from reporting election results until 14 hours after the polls closed. That followed problems in the 2012 election and issues in last April’s city election. The seven-member committee heard testimony for well over two hours Friday and ended the meeting receiving copies of a draft report that will be examined during the next two weeks. That draft report will not be made public, said Robert Wilson, the county employee assigned to the election review committee. All this effort is designed to prevent what chairman Bruce Danielson described as “heartache and headache and voter frustration” when elections go wrong and people are unsure whether their vote will be counted properly.

Australia: Sydney’s Secure Logic signs $1m online voting contract | CRN

Sydney-based Secure Logic has signed a contract to host the NSW Electoral Commission’s iVote system for the next five years. Secure Logic will provide the NSWEC with infrastructure and platform-as-a-service in a deal worth $990,000. The platform will be able to be scaled during peak election periods, according to head of sales and marketing for Secure Logic, Fergus Brooks. Spanish company Scytl was awarded the contract to provide the online voting software for iVote in May last year, after the state government announced plans to expand iVote for the 2015 election.

Philippines: Smartmatic lone eligible bidder for touchscreen voting system | Rappler

The joint venture led by Smartmatic-Total Information Management (TIM) Corporation was the only bidder that passed the first stage of the bidding for the lease of touchscreen voting machines for the 2016 national elections. On Tuesday, December 16, the bids and awards committee (BAC) of the Commission on Elections (Comelec) voted 3-2 to declare the Smartmatic-TIM joint venture eligible to proceed to the second stage of the bidding process. Bids committee chairperson Helen Aguila-Flores, vice chairperson Jubil Surmeida, and member Divina Blas-Perez voted for Smartmatic-TIM’s eligibility, while members Charlie Yap and Maria Juana Valeza deemed Smartmatic-TIM as ineligible.

Canada: Scytl offers 25% discount over election problems | Cornwall Standard Freeholder

While the company responsible for the delay in releasing results from the Oct. 27 municipal elections has apologized and offered compensation, 20 municipalities in Ontario are saying it isn’t enough. Scytl Canada Inc. was awarded the contract in January 2104 to provide election services for the internet and telephone ballots. However, on election night, municipalities using the service were waiting until after 11 p.m. for results that should have been made available by 8:30 p.m. due to human error. The delay, according to Scytl, was due to an anomaly found during routine processing causing tabulation to be rerun and a thorough manual audit to be done. Five election files had been mislabeled due to human error and rather than just rename the files, Scytl reran the entire process. Scytl stands by the fact the election results are 100% accurate. Municipalities affected received a letter of apology and an offer of a 25% discount on the final payment for their services in addition to a 10% discount on a future online voting project.

Canada: Manual recount demanded in Leamington after ‘computer glitch’ | CBC News

One of losing candidates in Leamington’s election questions the legitimacy of the vote because of a problem with the computerized tabulation. Robert Tatomir is calling for a review of the results. Leamington hired Scytl, an online voting company, to run its election. Voters cast their ballots online and nowhere elese. Results were expected within half an hour afer polls closed. Instead it took nearly three hours to tabulate results. In a statement Scytl says it detected an “inconsistency” in the naming of certain files, and required additional time to deliver the results to ensure the integrity of the election.

Canada: Angry towns consider withholding payment to Internet voting company | Windsor Star

Leamington and Kingsville are considering withholding payment to the company that conducted Internet voting this election after results came in hours later than expected. “I’m very disappointed,” said Leamington clerk Brian Sweet, who is bearing the brunt of complaints in his municipality about how long it took to release voting results Monday night. “We were under the impression we would have our results between 8:30 and quarter to nine, possibly, before 8:30,” Sweet said. Instead, like in Kingsville and Tecumseh, results were not released to waiting crowds until close to 11 p.m. “What was frustrating for us was we were not getting results and we weren’t getting any information or time estimates either,” Sweet said. “We didn’t understand what the problem was.”

Canada: Rise of e-voting is inevitable, as is risk of hacking | The Globe and Mail

It took just one typo in one line of code to elect a malevolent computer program mayor of Washington, D.C. In the fall of 2010, the District staged a mock election to test out a new online voting system, and invited hackers to check its security. A team from the University of Michigan took them up on the offer. They quickly found a flaw in the code and broke in. They changed every vote. Master Control Program, the self-aware software that attempts to take over the world in the film Tron, was a runaway write-in candidate for mayor. Skynet, the system that runs a robot army in the Terminator franchise, was elected to Congress. And Bender, the hard-drinking android in the cartoon Futurama, became a member of the school board. Incredibly, it took D.C. officials two days to realize they had been hacked. …The use of Internet voting is exploding. Nearly 100 Ontario municipalities are using it in Monday’s election – including one that will even ditch paper ballots entirely. Proponents contend it is not only more convenient, but more equitable, giving people who cannot get to physical polling stations the same opportunity to vote as everyone else. But the expansion of e-voting has also caused consternation for some security researchers and municipal officials. They worry that entrusting this pillar of democracy to computers is too great a risk, given the potential for software problems – or hackers determined to put beer-swilling robots on the school board.