Scytl

Tag Archive

Australia: Where’s the proof internet voting is secure? | Vanessa Teague/Pursuit

Victoria’s Electoral Commissioner, Warwick Gately AM, says that Victoria should legislate to allow Internet voting because “there is an inevitability about remote electronic voting over the internet.” According to Mr Gately, the NSW iVote system has, “proven the feasibility of casting a secret vote safely and securely over the internet”. The key word here is “proven”. Anyone can claim that their system is secure and protects people’s privacy, but how would we know? Elections have special requirements. Ballot privacy is mandated by law. And elections must demonstrate that the result accurately reflects the choice of the people. So, what has iVote proven? In 2015, our team found that the iVote site was vulnerable to an internet-based attacker who could read and manipulate votes. The attack wouldn’t have raised any security warnings at either the voter’s or the NSW Electoral Commission (NSWEC) end, but it should have been apparent from iVote’s telephone-based verification. When the NSWEC claimed that “some 1.7 per cent of electors who voted using iVote® also used the verification service and none of them identified any anomalies with their vote,” we took that as reasonable evidence that the security problem hadn’t been exploited. But it wasn’t true.

Full Article: Where’s the proof internet voting is secure? | Pursuit by The University of Melbourne.

Australia: New South Wales iVote source code released for researchers to poke around in | Asha Barbaschow/ZDNet

Parts of the source code the New South Wales Electoral Commission (NSWEC) uses to conduct voting has been released, in a bid to prove it contains no vulnerabilities. Scytl, who was awarded a multi-year contract to refresh the NSW online and phone voting software also known as iVote, has on Tuesday made the code available to those that register, at the request of the NSWEC. “We have published the source code to allow independent researchers to review it in order to aid continuous improvement of the code base by finding and communicating any vulnerabilities they may find,” Scytl Asia-Pacific GM Sam Campbell said. “The terms of use are published with the source code and stipulate that any vulnerabilities discovered must be reported to Scytl and the NSW Electoral Commission.” In early March, a group of researchers found a flaw in the Swiss Internet voting system, which is the same system used by NSWEC. The flaw was found in the proof the SwissPost system uses to prevent electoral fraud. Later that month, researchers detailed a second flaw in the electronic voting system, discovering another method that could be exploited to result in a tampered election outcome.

Full Article: NSW iVote source code released for researchers to poke around in | ZDNet.

Switzerland: Control-Alt-Delete? Swiss government puts the brakes on e-voting | James Walker/The Daily Swig

The Swiss Federal Council has suspended its plans to bring electronic voting (e-voting) into regular operation in Switzerland. Concerns surrounding the security and integrity of one online voting system were cited among the reasons for the U-turn. In December 2018, the Federal Council launched a consultation into proposed amendments to Switzerland’s Political Rights Act that would effectively make e-voting a third regular voting channel, alongside in-person and postal votes. This consultation is now over, and although a “clear majority” of the cantons and political parties were said to support the introduction of e-voting in principle, the Federal Council said it has decided to “provisionally forgo” the introduction into regular operation. “The political parties which support e-voting in principle consider that now is not the right time to take that step,” a statement reads. “The Federal Council has therefore decided not to proceed with the partial revision of the Political Rights Act at the present time.”

Full Article: Control-Alt-Delete? Swiss gov’t puts the brakes on e-voting | The Daily Swig.

Switzerland: Experts Find Serious Problems With Switzerland’s Online Voting System | Motherboard

Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system’s design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what’s going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly. “Most of the system is split across hundreds of different files, each configured at various levels,” Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England’s GCHQ intelligence agency, told Motherboard. “I’m used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding.”

Full Article: Experts Find Serious Problems With Switzerland's Online Voting System.

Malta: Vote counting hall transformed as electronic system in place for European elections | Malta Today

The vote counting hall in Naxxar has been transformed into one equipped with a fully-functional electronic system, which will be first used for the European Parliament and local council elections in May next year. The new system will see the old manual method of counting votes ditched in favour of an automated e-Counting process, which will mean less time is taken for all votes to be counted, and the chance of human error is minimised. E-counting will also be used for the general election and local council elections in 2024. Chief Electoral Commissioner Joseph Church told the press, at an event showcasing the system, that two mock counts are planned to identify any teething troubles in the new system, one scheduled for Saturday, and the other for December. The latter will be a full-scale simulation of the counting process for the European elections.

Full Article: [WATCH] Vote counting hall transformed as electronic system in place for European elections.

Australia: New South Wales Electoral Commission appoints Scytl for iVote refresh project | Computerworld

Scytl has won a $1.9 million contract to upgrade the NSW Electoral Commission’s iVote application. The 2017-18 state budget included funding to enhance the iVote system, which provides browser-based Internet voting and telephone voting. iVote has been used in two NSW elections, as well as the 2017 WA election and nine NSW by-elections. There have been two versions of iVote; Scytl developed the core voting system used by the application from the 2015 NSW election onward. iVote has three key components: A registration and credential management system, which were both developed by the NSW EC; the Scytl core voting system; and a telephone system built by the electoral commission for vote verification.

Full Article: NSW Electoral Commission appoints Scytl for iVote refresh project - Computerworld.

Australia: New South Wales Electoral Commission given $5.4m to rebuild iVote | iTnews

The NSW Electoral Commission scored $5.4 million in this year’s state budget to rebuild its iVote online voting system in time for the next state election in 2019. The funding is part of a $23 million package to improve the agency’s online systems, which will also see the introduction of “an end-to-end solution for the disclosure of political donations, expenditure and the lodgement of public funding claims,” budget documents state. Last month the NSWEC asked the market to suggest off-the-shelf software that could replace the online voting system’s current core platform. “The RFI [request for information] process will give suppliers the opportunity to demonstrate new or innovative solutions that may better meet the needs of the NSWEC,” the agency said at the time.

Full Article: NSW Electoral Commission given $5.4m to rebuild iVote - Strategy - Software - iTnews.

Switzerland: Geneva mounts e-voting charm offensive | SWI

As competition heats up, the Geneva cantonal government has launched an e-voting promotional campaign in a bid to win additional partners and clients for its system of electronic voting. Currently, only six of Switzerland’s 26 cantons offer remote online voting to a limited number of their citizens. The long-term trials with e-voting suffered a severe setback last year after the Swiss government stopped the use of an American system on security grounds. Since then, there has been a head-to-head contest between two technologies licensed by the national authorities: a home-grown e-voting system, developed by the authorities of canton Geneva, and Swiss Post, which cooperates with the private Spanish company Scytl.

Full Article: Geneva mounts e-voting charm offensive - SWI swissinfo.ch.

New Zealand: Warning given over online voting trial | New Zealand Herald

Whanganui is getting too committed to being part of a costly online voting trial, according to councillor Rob Vinsen. Mr Vinsen has been a staunch opponent of Whanganui District Council being part of the test, which could happen in this October’s local body elections. While no final decision has been made, the council has put its hat into the ring and been shortlisted as one of eight local authorities to conduct the trial. The Government is expected to announce within days if the trial will go ahead and which councils will take part.  Mr Vinsen said mayor Annette Main had given an assurance that councillors would get the chance to vote whether or not to be involved, but he was alarmed to read in the Manawatu Standard that the Palmerston North City Council believes Whanganui is committed to this trial. He said many of his council colleagues saw it as a waste of $75,000, which is the expected cost of the online voting trial.

Full Article: Warning given over online voting trial.

International: Voting From the Privacy of Your Couch | Bloomberg

Electoral fraud has been pervasive in Nigeria since it returned to civilian rule in 1999. This year, to prevent tampering with ballots on the way to the capital, poll workers nationwide used technology from a Spanish software maker called Scytl to scan the tallies and transmit them electronically. Despite predictions of violence, voters elected an opposition candidate—removing an incumbent from office for the first time—in a process Human Rights Watch described as “mostly peaceful.” Governments in 42 countries are using software from Scytl (rhymes with “title”) to bring elements of their elections online, from registering voters to consolidating results. “If you look at the way elections are being run in most countries, it’s still the same way they used to be run 50 years ago,” says Chief Executive Officer Pere Vallès. Using Scytl’s technology, he says, a country can more easily stop fraud and announce winners “in a few hours instead of a few days.” … Many election watchdogs say software isn’t yet secure enough to be trusted, and they’re concerned that Scytl and its competitors haven’t developed a way for third parties to independently verify results. “Murphy’s Law says something is going to go wrong in pretty much every election,” says Pamela Smith, the president of election watchdog Verified Voting in Carlsbad, Calif. “Transmitting actual votes is too high-risk for using online technology.” No current online system has “the level of security and transparency needed for mainstream elections,” according to a July report prepared for the U.S. Vote Foundation, a nonprofit that advocates for expanded absentee voting.

Full Article: Voting From the Privacy of Your Couch - Bloomberg Business.

Switzerland: The battle for the future of electronic voting | SWI

Government-owned Swiss Post has become the latest player to enter the electronic voting market, announcing that it will work with Neuchâtel to offer an e-voting system next year. But its partnership with Spanish firm Scytl has some questioning whether the use of foreign voting systems could leave the Swiss exposed to security concerns. The move by Swiss Post follows the government’s decision, on security grounds, to reject the use by a consortium of nine cantons of a voting system developed by American company Unisys during the October 18 parliamentary elections. Since the first trials at electronic voting in 2003, Swiss cantons have been wrestling with the development of secure e-voting systems. To date, canton Geneva has been the most successful in rolling out an approved system, due in large part to the platform being 100% publicly funded and locally developed. The model has so far been adopted by three other cantons: Lucerne, Basel City and Bern. Aside from the failed attempt by the consortium of nine cantons to introduce the use of an American e-voting system, Neuchâtel has been the only other canton to enter the fray. In partnership with Syctl, a global leader in the field, it has developed a unique online voting platform that offers the possibility of voting directly from a computer keyboard. Having eyed the market for some time, it is this system Swiss Post is banking on to provide its entry into the world of e-voting.

Full Article: The battle for the future of electronic voting - SWI swissinfo.ch.

Switzerland: Swiss Post, Scytl to develop e-voting system | SWI

The Swiss Post is developing a new e-voting system with the Spanish company Scytl. Flüeler Oliver, a spokesman for the Swiss Post, told the NZZ am Sonntag on Sunday that the company hopes to compete with current cantonal e-voting projects, and is currently in talks with some, though no individual cantons were named. Two weeks ago, a system developed in the United States was rejected by the Swiss cabinet when it was proposed by nine cantons in an attempt to introduce e-voting for the parliamentary elections in October. Security flaws were cited as the reason for the rejection.

Australia: NSW iVote security flaw may have affected thousands of votes: Researchers | Computerworld

Thousands of NSW state election votes submitted to iVote may have been affected by a server vulnerability according to two security researchers who discovered the issue. University of Melbourne Department of Computing and Information Systems research fellow, Vanessa Teague, and Michigan Centre for Computer Security and Society director ,J.Alex Halderman, posted a blog with their findings on March 22. “The iVote voting website, cvs.ivote.nsw.gov.au, is served over HTTPS. While this server appears to use a safe SSL configuration, the site included additional JavaScript from an external server,” wrote the researchers.

Full Article: NSW iVote security flaw may have affected thousands of votes: Researchers - Computerworld.

Australia: International experts warn of the risks of Australian online voting tools | Sydney Morning Herald

Australia and other countries are a decade or longer away from safe methods of online voting in state and national elections and current tools pose a serious risk to democratic processes, people at a public lecture heard on Monday night. University of Michigan researcher J Alex Halderman and University of Melbourne research fellow Vanessa Teague said online voting in Saturday’s New South Wales election could have been seriously compromised through security weaknesses in the iVote system, being used in the upper house. The pair, in a a public lecture at the Australian National University, said that internet voting continued to raise some of the most difficult challenges in computer security and could not be considered completely safe. They reported faults in the NSW system to electoral authorities last week, ahead of as many as 250,000 voters using online systems to participate in the ballot.

Full Article: International experts warns of the risks of Australian online voting tools.

Australia: NSW Electoral Commission downplays iVote flaw | CNET

The NSW Electoral Commission has responded to reports of a flaw in its iVote online voting portal, saying that although the risk of its website being compromised was low, it has taken action to fix the flaw. The Commission has also raised questions about the authors of the findings, noting that the two academics behind the research are also board members for a group that lobbies against online and electronic voting in the United States. According to the Chief Information Officer and Director of IT for the NSW Electoral Commission, Ian Brightwell, the flaw discovered in the iVote system required three or four preconditions in order to be exploited. While Brightwell said a hack was “unlikely,” he said the Commission moved swiftly to respond to the problem.

Full Article: NSW Electoral Commission downplays iVote flaw - CNET.

Australia: NSW Electoral Commission scrambles to patch iVote flaw | ZDNet

The analytics service used by the New South Wales electronic voting system, iVote, left voters vulnerable to having their ballots changed, according to security researchers. The iVote system was originally implemented ahead of the 2011 state election for vision-impaired voters and those living in rural areas who have difficulty reaching polling places, but the government is expanding the use of the iVote system as part of the election on March 28, and has taken approximately 66,000 votes since early polling opened last week. Researchers Vanessa Teague from the Department of Computing and Information Systems at the University of Melbourne, and J Alex Halderman from the University of Michigan Centre for Computer Security, found that while the voting website uses a safe SSL configuration, it includes JavaScript from an external server that is used to track site visitors. This, they said, would leave the iVote site open to a range of attacks, including FREAK.

Full Article: NSW Electoral Commission scrambles to patch iVote flaw | ZDNet.

Australia: Security flaw in New South Wales puts thousands of online votes at risk | Freedom to Tinker

New South Wales, Australia, is holding state elections this month, and they’re offering a new Internet voting system developed by e-voting vendor Scytl and the NSW Electoral Commission. The iVote system, which its creators describe as private, secure and verifiable, is predicted to see record turnout for online voting. Voting has been happening for six days, and already iVote has received more than 66,000 votes. Up to a quarter million voters (about 5% of the total) are expected to use the system by the time voting closes next Saturday. Since we’ve both done extensive research on the design and analysis of Internet voting systems, we decided to perform an independent security review of iVote. We’ll prepare a more extensive technical report after the election, but we’re writing today to share news about critical vulnerabilities we found that have put tens of thousands of votes at risk. We discovered a major security hole allowing a man-in-the middle attacker to read and manipulate votes. We also believe there are ways to circumvent the verification mechanism.

Full Article: Security flaw in New South Wales puts thousands of online votes at risk.

Australia: NSW’s online gamble: why internet and phone voting is too risky | The Conversation

Up to 250,000 votes are expected to be cast using the iVote electronic voting system between March 16 and the close of polls on March 28 in the New South Wales election. That would represent a massive increase on the 46,864 votes at the 2011 state election and could mean about 5% of the total vote is cast electronically, using a telephone or via the internet. It looks set to be by far the biggest test of electronic voting in Australia, which has largely been limited to small trials in the past, and one of the largest online votes worldwide. If the NSW election proves to be close, those electronic votes could prove crucial. But before electronic voting begins on Monday, people in NSW should be warned: there are many unanswered questions about the integrity and privacy of those votes. Late last year, the federal Joint Standing Committee on Electoral Matters recommended against electronic voting in federal elections. Its report concluded that:

Australia is not in a position to introduce any large-scale system of electronic voting in the near future without catastrophically compromising our electoral integrity.

So what are some of the potential threats? Software errors, hackers, misbehaving system administrators, malware or other unobservable problems could all potentially cause electronic votes to be misrecorded, modified or exposed.

Full Article: NSW's online gamble: why internet and phone voting is too risky.

South Dakota: Election review board may propose legislation changes | Argus Leader

A committee reviewing election issues in Minnehaha County moved one meeting closer to releasing what its chairman later called “a series of recommendations and critiques,” some of which could require changes made in the state Legislature. Election night issues last November kept the state’s largest county from reporting election results until 14 hours after the polls closed. That followed problems in the 2012 election and issues in last April’s city election. The seven-member committee heard testimony for well over two hours Friday and ended the meeting receiving copies of a draft report that will be examined during the next two weeks. That draft report will not be made public, said Robert Wilson, the county employee assigned to the election review committee. All this effort is designed to prevent what chairman Bruce Danielson described as “heartache and headache and voter frustration” when elections go wrong and people are unsure whether their vote will be counted properly.

Full Article: Election review board may propose legislation changes.

Australia: Sydney’s Secure Logic signs $1m online voting contract | CRN

Sydney-based Secure Logic has signed a contract to host the NSW Electoral Commission’s iVote system for the next five years. Secure Logic will provide the NSWEC with infrastructure and platform-as-a-service in a deal worth $990,000. The platform will be able to be scaled during peak election periods, according to head of sales and marketing for Secure Logic, Fergus Brooks. Spanish company Scytl was awarded the contract to provide the online voting software for iVote in May last year, after the state government announced plans to expand iVote for the 2015 election.