The ink on his thumbnail was supposed to be a fraud-proof deterrent, a sign that he had already voted in Haiti’s critical presidential and legislative elections. But hours after the adviser to Haiti’s Provisional Electoral Council cast his ballot in the now disputed Oct. 25 vote, the indelible ink stain was barely visible, more resembling a fading birthmark than an electoral safeguard. Nearly two months after the pivotal balloting and three weeks before the scheduled Dec. 27 presidential runoff, Haiti remains at an impasse. Allegations of ballot tampering, fraudulent tabulations and widespread procedural breakdowns — such as failing ink that led to multiple voting — have fanned a widening chorus of doubt about the credibility of the results.
This article was originally posted at Freedom to Tinker on August 10, 2015. It is reposted here with permission of the author.
A recent paper published by Smartmatic, a vendor of voting systems, caught my attention. The first thing is that it’s published by Springer, which typically publishes peer-reviewed articles – which this is not. This is a marketing piece. It’s disturbing that a respected imprint like Springer would get into the business of publishing vendor white papers. There’s no disclaimer that it’s not a peer-reviewed piece, or any other indication that it doesn’t follow Springer’s historical standards. The second, and more important issue, is that the article could not possibly have passed peer review, given some of its claims. I won’t go into the controversies around voting systems (a nice summary of some of those issues can be found on the OSET blog), but rather focus on some of the security metrics claims.
The article states, “Well-designed, special-purpose [voting] systems reduce the possibility of results tampering and eliminate fraud. Security is increased by 10-1,000 times, depending on the level of automation.”
That would be nice. However, we have no agreed-upon way of measuring security of systems (other than cryptographic algorithms, within limits). So the only way this is meaningful is if it’s qualified and explained – which it isn’t. Other studies, such as one I participated in (Applying a Reusable Election Threat Model at the County Level), have tried to quantify the risk to voting systems – our study measured risk in terms of the number of people required to carry out the attack. So is Smartmatic’s study claiming that they can make an attack require 10 to 1000 more people, 10 to 1000 times more money, 10 to 1000 times more expertise (however that would be measured!), or something entirely different?
Myanmar opposition leader Aung San Suu Kyi expressed concern Thursday that massive flooding in much of the country might be used as a pretext to undermine November’s general election. In a video appealing to the international community to help flood victims, the Nobel Peace Prize laureate drew a parallel with a referendum, carried out under military rule in 2008, that brought in the current much-maligned constitution. The voting took place during widespread chaos following Cyclone Nargis, which killed an estimated 140,000 people. According to the official results, the charter was overwhelmingly confirmed, but many reports cast doubt on the fairness of the vote and the results. The constitution was drafted under military supervision and enshrines its dominance in government, making substantial democratic reforms difficult to achieve.Full Article: Myanmar's Suu Kyi warns against flood-linked vote tampering - StarTribune.com.
Arvind Kejriwal, the chief of the Aam Aadmi Party, today alleged massive tampering of electronic voting machines or EVMs to favour the BJP. The BJP linked his allegation to the funding scandal; AAP has been accused by a group of its former supporters of accepting Rs. 50 lakh from four companies that have no credible finances and appear to be fronts for money laundering. Mr Kejriwal tweeted today that during an inspection in the Delhi Cantonment area on Monday, four machines were found doctored in a way that the result always showed BJP, no matter what party the voters chose.Full Article: Arvind Kejriwal Alleges Voting Machines Tampered With to Help BJP.
Presidential polls in Namibia have incumbent prime minister Hage Geigob of the ruling SWAPO party leading with 84 percent of the roughly 10 percent of votes officially released so far but the new electronic polling gizmos are leaving some Namibians skeptical. Some 1.2 million people are expected to cast their votes electronically in the country’s fifth election since independence. It will be the first use of electronic voting machines (EVMs) on the African continent. Voters will select presidential and parliamentary candidates directly on the EVMs—slabs of green and white plastic with the names and images of candidates and their party affiliation—that make a loud beep after each vote. The voting modules will not be connected externally to any sources to prevent tampering, and the commission hopes electronic voting will reduce lines and speed up counting. But according to local media reports, results have been trickling in at a snail’s pace at the election centre in the capital Windhoek, worrying the ruling party.Full Article: Electronic voting comes to Namibia, all is not well - Frost Illustrated : Frost Illustrated.
Presidential polls in Namibia have incumbent prime minister Hage Geigob of the ruling SWAPO party leading with 84 percent of the roughly 10 percent of votes officially released so far but the new electronic polling gizmos are leaving some Namibians skeptical. Some 1.2 million people are expected to cast their votes electronically in the country’s fifth election since independence. It will be the first use of electronic voting machines (EVMs) on the African continent. Voters will select presidential and parliamentary candidates directly on the EVMs – slabs of green and white plastic with the names and images of candidates and their party affiliation – that make a loud beep after each vote. The voting modules will not be connected externally to any sources to prevent tampering, and the commission hopes electronic voting will reduce lines and speed up counting. But according to local media reports, results have been trickling in at a snail’s pace at the election centre in the capital Windhoek, worrying the ruling party.Full Article: Electronic Voting Comes to Namibia | Inter Press Service.
The discovery of 21 previously uncounted ballots from Long Island and their impact on the Senate District 25 race has conjured up images of nefarious political operatives covertly stuffing ballot boxes to tilt the election. That scenario would require a serious breach of Maine election law, which specifies an elaborate and detailed set of procedures to secure ballots – especially those subject to a recount – according to state election officials. If those procedures were followed, someone would have had to obtain a single key to reopen a locked metal box of ballots without disturbing an official seal to add the 21 ballots to the 171 ballots that were tabulated on Election Day. The 21 ballots were not discovered until a Nov. 18 recount in the race between Republican Cathy Manchester of Gray and Democrat Cathy Breen of Falmouth. The ballots were not formally challenged by Democrats during the recount, but they are now at the center of a mystery over why they weren’t counted when the polls closed on the night of Nov. 4, or how they ended up in a box that at several points was in the custody of Maine State Police.Full Article: If Maine's election rules followed, tampering with ballots is difficult - The Portland Press Herald / Maine Sunday Telegram.
Namibians voting in their presidential election will become the first in Africa to use electronic voting. It has been 25 years since Namibia’s first democratic elections, and for the first time 1.2 million people are expected to cast their votes electronically in the country’s fifth election since independence. “The decision to consider acquiring electronic voting machines was primarily based on some challenges and experiences that we have had in the manner and way we manage our elections,” the electoral commission’s Theo Mujoro told China’s CCTV. The voters will cast their ballots for presidential and parliamentary candidates on separate machines, chunky slabs of green and white plastic with the names and images of candidates and their party affiliation that make a loud beep after each vote. “The younger people get it first time, but the older ones you have to explain a little,” said presiding officer Hertha Erastus.Full Article: Namibian election first in Africa to use electronic voting machines - ABC News (Australian Broadcasting Corporation).
Threats to the integrity of Internet voting have been a major factor in keeping the practice to a bare minimum in the United States. On the heels of the recent midterm elections, researchers at Galois, a computer science research and development firm in Portland, Ore., sent another reminder to decision makers and voters that things still aren’t where they should be. Researchers Daniel M. Zimmerman and Joseph R. Kiniry published a paper called “Modifying an Off-the-Shelf Wireless Router for PDF Ballot Tampering” that explains an attack against common home routers that would allow a hacker to intercept a PDF ballot and use another technique to modify a ballot before sending it along to an election authority. PDF ballots have been used in Internet voting trials in Alaska, and in New Jersey as an voting alternative for those displaced by Hurricane Sandy. The ballots are downloaded, filled out and emailed; the email is equivalent to putting a ballot into a ballot box. Election authorities then either print the ballots and count them by hand, or count them with an optical scanner. The Galois attack is by no means the only attack that threatens Internet voting; malware on a voter’s machine could redirect traffic or cause a denial of service condition at the election authority. But the attack described in the paper is certainly a much more quiet attack that the researchers say is undetectable, even in a forensics investigation.Full Article: Internet Voting Hack Alters PDF Ballots in Transmission | Threatpost | The first stop for security news.
Some Americans who lined up at the ballot boxes on Tuesday may have wished for the convenience of online voting. But cybersecurity experts continue to argue that such systems would be vulnerable to vote tampering — warnings that did not stop Alaska from allowing voters to cast electronic ballots in a major election that had both a Senate seat and the governorship up for grabs. There was no evidence of tampering during the first use of Alaska’s online voting system in 2012. But cybersecurity experts have gone on the record as saying that hackers could easily compromise or alter online voting results without being detected. Alaska’s own election site includes a disclaimer about votes cast through online voting or by fax. “When returning the ballot through the secure online voting solution, your are voluntarily waiving your right to a secret ballot and are assuming the risk that a faulty transmission may occur,” according to Alaska’s Division of Elections website. Alaskans can vote online by filling out an electronic ballot through a web-based interface, saving the file as a PDF and then transmitting the ballot to their county elections department. But cybersecurity experts told The Intercept that Alaska’s online voting system — developed by Scytl, a Spanish-based company — could be compromised by hackers from anywhere in the world. One expert’s team spent just a day to figure out how to remotely change the results on supposedly locked PDFs without being detected.Full Article: Alaska's Online Voting Leaves Cybersecurity Experts Worried - IEEE Spectrum.
Mozambique’s main opposition party Renamo on Thursday claimed victory in the country’s election, rejecting official tallies that appeared to show the ruling Frelimo party on course for a landslide victory. “We are not accepting the results of these elections,” party spokesman Antonio Muchanga said — a move that raises the spectre of post-election violence. “We can categorically say Renamo won these elections,” Muchanga told a news conference. With nearly a quarter of the polling stations reporting on Wednesday’s vote, Frelimo candidate Filipe Nyusi looked set to become the country’s new president, having garnered 63 percent of the vote. Initial tallies showed Renamo leader Afonso Dhlakama struggling to win 30 percent of the vote. But amid allegations of ballot tampering and election violence, Renamo — which fought a long civil war against formerly Marxist Frelimo — said the vote should be annulled.Full Article: Mozambique opposition Renamo rejects election results - Yahoo News.
Flaws found in the Brazilian electronic voting system could open up the possibility of fraud as more than 140 million people go to the polls in the general elections taking place on Sunday. E-voting was introduced in Brazil in 1996 as a means to ensure secrecy and accuracy of the election process, as well as speed: the system underpinned by about 530,000 voting machines currently in place enables results to be processed within a matter of minutes within closing of the ballots. However, a public test of the equipment conducted by security and encryption specialists from Unicamp and Universidade de Brasília, two of the top computer science universities in Brazil, suggests that it is possible to easily break the secrecy of the machine and unscramble the order of votes recorded by the device. “Brazilians unconditionally believe the [security of the] country’s electoral authority and processes. The issue is that common citizens actually have no other option because of the lack of independent checks,” says Unicamp professor and encryption specialist, Diego Aranha.Full Article: Fraud possible in Brazil's e-voting system | ZDNet.
A routine administrative move by the Election Commission of India, to shift electronic voting machines (EVMs) from Gujarat to Jammu and Kashmir for the Assembly polls there, has taken a surprise political turn. The controversy started with rumours that the EVMs had been “manufactured” in Gujarat and were programmed to ensure the BJP’s victory in the polls. Despite the EC clarifying that this was not true, and that the machines were only being moved for operational reasons, many in the Valley remain unconvinced. “We have to be doubly sure. The people of J&K are already asking why EVMs are being brought from Gujarat. An NGO created quite a stir by claiming that these machines could be tampered with,” J&K Congress president Saifuddin Soz told The Indian Express.Full Article: J&K parties spot another Gujarat factor: Protest to EC over EVMs ‘from that state’ | The Indian Express.
Bitcoin, the alternative to currency taking the Internet by storm, now may move to another mission. Some advocates want to translate the technology into online voting. Advocates promise a utopian voting scheme driven by smartphones and apps that can overcome all the inherent vulnerabilities to classic e-voting thanks to Bitcoin’s un-hackable code. But the reality is that total security and anonymity online is a virtual impossibility (pun intended) – and both are absolutely crucial to a fair and reliable election. Bitcoin might be the world’s first viable digital currency; it exists entirely in electronic form, and is regulated by a market of online buyers and sellers, rather than a nation and a central bank. As a currency, it is an intriguing experiment. As the foundation of a democratic election, it quickly loses its luster.Full Article: Bitcoin Voting and the Myth of the Un-Hackable Election.
Voting machine experts arrived in the Rio Grande Valley on Tuesday and began auditing machines used in the MArch 4 Democratic primary that unsuccessful candidates in that election say might have been tampered with. Three employees of Chicago-based Data Defenders set up laptops and organized some of the equipment from the previously impounded electronic voting machines at the Hidalgo County elections annex building shortly after a 9 a.m. meeting with Hidalgo County elections administration and District Attorney’s Office officials. The Data Defenders scheduled themselves to be in town collecting data for the rest of the week. Then they’ll return to their Chicago facilities for the “analysis part” of the process, said Murray Moore, an assistant district attorney overseeing a grand jury investigation into potential criminal conduct related to tampering with the machines. Moore said she hoped to have results from the analysis next month. “Think of it more like a DNA test, not like an autopsy,” she said, explaining that the process takes weeks instead of hours to complete. The data collection is open to the public, though only three media members and two members of the general public, including Sergio Muñoz Sr., sat in the observation area of the Hidalgo County elections annex to watch the process Tuesday morning.Full Article: Election machine analysts arrive in Hidalgo County - The Monitor: Local News.
Texas: Day before final election contest trial, Hidalgo County to hire voting machine expert | The Monitor
An investigation into criminal vote tampering took a step forward Tuesday as the Hidalgo County Commissioners Court approved a $110,000 appropriation for a grand jury to hire an election machine auditor. Commissioners approved the payment, which came from seized gambling funds at the District Attorney’s Office, to go toward a grand jury investigation. The grand jury is expected to hire a Chicago-based forensic analyst to investigate possible tampering with electronic voting machines used in the March 4 Democratic primary, said Murray Moore, a DA’s Office attorney supervising the case. The impact of the investigation on the six election challenges filed by unsuccessful primary candidates could be null. Some of the election contestants filed motions to have their trials delayed pending the grand jury-ordered analysis. But five cases have already been denied, and the sixth — that of Paul Vazaldua in the justice of the peace Precinct 2 Place 2 race — is set for trial Wednesday. “Basically, this is for the grand jury investigation only,” Moore said. The grand jury will hire Data Defenders, a Chicago-based election auditing firm, to conduct the analysis, Moore said. A man who answered the phone at the number listed on Data Defenders’ website declined comment Tuesday, saying he was too busy.Full Article: Day before final election contest trial, Hidalgo County to hire voting machine expert - The Monitor: Local News.
An Hidalgo County grand jury Thursday took a step toward investigating possible criminal tampering with voting machines in the recent Democratic primary, District Attorney Rene Guerra said. The grand jury signed an order to hire a forensic analyst to inspect the voting machines used during early voting in late February and Election Day on March 4. The order is “requesting that experts be hired to look at the machines and determine if they were properly functioning during the primary election,” Guerra said. “I think it’s necessary and I think we can do it real quick-like,” he added.Full Article: Hidalgo County grand jury to hire forensic analyst for voting machines - The Monitor: Local News.
The Hungarian Socialist Party (MSZP) has asked for a written guarantee that the software which will aggregate the results of next weekend’s election is safe from any outside tampering. According to HVG, party MP Ferenc Baja put forward the request on Wednesday, when the National Elections Office (NVI) gave a closed-door briefing on the functioning of the software. NVI director Ilona Pálffy promised to present the results of an audited test of the system on Tuesday. The portal also noted that the NVI had planned to hold a public demonstration of the software the previous Friday, which apparently failed to take place. Members of the opposition have repeatedly voiced concerns in recent weeks about the software, pointing out that under previous Socialist-Liberal (MSZP-SZDSZ) governments the was in place and subject to public demonstrations 90 days before elections.
Texas: Commissioners Court drops Hidalgo County voting machine investigation; DA’s probe to continue | The Monitor
Hidalgo County commissioners will have no more official involvement with an investigation into irregularities in voting machines, they decided Tuesday morning. Instead, they’ll leave the investigation in the hands of state District Court judges and the Hidalgo County District Attorney’s Office. DA Rene Guerra will continue a criminal investigation into possible tampering with electronic voting machines, starting with asking a grand jury to hire an expert to analyze the machines’ logs.“We’re going to present to a grand jury asking them to assume the jurisdiction of the machines through a proper court order so that they, the grand jurors, with the court’s assistance and disposition with proper orders, will be able to look into the allegations as to the election machines and help us hire an expert or two to investigate,” Guerra told reporters at the Hidalgo County Commissioners Court on Tuesday.Full Article: Commissioners Court drops voting machine investigation; DA's probe to continue - The Monitor: Local News.
A state District Court judge on Wednesday ordered the impounding of all voting machines used in the Hidalgo County Democratic primary this year. Voting machines and other materials used in the primary during early voting in late February and Election Day on March 4 were impounded Wednesday afternoon following an application the District Attorney’s Office filed in the morning in the 398th state District Court alleging possible criminal vote tampering. “Upon review of information received by the Hidalgo County District Attorney’s Office, regarding the forenamed election, criminal conduct may have occurred in connection with said election, therefore requiring impoundment of all the election returns, voted ballots, signature roster and other election records and equipment for an investigation and ultimately a determination of whether or not criminal conduct occurred,” the application states.Full Article: Voting machines seized; tampering investigation to follow - The Monitor: Local News.