For years, Barbara Simons was the loneliest of Cassandras—a technologist who feared what technology had wrought. Her cause was voting: Specifically, she believed that the electronic systems that had gained favor in the United States after the 2000 presidential election were shoddy, and eminently hackable. She spent years publishing opinion pieces in obscure journals with titles like Municipal World and sending hectoring letters to state officials, always written with the same clipped intensity. Simons, who is now 76, had been a pioneer in computer science at IBM Research at a time when few women not in the secretarial pool walked its halls. In her retirement, however, she was coming off as a crank. Fellow computer scientists might have heard her out, but to the public officials she needed to win over, the idea that software could be manipulated to rig elections remained a fringe preoccupation. Simons was not dissuaded. “They didn’t know what they were talking about and I did,” she told me. She wrote more articles, wrote a book, badgered policy makers, made “a pain of myself.” Though a liberal who had first examined voting systems under the Clinton administration, she did battle with the League of Women Voters (of which she is a member), the ACLU, and other progressive organizations that had endorsed paperless voting, largely on the grounds that electronic systems offered greater access to voters with disabilities.Full Article: The Computer Scientist Who Prefers Paper - The Atlantic.
America’s voting machines are a patchwork of systems spread across thousands of districts, with widely varying degrees of accountability. It’s a mess. One that the Department of Homeland Security has finally committed to helping clean up. This week, DHS chief Jeh Johnson held a call with state election officials to outline, very roughly, the kind of assistance that DHS will provide to help prevent cyber attacks in this fall’s elections. For now, details are vague, and whatever DHS plans to do will need to happen quickly; election day may be November 8, but in some states, early voting starts in just six weeks. That’s not enough time to solve all of America’s voting machine issues. Fortunately, there’s still plenty DHS can accomplish—assuming the districts that need the most help realize it. The problems with America’s electronic voting machines are extensive, but also easily summarized: Many of them are old computers, and old computers are more vulnerable to disruptions both purposeful (malware) and benign (bugs).Full Article: Voting Machines Are a Mess—But the Feds Have a (Kinda) Plan | WIRED.
National: These States Are At the Greatest Risk of Having Their Voting Process Hacked | MIT Technology Review
The recent cyberattack on the Democratic National Committee has raised the specter of an Internet-based assault on the democratic process in the U.S., and has led computer security experts to call on the federal government to do more to protect the voting process from hackers.Since national elections involve some 9,000 separate jurisdictions, and they use a variety of technologies, the problem at first appears to be hopelessly complex. But there is a simple way to manage the risk of cybercrime: keep voting off the Internet. … Congress passed a law in 2009 that made it mandatory for states to electronically deliver blank ballots to voters in the military and overseas. But it said nothing about the electronic return of completed ballots. The authors of the legislation “knew there were unsolved security issues,” says Pamela Smith, president of Verified Voting, a group that advocates for the accuracy and transparency of elections. But if the law had gone so far as to issue a blanket restriction on online voting, it may not have passed. Instead, the door remained open for more states to begin offering voters the option to return their completed ballots using the Internet.Full Article: These States Are At the Greatest Risk of Having Their Voting Process Hacked.
National: Trump Says the Election Will Be Rigged. In These States, It May Be Impossible to Prove Him Wrong. | Mother Jones
With growing evidence that Russia is meddling in the US presidential election—allegedly by hacking the Democratic National Committee and releasing embarrassing emails—the concern that somebody might try to hack voting machines no longer seems outlandish. And as many as one-fifth of all votes cast in the November election could be particularly vulnerable to interference. … Concerns about the vulnerability of the country’s voting infrastructure are mounting just as Republican nominee Donald Trump has begun talking about howthe election might be rigged against him. The absence of a paper trail on millions of ballots in swing states could give Trump plenty of ammunition for his conspiratorial allegations—and make them virtually impossible to disprove. “You really want to have a baseline of evidence that you can use to demonstrate that the outcome [of an election] was correct,” says Pamela Smith, president of Verified Voting, which pushes for accurate, transparent, and verifiable elections. “The DNC hack takes this idea out of the realm of the theoretical and into the ‘Oh, this could actually happen.'”Full Article: Trump Says the Election Will Be Rigged. In These States, It May Be Impossible to Prove Him Wrong. | Mother Jones.
A majority of U.S. states are planning to conduct their November elections using electronic machines with technology invented when cybersecurity threats did not loom as quite as large as they do now. It seems like an election crisis waiting to happen. But, despite recent hacks of Democratic Party data– and suspicions of Russian government involvement—a widespread attack on electronic voting machines is unlikely, according to people familiar with existing systems. Still, states and Congress should move to upgrade and protect a legion of outdated machines from isolated attacks, they say. … There’s no evidence that a voting machine has been hacked during an election, said Joseph Lorenzo Hall, chief technologist for the Center for Democracy and Technology, who specializes in voting technology. Although that doesn’t mean a hack couldn’t happen, the wide variety of machines and methods used to vote from precinct to precinct would require an army of people within U.S. borders trying to tamper with machines on a local level, Hall said. “A widespread effect is highly unlikely because the resources required would be very large,” Hall said. “There are attacks you can accomplish from afar for an internet voting system that aren’t possible with the system we have now.” Hall said that doesn’t mean that small-scale electronic voting hacks aren’t a concern. Outdated voting machines are “horrifically insecure,” he said.Full Article: Widespread Hack of U.S. Voting Machines ‘Highly Unlikely' | Bloomberg BNA.
National: Will the US elections be hacked? It’s doubtful, but machines could be ‘rigged’ | The Guardian
It’s been a topic of debate ever since hackers – presumably working for Russia – stole thousands of private emails from the Democratic National Committee and leaked them on the net. Could a nation state or other adversary hack our elections and determine the next president of the United States? The answer depends on how they try to go about it, says Avi Rubin, computer science professor at Johns Hopkins University and technical director of the university’s Information Security Institute. Election hacking is highly unlikely, he says. Attackers reaching into the ballot box from thousands of miles away won’t happen, simply because the vast majority of election machines are not connected to the internet. Some 31 states offer voting via internet, email, or fax, but nearly all only allow it as an option for military families and Americans living overseas – a very small percentage of the electorate. Only Alaska allows any voter to cast a ballot across the net, according to Verified Voting. But election rigging is a potential threat, says Rubin. That’s where adversaries attack the electronic voting machines themselves, altering the software inside the machines to favor one candidate. “There are a thousand points of vulnerability,” says Rubin. “Anyone with access to the machines at any stage could attack them.”Full Article: Will the US elections be hacked? It's doubtful, but machines could be 'rigged' | Technology | The Guardian.
America’s election is at risk of being stolen: That, in essence, is what some news reports, as well as Republican presidential nominee Donald Trump and his allies, have been suggesting lately. … Election integrity and cybersecurity experts say there are real security vulnerabilities in America’s election system—or, more accurately, systems, as there are more than 9,000 separate state and local jurisdictions that conduct elections around the country. A number of states and municipalities continue to use insecure electronic and/or online voting technologies, despite years of warnings that these systems have bugs and poor security. It’s also true that a motivated individual could, in theory, go to the polls and pretend he or she is someone else, or lie on an absentee ballot. There are, however, two important caveats. One: Evidence of outright voter fraud of the sort Trump is warning about is extremely rare. Two: Even if a malevolent actor did succeed in meddling with an election—either by hacking into an electronic system or via lower-tech identity fraud—that doesn’t mean he or she could affect the outcome. Doing so would be extremely difficult in large part because of how fragmented the U.S. voting system is. … Pam Smith, president of Verified Voting, a nonprofit group that advocates for accurate and fair elections, says Ohio and Florida, in particular, have “been making all the moves in the right direction” after grappling with major voting crises last decade. Many counties in Ohio still use electronic voting machines, which provide the potential for hacking. But they require physical paper records of voters’ ballots, known as voter verifiable paper audit trails, which allow voters to confirm their votes were recorded correctly and also allow election officials to audit the vote tallies.Full Article: Could the Presidential Election Be Stolen?.
This week, GOP presidential candidate Donald Trump openly speculated that this election would be “rigged.” Last month, Russia decided to take an active role in our election. There’s no basis for questioning the results of a vote that’s still months away. But the interference and aspersions do merit a fresh look at the woeful state of our outdated, insecure electronic voting machines. We’ve previously discussed the sad state of electronic voting machines in America, but it’s worth a closer look as we approach election day itself, and within the context of increased cyber-hostilities between the US and Russia. Besides, by now states have had plenty of warning since a damning report by the Brennan Center for Justice about our voting machine vulnerabilities came out last September. Surely matters must have improved since then. Well, not exactly. In fact, not really at all. … So electronic voting machines aren’t ideal. The good news is, it’s entirely possible to mitigate any potential harm they might cause, either by malice or mistake. First, it’s important to realize that electronic voting machines aren’t as commonplace as one might assume. Three-quarters of the country will vote on a paper ballot this fall, says Pamela Smith, president of Verified Voting, a group that promotes best practices at the polls. Only five states—Delaware, Georgia, Louisiana, South Carolina, and New Jersey—use “direct recording electronic” (DRE) machines exclusively. But lots of other states use electronic machines in some capacity. Verified Voting also has a handy map of who votes using what equipment, which lets you drill down both to specific counties and machine brands, so you can see what’s in use at your polling station.Full Article: America’s Electronic Voting Machines Are Sitting Ducks | WIRED.
Stealing and leaking emails from the Democratic National Committee could be just the start. Hacking the presidential election itself could be next, a bipartisan group of former intelligence and security officials recently warned. Whomever was behind the DNC hack also could target voting machines and the systems for tabulating votes, which are dangerously insecure. “Election officials at every level of government should take this lesson to heart: our electoral process could be a target for reckless foreign governments and terrorist groups,” wrote 31 members of the Aspen Institute Homeland Security Group, which includes a former director of the Central Intelligence Agency and a former secretary of Homeland Security. That echoes warnings computer security experts have been sounding for more than a decade: that the system for casting and counting votes in this country is also ripe for mischief. … Thirty-one states and the District of Columbia allow military personnel and overseas voters to return their ballots electronically, according to Verified Voting, a non-profit group that advocates transparency and security in U.S. elections. “The election official on the receiving end has no way to know if the voted ballot she received matches the one the voter originally sent,” the group warns. Some ballots are sent through online portals, which exposes the voting system to the internet. And that’s one of the most dangerous things elections officials can do, because it provides a remote point of access for hackers into the election system.Full Article: How Hackers Could Destroy Election Day - The Daily Beast.
The furor over the cyberattacks injecting turmoil into Hillary Clinton’s presidential campaign obscures a more pervasive danger to the U.S. political process: Much of it has only lax security against hackers, with few if any federal cops on the beat. No one regulator is responsible for requiring campaigns, political operations and state and local agencies to protect the sanctity of the voter rolls, voters’ personal data, donors’ financial information or even the election outcomes themselves. And as the Democrats saw in Philadelphia this past week, the result can be chaos. The most extreme danger, of course, is that cyber intruders could hack the voting machinery to pick winners and losers. But even less-ambitious exploits could sway the results in a close election — anything from tampering with parties’ volunteer schedules and get-out-the-vote operations to deleting the registrations of frequent voters or knocking registration databases offline. Cyber scams aimed at campaign donors’ financial data, such as a just-disclosed hack aimed at the Democratic Congressional Campaign Committee, could deter future contributors by making them fear identity theft. Or, as happened this past week to the Democratic National Committee, online thieves could get hold of a political operation’s embarrassing internal emails, creating headaches for a presidential candidate just before she accepts her party’s nomination.Full Article: Hacker threat extends beyond parties - POLITICO.
Did Republican nominee Donald Trump just ask Russian strongman Vladimir Putin to cast the deciding vote in the US presidential election? On Wednesday morning, Trump said he hoped Russia would find and publish 30,000 e-mail messages deleted by his Democratic rival, Hillary Clinton, from the personal server she used as secretary of state. It was a startling spectacle: a presidential candidate urging a foreign government to play a role in America’s game of thrones. But there’s a chance Putin is already a player. The trove of embarrassing e-mails stolen from the Democratic National Committee, which were leaked to the press just in time for this week’s party convention in Philadelphia, were probably swiped by Russian hackers, according to US intelligence officials and independent cybersecurity companies. Russia’s apparent election tampering — and Trump’s call for the Russians to expose Clinton’s deleted e-mails — shows that the insecurity of America’s data networks could undermine our ability to hold free and fair elections. But if the Russian president would go this far to pick our next president, why not take the direct approach? Why not tamper with the computers that manage the nation’s voting systems? Maybe that has already happened. Those voting systems are certainly vulnerable.Full Article: Trump, Putin and the hacking of an American election - The Boston Globe.
Nearly two-thirds (64 percent) of registered voters believe the 2016 presidential campaign will be compromised by a cyber breach in some way, according to a poll conducted by data security firm PKWARE and Wakefield Research. Their concerns are not unwarranted; at a time when breaches and data theft make headlines on a regular basis, much of the voting process remains unprotected. “There is a lot of vulnerability in paperless voting systems, whether they are direct reporting electronic machines, or email return ballots,” said Pamela Smith, president of Verified Voting, a nonprofit organization that advocates for accuracy, transparency and verifiability of elections. Most polling places use paper ballots that are tabulated by a scanner. Even if the scanner goes haywire, there is a paper record of voters’ intent and officials can take a manual count. In fully paperless systems, no such backup exists. “In a situation like that, there’s no way to demonstrate that the software is working properly. If something seems amiss or there is an unexpected outcome, you really wouldn’t have a way to go back and correct it because you don’t have an independent record of voter intent,” Smith said. Electronic systems, then, offer a prime target for hackers looking to influence elections.Full Article: Risk & Insurance.
National: More than 30 states offer online voting, but experts warn it isn’t secure | The Washington Post
The popularity of voting online is growing and will be in place for the presidential election in more than 30 states, primarily for voters living overseas or serving in the military. But security experts and some senior Obama administration officials fear there is not enough protection for any ballots transmitted over the Internet. They are warning states that any kind of online voting is not yet secure and most likely will not be for years to come. “We believe that online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results,” Neil Jenkins, an official in the Office of Cybersecurity and Communications at the Department of Homeland Security, said at a conference of the Election Verification Network this spring. … Pamela Smith, president of Verified Voting, a nonprofit organization that advocates for legislation and regulation to promote accuracy, transparency and verifiability of elections, said that at first blush, online voting seems like a good idea to many people. “Sometimes jurisdictions that are adapting something like this spin it as ‘this is very 21st century, this is the modernization of elections,” Smith said. “But it’s one of those cases where tried and true technology actually works best for elections. Paper ballots have many advantages. When something is online, you don’t have that physical record of voter intent.”Full Article: More than 30 states offer online voting, but experts warn it isn’t secure - The Washington Post.
In what is expected to be one of the biggest online votes conducted so far in the U.S., Utah residents will have the option of casting ballots in the Republican presidential contest using computers, tablets and smartphones next week. In-person caucuses and absentee voting also will remain options for GOP voters in the March 22 contest. Democrats aren’t offering an online option. It is the largest experiment with online presidential voting since 2004, when Michigan allowed Democrats to vote in a party caucus via the Internet. Estonia has had online voting in national elections since 2005, while Norway, France, Canada and Australia have experimented with it. … Although trials, pilots and experiments in online voting have been conducted over the past 20 years, it has been slow to be adopted—in part over security concerns about election integrity. “It’s the internet. It was not built for security when it was built. It was built for open communications,” said Pamela Smith, president of the nonpartisan nonprofit Verified Voting, which advocates for secure, verifiable elections and voting standards.Full Article: Utah Republicans Open Caucuses to Online Voters - WSJ.
This year, as Americans select the next president, the entire U.S. House of Representatives and a third of the Senate, as well as an array of state and local officials, many voters will cast ballots on a generation of electronic voting machines that is nearing extinction. Most of the machines, adopted by local governments after “hanging chads” left the 2000 presidential election in the balance for weeks, are at least a decade old. And they create a perilous situation: an equipment breakdown on Election Day could mean long lines, potentially leaving some people unable to vote. But replacing the old machines with newer models is costly. The latest computerized machines typically cost between $2,500 and $3,000 each, and election boards should budget for one machine per 250 to 300 registered voters, according to the National Conference of State Legislatures (NCSL). That high cost is just one reason the computerized machines, which record ballots via a touch-screen, push-button or dial mechanism, have been falling out of favor with cash-strapped local governments. Some elections officials and lawmakers also worry the machines could be hacked and lead to voter fraud.Full Article: Aging Voting Machines Cost Local, State Governments.
Three ballot initiatives have been proposed in California to require the state to allow online voting, but security experts and some voting officials say the technology is nowhere near secure enough for something so crucial as the democratic process. “When people stop me in the supermarket and ask, ‘When am I going to be able to vote on my cell phone?’ I say ‘Pretty soon—in about 20 years,’” said Dana DeBeauvoir, the county clerk for Travis County, Texas. She was one of three speakers Wednesday in a session on online voting and security issues at Enigma 2016, a computer security conference held in San Francisco. So much of daily life now happens online, including shopping, banking, communication, that voters naturally wonder why voting can’t too, said J. Alex Halderman, a professor of computer science at the University of Michigan in Ann Arbor, Mich. who researches voting and security. However, the ongoing litany of breaches, hacks and crashes in those realms are an object lesson in why voting shouldn’t happen there. It’s just too important, he said. “Imagine the incentives of a rival country to come in and change the outcome of a vote for national leadership. Elections require correct outcomes and true ballot secrecy,” Halderman said.Full Article: Internet voting is just too hackable, say security experts.
Editorials: Online Voting Is the Future — And It Could Lead to Absolute Disaster | Jack Smith IV/Mic
This year, we’re going to choose a new president. We’ll debate with disgruntled friends on Facebook, monitor every debate on Twitter and use Google to find polling places. And then, those of us who are willing to make the trek will drive, walk, carpool or take trains to small outposts in order to vote. It’s 2016. Why don’t we have an app on our smartphones that allows us to vote remotely and instantly? … What’s holding back online voting? In short, security risks. If we’ve learned anything from the past few years of cybersecurity scandals — like the Office of Personnel Management hack, the Sony Pictures Entertainment fiascoor the Ashley Madison breach — it’s that no digital system can be proven to be totally safe. There’s a common refrain that digital voting experts are tired of hearing: “If I can bank online, why can’t I vote online?” If the internet is safe enough to store our money, shop, file our taxes and perform other sensitive tasks, why can’t it be used to vote? The truth is, we don’t bank or shop safely online. Major retailers and banking systems deal with hacking, fraudulent charges and identity theft every day. Companies like Amazon are used to a small percentage of transactions being fraudulent. And when fraud occurs in a financial transaction, those problems can be fixed after the fact.Full Article: Online Voting Is the Future — And It Could Lead to Absolute Disaster.
Votes being registered for the wrong candidate. Voting machines running out of memory. Election officials searching eBay for outdated notebook computers. These are just a few of the nightmarish scenarios state and local officials face as the country’s voting machines age and break down. A recent report by the Brennan Center for Justice at New York University School of Law found that the expected lifespan of core components in electronic voting machines purchased since 2000 is between 10 and 20 years, and for most systems it is probably closer to 10 than 20. Experts surveyed by the Brennan Center agree that the majority of machines in use today are either “perilously close to or exceed these estimates.” …Pamela Smith, president of Verified Voting, a nonpartisan organization that studies voting systems, says the bottom line with election technology is “you want to be able to serve the voter. And you want something that doesn’t just give the voter a good feeling when they use it, but is robustly reliable. So at the end of the day, the voter needs to know that their votes were captured the way they intended.”Full Article: Outdated Voting Machine Technology Poses Security and Election Risks | StateTech Magazine.
Electoral fraud has been pervasive in Nigeria since it returned to civilian rule in 1999. This year, to prevent tampering with ballots on the way to the capital, poll workers nationwide used technology from a Spanish software maker called Scytl to scan the tallies and transmit them electronically. Despite predictions of violence, voters elected an opposition candidate—removing an incumbent from office for the first time—in a process Human Rights Watch described as “mostly peaceful.” Governments in 42 countries are using software from Scytl (rhymes with “title”) to bring elements of their elections online, from registering voters to consolidating results. “If you look at the way elections are being run in most countries, it’s still the same way they used to be run 50 years ago,” says Chief Executive Officer Pere Vallès. Using Scytl’s technology, he says, a country can more easily stop fraud and announce winners “in a few hours instead of a few days.” … Many election watchdogs say software isn’t yet secure enough to be trusted, and they’re concerned that Scytl and its competitors haven’t developed a way for third parties to independently verify results. “Murphy’s Law says something is going to go wrong in pretty much every election,” says Pamela Smith, the president of election watchdog Verified Voting in Carlsbad, Calif. “Transmitting actual votes is too high-risk for using online technology.” No current online system has “the level of security and transparency needed for mainstream elections,” according to a July report prepared for the U.S. Vote Foundation, a nonprofit that advocates for expanded absentee voting.Full Article: Voting From the Privacy of Your Couch - Bloomberg Business.
In just under a year, Americans will head to the polls to cast their ballots: Democrat or Republican? Carson or Clinton, perhaps Sanders or Trump? But even 12 months out, political and tech experts are starting to worry that current voting technology won’t be able to keep up with citizen demand. Worst case? A repeat of the 2000 election debacle in Florida, which is still under investigation today. Best case? The country gets on board with at least some electoral advancements to help safeguard the process. What options are available to current voters looking to cast their ballot in the upcoming election? USA.gov’s “Voting and Registering to Vote” page provides the basics: Citizens can turn up in person at their local polling station with applicable ID, or if they’re away from home, they may vote using a mail-in absentee ballot. Making the process more complicated is the fact that citizens must register to vote in federal elections at the state level, and all states have their own registration methods in place. For example, 23 states allow voters to register online, while others only accept a hard copy of the National Mail Voter Registration Form. But there’s a twist: Certain states like North Dakota and Wyoming, along with territories such as American Samoa, Guam and Puerto Rico, don’t accept the National Mail Voter Registration Form, meaning citizens must register in person at specific government offices.Full Article: Old Voting Tech Puts 2016 Election at Risk — Time for a Veto?.