Verified Voting in the News: California Assembly committee passes Internet voting bill with secret amendments | Kim Alexander’s Weblog

Last Tuesday at the California Assembly Elections committee hearing,AB 19 by Assemblyman Phil Ting (D-San Francisco) was heard and passed on a 4-3 vote. If enacted, the bill would create a California online voting pilot program. Over the weekend, while cleaning out some old papers, I had deja vu moment when I came across a December 4, 2000 news release issued by then-Assembly Majority Leader Kevin Shelley announcing the introduction of AB 55, which among other things, as originally introduced would have established an online voting pilot program under the direction of the Secretary of State. That provision was ultimately amended out, and Mr. Shelley would go on to become the Secretary of State of California and one of the nation’s first political leaders to support a voter verified paper audit trail and mandatory election recounts.

National: First-ever cyberattack on US election points to broad vulnerabilities | CSMonitor.com

Over a 2-1/2 week period last July, more than 2,500 online “phantom requests” for absentee ballots were made to Miami-Dade County election headquarters, marking the first known cyberattack on a US election. The fake requests for ballots targeted the Aug. 14 statewide primary and included requests for Democratic ballots in one congressional district and Republican ballots in two state House districts, according to a recent Miami Herald report. The fake requests were done so clumsily that they were red-flagged and did not foul up the election. In any case, they would not have been enough to change the outcome. But now confirmed as the first cyberattack aimed at election fraud, the incident is further evidence that the vote-counting process is vulnerable, particularly as elections become more reliant on the Internet. “This is significant because it’s the first time we’ve seen a very well documented case of attempted computer election fraud in the US,” says J. Alex Halderman, a cybersecurity researcher at the University of Michigan who focuses on election-system vulnerabilities. “This should be a real wakeup call because it illustrates the sort of computer voting attacks that many scientists have been warning were possible for years.”

National: Cyberattack on Florida election is first known case in US, experts say | NBC

An attempt to illegally obtain absentee ballots in Florida last year is the first known case in the U.S. of a cyberattack against an online election system, according to computer scientists and lawyers working to safeguard voting security. The case involved more than 2,500 “phantom requests” for absentee ballots, apparently sent to the Miami-Dade County elections website using a computer program, according to a grand jury report on problems in the Aug. 14 primary election. It is not clear whether the bogus requests were an attempt to influence a specific race, test the system or simply interfere with the voting. Because of the enormous number of requests – and the fact that most were sent from a small number of computer IP addresses in Ireland, England, India and other overseas locations – software used by the county flagged them and elections workers rejected them. Computer experts say the case exposes the danger of putting states’ voting systems online – whether that’s allowing voters to register or actually vote. “It’s the first documented attack I know of on an online U.S. election-related system that’s not (involving) a mock election,” said David Jefferson, a computer scientist at Lawrence Livermore National Laboratory who is on the board of directors of the Verified Voting Foundation and the California Voter Foundation.

National: U.S. Election Assistance Commission and NIST trumpet innovation in voting technology | California Forward

Last week, the National Institute of Standards and Technology (NIST) and the U.S. Election Assistance Commission hosted a Future of Voting Systems Symposium. The three-day meeting outside of Washington, DC was designed to look at the latest developments in the field of voting technology and assess how such developments mesh with the current federal structure for testing and certification. The takeaway from the meeting was sobering and exciting; while it is increasingly clear that existing testing and certification requirements aren’t working, there is a burst of creativity underway by election officials, technologists and other stakeholders in the effort to design a different and better approach.

California: Path toward online voting stymied by fear of hacking | California Forward

While we can do just about everything on the Internet these days, like buy groceries, pay bills, and most importantly, waste hours watching cat videos, we can’t yet cast a ballot online. But the idea of e-Voting, as it’s called, isn’t so far-fetched. Eight years ago the small Baltic country of Estonia became the first country in the world to allow voters to cast ballots over the Internet, and it has actually worked rather well. After the successful launch of online voter registration last year, which allowed roughly 600,000 Californians to register online in the final 45 days before the 2012 election, electronic voting would seem like the logical next step. Furthermore, it’s reasonable to believe that California, home to Silicon Valley and birthplace of the Internet revolution, would lead the charge toward cyberspace voting. Don’t rush out and buy an iPad just yet; it’s unlikely that you’ll be voting for president, governor, or mayor on one anytime soon. In fact, voting security experts like Pamela Smith, president of Verified Voting Foundation, a nonpartisan nonprofit dedicated to safeguarding elections in the digital age, hope to slow any expansion to Internet voting, for now anyway. Smith warns that online voting is a “dangerous idea” as there is currently no way to guarantee the security, integrity, and privacy of ballots cast over the Internet.

National: Could Online Oscar Voting Lead to Online Public Elections? | Government Technology

If online voting is good enough for the Oscars, why isn’t it good enough for public elections? A panel of experts assembled on Feb. 14 to consider whether the Academy of Motion Picture Arts and Sciences’ decision to capture votes online for this year’s Oscars means that technology has matured to the point where public elections can be held online. According to an article in The Hollywood Reporter, voting to determine who would receive a nomination for an Academy Award began Dec. 17 and ended Jan. 3. While a majority of Academy members registered to take advantage of the online voting option, the process was not without its snags. Many confessed to password trouble, while others worried about hackers jeopardizing voter intent. … David Jefferson, a computer scientist at Lawrence Livermore National Laboratory and chairman of the board for the nonprofit Verified Voting, outlined several major differences between private elections, like those conducted for the Academy Awards, and public elections. Public elections, Jefferson said, inherently have much higher standards for security, privacy and transparency. “Just because this works for private elections or is useful for private elections, we don’t want people thinking … it is appropriate for public elections.”

Verified Voting in the News: Internet voting, the third-rail of elections | electionlineWeekly

There are no two words that get elections officials, scholars, vendors and geeks more riled up than Internet voting. The emotions on both sides often run so high that at times it can seem almost impossible to even have a conversation about the concept of casting a ballot online. But with concerns about long lines on Election Day, with the U.S. Postal Service cutting services, and elections officials concerned about getting ballots to voters overseas or in times of emergency, is it possible to discuss the possibilities? “Is there anything not controversial related to voting?  If voting machines had to go through acceptance that Internet voting is facing, they wouldn’t have been rolled out,” said Brian Newby, Johnson County, Kan. election commissioner. “The movement has pretty successfully been slowed by emotion and in particular, emotion masquerading as fact.” According to Newby, beyond the technological issues, there are some who are very impassioned because it takes away the spirit of community that comes with voting. “I respect that opposition because at least they are saying they don’t like Internet voting because of the way they feel. That’s an emotional argument that’s fair because it’s called out from the beginning as being emotional. Newby acknowledged that it is a difficult conversation, in part, because the country is no closer to Internet voting in the United States, really, than it was five or 10 years ago. “Discussion has been successfully stonewalled, so why fight with success?” Newby said. ”The best argument that could be made would be that there is a growing use of Internet voting options for military and overseas voters, but even those options have been much more evolutionary than revolutionary.”

National: Online voting: Safe for Oscars, but not yet for elections? | TechHive

For the first time ever, this year’s Oscar winners were selected online. The Academy of Motion Picture Arts and Sciences decided to let its members vote online, but cybersecurity and elections experts say that casting Internet ballots in public elections is still a long way off. Even picking Best Picture winners led to serious snafus. The voting deadline for the Oscars was extended in early January after some members had issues with account registration (password requests were answered by snail mail rather than email). But in public elections, deadlines can’t be extended. A group of cybersecurity and elections experts last week reiterated the dangers of modeling public elections after private ones. Companies who design online voting systems for award shows or corporate shareholder meetings may suggest these systems can also be used in congressional or presidential races. Those claims should be met with skepticism, said computer scientist David Jefferson, chairman of the nonprofit Verified Voting Foundation. “There are major differences between private and public elections: the degree of security required, the degree of privacy required, the degree of transparency required,” Jefferson said in a telephone press conference Thursday. “In a public election we’re talking about a national security situation.”

National: Computer security experts and advocates: Internet voting poses risk | Politico.com

Just because online voting is possible, doesn’t mean the U.S. government should try it for national elections any time soon. That’s the message computer security experts and advocates for voting rights are trying to get across to American voters. David Jefferson, a Lawrence Livermore computer scientist, said Thursday that hosting a national election online poses a national security threat. Jefferson was part of a press conference hosted by Common Cause, a transparency advocacy organization. He pointed out three fundamental areas of attack by hackers or viruses, with no immediate solutions for online voting. “Client side” attacks would trigger malicious software in a voter’s computer or smartphone itself. “Server side” attacks could bring down the servers that would collect and count the votes and the “denial of service” attacks could actually prevent people from voting and take the server down. “There is no fundamental solution to any of these categories of problems, and at least for the client or server side, anyone in the world can initiate such an attack. It can be completely undetectable so the outcome would be wrong and no one would know about it,” said Jefferson, who serves on the board of the Verified Voting Foundation and California Voter Foundation. Even if a faulty outcome is discovered, he added, there would be no way to correct it as there would be no audit trail to “recount.”

Ohio: Defiance County, Ohio at center of elections ‘Scandal’ | electionlineWeekly

It was about 48 hours after the polls closed on November 6, 2012 when Defiance County, Ohio Elections Director Pamela S. Schroder got the late-night text on her phone from another Ohio county elections official. It’s the type of message no elections official wants to get. There was talk on television of vote rigging in Defiance County. Schroder looked at the text on her phone and thought “Why us?” Fortunately for Schroder, while the text was real, the talk wasn’t. It is part of a story line on the ABC drama Scandal. Scandal is a primetime drama on ABC starring Kerry Washington as public relations “fixer” in Washington, D.C.

Kentucky: Military voting proposal raises fraud concerns in Kentucky | The Courier-Journal

Secretary of State Alison Lundergan Grimes’ proposal to make it easier for members of the military to vote has been hailed by legislators of both parties and even given the honorific designation as Senate Bill 1 for this year’s legislative session. But the proposal drew opposition Wednesday from groups that say a key provision allowing electronic voting from overseas makes votes vulnerable to fraud. “We agree with almost all of the recommendations,” Richard Beliles, chairman of Common Cause of Kentucky, said in a letter he delivered to Grimes’ office Wednesday. “However, we strongly recommend against allowing ballots to be cast online via email, efax, or through Internet portals.” The letter, also endorsed by an official of a California-based public interest group called Verified Voting Foundation, argues, “Online voting presents a direct threat to the integrity of elections in Kentucky because it is not sufficiently secure against fraud or malfunction. Cyber security experts with the Department of Homeland Security have publicly warned against Internet voting.”

Georgia: Voting flaws in Fulton County | Hank Johnson/Atlanta Journal Constitution

Reports of serious errors occurring Election Day in electronic-voting machines in Fulton County demonstrate the urgency of passing legislation to verify the accuracy of our voting systems. Georgia Secretary of State Brian Kemp called Fulton County’s election administration a “debacle,” noting that this is yet another example of “the constant and systemic nature of election failures in Fulton County.” During this summer’s primary elections, several Fulton County precincts also reported a substantial disparity between registered voters and ballots. Voting-machine errors resulted in voter turnouts that exceeded 100 percent in some precincts. This figure is astronomical when compared to the statewide turnout that averaged between 10 and 20 percent. But one precinct had an impossible turnout of 23,300 percent. These kinds of problems with voting machines are precisely why I introduced H.R. 6246, the Verifying Official Totals for Elections (VOTE) Act. Not only does it improve our confidence in election data through transparency and accountability, more importantly, it assures accuracy.

National: How Faulty and Outdated E-Voting Machines Contributed to Voter Lines and Frustration | ABC News

“By the way, we have to fix that,” President Obama said in his acceptance speech last night. No, he wasn’t referring to a specific economic, social or policy issue. He was referring to the issue of voting lines. Long, long voting lines. Across the nation yesterday, and then subsequently across Twitter and Facebook, U.S. citizens shared frustrations, photos and information about voting lines. The images of the long queues were a dime a dozen, especially when you looked at the #stayinline hashtag on Twitter. People in states like Florida and Ohio waited up to seven hours. In other states, there were shorter, though still-frustrating two- to three-hour waits. Some experts place the blame on high turnout, but many will tell you the culprit is technology – failed and faulty e-voting machine. Gone are the days of pulling the lever. Instead now there are two main voting systems: optical scan paper ballot systems and direct recording electronic systems (DREs). Very few jurisdictions still rely on punch cards and hand-counted paper ballots.

National: Voting-machine glitches: How bad was it on Election Day around the country? | CSMonitor.com

Electronic voting-machine jams, breakdowns, and glitches were strewn across the Election Night landscape, creating long lines when machines simply broke down. In at least one case, a viral YouTube video purported to show a Pennsylvania machine “flipping” a vote cast for President Obama into a vote for Mitt Romney. Vote flipping occurs when an e-voting touch-screen machine is not properly calibrated, so that a vote for Romney or Obama is flipped to the other candidate. While the Pennsylvania glitch was reported and the machine reportedly taken out of service and quickly recalibrated, other flipping was reported by news media accounts in Nevada, Texas, North Carolina, and Ohio.

National: Pentagon unit pushed email voting for troops despite security concerns | McClatchy

As Election Day approaches, county clerks’ offices in 31 states are accepting tens of thousands of electronic absentee ballots from U.S. soldiers and overseas civilians, despite years of warnings from cyber experts that Internet voting is easy prey for hackers. Some of the states made their techno leaps even after word spread of an October 2010 test of an Internet voting product in the nation’s capital, in which a team of University of Michigan computer scientists quickly penetrated the system and directed it to play the school’s fight song. The Michigan team reported that hackers from China and Iran also were on the verge of breaking in. Election watchdogs, distraught over what they fear is a premature plunge into an era of Internet voting, lay most of the blame on an obscure Defense Department unit that beckoned state officials for 20 years, in letters, legislative testimony and at conferences, to consider email voting for more than 1 million troops and civilians living abroad.

National: Scattered e-voting issues as Barack Obama wins re-election | Computerworld

U.S. President Barack Obama won re-election Tuesday night, topping 270 electoral votes to defeat Republican challenger Mitt Romney just after 11 p.m. yesterday. Romney held a small lead in the battleground state of Virginia, but most election observers said he had to win both Florida and Ohio, as well as Virginia, to beat Obama. Just after 11 p.m., Ohio was called for Obama and those electoral votes effectively sealed the election’s outcome. Obama also held a slim lead in Florida. The Republican Party was projected to retain control of the U.S. House of Representatives, according to CNN and other news reports, but it appeared that Democrats will remain a slim majority in the Senate.

National: Electronic voting and the security of a paper trail | Marketplace.org

On this election day, I’ll be looking at a map. Not of swing states that could go red or blue, but a map measuring states’ voting technology, and which have the best and the worst chances of messing up the count. For instance, Wisconsin: Good. Georgia: Not so good at making sure votes are recorded in a way that can be audited or recounted if needed. David Dill is a computer science professor at Stanford, and he’s been paying close attention to electronic voting issues and security for years. Dill’s been watching a few states in particular.

Pennsylvania: Voting machine glitch: selects Romney when voter touches Obama | Slate

Reddit, Twitter, cable news, and the universe at large have been figuratively blowing up today over a YouTube video that appears to show a Pennsylvania voter attempting to select “Barack Obama” on a voting machine and watching in alarm as the machine selects “Mitt Romney” instead. The video is embedded below. The good news is that it’s unlikely this is an indication that anyone, man or machine, is trying to systematically steal the election. That’s partly because these sorts of glitches are actually not that uncommon on voting machines. Which I suppose is also sort of the bad news. I spoke with David Dill, a computer science professor at Stanford and founder of the nonprofit watchdog group Verified Voting, to get his take on the apparent glitch. Dill told me it looks like a classic case of “vote-flipping,” a problem that has cropped up sporadically in U.S. elections since the dawn of voting machines.

National: Voting machines remain a worry in US election | AFP

Few want to even think about it, but the 2012 US election result could be clouded by problems with voting machines … again. Twelve years after the Florida punch card debacle in which thousands of votes went uncounted in the crucial state, some experts cite similar concerns about voting technology. “I’m not sure we’ve made forward progress since 2000,” said Douglas Jones, a University of Iowa computer scientist and co-author of a book published this year, “Broken Ballots.” “We’ve put a tremendous effort into changing the voting systems, but in many cases we’ve discarded systems too quickly and replaced them with systems that we haven’t examined enough.”

New Jersey: Email vote rule raises storm of protest | phys.org

Citizens of New Jersey’s Ocean County vote at the Ocean County Administration building in Toms River in a special early mail voting arrangement. New Jersey’s decision to allow voters displaced by superstorm Sandy to cast ballots by email has prompted a flood of warnings over security, secrecy and a potential for legal entanglements. New Jersey’s decision to allow voters displaced by superstorm Sandy to cast ballots by email has prompted a flood of warnings over security, secrecy and a potential for legal entanglements. State officials in New Jersey announced the plan Saturday, saying it could help victims of the unprecedented storm along with rescuers who may also be unable to get to polling places.

National: How secure is your electronic vote? | CNN.com

In an era when shadowy hackers can snatch secret government files and humble big businesses with seeming ease, it’s an unavoidable question as Election Day approaches: When we go to the polls, could our very votes be at risk? According to voting-security experts, the answer can be boiled down to a bit of campaign-speak: There are reasons for concern and there is work to be done but, by and large, we’re better off now than we were four years ago. “In general terms, the nation as a whole is moving toward more resilient, more recountable, evidence-based voting systems and that’s a good thing,” said Pamela Smith, president of the Verified Voting Foundation. “We’re better off than we were a couple of election cycles ago by a long shot and we’re better off than we were in the last election, too. “We’re seeing improvement, but we’re still seeing immense challenges.”

National: Use of e-voting machines unaltered despite power outages caused by Hurricane Sandy | Computerworld

Plans to use electronic voting machines in Tuesday’s presidential election appear to be largely unaltered in states that were hit hard by Hurricane Sandy. Despite widespread power outages and other hurricane related damage, election officials in New Jersey, Pennsylvania, Virginia and Delaware remained confident that their electronic voting machines would be up and running on Election Day.

National: Some Jurisdictions Switch to Lower-Tech Voting Systems After Experiencing Problems, See Value in Paper Trail | TheBlaze.com

In a digital age, you might be surprised to learn that many states once using electronic voting are actually switching back to paper — some after disastrous elections that resulted from the lack of a paper trail. Florida, New Mexico, Michigan and Washington state are a few that in recent years made the move to require use of paper ballots instead of electronic voting systems, according to Verified Voting President Pamela Smith. But they’re not shying away from technology altogether, these and some other states using paper ballots employ specialized scanners to count the ballots.

Colorado: 3 Colorado counties’ touch-screen voting machines worry activists | The Denver Post

For months, a group of election activists has complained about Secretary of State Scott Gessler’s oversight of touch-screen voting machines used throughout Colorado that critics say are vulnerable to tampering and malfunctions. Gessler argues strongly that the voting machines are reliable, but critics say that in a close presidential election in swing state Colorado, and in places like Arapahoe County — where touch-screen machines are still the principal means of casting an in-person ballot — a mishap with the devices could tilt the race. Colorado’s touch-screen machines, they say, could become the “hanging chads” of 2012. “The secretary of state has not enforced his own voting security laws and regulations for touch-screen machines since he was elected,” said Paul Hultin, an attorney representing a group of voters who brought a 2006 lawsuit challenging the machines’ reliability.

Illinois: WBEZ answers what Chicago’s done to secure voting machines | WBEZ 91.5

Can we trust the machines that record our votes in local polling places? That’s the gist of the question that listener Ryan McIntyre submitted to Curious City. Like many people across the country, McIntyre is worried that election results could be manipulated by today’s electronic voting machines. Here’s how he phrased his question: “After watching the HBO documentary, ‘Hacking Democracy,’ I find using the electronic voting machines, usually by the corporation Diebold, very frivolous since they can so easily be tampered with. Entire elections can be manipulated, vote totals, everything. Before I make my vote I demand that I use the paper ballot. What is being done to eliminate these machines from use in the city of Chicago, a city known to be ravaged by dirty politics anyways? My question can include the entire state of Illinois, not just Chicago.” The simplest answer to McIntyre’s question is that elections officials in Chicago, suburban Cook County and other local jurisdictions are likely to stick with the machines they’re using now, at least for the foreseeable future. And for what it’s worth, Diebold, which is now called Premier Election Solutions, didn’t make any of the voting machines used anywhere in Illinois, according to a database maintained by The Verified Voting Foundation, a nonpartisan, nonprofit group based in California.

National: Election watchdogs keep wary eye on paperless e-voting systems | Computerworld

As the clock winds down to what could turn out to be an extremely close presidential race, some election watchdogs are keeping a wary eye on paperless electronic voting machines that are scheduled to be used in several key states and jurisdictions around the country. Paperless systems are basically Direct Recording Electronic systems (DREs) in which voters cast their ballots in a completely electronic fashion by using push buttons or touchscreens. Some DREs allow voters to print out a paper copy of their ballots to verify that their vote was cast as intended. Election watchdog groups such as Verified Voting and Common Cause and academicians have insisted that such a voter verifiable paper audit trail (VVPAT) is vital to ensuring the integrity of the vote in jurisdictions that use DREs.

North Carolina: Election officials not worried about touch screen voting machines | WRAL.com

A handful of voters throughout the state have reported problems making a choice on touch-screen voting machines used in roughly a quarter of North Carolina counties. Newspapers in both Cumberland and Guilford counties have reported on voter complaints. Callers to WRAL-TV have also asked about problems their friends encountered when voting early. “We don’t even question the voter as to whether it’s true or not,” said Terri Robertson, director of the Cumberland County Board of Elections. She said her staffers are instructed to shut down any voting machine that a voter is having problems with and service it. Voters, meanwhile, are directed to another machine, she said.

Indiana: Voting Machine Critics Worry About Possible Tampering | Indiana Public Media

Indiana counties will publicly test their voting machines this week to make sure they are tallying votes correctly. But some activists contend the test does not address a larger problem. A Stanford computer scientist created the Verified Voting Foundation in 2004 to lobby states to implement more safeguards against voting-machine tampering, starting with a paper trail to verify vote counts if necessary.

National: Voting For the Leader of the Free World…From Your Couch? | Fox Business

Imagine if casting a vote for the next president of the United States were as easy as waking up and turning on your PC. Cyber security experts say online voting may not be that far off in the U.S. and could breathe new life into the American electoral process. Perhaps because Americans are already comfortable using the Internet to trade stocks, manage their finances and make online purchases, calls to modernize the voting system and potentially bring it online have started to grow louder. Barriers exist today, but voting for the leader of the free world via smartphone, laptop or tablet could be a reality within the next few presidential election cycles. … The biggest threats are malware on personal devices that could, unbeknownst to the voter, alter their vote or track who they voted for, as well as hostile people or groups who could hack into the system for malicious purposes and disrupt the voting process. Another major challenge is ensuring that a vote is anonymous while at the same time re-countable for auditing purposes.  “My concern is the potential for some rogue nation to attack our voting if it moves online, and not being prepared,” Snell said.

Maryland: Online voter registration vulnerable to attack, researchers say | The Washington Post

A voting rights group and some of the nation’s leading researchers on election technology are urging Maryland voters to check the accuracy of their online voter registration files after warning that the data had been left vulnerable to tampering. Researchers at the University of Michigan, the Lawrence Livermore National Laboratory and a former president of the Association for Computing Machinery wrote to Maryland officials late last month urging them to take immediate steps to better protect a new system that allows Marylanders to update their voter registration online. The letter warned that anyone with access to a Maryland voter’s full name and birth date could exploit a simple online tool to change the voter’s address, party affiliation or other information. Such changes, especially a change of address, could lead to a voter’s ballot not being counted normally on Election Day.