Internet Voting

Tag Archive

National: There’s so much unjustified hype and hope about online voting | Susan Greenhalgh and Michael Fernandez/The Fulcrum

The coronavirus pandemic has upended everyone and everything, creating a new normal: living over the internet. Members of the House who fear the health risks of coming to the Capitol have even been permitted to transmit electronically their votes for legislation. But this shouldn’t be seen as any green light for states to consider online voting in our elections. Unlike Congress, which has insisted that transparency be central to its first-ever foray into proxy voting, the American electoral system relies on the citizens’ choices remaining secret. A ballot cast over the internet could be undetectably manipulated by hackers. House members’ remote votes are public record, delivered in writing and then announced verbally during each roll call, so any attempted hacking would be easily exposed. To keep voters safe during the Covid-19 outbreak, many states are making it easier to vote by mail and thereby avoid close contact at polling places. Their plans must also include adequate accommodations for disabled voters, But any proposal that we move to online voting is contrary to the evidence. Architects of the internet and cybersecurity warn that online voting is still inherently insecure. Read More

National: Cybersecurity Experts Caution Against Calls to Expand Online Voting | Aila Slisco/Newsweek

Calls for an expansion of online voting are being met with concern from cybersecurity experts who caution that votes could be easily manipulated if the practice is widely adopted. West Virginia Secretary of State Mac Warner has recently called for states to expand online voting for overseas military members and people with disabilities that prevent them from voting in person without assistance. West Virginia is one of several states that allow online and mobile voting for overseas military and this year expanded the practice to include disabled people, with 180 voting in a pilot program during the June primary, including 25 disabled people. In 2018, the state was the first to offer voting using a mobile app for service members, with 144 using the technology to vote in that year’s general election, according to a report from the Military Times. In Georgia’s DeKalb County, lawmakers last month called for online voting to become available for all voters throughout the state, according to The Champion. Similar calls have been made by officials and advocates in other states, along with prominent figures like former presidential candidate Andrew Yang, who tweeted about the issue last week. However, cybersecurity experts caution that online voting could present major threats to the integrity of elections since ballots transmitted online are especially vulnerable to attacks from hackers. Limited online voting has been experimented with for years in the U.S., and used on a larger scale in a handful of other countries, but experts say that vulnerabilities are inevitably found in systems when they are examined closely. Read More

National: DNC’s email voting plan limits hacking risk but can’t eliminate it | Joseph Marks/The Washington Post

The Democratic National Committee’s virtual convention next month will mark a major test for whether Internet-based voting can be done safely and securely. The DNC, which is moving its convention online because of the coronavirus pandemic, released a plan Friday for delegates to vote by email for the Democratic presidential nominee and planks in the party’s platform. Internet voting presents far fewer risks in this case than it would during a regular election because delegates’ ballots aren’t secret. That means they can verify their votes weren’t altered either by hackers or technological snafus and correct any errors after the fact. There’s also no drama about the outcome of the most important vote because former vice president Joe Biden has basically already secured the Democratic nomination. But it still presents numerous opportunities for hackers from Russia or elsewhere to disrupt the voting process, sow confusion about results or use disinformation operations to spread conspiracy theories or gin up hostilities between rival camps supporting Biden and Sen. Bernie Sanders (I-Vt.). And any disruption is likely to spark painful memories of 2016 when information Russia hacked and leaked from the DNC helped wreak havoc on Hillary Clinton’s campaign. That means the DNC must be hyper-prepared to knock back any allegations of digital interference or rapidly respond to attacks even as it runs a convention unlike any in history. Read More

Texas: Judge denies Harris County request to allow email voting for those infected with COVID-19 | Zach Despart/Houston Chronicle

A state district judge on Friday denied a request by Harris County Clerk Christopher Hollins to allow thousands of voters who recently tested positive for coronavirus, and now are quarantined, to vote online in the primary runoff election. The novel voting method never has been used in Harris County, but was permitted for the small-scale North Texas Ebola outbreak in 2014. Judge Larry Weiman, however, said he shared concerns raised by the Harris County Republican Party that online voting was not secure. Weiman, a Democrat, also said at the emergency telephone hearing that the county clerk had not produced an example of a voter being disenfranchised by exposure to coronavirus. “The plaintiff hasn’t shown any injured party,” Weiman said. Hollins sought to allow the estimated 10,000 residents who have tested positive for COVID-19 after the July 2 deadline to apply for a mail ballot. Forcing infected residents to vote in person would put “thousands of other voters at risk,” County Attorney Vince Ryan wrote in the clerk’s court filing. Read More

Malaysia: Government looking into internet voting, Law Minister says | The Straits Times

The Malaysian government is engaging various stakeholders to look into the feasibility of introducing e-voting for the next general election, says Minister in the Prime Minister’s Department Takiyuddin Hassan. Datuk Takiyuddin, who is the de-facto Law Minister, said electronic voting would involve several issues pertaining to data confidentiality, security, cost and voter education. He said the Election Commission (EC) is still not satisfied with the confidentiality and security issues involving e-voting. “Therefore, the EC will continue to engage with the relevant quarters before any decision is put forward to the government,” he said during question time in Parliament on Thursday (July 16). The issue of e-voting has been raised amid talk that the four-month old Perikatan Nasional (PN) government might call for snap elections amid the coronavirus pandemic. The 15th general election isn’t due until 2023 but might be called soon due to the thin parliamentary majority held by PN. Read More

Lithuania: Central Electoral Commission may not be able to roll out e-voting in time for general election | The Baltic Times

Lithuania’s Central Electoral Commission (CEC) will draw a plan on the rollout of online voting for the Lithuanians living abroad but the panel’s chair, Laura Matjosaityte, doubts that it will be implemented in time for the upcoming general election. “We have discussed legal regulation pertaining to the legalization of online voting for those who cast their ballots abroad in cases where diplomatic representations cannot organize live voting, also for those who are in self-isolation, and we all have agreed that there is very little time for getting ready for high quality solutions,” she told BNS. The Commission on Thursday organized a discussion on possibilities to create an online voting system, as established in the legislative amendments recently passed by the Seimas, in time for the upcoming general election. Participants of the discussion included representatives of the president’s office, the office of the government, the ministry of justice and the cyber security center. According to Matjosaityte, it is difficult to tell whether it may still be possible to roll out online voting in time for the election in October. Read More

Georgia: DeKalb Commissioner Cochran-Johnson sponsors bill to expand to online voting | Roz Edward/Atlanta Daily World

As voting irregularities ranging from technical issues to poorly trained staff emerge across Georgia following the June primary elections, Commissioner Lorraine Cochran-Johnson has presented a resolution requesting the Georgia General Assembly research and expand voting options to include online capabilities. The resolution presented by the Governing Authority of DeKalb County requests the General Assembly to establish online voting to create a more secure, convenient and accessible opportunity for citizens to exercise a fundamental principle of American democracy. Through the establishment of online voting, the State of Georgia, counties and local municipalities will be able to reduce the financial burden associated with staffing various elections. Read More

Canada: ‘I don’t think it should be used’: Northwest Territories legislators hear expert’s concerns on online voting | Hilary Bird/CBC

When election officials in the Northwest Territories announced last year that the territory would be the first jurisdiction to use online voting in any provincial or territorial election, there was some public excitement. But that excitement quickly became overshadowed by warnings from cybersecurity experts who claimed the online voting systems of the day just weren’t secure enough to be used in an election. Regardless of those concerns, Elections NWT went ahead with its online voting plans and in the October 2019 election, 3.7 per cent of voters in the N.W.T. used the Montreal-based Simply Voting online platform to cast their ballot. The controversy surrounding the N.W.T. ‘s use of online voting is back in the public realm this month as a committee of MLAs is spending several days studying the process to see if it should be used in future elections. In her report to the N.W.T. Legislature on last year’s election, the territory’s chief electoral officer Nicole Latour is recommending thevernment amend the N.W.T. Elections and Plebiscites Act so that she can develop a set of procedures so that online voting can be a permanent part of future territorial elections. But in a presentation to the standing committee on rules and procedures Tuesday, one of the world’s leading election cyber security experts Aleksander Essex recommended the opposite. Read More

Australia: Electoral legislation amendments leave door open to internet voting | Asha Barbaschow/ZDNet

Australia’s Electoral Legislation Amendment (Miscellaneous Measures) Bill 2020 is currently before the House of Representatives Electoral Matters Committee to review the changes put forward by Minister for Finance Mathias Cormann. The changes within the Bill [PDF] would amend the Commonwealth Electoral Act to modify electoral donation and disclosure laws and “address anomalies” in entity registration and public election funding rules; as well as the intention to improve electoral processes, electoral administration, vote issuing procedures, and improve workforce flexibility for the Australian Electoral Commission (AEC). But as cryptographer Dr Vanessa Teague highlighted late Monday, by way of introducing the capability to expand electronically assisted voting methods to Australians working in Antarctica, the Bill somewhat forces the AEC to accept internet voting. While legislation currently allows for electronic voting to be performed by those with vision impairment, the Bill seeks to replace the phrase “sight-impaired people to vote by an electronically assisted voting method” with “an electronically assisted voting method to be used by sight-impaired people to vote”. Read More

National: Security Flaws in US Online Voting System Raises Alarm Over Potential Vote Manipulation | Byron Muhlberg/CPO Magazine

As the 2020 US presidential election draws nearer, concern is beginning to mount over the potential threat of vote manipulation. Alarm over vote manipulation was once again raised after OmniBallot, an online voting system, was found to be riddled with a host of security risks according to the findings of a recent research paper by Massachusetts Institute of Technology (MIT) and the University of Michigan computer scientists. The research paper, which hit the press on June 7, revealed that OmniBallot’s designer Democracy Live leaves the ballots that it processes susceptible to vote manipulation. What’s more, the researchers found that Democracy Live actively collects sensitive voter information and does not ensure adequate protection of the information while online. As a result, according to the paper, the online voting system runs the risk of providing easy pickings for sophisticated cybercriminals—especially those using ransomware—one that is only exacerbated by the fact that no technology currently exists to mitigate the risks in question. Read More

National: Why You Can’t Just Vote on Your Phone During the Pandemic | Sue Halpern/The New Yorker

When Alex Howard, a resident of Washington, D.C., failed to receive an absentee ballot for the city’s June 2nd primary, he assumed that he would have to vote in person. Then, by chance, on the day of the election, he saw a Twitter post alerting voters of the option to vote remotely over the Internet. Howard, a digital-governance expert at Demand Progress, an advocacy group for good governance, decided to give it a try. “I’m a poker and a prodder and a professional evaluator of government I.T. programs,” he told me. “I like to see how things work.” He was directed to a Web site typically reserved for members of the military, which sent him to a site where he confirmed his date of birth and address. He then logged on to another site to vote. A few minutes later, he e-mailed his completed ballot to the Board of Elections. “There were people who stood in line for hours and hours to vote, and here I was, voting at home on my laptop,” he said. “It was really good for my family from a health standpoint, but whether it’s a good idea at scale—I don’t think so.” He is still waiting to hear if his ballot was received. Read More

Lithuania: Government backs e-voting, suggests testing it abroad | The Baltic Times

The Lithuanian government has backed the legalization of e-voting but suggeststesting the new procedure, first of all, during a vote abroad in the special constituency for Lithuanian living abroad. On Monday, the Cabinet backed the amendments under consideration by the Seimas, which would allow voting online during the upcoming general election. The bill was initiated by the ruling Social Democratic Labor Party of Lithuania, motivating the need to introduce alternative voting option amid the COVID-19 pandemic. Upon receipt of the government’s conclusion, the bill will be further deliberated by the Seimas. Justice Minister Elvinas Jankevicius says e-voting cannot be introduced for the upcoming general election in October and suggests that lawmakers should consider introducing such a voting option for municipal, presidential EP elections and referenda.

„E-voting should be safe and trustworthy so than nobody has doubt over election results. Therefore, it is important to consult cyber security experts while creating and introducing such a system, and test and trial this method. With less than three months until an election, it’s impossible to create and test such a system,” Jankevicius said.

The Justice Ministry also said in a statement that the procurement of an information system, creation and testing procedures could take from 18 to 24 months.

Under the bill under consideration by the Seimas, e-voting would be allowed to take place three days from 9 a.m. until 10 p.m. Moreover, a person could change their mind and come to vote to a polling station.

Finally, people would be able to vote online several times as the last vote would count.

Prime Minister Saulius Skvernelis and Ramunas Karbauskis, leader of the Lithuanian Farmers and Greens Union, the SDLP’s coalition partner, have said earlier e-voting would be impossible during the upcoming election.

President Gitanas Nauseda has also suggested introducing e-voting for Lithuanian living abroad. He expressed such an idea during his State of the Nation Address last week.

Lithuanian will hold a general election on October 11.

Those in favor of e-voting say it would boost voter turnout. Those against it say, however, it’s impossible to increase the secrecy and safety of voting.

Full Article: Lithuanian govt backs e-voting, suggests testing it abroad.

Delaware: Election Commission Quietly Fielded An Online Voting System, But Now Is Backing Away | Sophia Schmidt/NPR

Delaware briefly deployed a controversial internet voting system recently but scrapped it amid concerns about security and public confidence. Before the online option was shuttered, voters returned more than 2,700 ballots electronically — and those votes still will be counted, according to the state, along with conventional votes in the upcoming July primary. Delaware Election Commissioner Anthony Albence said the decision to stop using the cloud-based return option was made to protect public perception of the election. “We have had no problems with the system,” said Albence. “We have confidence in the system, but we want everyone to be fully confident in anything that we do.” The coronavirus pandemic has sent election officials nationwide scrambling for creative solutions to voting problems this year, but it’s becoming clear that there remains very little appetite for new internet voting platforms as part of that conversation. After NPR reported in April that three states were moving toward statewide pilot programs to allow voters with disabilities to return their ballots over the internet, two of those states have since backed away from those plans after intense criticism from the cybersecurity community. Read More

Delaware: Election officials back out of mobile voting weeks before primary | Benjamin Freed/StateScoop

Delaware election officials backed off a plan to offer an online ballot-return method to voters in its primary next month, citing a recent report from security experts that found that the platform being used is vulnerable to hacking that could expose or manipulate how a person’s ballot was cast without being detected by either voters or the vote counters. The platform, OmniBallot, allows election administrators to send ballots to hard-to-reach voters, like deployed military members, civilians living abroad and voters with disabilities, giving them the option to return their completed ballots through a variety of methods, including postal mail, email and fax. But Delaware was also one of a handful of states that planned to test out OmniBallot’s ability to transmit ballots online, which raised concern with some election security analysts who argue that the internet is a dangerous venue for voting. In a June 7 paper, J. Alex Halderman, a computer scientist at the University of Michigan, and Michael Specter, a doctoral student at the Massachusetts Institute of Technology, wrote that OmniBallot “is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers” who can compromise software made by OmniBallot’s developer, Democracy Live. Read More

Voting Blogs: New Jersey agrees No Internet voting in July, vague about November | Andrew Appel/Freedom to Tinker

A formal settlement agreement has been submitted to the NJ Superior Court regarding online ballot access in the 2020 elections. On May 4, 2020,  New Jersey’s Division of Elections was caught trying to adopt vote-by-Internet on the stealth, even though the law forbids it.  That is, not only is Internet voting inherently insecurable, there’s a 2010 Court Order still in effect that says, “computers utilized for election-related duties shall at no time be connected to the Internet.”  That’s based on the New Jersey Superior Court’s finding that “As long as computers, dedicated to handling election matters, are connected to the Internet, the safety and security of our voting systems are in jeopardy,” in the case of Gusciora v. Corzine. Penny Venetis, attorney for the Gusciora plaintiffs, filed a motion (in early May) with the Court, to make the State abandon its plans for online voting, on the basis that receiving ballots e-mailed or uploaded on the Internet clearly violates this order.  The Court ordered the parties to reach a settlement by June 8, or report their separate positions. Read More

National: Why Can’t People Vote Online? Election Security Analysts Weigh In | Chris Iovenko/Observer

The coronavirus pandemic has radically changed the way we live; it is also upending the way we vote. Traditional polling stations, which often have long lines and use crowded indoor spaces and shared voting equipment, pose substantial risks for spreading the disease. Unless there is a massive switch to remote voting, the predicted second wave of COVID-19 this fall could be catastrophically escalated by large in-person turnouts at polling stations. And in turn, efforts to prevent increased infections can be used as an excuse for targeted, discriminatory curtailment of in-person voting, with the outrageous events in Georgia’s primary election on Tuesday a clear example of the potential derailment of democracy. Currently, the most common way to vote remotely is by mail. It’s a proven, convenient, and safe technique; in the 2016 election,  1 in 4 Americans voted by mail. However, President Donald Trump (who himself votes by mail) and his allies have falsely attacked vote-by-mail as wide-open to fraud and an attempt by Democrats to steal the election. The Republican National Committee has launched a lawsuit in California contesting expansion of vote-by-mail and in states controlled by Republicans obstacles to voting by mail will likely be greater than those faced by voters in other states. Read More

National: Cybersecurity Concerns with Online Voting for 2020 Presidential Election | 2020-06-11 | Security Magazine

A new report by researchers at the Massachusetts Institute of Technology (MIT) and University of Michigan discusses the cybersecurity vulnerabilities associated with OmniBallot, a we-based system for blank ballot delivery, ballot marking and (optionally) online voting. Three states – Delaware, West Virginia and New Jersey – recently announced they would allow certain voters to cast votes using OmniBallot. Researcher Michael A. Specter at MIT and J. Alex Halderman at the University of Michigan reverse engineered the client-side e portion of OmniBallot, as used in Delaware, in order to detail the system’s operation and analyze its security. “We find that OmniBallot uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare,” the researchers explain. In addition, Democracy Live, which appears to have no privacy policy, receives sensitive personally identifiable information— including the voter’s identity, ballot selections, and browser fingerprint— that could be used to target political ads or disinformation campaigns, the report says. Read More

National: Researchers say online voting tech used in 5 states is fatally flawed | Timothy B. Lee/Ars Technica

OmniBallot is election software that is used by dozens of jurisdictions in the United States. In addition to delivering ballots and helping voters mark them, it includes an option for online voting. At least three states—West Virginia, Delaware, and New Jersey—have used the technology or are planning to do so in an upcoming election. Four local jurisdictions in Oregon and Washington state use the online voting feature as well. But new research from a pair of computer scientists, MIT’s Michael Specter and the University of Michigan’s Alex Halderman, finds that the software has inadequate security protections, creating a serious risk to election integrity. Democracy Live, the company behind OmniBallot, defended its software in an email response to Ars Technica. “The report did not find any technical vulnerabilities in OmniBallot,” wrote Democracy Live CEO Bryan Finney. This is true in a sense—the researchers didn’t find any major bugs in the OmniBallot code. But it also misses the point of their analysis. The security of software not only depends on the software itself but also on the security of the environment on which the system runs. For example, it’s impossible to keep voting software secure if it runs on a computer infected with malware. And millions of PCs in the United States are infected with malware. Read More

National: Democracy Live Internet Voting System Can Be Hacked, Researchers Warn | Lucas Ropek /Government Technology

An online voting platform that has seen recent adoption by numerous state and county governments has vulnerabilities that could be exploited to change votes without the knowledge of election officials, a new report alleges. The OmniBallot, which is a product of Seattle-based tech firm Democracy Live, purports to offer “secure, accessible remote balloting for all voters” and is being used by state or county governments in Oregon, Washington, Colorado, Ohio, Florida, New Jersey and West Virginia. The company developed a number of contracts for limited Internet voting pilot programs with states earlier this year, after COVID-19 threatened to disrupt primary elections nationwide. These programs are fairly limited in scope and largely focus on overseas voters and the disabled. However, computer science researchers say what the company really offers is an insecure platform. The recently published report from professors Michael J. Specter, of MIT, and J. Alex Halderman, of the University of Michigan, states that the company “uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare [its partners].” Read More

Voting Blogs: Democracy Live internet voting: unsurprisingly insecure, and surprisingly insecure | Andrew Appel/Freedom to Tinker

The OmniBallot internet voting system from Democracy Live finds surprising new ways to be insecure, in addition to the usual (severe, fatal) insecurities common to all internet voting systems. There’s a very clear scientific consensus that “the Internet should not be used for the return of marked ballots” because “no known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.” That’s from the National Academies 2018 consensus study report, consistent with May 2020 recommendations from the U.S. EAC/NIST/FBI/CISA. So it is no surprise that this internet voting system (Washington D.C., 2010) is insecure , and this one (Estonia 2014) is insecure, and that internet voting system is insecure (Australia 2015) , and this one (Sctyl, Switzerland 2019), and that one (Voatz, West Virginia 2020) A new report by Michael Specter (MIT) and Alex Halderman (U. of Michigan) demonstrates that the OmniBallot internet voting system from Democracy Live is fatally insecure. That by itself is not surprising, as “no known technology” could make it secure. What’s surprising is all the unexpected insecurities that Democracy Live crammed into OmniBallot–and the way that Democracy Live skims so much of the voter’s private information. Read More