Verified Voting Blog

This blog contains posts authored by the Verified Voting Team and by members of the Verified Voting Board of Advisors.

Verified Voting Blog: Steven Bellovin Joins Verified Voting’s Board of Advisors

bellovin-300Verified Voting is pleased to announce that noted computer scientist Steven M. Bellovin has joined our Board of Advisors. Bellovin is the Percy K. and Vidal L. W. Hudson Professor of computer science at Columbia University and member of the Cybersecurity and Privacy Center of the university’s Data Science Institute. He is the Technology Scholar at the Privacy and Civil Liberties Board. He does research on security and privacy and on related public policy issues. In his copious spare professional time, he does some work on the history of cryptography. He joined the faculty in 2005 after many years at Bell Labs and AT&T Labs Research, where he was an AT&T Fellow.

Prof. Bellovin received a BA degree from Columbia University, and an MS and PhD in Computer Science from the University of North Carolina at Chapel Hill. While a graduate student, he helped create Netnews; for this, he and the other perpetrators were given the 1995 Usenix Lifetime Achievement Award (The Flame). Bellovin has served as Chief Technologist of the Federal Trade Commission. He is a member of the National Academy of Engineering and is serving on the Computer Science and Telecommunications Board of the National Academies of Sciences, Engineering, and Medicine. In the past, he has been a member of the Department of Homeland Security’s Science and Technology Advisory Committee, and the Technical Guidelines Development Committee of the Election Assistance Commission; he has also received the 2007 NIST/NSA National Computer Systems Security Award and has been elected to theCybersecurity Hall of Fame. Read More

Verified Voting Blog: Security against Election Hacking – Part 2: Cyberoffense is not the best cyberdefense!

This article was originally posted at Freedom to Tinker on August 18, 2016.

State and county election officials across the country employ thousands of computers in election administration, most of them are connected (from time to time) to the internet (or exchange data cartridges with machines that are connected).  In my previous post I explained how we must audit elections independently of the computers, so we can trust the results even if the computers are hacked.

Still, if state and county election computers were hacked, it would be an enormous headache and it would certainly cast a shadow on the legitimacy of the election.  So, should the DHS designate election computers as “critical cyber infrastructure?”

This question betrays a fundamental misunderstanding of how computer security really works.  You as an individual buy your computers and operating systems from reputable vendors (Apple, Microsoft, IBM, Google/Samsung, HP, Dell, etc.).  Businesses and banks (and the Democratic National Committee, and the Republican National Committee) buy their computers and software from the same vendors.  Your security, and the security of all the businesses you deal with, is improved when these hardware and software vendors build products without security bugs in them.   Election administrators use computers that run Windows (or MacOS, or Linux) bought from the same vendors. Read More

Verified Voting Blog: Security against Election Hacking – Part 1: Software Independence

This article was originally posted to Freedom to Tinker on August 17, 2016.

There’s been a lot of discussion of whether the November 2016 U.S. election can be hacked.  Should the U.S. Government designate all the states’ and counties’ election computers as “critical cyber infrastructure” and prioritize the “cyberdefense” of these systems?  Will it make any difference to activate those buzzwords with less than 3 months until the election? First, let me explain what can and can’t be hacked.  Election administrators use computers in (at least) three ways:

  1. To maintain voter registration databases and to prepare the “pollbooks” used at every polling place to list who’s a registered voter (for that precinct); to prepare the “ballot definitions” telling the voting machines who are the candidates in each race.
  2. Inside the voting machines themselves, the optical-scan counters or touch-screen machines that the voter interacts with directly.
  3. When the polls close, the vote totals from all the different precincts are gathered (this is called “canvassing”) and aggregated together to make statewide totals for each candidate (or district-wide totals for congressional candidates).

Any of these computers could be hacked.  What defenses do we have?  Could we seal off the internet so the Russians can’t hack us?  Clearly not; and anyway, maybe the hacker isn’t the Russians—what if it’s someone in your opponent’s political party?  What if it’s a rogue election administrator? Read More

Verified Voting Blog: Why voting systems must be as secure as the U.S. power grid

This oped was posted by Reuters on August 17, 2016.

Every American has the right to have their vote counted. The Department of Homeland Security is weighing steps to help safeguard that right. The agency is considering actions to secure the voting process against cyber-threats by designating voting systems as “critical infrastructure.” In a democracy, our voting systems are critical infrastructure like our power grids, hospital systems and nuclear power plants. The U.S. government maintains its authority based on the consent of the governed.

The revelation that hackers, possibly sponsored by Russia, illegally entered the computer system of the Democratic Congressional Campaign Committee, as well as that of the Democratic National Committee, and monitored email activity for more than one year shows the vulnerability of the U.S. political infrastructure. Emails of members of Congress were also hacked.

There have been other serious hacking episodes. Arizona’s statewide voter registration database, for example, was recentlytaken down for more than a week so that the FBI and the state could investigate a potential breach. Arizona Secretary of State Michele Reagan called the breach an“extremely serious issue.” The FBI described the threat as “8 out of 10” on its severity scale.

The question remains: If a nation wants to influence U.S. elections, would the hackers go directly after ballots and voting systems? If that’s the case, shouldn’t protecting these systems receive the highest priority?

Read More

Verified Voting Blog: Why Online Voting is a Danger to Democracy

InterThis article was originally posted at The Stanford Report.

If, like a growing number of people, you’re willing to trust the Internet to safeguard your finances, shepherd your love life, and maybe even steer your car, being able to cast your vote online might seem like a logical, perhaps overdue, step. No more taking time out of your workday to travel to a polling place only to stand in a long line. Instead, as easily as hailing a ride, you could pull out your phone, cast your vote, and go along with your day. Sounds great, right?

Absolutely not, says Stanford computer science professor David Dill. In fact, online voting is such a dangerous idea that computer scientists and security experts are nearly unanimous in opposition to it.

Dill first got involved in the debate around electronic voting in 2003, when he organized a group of computer scientists to voice concerns over the risks associated with the touchscreen voting machines that many districts considered implementing after the 2000 election. Since then, paperless touchscreen voting machines have all but died out, partly as a result of public awareness campaigns by the Verified Voting Foundation, which Dill founded to help safeguard local, state, and federal elections. But a new front has opened around the prospect of Internet voting, as evidenced by recent ballot initiatives proposed in California and other efforts to push toward online voting. Here, Dill discusses the risks of Internet voting, the challenge of educating an increasingly tech-comfortable public, and why paper is still the best way to cast a vote. Read More

Verified Voting Blog: California’s Internet Voting Initiatives

This article was originally published in Communications of the ACM on February 24, 2016.

California, home of an underabundance of rain and an overabundance of ballot initiatives, may be confronted with one or two initiatives on this November’s ballot that, if passed by the voters, will mandate the establishment of Internet voting in the state.

A total of three such initiatives are under consideration so far. The first, poorly written and probably a long shot, represents one of the hazards of the initiative process: anyone can pay the fees and submit any crazy idea for a new law. But the other two are closely related, with the same sponsor and largely identical content. We expect only one of those two will go forward. Since they represent the most significant concern, for the rest of this blog we discuss only them.

The two initiatives, numbered 15-0117 and 15-0118, can be found at the CA Attorney General’s site. They are carefully drafted to avoid ever using the terms “Internet voting” or “online voting” or “email” or “web,” etc. Instead, they refer throughout to “secure electronic submission of vote by mail ballots.” Presumably, this is in part because the computer and elections security communities have managed to give “Internet voting” a bad name. Read More

Verified Voting Blog: All Election Integrity is Local: Remembering John Washburn (1962-2016)

We were saddened to learn of the untimely passing of election integrity activist John Washburn at the age of 53. John was a fiercely independent thinker – disarmingly honest and contagiously cheerful – and a passionate advocate for transparent election administration. Verified Voting President Pamela Smith noted that John “was actively engaged with the Wisconsin Government Accountability Board, referring to himself as their “thorn” in his good-natured way. He could be thorny, but it was in the best interests of reliable elections, and he came at the work with the highest level of integrity. I suspect he will be missed by both friends and “adversaries” alike.”

On a tribute board set up by the funeral home where John’s memorial service will be held on January 23, Verified Voting Advisory Board member Douglas Jones observed that “John was a man who fought to protect democracy using careful research and the weight of facts to ensure that election results actually report the will of the people. His testimony before government panels at both the state and national level was always calm, reasoned and persuasive.”

John studied the issue of pre-election testing extensively and compiled exemplary guidelines for creating ballot test decks for Logic and Accuracy Testing.  A glimpse of his contributions to the struggle for transparent and reliable elections can be gained from his blog Washburn’s World and his website Washburn Research. John felt strongly that election activists should get involved with their local elections. With deep appreciation for John’s contributions to the struggle for fair and accurate election, we are reposting John’s plea for getting involved on the ground that first appeared on the VoteTrustUSA website in 2006.

All Election Integrity is Local
by John Washburn

It has been pointed out on my blog, my focus on the election irregularities in my home voting district of Gemantown District #1 is petty and I should move down the road to the big fish, the City of Milwaukee. I agree the City of Milwaukee is where 10% of the entire ballots cast in the state of Wisconsin are cast in the 314 wards of the City of Milwaukee. So by the simple application of the Willy Sutton Maxim, the bulk of state fraud is committed there because that is where the votes are. And, I have spent time examining the election irregularities there. I disagree though that I should ignore the election irregularities perpetrated by my neighbors and my village clerk. The Swedes have a delightful proverb, “Sweep your own stoop before you offer to sweep you neighbor’s stoop”. The same holds for election integrity; more so actually. Read More

Verified Voting Public Commentary: Statement to the Pennsylvania Senate State Government Committee Re: SB 1052

Download Statement as PDF

Verified Voting is writing today to express our opposition to Senate Bill 1052, a bill which would permit the return of ballots by electronic transmission over insecure Internet means for military voters in Pennsylvania, and to urge you to vote NO on SB 1052. Ballots sent by email are vulnerable to undetectable manipulation or tampering while in transit over the Internet. 1Ballots sent by fax are also vulnerable to attackers. Today most facsimiles are sent via Internet over facsimile mail programs which have the same threat profile as emailed ballots. By permitting the electronic return of voted ballots, SB 1052 will significantly damage the integrity of Pennsylvania’s elections and put the ballots of military voters at grave risk.

Department of Defense and National Institute of Standards and Technology oppose online voting.

At the start of the 21st century the promise of secure Internet voting seemed attainable; Congress directed the Department of Defense (DOD) in the 2002 National Defense Authorization Act (NDAA) to develop an online voting system for military and overseas voters.  The Federal Voting Assistance Program (FVAP), an agency administered by the DOD, developed a system for deployment in 2004. After a security review the DOD cancelled the project because it could not ensure the legitimacy of votes cast over the Internet.  In 2005 Congress directed the National Institute of Standards and Technology (NIST) to study the online return of voted ballots for the purpose of setting security standards so DoD and FVAP could develop a secure online voting system for military voters. NIST published numerous reports on its research, and documented several security issues that cannot be mitigated or solved with the cyber security safeguards and voting system protocols currently available. NIST concluded that until these challenges are overcome, secure Internet voting is not yet feasible. 2

For these reasons the Department of Defense has warned that it cannot ensure the legitimacy of ballots sent over the Internet and has stated “[the Department of Defense] does not advocate for the electronic transmission of any voted ballot, whether it be by fax, email or via the Internet.” 3 In addition, the Federal Voting Assistance Program, in a report to Congress in 2013, stated clearly that the postal mail return of a voted ballot, coupled with the electronic transmission of a blank ballot is the “most responsible”4 method of absentee voting for UOCAVA voters. The overwhelming evidence that secure Internet voting is not within our grasp led Congress to repeal, in the 2015 National Defense Authorization Act, the earlier directive that DoD pursue online voting for military and overseas voters.

It is not reasonable to expect the Pennsylvania Department of State should be able to develop a secure online ballot return system when the Department of Defense and the National Institute of Standards and Technology have determined secure online voting is not presently achievable. Read More

Verified Voting Blog: What if Volkswagen made Voting Machines?

Volkswagen stock plummeted today, because of accusations by the Environmental Protection Agency that VW uses software that turns on its emission control device when the software detects that one of its diesel cars is undergoing emission testing. When not being tested, the software disables the device, thereby causing the car to spew as much as 40 times the pollution limit of the Clean Air Act.

Like VW cars, modern voting machines contain software that is tested before use in elections. It would not be difficult to write voting machine software that would, like the VW software, know when it is being tested, and thus behave correctly during testing but not during an actual election. If such behavior were detected after an election, the vendor stock would plummet, but so would voter confidence in the outcome of the election. Furthermore, in the case of some voting systems that cannot be legitimately recounted, such as paperless voting machines or online votes, there would be no way to determine after the election if the declared winners were the actual winners. Read More

Verified Voting Blog: Colorado Secretary of State Wayne Williams obscured key facts in online-voting commentary

This article was originally posted at The Colorado Statesman on August 28, 2015.

Last week’s guest commentary by Secretary of State Wayne Williams in The Colorado Statesman obscured some important facts. He was responding to criticism of his new rule establishing criteria for the casting of election ballots by email.

In it, Secretary Williams implies that the federal government expanded voting by email. He writes, “The federal government, along with the Colorado General Assembly, expanded the electronic ballot transmission for military and overseas voters.” In fact the federal government has neither endorsed nor expanded the return of marked ballots over email. The Military and Overseas Voter Empowerment, or MOVE Act of 2009 (a bill we proudly supported) only directs states to send blank ballots to military and overseas voters electronically, not return of voted ballots That’s because voted ballots could be manipulated or deleted in transit — undetectably. Due to such unsolved security issues, last year Congress eliminated a Defense Department online voting project. The federal agency tasked with helping enfranchise military voters has stated that ballot return by postal mail is the “most responsible” method. In no instance does the federal government encourage states to offer electronic ballot return for military and overseas voters.

In 2006 the Colorado General Assembly passed legislation to permit online ballot return for military voters, but only under the most restricted circumstances. And it did so before most of the public was aware of today’s cybersecurity risks and of attacks in which data and sensitive information of millions of Americans had been compromised. Read More

Verified Voting Blog: How not to measure security

This article was originally posted at Freedom to Tinker on August 10, 2015. It is reposted here with permission of the author.

A recent paper published by Smartmatic, a vendor of voting systems, caught my attention. The first thing is that it’s published by Springer, which typically publishes peer-reviewed articles – which this is not. This is a marketing piece. It’s disturbing that a respected imprint like Springer would get into the business of publishing vendor white papers. There’s no disclaimer that it’s not a peer-reviewed piece, or any other indication that it doesn’t follow Springer’s historical standards. The second, and more important issue, is that the article could not possibly have passed peer review, given some of its claims. I won’t go into the controversies around voting systems (a nice summary of some of those issues can be found on the OSET blog), but rather focus on some of the security metrics claims.

The article states, “Well-designed, special-purpose [voting] systems reduce the possibility of results tampering and eliminate fraud. Security is increased by 10-1,000 times, depending on the level of automation.”

That would be nice. However, we have no agreed-upon way of measuring security of systems (other than cryptographic algorithms, within limits). So the only way this is meaningful is if it’s qualified and explained – which it isn’t. Other studies, such as one I participated in (Applying a Reusable Election Threat Model at the County Level), have tried to quantify the risk to voting systems – our study measured risk in terms of the number of people required to carry out the attack. So is Smartmatic’s study claiming that they can make an attack require 10 to 1000 more people, 10 to 1000 times more money, 10 to 1000 times more expertise (however that would be measured!), or something entirely different? Read More

Verified Voting Public Commentary: Comments on Colorado Rules Concerning Internet Voting

Download as PDF

We are pleased to provide testimony and remarks regarding proposed rule changes to Colorado’s Rules Concerning Elections 8 CCR 1501-5. We appreciate the effort of your office to solicit preliminary comments from the public to inform the draft of the proposed rule changes and were happy to participate in the process. We remain in opposition to Rule 16.2.1(c). However, before addressing Rule 16.2.1(c), we would first like to address proposed new Rule 16.2.8 prohibiting Internet voting because it is inextricably linked to proposed Rule 16.2.1(c).

Public comments voiced significant objection to Internet voting. The Secretary has proposed Rule 16.2.8 which states:

New Rule 16.2.8:
16.2.8 NOTHING IN THIS RULE 16.2 PERMITS INTERNET VOTING. INTERNET VOTING MEANS A SYSTEM THAT INCLUDES REMOTE ACCESS, A VOTE THAT IS CAST DIRECTLY INTO A CENTRAL VOTE SERVER THAT TALLIES THE VOTES, AND DOES NOT REQUIRE THE SUPERVISION OF ELECTION OFFICIALS

Proposed new Rule 16.2.8 unfortunately fails to recognize that email and fax return of voted ballots (permitted and expanded in Rule 16.2.1(c)) is Internet voting and includes all of the inherent security risk of Internet voting. In fact, email (and digital fax) are considered by voting system experts at both the National Institute of Standards and Technology and the U.S. Election Assistance Commission to be even less secure, 1, 2 than the type of Internet voting system described in proposed Rule 16.2.8. Read More

Verified Voting Blog: Just Ducky

This article was originally posted at Lowell Finley’s Blog and is re-posted here with permission of the author.

If it looks like a duck, walks like a duck, and quacks like a duck, it’s a duck.  It is not a seagull.  People will, understandably, refer to it as a duck.  Deciding to call it a seagull does not cause it to cease being a duck and does not transform it into a seagull.  With me so far?  An election held by a California city is an “advisory election” if its purpose is to enable only the city’s registered voters to voice their opinions on substantive issues in a non-binding manner.  City advisory elections are subject to the California Election Code’s general requirements and prohibitions.

Now consider the following scenario.  A small California city’s leaders, and the elections system vendor they hire, plan an election that in all respects is described by California Elections Code section 9603.  The city leaders and vendor publicly and consistently refer to the planned activity as an “advisory vote” and “advisory election.”  The city is notified that the election will be illegal, both because it will use an Internet voting system, prohibited by the Elections Code, and because the system is not state-certified, as required by the Elections Code.   With just two weeks to go, the city’s leaders and vendor respond by re-labeling the planned activity a “poll” or “community poll” but make no other changes.   Read More

Verified Voting Blog: Principles for New Voting Systems

Many jurisdictions will need to replace their voting systems in the next few years, but commercial voting systems currently in the marketplace are expensive to acquire and maintain and difficult to audit effectively. Elections may be verifiable in principle – if they generate a voter-verifiable paper trail that is curated well – but current systems make it unnecessarily hard or impractical to verify elections in practice.

Recent experience with open-source tabulation systems in risk-limiting audits in California and Colorado, and voting system projects in Los Angeles County, CA, and Travis County, TX, suggest that the United States could have voting systems that are accurate, usable, accessible, verifiable, efficiently auditable, reliable, secure, modular, and transparent, for a fraction of the cost of systems currently on the market. The key to reducing costs is to use commodity off-the-shelf hardware, open-source software, and open data standards, with usability and auditability designed in from the start.

The United States could have the best possible voting systems, instead of just the best voting systems money can buy, if new systems adhere to the Principles enunciated below. (Download PDF) Read More

Verified Voting Blog: New Standards for Election Data

Examining election results to confirm winners and losers for very close elections can be problematic for contests that span multiple jurisdictions using different equipment and diverse data formats for reporting those results. Such differences have been a significant barrier to conducting post-election risk-limiting audits in time to change preliminary election results if necessary. To address problems caused by incompatible election reporting formats, the IEEE has developed a new standard for election results reporting (1622-2). This standard marks the culmination of over ten years of efforts by many individuals and organizations (including Verified Voting), with crucial technical staff support from the National Institute of Standards and Technology (NIST). In the recently completed 2014 elections, the Ohio Secretary of State’s office successfully used a draft version of the standard to report and export election results and the Associated Press Election Services used the same draft standard to import Ohio’s election results and incorporate it into their national election reporting for television, radio, and newspaper clients across the country. You are invited to weigh in: to see the proposed reporting standard and submit your comments and suggestions for improvement here.

Verified Voting has been actively working for a number of years to develop and promote adoption of national data standards for to support inter-operability, transparent reporting, and post-election audits comparing hand-eye manual counts of voter-verified records with electronic tabulation results.  In 2008 and 2009, we submitted formal comments on the draft 2007 Voluntary Voting Systems Guidelines (VVSG) proposed by the U.S. Election Assistance Commission (EAC)’s Technical Guidelines Development Committee (TGDC). While the draft 2007 VVSG “encourages” adoption of a standard data exchange format to facilitate interoperability between different hardware components, Verified Voting and other groups and experts urged that voting systems be required to input and output data using a common standard format for election data import, export and exchange. As we pointed out, requiring standard data exchange formats can also help facilitate another important VVSG goal — interoperability of election hardware and software components from different vendors.  Read More

Verified Voting Blog: Security not yet available for online voting

This letter to the Editor was published in the Sacramento Bee on December 15, 2014.

California’s record low turnout for November’s elections is indeed worrisome, and incoming Secretary of State Alex Padilla’s promises to increase the voter rolls are laudable. However, the editorial board’s desire to see online voting as the natural evolution of our voting systems is misplaced.  Yes, we do bank, shop and communicate online, but a quick review of the latest headlines proves these transactions aren’t secure. Cybercrime is estimated to cost businesses billions every year. Elections are unlike financial transactions because they’re extremely vulnerable to undetectable hacking. Because we vote by secret ballot, there is no way to reconcile the votes recorded and the marks the voter actually makes with technology currently available. Read More

Verified Voting Blog: Online voting rife with hazards

This column was originally posted ar USA Today on November 4, 2014.

Today Americans are voting in an election that could shift control of the U.S. Senate and significantly impact the direction our nation will take in the next few years. Yet, 31 states will allow over 3 million voters to cast ballots over the Internet in this election, a practice that computer security experts in both the federal government and the private sector have warned is neither secure nor trustworthy. Most states’ online voting is limited to military and overseas voters, but Alaska now permits all voters to vote over the Internet. With a hotly contested Senate seat in Alaska, the use of an online voting system raises serious concerns about the integrity of Alaska’s election results. Alaska’s State Election Division has even acknowledged that its “secure online voting solution” may not be all that secure by posting this disclaimer on its website: “When returning the ballot through the secure online voting solution, your are [sic] voluntarily waving [sic] your right to a secret ballot and are assuming the risk that a faulty transmission may occur.”

Unfortunately, faulty transmission is only one of the risks of Internet voting. There are countless ways ballots cast over the Internet can be hacked and modified by cyber criminals. The National Institute of Standards and Technology, at the direction of Congress, has conducted extensive research into Internet voting in the last decade and published several reports that outline all the ways votes sent over the Internet can be manipulated without detection. After warning that there are many possible attacks that could have an undiscovered large-scale impact, the institute concluded that secure Internet voting is not yet achievable. Read More

Verified Voting Blog: Mail Your Ballot Back: Why Voting Online Puts Your Vote and Privacy at Risk

Twenty-three states plus the District of Columbia allow military and overseas voters (not domestic voters) to return voted ballots by email, facsimile and/or other Internet transmission; six allow  internet return in military in zones of “hostile fire.” Alaska allows it for all absentee voters. But these methods of casting ballots over the Internet are very insecure; ballots returned this way are at risk for manipulation, loss or deletion.

According to the National Institute for Standards and Technology, the agency charged with reviewing the security of internet voting systems, even the most sophisticated cyber security protections cannot secure voted ballots sent over the Internet and that secure Internet voting is not feasible at this time.[1] Even if ballots are returned electronically over online balloting systems that employ security tools such as encryption or virtual private networks, the privacy, integrity or the reliable delivery of the ballot can’t be guaranteed.[2]

Read More

Verified Voting Blog: New Voting Systems Standards Committee Steps into Election Data Void

What does the Institute of Electrical and Electronic Engineers (IEEE) have to do with elections? Glad you asked. IEEE, or the Institute of Electrical and Electronics Engineers, is the world’s largest professional association for the advancement of technology. Along with its major educational and publishing activities, IEEE is one of the leading standards-making organizations in the world. IEEE standards affect a wide range of industries including: power and energy, biomedical and healthcare, Information Technology (IT), telecommunications, transportation, nanotechnology, information assurance, and many more. In 2013, IEEE had over 900 active standards, with over 500 standards under development.

IEEE has many subgroups that establish standards for various industry areas. and one of these is IEEE Project 1622 (or P1622). This group has been active lately working on setting common standards for important election related practices, including things like distributing blank ballots (for voters who are overseas, e.g.). With Congress’ stalemate on appointing new members to the Election Assistance Commission (EAC), development and adoption of U.S. election data standards seems to be shifting from the EAC’s Voluntary Voting Systems Guidelines (VSSG) Technical Development Committee to the IEEE VSSC. Brian Hancock, EAC Director of Voting System Testing and Certification, spoke positively about this development at the recent conference of the Election Verification Network (EVN) in San Diego.

Following adoption of its initial proposed standard for electronic distribution of blank ballot information (1622-2011, published in January 2012), the IEEE Project 1622 for Voting Systems Electronic Data Interchange has been authorized to become the IEEE Voting Systems Standards Committee (VSSC).

Read More

Verified Voting Blog: Hack the Vote: The Perils of the Online Ballot Box

While most voters will cast their ballots at polling stations in November, online voting has been quietly and rapidly expanding in the United States over the last decade. Over 30 states and territories allow some form of Internet voting (such as by email or through a direct portal) for some classes of voters, including members of the military or absentees.

Utah just passed a law allowing disabled voters to vote online; and Alaska allows anyone to cast their ballots online. And there were recent news reports that Democratic and Republican national committees are contemplating holding primaries and caucuses online. We estimate that over three million voters now are eligible to vote online in the U.S.

But online voting is fraught with danger. Hackers could manipulate enough votes to change the results of local and national elections. And a skilled hacker can do so without leaving any evidence. Read More