Internet Voting

Here’s how to keep Russian hackers from attacking the 2018 elections

By J. Alex Halderman and Justin Talbot-Zorn

Washington Post, June 21, 2017

“They’re coming after America,” former FBI director James B. Comey told the Senate intelligence committee this month. “They will be back.”

In a highly politicized hearing, this bold statement drew strikingly little partisan disagreement. Senators on both sides of the aisle have seemingly reached consensus that foreign agents did try to tamper with the 2016 election and that they are extremely likely to do so again.

The question is: What do we do about it?

The Conservative Case for Election Security Reform

The Hill,  March 7, 2017

Good news: Most Americans still have at least some degree of confidence in our voting system. We have not devolved to the level of a third-world banana republic — yet.

But Americans' faith in elections has diminished considerably, and I believe justifiably. Now, only four in 10 citizens have "strong confidence" that their votes are counted as cast. Among Republicans, the proportion of people with faith in voting has fallen to just about a third.

Just the mere perception of a rigged system undermines the most basic foundations of our republic. America's incoming government has an obligation — and an opportunity — to restore the faith in our voting systems.

Report: Russia Launched Cyberattack On Voting Vendor Ahead Of Election

June 5, 2017

Heard on All Things Considered

Russia's military intelligence agency launched an attack days before Election Day on a U.S. company that provides election services and systems, including voter registration, according to a top-secret report posted Monday by The Intercept.

The news site published a report, with redactions, by the National Security Agency that described the Russian spear-phishing scheme, one it described as perpetrated by the same intelligence agency — the GRU — that the Obama administration imposed sanctions on for the 2016 cyber mischief.

There's No Way to Know How Compromised U.S. Elections Are


Atlantic Magazine, June 16, 2017

It’s not really all that hard to hack American democracy.

That fact should be driven home by a recent article from The Intercept detailing the contents of a highly classified NSA report that found evidence of a massive Russian cyberattack on voting software and against over 100 election officials. While the NSA concluded the attack was carried out by the most sophisticated of hackers—the Russian military—their entry methods were relatively vanilla. They gained access to the credentials and documents of a voting system vendor via a spear-phishing attack, and then used those credentials and documents to launch a second spear-phishing attack on local elections officials, which if successful could have compromised election officials’ systems and whatever voter data they possessed.

The "Shocking" Truth About Election Rigging in America

Monday, 05 September 2016

By Victoria CollierTruthout | News Analysis

RICK: How can you close me up? On what grounds?
POLICE CAPTAIN RENAULT: I'm shocked! Shocked to find that gambling is going on in here!
CROUPIER (handing Renault a pile of money): Your winnings, sir.
CAPTAIN RENAULT: Oh, thank you, very much... Everybody out, at once!
(Scene from Casablanca.)

If there is anything positive to say about the 2016 elections, it's that they have finally forced an end to the official denial of computerized election rigging. In the past month, the fact that our voting technology is a hacker's paradise has been validated by no less than all the major TV news networks: NBCABCCBSReutersThe Washington PostThe New York TimesThe Boston GlobeThe AtlanticUSA Today,The HillThe GuardianMother JonesPolitico, and a dozen other outlets.

Of course, the corporate media and political parties are now professing "shock" at the very prospect that US elections can be manipulated, and yes, even stolen. 

Yet it has long been an open secret that game-changing races have been decided not by voters, but by insiders; from the presidential race of 1960, appropriated for John Kennedy by Democratic muscle in Chicago, to the two victories secured for George W. Bush by GOP fixers in Florida and hackers in Ohio. Among other suspect elections in recent years are key Congressional races hijacked by combinations of voter suppression, gerrymandering, dark money and the ugly little secret of American elections: rigged voting machines.

An online voting lobbyist’s misleading testimony ...

By Greg Gordon - McClatchy Washington Bureau

Introducing himself as a former Oregon state elections official, online voting industry lobbyist Donald DeFord vouched authoritatively to a Washington state legislative panel in late January as to the merits of statewide internet voting.

Oregon, he testified, ultimately came to the “same solution” offered by a bill before the Washington state House that would allow everybody to cast their election ballots by email or fax – an option that top cyber security experts warn would expose elections to hackers.

“First in a special congressional election and then statewide, we made our accessible online ballot delivery and return system available to any voter who was not able to use a paper ballot,” DeFord, who previously led Oregon’s program under the federal Help America Vote Act, told the committee.

There was a big problem, however, with the testimony he gave in his current job as a regional sales director for San Diego-based Everyone Counts.

Oregon doesn’t allow voters to send in marked ballots electronically, except for troops and citizens living abroad who have been prevented from mailing their absentee ballots due to an emergency or other extenuating circumstances.

DeFord now says he “misspoke.”

“There was a little bit of confusion about language in there. I probably could have been more clear about it,” he said in phone and email exchanges. “... I did not intend to imply that Oregon has expanded electronic ballot return to all voters.”

Read Full Story


15 Reasons to "Unlike" Internet Voting


Internet voting conceals all four essential steps of transparent elections.
It therefore alters our form of government, violating our inalienable rights and transferring power to insiders; government and vendors. 

Internet voting “security” cannot possibly be assured to the public.
It conceals all the essential steps listed above, including who’s voting remotely.

Whoever controls the servers controls the election results. 
Voters themselves can never know whether the tally is accurate. 

Internet voting violates voter privacy and the secret ballot. 
Voters no longer have the security of the polling booth and may be pressured and intimidated by bosses, spouses, or others. It is also possible for whoever gains access to the system to see how voters have cast their ballot. 

Internet voting is not transparent. 
Looking at a report created by an administrator is not the same thing as scrutinizing the original input. Internet voting creates a funnel -- lots of people input information, one person or a very few people control the output.

No security from hackers. 
With hacks done successfully on such powerfully protected entities as the Pentagon, the White House, the Defense Department and Google, no evidence has been presented that Internet voting can currently be successfully defended from hackers, whether they be the Chinese, Russians, North Koreans, the opposition candidate, or the controllers of the Internet voting systems themselves.

Internet voting companies controlled by foreign corporations. 
The main company currently handling Internet voting for U.S. jurisdictions, Scytl, houses its server in Spain. No one knows who the administrator is for any given election. There is no way for the public to authenticate who put the votes into the system; there is no way for the public to authenticate that the announced result is in any way the real result.

Internet voting destroys the paper ballot and therefore cannot be recounted. 
In the case of errors or contested results, there is no capacity to recount the ballots. Elimination of the paper ballot means a loss of the official record of the vote. Any paper record created remotely is the product of digital flow passed through easily-compromised servers. The United Nations considers the public count of the physical paper ballot to be the international "Gold Standard" for election integrity.

Internet voting is not the same as online banking. 
Buying and banking online is also not secure. Banks reimburse customers for fraudulent transactions, which happen fairly regularly, as well as massive cyber-fraud. However, because the vote is private, you cannot be "reimbursed" for a vote that was stolen. Bank account owners remain connected to their account; Internet voters are severed from their vote. The only way to rectify that is to remove political privacy, which would re-introduce threats of coercion and vote selling.

Internet voting technology is worth big money
It is being pushed by a small handful of private corporations, some already given “preferred status” by the Department of Defense. If allowed to overtake our elections, these private businesses will have the capacity to manipulate election results, with little or no possibility for detection, by either hacking or controlling the servers. 

Internet elections would become centralized (globally), so no local operation would be needed. The civic engagement would diminish, and then disappear. Voters would be subject to whatever results were reported with no alternative to challenge the results of the tally. Election Day would likely vanish, creating a far more challenging and expensive campaign environment, especially for the grassroots. Thousands of poll workers would lose their positions, and all community oversight would disappear entirely.

No guarantee of increased turn-out. 
Internet voting is touted as increasing the youth vote, but elections have taken place in the USA, and have resulted in lower than normal turnout. For example, a 2009 Internet election in Hawaii, for an election type that typically was drawing a 25% participation rate, dropped to just 7% participation. 

Hacking is already underway. 
The irony of Internet voting is that it comes at a time when large institutions such as the Pentagon, the Federal Reserve, large multinational banks and other high security institutions are being consistently hacked. The Department of Homeland Security has warned of the extreme likelihood of intervention in our elections by foreign nations via computer hacking. 

If I Can Shop and Bank Online, Why Can't I Vote Online?

Photo by Image Source/DigitalVision / Getty Images
Photo by Image Source/DigitalVision / Getty Images

by David Jefferson, Computer Scientist, Lawrence Livermore National Laboratory 1 ], member, Verified Voting Foundation Board, Board of Directors, California Voter Foundation

There is widespread pressure around the country today for the introduction of some form of Internet voting in public elections that would allow people to vote online, all electronically, from their own personal computers or mobile devices. Proponents argue that Internet voting would offer greater speed and convenience, particularly for overseas and military voters and, in fact, any voters allowed to vote that way. However, computer and network security experts are virtually unanimous in pointing out that online voting is an exceedingly dangerous threat to the integrity of U.S. elections.

There is no way to guarantee that the security, privacy, and transparency requirements for elections can all be met with any practical technology in the foreseeable future. Anyone from a disaffected misfit individual to a national intelligence agency can remotely attack an online election, modifying or filtering ballots in ways that are undetectable and uncorrectable, or just disrupting the election and creating havoc. There are a host of such attacks that can be used singly or in combination. In the cyber security world today almost all of the advantages are with attackers, and any of these attacks can result in the wrong persons being elected, or initiatives wrongly passed or rejected.

There is no way to guarantee that the security, privacy, and transparency requirements for elections can all be met with any practical technology in the foreseeable future

Nonetheless, the proponents point to the fact that millions of people regularly bank and shop online every day without apparent problems. They note that an online voting transaction resembles an ecommerce transaction, at least superficially. You connect your browser to the appropriate site, authenticate yourself, make your choices with the mouse, click on a final confirmation button, and you are done! All of the potential attacks alluded to above apply equally to shopping and banking services, so what is the difference? People ask, quite naturally, “If it is safe to do my banking and shopping online, why can’t I vote online?” This is a very fair question, and it deserves a careful, thorough answer because the reasons are not obvious. The answer requires substantial development to explain fully, but in brief, in can be summarized:

1. It is not actually “safe” to conduct ecommerce transactions online. It is in fact very risky, and more so every day. Essentially all those risks apply equally to online voting transactions.

2. The technical security, privacy, and transparency requirements for voting are structurally different from, and actually much more stringent than, those for ecommerce transactions. Even if ecommerce transactions were safe, the security technology underpinning them would not suffice for voting. In particular, the voting security and privacy requirements are unique and in tension in a way that has no analog in the ecommerce world.

E-Commerce transactions are not, in fact, “safe”

Why do security experts say that ecommerce transactions are not safe when millions of people do them every day, mostly without problems? The question needs to be refined: “Safe for whom?” and “What degree of safety is required”? E-Commerce transactions may be relatively safe for consumers, but they certainly are not safe for financial institutions or merchants.2 Banks, credit card companies, and online merchants lose billions of dollars a year in online transaction fraud despite huge investments in fraud prevention and recovery. People have the illusion that ecommerce transactions are safe because merchants and banks don’t hold consumers financially responsible for fraudulent transactions that they are the innocent victims of. Instead the businesses absorb and redistribute the losses silently, passing them on in the invisible forms of higher prices, fees, and interest rates. Businesses know that if consumers had to accept those losses personally most online commerce would collapse. Instead, they routinely hide the losses, keeping the magnitude secret so the public is generally unaware. It’s a good business strategy.

Read full story

As states warm to online voting, experts warn of trouble ahead

By Greg Gordon - McClatchy Washington Bureau

A Pentagon official sat before a committee of the Washington State Legislature in January and declared that the U.S. military supported a bill that would allow voters in the state to cast election ballots via email or fax without having to certify their identities.

Military liaison Mark San Souci’s brief testimony was stunning because it directly contradicted the Pentagon’s previously stated position on online voting:

It’s against it.

Along with Congress, the Defense Department has heeded warnings over the past decade from cybersecurity experts that no Internet voting system can effectively block hackers from tampering with election results.

And email and fax transmissions are the most vulnerable of all, according to experts, including officials at the National Institute of Standards and Technology, which is part of the Commerce Department.

San Souci declined to comment. A Pentagon spokesman, Lt. Cmdr. Nathan Christensen, said the Defense Department “does not advocate for the electronic transmission of any voted ballot, whether it be by fax, email or via the Internet.”

The Washington state legislation is dead for this year. But the episode provides a window into how the voting industry, with an occasional boost from the Pentagon, is succeeding in selling state and local officials on the new technology, despite predictions of likely security breaches.

It’s also put state lawmakers and election officials at odds with their counterparts in the other Washington: the nation’s capital.

Read Full Story


Latest Internet voting reports show failures across the board

According to reports obtained by Al Jazeera America, Toronto found proposed Internet voting platforms below standards.

Internet voting, a technology often cited as a solution to the United States' problematic voting machines, received failing security and accessibility grades in the latest in-depth audit conducted by the City of Toronto. Two of the three vendors audited by the city currently have contracts with over a dozen U.S. jurisdictions for similar technologies.

The accessibility report, prepared by researchers at the Inclusive Design Research Centre at OCAD University, and the security report, prepared by researchers at Concordia and Western universities, were obtained by Al Jazeera America through a Freedom of Information Act request.

Proponents of Internet voting, largely disabilities groups and advocates for military voters overseas, point to the apparent ease-of-use of other Internet-based activities, such as banking, and claim the technology would lead to higher turnout rates.  

The reports highlight the difficulty in creating a voting system that isn't more susceptible to corruption than existing voting technology and that is easy enough to use for voters with a variety of personal computer setups, including those with disabilities who often use alternatives to traditional mice, keyboards and screens.

Thirty-one states in the U.S. allow overseas and military voters to print and deliver ballots electronically. A Pentagon unit, the Federal Voting Assistance Program (FVAP) has largely spearheaded the effort by funding state programs providing assistance to overseas troops and others. A nonprofit watchdog group, the Electronic Privacy Information Center, sued FVAP last month to force them to disclose their own audits of Internet voting conducted three years ago. In 2012 the program told Congress it would release the records to the public by the middle of 2013.

Other countries including Germany and the Netherlands have banned all forms of electronic voting, including Internet voting. Norway experimented with Internet voting in 2011 and 2013 for a select subset of voters. A recent government-commissioned report on the trial found that it did not increase voter turnout nor did it mobilize smaller demographic groups. Officials noted that increasing turnout was not an intended or expected outcome and it confirmed previous findings that voting was easier for some, but those with disabilities had issues with error messages, text contrast and other elements.

Read full story

Why Voting Online Puts Your Vote and Privacy at Risk

Written by Susannah Goodman, Pamela Smith

Twenty-three states and the District of Columbia allow military and overseas voters (not domestic voters)  to return voted ballots by email, facsimile and/or other Internet transmission; six allowInternet return for military members in “hostile fire” zones, and one – Alaska -- allows it for all absentee voters. But Internet voting is very insecure; ballots returned this way are at risk for manipulation, loss or deletion. 

According to the National Institute for Standards and Technology, the agency charged with reviewing the security of Internet voting systems, even the most sophisticated cyber security protections cannot secure voted ballots sent over the Internet and secure Internet voting is not feasible at this time. The integrity and reliable delivery of ballots returned electronically over online balloting systems – even those that employ security tools such as encryption or virtual private networks -- can’t be guaranteed.

Just as important, ballots sent by electronic transmission cannot be kept private. Most States which accept electronically transmitted ballots require voters to sign a waiver forfeiting the right to a secret ballot.  In some cases, this waiver conflicts with state law or constitutional provisions which guarantee the right to a secret ballot. 

In light of these facts, cybersecurity experts at the Department of Homeland Security have advised against sending marked ballots back via email or Internet portal. Moreover, the Department of Defense’s Federal Voting Assistance Program (FVAP) has advised that postal return of voted ballots is the most responsible method of ballot return.

Read Full Story

Why You Can't Vote Online

Fundamental security problems aren’t solved, computing experts warn.

By David Talbot

A decade and a half into the Web revolution, we do much of our banking and shopping online.   So why can’t we vote over the Internet? The answer is that voting presents specific kinds of very hard problems.

Even though some countries do it and there have been trial runs in some precincts in the United States, computer security experts at a Princeton symposium last week made clear that online voting cannot be verifiably secure, and invites disaster in a close, contentious race.

“Vendors may come and they may say they’ve solved the Internet voting problem for you, but I think that, by and large, they are misleading you, and misleading themselves as well,” Ron Rivest, the MIT computer scientist and cryptography pioneer, said at the symposium. “If they’ve really solved the Internet security and cybersecurity problem, what are they doing implementing voting systems? They should be working with the Department of Defense or financial industry. These are not solved problems there.”

The unsolved problems include the ability of malicious actors to intercept Internet communications, log in as someone else, and hack into servers to rewrite or corrupt code. While these are also big problems in e-commerce, if a hacker steals money, the theft can soon be discovered. A bank or store can decide whether any losses are an acceptable cost of doing business.

Voting is a different and harder problem. Lost votes aren’t acceptable. And a voting system is supposed to protect the anonymity of a person’s vote—quite unlike a banking or e-commerce transaction—while at the same time validating that it was cast accurately, in a manner that maintains records that a losing candidate will accept as valid and verified.

Given the well-understood vulnerabilities of networked computer systems, the problem is far from solved, says David Dill, a Stanford computer scientist. “Basically, it relies on the user’s computer being trustworthy. If a virus can intercept a vote at keyboard or screen, there is basically no defense,” Dill says. “There are really fundamental problems. Perhaps a system could be tightened so some particular hack won’t work. But overall, systems tend to be vulnerable.” 

This year, the U.S. Department of Defense canceled plans to allow Internet voting by military personnel overseas after a security team audited a $22 million system developed by Accenture and found it vulnerable to cyberattacks.

Read the Full Story