The web: Hardly ready for Internet voting.

So many articles this week demonstrating that the web is not safe for voting. Especially when in the hands of under-resourced government agencies and political parties. (It is also unsafe in the hands of fully-resourced governments and cyber-experts.)

 

  • Singapore plans to take its Government offline.
  • Then we have an above average size government agency that cannot create a safe voter registration system.
  • Meanwhile the party that allows overseas voters to participate in its primaries via Internet voting has its own problems.

As CTVotersCount readers know, Internet voting should not be compared to a normal application. Its not like the risk of copying some public information, information that should be public, stealing a few million from a bank. Its about billions in government spending, changing election results and covering that up.

So many articles this week demonstrating that the web is not safe for voting. Especially when in the hands of under-resourced government agencies and political parties.  (It is also unsafe in the hands of fully-resourced governments and cyber-experts.)

Singapore plans to take its Government offline (that is all employees to use a closed network). Der Spiegal <read if you know German>.  The short version is they do secret banking like Switzerland and they do not believe they can protect their tax avoiding customers.  On the other hand it might keep the public from finding out what they are doing in other government activities.  I for one, would not bet on this working.  There are a lot of holes and vulnerabilities in any system, especially when big $ are involved.

Then we have an above average size government agency that cannot create a safe voter registration system, i.e. Washington D.C.  Washington Post: Glitch believed to be based in mobile app erases some D.C. voters’ party affiliation  <read>  D.C. is pretty good size, compared to the average of the 169 towns in Connecticut that would have been charged with implementing and protecting Internet voting if the General Assembly had had its way.  P.S.  Even with help, D.C. had its own problems with Internet voting <read>

Meanwhile the party that allows overseas voters to participate in its primaries via Internet voting has its own problems. Wired: Russia’s Breach of the DNC Is About More Than Trump’s Dirt <read>

As CTVotersCount readers know, Internet voting should not be compared to a normal application.  Its not like the risk of copying some public information, information that should be public, stealing a few million from a bank.  Its about billions in government spending, changing election results and covering that up. E.g from the Daily Dot:  Online voting is a cybersecurity nightmare <read>

Why Online Voting is a Danger to Democracy

An article by David Dill, founder of Verified Voting, from Stanford University: Why Online Voting is a Danger to Democracy

How could we be fooled?

Suppose masses of emails get sent out to naive users saying the voting website has been changed and, after you submit your ballot and your credentials to the fake website, it helpfully votes for you, but changes some of the votes. You also have bots where millions of individual machines are controlled by a single person who uses them to send out spam…

How bad could it be?…

An article by David Dill, founder of Verified Voting, from Stanford University: Why Online Voting is a Danger to Democracy <read>

How could we be fooled?

Suppose masses of emails get sent out to naive users saying the voting website has been changed and, after you submit your ballot and your credentials to the fake website, it helpfully votes for you, but changes some of the votes. You also have bots where millions of individual machines are controlled by a single person who uses them to send out spam…

How bad could it be?

Without being paranoid, there are reasons to believe that people would want to affect the outcome of elections. Right now, they spend billions of dollars trying to do it through campaign contributions and advertising and political consultants and all of that…What is the value of controlling the U.S. presidency? …

Professor Dill ends by explaining the current necessity of paper ballots:

We’ve had a long time to work out the procedures with paper ballots and need to think twice before we try to throw a new technology at the problem. People take paper ballots for granted and don’t understand how carefully thought through they are.

We would add that even paper is vulnerable.  We like the public counting of the paper by optical scanners, followed by strong ballot security, meaningful post-election audits, and close vote recounts.

If they fear Internet privacy and security, why would they vote that way?

A new government survey highlights the consequences of Internet insecurity.  From the Washington Post: Why a staggering number of Americans have stopped using the Internet the way they used to <read>

Nearly one in two Internet users say privacy and security concerns have now stopped them from doing basic things online — such as posting to social networks, expressing opinions in forums or even buying things from websites, according to a new government survey released Friday…

The research suggests some consumers are reaching a tipping point where they feel they can no longer trust using the Internet for everyday activities…

A new government survey highlights the consequences of Internet insecurity.  From the Washington Post: Why a staggering number of Americans have stopped using the Internet the way they used to <read>

Nearly one in two Internet users say privacy and security concerns have now stopped them from doing basic things online — such as posting to social networks, expressing opinions in forums or even buying things from websites, according to a new government survey released Friday.

This chilling effect, pulled out of a survey of 41,000 U.S. households who use the Internet, show the insecurity of the Web is beginning to have consequences that stretch beyond the direct fall-out of an individual losing personal data in breach. The research suggests some consumers are reaching a tipping point where they feel they can no longer trust using the Internet for everyday activities…

The survey showed that nearly 20 percent of the survey’s respondents had personally experienced some form of identity theft, an online security breach, or another similar problem over the year before the survey was taken last July. Overall, 45 percent said their concerns about online privacy and security stopped them from using the Web in very practical ways…

“NTIA’s initial analysis only scratches the surface of this important area, but it is clear that policymakers need to develop a better understanding of mistrust in the privacy and security of the Internet and the resulting chilling effects,” wrote Goldberg, the NTIA analyst. “In addition to being a problem of great concern to many Americans, privacy and security issues may reduce economic activity and hamper the free exchange of ideas online.”

 

Amid positive systems news, SOTS recognizes online registration issues

As we mentioned earlier in the week, Connecticut State systems are an embarrassment and our Online Voter Registration system was down Saturday morning.  Apparently it has been down more than that. Yesterday the Secretary of the State took note in a press release

It has come to the agency’s attention that there were intermittent slowdowns and disruptions to the online voter registration system.

UPDATED

As we mentioned earlier in the week, Connecticut State systems are an embarrassment and our Online Voter Registration system was down Saturday morning.  Apparently it has been down more than that. Yesterday the Secretary of the State took note in a press release <read>

It has come to the agency’s attention that there were intermittent slowdowns and disruptions to the online voter registration system. It is now back up and running and we encourage people to use the system. We are working with our IT specialists to identify the issue. At this point, there is no evidence that any agency is to blame. We are working with our vendor to ensure that any problems that arise are addressed immediately. Thousands of people continue to use the system successfully.
Perhaps it took a while to notice the problems amid the interviews touting its success <e.g.>

 

And touting the success of the new election night reporting system, which has yet to be used in a real election.  The real test will come in November <e.g.>

,

We strongly support an online reporting system.  The SOTS Office failed a couple of times when they did not listen to legitimate concerns of registrars of voters across the state.  We are hoping this one works well or that they continue until they listen and fix any problems.

 

Meanwhile another Justice Department investigation.  This one regarding compliance with the Motor Voter Law <read>

The section of the law the Justice Department is accusing Connecticut of violating is related to motor vehicle registration.

“Our investigation indicates widespread noncompliance with Section 5 in Connecticut,” Vanita Gupta, principal deputy assistant attorney general

Update 4/21/2016*********************************************

The Hour has more details <read>

Connecticut Makes National Short List – Embarrassing

Yesterday the Connecticut Online Voter Registration System was down for the morning.  Reminiscent of last fall when the system was down for most of the last day local election officials had to print voter lists for polling places in the November election.

Last week Reuters covered a study of cybersecurity and Connecticut was cited as one of the weakest states. It also cited the U.S. Government as worse than most U.S. Corporations.

We sadly await the Election Day when the Connecticut voter registration system is down, especially with no contingency plan for Election Day Registration. Don’t say “Who Could Have Imagined”, we did.

Yesterday the Connecticut Online Voter Registration System was down for the morning.  Reminiscent of last fall when the system was down for most of the last day local election officials had to print voter lists for polling places in the November election.

Last week Reuters covered a study of cybersecurity and Connecticut was cited as one of the weakest states. It also cited the U.S. Government as worse than most U.S. Corporations:  U.S. government worse than all major industries on cyber security <read>

U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday.

The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering, such as an employee using corporate account information on a public social network.

Educations, telecommunications and pharmaceutical industries also ranked low, the report found. Information services, construction, food and technology were among the top performers…

Other low-performing government organizations included the U.S. Department of State and the information technology systems used by Connecticut, Pennsylvania, Washington and Maricopa County, Arizona.

We sadly await the Election Day when the Connecticut voter registration system is down, especially with no contingency plan for Election Day Registration. Don’t say “Who Could Have Imagined”, we did.

Apple vs. the Government: Security and Privacy overlap

Apple is right to object to the government’s request to help open an iPhone.  Many claim it is an issue of balance between Security and Privacy. Perhaps. Yet, the Constitution talks of the the right of the people to be Secure in their effects.

To all those voices discussing this issue, we add:

  • Cracking “just one phone” and destroying the program thereafter is a myth…

While we applaud Apple’s efforts to make it impossible to crack new iPhones, such claims, in our view, are mythical.

Apple is right to object to the government’s request to help open an iPhone.  Many claim it is an issue of balance between Security and Privacy. Perhaps. Yet, the Constitution talks of the the right of the people to be Secure in their effects.

To all those voices discussing this issue, we add:

  • These same agencies spied illegally on the staff of the congressional committee whose job was oversight of those same agencies.
  • Employees of these same agencies used their illegal powers to spy on ex-wives etc.
  • Security in these same agencies is such that a young contractor could access and download unlimited highly classified documents, i.e. Ed Snowden.
  • Cracking “just one phone” and destroying the program thereafter is a myth.  It would be impossible to prove that all copies of the software were destroyed, that some low-level (or high-level) Apple or government employee did not keep copies of the code, or knew enough to recreate it.

While we applaud Apple’s efforts to make it impossible to crack new iPhones, such claims, in our view, are mythical:

  • Nobody, even Apple, can guarantee that any complex software is free of bugs, that could open a back door.
  • Nobody, even Apple, can guarantee an intentional back door was not added by an employee or contractor.
  • Nobody can be sure that the software and firmware actually present on your smartphone matches the software version created by the manufacturer.
  • Software or firmware could be specially installed with a backdoor or to create a “man in the middle attack”, with an interface between your screen and the expected smartphone software.
  • My iPhone, like most comes from a third party. In my case AT&T, which does not support Apple’s position.  What would AT&T do when the government next asks for their help?  What would a low level employee – a dedicated “patriot” – do?

For more details and opinions on the controversy, see Dan Wallach’s comments at Freedom To Tinker: Apple, the FBI, and the San Bernadino iPhone <read>

And Jenna McLaughlin at the Intercept Apple Slams Order to Hack a Killer’s iPhone, Inflaming Encryption Debate <read>

 

Brennan Center: Election Integrity: A Pro-Voter Agenda

Whenever we open a report with multiple recommendations we start from a skeptical point of view. We expect to agree with some proposals and disagree with others.  A new report from the Brennan Center for Justice is the exception.  We agree with every recommendation:
Election Integrity: A Pro-Voter Agenda

It starts with the right criteria, it has a great agenda, strong supporting arguments, and ends with an appropriate call to action

Whenever we open a report with multiple recommendations we start from a skeptical point of view. We expect to agree with some proposals and disagree with others.  A new report from the Brennan Center for Justice is the exception.  We agree with every recommendation:
Election Integrity: A Pro-Voter Agenda <read>

It starts with the right criteria it has a great agenda, strong supporting arguments, and ends with an appropriate call to action:

This history strongly suggests two overarching principles that should guide any further efforts to secure election integrity. Such efforts should have two key elements:

  • First, they should target abuses that actually threaten election security.
  • Second, they should curb fraud or impropriety without unduly discouraging or disenfranchising eligible voters.

Efforts that do not include these elements will just result in burdens to voters and little payoff.

One: Modernize Voter Registration to Improve Voter Rolls

Two: Ensure Security and Reliability of Our Voting Machines

Three: Do Not Implement Internet Voting Systems Until Security is Proven

Four: Adopt Only Common-Sense Voter Identification Proposals

Five: Increase Security of Mail-In Ballots

Six: Protect Against Insider Wrongdoing

We do not have to choose between election integrity and election access. Indeed, free and fair access is necessary for an election to have integrity. This report examined genuine risks to the security of elections, highlighting current vulnerabilities as well as those that will be faced in the future. Recommendations have been made about how to reduce each risk. We invite and urge policymakers to tackle these problems.

As  examples, we particularly support its call for sufficient post-election audits and attention to detecting, preventing, and punishing insider fraud:

Require Post-Election Audits. Many machines now issue a paper record of a voter’s selection. But these records are of little security value without audits to ensure that vote tallies recorded by a particular machine match any paper records. Despite near universal expert agreement on the need for audits, some vendors have vigorously opposed these paper trails, contending that they increase costs and slow the voting process. Security experts also recommend that states pass laws for effective “risk-limiting audits.” These require examination of a large enough sample of ballots to provide statistically “strong evidence that the reported election outcome was correct — if it was.” Also, the audit process should not rely on any one individual who might be in a position to manipulate either the voting machine or the recount device. According to experts, these insider attacks are the most difficult to stop. Voting technology experts also say machines must be “software independent,” which is technically defined as when “an (undetected) change or error in its software cannot cause an undetectable change or error in an election outcome,” but practically speaking means that the election results can be captured independently of the machine’s own software. Auditors should be assigned randomly to further ensure the process is not being gamed. Finally, audits should be as transparent as possible. This not only is essential to garnering public confidence, but can show a defeated candidate that she lost the election in a contest that was free and fair…

It is not surprising that many instances of election fraud, both historically and in the present day, involve the actions of insiders. Recent abuses by insiders have included lawmakers lying about where they live, magistrate judges willfully registering ineligible persons, and legislators running fraudulent absentee ballot schemes. A pollworker in Ohio was famously found guilty of using her authority and training to conduct voter fraud and take certain steps to evade detection. Culprits have even included the chief election officer of Indiana. This is why election officials and workers should receive special attention because their insider status increases their opportunity to both abuse the system and avoid detection. Moreover, when organizational leaders are involved in wrongdoing, it can create a culture for fraud, encouraging others to commit misconduct.

 

Will encryption save us? No, “It’s Saturday Night!”

Last Saturday, some may have been channel surfing and mistakenly thought they were watching Saturday Night Live.  As one the 2% of voters spending last Saturday night intentionally watching the debate between the Democratic candidates and two ABC hosts, I was not the only one that noticed the flaws in one candidate’s claims for encryption that went unchallenged.

Fortunately, Jenna McLaughlin of The Intercept articulates the issues and the faulty assumptions of candidates and pundits: Democratic Debate Spawns Fantasy Talk on Encryption <read>

During Saturday’s debate, Democratic presidential frontrunner Hillary Clinton said the U.S. should commission a “Manhattan-like project,” a reference to the secret World War II-era atomic bomb endeavor, to address the alleged threat encryption poses to law enforcement. She also admitted she doesn’t actually understand the technology.

Last Saturday, some may have been channel surfing and mistakenly thought they were watching Saturday Night Live.  As one the 2% of voters(*) spending last Saturday night intentionally watching the debate between the Democratic candidates and two ABC hosts, I was not the only one that  noticed the flaws in one candidate’s claims for encryption that went unchallenged.

Fortunately, Jenna McLaughlin of The Intercept articulates the issues and the faulty assumptions of candidates and pundits: Democratic Debate Spawns Fantasy Talk on Encryption <read>

During Saturday’s debate, Democratic presidential frontrunner Hillary Clinton said the U.S. should commission a “Manhattan-like project,” a reference to the secret World War II-era atomic bomb endeavor, to address the alleged threat encryption poses to law enforcement. She also admitted she doesn’t actually understand the technology.

Clinton was largely parroting a popular FBI talking point that’s been highly publicized following the terrorist attacks in Paris and San Bernardino — that encryption is law enforcement’s Achilles heel in preventing crime — though there’s no evidence encryption enabled the plots to go undetected…

..law enforcement argues, the government needs some sort of a way in — a “backdoor,” “front door,” or “golden key” — to stop the bad guys in their tracks. For months, FBI Director James Comey has been proclaiming his wish for some sort of magical solution to allow law enforcement access to encrypted communications. Comey has repeatedly insisted that smart people working on technology simply need to try harder, or be incentivized properly.

But technologists and cryptographers have been saying for years that it’s impossible — without severely handicapping the protection encryption affords its users…

Yet the government has never presented a clear case where encryption has crippled a critical terrorism investigation, and law enforcement has other investigative tools in its arsenal — like traditional informants and tips, for example. Even when encryption is present, there is evidence that the FBI and other government agencies can hack into suspects’ computers and phones — bypassing encryption entirely.

And as Ed Snowden reminds us, be careful in setting precedents:

No matter how good the reason, if the U.S. sets the precedent that Apple has to compromise the security of a customer in response to a piece of government paper, what can they do when the government is China and the customer is the Dalai Lama?” he wrote to The Intercept in July.

Perhaps it is too much to ask in the limitations of the debate format, no candidate challenged these remarks and assumptions. Yet it is not just candidates and government officials that need to be fact checked. Increasingly it is correspondents and debate moderators:

Raddatz, ABC News’ chief global affairs correspondent, framed her questions in the debate as being about encryption as a “new terrorist tool used in Paris.” But criminals and terrorists have been using encryption for years, and encryption is also used legitimately by people around the world to protect sensitive information.

Read the full article for more of the arguments against and references to other pertinent articles.

* You might rate us “Mostly True” here as we rely on media reports that just under 8 million tuned in to the debates, assuming they reflected the U.S. population and most were eligible to vote, although considerably fewer do so.

What if we used computers for voting, not just driving?

From OpEd News, Interview with Barbara Simons: What the Heck Does the Recent Volkswagen Scandal Have to Do with Our Elections? <read full interview>

Since the Volkswagen hacking was disclosed we have been using that to highlight the potential of rigged elections as we have for earlier, more dramatic, vehicle hacking demonstrations.

Any large software program contains undetected bugs. That’s why software vendors such as Microsoft and Apple send out frequent software updates, many of them to fix security holes. Likewise, it also can be very difficult to detect cleverly hidden malware.Computers can greatly facilitate both car performance and ballot tabulation. But just as laboratory tests are not adequate for testing pollution controls in the presence of malware, so too we cannot depend solely on voting system “certification” to verify that our voting systems are accurate and secure

From OpEd News, Interview with Barbara Simons: What the Heck Does the Recent Volkswagen Scandal Have to Do with Our Elections? <read full interview>

Since the Volkswagen hacking was disclosed we have been using that to highlight the potential of rigged elections as we have for earlier, more dramatic, vehicle hacking demonstrations.

Both modern cars and voting systems are significantly computerized. VW was playing a very high stakes financial game that led someone to installed cheating software (malware).

The stakes are also very high in modern elections. I continue to be amazed that some losing candidates either are pressured not to rock the boat – sometimes by their own party (I know of candidates to whom this was done) – or actually accept negative results without questioning the computerized voting machines that “declare” those results.

Any large software program contains undetected bugs. That’s why software vendors such as Microsoft and Apple send out frequent software updates, many of them to fix security holes. Likewise, it also can be very difficult to detect cleverly hidden malware.

Computers can greatly facilitate both car performance and ballot tabulation. But just as laboratory tests are not adequate for testing pollution controls in the presence of malware, so too we cannot depend solely on voting system “certification” to verify that our voting systems are accurate and secure

Read the full interview <read>

 

CT Lottery Hacked. Claimed to be easy “unsophisticated” hack

Once again, we wonder which is safer Gambling or Voting?

Courant story:  Suspended Lottery Game Had Too Many Winners <read>

Just how some lottery agents were able to manipulate their machines is not clear, but
investigators believe there was a vulnerability between the time a ticket was ordered at a terminal when it was printed…

[Consumer Protection Commissioner Jonathan] Harris said he does not think those who manipulated the system were sophisticated hackers, but rather people who were able to figure out how the lottery terminals work.

We are not reassured.

Once again, we wonder which is safer Gambling or Voting?

Courant story:  Suspended Lottery Game Had Too Many Winners <read>

The Connecticut Lottery and state Department of Consumer Protection shut down the 5 Card Cash game after noticing there were more winners than the game’s parameters should have allowed, and determining that some lottery agents were manipulating machines to print more winning tickets and fewer losers…

Just how some lottery agents were able to manipulate their machines is not clear, but
investigators believe there was a vulnerability between the time a ticket was ordered at a terminal when it was printed…

[Consumer Protection Commissioner Jonathan] Harris said he does not think those who manipulated the system were sophisticated hackers, but rather people who were able to figure out how the lottery terminals work.

As for how many agents and terminals were involved, “That’s the part we still don’t know,”  Harris said. It’s also not clear how much money was lost, Harris said...

Lora Rae Anderson, a spokeswoman for the Department of Consumer Protection, said the fact  there were more winners than there should have been raised a flag

The Connecticut Lottery and the state Department of Consumer Protection were alerted to the  possibility of problems involving 5 Card Cash a year ago. A lottery retailer in Weston was accused of holding back winning tickets and selling losing tickets to unsuspecting customers. State authorities were alerted and suspended the retailer’s license to sell lottery tickets.

We are not reassured.

  • Is it really an unsophisticated hack?  If that is true we are concerned because,
    • The vulnerability was not corrected in a year
    • They have no idea who did it, how often it was done, how exactly it is accomplished, and how much was stolen
    • Apparently ignored red flags that too much money was being awarded
  • Yet, it could be sophisticated, which would be even more concerning, since they apparently have gotten away with the money

We ask:

  • Why do they assume it was unsophisticated hackers?
  • Was it really a hack? Or the did the system simply pay out too much?
  • What kind of security expertise does the vendor have, if a system could be broken by unsophisticated hackers?
  • What kind of security review and testing does the Lottery employ, if any?
  • Is anyone sure the random algorithms that choose winners are operating correctly?
  • Are they sure it is not an inside job?
  • Is there an audit trail of tickets cancelled?  Can’t they tell which terminals cancelled numbers of losing tickets?

We also wonder if the Lottery is up to the standards of Los Vegas gambling machines or closer to the weaker standards of voting machines <compare>