Category: Internet Voting

Act Now! – Oppose H.B. 5903 – Protect Soldiers’ Votes

The Government Administration and Elections Committee (GAE) has passed a bill that will threaten the security and privacy of military absentee votes, H.B. 5903. And it could be expensive!

It sounds good but, in addition to CTVotersCount, it is opposed by computer scientists, TrueVoteCT members, and Secretary of the State Susan Bysiewicz.

The Government Administration and Elections Committee (GAE) has passed a bill that will threaten the security and privacy of military absentee votes, H.B. 5903

And it could be expensive!

It sounds good but, in addition to CTVotersCount, it is opposed by computer scientists, TrueVoteCT members, and Secretary of the State Susan Bysiewicz.

NOW is a critical time. The bill will soon be before the full CT House and Senate.

Call or email your State Senator and Representative NOW. Tell them you want to preserve the security and privacy of military votes.

Find your CT Senator and Representative: http://www.cga.ct.gov/maps/Townlist.asp

From the testimony of Susan Bysiewicz,Secretary of the State

This bill serves a noble purpose…After repeated attempts to initiate a secure online voting system, members of the original DOD peer review panel found a number of security risks. Further, I their June 2007 elections report, the United States Government Accountability Office stated that the federal government has not yet developed sufficient absentee voting guidelines for this kind of use.

Until an internet system is designed to safeguard against security risks, I have proposed extending the timeframe by which military personnel can obtain a blank ballot from 90 days before the election to the first business [sic] of the calendar year of the election. In addition, I propose that Connecticut allow the electronic transmission of absentee ballot applications and blank ballots. These simple steps would greatly extend voting opportunities for members of the Armed Forces without posing additional security risks.

Here is the bill: <read>

What are the problems with H.B. 5903?

  • It will threaten the privacy and security of soldiers’ votes.
  • Any threat to the private vote threatens everyone’s votes and Democracy.
  • It may be costly, perhaps several million $ in start-up costs and $500 per vote cast.

There has been a strong coordinated move to pass such bills in many legislatures across the country. So far few states have been taken in. However, in Connecticut this bill passed the Government Elections and Administration Committee without discussion, unanimously. We assume, because it sounds good and has the claim of helping our military.

Even though the Office of Fiscal Analysis says it will have no costs to the State or municipalities, it is hard to believe that the Secretary of the State could create regulations to accomplishes this without a great deal of expensive research and implementation costs, when computer scientists are skeptical that it is possible and believe it is risky to military voters and the rest of us as well. Vendors are proposing accomplishing this in other states at great costs such as $4,000,000 start-tup costs and $100,000 per county annually.

Connecticut has a problem with facilitating overseas military voting, however, Minnesota has already solved the same problems we have without resorting to the unnecessary risks and costs of this bill. In fact, the improvements in Minnesota have been cited by a veterans group: <read>

Here is the Technologists’ Statement On Internet Voting: <read>

FL: Internet Voting Skepticism Has Promise

Opponents of Internet voting argue that security risks are too plentiful and blatant to ignore. They point to the threat of hackers and other forms of fraud, as well as glitches that could prevent votes from being counted or result in a miscount.

Those are legitimate concerns. Any efforts to expand the role of Internet voting must be vetted in the most public way possible, open to examination by the nation’s top computer experts.

Editorial, Internet voting has promise, discusses their wish for Internet voting, but in the end correctly points out that it should be subject to “open to examination by the nation’s top computer experts.”

That is all that is asked by the Technologists’ Statement On Internet Voting.

But in the Connecticut Legislature is full speed ahead for Internet voting despite the opposition of CTVotersCount, TrueVoteCT, and the Secretary of the State, Susan Bysiewicz. See HB-5903. Hopefully, the Office of Fiscal Analysis will point out the expense of whatever process is used for Internet voting for each of our 169 municipalities. Our earlier coverage.

Fort Meyers News-Press Editorial <read>

Opponents of Internet voting argue that security risks are too plentiful and blatant to ignore. They point to the threat of hackers and other forms of fraud, as well as glitches that could prevent votes from being counted or result in a miscount.

Those are legitimate concerns. Any efforts to expand the role of Internet voting must be vetted in the most public way possible, open to examination by the nation’s top computer experts.

But it doesn’t make sense that citizens can perform so many other vital transactions online, using Web sites that are trusted to be secure, yet can’t have a secure option for voting online – or at least registering to vote.

We agree that registration and even sending ballots to the Military can be accomplished.  We are less sure of the journalists’ predictions:

Finding a way to incorporate one of the world’s greatest technological advances – the Internet – should only be a matter of time.

Sometimes technology evolves as we wish and sometimes it does not — remember Nuclear Fusion, Toxic Waste Storage…I remember a childhood friend that just kept smoking assuming “scientists will come up with a cure before I get lung cancer”.  I hope he changed his mind and quit.  Unfortunately, when we risk Democracy on  an unproven technology the cure may also be too late.



Soldiers’ Votes and Democracy At Risk In CT

Despite opposition by the Secretary of the State, Susan Bysiewicz, TrueVoteCT members, CTVoters Count, and the League of Women Voters, HB-5903 was as voted out of the General Administration and Elections Committee unanimously today. The bill will allow members of the military to submit absentee votes electronically.

This not a wild theoretical concern: Ironically, CNN has just reported that the Chinese or others have software they have used to infiltrate critical computers around the world

Despite opposition in testimony by the Secretary of the State, Susan Bysiewicz, TrueVoteCT members, CTVoters Count, and the League of Women Voters,  HB-5903 was as voted out of the General Administration and Elections Committee unanimously today.  The bill will allow members of the military to submit absentee votes electronically. <testimony>  Our testimony was not listed under the bill but is available online at <CTVotersCount Testimony>.  As covered by the Secretary of the State, the Department of Defense and Goverment Accountability Office have concerns with the security of internet voting.  Our testimony referenced the Technologists Statement On Internet Voting.

Because of the increasing frequency of proposals to allow remote voting over the internet, we believe it is necessary to warn policymakers and the public that secure internet voting is a very hard technical problem, and that we should proceed with internet voting schemes only after thorough consideration of the technical and non-technical issues in doing so.

Here is the critical text from the bill:

28        (b) Notwithstanding the provisions of subsection (a) of this section,

29   the Secretary of the State shall work in conjunction with the Sta te

30    Elections Enforcement Commission and the United States Department

31    of Defense Federal Voting Assistance Program to ensure that any

32    absent uniformed services voter, as defined in 42 USC 1973ff-6, may

33    utilize a secure electronic transmission system for the transmittal of: (1)

34    The federal postcard application form provided for pursuant to the

35    Uniformed and Overseas Citizens Absentee Voting Act, 100 Stat. 924,

36    42 USC 1973ff et seq., as amended from time to time, and (2) any

37    absentee ballot issued pursuant to subsection (a) of this section or

38    section 9-140.

39      (c) The Secretary of the State, in consultation with the State Elections

40    Enforcement Commission and the Office of Military Affairs shall adopt

41    regulations in  accordance  with  the  provisions  of  chapter  54,  to

42   implement  the  provisions  of  subsection  (b)  of  this  section.  Such

43    regulations, at a minimum, shall provide that an absent uniformed

44    services voter shall not be required to submit a paper absentee ballot in

45    addition to the electronic submission of such a ballot pursuant to

46    subsection (b) of this section.

Putting soldiers’ votes at risk threatens us and democracy as well.  The election results and our democracy depend on the privacy, security, and accuracy of every vote.

This not a wild theoretical concern: Ironically,  CNN has just reported that the Chinese or others have software they have used to infiltrate critical computers around the world: <read>

One report was issued by the University of Toronto’s Munk Center for International Studies in conjunction with the Ottawa, Canada-based think tank The SecDev Group; the second came from the University of Cambridge Computer Laboratory.

Researchers have dubbed the cyber-espionage network GhostNet. The network can not only search a computer but see and hear the people using it, according to the Canadian report.

“GhostNet is capable of taking full control of infected computers, including searching and downloading specific files, and covertly operating attached devices, including microphones and web cameras,” the report says.

Hardly reassuring is that it might not be the Chinese Government, but could in the future be citizen hackers, the U.S. Military itself or Israel:

“Chinese cyber espionage is a major global concern… (b)ut attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading,” says the Canadian report, titled, “Tracking GhostNet: Investigating a Cyber Espionage Network.”

“The sheer number of young digital natives online can more than account for the increase in Chinese malware,” it adds.

But the report also points out that China is among a handful of countries, also including the United States, Israel and the United Kingdom, which are “assumed” to have considerable cyber-espionage capabilities

CIA Agent: Electronic Voting Risky

“I follow the vote. And wherever the vote becomes an electron and touches a computer, that’s an opportunity for a malicious actor potentially to . . . make bad things happen.”

We agree with the agent that electronic voting can be compromised, but some details in the testimony are questionable.

Update 5/7/2009 Boston Progressive Examiner: Electronic voting machines in U.S. at risk from foreign hackers attacking military computers <read>

The U.S. Election Assistance Commission should be paying attention to what has been happening at the Department of Defense. America is under cyber attack each day with thousands of attacks on defense websites. As computer technology spreads in election offices around the country the risk of foreign hacking of American elections grows.

Update 4/8/2009 Wall Street Journal: Electricity Grid in U.S. Penetrated By Spies <read>

Last year, a senior Central Intelligence Agency official, Tom Donahue, told a meeting of utility company representatives in New Orleans that a cyberattack had taken out power equipment in multiple regions outside the U.S. The outage was followed with extortion demands, he said…

The sophistication of the U.S. intrusions — which extend beyond electric to other key infrastructure systems — suggests that China and Russia are mainly responsible, according to intelligence officials and cybersecurity specialists. While terrorist groups could develop the ability to penetrate U.S. infrastructure, they don’t appear to have yet mounted attacks, these officials say.

*************************Original post:

McClatchy:  Most electronic voting isn’t secure, CIA expert says<read>

“You heard the old adage ‘follow the money,’ ” Stigall said, according to a transcript of his hour-long presentation that McClatchy obtained. “I follow the vote. And wherever the vote becomes an electron and touches a computer, that’s an opportunity for a malicious actor potentially to . . . make bad things happen.”

Stigall said that voting equipment connected to the Internet could be hacked, and machines that weren’t connected could be compromised wirelessly. Eleven U.S. states have banned or limited wireless capability in voting equipment, but Stigall said that election officials didn’t always know it when wireless cards were embedded in their machines.

While Stigall said that he wasn’t speaking for the CIA and wouldn’t address U.S. voting systems, his presentation appeared to undercut calls by some U.S. politicians to shift to Internet balloting, at least for military personnel and other American citizens living overseas. Stigall said that most Web-based ballot systems had proved to be insecure.

We agree with the agent that electronic voting can be compromised, but some details in the testimony are questionable.

Appearing last month before a U.S. Election Assistance Commission field hearing in Orlando, Fla., a CIA cybersecurity expert suggested that Venezuelan President Hugo Chavez and his allies fixed a 2004 election recount, an assertion that could further roil U.S. relations with the Latin leader.

Both a Princeton/Johns Hopkins study and the Carter Center have studied the Venezuelan election and refute some of these contentions in that particular case.

PRINCETON, N.J. — An analysis of polling data from the Aug. 15 referendum in Venezuela to recall President Hugo Chávez indicates that certain forms of computer fraud were unlikely to have occurred during the electronic voting process, according to a study by computer science researchers from Johns Hopkins and Princeton universities.

Jennifer McCoy directed the Carter Center’s observer mission in Venezuela and is a Latin America expert at Georgia State University in Atlanta:

In conclusion, the vote itself was secret and free, but the CNE’s lack of openness, last-minute changes and internal divisions harmed public confidence in that vital institution both before and after the vote. Divisive rhetoric and intimidating tactics from Chavistas, and the opposition’s still-unsubstantiated claims of fraud, have exacerbated Venezuelans’ cynicism toward elections. It will take a huge effort by both sides to restore trust in this fundamental democratic right before next month’s election for governors and mayors.

Bills In CT, MD, WA, Risk Security Despite DoD Concerns

Despite the concerns of computer technologists, legislatures in three states are considering military voting via internet, fax, and email. In 2004 the Department of Defense expressed concerns with the security of voting via internet or email, and that all three methods, internet, email, or fax put in question the secret ballot.

Risking voting integrity and the secret ballot for our troops, disenfranchises us all.
Update: Ignoring Science In WA, OpEdNews Article By Ellen Theisen

Despite the concerns of computer technologists, legislatures in three states are considering military voting via internet, fax, and email.  In 2004 the Department of Defense expressed concerns with the security of voting via internet or email, and that all three methods, internet, email, or fax put in question the secret ballot.

Risking voting integrity and the secret ballot for our troops, disenfranchises us all.

Bills: CT, MD, WA

Computer Technologists’ Statement On Internet Voting

The internet has the potential to transform democracy in many ways, but permitting it to be used for public elections without assurance that the results are verifiably accurate is an extraordinary and unnecessary risk to democracy.

Excellent testimony in WA covering DoD etc:  <Ellen Theisen> <John Gideon>

Even though reports from the National Institute of Standards and Technology (NIST), the U.S. Government Accountability Office (GAO), and dozens of computer security experts strongly and unanimously warn of insurmountable threats to the privacy and security of ballots cast over the Internet, the Washington State legislature is proposing â and fast-tracking  a bill to allow Internet voting for its military and overseas voters (S.B.5522 and its identical companion H.B.1624).

Even though the U.S. Department of Defense cancelled its Internet voting project (SERVE) in 2004 citing security concerns, and even though the DoD has still been unable to establish the secure and private Internet voting demonstration project that Congress mandated in 2002, the Washington State legislature is seriously considering a bill that would authorize the Washington Secretary of State to create an Internet voting scheme and declare it secure and private – without any oversight or review by the legislature or the people.

BradBlog: Military and Overseas Voters as Internet Voting Guinea Pigs

Update: Ignoring Science In WA, OpEdNews Article By Ellen Theisen <read>

Clearly our SoS office has done no research into the matter. In fact, Mr. Handy said as much. They don’t want to waste time researching it if the legislature doesn’t authorize using it. So they are pushing it, telling the legislature it can be made secure and private, without any evidence or research to back them up, and even in the face of evidence to the contrary. Some in the legislature appear to be trusting their word, ignorant of the fact that the SoS has done no research. And many of them are not trusting us who have done research.

Bysiewicz Slams PEW Report On Military Voting

Secretary Bysiewicz slammed a PEW report on Military voting citing their incorrect information on Connecticut. She also stated strong objections to voting via Internet.

Update 1/16: PEW Director responds, defends report.

Update 1/16:PEW Director responds, defends report. Doug Chapin letter to the editor in New Haven Register:<read>

The 90-day period referenced by Bysiewicz is available only when service members request a special, blank ballot. As we note in our report, special absentee ballots are not an adequate solution…Bysiewicz is wrong in her assertion that Pew recommends electronic remote voting. Our report repeatedly cites privacy and security concerns associated with returning a completed ballot using electronic means. We do recommend providing overseas voters with a blank, printed ballot by fax, e-mail or other electronic means. This raises no security concerns and allows more time to complete the voting process — a conclusion shared by the U.S. National Institute of Standards and Technology.

********Original Report*******
Secretary Bysiewicz slammed a PEW report on Military voting citing  incorrect information on Connecticut. The New Haven Register has the story: Study slams state over military voting <read>

The study, by The Pew Center on the States, takes Connecticut to task for sending out absentee ballots after the date necessary for military voters to meet all required deadlines. The study in all 50 states and the District of Columbia examined the process that military personnel stationed overseas have to go through to vote.

Overseas military voters from Connecticut can fax their ballot requests, but the state requires the ballots to be transmitted to and from voters by postal mail, according to the report. Because the time needed for ballots to travel by mail takes longer than the time Connecticut provides in its process, the statemilitary voters abroad would need 13 additional days to have enough time to vote…

Secretary of the State Susan Bysiewicz responded angrily to the report, saying that Pew researchers simply didn’t do their homework.

“If they had gone to the trouble of calling my office, they would have known that there is a 90-day period during which military personnel from the state can request a ballot and send it back, Bysiewicz said. The 45-day period cited in the report is for civilians who are overseas at the time of an election.

Bysiewicz said her office has a section of its Web site devoted to how state residents who are overseas serving in the military can go about voting. And now that the General Assembly has begun its 2009 legislative session, Bysiewicz said she is seeking to have legislation introduced that would make blank ballots available to overseas military personnel in January every year.

“While many candidates for office have not declared at that point, it would allow military personnel to take their time, research who is running and write in their names,” Bysiewicz said.

Byseiwicz statement on Internet voting:

“There are significant security issues surrounding electronic remote voting that need to be overcome,” she said. “Until there is a technology like digital imaging or retinal scanning that is widely available that can identify an individual that is casting a ballot via electronic remote voting, I don’t think youre going to see this kind of voting method used.”

We completely agree with Secretary Bysiewicz on Internet voting. Her statement is consistent with the Computer Technologists Statement on Internet Voting, which I have signed. <read>.

Internet Voting — Not Ready For Democracy

Verified Voting Founder, Professor David Dill, and computer experts from around the country released the: Computer Technologists’ Statement on Internet Voting. I fully endorse the statement and thank David Dill for producing and gaining support for the statement. The concluding paragraph: The internet has the potential to transform democracy in many ways, but permitting it … Continue reading “Internet Voting — Not Ready For Democracy”

Verified Voting Founder, Professor David Dill, and computer experts from around the country released the: Computer Technologists’ Statement on Internet Voting.

I fully endorse the statement and thank David Dill for producing and gaining support for the statement.

The concluding paragraph:

The internet has the potential to transform democracy in many ways, but permitting it to be used for public elections without assurance that the results are verifiably accurate is an extraordinary and unnecessary risk to democracy.

Continue reading “Internet Voting — Not Ready For Democracy”

Florida Risks OUR Democracy With Internet Voting

What’s wrong with Florida using Internet Voting? Why should Connecticut Voters care?

  • It is not private – open to intimidation abuse, vote selling – especially in environments such as military, business, religeous, and union.
  • There is no auditable record
  • Anything that risks who is declared President, or could change the balance in Congress and the Senate threatens the future and value of votes for Connecticut voters.

Update: Additional Article <here>

Voters Group Objects To Internet Voting Pilot Program
Posted May 29, 2008 by Catherine Dolinski, Tribune Tallahassee Bureau
Updated May 29, 2008 at 01:58 PM
A group of skeptical voters are objecting to Okaloosa County’s plans to experiment with Internet voting for overseas service members, raising the possibility of a lawsuit if Secretary of State Kurt Browning doesn’t squelch the idea.

Under plans by Okaloosa Elections Supervisor Pat Hollarn for Operation Bravo, service members in Germany, England and Okinawa would vote at computer stations on encrypted electronic ballots. A secure computer line would transmit the data to Spain and then Florida. Only Florida election officials would be able to decode the ballots, according to Hollarn.

The voters would also see a paper printout of the ballots prior to transmittal. Hollarn noted that’s more than Florida’s 2007 paper-trail legislation requires for disabled voters.

But Dan McCrea of a group called Florida Voters Coalition isn’t buying it.

“Taxpayers are still reeling from the costly mistake of allowing DRE touchscreen voting before that technology was secure,” he said in a letter to Browning today. “We mustn’t repeat that mistake.”

He called Operation Bravo “illegal” and “dangerous.”

McCrea cites the 2007 paper-trail statute, while Hollarn cites a 2005 statute permitting safe electronic transmission of election materials. McCrea said Browning should rule that the 2007 law is the controlling law.

McCrea also contends that Hollarn has a conflict of interest because she heads the Operation Bravo Foundation, which is “essentially … a voting system vendor.”

But Hollarn replies the foundation is only a fundraiser for the project, and said McCrea’s accusation is “grasping at straws.”

Browning spokeswoman Jennifer Davis said he hasn’t yet received Okaloosa’s final plans and had little comment. But she differed with McCrea’s characterization of the project as “internet voting,” comparing the the ballot transmission to a fax.

“The voters would also see a paper printout of the ballots prior to transmittal.” – this is a false sense of security – a receipt given to a voter which cannot be compared to or used to audit the tally produced by the computer counting the votes is absolutely useless for increasing or providing integrity.

What could be a worse than a receipt useless for verifying the tally, but perfect for delivering to a friend, intimidator, purchaser, manager, minister, union steward, or commanding officer?

“comparing the the ballot transmission to a fax.” – well no, presumably there is a paper record of a real fax available on the other side. Not that a faxed ballot would that much better in any regard.

Hats off to Dan McCrea and the Florida Voters Coalition.

Internet Voting is Too Risky for Public Elections

We have criticized the DNC for accepting and promoting Internet voting for expat delegates to the convention. This set a completely wrong precedent. It does not take much to imagine the intimidation possible with an internet voting machine set up in a military base, union hall, nursing home, or church.

By Verified Voting Foundation
April 03, 2008

The Verified Voting Foundation issued a warning today that the Internet is not safe for casting ballots in important public elections. Many computer scientists and others are concerned because Internet voting was used in the Democratic Party’s Presidential primary for overseas voters in February, and because several state and national legislators recently have expressed an interest in Internet voting as an option for military service personnel overseas.

“Internet voting is vulnerable to all the risks of paperless computerized voting machines; it allows no meaningful recounts or audits,” said Barbara Simons, a computer scientist and expert on Internet voting. “If ballots are cast on the Internet, attacks on the election can be made by anyone with an Internet connection anywhere in the world, including individual hackers, political parties, international criminal organizations, hostile foreign governments, or even terrorists.”

“The Internet could be used to make voting easier, by, for example, allowing military and overseas voters a convenient way to obtain an absentee ballot, but votes delivered over the Internet cannot be trusted,” said David Dill, professor of computer science at Stanford University and founder of the Verified Voting Foundation. “Multiple studies by computer scientists have shown that making Internet voting safe is an incredibly hard problem, not solved yet, and possibly unsolvable. At this point, any claims of ‘secure Internet voting’ should be regarded with extreme skepticism.”

Courant Fresh Talk: Voting: Too Far From Online

Fresh Talk editorial by Courant intern asks question and answers well: <read>

Why is it when more and more Americans spend more and more of their time at a computer, we still having a voting system that doesn’t incorporate online capabilities?

…Several computer scientists took part in 2004 in federally funded program called the Secure Electronic Registration and Voting Experiment, or SERVE, and concluded that a online voting system would create insurmountable security risks.

The study concluded that unless there is some unforeseen or radical change in modern PCs and the Internet, it would be impossible to guarantee a safe and secure system for large-scale online voting.

There is a lot the regular Courant Editors can learn from following the example of their intern, Will Violet, who wrote this editorial. Research and facts trump wishes and myths every time.