Just say no to online Internet voting

Posted by AzblueMeanie:

I read in The Arizona Republic that Today at the Capitol:

Topic: Online voting.

What it’s about: The Senate Elections Committee will get a presentation on online voting.

Details: Senate Elections Committee meets at 2 p.m. in Hearing Room 1 at the state Senate, 1700 W. Washington St.

This is in regards to SB 1387, a bill sponsored by Sen. Bob Worsley (R-Mesa), the founder of retail catalog giant SkyMall, to establish an online voting pilot program in time for the 2014 primary election. The Arizona Capitol Times (subscription required0 reported earlier this month, Senator proposes online voting for 2014:

Sen. Bob Worsley, R-Mesa, said the technology is readily available to ensure the safety and accuracy of online voting – an effort that could save the state millions of dollars in expenses racked up by mailing ballots to voters, he added.

“Long term, we’re not going to send paper around, and it costs us $12 million a year to do early mail-in ballots,” Worsley said. “I think we have the technology online now to certify more accurately that there’s not fraud.”

If Arizonans can be comfortable withdrawing cash and accessing their bank accounts online or at ATMs, they should be just as comfortable voting online, he said.

Oh, really? Bob needs to do more research. Just last week the Washington Post reported, Chinese cyberspies have hacked most Washington institutions, experts say:

Not long after the Wall Street Journal reported last month that its systems had been infiltrated, the chief executive of its parent company, Rupert Murdoch, tweeted, “Chinese still hacking us, or were over the weekend.” The New York Times and The Washington Post have also reported being victims of cyber-intrusions probably conducted by the Chinese.

The former head of cybersecurity investigations for the FBI, Shawn Henry, said his agents used to alert dozens of companies and private institutions about breaches every week, with Chinese hackers the most common suspects.

“I’ve yet to come across a network that hasn’t been breached,” said Henry, president of CrowdStrike Services, a security company. “It’s like having an invisible man in your room, going through your filing cabinets.”

Do you want your elections being decided by some Chicom cyberspie hacking into an online voting system that cannot be made secure for which there is no paper-trail of ballots to recount or audit to verify the results of the election? Yeah, I didn't think so.

It is true that there is a pilot program for online voting for military personnel serving overseas. So how'd that go? Cronkite News reported, Lawmaker seeks pilot program to test online voting in Arizona:

Election administrators in Washington, D.C., tried Internet voting for military and overseas voters ahead of the 2010 midterm elections. The administrators launched the program a few days early and invited hackers to test the system. A group of University of Michigan Graduate students led by Professor J. Alex Halderman was able to hack the system within 48 hours, giving them the ability to change votes and gain control of the security cameras monitoring election workers.

Oops! Cronkite News also reported a disturbing level of ignorance from Sen. Worsley:

Worsley said online voting would also make elections more secure by limiting opportunities for voter fraud.

“We have no doubt we can reduce (voter) fraud far lower than what’s occurring today in person,” he said. “Fears of hacking and insecurity of information is vastly overblown … It’s a small fraction of percentage of risk compared to the voter fraud that happens today.”

* * *

“There’s a lot of allegations of voter fraud,” Worsley said. “Just Google that and read about that in the last presidential election. Was it at such a level that it threw the election? I don’t think so. But it occurs.”

* * *

Election fraud is rare, according to an investigation conducted by News21, a national reporting consortium made up of 11 universities and hosted at Arizona State University. The investigation found 10 cases of alleged in-person voting fraud that reached a courtroom since the year 2000 nationwide, and 491 cases of mail ballot fraud in the same period.

[A News21 analysis of 2,068 alleged election-fraud cases since 2000 shows that while fraud has occurred, the rate is infinitesimal, and in-person voter impersonation on Election Day, which prompted 37 state legislatures to enact or consider tough voter ID laws, is virtually non-existent. Comprehensive Database of US Voter Fraud Uncovers No Evidence That Photo ID is Needed.]

Oh lord, Bob is a wingnut conspiracy theorist who believes that people are committing in-person voter fraud at the polls. But wait, there's more . . .

Worsley compared Internet voting to the millions of online banking or stock transactions that happen every day, but Bruce Schneier said there’s a fundamental difference.

“The important difference is that voting, by definition, is anonymous,” he said. “If there’s electronic banking fraud, we look at what happens, we can roll it back and make everybody whole. We can’t do that with a voting system.”

Secretary of State Ken Bennett is “supportive of the idea but has concerns with security and the guarantee of the voter’s right to a secret ballot,” said Matt Roberts, Bennett’s spokesman. “Additionally he is concerned with implementing such a program in such a short period of time.”

* * *

[Bruce Schneier, the author of five books on cryptography, computer and network security and overall security, said he likes the idea of online voting but doesn’t think it can be done securely.

“We have not, in the history of mankind, created a computer system without a security vulnerability,” he said.]

And then there is this election scandal out of Miami not being reported anywhere outside of Florida. The case of the phantom ballots: an electoral whodunit - Miamia Herlad:

The first phantom absentee ballot request hit the Miami-Dade elections website at 9:11 p.m. Saturday, July 7.

The next one came at 9:14. Then 9:17. 9:22. 9:24. 9:25.

Within 2½ weeks, 2,552 online requests arrived from voters who had not applied for absentee ballots. They streamed in much too quickly for real people to be filling them out. They originated from only a handful of Internet Protocol addresses. And they were not random.

It had all the appearances of a political dirty trick, a high-tech effort by an unknown hacker to sway three key Aug. 14 primary elections, a Miami Herald investigation has found.

The plot failed. The elections department’s software flagged the requests as suspicious. The ballots weren’t sent out.

But who was behind it? And next time, would a more skilled hacker be able to rig an election?

Six months and a grand-jury probe later, there still are few answers about the phantom requests, which targeted Democratic voters in a congressional district and Republican voters in two Florida House districts.

The foreman of that grand jury, whose report made public the existence of the phantom requests, said jurors were eager to learn if a candidate or political consultant had succeeded in manipulating the voting system. But they didn’t get any answers.

“We were like, ‘Why didn’t anyone do something about it?’ ” foreman Jeffrey Pankey said.

* * *

Creating a computer program to automatically fill online ballot requests using voter information is not difficult, said [Steven Rambam, a New York-based private investigator with extensive experience in computer database and privacy issues.] Pre-written programs, known as scripts, are available online and easy for amateur hackers to modify.

With a little more skill, the hacker behind the phantom requests could have included computer code to keep the program from triggering the elections department’s safeguard, Rambam said.

Once the program has been set up, purposely obscuring its origins through foreign IP addresses is also inexpensive, he added.

“And that, of course, is the most frightening thing: that any moderately or even marginally skilled programmer could have done this,’’ Rambam said.

That’s why the grand jury recommended requiring at least a login and password for voters to submit absentee ballot requests, said Pankey, the group’s foreman. It was one of 23 recommendations proposed by the grand jury[.]

Finally, the National Conference of State Legislators (NCSL) lead story in the February issue of its The Canvass is "Internet Voting: Not Ready for Prime Time?" I presume most of our state legislators are reading the NCSL newsletter.

Just say no to online Internet voting.