Top Computer Researchers gave a startling presentation recently about how to Intercept and Switch Votes on Emailed Ballots, but Officials in the 30 or so States said the ease with which Votes could be Changed wouldn’t alter their Plans to continue offering Electronic Voting in some fashion. Two States, Alaska and Washington, have Ended their Statewide Online Voting systems.
The Developments, amid mounting fears that Russians or others will try to Hack the 2018 Midterm Elections, could heighten pressure on Officials in other U.S. States to reconsider their commitment to Online Voting despite repeated admonitions from Cybersecurity Experts. But a McClatchy Survey of Election Officials in a number of States that permit Military and Overseas Voters to send in Ballots by Email or Fax including: Alabama, Kansas, Missouri, North Carolina, South Carolina, and Texas, produced no immediate signs that any will budge on the issue. Some Chief Election Officers are handcuffed from making changes, even in the name of Security, by State Laws permitting Email and Fax Voting.
At the World’s Largest and Longest-Running Hacker Convention, Two Researchers from a Portland, Ore., Nonpartisan Group that studies Election Security showed how, in about Two hours, they could set up a sham Server and Program it to Intercept and Alter Ballots attached to Emails. “Ballots sent over email are not secure,” said Lyell Read, one of the Researchers from the group Free & Fair. “As long as people have a chance to vote another way, that’s probably a good decision.”
Read and Daniel M. Zimmerman, who earned Credentials as a Computer Scientist at CalTech, said the Hacking at the Annual DefCon Conference in Las Vegas required nothing more than commonly available Programming Tools. Read said he set up an “impostor server” to mimic a real one that would normally route Emails containing attached Ballots. On the Rogue Server, he inserted 30 or so lines of Computer Code, known as Bash Shell Script, to Alter Voters’ Choices on Ballots attached to Emails in Transit and to Replace them with Read’s preferred Candidates.
Among those attending the Conference were more than 20 Officials from the U.S. Department of Homeland Security (DHS). Several of them observed the Email Vote switcheroo, said a Department Official who spoke on condition of anonymity. DHS Officials have stepped up their Consultations with States about Election Security since Russian Operatives Hacked a Voting Vendor in 2016 and tried through so-called Spear-Phishing Attacks to penetrate 21 State Voter Registration systems, succeeding only in Illinois. The Agency rarely discusses its Advice to State and Local Officials, whom the Constitution gives nearly Total Authority over the Nation’s Elections.
At an Election Security Conference in Washington in March 2016, DHS Cyber Security Official, Neil Jenkins, said the Agency believes Online Voting “introduces great risk into the election system” at any level of Government, providing “an avenue for malicious actors to manipulate the voting results.” Jenkins said the Department planned to issue Guidelines warning States against Online Voting in the final months of the Obama Administration. Why that never happened could not immediately be determined, Jenkins has since left the Department.
Researchers at the DefCon Convention were sharply critical of any sort of Electronic Voting, including Voting by Smartphone, which occurred in a Pilot Test in May 2018, and will occur for the first time in November. West Virginia announced last week that it will allow Military Personnel posted Overseas and Registered to Vote in West Virginia to vote via Smartphone in the Nov. 6 Election, using a Blockchain App created by Voatz, a Boston-based startup.
“In my opinion, email voting is the most dangerous form of voting,” said David Jefferson, a Computer Scientist at California’s Lawrence Livermore National Laboratory and former Board Chairman of both the California Voter Foundation and Verified Voting, Nonpartisan Groups that promote Secure and Transparent Election Technology. “Anyone who controls a router can change a ballot,” Jefferson said. “It’s just insane. It’s like attaching a $100 bill to a postcard and mailing it and expecting it to get there.”
Some States are backing away from Electronic Voting. Washington State said it was Ending In-State Email Balloting “to limit vulnerability and reduce the risk of election tampering.” In an Emergency Order last Friday, the Elections Office under Republican Secretary of State Kim Wyman said it had been “alerted to evidence of illegal attempts to gain access to and interfere with electronic systems that Washington elections officials use during an election.” Mark Neary, a Washington Assistant Secretary of State who attended the DefCon Conference, said he was Unaware of any Specific Attempts to Compromise the State’s Voting Apparatus. “We’re concerned about that potential risk,” Neary told McClatchy.
In 2017, he said, only 1,465 Washington Voters Cast Ballots by Email or Fax under a System requiring them to also Mail their Original Ballots to Election Authorities. However, State Law Bars County Officials from Comparing the Two Ballots and requires that Authorities Count the First One that Arrives. Some thing it should be the Last one. Neary said he first saw a Demonstration like the one in Las Vegas at an Event put on Months ago by Washington’s League of Women Voters, who teamed with a Cyber Security Watchdog to show State and County Officials that neither the Sender of an Emailed Vote nor the Receiver would know it had been Altered. But Neary said the Chief Concern was not that Votes would be Altered, but that Malicious Actors would Plant Malware in Ballots attached to Emails. When Opened by Local Officials, the Malware would Embed in State or County Election Networks, where it could Tamper with other Votes, he said. “We’re always looking at ways to improve or secure our election process. It’s not just Russia.”
Sending Ballots by Email or Fax has been a contentious point in recent years between Election Integrity Watchdogs and States and Counties, which at first were encouraged to Adopt Online Voting by the Pentagon, to ease Voting for Military Personnel based Outside of the United States. The figures are still Small. In the 2016 Election, Local and County Jurisdictions reported receiving more than 77,000 Votes by Email and 22,538 by Fax, although those figures are Incomplete; a McClatchy Review found that nearly 4,000 U.S. Election Jurisdictions did not Report how many Emailed and Faxed Votes were Cast. More than 130 Million Votes were Cast in 2016.
“To see a mark on a ballot change when it’s transmitted by email is alarming,” said Susan Greenhalgh, Policy Director at the National Election Defense Coalition. “Hopefully, more states will move in the same direction as Washington and Alaska.” “One of the biggest problems of the email return of voted ballots is that somebody receiving that ballot has to keep clicking on attachments. Everybody knows that attachments can be vehicles for malware that could infect a system and provide a back door into the network. Now you have an election official sitting at a county computer, clicking on attachment after attachment from emailed votes. Unless that computer is properly quarantined from the rest of the county-by-county system, it poses a huge risk,” Greenhalgh said.
North Carolina Officials have noticed No Problems with their Emailed Voting System, which drew 11,993 Votes in 2016, but they “have taken the proactive step of scanning emails received through this process to detect any malicious attachments,” said Patrick Gannon, a Spokesman for the State Board of Elections. Counties are invited to Forward any Emailed Ballots to the State Board for Scanning “and if necessary, to detonate any suspicious attachments, malware, etc.,” he said.
Chris Whitmire, a Spokesman for South Carolina’s Board of Elections, said Online voting has afforded Thousands of Military and other Overseas Voters a chance to Participate. He said that of 8,618 Military Voters to receive Ballots in 2016, 6,537 got them Online.
Texas won’t stop accepting Faxed Votes from Military Service Members in Hostile Pay Zones, because doing so would require Action from the State Legislature, which doesn’t convene until January, said Sam Taylor, a Spokesman for the Texas Secretary of State’s Office.
Missouri only allows Service Members in Hostile Combat Zones to Fax Ballots or Transmit them through “a secure portal” Online, an Arrangement that is likely to continue, said spokeswoman Maura Browning of the Missouri Secretary of State’s Office. “We will not violate our statutory obligations in order to disenfranchise Missouri’s military men and women in hostile zones, who are the very people fighting for our freedoms,” she wrote in an email.
“The purpose of security research is to expose these things proactively when the security vendors don’t do it themselves,” said Kurtis Minder, Chief Executive and Co-Founder of Virginia-based GroupSense, a Cyber Intelligence firm. “Right now, it’s going to be a little disruptive, but maybe it needs to be that way.”
NYC Wins When Everyone Can Vote! Michael H. Drucker
No comments:
Post a Comment