Just say no to online Internet voting

Posted by AzblueMeanie:

I read in The Arizona Republic that Today at the Capitol:

Topic: Online voting.

What it’s about: The Senate Elections Committee will get a presentation on online voting.

Details: Senate Elections Committee meets at 2 p.m. in Hearing Room 1 at the state Senate, 1700 W. Washington St.

This is in regards to SB 1387, a bill sponsored by Sen. Bob Worsley (R-Mesa), the founder of retail catalog giant SkyMall, to establish an online voting pilot program in time for the 2014 primary election. The Arizona Capitol Times (subscription required0 reported earlier this month, Senator proposes online voting for 2014:

Sen. Bob Worsley, R-Mesa, said the
technology is readily available to ensure the safety and accuracy of
online voting
– an effort that could save the state millions of dollars
in expenses racked up by mailing ballots to voters, he added.

“Long term, we’re not going to send paper around, and it costs us $12
million a year to do early mail-in ballots,” Worsley said. “I think we
have the technology online now to certify more accurately that there’s
not fraud.”

If Arizonans can be comfortable withdrawing cash and accessing their
bank accounts online or at ATMs, they should be just as comfortable
voting online, he said.

Oh, really? Bob needs to do more research. Just last week the Washington Post reported, Chinese cyberspies have hacked most Washington institutions, experts say:

Not long after the Wall Street Journal reported last month that its
systems had been infiltrated, the chief executive of its parent company,
Rupert Murdoch, tweeted, “Chinese still hacking us, or were over the
weekend.” The New York Times and The Washington Post have also reported being victims of cyber-intrusions probably conducted by the Chinese.

The former head of cybersecurity investigations for the FBI, Shawn Henry,
said his agents used to alert dozens of companies and private
institutions about breaches every week, with Chinese hackers the most
common suspects.

I’ve yet to come across a network that hasn’t been breached,” said
Henry, president of CrowdStrike Services, a security company. “It’s like
having an invisible man in your room, going through your filing
cabinets.”

Do you want your elections being decided by some Chicom cyberspie hacking into an online voting system that cannot be made secure for which there is no paper-trail of ballots to recount or audit to verify the results of the election? Yeah, I didn't think so.

It is true that there is a pilot program for online voting for military personnel serving overseas. So how'd that go? Cronkite News reported, Lawmaker seeks pilot program to test online voting in Arizona:

Election administrators in Washington, D.C., tried Internet voting for
military and overseas voters ahead of the 2010 midterm elections. The
administrators launched the program a few days early and invited hackers
to test the system. A group of University of Michigan Graduate students
led by Professor J. Alex Halderman was able to hack the system within
48 hours
, giving them the ability to change votes and gain control of
the security cameras monitoring election workers.

Oops! Cronkite News also reported a disturbing level of ignorance from Sen. Worsley:

Worsley said online voting would also make elections more secure by limiting opportunities for voter fraud.

“We have no doubt we can reduce (voter) fraud far lower than what’s
occurring today in person,” he said. “Fears of hacking and insecurity of
information is vastly overblown … It’s a small fraction of percentage
of risk compared to the voter fraud that happens today.”

* * *

“There’s a lot of allegations of voter fraud,” Worsley said. “Just
Google that and read about that in the last presidential election. Was
it at such a level that it threw the election? I don’t think so. But it
occurs.”

* * *

Election fraud is rare, according to an investigation conducted by
News21, a national reporting consortium made up of 11 universities and
hosted at Arizona State University. The investigation found 10 cases of
alleged in-person voting fraud that reached a courtroom since the year
2000 nationwide, and 491 cases of mail ballot fraud in the same period.

[A News21 analysis of 2,068 alleged election-fraud cases since 2000 shows that while fraud has occurred, the rate is infinitesimal, and in-person voter impersonation on Election Day, which prompted 37 state legislatures to enact or consider tough voter ID laws, is virtually non-existent. Comprehensive Database of US Voter Fraud Uncovers No Evidence That Photo ID is Needed.]

Oh lord, Bob is a wingnut conspiracy theorist who believes that people are committing in-person voter fraud at the polls. But wait, there's more . . .

Worsley compared Internet voting to the millions of online banking or
stock transactions that happen every day, but Bruce Schneier said there’s a
fundamental difference.

The important difference is that voting, by definition, is
anonymous
,” he said. “If there’s electronic banking fraud, we look at
what happens, we can roll it back and make everybody whole. We can’t do
that with a voting system.”

Secretary of State Ken Bennett is “supportive of the idea but has
concerns with security and the guarantee of the voter’s right to a
secret ballot,” said Matt Roberts, Bennett’s spokesman. “Additionally he
is concerned with implementing such a program in such a short period of
time.”

* * *

[Bruce Schneier, the author of five books on cryptography, computer and
network security and overall security, said he likes the idea of online
voting but doesn’t think it can be done securely.

We have not, in the history of mankind, created a computer system without a security vulnerability,” he said.]

And then there is this election scandal out of Miami not being reported anywhere outside of Florida. The case of the phantom ballots: an electoral whodunit – Miamia Herlad:

The first phantom absentee ballot request hit the Miami-Dade elections website at 9:11 p.m. Saturday, July 7.

The next one came at 9:14. Then 9:17. 9:22. 9:24. 9:25.

Within 2½ weeks, 2,552 online requests arrived from voters who had not applied for absentee ballots. They streamed in much too quickly for real people to be filling them out. They originated from only a handful of Internet Protocol addresses. And they were not random.

It had all the appearances of a political dirty trick, a high-tech effort by an unknown hacker to sway three key Aug. 14 primary elections, a Miami Herald investigation has found.

The plot failed. The elections department’s software flagged the requests as suspicious. The ballots weren’t sent out.

But who was behind it? And next time, would a more skilled hacker be able to rig an election?

Six months and a grand-jury probe later, there still are few answers about the phantom requests, which targeted Democratic voters in a congressional district and Republican voters in two Florida House districts.

The foreman of that grand jury, whose report made public the existence of the phantom requests, said jurors were eager to learn if a candidate or political consultant had succeeded in manipulating the voting system. But they didn’t get any answers.

“We were like, ‘Why didn’t anyone do something about it?’ ” foreman Jeffrey Pankey said.

* * *

Creating a computer program to automatically fill online ballot requests using voter information is not difficult, said [Steven Rambam, a New York-based private investigator with extensive experience in computer database and privacy issues.] Pre-written programs, known as scripts, are available online and easy for amateur hackers to modify.

With a little more skill, the hacker behind the phantom requests could have included computer code to keep the program from triggering the elections department’s safeguard, Rambam said.

Once the program has been set up, purposely obscuring its origins through foreign IP addresses is also inexpensive, he added.

“And that, of course, is the most frightening thing: that any moderately or even marginally skilled programmer could have done this,’’ Rambam said.

That’s why the grand jury recommended requiring at least a login and password for voters to submit absentee ballot requests, said Pankey, the group’s foreman. It was one of 23 recommendations proposed by the grand jury[.]

Finally, the National Conference of State Legislators (NCSL) lead story in the February issue of its The Canvass is "Internet Voting: Not Ready for Prime Time?" I presume most of our state legislators are reading the NCSL newsletter.

Just say no to online Internet voting.