Thursday, July 18, 2013

Student Election Hack – Is it a Bad Omen for Internet Voting?



Does the Cal State San Marcos class president election hack mean that Americans should fear Internet voting? Not if you think critically about it.

Facts:
Matthew Weaver, 22, pleaded guilty* to wire fraud, access device fraud, and unauthorized access to a computer. He was sentenced to a year in prison. His crime was to plug keylogging devises into 19 school computers. The devises record computer user's keystrokes without the user's knowledge. Thus he stole the email passwords of more than 740 students. He used this information to vote for himself 630 times during the online student elections in March 2012.

Votes had to be cast from campus computers. Network administrators noticed all the voting activity from one computer. They quickly notified school police, who nabbed Weaver in the act.

Implications:
This news report has fired up David Jefferson’s flare for spinning scary stories. He warns ominously, on the Election Law Blog, that “In a high stakes public election we will not be so lucky [as to catch the crook in the act].”

“Had this been a public election conducted via Internet voting, it would have been much more difficult to identify any problem or to capture the perpetrator, [because] people would vote from their own private PCs.”

Well, that is scary! But how would the crime be carried out? Consider how many votes a crook would have to control to win a presidential election.  In 2012, Obama beat Romney by roughly 4,000,000 votes.  As a comment below reminds us, to win a majority of Electoral votes, a hacker using Weaver’s technique would have to control tens of thousands of votes. Obviously, a guy like Weaver couldn’t run around plugging keylogging devices into that many computers to steal log on info. So, how would it be done?

Leaving his readers hanging, Jefferson skips any detailed discussion of how a crook could steal an online presidential, or other public, election.

Instead, he creatively imagines that if Weaver had “used one of his keylogging devices to capture the password of a system administrator” Weaver could have “then used that password to install keylogger software on other campus computers to capture the students’ passwords.”

Jefferson omits mentioning how Weaver would gain access to the administrator’s computer so he could plug in the devise. Maybe Weaver could don a custodian disguise, and plug it in while pretending to clean the office.

Anyway, Weaver would have had to return to the office to retrieve his device so that he could take it home to download the password. 

Details aside, after Weaver installs his keylogging software into the school network, he has to hope that nobody checks the network event logs before the election. The logs would show the activity, and an alert administrator would remove the software.

Imagination on fire, Jefferson then declares that Weaver didn’t have to cast votes one at a time; instead, he “could have run a program to automate the casting of all of those phony votes.” Of course!

But wait, what if the voting website had a challenge/response authentication mechanism. Weaver’s voting program couldn’t copy words or add numbers automatically. All his efforts would have been for naught. But let us imagine that he could get past this little security challenge. The network administrator would still see the spike in activity coming from one IP address. That signal could be blocked, and could also be traced back to Weaver.

Lesson: 
Jefferson spins a chilling tale, but it requires his readers to suspend their critical faculties to be affective. Is that what you want to do?

PS
Good news! Obama’s Commission on Election Reform has posted my recent scholarly paper on Internet Voting!

The paper recounts the history of Internet voting in the USA, and shows how NIST has misled Congress and the American people about online voting insecurity. I take the same practical approach there that I did here in this blog post.

Also, my book, Internet Voting Now, is listed in the “Research Bibliography” provided to the Commission by CalTec/MIT.

William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
Twitter: wjkno1

Author of Internet Voting Now! 
Kindle edition: http://tinyurl.com/IntV-Now

* ABC News -




Friday, March 8, 2013

Has NIST Lied about Internet Voting Insecurity?



Article 1, section 8, of the US Constitution enumerates the specific powers of Congress.
Among these are: “The Congress shall have power … To regulate Commerce … To coin money … and fix the standard of weights and measures.” The Framers had learned from unhappy experiences under the Articles of Confederation that without uniform standards for money, the new nation’s economy had little chance of thriving. They had also learned that without uniform “weights and measures,” the growth of science and technology, industry, and commerce would be crippled by chaos.

Out of its continuing efforts to exercise these powers responsibly, in 1988 Congress created the National Institute of Standards and Technology (NIST), which is currently a non-regulatory agency within the Department of Commerce.

NIST has such a vital role in the progress of science that it can aptly be understood as the Voice of Science in the USA.

When Congress established the Election Assistance Commission (EAC), in 2002, in a display of foresight, it required NIST to provide the EAC technical support on the research and development of, among other things, “remote access voting, including voting through the Internet.”

Yes, Congress is thinking about Internet voting for all US elections!

So, what did NIST do in response to its mandate from Congress? NIST put its name on a copy of the old 2004 SERVE Security Report by Avi Rubin, David Jefferson, David Wagner, and Barbara Simons.

That Report is where all the scary stories about supposed Internet voting insecurity got started. Like, “a teenage hacker in Iran could change all the votes in a presidential election!”

Great scary story, but where’s the science?  Where’s the facts?

Internet voting has been tried in public elections nearly 100 times around the world w/o any security problems. (The 2010 DC hack occurred because it wasn’t built by pros, see DC Hack Fiasco and DC Hack Conspiracy ) Shamefully, NIST has done NO scientific research, but only reproduced a bunch of scary stories, and presented that to Congress.

Common Cause – that saintly source of democratic ideals – has also helped to promote scary stories about Internet voting w/o any facts or science. (See Common Cause )

So now there is a careful study of the BAD SCIENCE that has the whole country shaking in its boots whenever somebody says “I hate standing in lines! Why can’t we have voting online?”

The paper is being presented at a panel at the Western Political Science Association this month. Its ready for the most critical scrutiny a scholar can give it. It shows that the anti-Internet voting extremists have NO intellectual foundation for crying “wolf!”

Its time for an intelligent, informed, Reason-based debate on Internet voting!
 
Download my paper, in pdf form, for free at


William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
Twitter: wjkno1

Author of Internet Voting Now! 

Sunday, December 16, 2012

Norway to Continue Internet Voting in 2013

As reported on this blog about a year ago Norway had a great experience with its first large trial of Internet voting. Now there is more good news.

“It's official,” proclaimed Christian Bull, head of the Internet voting project in Norway, “we're doing another Internet voting pilot in 2013.”

In a December 14, 2012, press release, The Ministry of Local Government and Regional Development made this announcement: *

After positive experiences with the experiment of 2011, the Parliament of Norway will continue the trial of Internet voting in the elections of 2013.

“We need to know more before we conclude whether this is a future way to vote for all voters in Norway,” says Secretary Dag Henrik Sandbakken.

The evaluation of the experiment in 2011 showed that voters have high confidence in the election process. 92% of the voters in the trial cities had positive opinions about their experience. They found it to be an easy and convenient way to vote.

Even 75% of the voters who did not take part in the initial trial expressed positive opinions about using Internet voting in the future.

One of the key findings from the evaluation is that Internet voting enabled voters with disabilities to vote alone and without assistance for the first time. This includes the blind and visually impaired voters.

“We have also received positive feedback from the Norwegian Association of the Blind, who welcome another trial in 2013,” says Sandbakken.

Two conclusions in the evaluation of the last election are that no evidence of violations of voter secrecy were found, and that there were no reports requiring official investigation of problems with attempts at undue influence or vote buying for either Internet voting users or other voters.^

The researchers point out that the initial Internet voting trial raises several unanswered questions to which this evaluation does not provide answers, and that there is a need for further testing and research. They want, for example, more data on the effects of Internet voting on turnout among the various groups of voters.

The ten municipalities that participated in the previous experiments will also participate in the 2013 trials.
[End]

William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
Email: Internetvoting@gmail.com
Blog: http://tinyurl.com/IV4All
Twitter: wjkno1
Author of Internet Voting Now!
Kindle edition: http://tinyurl.com/IntV-Now
In paper: http://tinyurl.com/IVNow2011

* Google Translation used for this report

Just in - the English translation by Norway is up, at

^ Translation corrected in consultation w/ Mr. Bull 12-18-12

Saturday, December 8, 2012

Obama: We have to fix that

Dear President Obama:

This written note follows up on the message I posted on the White House form recently.

While I am happy that you have been re-elected, I am very disappointed about our election system. You know the problems, as you said “we have to fix that.”

A recent New York Times opinion mentioned a fabulous challenge by Harvard Prof Keyssar – President Obama should call up a Federal Election Tribunal to investigate whether or not digital voting can securely enhance the democratic process in the USA! I totally agree. The last presidential commission on Internet voting was called by Bill Clinton in 1999. A lot has changed in this technology since then.

Our election system is in decline compared to the world leaders. In Canada over 40 cities have used it w/o security incidents. Elections Canada wants it for federal elections. Estonia uses it. Cantons in Switzerland, overseas voters for France and Mexico City, and the largest state in India, Gujarat, have used it. West Virginia and Arizona have, too.

The Luddites, like Barbara Simons, Ron Rivest, and David Jefferson get too much coverage in the sensationalist press. They have half the nation afraid for no real reason.

The professionals who have actually run Internet voting elections, such as West Virginia Secretary of State, Natalie Tennant have recommended it for the whole country. But she doesn’t get 1/10 the coverage of the nay-sayers. Our nation needs a real debate, to get all the pros and cons out in the open!

Please call up a new Presidential Commission on the Use of Internet Voting in the USA.

I am qualified, and would be honored, to be a part of it.

Respectfully,

William J. Kelleher, Ph.D.
Political Scientist
CEO, The Internet Voting Research and Education Fund
Twitter: wjkno1

Author: Internet Voting Now!

Monday, October 15, 2012

Three Reasons to be PRO Internet Voting for All US Elections

Here are 3 reasons why I advocate Internet voting in all US elections –

1). Internet voting can take power away from Big Money, and bring more rationality into the campaign-election process.

IMAGINE: You are watching candidates debate online or on TV. After each debate you log on to your state’s secure voting website, using your own PC, cell phone, iPad, or other electronic device. Your voter registration is checked, and then the ballot appears. You mark it, and send it w/ a click.

This will neutralize the power of Big Money! How? Most of the Big Money spent on political campaigns is meant to impress, persuade, and even manipulate the decision of the voters. The theory is that if a voter repeatedly hears a lot of positive information about one candidate’s name, and negative information about the names of others, the voter’s mind will be conditioned to vote for the name with good stuff connected to it when he or she goes in to the voting booth.

But with secure Internet voting, there is NO TIME for campaign advertising to try to persuade or trick you, or to condition your mind like a pigeon trained to peck on the blue button rather than the red one. You watch the debate. You form your own opinion of what you have just seen, and you vote strictly on that basis.

All the advertising before or after the debate will be useless, because everyone will vote while their own views are fresh in their minds. Big Money will become irrelevant. Elected officials will owe their job only to the voters.

What could be more orderly and conducive to reason and deliberation, than to watch debaters trying their best to perform at a presidential level, and then to have each voter vote his or her considered assessment of each debater’s efforts?

2). The US requires TWO votes for a presidential election: one in the primary, and another in the general election. But Americans are a practical people. Many regard the first vote as too inconvenient, its not worth the effort of driving to the polls, looking for parking, then waiting in line; so only about 25% vote in primaries. The ones who do vote in primaries are highly motivated by partisan feelings. Hence, they elect extreme partisans to office. Now we have gridlock in the US Congress because the partisans refuse to cooperate with each other.

This need not be. Convenience is empowerment. Make voting more convenient, and more people will vote in both the primaries and general election. When more people vote, more moderate votes by ordinary Americans will be cast. When more moderate votes are cast, the partisan gridlock in Washington will diminish. The moderate voters will elect problem-solving officials. Because Congressional elections can be done online, special interests will have less power. Internet voting can get this country going again!

3). Voter ID: Currently, some states are requiring voters to show IDs. This is a problem for inner city folks who don’t drive cars, and thus don’t have a driver’s license. Old folks and poor folks are also affected. But w/ Internet voting, voters don’t have to show anybody an ID. When they log on to the secure website, their registration is checked. It’s the same convenient process for everyone. (Registration is moving to biometrics, and it will all be biometrics soon.)

Internet voting can greatly enhance democracy in the USA! All that is necessary to make this happen is a letter to your local election official asking that an Internet voting system be implemented. They will be happy to hear from their constituents, because they already know that online voting is a far less costly and troublesome process than the polling place and paper-based system currently in use.


Note:
Also see in this blog - 



*********************
William J. Kelleher, Ph.D.

Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
Email: Internetvoting@gmail.com
Blog: http://tinyurl.com/IV4All
Twitter: wjkno1
Author of Internet Voting Now!
Kindle edition: http://tinyurl.com/IntV-Now
In paper: http://tinyurl.com/IVNow2011


PS
Over 100 cities in Canada have used Internet voting - all w/o having even one vote changed. Sure, there have been attempted hacks, but none succeed. Why? Because professionals know how to prepare for the attacks, and fend them off. Elections Canada wants Internet voting for all national elections. Also, numerous other Internet voting trials around the world, have all worked well. These include Estonia, Norway, Switzerland, France, Mexico City, Australia (New South Wales), and Gujarat, India. West Virginia did it for their overseas military in 2010, and everyone loved it.  Search this blog for lots of info on Internet voting security.




Friday, September 28, 2012

Alex Halderman Debates Internet Voting Security w/ Me!


Kudos to Alex Halderman for not shrinking from a challenge! Our debate on You Tube runs from 21:30 to 42:00. What is more important to consider in the debate over Internet voting security -- known facts about the many successes of Internet voting trials, or scary possibilities that haven't happened? What evidence is RELEVANT to this debate. 

William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
Twitter: wjkno1

Author of Internet Voting Now! 
Kindle edition: http://tinyurl.com/IntV-Now
In paper: http://tinyurl.com/IVNow2011

For more on Alex Halderman see, in this blog,

Cyber Bullying in Connecticut: A Lesson in Empathy

Wednesday, September 19, 2012

INTERNET VOTING IN CANADA – My Series at IVN.us


I am writing a series on Canada’s National Debate over Internet Voting - Check it out!

First article: Elections Canada Favors Internet voting,
Movement towards offering Internet voting in all national elections

Second article: Three Major Canadian Cities Love Internet Voting
Big successes here, w/ old folks biggest users in one of the cities

Big Mo Favors Internet Voting in Canada – Pt 3 in series
Demand is rising, and governments are responding - even Native Canadians are doing it

Post 4 - The Canadian Model
The Canadian Model shows how to discuss Internet voting security concerns REASONABLY, w/o using scary stories to try and stir up fear and panic. Why can’t Americans be more like Canadians around this topic?


More to come …

William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
a CA Nonprofit Foundation
Twitter: wjkno1

Author of Internet Voting Now! 
Kindle edition: http://tinyurl.com/IntV-Now