This distressing news was flagged for us by Bev Harris of BlackBoxVoting.org late Friday...

And how do we know SCYTL's electronic (Internet!) "voting technologies" are "secure"? Well, they tell us so themselves -- twice --- in their press release, silly!

They couldn't just say it was "secure" if it wasn't! Right?!

In any case, here's a bit of the red flag Harris waved on Friday to help unpack what all of this actually means for the future of what's left of our small-d "democratic" elections...

Guest blogged by Ernest A. Canning

Neither the recent claim made by anonymous hacker, Abhaxas, that he/she had hacked into Florida's e-voting database nor the efforts by FL election officials to minimize the breach of its system comes as a surprise to The BRAD BLOG.

In fact, minimization of the vulnerability following the reported hack calls to mind what Roger G. Johnston, Ph.D of the Argonne National Laboratory describes as the Arrogance Maxim:

One would think that Abhaxas had Johnson's Arrogance Maxim in mind. As reported by Doug Chapin of the University of MN, the anonymous hacktivist responded to the official denials by hacking into the FL voting system a second time; posting "a directory listing of the Florida database with the (sarcastic) observation 'Glad you cleaned up, pretty secure now guys'."

As an encore, Abhaxas then hacked into Montana's government website, where he/she exposed 16 databases.

While Chapin acknowledges the vulnerability exposed by the hack, once again, as is his habit over the years, Chapin draws the entirely wrong lessons in pointing to the need for better training and security procedures...

A University of Michigan computer scientist and his team were not the only ones attempting to hack the Internet Vote scheme that Washington D.C. had planned to roll out for actual use with military and overseas voters in this November's mid-term election.

According to testimony given to a D.C. City Council committee last Friday by J. Alex Halderman, asst. professor of electrical engineering and computer science at University of Michigan, hackers from Iran and China were also attempting to access the very same network infrastructure, even as his own team of students had successfully done so, taking over the entirety of the Internet Voting system which had been opened for a first-of-its-kind live test.

[See our report last week on details of what had already been disclosed about Halderman's startling hack prior to last Friday's hearing.]

"While we were in control of these systems we observed other attack attempts originating from computers in Iran and China," Halderman testified. "These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have soon succeeded."

In his stunning public testimony --- before a single member of the D.C. Board of Ethics and Elections (BoEE), and a nearly empty chamber --- Halderman explained how the team had, by the time they discovered their fellow intruders, already gained complete control of the system, it's encryption key and its passwords. The system was developed as part of an Internet Voting pilot program with the Open Source Digital Voting Foundation.

As The BRAD BLOG reported last week, Halderman's team was able to take over the system within 36 hours after it had gone live for testing. After having "found and exploited a vulnerability that gave [them] almost total control of the server software," his team was able to steal the encryption key needed to decode "secret" ballots; overwrite every single ballot cast on the test system; change the votes on those ballots to write-in candidates; discover who had already been voted for and the identities of the voters; install a script that would automatically change all votes cast in the future on the same system; install a backdoor to allow them to come back later; and then leave a "calling card" --- the University of Michigan fight song --- which was programmed to play in the voter's browser 15 seconds after each Internet ballot had been cast.

But the new disclosures offered before the committee on Friday, including the hack attempts by computers in China and Iran, may have been as explosive, if not more so, than the previous revelations. They certainly illustrate and underscore a grave national security threat present in electronic voting systems such as the one D.C. had planned to use, as Lawrence Livermore National Laboratories computer scientist and cyber-security expert Dr. David Jefferson told me during an interview last Friday night on the nationally syndicated Mike Malloy Show which I was guest hosting last week.

The hack of the system forced the D.C. election administrators to shut down their plans for the pilot program which was to have gone live in days, as encouraged and partially funded by the federal Military and Overseas Voter Empowerment (MOVE) Act, which allocated millions of dollars for such Internet Voting pilot programs.

The revelations of the intrusion attempts from China and Iran, however, would not be the only new, previously unreported bombshells Halderman offered during his Friday testimony...

As we posited in our coverage yesterday of D.C.'s Internet Voting scheme which was hacked with the University of Michigan fight song just days after experts had warned against the entire scheme, J. Alex Halderman, asst. professor of electronic engineering and computer science at the university, was, indeed, at the heart of the hack.

He details tonight that he and a small team of students were happy to participate in the test that D.C. election officials had announced, with just three days notice, inviting hackers to try and penetrate the system they planned to use this November, as developed with the Open Source Digital Voting Foundation.

Halderman writes in his explanation of how they did it:

And if you think that's chilling, Halderman goes on to note that all cast ballots on the system were modified and overwritten with write-in votes, all passwords taken --- including the encryption key, which e-voting supporters constantly suggest will keep such systems safe --- before they went on to install a back door to let them view any votes cast later, after their attack, along with the names of voters and whom they voted for...

Last week we told you about D.C.'s intention of running an insane live experiment on live voters in a live election with an untested, wholly unverifiable, easily-manipulated Internet Voting scheme this November, and about just some of the computer security and election experts who have been desperately trying to warn them against it.

And now we find out that the very short planned pre-election test phase, in which hackers were invited to try to manipulate the system, has been abruptly aborted in the wake of a, um, disturbing (if not wholly unpredictable) development.

The failed system in D.C. was developed with the Open Source Digital Voting Foundation, an outfit that is working with election officials around the country to push Internet Voting everywhere, along with other computerized voting schemes. Simply because a system is "open source" does not mean it's secure, particularly when it relies on concealed vote counting, as all of their e-vote schemes do.

Below, along with our quick list of other recent known e-voting hack events, computer scientist Jeremy Epstein in "The Risks Digest," which describes itself as a "Forum on Risks to the Public in Computers and Related Systems," offers the quick timeline of recent developments in the District of Columbia's plan "against advice from many computer scientists, pursuing a trial of a prototype system for the November election."

The result, as seen below, in this latest assault on citizen-overseeable democracy is, of course, a stunning surprise to absolutely nobody other than perhaps the D.C. election officials interested in this horrific scheme and the profiteers who must have tricked them into believing that it was a secure and/or good idea [emphasis added]...

Along with the madness of Instant Runoff Voting (IRV) and Vote-by-Mail, Internet Voting is the other scheme/virus that makes my head explode --- as if the existing e-voting system we already use in the U.S. isn't unverifiable, unoverseeable and susceptible enough to malfeasance and malfunction as is.

So with the little patience I can muster to even mention this latest particular nightmare at all today, I'll defer to Washington Post's coverage yesterday --- sure to be ignored until it's too late ("Who could have foreseen it?!") --- of the experts' latest warnings against D.C.'s planned live democracy experiment of using an untested and unverifiable Internet Voting scheme on real voters, in a real election, beginning in just a few weeks.

The WaPo column includes this explanation of two letters sent to D.C. officials this week, urging them to take a different path...

Four advil and three shots of vodka please.

UPDATE 10/4/10: Aaaaand...whaddaya know, D.C. Internet Vote scheme --- the one experts above were warning about --- gets hacked. Who could have forseen it?! Details here...

I was in-studio and on-the-air this morning with a couple of my favorite cats, Rick and Doran of Digital Village, featuring the most maddeningly-catchy theme song in all of radio, on KPFK (L.A. and Santa Barbara's Pacifica station).

We talked e-voting, including "open source" secret vote-counting machines (the latest ill-considered fad sweeping the nation), Internet voting schemes (the other latest ill-considered fad) and transparently overseeable hand-counting ("Democracy's Gold Standard"), DieboldReturnOurMoney.com, the Rise of the Tea Bags, Muppets, Glenn Beck (about whom questions are being asked as to whether he raped and murdered a young girl in 1990), and much more...

Download MP3 or listen online below [appx. 28 mins]...

Co-Editors: Dave Klein and John Washburn

In Pierce County, WA, indications are that Ranked Choice Voting (RCV) may be a failed experiment. 63% of the voters didn’t like it, and the auditor says scrapping it would save the county $600,000. The County Council voted to amend the county charter to repeal the mandate for RCV; the voters will make the final decision in November.

Smartmatic still hasn’t submitted its incorporation papers to the Philippines Comelec, and its local partner, TIM, has pulled out of the joint venture.

Internet voting is now being considered in Canada and Nova Scotia. Is there no end to the wack-a-mole of unobservable ballots? Prove in one place that Internet ballots are an exercise in unjustified trust, and the idea pops up its head in another.

Today's articles about the Voting Rights Act deal with how to minimize future challenges....

[Updated with a response from L.A. County Registrar Dean Logan. See end of item for his complete email in response to this article.]

Gautum Dutta, of the Democratic-leaning Asian American Action Fund blog notes a recent L.A. County Board of Supervisors meeting which "discussed a study on the cost of special elections and Instant Runoff Voting (IRV)" [emphasis added]...

Note to Messrs. Dutta and Logan: Taxpayers could save even more money if we simply allow you two to just decide for us who gets elected!

As Logan, chief election official of the nation's largest voting jurisdiction (larger than 43 states combined see Logan's correction to this at end of article) has had more than enough problems with the current voting system which can't even add one plus one plus one accurately, such that it is virtually impossible for anybody to verify the accuracy of results, the last thing this county needs is to complicate the math even further by confusing matters with IRV's complicate scheme of ranked choice voting where voters are asked to select a first and second place choices, etc.

For that matter, unless, and until, we can simplify our election procedures such that any and all citizens are able to oversee and verify the accuracy of their election results, no jurisdiction in this country should employ schemes like IRV, no matter how well-meaning supporters of it may be in hoping to allow a broader range of candidates and parties to have a shot at winning an election.

Along with the emerging nightmares of Internet Voting and Vote-by-Mail, IRV is yet another one of the horrible wack-a-mole schemes being endlessly advanced by advocates and profiteers who put winning elections and making money off them, over the idea of transparent, verifiable, secure democracy and self-governance expressed of the people, by the people and for the people.

Addendum... From last Friday's Aspen Daily News:

Clarification & UPDATE, 8:52pm PT:...

-- Brad Friedman, The BRAD BLOG

As if the former U.S. Election Assistance Commission (EAC) chair Paul DeGregorio hadn't done enough damage to our nation's electoral system during his disastrous reign as a commissioner from 2003 to 2007, it looks like he's now more than happy to cash in on his Bush-appointed public post in the private sector as Chief Operating Officer for a dubious Internet voting operation.

Everyone Counts (E1C) is the San Diego-based firm which ran "America's first all-digital online and telephone election" in Honolulu, which was completed last week. That's the way it was described by Aaron Contorer, the company's Chief of Products and Partnership, in a very thinly disguised press release, sadly posted, as if a news article, recently by Huffington Post. [Full Disclosure: We also contribute articles to HuffPo, though we try to offer news, rather than press releases.]

As COO of Everyone Counts, DeGregorio has posted a video commercial (and a bad one at that, see the bottom of this article where it's re-posted) on his bio page at the company website. His face is also featured on the front page of their site. In the short video, DeGregorio crows about his 22 years in the election "business" while posing in front of the U.S. Capitol and Washington Monument in D.C.

Trading on his former self-proclaimed status as "America's chief election official," DeGregorio endorses the private company for which he now works, noting in the video: "I've been involved in this business for 22 years, having risen to the, America's Chief election official. And I have found that Everyone Counts is the place for me to be, because it's the only organization that provides transparency, accessibility, security and choice. And I think that's the most important thing for any election official, anywhere in the world."

While evidently accuracy doesn't even make DeGregorio's list of "most important thing[s] for any election official" --- not surprising, given his oversight, during his tenure at the EAC, of federal approval for myriad electronic voting systems that fail to meet federal accuracy standards --- the idea that EC's Internet voting schemes provide "transparency" seems to be entirely without evidence, as The BRAD BLOG confirmed with a representative of the Honolulu Neighborhood Commission Office which sponsored last week's election.

Moreover, Everyone Counts' virtual election in Hawaii, according to late news reports this week, seems to have been a dismal failure, at least if the 83% plummet in voter participation might be taken as any indication, in addition to the election's lack of transparency and verifiability.

Numerous commenters, including us, left responses to Contorer's misleading and disinformative HuffPo item, noting serious concerns about E1C's "all-digital" voting scheme. Concerns were expressed by many posters about citizens' lack of ability to verify the accuracy of votes cast, and of transparency and security in the system which, Contorer claims, employs "military-grade encryption technology." He goes on to try to convince readers that it's also "faster, more reliable, and more secure than if they had voted on paper." He failed to answer to any of our critical comments, however, and neither did he offer evidence to back up his claims about his company's superior reliability and security over fully-transparent, paper-ballot voting.

Despite his shameless promotion, and an offer in his video to contact him with any questions, DeGregorio himself did no better in responding to our request for comment in regard to our concerns...

Good news! "Hawaii's illegal use of electronic voting machines and the illegal transmission of vote results over the Internet" has been halted, following a decision from Judge Joseph E. Cardoza, who issued an injunction last night, according to Disappeared News. As Larry Gellar reports from our 50th state...

- Brad Friedman, The BRAD BLOG

"I follow the vote. And wherever the vote becomes an electron and touches a computer, that's an opportunity for a malicious actor potentially to...make bad things happen," CIA cybersecurity expert Steven Stigall explained, in a stunning presentation to a U.S. Election Assistance Commission (EAC) field hearing held one month ago in Orlando.

As initially reported earlier this week by Greg Gordon at McClatchy, "Stigall said that voting equipment connected to the Internet could be hacked, and machines that weren't connected could be compromised wirelessly. Eleven U.S. states have banned or limited wireless capability in voting equipment, but Stigall said that election officials didn't always know it when wireless cards were embedded in their machines."

"The CIA got interested in electronic systems a few years ago," Gordon reports Stigall as explaining at the EAC hearing, "after concluding that foreigners might try to hack U.S. election systems."

But as disturbing as Stigall's presentation was, what's almost as disturbing is that it took more than 11 days, McClatchy's coverage, a number of FOIA requests from VotersUnite's John Gideon (a frequent guest blogger here), and a couple of articles from BRAD BLOG alum, Michael Richardson of the Examiner (his coverage is here and here), before the EAC finally released the complete transcript of the meeting [WORD], including Stigall's remarks.

"The presenter did not provide the presentation, 'Computers and Elections: The Growing Potential for Cyber Vote Fraud', to the EAC, so we have no materials responsive to your request," Gideon was told in response to his Freedom of Information Act (FOIA) request to the EAC, as reported by Richardson. "We received the transcript on March 16, 2009, and it will be publicly available in the next few days."

As of last night, 10 days since the EAC admits they received the transcript of their own event which had taken place 20 days earlier, they had neither sent it to Gideon in response to his request, nor posted it on their website. As of this morning, a month since the hearing, it's finally up on their website, thanks in part, no doubt, to the pressure brought on the EAC by the public to do so. Even then, Stigall's remarks are not posted separately, as other presentations are, but rather, one has to go looking for the full transcript of the actual event to find it. So why both the delay and obfuscation from the famously dysfunctional (a nice way to put it) federal agency? Make your own best guesses, since there is no official explanation for the moment.

Happily, there were others at the meeting who had transcribed the CIA cybersecurity expert's startling remarks --- decimating the idea of supposedly "secure" e-voting --- independently, who then helped to bring it to the public's attention. Clearly, the strongly pro-e-voting EAC had/has little intention of doing so themselves.

Stigall's presentation, and we've got much more of it excerpted below, include a passel of disturbing thoughts. Many of them we've tried to impart on these pages for years, including comments which point up the dangers we've tried to warn about concerning pre-election voting machine "sleepovers" at the houses of pollworkers, and more indications of the dangers of Sequoia Voting Systems clandestine, on-going relationship with the Hugo Chavez-tied Venezuelan e-voting firm Smartmatic, as we reported exclusively here one year ago --- to little interest from the corporate media, despite Sequoia's claims to federal investigators that they had severed all ties with the firm...

-- Brad Friedman, The BRAD BLOG

Okay, so I've been asked on several occasions, since the election last year, what I regard as the top priorities for election reform in the U.S. of A. In hopes of keeping it simple, stupid, at least until I hear opinions on these back from you folks, here is a summary list of the most important, and most eminently-doable-at-the-federal-level reforms as I see it.

I welcome your thoughts, recommended changes, additions, etc. For the moment, this is not meant as a comprehensive list of all needed reforms, particularly at the various local levels. But it's meant as a list of the big ones, as I seem them, and the ones for which I believe we could actually find a consensus in this Congress sooner rather than later. Nor is this meant as whitepaper with arguments and details for each item. But hopefully most regular readers of The BRAD BLOG will understand what these reforms entail and why they are necessary, as written in this summarized, simple list.

After hearing from you all, I may post an updated version later and/or set these up on their own page, in order track legislation for each of them as they roll (or don't) through Congress. Here's the list...

Today we have three “Featured” articles. Regular readers will note that we have been warning about the recent call for Internet voting and the fact that the Internet is not secure for elections use. The first two articles clearly bring this concern to the forefront. If the Internet was secure, the New York Times wonders, why would scientists be designing a newer, better Internet?

The second “Featured” article says, “Reported cyber attacks on U.S. government computer networks climbed 40% last year, federal records show, and more infiltrators are trying to plant malicious software they could use to control or steal sensitive data.”

If the Internet is so insecure why in the world would any responsible election official even suggest using the it to transmit completed ballots? One has to wonder what is really behind this new Internet voting push. That brings us to the third of our “Featured” articles...

Guest Blogged by Ellen Theisen of VotersUnite.org

[Updated: The bill has been defeated! See bottom of article for details.]

Even though reports from the National Institute of Standards and Technology (NIST), the U.S. Government Accountability Office (GAO), and dozens of computer security experts who strongly and unanimously warn of insurmountable threats to the privacy and security of ballots cast over the Internet, the Washington State legislature is proposing --- and fast-tracking --- a bill to allow Internet voting for its military and overseas voters (S.B.5522 in the Senate, and its identical companion H.B.1624 in the House).

Even though the U.S. Department of Defense canceled its Internet voting project (SERVE) in 2004 citing security concerns, and even though the DoD has still been unable to establish the secure and private Internet voting demonstration project that Congress mandated in 2002, the Washington State legislature is seriously considering a bill that would authorize the Washington Secretary of State to create an Internet voting scheme and declare it secure and private --- without any oversight or review by the legislature or the people...