Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

US government plans to urge states to resist 'high-risk' internet voting

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 11 May 2020 05:40:13 +0000 (UTC)
https://www.theguardian.com/us-news/2020/may/08/us-government-internet-voting-department-of-homeland-security

By Kim Zetter
The Guardian
8 May 2020
The Department of Homeland Security has come out strongly against internet voting in new draft guidelines, breaking with its longstanding reluctance to formally weigh in on the controversial issue, even after the 2016 Russian election hacking efforts. The move comes as a number of states push to expand the use of ballots cast online.
The eight-page document, obtained by the Guardian, pulls no punches in calling the casting of ballots over the internet a “high-risk” endeavor that would allow attackers to alter votes and results “at scale” and compromise the integrity of elections. The guidelines advise states to avoid it altogether or restrict it to voters who have no other means of casting a ballot.
The document primarily addresses a type of internet voting called electronic ballot delivery and return – where digital absentee ballots that counties send to voters overseas via email or a web portal are completed and returned via email attachment, fax or direct upload – but it essentially applies to all forms of internet voting. No states currently offer full-on internet voting, but numerous states allow military and civilian voters abroad to receive and return ballots electronically, and some of these voters use an internet-based system that allows them to mark their ballot online before printing it out and mailing it back or returning it via email or fax.
The DHS considers electronic ballot delivery a low-risk endeavor compared with electronic ballot return, but both can be compromised. In 2018, a hacker at the Defcon hacking conference in Las Vegas demonstrated that he could alter a ballot transmitted via email without detection. 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: