Enhanced Anonymous Credentials for E-Voting Systems

A simple and practical method for achieving everlasting privacy in e-voting systems, without relying on advanced cryptographic techniques, is to use anonymous voter credentials. The simplicity of this approach may, however, create some challenges, when combined with other security features, such ...

Security Analysis of the MERGE Voting Protocol

Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways. Abstract: The recently published "MERGE" protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper...

On Secure Voting Systems

Andrew Appel shepherded a public comment--signed by twenty election cybersecurity experts, including myself--on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but its general in nature. From the executive summary: We believe that no...

CVE-2022-48506

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct ICP and ICP2 and ImageCast Evolution ICE scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of...

The vulnerability of the authentication mechanism for voting sessions in the software of the ImageCast X device for marking ballots allows a perpetrator to obtain an arbitrary number of ballots without authorization.

The vulnerability of the authentication mechanism for voting sessions in the ImageCast X device’s voting software is related to a lack of a mechanism for verifying the source of data. Exploiting this vulnerability could allow an intruder to obtain any number of ballots without being authorized...

CVE-2022-1747

The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization...

Andrew Appel on New Hampshire’s Election Audit

Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire. Based on preliminary reports published by the team of experts that New Hampshire engaged to examine an election discrepancy, it appears that a buildup of dust in the read heads of...

Researchers Flag e-Voting Security Flaws

A group of election security experts said after a deep dive into Australia’s electronic voting systems that they have “serious problems” with the accuracy, integrity and privacy with elections run by the Australian Capital Territory ACT Electoral Commission. The team of four cybersecurity...

Georgia’s Ballot-Marking Devices

Andrew Appel discusses Georgias voting machines, how the paper ballots facilitated a recount, and the problem with automatic ballot-marking devices: Suppose the polling-place optical scanners had been hacked enough to change the outcome. Then this would have been detected in the audit, and in...

Feds: Iran Behind 'Proud Boys' Email Attacks on Democratic Voters

Federal officials claim that Iranian threat actors are behind two separate email campaigns that assailed Democratic voters this week with threats to “vote for Trump or else.” The campaigns claimed to be from violent extremist group Proud Boys. Two specific email campaigns — one on Tuesday Oct. 20...

The informed voter’s guide to election cyberthreats

Singapore held its most recent general election on July 10 2020, and although they used the electoral system called first-past-the-post FPTP, a scheme favored by the US, UK, and most English-speaking countries, the road leading to Election Day was not without challenges and obstacles. While all...

Shoring Up the 2020 Election: Secure Vote Tallies Aren't the Problem

With the 2020 U.S. Presidential Election coming up in just two months, cybersecurity concerns are taking center stage for average citizens and politicians. That said, the likelihood of election results being impacted by an attack are slim, security researchers say. The focus should be on other...

After the Iowa Caucus Meltdown, New Hampshire Says It’s Ready

The nation’s first primary is proudly low-tech, but it'll take more than paper ballots to defuse the disinformation threat...

A Top Voting-Machine Firm Calls for Paper Ballots

The long-awaited shift from paperless ballots could make elections more secure...

Election Security

Good Washington Post op-ed on the need to use voter-verifiable paper ballots to secure elections, as well as risk-limiting audits...

Internet Voting Hack Alters PDF Ballots in Transmission

Threats to the integrity of Internet voting have been a major factor in keeping the practice to a bare minimum in the United States. On the heels of the recent midterm elections, researchers at Galois, a computer science research and development firm in Portland, Ore., sent another reminder to...

Interview: Crypto Legend Ron Rivest On Fixing SSL, APTs and The Future Of Security

One of the biggest talks at this year’s Black Hat Briefings was a presentation on the structural problem with digital certificate authorities by Moxie Marlinspike. The subsequent hack of Dutch certificate authority DigiNotar and a damning report on that attack only weeks later, and more recent...

Voters Test New Crytographic Voting System in Maryland

The state of Maryland tested a new cryptographic voting system on Election day that allowed users to confirm their votes online, as well as allow anyone to independently audit the system. Scantegrity is an optical-scan, open-source system that uses a combination of paper ballots and unique...