By Joseph Marks
Human rights activists and New Jersey law students are suing to block the state from using Internet-based voting systems, which security experts say are fundamentally insecure against hacking.
The effort is a shot across the bow for the online systems, which some states have embraced as a solution for people who have trouble voting by mail during the pandemic despite widespread security concerns.
New Jersey piloted an app-based system on Tuesday in a collection of 33 small elections for people with disabilities that make it impractical for them to vote by mail. Everyone else had to vote by mail and there was no in-person voting option.
New Jersey officials haven’t said whether they plan to repeat the pilot in the state’s July primary or the general election, but the lawsuit is trying to stop those plans before they start. It's essentially an offshoot of an earlier lawsuit that challenged the security of the state's voting machines and also dealt with the danger of voting systems going online.
“It’s critical that voting be accessible for everybody but not at the expense of security and the risk of a group of people having their votes manipulated,” said Penny Venetis, director of Rutgers University Law School’s International Human Rights Clinic, which is challenging the use of online voting on behalf of Coalition for Peace and its New Jersey division as well as a state legislator.
Venetis and her students filed their motion Monday. They initially aimed to halt Internet voting during the Tuesday election but couldn’t get a hearing in time.
Delaware and West Virginia are planning larger pilots for voters with disabilities and those in the military or overseas during their states' presidential primaries in June. The states are all using a cloud-based system designed by the Seattle-based company Democracy Live.
A man uses a cellphone in New Orleans. (Jenny Kane/AP)
States that are using them have described the Internet systems as a safe way to ensure everyone can vote amid a pandemic that has upended everything about elections.But security experts see them as an invitation for hackers to alter votes undetected and worry they’ll deny equal treatment to voters with disabilities by making them take security risks other voters don’t have to.
“This is one of many issues of inequality that the virus is bringing to the fore,” Venetis told me.
The New Jersey secretary of state’s office didn’t respond to a request for comment about future plans for the app or about how many people used it on Tuesday.
Internet-based voting is generally viewed as less secure than any in-person voting system.That’s because there’s no way to ensure that the computer, phone or tablet the voter is using hasn’t been compromised, and it's impossible for the voter to verify that the vote is still correct when it reaches election officials.
Because there’s no paper record of the vote there’s also no way to audit it after the fact.
“There’s very clear scientific consensus that the return of voted ballots by Internet is not securable,” Andrew Appel, a Princeton University computer science professor, who wrote an expert statement for the plaintiffs in the New Jersey case, told me.
The Department of Homeland Security also sent states an alert last week warning that online voting systems pose “significant security risks” that could undermine the integrity of an election or compromise the secrecy of the ballot.
The DHS alert was less critical of systems that deliver blank ballots to voters over the Internet or that allow them to mark their votes on a home computer and then print them out and mail them in.
Democracy Live also produces such systems, which Venetis and Appel said they urged New Jersey to adopt instead of the fully online system.
People wait to cast their votes. (Mark Ralston/AFP/Getty Images)
New Jersey had a spotty record with election security even before the pandemic hit.It’s one of just two states, along with Louisiana, where nearly all in-person voting machines will lack paper records in 2020, which experts say are vital to protect against hacking.
That’s despite a four-year push by DHS and more than $1 billion in federal money nationwide aimed at eliminating such machines and making other cybersecurity fixes following Russia’s hacking and disinformation operation in 2016.
The earlier lawsuit filed by Venetis and the Rutgers students aimed to stop the state using those paperless voting machines. It dragged on for more than a decade and didn't ultimately block the machines. But Superior Court Judge Mary C. Jacobson did order New Jersey officials to ensure the state’s voting process is kept entirely offline — an order the Rutgers clinic is asking her to enforce now.
“My big concern is this will not just be an emergency measure. It will continue past the quarantine and it will be expanded,” Venetis told me. “And that’s a real problem because votes can be manipulated and it will be completely and totally invisible.”
House lawmakers will vote Friday on a historic resolution that would allow lawmakers to vote remotely during the pandemic.
House Majority Leader Steny H. Hoyer (D-Md.), left, and House Speaker Nancy Pelosi (D-Calif.). (Sarah Silbiger/Bloomberg News)
The order kicks the can down the road, however, on lawmakers using videoconferencing or other tech tools to vote from home, saying such systems could be used in the future if the House’s tech division certifies they’re sufficiently secure against hackers.
The measure would also allow committees to hold official video hearings — something the Senate is already doing. “That one big step is to make sure Congress can act,” House Majority Leader Steny H. Hoyer (D-Md.), who introduced the changes, told Paul Kane.
The proposed rule change was supposed to be introduced late last month but was stalled by Republican opposition. Hoyer said the final rules incorporated ideas from House Minority Leader Kevin McCarthy (R-Calif.). McCarthy accused Democrats of using the rules to steal power.
Trump extended until 2021 an order banning U.S. companies from dealing with Huawei or other telecommunications companies deemed a national security risk.
President Trump. (Evan Vucci/AP)
Trump’s move comes as relations between China and the United States have cooled dramatically during the pandemic.
U.S. officials also warned that Chinese government hackers are likely trying to steal coronavirus research, calling it a "significant threat to our nation’s response to COVID-19."
DHS will advise U.S. telecom companies on how to protect 5G cellphone towers following arson attacks linked to coronavirus conspiracy theories.
Workers install 5G telecommunications equipment on a T-Mobile tower. (Adrees Latif/Reuters)
U.S. carriers have also seen sporadic attacks in recent weeks, some of which may have been the work of "eco-terrorists" rather than conspiracy theorists, an industry official told Ellen.
The U.S. government and World Health Organization officials have made clear there's no connection between 5G technology and the virus.
The Senate will vote today on whether to renew vast government spying powers.
Sen. Ron Wyden (D-Ore.). (Andrew Harnik/AP/Bloomberg News)
The Senate failed to pass one bipartisan amendment on the bill yesterday to exclude Internet browsing and search histories from a warrantless surveillance program. The amendment, introduced by Sens. Steve Daines (R-Mont.) and Ron Wyden (D-Ore.), failed by just one vote and might have passed except that four members did not vote.
But in a win for privacy hawks, the Senate did pass an amendment by Sens. Patrick Leahy (D-Vt.) and Mike Lee (R-Utah), which will increase oversight of the court that grants warrants under the Foreign Intelligence Surveillance Act. Here are details from Politico's Martin Matishak.
More news from the Hill:
A group of more than 140 global technology companies is today launching a new initiative promoting awareness of security risks associated with “smart” Internet-connected devices.
An Amazon Echo, center, and a Google Home, right. (AP Photo/Mark Lennihan, File)
More industry news:
Germany has "hard evidence" Russian was responsible for a cyberattack on the country's parliament, German Chancellor Angela Merkel said.
German Chancellor Angela Merkel. (Michael Kappeler/dpa/AP)
The statement comes after federal prosecutors issued an arrest warrant against an alleged officer in Russia's GRU military intelligence agency last week. Merkel didn't confirm the arrest was related but said, “I take these things very seriously.” Russian officials have repeatedly denied involvement in the 2015 hack.
More global cybersecurity news:
Chat roomEven though the House is trying remote voting, the Senate is still meeting in person, a move some technologists consider unnecessary and dangerous. Stanford Internet Observatory Director Alex Stamos:
It's crazy that the Senate is meeting in person. All this money spent on continuity of government and we put our most powerful octogenarians in the same room during a viral pandemic.— Alex Stamos (@alexstamos) May 13, 2020
Every movie with a huge door closing on a secure mountain base lied to you. https://t.co/9DZOWsUN0u
- The Open Technology Institute will host an event on the role of technology in pandemic response efforts today at 11:30 a.m.