“Bizarrely the stubby pencil and piece of paper that you put your cross on in the ballot box is actually much more secure than anything which is electronic.”

Former MI6 Chief Sir John Sawers

“We need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails, and no Internet voting. I know it’s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.”

Bruce Schneier — Security technologist and a lecturer at the Kennedy School of Government at Harvard University

Former MI6 Chief Sir John Sawers

January 4 2017 — Sir John Sawers, former chief of the British Secret Intelligence Service [MI6], has said that any move towards electronic voting in the UK would leave major elections at risk of being targeted by cybercriminals and hackers. Follow us on Twitter: @Intel_Today

RELATED POST: ‘Russia Hacking’: The Facts about Obama’s Warning Message to Putin

RELATED POST: UK’s Intelligence Agencies

RELATED POST: Who Is Who in World Intelligence and Security Agencies : MI6 Alex Younger

RELATED POST: MI6 Alex Younger & BND Bruno Kahl: Russian Hackers Will Target European 2017 Elections

UPDATE (January 4 2019) — So, what exactly has been done over the last two years? Short answer: nothing.

In Belgium, the “I Committee” — which monitors the activities of the two national intelligence agencies, both civilian and military — has called this week for stronger vigilance on the question of election interference, as people will vote in May 2019 to elect their regional and federal governments, as well as the European Parliament.

The “I Committee” warns that there is a danger the elections could be manipulated by foreign powers.

According to Serge Lypszyc, chair of the committee, there is no clear evidence Russians or anyone else would be involved in interfering in Belgian elections.

However, he warned, “We would not wish to be confronted with circumstances such as those experienced in the US”.

“We will be looking into how the laws in this regard can be adapted,” he said. ( Brussels Times )

Neither the Russians nor anyone else could possibly make things worse than what they are in Belgium. The next election will turn into a major crisis, not because of foreign political interference, but because Belgium is a failed state. — END of UPDATE

Sir John Sawers recommends traditional ‘pencil and paper’ approaches to voting because they are “actually much more secure”.

“The more things that go online, the more susceptible you are to cyberattacks,” Sawers said on Tuesday (3 January 2017) on the BBC’s The New World: Axis of Power.

Sir John Sawers was head of MI6 between 2009 and 2014, when he was succeeded by Alex Younger.

In light of the current uncertainty over US election hacking, Sawers warned that the UK need to have systems which are robust.

“The only trouble is, the younger generation of people expect to be able to do things remotely and through electronic devices.

Bizarrely, the stubby pencil and piece of paper that you put your cross on in the ballot box is actually much more secure than anything which is electronic.”

The Risk

Sir John Sawers is — of course — very political and some will suspect his intervention is in support of the alleged claim — all expert agree that the FBI does not contain a real proof — that Russia hacked the US election.

(By the way, former CIA Director James Woolsey just said a few hours ago that those who believe that Russia, and Russia alone, was behind the hacking will likely be proven mistaken.)

Nevertheless, experts generally agree that the risk posed by these electronic voting devices is very real.

Bruce Schneier is a security technologist and a lecturer at the Kennedy School of Government at Harvard University. Here is what he wrote in late July 2016:

“But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.

We no longer have time for that. We must ignore the machine manufacturers’ spurious claims of security, create tiger teams to test the machines’ and systems’ resistance to attack, drastically increase their cyber-defenses and take them offline if we can’t guarantee their security online.

Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails, and no Internet voting.

I know it’s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.”

International Law

“One of the big problems we face with cyber is that it hasn’t really been discussed internationally about what is the acceptable use of cyber-powers, where the red lines are and what happens when those red lines are crossed,” Sir John Sawers stated.

Toni Gidwani, a former Department of Defense (DoD) analyst who now heads up operations research at cyber-security firm ThreatConnect, agrees:

“The rules here are not as clean in terms of what’s allowable and what the consequences are.”

According to the US Department of State, cyber activities would constitute a use of force if they were to cause direct physical injury and property damage such as (1) operations that trigger a nuclear plant meltdown; (2) operations that open a dam above a populated area causing destruction; or (3) operations that disable air traffic control resulting in airplane crashes.

The US has — of course — never suggested that hacking a foreign government was an ‘Act of War’. And whether or not, ‘hacking an election’ — whatever this exactly means — is an ‘Act of War’ under the Law of Armed Conflict is certainly debatable at this point in time.

This probably explains why Andrew Fletcher recently wrote:

“Now the very foundation of the American democratic process, free and fair elections, are potentially vulnerable to foreign interference.

Likewise, Russia could, in the future, become the victim of cyber-attacks in vulnerable areas within its own political or economic system.

To help protect against cyber intrusion, countries should establish international law on the matter and work assiduously to maintain the law’s integrity.”

Obama’s Warning to Putin

Allegations by US government agencies, including the CIA, that Russian hackers intervened in the 2016 presidential election were not related to the counting of votes.

Instead, it is alleged that hackers obtained and released sensitive information, including emails from the Democratic National Committee, to help Donald Trump.

However, contrary to a widely held belief and numerous reports by US media, Obama’s warning message to Moscow was not about the hacking of the Democratic National Committee (DNC) or of its chairman John Podesta’s emails.

In a message delivered to Moscow over the Red Phone on 31 October 2016, Obama warned Putin that:

“International law, including the law for armed conflict, applies to actions in cyberspace. We will hold Russia to those standards.”

It seems urgent to establish an international law on the matter and to work assiduously to maintain the integrity of such law. The sooner, the better.

REFERENCES

Online voting could leave British elections vulnerable to hacking, former MI6 head warns – Independent

By November, Russian hackers could target voting machines

Russian Hacking and the U.S. Election: Against International Law?

International Law in Cyberspace — US Department of State

=

Two Years Ago — Former MI6 Chief: “Electronic Voting Presents Serious Hacking Risk.”