A critical look at the safety of online voting

By Trevor Hutchinson

A critical look at the safety of online voting

Like over 190 other municipalities in the province, the City of Kawartha Lakes has moved to an internet/telephone telephone voting system and done away with the traditional paper ballot system, after a decision of council in 2017.

The rationale for the move, explained on the City’s website, seems laudable: a convenient system that offers automatic tabulation that increases accessibility, accuracy and efficiency. A willingness to try new systems and processes should be commended. But we can’t — as engaged citizens — just trust that a new system is good because it’s new, even if all the other municipalities are doing it.

An investigation into this issue by The Lindsay Advocate has revealed some issues that we, as a community of voters, should think about. We interviewed one of Canada’s leading experts on online voting, Assistant Professor Prof. Aleksander Essex of the University of Western Ontario’s Department of Electrical and Computer Engineering. Essex’s response is sobering: “…We don’t have the technology to make online voting safe…online voting is missing key protections — it’s not like online banking.”

When asked about online security of our election, Cathie Ritchie, City Clerk of the City of Kawartha Lakes replied, “We have hired a third-party organization in association with other municipalities using Dominion Voting [the company contracted to administer the election] called the Digital Boundary Group to audit the process and the integrity of the software. We also have implemented internal auditing procedures. We have taken appropriate steps above any provincial requirements to ensure the election is secure. Both third party and internal auditing measures will be used to ensure the election is secure.”

The problem is that no company or small municipality can make it secure. While we reached out to Dominion Voting, the third party provider, they did not respond to questions by press time. Essex says in a recent survey worldwide of 100 election-related websites, all were found vulnerable to a ‘man-in-the middle attack,’ which is “where a bad actor inserts themselves between the voter and the administrating website.” Adds Essex: “We don’t have substantive provincial or federal regulations for the security of online elections.

The problems arise from the feature that we cherish most in a democracy, according to Essex — the secret ballot. In a nutshell, that’s what makes online voting unlike online banking. If someone pays a bill online, that person can see and the bank sees that a bill is being paid. The company being paid will also see part of the details of the transaction, too. Without finding a way to adjust the concept of the secret ballot, “when you press send we don’t know where that vote goes,” explains Essex.

What we do know is that even if that vote gets counted as intended, it has gone through any number of countries, including China and Russia. There are countless opportunities for bad actors to assert themselves into your vote for any number of malicious reasons. And any telephone vote is still as only as safe as the administrating company’s data.

There is no arguing with the City’s claim that online voting is more efficient. It is also clear that this process will make it easier for the people who don’t live in the City to vote (but are eligible because they own property).

But the claim that this process is ‘more accessible’ bears more scrutiny. In Policy & Internet by (lead researcher) University of Brock professor Nicole Goodman, she examined Canadian Internet elections in 2014. The paper concluded that there is some evidence that Internet voting can cause “digital disenfranchisement” noting “when paper ballots are unavailable…the voting population is made up of more technologically savvy electors…We interpret this finding to indicate that the elimination of paper ballots can disenfranchise those on the wrong side of the digital divide.”

And lest we think this is all money driven, this new system is not cheaper. The last municipal election cost the taxpayers of the CKL $257,319. The budget for this year’s election is $280,000, according to the City. Most of that, no doubt, is going to a private company, and not being spent locally on things like, according to the City’s website, “staff time for vote counting.”

No municipality can be expended to have a technical staff to solve a problem that the world’s leaders in this field can’t solve: online security. But as Essex cautions, “city councils have to be a little more humble” in the face of this issue and not just accept the assurances of private vendors who are, after all, trying to sell us something.

Leave a Reply

Your email address will not be published.