On Tuesday (6 November) Americans will be voting in their mid-term elections.
In too many places the integrity of the ballot will be compromised as voters use ancient voting machines that can be easily hacked. But that’s the United States where the wheels are coming off the wagon.
But before we get too superior we should ask ourselves about internet voting in Canada. Is it secure?
In a word. No.
Here in Newmarket, for the first time, we had no paper ballots in the municipal election on 22 October 2018. Voters could phone or go on-line to cast their ballot.
Newmarket goes to Spain for internet voting expertise
The Town contracted with Scytl – a privately owned corporation headquartered in Spain - to provide the electronic voting services. Its shareholders are venture capital funds and private individuals including the company’s founders and management team.
Unlike some other municipalities in Ontario where voting hours had to be extended because of problems with “system load”, everything here appeared to go quite smoothly. But can the Town guarantee the security and secrecy of every vote cast?
In April 2018 the CBC interviewed Aleksander Essex, a Western University professor and expert on cyber security. He says on-line voting technology “carries little transparency” and cannot guarantee that votes are counted correctly. Professor Essex told the CBC:
“The problem is exacerbated by the fact that some municipalities don't even know where the servers they use for the online voting are located. The election server itself may not even be in Canada."
"We did a study last year on the Western Australian state election and we found the private keys. These are the encryption keys to protect your ballot and voter credentials. We found those keys living on servers all over the world, including in China."
Toronto rejects internet voting
In 2016 the City of Toronto considered moving to on-line voting but rejected it, sticking with paper ballots in last month’s election. An article in Municipal World explains why Toronto and Vancouver took a hard line.
So why did Toronto reject internet voting?
Toronto’s City Clerk, Ulli Watkiss, told Toronto’s councillors:
“The overwhelming consensus among computer security experts is that Internet voting is fundamentally insecure and cannot be safely implemented because of security vulnerabilities inherent in the architecture and organization of both the Internet and commonly used software/hardware.”
She says vendors are “rarely held liable for security failures or election disasters” and that contrary to the widespread belief internet voting does not increase voter turnout nor engage young people.
Light years ago (in 2014) an expert panel of computer scientists told the UK Parliamentary Speaker’s Commission on Digital Democracy:
“The particular challenge for voting systems is that all votes are secret, and the expected result of the election is not otherwise known, so there is no independent check on the result returned by the system. The integrity of the process is thus central to the integrity of the result. This is unlike almost any other form of computerised activity, such as banking, where the result of a transaction can be checked, and so mistakes and fraud can be identified and corrected.”
Security systems are frequently compromised. At Facebook. At Cathay Pacific. At British Airways. At Air Canada. At Uber. At Deloitte. At Ashley Maddison. At Walmart. At the Bank of Montreal. At the Canadian Imperial Bank of Commerce. Everywhere. All the time.
So why would we believe it could never happen in our elections?
It is unlikely to become an issue until it does.
And then what do we do?