Monday, April 22, 2024

Perhaps Online Voting Needs a Rethink

Stephen Vance, Editor

Five years ago I was an avid supporter of the move to online voting. In fact, I penned an editorial in June of 2013 entitled ‘Electronic Voting is Right Direction For Meaford’, but I wouldn’t write such a piece today because I’ve grown to think I was naive, and that I was wrong.

My reasons for supporting the move to electronic voting back then were that it could help increase voter participation, it’s cheaper, and it’s more efficient. Those things are still true, but my growing concern is at what cost?

Computer systems big and small are proving to be far more vulnerable to outside influences than I had imagined back in 2013. In the years since, we’ve all seen report after report of major hacking incidents at big corporations, small businesses, large governments, and even municipalities. We’ve seen reports from south of the border that Russia quite likely attempted to hack into voting systems, though apparently without success – for now.

Heck, even here in li’l old Meaford, we’ve seen the damage hackers can do, and very recently. Just last month Meaford’s administration office found itself handcuffed by a ransomware attack. What those of us in the public might have noticed was that email to and from municipal email addresses came to an abrupt halt, and the municipality issued a notice that their email systems were down. But behind the scenes, the situation was much more dire. Municipal employees had lost access to all of their electronic files, including their backup files, unless they paid a ransom of 1.5 Bitcoins (roughly $20,000). The municipality turned to a firm experienced in such matters, which, after investigating, advised that the best course of action was to pay the ransom along with the fee for the consultant, for a grand total of $35,000. Meaford got its files back, and municipal employees could once again do their jobs, but had paying the ransom not worked (as is often the case), council was told this week that it could have cost more than $500,000 to recreate all those lost files.

Scary stuff.

Granted, a small-town municipal server is small potatoes when compared to large tech companies, or the companies that administer electronic voting for municipalities, but no company in the online world is immune from hacks. In recent years we’ve seen huge, technologically advanced corporations fall victim to hacks – I now think we’d be foolish to think that electronic voting systems for rinky-dink municipalities aren’t equally vulnerable.

Municipal clerks have been sold on the technology, and they’ll often be the first to assure us that the systems are safe. We’ve heard this from our last two clerks, and they are sincere in that belief, but municipal clerks aren’t cyber-security experts, nor am I, so what does an expert say?

Just last week the CBC published a story entitled ‘Ontario Civic Elections: The Problem With Online Voting’, and in that article they interviewed a Western University professor, Aleksander Essex, who heads a lab that investigates online security and privacy issues, who called online voting “one of the greatest open problems in cyber security”.

The province requires municipalities to pass a by-law allowing an online ballot by May 1, 2017 in order to allow online voting in the 2018 civic election, but the problem, according to Essex, is there’s no comprehensive government list tracking which communities are using a technology that has no defined standards, limited transparency and no way to ensure votes are being registered correctly. The problem is exacerbated by the fact that some municipalities don’t even know where the servers they use for the online voting are located. “The election server itself may not even be in Canada,” Essex said. “We did a study last year on the Western Australian state election and we found the private keys. These are the encryption keys to protect your ballot and voter credentials. We found those keys living on servers all over the world, including in China,”” reported the CBC. “Essex said online voting also leaves the election potentially vulnerable to hacking, through malware, most likely on a home computer. A number of Ontario cities and provincial agencies have already proven they’re vulnerable to cyber attacks, including the cities of Pickering, Cambridge, an Oshawa hospital, the Ontario Privacy Commissioner and the Ottawa-Carleton District School Board.”

While mulling and researching electronic voting, I’ve come across many articles from around the world that hold Canada’s federal election process in very high regard due to its simplicity and its safety – a simple paper ballot and a pencil, with humans to count the ballots at the end of the night. Our modern technology is fantastic in so many ways, but it is becoming increasingly clear that we’ve got a long way to go before we can feel confident in the security of the online world – if we can ever feel that confidence.

The legitimacy of our elections is simply too important to our democracy to trust to an environment that at best is still in its ‘wild west’ stage.

While I was once a supporter of online voting, today I am wary of it at best, and the professor echoed my own feelings very well in that CBC story.

An online election doesn’t have the transparency there, it’s not an evidence-based election the same way a paper ballot is,” Essex said. “My preference would be to vote online, but with this specific problem it turns out hand counting paper ballots is the best solution we have.”

It’s too late to change the process for this year’s municipal election, but perhaps the next council might want to rethink electronic voting, and consider a return to the trusty old paper and pencils.

Popular this week

Latest news