Casting your ballot via the internet: Not safe enough according to Gareth Williams.

opinionandcommentBy Gareth Williams

November 4th, 2016

BURLINGTON, ON

 

What is the value of convenience? Is it worth sacrificing some of our democratic institutions, like the secret ballot and the knowledge that our election results accurately reflect the intent of voters?

This Monday Burlington City Council (sitting as the Community & Corporate Services) will consider a staff report which recommends Burlington continue its experiment with remote Internet voting. I call it an experiment because Internet voters made up a relatively small overall percentage of ballots cast in the 2010 & 2014 elections in which it was offered.

I do not believe that as a City we should continue to embrace this flawed method of electing our leaders, and I believe most citizens would agree if they better understood the significant challenges involved.

Here is a brief summary of the issues with online/Internet voting:

Voting ballot box

This is a secret ballot

• Internet voting eliminates the protection of the secret ballot and could enable coercion of voters by family members and others. With the large population of seniors in Burlington, and the very real issue of elder abuse this is a significant concern. At the public polling station election staff are there to ensure you can vote in privacy, free from interference; at home or work just about anyone can be standing behind you as you cast your ballot.

• It also facilitates vote buying and/or individuals casting ballots on behalf of others, with or without their knowledge. This has already happened back in 2010 when an Eastern Ontario man was charged and fined with voting on behalf of his family members. It is probably safe to assume there have been other cases (perhaps even here in Burlington) which went unnoticed as it is not uncommon for several family members to share a computer or Internet connection. A mother or father might, for example, decide to vote on behalf of their kids who are away at University or College.

• Evidence indicates that Internet voting does not increase turnout, even among youth. The most recent example of this is Halifax’s 2016 municipal election where the number of online voters dropped by over 10,000. Leading researchers in the field have analyzed 15 years of data and concluded that Internet voting is unlikely to solve the low turnout crisis faced by Western democracies. Perhaps surprisingly, they also found Ontario voters age 18-34 were more likely to prefer paper ballots.

ID theft screen

The level of sophistication the ID thieves have is close to beyond belief – if they want the information – they can get it.

• Most computer security experts warn that Internet voting is not secure. A large number of multinational firms as well as Canadian government departments have been successfully cyberattacked in recent years. There have been many stories in the news recently of high profile attacks like the ones that affected the Ontario EQAO exam and attempts to influence the US election through the release of emails obtained through hacking or phishing attempts. Third party IT security consultants hired by the City of Toronto to study proposals for Internet voting in that city recommended against moving forward with any of the options.

Many other jurisdictions that considered or experimented with online voting have dropped support for Internet voting. These include Toronto, Mississauga, Kitchener, and Huntsville Ontario, the provinces B.C. & Alberta as well as the country of Norway.

A City of Kitchener 2012 staff report was the impetus for that city rejecting Internet voting; it recommended strongly against implementation for their 2014 election. Most of the aforementioned issues were cited. According to this report and other academic studies the highest user of Internet voting is the 45-55 demographic and the vast majority of Internet voters would likely have voted anyway.

Problems with Internet voting were in the news again as recently as this past week in P.E.I. where they are using it for a non-binding plebiscite on electoral reform. An unknown number of voter information packages with personal identification numbers (PINs) were sent to the wrong addresses. These codes could potentially be used to cast a ballot on behalf of another voter. If the vote is cast from a public location like a library, there would be little that could be done to track down the offender.

Many advocates point to the opportunity Internet voting provides to make it easier for disabled voters to cast their ballot. However, as Dr. Barbara Simons a former researcher with IBM pointed it out during her recent testimony to the Electoral Reform panel in Ottawa, it does a disservice to voters with disabilities, to anybody, to provide them with a tool that is fundamentally insecure. We owe it to them when we provide them with alternatives to make sure those alternatives are secure.

Despite the issues we continue to hear that, based on opinion polls, there is a demand and support from the public for Internet voting. To quote Dr. Simons again, if this were a medical hearing to determine whether to approve a new drug for human consumption, safety would be paramount. A drug that is likely to result in serious injury to patients would be rejected, no matter how many people wanted to use it. Internet voting is like a drug we are considering for our democracy.

If this scares you as much as it scares me be sure to contact your Councillor before Monday.

gareth-williamsGareth Williams is a graduate of the Political Science program at McMaster University. He works in Information Technology in Hamilton with 18 years in the field.  Gareth lives in Brant Hills with his wife and their dog Misty.’

 

Return to the Front page
Print Friendly, PDF & Email

13 comments to Casting your ballot via the internet: Not safe enough according to Gareth Williams.

  • Gareth Williams

    Thanks to everyone for all the thoughtful replies. Committee will be discussing this item today at 1pm. If you can take a few minutes to email your Councillor and/or the mayor before that time it might aid their decision.

  • Lisa Cooper

    I really hope City hall is a subscriber to the gazette. I have always been against internet voting and computer counting the ballot’s at voting stations. Has anyone proven that they can’t be tampered with? Let’s go back with actual people counting the ballots instead of relying on computer generated numbers taken at City hall.

  • Tom Muir

    I have no idea why anyone would advocate either the principle or the practice of internet voting, How dumb is that?

    The right to vote is all we have really, and is a sacred trust. So get your butt off the phone and to the polls, and make sure it is visible and works.

  • Lonely Taxpayer

    Voting in person contributes a positive shared experience among your neighbours in the community. Don’t underestimate the power of a group of motivated individuals driven by a common objective.

    I would sooner trust the recount of a few hundred slips of confidential papers marked “X” by a human hand – over a computer data dump printout.

  • Susan

    And lets not forget:
    Burton v. Town of Oakville, Best, Mulvale & Serra, 2004 18068 (ON SC) https://caselaw.canada.globe24h.com/0/0/ontario/superior-court-of-justice/2004/02/12/burton-v-town-of-oakville-best-mulvale-and-serra-2004-18068-on-sc.shtml

    [4] In his notice of application, Mr. Burton raises a number of concerns respecting the election. A few of these issues relate to the use of vote-counting machines, but none impugns the use of these machines assuming that they are operational, in proper working order, and operated correctly.

  • 100% on all points Gareth.

    With regards to Johns point yes fraud happens every day on the internet – but it’s largely reversible. The credit card company will give your money back if you are defrauded. No one can figure out how to reverse a fraudulent secret vote.

    Internet voting is a terrible idea – largely supported by people who have no idea what technologies are being used.

    • Gareth Williams

      Thanks Greg. The worst part is – what happens if we discover the system was compromised a year or two later? The Yahoo hack in the news back in September was in 2014 but we only heard about it now.

  • Zaffi

    Excellent article. Perhaps Mr. Williams could write a follow up on what he believes could increase voter engagement.

    • Gareth Williams

      I wish I had the answer for this Zaffi! The other element of the staff report which I did not address was the response to the Province’s legislation allowing ranked ballots. I believe this or other electoral reform measures may improve engagement since they could give disaffected voters more of a feeling that their vote ‘counts’. Unfortunately the Province chose to put a very short timeline on Municipalities to make a decision, so I can understand why staff recommended holding off for now. The issue becomes however, who will go first? Other municipalities including Brampton, Cambridge and Brant County have all reached the same conclusion.

      It will be interesting to see what evolves out of the ERRE committee work in Ottawa. Internet voting for federal elections has been bandied about but it would seem that enthusiasm among the committee members (of all political stripes) has cooled considerably based on what I’ve read.

      Ultimately I think the key to voter engagement is about what the name implies – engagement. If candidates talk about the issues that voters are concerned with and avoid using tactics which turn people off in the process I think you will see an increase in turnout, just as you did in last fall’s federal election. Simply changing the ways and methods people perform the act of voting is unlikely to have any lasting impact.

  • John

    Gareth
    The security issues with online voting are found in most if not all online data. It’s common to purchase good’s and services, bank or complete tax and census information that is equally vulnerable to the same abuse.

    Millions of individuals use internet transactions daily, if we can’t secure voting how secure is anything else.

    • Gareth Williams

      You are 100% correct John, I failed to address this in my original post but the answer is those transactions are all individually identifiable *and* reversible. Ballots are supposed to be neither.

      If a DDoS attack prevents you from purchasing a book from Amazon the impact is not that great, but if it prevents thousands of voters from casting a ballot it is significant.

      The security issues are somewhat the ‘icing on the cake’ because internet voting has already failed in my books for sacrificing the sanctity of the secret ballot.

  • Susan

    Excellent article.

    I personally know of 3 people who received more than one Voter Identification Card (V.I.D.). It’s not that unusual. A spouse has died or maybe there’s been a separation. Maybe an adult child has moved out of the family home but is still on the voter’s list. Maybe the former tenants V.I.D. Cards came to their old address and the new tenants now have their I.D. I know of someone who received 3 V.I.C. with each card having a different spelling of his/her name. It would be difficult to vote more than once at the polls but you certainly could vote more than once online.

    In the 2014 Municipal elections in Burlington, there was a purging of the voters list. What was the criteria used for this purging? Who decided and how was it decided who could be on the list and who was knocked off the list? According to a Burlington Post letter, it was very difficult and time consuming for some voters to correct the errors.

    Some of my questions are:
    Who Has Control of the Machines and can he or she be “gotten to”?
    How can I be absolutely sure my vote is recorded as I had intended?
    Does the voters list stay in Canada or are these machines relaying info to another country?
    Can someone walk away with all the voters info on a memory stick?
    Why would we want to give up the secret ballot?

    Without a paper trail, how does anyone know that a vote cast will be recorded as intended? And, how would you conduct a ballot recount if it became necessary?

    I think it’s possible voting machines would not help increase turnout because online voting may result in less polling stations meaning people have to travel further to vote.

    “Those who cast the votes decide nothing. Those who count the votes decide everything.”
    – Josef Stalin

    • Gareth Williams

      Thanks for your thoughtful reply Susan. Many of the questions you raise are ‘explained away’ by the online voting system vendors, but often fail to stand up to independent third party scrutiny.

      The part I neglected to include in my article is an argument you often hear which is “I can bank online and I can file my taxes online, why can’t I vote online”? First of all this makes the assumption that online banking is 100% safe; it is not, people’s online banking logins are compromised all the time. The difference is the bank takes the risk by guaranteeing you won’t lose your money if this happens, they can do so because of the millions of $ they save overall by closing branches and reducing staff.

      The other difference is that online banking transactions & income tax filings are identifiable to the individual and reversible. You don’t want that in an online voting system since the votes are supposed to be anonymous (that whole secret ballot thing). If the system operators say they can reverse an individual vote that means they have a database which links the ballot to the voter. Which means it can (and probably will be) hacked or leaked at some point.