logo

Canada’s National Debate over Internet Voting: Part Four

image
Created: 22 September, 2012
Updated: 13 October, 2022
3 min read
Credit: Techstorm.com

the security of internet voting

The Canadian Security Model

Question: Can Internet voting be done securely?

While this question seems simple enough, it actually provokes conflicting and complex opinions, and sometimes strong emotions on both sides. There are folks who see Internet voting as a threat to democracy, and those who see it as an enhancement of the democratic process.

Fortunately, Canada is a land where reason prevails over emotion in civic discourse – and this includes the Internet voting security debate.

Two professors of Information Systems from York University in Toronto, Saggi Nevo and Henry Kim, have written a scholarly paper on how to rationally assess the risks that threaten Internet voting systems. From their paper I derive what I call “the Canadian Model” (for a general rather than scientific readership) to guide the discussion:

  • First, specify the type of attack to be considered.
  • Second, suggest who might launch such an attack – e.g., the Taliban, a US teenager in his bedroom, the Pirate Party, or whoever.
  • Third, name the object of attack – the voter’s PC, iPad, Smart Phone, or the election server, etc.
  • Fourth, estimate the likelihood of an attack’s occurrence.
  • Finally, estimate the likelihood of an attack’s success.

For the last two principles, the likelihood, or probability, can be based a scale of from 1 to 10 - 10 being the most likely to occur, and to succeed, according to past experience with Internet voting.

As mentioned in an earlier post, over 40 cities in Canada have used Internet voting systems as a part of their election process. There have been other, nongovernmental, uses of Internet voting as well. The New Democratic Party (NDP), for example, has offered it during elections for its officers. So, in Canada, there is considerable empirical experience with the technology upon which to base estimates of the probability of an attack and of its chances of success.

Indeed, NDP officer elections have been attacked twice. On both occasions, a Denial of Service (DoS) attack interfered with the online voting. This type of attack is launched against the election servers, which host the website upon which party members vote. An election server must have sufficient bandwidth, or capacity, to efficiently process the expected amount of traffic the election will generate. An attacker can organize an army of computer users and have everyone log on to the website at an agreed time. This could clog up the system, and cause a delay for legitimate voters who happen to log on at the same time.

More Choice for San Diego

In 2003  a DoS attack on the NDP server did clog up the system. Fortunately, the system operators had anticipated the possibility of such an attack, and were prepared to fight back. Their software was able to identify where the attack was coming from, and block it. The voting was only delayed for 45 minutes.

Again, in 2011 an NDP election was delayed. This time the delay lasted for a couple of hours. But in this case, the system may have also had insufficient bandwidth; thus, in addition to an alleged DoS attack, a coincidental surge of legitimate voters could have prolonged the delay.

In both cases, no votes were lost or altered. No unauthorized votes were cast or counted.

No perpetrators have been identified or apprehended in either case.

Lesson: even though no other successful DoS attack on an Internet voting system has occurred in Canada, or any where else in the world, every online voting system should be set up to defend against such an attack, because they are proven to be at least somewhat likely to happen, and with at least moderate success. On a scale of 1 to 10, knowing of two slightly successful DoS attacks out of over 40 Internet voting uses, the likelihood for both occurrence and success might be a 1 – not much, but its better to be safe than sorry.

In the Next Segment: More on Security

Latest articles

A wide shot of an Alaska city.
In a True Nail-Biter, Alaska Voters Reject Repeal of Top 4 Primary and Ranked Choice Voting
Two weeks after Election Day, Alaska voters finally know the fate of their election system. The choice before them was keep the nonpartisan Top 4 primary system with ranked choice voting in the general election or go back to partisan control over elections....
21 November, 2024
-
5 min read
Coin with Trump's face on it.
How Will the New Government Affect Independent Voters' Finances?
My rates! What happened to my rates? Partisan and independent voters ranked the economy the most important issue in the 2024 election....
20 November, 2024
-
9 min read
An elephant and donkey facing each other on a red bar.
Understanding The ‘Other Side’ Is More Important Than Ever
For some of us, just reading the title of this piece may be irritating — even maddening. If you’re scared about Trump’s election, being asked to understand the “other side” can seem a distant concern compared to your fears of what might happen during his presidency....
20 November, 2024
-
4 min read