Friday, June 24, 2016
Internet voting magnum opus by Eric Geller
The Daily Dot - Online voting is a cybersecurity nightmare - June 10, 2016
Also available in the Internet archive - https://web.archive.org/web/20160611131517/http://www.dailydot.com/politics/online-voting-cybersecurity-election-fraud-hacking/
“We do not know how to build an internet voting system that has all of the security and privacy and transparency and verifiability properties that a national security application like voting has to have,” said David Jefferson, a researcher at the Center for Applied Scientific Computing at Lawrence Livermore National Laboratory and vice-chair of the board of directors at Verified Voting.(You can see Jefferson present at length about Internet voting in one of my videos of the week.)
Internet voting advocates often say things like, “If you can bank online, you should be able to vote online.” But banks provide receipts for transactions, letting every party verify that deposited or withdrawn money went through the system correctly. You can ask your bank to investigate a bad transaction, just as your credit card company might call you to verify a suspicious one, but only because money tied to your identity is tracked through the global financial system.(For a further expansion of this theme, see my blog post if I can do X online, then why not voting.)
Unlike in banking, where fraud is detectable because money either lands in the appropriate place or disappears, and in paper voting, where physical evidence must be tampered with to rig the results, technology lets people do things while leaving literally no trace.
It’s well known that malware lets thieves pilfer people’s financial and health data and helps hackers lock users’ files until they pay a ransom. But criminals can also use malware to tamper with the process of internet voting—and the more places adopt internet voting, the more enticing it becomes for a hacker to write malware aimed at interfering with specific platforms.(This recognition that Internet voting is a national security issue prompts quotes in other publications such as “We believe that online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results." by Neil Jenkins of the US Department of Homeland Security, quoted in the Washington Post - More than 30 states offer online voting, but experts warn it isn’t secure - May 17, 2016)
This interference won’t be limited to lone script kiddies, activists flamboyantly trying to highlight the system’s flaws, or anarchist groups like Anonymous. Given what researchers say about the ease of covertly tampering with some online-voting systems, foreign governments are likely to want in on the action too.
For more references about this topic, see my post on Internet voting risks.
Thursday, June 23, 2016
City of Mississauga report on Internet Voting
Potential enhancements for the 2018 Municipal Election: Internet Voting, Ranked Choice Elections and Vote Anywhere. (PDF)
It includes both an summary section (pp. 14-17) and an appendix on Internet voting specifically (pp. 18-23).
Some key highlights (selected by me):
Executive Summary (selected items)Some additional key quotes:
- Statistics indicate that internet voting does not increase voter turnout or youth participation.
- The risks to the integrity of an election offering remote internet voting include: electronic security, authentication of elector identity, fraud and equipment failure.
- Internet voting requires a significant financial investment of approximately $1.1 million
"there are risks to be considered. Subversive internet activities continuously evolve in frequency, unpredictability and complexity and may threaten the integrity of an Internet Voting system." - page 15
"The academic community generally agree that there is no guarantee that the transmission of ballots through the internet is secure.
Election officials have no control over the security of the internet devices used by electors to vote remotely. An elector may unknowingly be using a device that has been compromised with illicit software that may direct him/her to a fraudulent election site, duplicate his/her personal information, change his/her vote, etc." - page 19
Unfortunately there are no citations, but that is not unusual for a municipal report.
Thanks to Rachael Williams for her article about the report and the Governance Committee debate about it in the Mississauga News - Mississauga won't use ranked ballots until province implements reform: Governance Committee, and for sharing the link to the report with me in response to a question.
Wednesday, June 22, 2016
Online voting section of Background Paper 2016-06-E on Electoral Systems
The background paper is by Andre Barnes, Dara Lithwick, & Erin Virgint. Lithwick and Virgint are the Library of Parliament analysts assigned to the Special Committee on Electoral Reform.
I would have hoped to see citation of at least one of the reports I link to in my post about Internet voting risks, in particular the Parliament of Australia inquiry (which is excellent) would have been a natural fit.
I very much hope that the committee will hear from a representative sample of academic experts on Internet voting with a particular emphasis on computer security. Internet voting is not a matter than can be properly analysed purely from a social science perspective. I encourage you to put forward names of computer science professors with expertise in this area as potential witnesses.
A much better view on online voting, long and extensively-researched, for a non-technical audience, is available in Online voting is a cybersecurity nightmare by Eric Geller. I will also update this post to cite more academic papers.
Below is the online voting section from the Background Paper, which will be read by all of the committee members.
A number of jurisdictions internationally, at various levels of government, have studied or implemented online voting systems. For example, Estonia has offered online voting at the national level in some form since 2005.60
Research conducted for Elections Canada found that “a moderate proportion of electors would be likely to vote over the Internet, and that this proportion is increasing from one general election to the next.” 61 Elections Canada’s research also examined the required legal framework to establish online voting,62 as well as consultations with European jurisdictions about their experience with online voting.63
Those in favour of online voting suggest that it may expand the accessibility of elections and, in turn, increase voter turnout. Those against Internet voting cite reliability and security concerns.
- See, for example, Jon H. Pammett and Nicole Goodman, Consultation and Evaluation Practices in the Implementation of Internet Voting in Canada and Europe (886 kB, 63 pages), Research study prepared for Elections Canada, November 2013, pp. 25-35;Canada-Europe Transatlantic Dialogue,A Comparative Assessment of Electronic Voting (324 kB, 64 pages), Report prepared for Elections Canada, February 2010, pp. 23-32; and Leslie MacKinnon, “Elections Canada drops plan for online voting due to cuts,” CBC News, 1 May 2013.
- R. Michael Alvarez, Thad E. Hall and Alexander H. Trechsel, “Internet Voting in Comparative Perspective: The Case of Estonia (205 kB, 9 pages),” PS: Political Science and Politics, Vol. 42, July 2009.
- Pascal Barrette, “Conclusion,” Interest of Canadians in Internet Voting (2004, 2006, 2008 and 2011) - Research Note, Elections Canada, February 2013.
- Bryan Schwartz and Dan Grice, “Executive Summary,” Establishing a Legal Framework for E-voting in Canada, Report prepared for Elections Canada, September 2013.
- Jon H. Pammett and Nicole Goodman, Consultation and Evaluation Practices in the Implementation of Internet Voting in Canada and Europe, Report prepared for Elections Canada, November 2013. [this is just an ibid. of 59 above]
#ERRE - Special Committee on Electoral Reform - membership
|John Aldag||John.Aldag@parl.gc.ca||@jwaldag||Master or Business Administration (Royal Roads University)
Bachelor of Business Administration (BC’s Open University)
Diploma in Public Sector Management (University of Victoria)
long career at Parks Canada
|Alexandre Boulerice||Alexandre.Boulerice@parl.gc.ca||@alexboulerice||baccalauréat en sociologie à l'Université de Montréal
des études en science politique à l'UQAM
entame une scolarité de maîtrise à l'Université McGill
|Nathan Cullen||Vice-Chair (there are two vice-chairs)||Agenda and Procedurefirstname.lastname@example.org||@nathancullen||graduate of the Comparative Development Studies Program at Trent University
|Matt DeCourcey||Matt.DeCourcey@parl.gc.ca||@MattDeCourcey||Master of Public Relations from Mount Saint Vincent University
Bachelor of Arts from St. Thomas University (STU)
|Gérard Deltell||Gerard.Deltell@parl.gc.ca||@gerarddeltell||studied social science at Cégep de Sainte-Foy, graduating in 1984
majored in history at Université Laval and graduated in 1989
|Jason Kenneyemail@example.com||@jkenney||did undergraduate studies in philosophy at the University of San Francisco
left university to begin work for the Saskatchewan Liberal Party
from http://www.jasonkenney.ca/meet_jason and https://en.wikipedia.org/wiki/Jason_Kenney#Early_life_and_career
|Elizabeth May||Agenda and Procedure||Elizabeth.May@parl.gc.ca||@ElizabethMay||a graduate of Dalhousie Law School
was admitted to the Bar in both Nova Scotia and Ontario
|Scott Reid||Vice-Chair (there are two vice-chairs)||Agenda and Procedurefirstname.lastname@example.org||@ScottReidCPC||Bachelor of Arts degree in Political Science from Carleton University
Master of Arts degree in Russian History from Carleton University
|Sherry Romanado||Agenda and Procedure||Sherry.Romanado@parl.gc.ca||@SherryRomanado||MBA, Concordia University, 2011
Certificate in Public Relations Management, McGill, 2005
from https://www.mcgill.ca/continuingstudies/instructors/biographies/romanado-sherry and https://ca.linkedin.com/in/sherryromanado
|Ruby Sahota||Ruby.Sahota@parl.gc.ca||@MPRubySahota||combined Honours Bachelor of Arts in Political Science and Peace Studies from McMaster University
J.D. with a concentration in Litigation from Thomas M. Cooley Law School
|Francis Scarpaleggia||Chair||Chair, Agenda and Procedureemail@example.com||@ScarpaleggiaLSL||undergraduate [degree] in economics from McGill University
master’s degree in economics from Columbia University in New York
MBA from Concordia University
|Luc Thériault||Agenda and Procedure||Luc.Theriault@parl.gc.ca||@LucTerjo1||Titulaire d’un baccalauréat et d’une maîtrise de l’UQAM en philosophie
Mark Holland, Parliamentary Secretary to the Minister of Democratic Institutions is also present at the committee, but as an observer (does not have a vote).
None of the committee members has a technical background; this is not unusual for Canada's otherwise fairly diverse parliament.
I've made a Twitter list of all members https://twitter.com/papervote/lists/erre
The hashtag for the committee is #ERRE
UPDATE 2016-06-26: I've added membership in the Agenda and Procedure subcommittee, for which the shortcode appears to be SERR. ENDUPDATE
The committee home page is http://www.parl.gc.ca/Committees/en/ERRE (or short link http://parl.gc.ca/ERRE-e )
You can email the committee directly at ERRE@parl.gc.ca
The committee contact page lists the following additional staff membership
- Christine Lafrance, Committee Clerk
- Danielle Widmer, Committee Clerk
- Ariann Bouchard, Committee Assistant
- Dara Lithwick, Analyst, Library of Parliament
- Erin Virgint, Analyst, Library of Parliament
The Minister of Democratic Institutions is Maryam Monsef.
There is a web page for Democratic Institutions at http://www.democraticinstitutions.gc.ca/ but it doesn't (yet?) link to the committee. Shortlink is http://canada.ca/democracy
The Twitter for Democratic Institutions is @CdnDemocracy and the hashtag is mostly #CdnDemocracy
I've made a Twitter list of the Minister, Parl. Sec. and Twitter account for Democratic Institutions https://twitter.com/papervote/lists/democratic-institutions
It's not yet clear how best to interact with the committee (I'm not an expert in how committees work). For the time being, including for witness recommendations, I would say probably through contacting Minister Monsef, the committee members, and your local MP. Witness lists appear to be prepared by each party and submitted. There was talk at the first meeting of allowing questions to be submitted to committee meetings online.
Monday, June 06, 2016
Internet voting video of the week - David Jefferson
Thursday, June 02, 2016
Presentation - Questions to ask about Internet Voting
Monday, May 30, 2016
Internet voting video of the week - J. Alex Halderman at Enigma 2016
Download the presentation slides.
Monday, May 23, 2016
Internet voting video of the week - Barbara Simons