Paper Vote Canada

Eric Geller has written the Internet voting article I have always wanted to see - long and extensively researched, with quotes from all of the key experts.

The Daily Dot - Online voting is a cybersecurity nightmare - June 10, 2016

Also available in the Internet archive - https://web.archive.org/web/20160611131517/http://www.dailydot.com/politics/online-voting-cybersecurity-election-fraud-hacking/

“We do not know how to build an internet voting system that has all of the security and privacy and transparency and verifiability properties that a national security application like voting has to have,” said David Jefferson, a researcher at the Center for Applied Scientific Computing at Lawrence Livermore National Laboratory and vice-chair of the board of directors at Verified Voting.

(You can see Jefferson present at length about Internet voting in one of my videos of the week.)

Internet voting advocates often say things like, “If you can bank online, you should be able to vote online.” But banks provide receipts for transactions, letting every party verify that deposited or withdrawn money went through the system correctly. You can ask your bank to investigate a bad transaction, just as your credit card company might call you to verify a suspicious one, but only because money tied to your identity is tracked through the global financial system.

Unlike in banking, where fraud is detectable because money either lands in the appropriate place or disappears, and in paper voting, where physical evidence must be tampered with to rig the results, technology lets people do things while leaving literally no trace.

(For a further expansion of this theme, see my blog post if I can do X online, then why not voting.)

It’s well known that malware lets thieves pilfer people’s financial and health data and helps hackers lock users’ files until they pay a ransom. But criminals can also use malware to tamper with the process of internet voting—and the more places adopt internet voting, the more enticing it becomes for a hacker to write malware aimed at interfering with specific platforms.

This interference won’t be limited to lone script kiddies, activists flamboyantly trying to highlight the system’s flaws, or anarchist groups like Anonymous. Given what researchers say about the ease of covertly tampering with some online-voting systems, foreign governments are likely to want in on the action too.

(This recognition that Internet voting is a national security issue prompts quotes in other publications such as “We believe that online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results." by Neil Jenkins of the US Department of Homeland Security, quoted in the Washington Post - More than 30 states offer online voting, but experts warn it isn’t secure - May 17, 2016)

For more references about this topic, see my post on Internet voting risks.

Labels: internet voting, online voting

A good, clear report about Internet voting from the City of Mississauga has been posted.

Potential enhancements for the 2018 Municipal Election: Internet Voting, Ranked Choice Elections and Vote Anywhere. (PDF)

It includes both an summary section (pp. 14-17) and an appendix on Internet voting specifically (pp. 18-23).

Some key highlights (selected by me):

Executive Summary (selected items)

• Statistics indicate that internet voting does not increase voter turnout or youth participation.
• The risks to the integrity of an election offering remote internet voting include: electronic security, authentication of elector identity, fraud and equipment failure.
• Internet voting requires a significant financial investment of approximately $1.1 million

Some additional key quotes:

 "there are risks to be considered. Subversive internet activities continuously evolve in frequency, unpredictability and complexity and may threaten the integrity of an Internet Voting system." - page 15

"The academic community generally agree that there is no guarantee that the transmission of ballots through the internet is secure.

Election officials have no control over the security of the internet devices used by electors to vote remotely. An elector may unknowingly be using a device that has been compromised with illicit software that may direct him/her to a fraudulent election site, duplicate his/her personal information, change his/her vote, etc." - page 19

Unfortunately there are no citations, but that is not unusual for a municipal report.

Thanks to Rachael Williams for her article about the report and the Governance Committee debate about it in the Mississauga News - Mississauga won't use ranked ballots until province implements reform: Governance Committee, and for sharing the link to the report with me in response to a question.

Labels: #CdnDemocracy, internet voting, mississauga, online voting, report

There is a Library of Parliament Background Paper - 2016-06-E - Electoral Systems and Electoral Reform in Canada and Elsewhere: An Overview

UPDATE 2020-05-23: New URL for the background paper is https://lop.parl.ca/sites/PublicWebsite/default/en_CA/ResearchPublications/201606E END UPDATE

that gives a good sense of the material the Special Committee on Electoral Reform will cover.  Which is to say, a huge amount on electoral systems, and one small section (6.2) with four short paragraphs about online voting.  Most cited is Canada's Nichole Goodman.  Dr. Goodman's degree is in Political Science and Government; she is a social scientist, not a technology expert.  There is no direct citation of computer scientists or computer security experts in the background paper.  There is a false balance statement at the end, as if there should be equal weight on the (unsupported by evidence) increase in turnout and the (repeatedly supported by expert investigation) security concerns.

I would have hoped to see citation of at least one of the reports I link to in my post about Internet voting risks, in particular the Parliament of Australia inquiry (which is excellent) would have been a natural fit.

I very much hope that the committee will hear from a representative sample of academic experts on Internet voting with a particular emphasis on computer security.  Internet voting is not a matter than can be properly analysed purely from a social science perspective.  I encourage you to put forward names of computer science professors with expertise in this area as potential witnesses.

A much better view on online voting, long and extensively-researched, for a non-technical audience, is available in Online voting is a cybersecurity nightmare by Eric Geller.  I will also update this post to cite more academic papers.

Below is the online voting section from the Background Paper, which will be read by all of the committee members.

 6.2 Online Voting

As society’s use of the Internet has become commonplace, consideration continues to be given to the possibility of enabling Canadians to vote online. In Canada, Internet voting has been employed at the municipal or regional level, namely in Markham and Peterborough, Ontario, and in Halifax and Truro and in Cape Breton, Nova Scotia.59

A number of jurisdictions internationally, at various levels of government, have studied or implemented online voting systems. For example, Estonia has offered online voting at the national level in some form since 2005.60

Research conducted for Elections Canada found that “a moderate proportion of electors would be likely to vote over the Internet, and that this proportion is increasing from one general election to the next.” 61 Elections Canada’s research also examined the required legal framework to establish online voting,62 as well as consultations with European jurisdictions about their experience with online voting.63

Those in favour of online voting suggest that it may expand the accessibility of elections and, in turn, increase voter turnout. Those against Internet voting cite reliability and security concerns.

59. See, for example, Jon H. Pammett and Nicole Goodman, Consultation and Evaluation Practices in the Implementation of Internet Voting in Canada and Europe  (886 kB, 63 pages), Research study prepared for Elections Canada, November 2013, pp. 25-35;Canada-Europe Transatlantic Dialogue,A Comparative Assessment of Electronic Voting  (324 kB, 64 pages), Report prepared for Elections Canada, February 2010, pp. 23-32; and Leslie MacKinnon, “Elections Canada drops plan for online voting due to cuts,” CBC News, 1 May 2013.
60. R. Michael Alvarez, Thad E. Hall and Alexander H. Trechsel, “Internet Voting in Comparative Perspective: The Case of Estonia  (205 kB, 9 pages),” PS: Political Science and Politics, Vol. 42, July 2009.
61. Pascal Barrette, “Conclusion,” Interest of Canadians in Internet Voting (2004, 2006, 2008 and 2011) - Research Note, Elections Canada, February 2013.
62. Bryan Schwartz and Dan Grice, “Executive Summary,” Establishing a Legal Framework for E-voting in Canada, Report prepared for Elections Canada, September 2013.
63. Jon H. Pammett and Nicole Goodman, Consultation and Evaluation Practices in the Implementation of Internet Voting in Canada and Europe, Report prepared for Elections Canada, November 2013. [this is just an ibid. of 59 above]

Labels: #CdnDemocracy, #ERRE, internet voting, Library of Parliament, online voting

Name	Role	Subcommittee(s)	Email	Twitter	Background	Party
John Aldag			John.Aldag@parl.gc.ca	@jwaldag	Master or Business Administration (Royal Roads University) Bachelor of Business Administration (BC’s Open University) Diploma in Public Sector Management (University of Victoria) long career at Parks Canada from http://www.johnaldagmp.ca/about/#john-aldag	Liberal
Alexandre Boulerice			Alexandre.Boulerice@parl.gc.ca	@alexboulerice	baccalauréat en sociologie à l'Université de Montréal des études en science politique à l'UQAM entame une scolarité de maîtrise à l'Université McGill http://www.boulerice.org/a_propos_d_alexandre	NDP
Nathan Cullen	Vice-Chair (there are two vice-chairs)	Agenda and Procedure	nathan.cullen@parl.gc.ca	@nathancullen	graduate of the Comparative Development Studies Program at Trent University from https://en.wikipedia.org/wiki/Nathan_Cullen#Early_life	NDP
Matt DeCourcey			Matt.DeCourcey@parl.gc.ca	@MattDeCourcey	Master of Public Relations from Mount Saint Vincent University Bachelor of Arts from St. Thomas University (STU) from http://mdecourcey.liberal.ca/biography/	Liberal
Gérard Deltell			Gerard.Deltell@parl.gc.ca	@gerarddeltell	studied social science at Cégep de Sainte-Foy, graduating in 1984 majored in history at Université Laval and graduated in 1989 from https://en.wikipedia.org/wiki/G%C3%A9rard_Deltell#Background	Conservative
Jason Kenney replaced on committee by Blake Richards			jason.kenney@parl.gc.ca	@jkenney	did undergraduate studies in philosophy at the University of San Francisco left university to begin work for the Saskatchewan Liberal Party from http://www.jasonkenney.ca/meet_jason and https://en.wikipedia.org/wiki/Jason_Kenney#Early_life_and_career	Conservative
Elizabeth May		Agenda and Procedure	Elizabeth.May@parl.gc.ca	@ElizabethMay	a graduate of Dalhousie Law School was admitted to the Bar in both Nova Scotia and Ontario from http://elizabethmaymp.ca/home/meet-elizabeth-widget/meet-elizabeth-may/	Green
Scott Reid	Vice-Chair (there are two vice-chairs)	Agenda and Procedure	scott.reid@parl.gc.ca	@ScottReidCPC	Bachelor of Arts degree in Political Science from Carleton University Master of Arts degree in Russian History from Carleton University from https://en.wikipedia.org/wiki/Scott_Reid_(politician)#Personal_life	Conservative
Blake Richards (replaced Jason Kenney)			blake.richards@parl.gc.ca	@BlakeRichardsMP	Bachelor of Arts degree in political science from the University of Calgary from https://en.wikipedia.org/wiki/Blake_Richards#Early_life_and_career	Conservative
Sherry Romanado		Agenda and Procedure	Sherry.Romanado@parl.gc.ca	@SherryRomanado	MBA, Concordia University, 2011 Certificate in Public Relations Management, McGill, 2005 from https://www.mcgill.ca/continuingstudies/instructors/biographies/romanado-sherry and https://ca.linkedin.com/in/sherryromanado	Liberal
Ruby Sahota			Ruby.Sahota@parl.gc.ca	@MPRubySahota	combined Honours Bachelor of Arts in Political Science and Peace Studies from McMaster University J.D. with a concentration in Litigation from Thomas M. Cooley Law School from http://rsahota.liberal.ca/biography/	Liberal
Francis Scarpaleggia	Chair	Chair, Agenda and Procedure	francis.scarpaleggia@parl.gc.ca	@ScarpaleggiaLSL	undergraduate [degree] in economics from McGill University master’s degree in economics from Columbia University in New York MBA from Concordia University from http://francisscarpaleggia.parl.liberal.ca/biography/	Liberal
Luc Thériault		Agenda and Procedure	Luc.Theriault@parl.gc.ca	@LucTerjo1	Titulaire d’un baccalauréat et d’une maîtrise de l’UQAM en philosophie http://www.blocquebecois.org/depute-luc-theriault/	Bloc Québécois

Mark Holland, Parliamentary Secretary to the Minister of Democratic Institutions is also present at the committee, but as an observer (does not have a vote).

None of the committee members has a technical background; this is not unusual for Canada's otherwise fairly diverse parliament.

I've made a Twitter list of all members https://twitter.com/papervote/lists/erre

The hashtag for the committee is #ERRE

UPDATE 2016-06-26: I've added membership in the Agenda and Procedure subcommittee, for which the shortcode appears to be SERR.  ENDUPDATE

The committee home page is http://www.parl.gc.ca/Committees/en/ERRE (or short link http://parl.gc.ca/ERRE-e )

You can email the committee directly at ERRE@parl.gc.ca

The committee contact page lists the following additional staff membership

Labels: #CdnDemocracy, #ERRE, Electoral Reform, Special Committee on Electoral Reform

https://youtu.be/_GjmRwfkRXY

Labels: electronic voting, internet voting, links to video, online voting

NOTE: SpeakerDeck disables links in presentations; for clickable links you will have to download the PDF from Share -> Download PDF at https://speakerdeck.com/papervote/questions-to-ask-about-internet-voting

You can also download the PowerPoint presentation (from Google Drive). The PowerPoint includes clickable links as well as slide notes.
To download the slides, click the download link (the downward-pointing arrow) in the upper right of the Google Drive screen.

UPDATE 2016-08-31: I have also made a narrated (audio + slides) version of the presentation.

Labels: elections canada, internet voting, links to presentations

https://youtu.be/v6aUkan3R68

Download the presentation slides. 

Labels: electronic voting, enigma2016, internet voting, links to video, online voting

https://youtu.be/Wv3VuGZzdK8

Labels: electronic voting, internet voting, links to video, online voting

https://youtu.be/abQCqIbBBeM?t=14s

Labels: election history, electronic voting, internet voting, links to video, online voting

https://youtu.be/w3_0x6oaDmI

Labels: electronic voting, internet voting, links to video, online voting

If you are interested in providing evidence about the risks of online voting, you are welcome to contact me @papervote or papervotecanada@gmail.com
 
On May 11, 2016 the Government of Canada gave notice of its proposal to create an All-Party Parliamentary Committee on Electoral Reform.

The Government has also asked that the committee consider the issues of mandatory voting and online voting.

The government is proposing that five principles guide the parliamentary committee's study, of which the most relevant for the purposes of this blog is

4. Safeguarding the integrity of our voting process.

The timing is tight to produce a comprehensive report.

The Government is proposing that the special all-party committee issue its final report to Parliament by December 1, 2016.

from News Release - Government of Canada proposes All-Party Parliamentary Committee on Electoral Reform and Democratic Institutions - Frequently Asked Questions.

Online and in-person consultation hearings are proposed.  I have asked (through my Twitter account) if there will be a specific hearing on online voting.

@CdnDemocracy Will there be a hearing specifically about online voting?

— Richard Akerman (@papervote) May 11, 2016

UPDATE 2016-06-30: Please see my blog post

How to participate in #ERRE Special Committee on Electoral Reform

for more information.  ENDUPDATE


Sources of information are

• Twitter: @CdnDemocracy
• Web: http://www.DemocraticInstitutions.gc.ca/
• Twitter: Minister of Democratic Institutions @MaryamMonsef

If you are interested in providing evidence about the risks of online voting, you are welcome to contact me @papervote or papervotecanada@gmail.com

UPDATE 2016-06-24: The full committee membership has been announced and they have held their first meeting.  I have listed all of the members with their contact information in #ERRE - Special Committee on Electoral Reform - membership

There has been no commitment to hold a specific hearing about online voting, @CdnDemocracy said only "the all-party parliamentary committee will be studying online voting" in response to my tweeted question.

ENDUPDATE

Labels: #CdnDemocracy, CdnDemocracy, internet voting, online voting

The electronic voting machine, a purely electronic kiosk where you vote, has many challenges.

The code that the machine runs must be correct (without significant bugs or errors), which is difficult (and expensive).

Worse, you must be certain that the code you have validated is actually the code it runs for every vote during the election, which is impossible.  As in, literally impossible.  The problem is, the only way to find out what code the machine is running is to ask it.  Because machines are programmed by humans, machines can lie, just like humans.

Here's how it works:

Computer running the validated code

1. Computer expert queries the computer about what code it is running
2. Computer says "I am running the validated code"

Computer running hacked code

1. Computer is hacked, adding malicious (lying) code to the validated code
2. Computer expert queries the computer about what code it is running
3. The malicious code lies and says "I am running the validated code"

This is not theoretical, this is exactly what a rootkit does.

So if the machine only records votes electronically, you can never be sure if your vote was correctly recorded.  (This is not to mention the possibility of alteration during a long electronic chain of transmission to get to the final election results.)

The only way to verify your vote is to get a paper printout, so that you can look at the paper and validate that it shows your vote as cast.  But again, remember the computer can lie.  You can vote for party A, the computer can record the vote for party B and then print a paper receipt saying you voted for party A.

The only way to actually be certain of the vote count is to count the paper...

which means you just spent millions of dollars replacing a pen.

These are just the core issues, in an ideal system.
In reality, there are many more problems with voting machines.  Although some were based on ATMs, ATMs are physically bigger, have a simpler job, have much clearer transactional validation (ask for $100, complain if you don't get $100), and have dedicated maintenance teams.  While some voting machines were build by ATM manufacturers (like Diebold), the coding was rushed (at least we assume so, we don't get to see the coding), the machines are only used once a year at most, and the maintenance is done by amateurs who don't have the bank's monetary motivations for maintaining accuracy.  In such a situation, voting machines can have many errors including:

* touchscreen misalignment
* coding errors
* introduction of malicious code e.g. via USB
* failure due to poor storage or aging out
* existing software vulnerabilities (particularly since most run Windows) that are uncovered during the lifetime of the machine but never patched, opening them to network or USB attack

Labels: electronic voting, security, voting machines

(And risks associated with other types of voting technology.)

I have been tweeting many links about Internet voting risks on the account @papervote
but now it is time to put them together in a blog post.

You can also find links in my bookmarks (which are drawn from many of my accounts, not just @papervote) under tag voting_tech_risks (click link for full list).

Also see extensive materials at http://www.verifiedvoting.org/resources/internet-voting/

Statements from Computer Scientist Organisations

Computer scientists are best positioned to understand the risks related to the use of computers for voting.  They have made clear statements against the use of Internet voting at this time.

✭ US Association for Computing Machinery (ACM) - Internet voting

Internet voting adds additional concerns about security, verifiability and auditability to those already known about electronic voting. ...
At the present, paper-based systems provide the best available technology to [preserve the ability to audit and/or recount the votes].

✭ Computer Technologists' Statement on Internet Voting

Several serious, potentially insurmountable, technical challenges must be met if elections conducted by transmitting votes over the internet are to be verifiable.

Government Reports / Tech Reports

✭ US Office of the Director of National Intelligence - Opening Statement to Worldwide Threat Assessment Hearing (PDF) - February 26, 2015

Remarks from the Honorable James R. Clapper, Director of National Intelligence:

I'll start with cyber threats.  Attacks against us are increasing in frequency, scale, sophistication and severity of impact.

✭ Foundation for Information Policy Research - Response to The Speaker’s Commission on Digital Democracy (PDF) - September 27, 2014

this technology still has very significant issues with security, privacy, coercion resistance, auditability and comprehensibility, which preclude its use in high-stakes contests where capable and well-resourced actors (political parties, lobby groups and even foreign governments) may have an incentive to manipulate the system

✭ Parliament of Australia - Inquiry into... 2013 General Election - Second Interim Report: An assessment of electronic voting options

This excellent report, licensed in the Creative Commons for reuse (CC BY-NC-ND 3.0 Australia) covers many risks related to Internet voting, with very clear language.

Full report (PDF) can be downloaded; individual sections also available.

✭ NISTIR 7770 - Security Considerations for Remote Electronic UOCAVA Voting (PDF) - February 2011

✭ UK Electoral Commission - Key issues and conclusions: May 2007 electoral pilot schemes (PDF; copy from Archive.org) - August 2007

issues with the security and transparency of the solutions

Expert Analysis

✭ Independent Report on E-voting in Estonia

Audio and Video

✭ Security Analysis of Estonia's Internet Voting System by J. Alex Halderman - published to YouTube Dec 28, 2014

From the Chaos Communication Conference (31c3) in 2014.  You can also see the video on their website.

✭ Why electronic voting is a BAD idea - published to YouTube Dec 18, 2014

The above video is a fantastic clear explanation of why electronic voting machines are a security risk and why Internet voting is even worse.

Presented by Tom Scott for Computerphile, filmed by Sean Riley.

✭ Videos from online course Securing Digital Democracy by J. Alex Halderman

✭ SRI International - Podcast (audio) - Internet voting - October 10, 2010

Interviewing Jeremy Epstein.

Articles, Blog Posts, etc.

✭ Freedom to Tinker - Decertifying the worst voting machine in the US - by Jeremy Epstein - April 15, 2015

✭ Remarkable Virginia IT Agency Report Details Reasons for WinVote Decertification - by Doug Chapin - April 15, 2015

✭ Sydney Morning Herald - International experts warn of the risks of Australian online voting tools - March 24, 2015

✭ Communications of the ACM - Security Risks, Privacy Issues Too Great for Internet Voting - March 12, 2015

Above article reports on a presentation by computer scientist David Jefferson.

✭ CBC - Internet voting isn't a big draw for younger voters, researcher says -  February 11, 2015

Note that Nichole Goodman is a social sciences researcher, not a computer scientist.

✭ Analyst opinion: Don’t take online voting for granted - by Nick Wallace - January 30, 2015

Government should consider alternatives to online voting.  ... Preventing fraud is a tall order. ... An additional challenge is preserving the secret ballot...

✭ USA Today - Online voting rife with hazards - November 4, 2014

Above article by computer scientist Barbara Simons.

Education

Learn more about the issues.

... more to come

GTEC conference, October 19, 2011 from 10:00 to 11:00

Using Digital Technology to Connect with Citizens in the Town of Markham

Given the apparent decrease in voter engagement, Canadian governments are faced with seeking innovative ways to connect with the public. When used strategically, digital technologies are an effective means to engage citizens. Through the use of Internet voting and the implementation of multiple interactive online initiatives, the Town of Markham has become a leader in eDemocracy. In this session attendees will hear from the Mayor of Markham, the visionary behind Markham’s innovative use of digital technologies to engage citizens, as well as the CEO of Delvinia, the firm behind the initiatives and the only organization to collect consumer data on Internet voting in three consecutive elections.

Co-presenter - Adam Froman, CEO, Delvinia

from GTEC 2011 Conference Program at a Glace

1) Delvinia releases a report

"Our latest DIG report examines the Town of Markham’s experience with Internet voting in the 2003, 2006 and 2010 municipal election"

http://www.delvinia.com/delvinia-releases-dig-report-on-edemocracy-and-citizen-engagement/

This is good.

In 2010, with the support of Ryerson University, Delvinia secured an Engage Grant from the Natural Sciences and Engineering Research Council (NSERC) to commission Nicole Goodman, a PhD candidate specializing in Canadian political institutions and alternative voting methods, to provide a scholarly perspective on the data collected following the 2010 election as well as a comparison to the data Delvinia collected in the 2003 and 2006 elections.

It is also excellent to see academic research in this field and a rigorous report.

2) However

The DIG report is available online at www.delvinia.com/dig. The full research report is available for purchase through Delvinia. Please refer to our order form to obtain a copy of the report.

from http://www.delvinia.com/delvinia-releases-dig-report-on-edemocracy-and-citizen-engagement/

So objective fact 1: Delvinia is selling the full report.

3) However

In addition to helping the Town raise awareness of Internet voting in the 2003, 2006 and 2010 municipal elections, Delvinia also conducted in-person and online surveys to collect data regarding public attitudes, feelings and beliefs toward Internet voting in each of those elections.

from http://www.delvinia.com/should-canadians-have-the-opportunity-to-vote-online/

So objective fact 2: Delvinia was paid by the City of Markham to promote Internet voting in 2003, 2006 and 2010 (the same years in the same city concerning the same topic that the newly-released evoting report covers).

4) The correct way to report this, providing the full context, would be

Delvinia, a company paid by the City of Markham to promote Internet voting in 2003, 2006 and 2010, is now selling a detailed report about Internet voting in Markham.  The report concludes Internet voting was a great success.

I am not criticising Delvinia or the report, I am just stating the objective facts of the context of the report.

So I will now help some news reporting organisations.

This is what the Star wrote

Internet voting in advance polls in Markham has helped increase overall voter turnout, engage non-voters to vote and greatly improve overall voter satisfaction, according to a research and public opinion report released Monday.

In the report by Delvinia, a digital strategy firm, voter turnout in Markham has increased by 35 per cent since the introduction of Internet voting in 2003, and much of that is attributed to the advent of online voting.

http://www.thestar.com/news/article/1059558

You may note that neither in this extract nor indeed anywhere in the entire article does it mention the context I provided above.  The article with context would be

Internet voting in advance polls in Markham has helped increase overall voter turnout, engage non-voters to vote and greatly improve overall voter satisfaction, according to a research and public opinion report released Monday.

In the report by Delvinia, a digital strategy firm, voter turnout in Markham has increased by 35 per cent since the introduction of Internet voting in 2003, and much of that is attributed to the advent of online voting.  Delvinia, a company paid by the City of Markham to promote Internet voting in 2003, 2006 and 2010, is now selling a detailed report about Internet voting in Markham.

This is what IT World Canada wrote

New data culled from Markham, Ont. voters could make a case for the introduction of Internet voting across all levels of government in Canada, according to a new report from user experience design firm Delvinia

The Toronto-based digital consultancy released the findings of its eDemocracy and Citizen Engagement report on Monday, which focused on the Town of Markham’s recent online voting initiatives. The municipality has offered online voting for its local elections since 2003.

http://www.itworldcanada.com/news/e-voting-gets-almost-unanimous-praise-study-finds/144015

And here, again, is the article with the actual full context added

New data culled from Markham, Ont. voters could make a case for the introduction of Internet voting across all levels of government in Canada, according to a new report from user experience design firm Delvinia

The Toronto-based digital consultancy released the findings of its eDemocracy and Citizen Engagement report on Monday, which focused on the Town of Markham’s recent online voting initiatives. The municipality has offered online voting for its local elections since 2003.  Delvinia, a company paid by the City of Markham to promote Internet voting in 2003, 2006 and 2010, is now selling a detailed report about Internet voting in Markham.

I want to be completely up-front: I am profoundly disappointed that major Canadian news media are not providing the full context of this report.  I expect the news media to provide context for ANY press release, announcement, speech, interview or think-tank report.  Information without context is no foundation for democracy.

UPDATE: I should also mention, in case you think this is a minor nuance on an obscure story buried in the back pages of the paper, that "Online voting changes the game" was the Toronto Star's front-page, above-the-fold, banner full-width headline story for Monday September 26, 2011.  In newspaper terms, they declared it the single most important story in the world for September 26, 2011.

Go vote, in the assurance that your vote will be accurately counted.

http://elections.ca/

Labels: canada, elections canada

Thursday April 28, 2011 at noon Eastern (10 Mountain) The Rutherford Show will have a discussion about online voting, including Internet voting expert Barbara Simons.

You can listen to the show live - click the large "Listen Live" icon at the top of the web page.

Labels: canada, online voting

This is a kind of typical "if I can bank online securely, why not vote online" story by Lena Almeida

Let’s boost participation by allowing online voting

Canada.com - April 15, 2011

And this is a kind of typical "hey our government cybersecurity research lab was hacked" story

Top Federal Lab Hacked in Spear-Phishing Attack

Wired Threat Level - April 20, 2011

Because the answer is, you don't bank online securely. People's online banking is hacked ALL THE TIME. Everyone's systems, including national cybersecurity facilities in the US and Canada, get broken into by determined, sophisticated attackers.

Let me make it clear, I respect Ms. Almeida's question. It is not at all obvious to someone who hasn't stepped through the properties of our current paper-based system one-by-one, and who hasn't analysed the risks of a purely Internet-based system, why online voting shouldn't be as simple as filing your taxes online.

What you CAN do with banking is have their experts follow a forensics trail, undo the unauthorized changes, and return your account to its correct state. As happened to me recently when my credit card number was stolen.

But you CANNOT DO THIS WITH A ONE-TIME, ONE-VOTE, ANONYMOUS ELECTION.
If your vote is reversable 1) it has to be personally identifiable 2) ANYONE with technical knowledge can reverse it.

So that's why you can't vote online. It's not a technical problem. There are no technical barriers to voting online. Amongst many, many other things it's a security problem. Even if you can solve the security problem, you still can't verify what code is running (so open source doesn't help). Even if you could solve the security AND the code verification problems, you still can't stop someone standing over you at home as you vote, and threatening you if you don't vote the correct way (the coercion problem). Or someone can just steal someone's voting credentials and skip the bother of threatening them (the authentication problem).

Hackers will attack your vote, it's just a question of whether they succeed. And the company or individuals writing the code could be malicious, corrupted or threatened. Or the company making the servers. Or the people in the server room. Or actively malicious insiders anywhere along the network chain. Or citizens can be systematically intimidated into voting a certain way. Or the voting credentials of huge numbers of people who don't bother to vote can simply be stolen (e.g. monitoring the mailboxes of students and other young people for convenient mailings with PIN numbers that are unlikely to be used).

Oh, and even if someone miraculously everyone involved in the long chain between you and your vote being recorded on a distant server is trustworthy and not malicious, the software can still have bugs. In fact it's pretty much guaranteed to have bugs. Bugs which may not show up until millions of real users start hammering the real system on election day. So it can still fail spectacularly. Or even worse, fail silently and undetectably, misrecording or losing votes.

But other than that, online voting is a great idea.

PS If you think the TV shows have mastered this problem, I suggest googling so you think you can dance vote hacked or head right to

How the 'Dancing' vote was hacked - MSNBC Cosmic Log - November 19, 2010

Labels: canada, online voting

Just pointing to some official Elections Canada icons for the 41st General Election.

Please note: the following reproductions are a copy of the promotional icons that are published by Elections Canada and the reproductions have not been produced in affiliation with, or with the endorsement of Elections Canada.

UPDATE: Removed in accordance with May 2 deletion requirement. ENDUPDATE

In general Elections Canada could use some major website and social media help.

That would move youth turnout a lot more than online voting.

Note to self: Apparently I am to make these icons disappear after May 2, 2011.

* You are hereby granted a limited license to reproduce and display the promotional icons on your website for purposes of providing information to the public about the current general election by offering a link to Elections Canada's web site;
* The rights granted herein are for a limited term ending on May 2, 2011;
* You must reproduce the promotional icons in the format and in the color displayed herein and you may not modify, alter or adapt the promotional icons or any part of them;
* You will acquire no right or interest in the promotional icons or the copyright therein, except for the limited license granted herein; and
* You must indicate to the public that the reproduction is a copy of the promotional icons that are published by Elections Canada and that the reproduction has not been produced in affiliation with, or with the endorsement of Elections Canada.

Labels: elections canada

They do exactly what people have told them to.

Like say a former computer programmer.
Who counts the vote on a stand-alone computer. In her office.
And discovers over 7500 extra votes due to a spreadsheet copy error.

Is this kind of farce how you want to run elections?

Waukesha County Clerk Kathy Nickolaus' decision to go it alone in how she collects and maintains election results has some county officials raising a red flag about the integrity of the system.

Nickolaus said she decided to take the election data collection and storage system off the county's computer network - and keep it on stand-alone personal computers accessible only in her office - for security reasons.

"What it gave me was good security of the elections from start to finish, without the ability of someone unauthorized to be involved," she said.

Nonetheless, Director of Administration Norman A. Cummings said because Nickolaus has kept them out of the loop, the county's information technology specialists have not been able to verify Nickolaus' claim that the system is secure from failure.

...

In March, Nickolaus said, she moved the data off that server and into her own stand-alone system. She has a backup on a second computer, she said. In addition, she said, as she programs for elections, she does frequent backups during the day.

Nickolaus said she was a programmer for 15 years before becoming county clerk. And she said her staff knows how to operate the system, so "if I get hit by a bus, this election is going to run just fine."

from August 13, 2010 Journal Sentinel - Officials dispute reliability of Waukesha County clerk's election data system

and what happened in 2011?

David Prosser gained 7,582 votes in Waukesha County, after a major counting error of Brookfield results was detected, County Clerk Kathy Nickolaus announced in a stunning development this afternoon.

Nickolaus says the reason for the big change is that data transmitted from the City of Brookfield was imported but that she failed to save those results to the database. Brookfield cast 14,315 votes on April 5 -- 10,859 of those votes went to Prosser and 3,456 went to JoAnne Kloppenburg.

"The purpose of the canvass is to catch these kind of mistakes," Nickolaus said. She called it human error that is "common in this process." "I apologize," Nickolaus said.

April 7, 2011 - Journal Sentinel - Prosser's huge gain comes after Waukesha County flub is caught

Now let us imagine this story told this way:
* for security purposes, the elections official has boxes containing all the votes, in her private office
* oh and she's an expert in creating ballots
* oh and she just discovered another box of ballots over there in the corner

Do you think any elections observer in the world would buy this?
But it's all done with computers, so I guess it's impossible there could be anything suspicious.

Human nature doesn't change.
And humans program computers.
And humans create the security for computers.

Computer security does not exist in the abstract. Computers do not defend themselves or program themselves. But somehow people think it is a realm beyond human emotion and failings. In the end it's systems created by humans, used by humans, that have to resist threats from humans.

This is what happens when you vote over the Internet:
* Someone with some credentials they got somewhere votes. Hopefully it's you, with your rightful credentials. But it could be anyone who gained valid credentials, anywhere in the world.
* These credentials are used to vote. This involves your computer, full of hundreds of competing programs created by fallible humans, interacting with a website created by humans, over a network built managed and run by humans.
* The vote... or at least a vote, lands on a server... somewhere, a server running thousands of pieces of human-created software. A server installed, controlled, and managed by humans.

So the good news is, as long as you can absolutely trust every one of the thousands of people involved in that chain, and all of the one billion people on the Internet can't outsmart their security, then your vote is fine.

And the above is all if it's done WELL, not if it's some bogus "the counting computer is in my back closet" ridiculously compromised chain of custody.

Or alternatively, you could set things up so local people from competing political parties are watching one another, mark the votes on paper, watch the ballot box containing the votes, and count all the votes in public. In minutes (for a Canadian election).

So your choice is:
1. If you trust everyone who has ever created or maintained any device or software in the chain from your keyboard to the vote-counting server, and everyone with access to the server room, and everyone else in the world who is on the Internet, then Internet voting is a great choice.
2. If you trust people from your neighbourhood who have the very human motivation of competing interests, with a process that is visible to you end-to-end, and immediate local consequences if fraud is found, then you might want to vote on paper instead.

We are very very good at understanding voting risk scenarios in the physical world. We are very very bad at understanding risk in the digital world.

Where would you rather have your voting taking place?

Labels: electronic voting