It’s been several weeks since I revealed evidence that the online voting in last fall’s municipal elections in Halifax was not secure. Now I’m starting to wonder, does anyone care? How many people care about defending our most basic pillar of democracy---our elections?
I obtained the damning documents through an Access to Information request to the Canadian Cyber Incident Response Centre (CCIRC) of Public Safety Canada—the federal government agency charged with helping ensure internet safety. Although the documents were heavily censored, they made clear that right up until the day before online voting began on October 6, 2012, an outside security researcher, the CCIRC, the election software vendor (Scytl) and the Halifax Regional Municipality Elections Office were grappling with a myriad of security vulnerabilities.
The documents also made clear that, at the time online voting began, only “some” of those security holes had been in part “mitigated.” Some of the problems, evidently, were never addressed.
HRM didn’t inform the public about any of this. I asked the CCIRC, Scytl and the city to provide evidence that the security problems were solved and the online votes were securely, correctly recorded. The CCIRC and Scytl declined to answer questions, and the city merely provided a report by Ernst & Young.
Unfortunately, from a technical standpoint, that Ernst & Young report was not a security audit, it was a user test. Basically, the city had asked Ernst & Young to confirm that the election software was functioning, but not to investigate how easily the system could be hacked or circumvented. It was like testing to make sure your computer could surf the internet, but not to see if your computer was protected against hackers or viruses. So, any reassurances derived from that report are deeply misplaced.
I posted a video showing the CCIRC documents (see robwipond.com) and went on CBC radio to discuss the issues. To this point, I’ve been deeply dismayed by the dismissive responses. Representatives from Scytl and HRM went on CBC later and said all my concerns were absurdly hypothetical and that I couldn’t prove that the online votes were stolen. What a ridiculous proposition! It’s not up to a member of the public to prove an election was stolen---it’s our elections office’s responsibility to be able to provide reliable evidence our elections *weren’t* stolen.
After all, if I’d expressed similar concerns about the paper ballot votes, HRM could have pointed to lists of people who were present in the polling booths authenticating the propriety of the voting processes, to audited trails accounting for the movements of all the filled ballot boxes and to counting processes with independent witnesses present. In principle, I could even go see and count those ballots one-by-one myself.
HRM’s dismissals prompted independent security researcher Kevin McArthur, also a board member of the Canadian Internet Registration Authority, to identify himself and release more evidence. These documents now make clear that the vote.halifax.ca website was open to being spoofed, that “man in the middle” attacks could intercept voter IDs and pass keys and flip votes and that a malicious actor positioned at any important internet node (say, working at a major Halifax internet service provider) could have engaged in nefarious actions. And all of this could have happened undetected. The HRM voting instructions did not even instruct voters to be sure they were using a secure HTTPS website!
Furthermore, these are merely the vulnerabilities which McArthur at this time feels he is legally allowed to disclose.
If election officials have evidence all the security problems were effectively resolved before the online voting got underway, why aren’t they sharing that evidence publicly?
A recount of the paper ballots in a close riding occurred. But was that recount fair? If as an independent witness you’d made the very reasonable request that the online votes---which accounted for the majority of votes---be recounted as well, what would’ve happened? The HRM Elections Office would’ve provided the same vaguely dismissive reassurances with which they responded to my concerns. That’s because, in any recount, unlike re-examining each paper ballot individually and then adding them all up again, the online vote records can only be taken at face value since there are no other records to compare them against.
The complex challenges of trying to achieve internet security raise a broader issue: Do we want to have elections where we have to simply “trust” that they were free and fair because our government tells us so? Or do we want to have elections where any citizen can easily review, understand and verify that the election proceeded in a free and fair manner?
We can’t say for a fact that Halifax elections were stolen, or that all those online votes were incorrectly recorded. However, it’s evident that the online voting was tremendously insecure. Last fall’s Halifax elections cannot be reasonably, objectively validated as accurate. And our government and elections office were not, and are not being forthright with the public about any of this. That to me sounds like our democracy has been stolen. Are we going to do anything about it?