Last weekend’s NDP leadership vote was the target of a “deliberate large-scale Distributed Denial of Service attack that attempted to deny NDP members access to the online balloting system,” says a press released issued Tuesday by Scytl, the company hired to conduct the e-voting.
Scytl is a Barcelona, Spain-headquartered company, and the largest e-voting firm in the world. It recently entered the North American market via its Toronto-based Scytl Canada subsidiary, and has been hired by the city of Halifax to conduct the e-voting portion of the October municipal elections.
Scytl’s press release says that the attack came via 10,000 unique IP addresses. By Wednesday, when The Coast spoke with Scyltl Canada general manager Susan Crutchlow, that number had been increased to 15,000. It seems unlikely that 15,000 people were involved in the attack, agrees Crutchlow; “you’re probably good to assume it was a virus.”
Both Crutchlow and Halifax municipal clerk Cathy Mellet are quick to defend Scytl’s e-voting system. “This is the first time a Denial of Service attack has ever happened in an election,” Crutchlow tells The Coast. “And the attack did not compromise the integrity of the election.” Voting was delayed up to three hours, however.
“The electronic portion of our election is spread over 13 days,” Mellet tells The Coast. “So it’s unlikely we’ll face the kind of problems the NDP saw.” Moreover, the e-voting ends 36 hours before in-person polling stations open, she adds, giving time for problems to be worked out.
Scytl was awarded a $553,000 contract for the Halifax election in January, beating out Dartmouth firm Intelivote. An eight-week Proof of Contract test was completed successfully on March 16, says Mellet.
This article appears in Mar 22-28, 2012.
Fundamental misunderstanding of botnets and DDOS attacks.
Any bets on whether or not it was an angry Intelivote behind it?
j.h. : Speaking as someone with a family member working at Intelivote, that’s basically preposterous.
But while we’re conspiratheorizing, how about the Conservative Party of Canada? What were they doing this weekend?
Why doesn’t the NDP tell us if the computers were inside or outside Canada ? They know the IP addresses so I presume they know the origin of many of the DNS.
Why so secret ? Playing politics ??
Whatever the benefits of electronic online voting, I’m uncomfortable with it. Any voting system can be tampered with, it’s true, but tampering with an electronic online voting system leaves no paper trail. I’d prefer to stick with a piece of paper marked with an “X” and placed in a box. It’s low tech but I have a high level of confidence in the integrity of the system. I carry on a lot of financial business online but that’s different. If my bank or broker screws something up, I know about it. If my electronic vote gets or counted in the wrong column, how would anyone ever know?
As far as the recent problems with the NDP online voting, the situation should be investigated by the authorities but I don’t know how successful they would be in finding and prosecuting the perpetrators.
However, I do think that the widening investigation into the vote suppression “robocall” incidents during the last federal election will bear some fruit if Elections Canada pursues these cases with zeal one would expect from the body which is supposed to protect the integrity of the electoral process which underpins our democratic system.
Legal challenges have been launched in some of the ridings where this illegal election-tampering took place and some results may end up being thrown out. In many of these ridings the vote spread between the winning candidate and the second place finisher was relatively small. It isn’t hard to see that placing robocalls to a few hundred of your opponent’s known supporters and directing them to a fictitious voting location could mean the difference between winning and losing.
Whichever political party one supports, it is in the interest of all citizens to vigorously protect the integrity of our electoral system.
Not hard to understand why they had 10,000 plus uninvited visits to the voting system….a great big button on their NDP website saying, “CLICK HERE TO VOTE”….hard for anyone to not want to give it a try.
For those who have 100% confidence in electronic voting, I recommend the documentary film “Hacking Democracy” which investigated electronic voting in the 2000 and 2004 U.S. elections.
Among other problems discovered with electronic voting systems, the film included segments which demonstrated how electronic voting machines can be hacked in a variety of ways. One hack in particular by Finnish security expert Harri Hursti left no evidence that the vote counts had been tampered with.
The claims of infallibility made by the companies which provide these machines and the government bureaucrats who promote their use need to be balanced against the demonstrated flaws that a number of independent computer security experts have uncovered.
If anyone doubts that the electoral process in a country like Canada could be put at risk by illegal tampering with voting machine technology, the widening investigation into illegal vote suppression during the May 2011 federal election should serve as a wake-up call.
So HRM is outsourcing the local election to a spanish company saying it is cheaper…..that same spanish company then botchs the NDP leadership election…and claims it was attacked. As the largest evoting company in the world (or so they claim, they are actually an internet security company…which is even more suspect) should they not be prepared for this eventuality??
So now HRM is sticking by them……they can’t handle a small internal party election, how can they handle our election.
A local company did it last time….they got under bid. The company who under bid them proves they can’t handle a smaller job…..and HRM stands by their decision to use them anyway.
so when the local election goes pear shaped, and HRM is to blame….you had your chance to go with a company who is local and who is proven….good job guys.
There really is a much bigger story here, Tim, and I hope that at some near-future point in time you will look into it.
Both Scyltl Canada general manager Susan Crutchlow and Halifax municipal clerk Cathy Mellet defended the integrity of Scyltl’s e-voting system, but in the face of an obvious failure during the NDP leadership vote it’s hard to give their opinions much credence.
I’d also like to know exactly what is involved in a “Proof of Contract” test. As is pointed out in the film “Hacking Democracy”, e-voting systems are proprietary. The software is secret and under most contractual terms it is illegal for municipal officials to physically examine the inner workings of any machine or computer code involved in such systems. I know that Halifax has not progressed to utilizing e-voting machines, as such, but the criticism applies equally to proprietary computer code. To what kind of testing was Scyltl’s e-voting system subjected to by HRM staff? In other jurisdictions, it was found that Diebold Corporation, one of the largest vendors of e-voting software and equipment, had misled local election officials as to the security of their proprietary e-voting systems, and those local election officials in turn defended Diebold in what can only be described as a bureaucratic “cover your ass” operation of large proportions. Assurances of system integrity from corporate and municipal staff don’t give me much comfort in view of the problems experienced in other jurisdictions.
There are those who believe a greater reliance on e-voting might improve voter turnout and therefore be of some benefit to the functioning of our democratic system. Perhaps before we place the integrity of our electoral system in the hands of corporate entities whose technology is proprietary and therefore legally protected from scrutiny, maybe we, as concerned citizens, should ask whether this hypothetical benefit (yet to be demonstrated) is worth the risk of having our electoral process be even further removed from public scrutiny along with the very real possibility that elections could be electronically “rigged” with no evidence of the crime left behind.
In the aftermath of the attack on the voting process during the recent
NDP convention one question has not been asked that has to be as we go
into this year’s municipal elections. Do we need electronic voting?
I firmly believe that we do not.
We have a system of counting votes that works already and is immune to
cyber attack. It is perfectly transparent, unlike e-voting and can be
easily explained, whereas to understand what is happening with
e-voting, one would need to have access to and an understanding of the
coding system of the company doing the counting and that is protected
by intellectual property laws and not for public knowledge. This
alone should disqualify e-voting as a means of choosing our
governments. The most important thing about an election is that it is transparent.
That it can be understood and scrutinized by the people. Only then can the
results be trusted.
The way the vote is counted now is publicly operated with a cross
section of the public hired to count the votes.Tthe candidates also have the option to appoint representatives to oversee the count and verifying the mark
on a paper ballot.
To make it even clearer, here is the process of counting votes once
the polls close on election day. I have worked as a deputy returning
officer and a poll clerk through many elections and this is how it is
done. At the end of voting, the doors are locked. The Poll Clerk and
DRO, in the presence of reps from the candidates, empty the box and
show each ballot to the reps. Everyone makes a tally. When the
tallying is done, it is added up, everyone knows what is going on, the
results are phoned in. If it is very close, the count is done again
and if a recount is needed, a judge can inspect each and every paper
ballot and then make a final decision. Hundreds of citizens overseeing
and taking part in the electoral process like that is far better than
hiring one private company to count our votes electronically.
Some will say that e-voting is needed because voter turn out is so low
as to affect the legitimacy of elections. To that I say stripping
away transparency is a far greater threat to the legitimacy of
elections. I do not believe that e-voting will make people more
interested in politics.
-Dusty Keleher