If it feels good, do it! – Oh! No! Canada!

A couple of years ago we posted: Damn the science; Damn the integrity; If it feels good do it. Based on the theory that if voters like Internet voting and nobody has recognized a problem, it should be implemented, no matter what the cost, no matter what risks identified by experts. The voting version of unhealthy living, If it tastes good, eat it!. Technically know as common sense, that works sometimes, and at other times brings us other commons sense ideas like the earth revolving around the sun.

Our neighbors up to the north in Warterloo and Edmonton are using that common sense to justify Internet Voting:

From the Waterloo Record: Waterloo to look into online municipal election voting <read>

WATERLOO — The City of Waterloo will investigate using online and telephone voting for the 2014 municipal elections.

Council went against the best informed person it had at the table and voted Monday to look into internet and telephone voting for the 2014 municipal election. The city will seek proposals from companies with voting technology, and wants the cities of Cambridge and Kitchener to consider using it as well.

Coun. Jeff Henry grew up in Markham which has used internet voting for several years and also been part of University of Waterloo student elections where electronic voting was used.

“My skepticism comes with knowledge,” Henry said.

He raised issues with security and democracy, similar to concerns expressed by Kitchener politicians when they debated the idea. For more than a year the city studied the process and found issues with security, cost, democracy and guideline issues.

I think this is a great idea,” Coun. Karen Scian said. “I think if we can figure out how to do it securely and figure out how to engage more people to vote and make it easier for people to vote then the whole community benefits.

Tim Jackson, a member of the Barnraisers council, urged councillors to take the jump, earning himself a spot on a committee that will review the request for proposals.

“As the most intelligent community in the world it’s almost a given that we should be embracing the concept of electronic voting,” Jackson said.

City clerk Susan Greatrix said it is expected online voting would add costs to the election process.

“I don’t anticipate there would be a reduction in election costs,” Greatrix said. “It would be much more expensive than traditional voting.”

Kitchener’s last election cost about $400,000. Adding online voting could add more than $300,000 to those costs.

Coun. Henry and Coun. Scott Witmer voted against the idea, but the proposal passed.

Nothing has been decided on which voting method will be used. That decision is expected later this year when staff have evaluated proposals on the idea.

Edmonton Journal: Internet voting option proposed for Edmonton civic election <read>

Edmonton should allow Internet voting for advance and special ballots in next October’s civic election, a report released Thursday recommends.

The proposal, following more than a year of study that included a test “jelly bean election” and the verdict of a citizen jury, would make Edmonton the first western Canadian city where candidates can be chosen online…

But the province and the 17-member citizen jury suggested allowing anyone who wants to take part in the advanced poll, starting almost two weeks before the Oct. 20 election, to register and pick their candidates online.

There were about 6,000 advanced votes in the last election out of a total 199,000 ballots cast, a turnout of 33 per cent.

“We wanted to honour the citizen jury process, and the citizen jury told us they wanted to have at least 10 days of voting,” Sinclair said.

“I guess from everyone’s perspective it’s a voting option. We want to make sure there are no barriers.”

Checks done by an outside company during last fall’s jelly bean election, which asked people to select their favourite candy colours, food and other preferences, showed the system is secure from hackers, the report said.

To ensure the process isn’t rigged, at least four out of seven members of an electoral board must produce their digital key cards and passwords to open or close the ballot box, and recounts are possible.

“Because we demonstrated it was safe and secure, the province is OK with us proceeding,” Sinclair said…

An online city survey done last fall showed three-quarters of the 400 respondents agree Edmonton should provide the option of Internet voting.

More than nine out of 10 people who opposed it were concerned about security.

We commented on  the Edmonton system as part of a final exam for the Coursera course, Securing Digital Democracy. Since the course is complete and all exams graded, I can provide my answer:

1.         Threat – Imposter Sites

Someone could create a site that could easily be confused with the actual site, act like that site to provide information, register voters and accept their votes, then act like the voter to register that voter and vote on the actual Edmonton system. Reference the following FAQ:

23. How can I verify that I am accessing the actual voting system(no phishing)?

When accessing the voting system, ensure that you are accessing the following website:  https://internetvoting.edmomton.ca. The voting system website will have the ‘s’ following ‘http’ indicating that the connection is encrypted and secure

1) The FAQ highlights how important it is to interact with the system through a specific URL starting with ‘https’. 2) Yet, the FAQ page itself is an ‘http’ not a ‘https’ page so that it is itself not protected and could be intercepted, to lead the unsuspecting voter to a fake site for instruction, registration, and voting. 3) This version of the FAQ above is actually a fake with the city name in the URL changed, to lead the unsuspecting voter to a criminal relay site.

2.         Threat – Coercion

A coercer could watch a voter vote under threat. One way to reduce that threat would be provide the opportunity for a voter to subsequently vote again and have that vote count, not the observed coerced vote, however, this system only allows one vote, according this FAQ:

28. Once a vote has been cast, can it be changed?

No. Once a vote has been cast [i.e. you confirm your vote] it cannot be changed. This process is the same as dropping the ballot into the ballot box in a traditional paper-based election, ensuring complete voter anonymity and secrecy of the ballot.

Ironically, this attribute which facilitates coercion is touted as related to protecting secrecy.

3.         Threat – Malware, Client Side Attack

The system provides for use of a variety of browsers and operating systems, including older windows versions, XP, and Vista, initial versions of which were subject to many security issues. Perhaps we need to ask more questions: What precautions or methods are employed to prevent or recognize client side attacks?  What testing on each browser/operating system combination? Was there any open-ended testing? If so, who performed that testing? What were the results?

I am skeptical that there is any awareness of such client side or other threats. None of the FAQs address the possibility of client side or server side threats. The whole thrust of the test is voter satisfaction, not on assessing the security of the test. The public test makes no mention of testing security, makes no offer to the public to attempt to break the system, there is no guarantee that anyone successfully compromising the test will be exempt from civil or criminal penalties. This view is reinforced by noting that the research team associated with the project includes several professors of political science but none with apparent expertise in computer science, security or related fields.


Leave a Reply

You must be logged in to post a comment.