Online voting vendor, Scytl’s system worries experts in Canada

Last October, former University mascot and news reporter, West Virginia Secretary of State, Virginia Tennant came to Connecticut to tout her pilot online voting project, yet to be endorsed by her state for further use. Later we saw her endorse that system on NPR along with a vendor executive from Scytl. Her wild west claims of being ambushed in Connecticut and down home wild west getup shown on NPR had resonance with some.

Cutting through the chaff and technical jargon. Online voting is not safe according to experts and experience. Now we have a new problem for online voting, simple denial of service attacks (DOS) experienced in a Canadian election.

From the Halifax Herold: NDP vote disruption worries experts – E-voting found to be open to problems <read>

Although many people are attached at the hip to their laptops, few are conversant in software coding and even fewer are familiar with heavy encryption.

Combine computers with the intricacies of elections, and that leaves only a handful of specialists worldwide who can claim to understand online voting.

Questions about e-voting were raised after the NDP leadership convention was disrupted by a cyber attack.

Not all of them have been answered satisfactorily, say software experts, despite reassurances from Scytl, the software company that handled the NDP election process, and from Halifax Regional Municipality, which has committed to use the company’s services in October’s municipal election.

“Multibillion-dollar (software developers) like Windows, you know, Microsoft . . . can’t have their software bug-free. So I don’t think Scytl is able to do that,” said Daniel Sokolov, a Halifax information technology expert.

Sokolov has examined several European elections that used e-voting and found at least three with troubling results.

One problem with online voting software is its complexity, he said, explaining no municipality could hope to vet hundreds of thousands of lines of computer code.

“It’s a farce. It’s a joke,” said Sokolov. “You need a big team of people to do that, and it’ll take years.”

Other problems include the challenge of auditing votes and vote tallies after the fact, the risk posed by cyber attacks and — perhaps the biggest issue — the difficulty of ensuring secret ballots, said Sokolov and other computer experts who spoke to The Chronicle Herald.

The vendor and Government provides a defense:

Some of these concerns have been tackled by Halifax Regional Municipality more thoroughly than critics imagine, said municipal clerk Cathy Mellett, who noted that 25 per cent of voters chose to vote electronically in the 2008 municipal election.

Mellett said the city will use a third-party auditor, most likely Ernst &Young, which will hire software experts to look over Scytl’s code.

Mellett said the city is committed to Scytl, after it successfully completed a 60-day testing window earlier this month.

Mellett also listed two other safeguards designed to ensure Scytl’s soundness.

First, although it does not open its coding to the public, citing trade secrets, it has opened it a few times to clients for advanced examination, said Mellett.

Unfortunately, no auditor, not matter how prestigious can audit a system without records showing how voters actually voted on their own computer screens.  And as was clear in the Connecticut Symposium Scytl has never agreed to let experts evaluate and publicly report on their code.


Leave a Reply

You must be logged in to post a comment.