Internet Voting in Canadian Federal Elections

[segnosaur]

What would be the worst case scenario?

How about:

Due to a software bug, votes are not properly counted. This happened with electronic voting machines in the U.S., when in one district, roughly 18000 votes were lost, in a race that was decided by less than 1000 votes.. And unlike a paper copy, where votes can be recounted, it may be impossible to retrieve the lost votes.

How about:

The system is hacked, (example: through a bot net to simulate false votes, or though software installed directly on a server), allowing the hacker to give victory to the wrong candidate. A group of security experts demonstrated it was possible to do in the Estonian voting system.

How about:

The system crashes on voting day, either through bad planning or a denial-of-service attack. This happened during the Arizona primaries a few elections ago. (And before you claim "Oh we just have to plan it better"... guess what... the computer field doesn't work that way. It is impossible to test something like a voting system prior to voting day to ensure it doesn't crash because of the nature of the application.)

How about:

A disgruntled government employee or private contractor decides to sabotage the results some how... erasing database tables at a critical moment, inserting computer code to change voting results, etc., . (Internal sabotage is actually one of the biggest security risks.)

How about:

People attempt to vote electronically, but find that the voting system is incompatible with their computer. (And since this is a system that is only run once every 4 years, its not like an individual user will test it before hand.) This happened in the previously-mentioned Arizona primary,. I work in the computer field... one aspect of my job is to make sure software I develop works on as many systems as possible. It is not an easy job,

Do you do online banking, online research instead of heading down to the library?

Usually on-line banking or online research is not time critical. (There have been times that my bank's internet system was down for maintenance for a couple of hours. However, I was able to sign on the following day. I suspect most personal banking transactions are the same way.) On the other hand, voting systems are time-critical, since people won't have the ability to just "come back tomorrow".

[WestCoastRunner]

How about:

Due to a software bug, votes are not properly counted. This happened with electronic voting machines in the U.S., when in one district, roughly 18000 votes were lost, in a race that was decided by less than 1000 votes.. And unlike a paper copy, where votes can be recounted, it may be impossible to retrieve the lost votes.

How about:

The system is hacked, (example: through a bot net to simulate false votes, or though software installed directly on a server), allowing the hacker to give victory to the wrong candidate. A group of security experts demonstrated it was possible to do in the Estonian voting system.

How about:

The system crashes on voting day, either through bad planning or a denial-of-service attack. This happened during the Arizona primaries a few elections ago. (And before you claim "Oh we just have to plan it better"... guess what... the computer field doesn't work that way. It is impossible to test something like a voting system prior to voting day to ensure it doesn't crash because of the nature of the application.)

How about:

A disgruntled government employee or private contractor decides to sabotage the results some how... erasing database tables at a critical moment, inserting computer code to change voting results, etc., . (Internal sabotage is actually one of the biggest security risks.)

How about:

People attempt to vote electronically, but find that the voting system is incompatible with their computer. (And since this is a system that is only run once every 4 years, its not like an individual user will test it before hand.) This happened in the previously-mentioned Arizona primary,. I work in the computer field... one aspect of my job is to make sure software I develop works on as many systems as possible. It is not an easy job,

Usually on-line banking or online research is not time critical. (There have been times that my bank's internet system was down for maintenance for a couple of hours. However, I was able to sign on the following day. I suspect most personal banking transactions are the same way.) On the other hand, voting systems are time-critical, since people won't have the ability to just "come back tomorrow".

Further paranoia.

[Big Guy]

... On the other hand, voting systems are time-critical, since people won't have the ability to just "come back tomorrow".

They will if they can vote from home the day before - or any other day after the writ is dropped.

The average time is about 2 months so any voters would have a chance to figure out the problems BEFORE the last day.

Edited May 17, 2016 by Big Guy

[Smallc]

Not according to this RBC online banking sign up page:

https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=HT&REQUEST=IBOnlineEnrollLink&LANGUAGE=ENGLISH&SPAGE=onlinenav1e

Online banking is not very secure unless it uses real time authentication.

To get a client card, you had to go to a branch. To get a credit card, you almost certainly had to talk to someone at some point.

[WestCoastRunner]

To get a client card, you had to go to a branch. To get a credit card, you almost certainly had to talk to someone at some point.

You don't need a credit card for online banking.

[segnosaur]

Internet voting would allow anyone to vote at any time during the time between when the writ is dropped (the campaign starts) and the last day to vote - election day. If you use the last election as an example, the writ was dropped on Aug 2 and the last day was Oct 19. Everyone had about 100 days to vote.

There are various reasons why the government would want to restrict internet voting to only the day of the election... restrictions on political ads that take place on election day, for example. (We allow advanced polling because the number of people is relatively small and they would not be able to vote otherwise.)

Not only that, even if they did allow advanced internet voting most people will still wait until election day. This means that even if the voting system can handle the capacity of the advanced polls, it may still crash on voting day.

[bush_cheney2004]

To get a client card, you had to go to a branch. To get a credit card, you almost certainly had to talk to someone at some point.

No way....those days are long gone. People get bank credit card applications all the time...even online...no face time required. Even dogs have gotten them.

Edited May 17, 2016 by bush_cheney2004

[Smallc]

No way....those days are long gone. People get bank credit card applications all the time...even online...no face time required. Even dogs have gotten them.

If you were one of the people who didn't speak to someone to apply for the card, you'll generally need to speak to someone to verify who you are at some point (activation, for example). Now that may not always be true, but that's generally been my experience.

[Smallc]

You don't need a credit card for online banking.

Follow the link he provided.

[segnosaur]

Further paranoia.

Do you actually have anything useful to contribute? Or does the depth of your expertise consist largely of empty platitudes and useless rhetoric?

I gave a list of possible flaws. In some cases, I even gave examples where those flaws were found in real live electronic votes. Do you have some sort of magic want that will automatically Canada immune from all of those flaws that have plagued other electronic voting systems?

Once again... I work in I.T. I have decades of experience doing software development, web design, database administration, and IVR work. Just this past month I had to deal with attempted security intrusions into systems my company supports. I think I have a better idea of what security risk exist than someone who's only response is to run around saying "its 2016!" and accusing others of paranoia.

[bush_cheney2004]

If you were one of the people who didn't speak to someone to apply for the card, you'll generally need to speak to someone to verify who you are at some point (activation, for example). Now that may not always be true, but that's generally been my experience.

Not true anymore...card activation is now automated upon entry of account credentials by phone.

I have personally set up online banking for other indivuals without their knowledge to take care of their affairs...after nursing home admittance...or death. The banks don't know any better.

Online voting should be much more secure than online banking to prevent fraud.

[Big Guy]

... (We allow advanced polling because the number of people is relatively small and they would not be able to vote otherwise.)

Not only that, even if they did allow advanced internet voting most people will still wait until election day. This means that even if the voting system can handle the capacity of the advanced polls, it may still crash on voting day.

You may be right but the stats disagree with you:

http://www.huffingtonpost.ca/2015/10/12/advance-voter-turnout-2015-elections-canada_n_8282676.html

More and more people are voting in advanced polls because they want to and not because they have to. You do not need a reason to vote in that (approx 2 month) period before the LAST day.

The trend of early voting is increasing exponentially because party organizers drag their fervent supporters to vote as soon as possible in case there is bad weather or if their candidate does something really stupid. I believe about 3 million voters voted early for the last election and that number is expected to double for the next one

It is only mostly those folks who have not yet made up their mind who vote on the last day.

[WestCoastRunner]

Do you actually have anything useful to contribute? Or does the depth of your expertise consist largely of empty platitudes and useless rhetoric?

I gave a list of possible flaws. In some cases, I even gave examples where those flaws were found in real live electronic votes. Do you have some sort of magic want that will automatically Canada immune from all of those flaws that have plagued other electronic voting systems?

Once again... I work in I.T. I have decades of experience doing software development, web design, database administration, and IVR work. Just this past month I had to deal with attempted security intrusions into systems my company supports. I think I have a better idea of what security risk exist than someone who's only response is to run around saying "its 2016!" and accusing others of paranoia.

I've been in IT longer than you were born.

[cybercoma]

An election stolen by hackers who want the vote to go a certain way? The consequences are just as severe.

That said, we could design a system that would be fairly secure as I described above but the authentication process has to involve snail mail and that will make it easier for most people to simply go to the polls.

You know it's probably easier to rig a paper election?

[cybercoma]

Not true anymore...card activation is now automated upon entry of account credentials by phone.

I have personally set up online banking for other indivuals without their knowledge to take care of their affairs...after nursing home admittance...or death. The banks don't know any better.

Online voting should be much more secure than online banking to prevent fraud.

Your American experience doesn't apply to Canadian banks.

[TimG]

You know it's probably easier to rig a paper election?

Hardly. You would need hundreds of collaborators working in multiple polling stations across the entire country. A single hacker with the right exploit could do it electronically. Edited May 17, 2016 by TimG

[cybercoma]

Hardly. You would need hundreds of collaborators working in multiple polling stations across the entire country. A single hacker with the right exploit could do it electronically.

There's a lot of ifs there.

[bush_cheney2004]

Your American experience doesn't apply to Canadian banks.

Canadian banks operate in my city, state, and country, because it does apply.

[cybercoma]

And the regulations around the way they operate in the United States doesn't apply to Canada.

[bush_cheney2004]

And the regulations around the way they operate in the United States doesn't apply to Canada.

Doesn't matter....online banking fraud is a growing problem....even in Canada.

http://www.huffingtonpost.ca/2014/03/03/bmo-customers-account-emptied_n_4888617.html

Online banking is a poor security model to prevent internet voting fraud.

Edited May 17, 2016 by bush_cheney2004

[Moonlight Graham]

The only reason there is such a thing as "election day" is because IT IS THE LAST DAY TO VOTE and it is financially easier to set up a whole bunch of locations for that day.

You are allowed to vote the day after the writ is dropped. About 20% of the population votes in advance polls because they don't feel like voting on the last day and would prefer to do it when it is a nice day.

Internet voting would allow anyone to vote at any time during the time between when the writ is dropped (the campaign starts) and the last day to vote - election day. If you use the last election as an example, the writ was dropped on Aug 2 and the last day was Oct 19. Everyone had about 100 days to vote.

Ya I guess that true.

[Big Guy]

Ya I guess that true.

Thank you for objectively considering my opinion. It is refreshing to see that some posters really are here to discuss issues, accept others' views as valid views, and not use an issue as just another excuse to hammer each other over.

It is pleasant to see yet another poster expressing their views towards the goal of seeing others views rather than being proven right or wrong. I believe that no point of view is right or wrong - it is an opinion. I do appreciate reading yours.

[Moonlight Graham]

Thank you for objectively considering my opinion. It is refreshing to see that some posters really are here to discuss issues, accept others' views as valid views, and not use an issue as just another excuse to hammer each other over.

It is pleasant to see yet another poster expressing their views towards the goal of seeing others views rather than being proven right or wrong. I believe that no point of view is right or wrong - it is an opinion. I do appreciate reading yours.

One of the primary goals of debate I think should be to put your opinions out there for criticism and feedback so that other people can point out flaws and valid opposing arguments, other perspectives etc. against your own that you can then consider in order to refine/tweak/change your arguments/opinions on issues so that your position is based on the best possible logic and most accurate facts.

It's better to admit you're wrong and change your stance so you then become right than to remain wrong because you're too stubborn & proud to admit someone else is right. Or in short, truth is more important than pride. And thanks for the kind words I enjoy reading your arguments too.

[?Impact]

Once again... I work in I.T. I have decades of experience doing software development, web design, database administration, and IVR work. Just this past month I had to deal with attempted security intrusions into systems my company supports. I think I have a better idea of what security risk exist than someone who's only response is to run around saying "its 2016!" and accusing others of paranoia.

Legacy systems have their own security risks. There is no "tried and true" solution, voter fraud has been around much longer than IT solutions. Have you hear about ballot stuffing, misuse of proxy votes, invalidation of votes, and the 1000 other problems with the legacy systems?