Here is an edited version of an email sent to TVO about their May 17, 2017 The Agenda segment on online voting.
I was pleased to see Steve Paikin ask a variety of questions about online voting, Internet security and electoral fraud in the May 17, 2017 The Agenda segment on the topic.
There were many things we didn’t hear in the segment, such as the fact that Toronto, Kitchener and Waterloo have always rejected Internet voting, or that municipalities have to make the decision about online voting without any comprehensive background briefing about the computer security risks, or that Guelph and Orillia just rejected online voting for the 2018 elections.
We also didn’t hear about the many Canadian expert consultations and reports about online voting, consultations where unlike municipal online voting decisions, there was more time to draw on a variety of election expertise. In every such case, without exception, the recommendation is against online voting.
This includes Nova Scotia, New Brunswick, Ontario, and British Columbia, as well as the federal government.
[added for the web: recommendations on Internet voting from government consultations]
In addition, Quebec has a total moratorium on all forms of electronic voting, including online voting.
As well there is the recent expert study of the PEI referendum, which also recommended against online voting.
Just to give you a flavour of these kinds of expert assessments, here’s what Toronto had to say in its analysis http://www.toronto.ca/legdocs/mmis/2016/ex/bgrd/backgroundfile-98545.pdf
The overwhelming consensus among computer security experts is that Internet voting is fundamentally insecure and cannot be safely implemented because of security vulnerabilities inherent in the architecture and organization of both the Internet and commonly used software/hardware:
- Internet voting is extremely vulnerable to a wide range of cyber-attacks, and many of these are impossible to detect.
- Internet voting poses extraordinary and unnecessary risks to election integrity, and even a small issue—were it even detectable—could completely undermine public trust.
- Every jurisdiction whose Internet voting system has been thoroughly examined by security experts—including the long-running system in Estonia—has revealed major vulnerabilities that could allow the system to be hacked, to reverse election outcomes, or to selectively disenfranchise voters, all while going completely undetected.
- Many jurisdictions that ran Internet voting pilots—including Washington, DC, France, and Norway—cancelled the projects due to security issues.
Should you have a future segment about online voting, I urge you to include computer science expertise. Here is a list of contact information for experts specifically in the risks of online voting, including Canadian experts such as Dr. Simons and Dr. Essex:
[embedded list replaced with web link: Internet voting and computer security expertise]