Category: Canada

Ottawa Event – Cyber Attack – Threats to Canadian Democracy

Public Policy Forum event Cyber Attack – Threats to Canadian Democracy
June 6, 2018 at 5pm in Ottawa

As Canada prepares for the 2019 federal election, government institutions, political parties, individual politicians and media are all on the radar of adversaries, ranging in sophistication, from hacktivists to foreign governments. Understanding the potential for attack and what organizations and individuals can do to thwart potential threats is key to ensuring the legitimacy of Canadian elections.

Speakers

The Honourable Karina Gould, Minister of Democratic Institutions

Elisabeth Dubois, Assistant Professor of Communications, University of Ottawa

Jan Neutze, Director of Cybersecurity Policy, Microsoft

Michael Pal, Assistant Professor, Faculty of Law, University of Ottawa
and Director of the Public Law Group

Moderator

Jennifer Robson, Assistant Professor, Political Management, Arthur Kroeger College,
Carleton University

Twitter list of speakers and moderator: https://twitter.com/papervote/lists/ppf-cyberthreats-2018

Bill C-76 Elections Modernization Act – changes implicating electronic voting

April 30, 2018 – 42nd Parliament, 1st Session – Bill C-76 Elections Modernization Act

The proposed changes to section 18.1:

  • a specific section 18.1(3) providing that the Chief Electoral Officer “shall develop, obtain or adapt voting technology for use by electors with a disability, and may test the technology for future use in an election”
  • in 18.1(4) the removal of the requirement that using electronic voting (“voting technology”) require the approval of the full Senate and House of Commons

It’s a bit unclear what the difference is between 18.1(2) “alternative voting process” and 18.1(3) “voting technology”.  Can an alternative voting process include new technology?  I have to assume so, particularly given how it is framed in the Chief Electoral Officer’s recommendations.  (There is no definition provided in the bill for “alternative voting process”).

In An Electoral Framework for the 21st Century: Recommendations from the Chief Electoral Officer of Canada Following the 42nd General Election, Table A—Recommendations Discussed in Chapters 1 and 2, A15. 18.1 it says “The distinction between the approval requirement for testing an electronic voting process and any other alternative voting process should be removed”.

Proposed Changes

2014, c. 12, s. 8
15 Sections 18.‍01 and 18.‍1 of the Act are replaced by the following:
International cooperation
18.‍01 The Chief Electoral Officer may provide assistance and cooperation in electoral matters to electoral agencies in other countries or to international organizations.
Voting studies
18.‍1 (1) The Chief Electoral Officer may carry out studies on voting, including studies respecting alternative voting means.
Alternative voting
(2) The Chief Electoral Officer may devise and test an alternative voting process for future use in an election.
Voting technology — electors with a disability
(3) The Chief Electoral Officer shall develop, obtain or adapt voting technology for use by electors with a disability, and may test the technology for future use in an election.
Prior approval
(4) Neither an alternative voting process nor voting technology tested under subsection (2) or (3) may be used in an election without the prior approval of the committees of the Senate and of the House of Commons that normally consider electoral matters.

Existing Text

Clause 15: Existing text of sections 18.‍01 and 18.‍1:
18.‍01 The Chief Electoral Officer may, at the Governor in Council’s request, provide assistance and cooperation in electoral matters to electoral agencies in other countries or to international organizations.
18.‍1 The Chief Electoral Officer may carry out studies on voting, including studies respecting alternative voting processes, and may devise and test an alternative voting process for future use in a general election or a by-election. Such a process may not be used for an official vote without the prior approval of the committees of the Senate and of the House of Commons that normally consider electoral matters or, in the case of an alternative electronic voting process, without the prior approval of the Senate and the House of Commons.

Canadian reports recommending against Internet voting

Internet voting has been studied.  Again and again.  Any time there is a comprehensive study, it recommends against online voting.

Here are the Canadian federal and provincial reports:

  • New Brunswick (A pathway to an inclusive democracy) – 2017
  • Government of Canada (Strengthening Democracy In Canada: Principles, Process And Public Engagement For Electoral Reform) – 2016
  • Prince Edward Island (Considerations for Applying E-Voting Options [Internet voting] in Canadian Public Elections – Independent Technical Panel on Voting Integrity) – 2016
  • British Columbia (Independent Panel on Internet Voting) – 2014
  • Ontario (Alternative Voting Technologies Report) – 2013
  • Nova Scotia (Internet and Telephone Voting in Nova Scotia) – 2012
  • Quebec (Evaluation Report of the New Methods of Voting that were Used during the Municipal Elections of November 2005 / Élections municipales de novembre 2005 : Rapport d’évaluation des nouveaux mécanismes de votation) – 2006

I can’t list every municipality, but here are a few municipal reports as well:

  • Toronto (EX20.5 – Changes to the Municipal Elections Act and Related Matters Impacting the 2018 Election – Part B – Voting Technology) – 2016
  • Waterloo (CORP2016-105 Alternative Voting Methods (Internet Voting)) – 2016

I don’t know how many times you have to study the exact same thing, year after year, decade after decade, before you eventually agree with the conclusion that we should not implement Internet voting.  Apparently many times.

It is very unfortunate that both Ontario and Nova Scotia, having investigated and rejected Internet voting at the provincial level, have left it to individual municipalities to decide whether to adopt Internet voting municipally, without any briefing or guidance or standards.  Basically municipalities are left to google and decide.  If the provinces had set even basic requirements, such as an independent public security test of all Internet voting systems, things would have gone very differently.  (If you think having independent public security tests of the systems would have too much risk, it’s worth mentioning that even the US Department of Defence has an official “Hack the Pentagon” initiative.)

Canadian reports on election security and misinformation

Government of Canada

Academia

PEI 2016 Plebiscite Voting Integrity Audit Report recommends against federal and provincial Internet voting

Prince Edward Island (PEI) – 2016 Plebiscite on Democratic Renewal – Voting Integrity Audit Report – from the Independent Technical Panel on Voting Integrity (ITPVI) – November 30, 2016

This report is Section 3 Appendix in the 2016 Annual Report of the Chief Electoral Officer of PEI  (PDF), starting on page 35.

Section 11 of the Voting Integrity Audit Report is Considerations for Applying E-Voting Options [Internet voting] in Canadian Public Elections.

The report recommends against Internet voting at the federal and provincial levels, except for absentee voters.

There is a need to maintain an acute level of awareness of the risks to electoral integrity that these new voting methods present. The implications of a breach of the public trust that exists today suggests strongly that internet and telephone voting in Canadian provincial and federal parliamentary elections be considered channels that should be limited to use only by absentee voters for the immediate foreseeable future. …

It is important that leaders in Canadian electoral administration manage public expectations and articulate their concerns about the fact that a perfectly secure and fool-proof electronic voting system does not yet exist.

This recommendation was picked up in the news media, e.g. CBC News PEI – Online voting not ready for federal, provincial election: officials – May 4, 2017.

The group concluded a high-stakes provincial or federal election could attract groups looking to intervene in illicit ways through cyber-attacks, hacking or other means.

The report also does an excellent job of showing the “additional risks and controls associated with online electronic voting” [Internet voting]. These include (highlighting by me):

1. Trusted digital voter identification and authentication is a requisite additional control. An irrefutable digital identity is the first safeguard in ensuring that eligible voters can vote (and can vote only once), and in ensuring that ineligible voters are not permitted to vote. Establishing this identity with a robust ‘shared secret’ is a mandatory prerequisite.

2. The onus is on the buyers, designers, developers, maintainers and operators of any electronic voting system to demonstrate rigor in the specifications, certifications, accreditations, testing and operation of the e-voting system to ensure it is able to mitigate the full range of risks to a reasonable and acceptable level. This has to be achieved to a level of satisfaction regarding both hardware and software risk mitigation. The remaining level of risk needs to be accepted by all stakeholders.

3. With the elimination of the controls that were previously implemented in manually controlled voting processes (refer Appendix ‘G’: Controls C1 – C5), traditional risks are not as fully mitigated as before. In fact, the following risks are difficult to mitigate in any meaningful way:
a. Vote buying / vote secrecy (“I’ll just take a selfie in front of my screen”)
b. Voter coercion (Unless reported, it is impossible to determine if a vote is being coerced)

4. The risk of a voter voting with stolen credentials can only be partially mitigated by effective voters list management and the implementation of a trusted digital voter identification and authentication scheme. Digital voter identification must be robust, but it must also be easily managed so as not to become a barrier to voting because it is overly complex for a voter to use as seldom as once every four years.

5. The additional risks of compromised end-user hardware or software, or a broad regional or national attack on internet infrastructure, remain unmitigated.

The report also identifies the extremely high standard to which we must hold Internet voting, as the transparency provided by conducting paper ballot voting and counting in public are lost when using completely computerized processes.  Highlighting added by me.

The onus is also completely on the online electronic voting system implementer to ensure that controls are established within the e-voting system that meet the legislative requirements of the jurisdiction, and provide an adequate level of transparency for all stakeholders. Simply depositing electronic votes into a ‘black-box’ where they are stored and counted is unlikely to meet stakeholder demands for maintaining a high level of public confidence, unlikely to publicly show that voting risks are continuing to be
managed responsibly, and unlikely to prove to candidates and political parties that the electoral process and controls continue to deliver a trusted and accurate result.

SIDEBAR on turnout:
A demonstration of the reality of Internet voting turnout was the 2016 Prince Edward Island Plebiscite on Democratic Renewal which had 10 days of online voting in addition to two days of in-person voting. Not only was the overall turnout low at 36.5%, but the turnout for ages 18-24 was the lowest of any age range, at 25.47%.

Numbers from McLeod, G. B. (2016, November 9). Interim Report of the Chief Electoral Officer for the 2016 Plebiscite on Democratic Renewal. http://www.gov.pe.ca/photos/original/elec_demrefpleb.pdf
END SIDEBAR

CSE releases report Cyber Threats to Canada’s Democratic Process

On June 16, 2017 at 10:30am, the Canadian Communications Security Establishment (CSE) released its report

Cyber Threats to Canada’s Democratic Process

Analysis to follow.

Previously:
June 15, 2017  cyber threats to Canada’s democratic process – news conference
February 1, 2017  defend Canadian electoral process from cyber threats – Minister of Democratic Institutions Mandate

June 16, 2017 – cyber threats to Canada’s democratic process – news conference

Media Advisory from the Government of Canada – Democratic Institutions

News Conference by Minister Gould on cyber threat assessment

Jump to additional background information I have provided.

Media representatives are advised that the Minister of Democratic Institutions, the Honourable Karina Gould, and the Chief of the Communications Security Establishment, Ms. Greta Bossenmaier, will be holding a news conference to discuss an assessment of cyber threats to Canada’s democratic process.

Senior officials from the Communications Security Establishment will provide an embargoed technical briefing immediately before the press conference. The technical briefing will not be for attribution.

Technical Briefing
Date: 
June 16, 2017
Time: 9:30 AM
Location: 
National Press Theatre
150 Wellington Street
Ottawa, Ontario

Journalists who wish to participate via teleconference should contact the Minister of Democratic Institutions’ Press Secretary at the number below.

All information will be embargoed until 10:30 AM on June 16, 2017.The technical briefing will not be for attribution. No cameras will be permitted.

Press Conference
Date: 
June 16, 2017
Time: 10:30 AM
Location: 
National Press Theatre
150 Wellington Street
Ottawa, Ontario

For more information (media only), please contact:
Byrne Furlong
Press Secretary
Office of the Minister of Democratic Institutions
613-943-1833

END MEDIA ADVISORY

Here is some additional information and context from me.

Election Cybersecurity

USA

In ICA 2017-01D Assessing Russian Activities and Intentions in Recent US Elections (PDF), the US intelligence community describes an influence campaign “strategy that blends covert intelligence operations — such as cyber activity — with overt efforts”.

The description is introduced with the term of art “We assess”, indicating an analytical assessment.  The US intelligence community asserts “high confidence” in the judgments related to the influence campaign.  High confidence is a term of art about confidence in sources that is defined in Annex B on Estimative Language: “High confidence generally indicates that judgments are based on high-quality information from multiple sources.”

For the technical background on the assessment, see Joint Analysis Report (JAR) JAR-16-20296A GRIZZLY STEPPE – Russian Malicious Cyber Activity (PDF)

The Netherlands, France, Germany, the UK and Australia

I am not an expert in nation-state cyber threats, so I cannot independently assess this material.

Hacking of Canadian Government is Real

Hacking of governments is a real threat.  The Canadian federal government has been successfully hacked multiple times.

above links from my blog post Canadian government departments have been hacked before

Online Voting

Canada has no online voting at the federal or provincial level, and in fact online voting has been rejected by multiple Canadian studies.

There is however online voting at the municipal level in Nova Scotia and Ontario.  With 97 municipalities using online voting in the 2014 election and potentially over 200 municipalities using online voting in the 2018 election, this is one of the largest uses of online voting in the world.  This includes some municipalities where online voting is the only option (all paper ballots have been eliminated).  There are no (none, zero) standards for provincial online voting security.  There is no guidance for decisionmaking and risk-assessment related to online voting.  Without exception, the online voting is contracted out to third-party, for-profit vendors.  The computer code and systems designs used by the vendors is confidential, and there have been no public security tests and no public examinations of the computer code used.

Online voting provably does not substantially increase turnout.  The most comprehensive study, conducted on the Ontario use of online voting, shows a maximum effect of 3% increase.

For more information see Wikipedia – Electronic Voting in Canada.  (Disclaimer: I am a substantial contributor to that Wikipedia page.)

Estonia

If you want to cite the example of Estonia (the only country in the world with national online voting), you might want to mention:

Computer Security Experts

If you want to interview computer security experts about online voting, here is a list of over a dozen with contact information, including Canadians.

Twitter

  • I tweet regularly about election security and online voting: @papervote

Detailed briefing

If you have made it all the way down here, you may also be interested in my 16-page briefing about online voting, written for the New Brunswick consultation on the topic.