Tag: Ontario

computer vote counting is a radically different trust model

Computer vote counting is a radically different trust model than a hand-counted election.

Instead of a vote counted in public by known individuals, with observers, you have a third-party for-profit vendor counting the vote in private, with testing by the election authority, but no meaningful observation.

If an elections authority proposed to pay a vendor’s employee to count votes in private, even with a complete background check of the employee, I have the feeling that not many people would go for it.

But in what is essentially the same scenario, except with the employee replaced with a “machine”, people don’t seem to have a problem.

I thought about why this might be the case, and it seems to one primary and one secondary thing.  Primary is the idea that a person has unlimited freedom of action, but a “machine” does not.  Secondary is the confusion that because the vote tabulator itself is in public, somehow the vote count is still “in public”, even though it’s taking place inside the literal black box of the tabulator.

This is I guess a 20th Century collision with 21st Century realities.  If you have an assembly line with a machine that makes pins, if you turn your back, it won’t suddenly decide to secretly make hammers.  Because the vote tabulator looks like some sort of machine, and is described usually as either “electronic” or “machine”, people think it is a single-function device.  But it’s actually a general purpose computer.  Which means that not only does it have a wide range of freedom of action, just like a human being, it can lie to you about what it is doing, just like a human being.

It would be interesting to see a polling station set up with a giant human-sized black box that the ballots go into to be counted, and see how people reacted to that.  Because there really is no difference between that and the computer vote tabulator.  Basically you’ve taken a very limited trust in known people you can watch in public, and changed it to a very extensive trust in unknown vendor employees and in the elections organisation itself operating in private.

If you have a very complicated count and very high expectations of a fast count, then there is some justification in using a vote counting computer, as long as you don’t trust the computer.  You have to audit the paper, not the computer.  You can test the computer as much as you want, it can always lie.  This is exactly what happened in the Volkswagen diesel emissions scandal, where the car’s computer could detect when it was being tested and would change its behaviour accordingly.  So when you use a computer to count paper, you have to audit the paper with a manual count (a risk-limiting audit).  Unfortunately as far as I know, no Canadian jurisdiction follows a computer ballot count with a risk-limiting audit.

In any case, Canadian federal and provincial elections are trivial to count.  You literally just sort the ballots into a few piles.  And because the count is simple it is also fast.

The Ontario provincial switch to vote counting computers is wrapped with PR about technology, but it’s actually about staffing.  (The underlying concept is literally called "Proposal for a technology-enabled staffing model for Ontario Provincial Elections".)  Basically it’s hard to get people to staff elections now, and they’re tired by the end of the day which means they are sometimes not in the best shape to do a bunch of precise counting.  There are many many ways to address elections staffing.  For example, you could simply bring in people, e.g. High School students, to do the count at the end of the day.

Addressing a staffing problem by completely changing the counting trust model wouldn’t have been my choice.  And I would assert that the only reason it’s even possible is because people don’t realise the trust model has been radically changed.

In any case, online voting is a much much worse problem that vote counting computers, so this is about all I have to say about the vote tabulators issue.

Previously:
May 11, 2018  2018 Ontario Provincial Election to use vote counting computers

2018 Ontario Provincial Election to use vote counting computers

The 2018 Ontario Provincial Election taking place on June 7, 2018 will for the first time use vote counting computers province-wide.  This replaces hand-counting of ballots.

The computer vote tabulators use optical scan technology to read hand-marked paper ballots.

This is the least-worst use of computer technology for vote counting as the hand-marked ballots are still available to be counted.  However, these are still computers that have to be programmed, which means there is always the potential for errors or malicious code.

Key Questions

Fundamentally in elections, you don’t trust anyone.  That means you don’t trust the computer vote tabulator either.  Use of computer vote tabulators introduces the following key questions:

  • Will there be a public hand-counted risk-limiting audit following every election, to test the computer count?
  • In the case of a recount, will the ballots be hand-counted under judicial supervision, or will the ballots be run through the computer vote tabulators again?  (It appears that the legislation requires a hand count of the recounts to use a manual hand-count of the paper ballots.)

The new voting procedures were launched with a May 9, 2018 press release (PDF) and accompanying media event.

Elections Ontario is modernizing the voting process and putting the needs of electors first by introducing technology in the polls. Election officials will be using electronic poll books (e -Poll books) and vote tabulators across the province for advance voting. On election day, 50% of the polls will have vote tabulators and e-Poll books … serving 90% of electors.

There was a Canadian Press story by Liam Casey, see e.g. CBC News – Ontario to use electronic voting machines for first time in spring election – May 9, 2018.

The tabulator is a Dominion Voting ImageCast® Precinct computer optical scan vote tabulator.

The history is buried in the post-event reports for two byelections that tested the technology:

It is very clear from the Proposal that the key issue is staffing; the technology is being introduced to address poll staffing issues.

Additional Questions and Considerations

Disclaimer: I am not a lawyer.

Additional questions raised by the use of computer vote counting equipment:

  • Are there provisions for erasing the digital copies of the ballots stored by the vote counting equipment? (I see no procedures described in law. Organisations often do not consider the security implications of digital copies of scans, see e.g. CBS News – Digital Photocopiers Loaded With Secrets – April 19, 2010.)
  • What are the security implications, in particular the chain-of-custody implications, of sharing computer vote counting equipment with other jurisdictions (e.g. Ontario municipalities)?  Doesn’t the risk of computer code alteration increase with each new jurisdiction that has access to the machine?
  • What are the procedures for transmitting the results of the computer count to Elections Ontario?  Is the count based on printouts from the vote tabulators, the vote tabulator memory cards, or transmission over a network?  What are the security implications of permitting the computer vote counting equipment to be connected to a network in order to transmit the count?  See e.g. Freedom to Tinker – Are voting-machine modems truly divorced from the Internet? – February 22, 2018.
  • What are the procedures for handling the vote tabulator memory cards?

In the March 22, 2018 Guelph Mercury article Ontario’s voting system secure, chief election official says the following statement is made by the Chief Electoral Officer:

“The Ontario government has hired a cybersecurity team to assist any of the ministries with private security — and we’ve been working with that team over the last year, year and a half, and they’ve been working with all of our systems,” he said.

“They’ve been doing penetration testing, vulnerability testing … to ensure that our systems are up-to-date and secure. There have been some slight alterations based on their recommendations, and we are very confident and we take security very, very seriously.

“I want to make sure that all the systems and all the personal information that we have is protected.”

  • Will these tests be made available to the public?  Including both the test procedures and the results?
  • Why doesn’t the Ontario Election Act section 4.5 (3) 3. include independent security and integrity testing for computer vote tabulators, in addition to logic and accuracy testing, as is required for accessible voting equipment in 44.1 (5)?
  • Will the independent security and integrity reports required by 44.1 (5) be made available to the public?
  • Will the machines be made available for independent expert testing, by Canadian academics who are computer security experts?
  • Will the machines be made available for independent expert testing by hackers, e.g. in DefCon Voting Village or at e.g. Canadian Hackfest?
  • As the computer vote tabulators stack ballots in sequence in a bin, in theory it is possible to de-anonymise the votes by carefully tracking voters as they cast ballots.  Is there any provision for randomising the stacked ballots in order to prevent this potential risk?

For more about what it means to change from public hand-counted ballots to ballots counted by a computer from a private for-profit company, see computer vote counting is a radically different trust model.

Governing Legislation

The governing law is the Ontario Election Act, R.S.O. 1990, c. E.6

The relevant sections, modified in 2016 (Election Statute Law Amendment Act, 2016, S.O. 2016, c. 33 – Bill 45) and in force as of January 1, 2017 are:

  • Authority to share equipment and resources – 4.0.3 (1) The Chief Electoral Officer may make equipment, advice, staff, or other resources available to other electoral authorities in Canada.
  • Use of vote counting equipment – 4.5 (1) The Chief Electoral Officer may issue a direction requiring the use of vote counting equipment during an election and modifying the voting process established by this Act to permit the use of the equipment.

Next section blockquoted due to complexity:

Restrictions re equipment

4.5 (3) The following restrictions apply with respect to the use of vote counting equipment:

1. The equipment must not be part of or connected to an electronic network, except that the equipment may be securely connected to a network after the polls close, for the purpose of transmitting information to the Chief Electoral Officer.

2. The equipment must be tested,

i. before the first elector uses the equipment to vote, and
ii. after the last elector uses the equipment to vote.

3. For the purpose of paragraph 2, testing includes, without limitation, logic and accuracy testing.

4. The equipment must not be used in a way that en­ables the choice of an elector to be made known to an election official or scrutineer.

  • Recount conducted manually – 74.1 A recount that is made from the actual ballots shall be conducted manually, even if the original count was done by vote counting equipment. 2010, c. 7, s. 31.

The only section that speaks about voting equipment security appears to apply solely to section 44.1 Accessible voting equipment

Accessible voting equipment, etc.

44.1 (1) At an election, accessible voting equipment and related vote counting equipment shall be made available in accordance with this section and in accordance with the Chief Electoral Officer’s direction under subsection (2). 2010, c. 7, s. 24 (1).

Condition

(5) Despite subsection (1), accessible voting equipment and related vote counting equipment shall not be made available unless an entity that the Chief Electoral Officer considers to be an established independent authority on the subject of voting equipment and vote counting equipment has certified that the equipment meets acceptable security and integrity standards. 2010, c. 7, s. 24 (1).

There is no analogous section under 4.5 vote counting equipment.  Disclaimer: I am not a lawyer.

2018 Ontario Provincial Election will not use Internet Voting

Following is verbatim from Elections Ontario Proposal for a technology-enabled staffing model for Ontario Provincial Elections (PDF), page 10 “Why are we not proposing internet voting?”, published sometime in 2016 or 2017.  (Also available from the Legislative Assembly of Ontario Library.)

Recognizing that many of the societal changes we have discussed have been possible because of the evolution of the internet, the questions often posed is: why, when other jurisdictions (such as Ontario municipalities) are moving toward internet voting, is Elections Ontario not exploring or proposing an internet voting solution?

Elections Ontario explored the possibility of internet voting in a comprehensive research study conducted between 2010 and 2012. Recommendations and the full analysis of the study can be found in the Alternative Voting Technologies Report available on our website. In the report Elections Ontario provides implementation criteria for networked voting, and outlines the current barriers to those criteria being met. To date, Elections Ontario has not found a networked voting solution that would protect the integrity of the electoral process.

Because of the requirement for a paper ballot, for the purposes of this pilot project the introduction of internet voting does not address our primary concern: reducing staffing requirements for a General Election. To reduce the staffing requirements for a General Election a solution that maintained a paper ballot while automating processes at the voting location was required. Internet voting may provide another channel for electors to use in the future; however, it would not itself reduce the required staff at voting locations.

Internet voting is often considered in the context of increasing voter turnout. As mentioned in the Alternative Voting Technologies Report there is no conclusive evidence that internet voting will have a positive impact on turnout. More recently, the Internet Voting Project published a report[1] on the 2014 Ontario Municipal Elections that supports this assessment that there is not a correlation between internet voting and increased turnout.

[1] Internet voting project report: results from the 2014 Ontario Municipal Elections.  [Editor’s note: It’s not completely clear which report they are referring to, but probably Internet Voting Project Report August 2016 which states on page 65 “despite comments about observed improvements in turnout, this study, and other research, clearly indicates that Internet voting is not the magic bullet solution to improve voter participation or to engage young people”.]

The Alternative Voting Technologies Report mentioned is available in two parts:

I have also written extensively about the Elections Ontario Alternative Voting Technologies Report in blog post Province of Ontario Internet voting.

comment on The Agenda – Is Online Voting the Future?

TVO – The Agenda – Is Online Voting the Future? – May 17, 2017

COMMENT

In future I hope that TVO will invite computer scientists who specialise in elections security when the topic is online voting.

There were a number of things we didn’t hear in the segment, such as the fact that Toronto, Kitchener and Waterloo have always rejected Internet voting, and that Guelph and Orillia just rejected online voting for the 2018 elections.

We also didn’t hear about the many Canadian expert consultations and reports about online voting, consultations where unlike municipal online voting decisions, there was more time to draw on a variety of election expertise.

In every such case, without exception, the recommendation is against online voting. This includes Nova Scotia, New Brunswick, Ontario, and British Columbia, as well as the federal government.

END COMMENT

Also see my longer email with links – email to TVO about online voting.

email to TVO about online voting

Here is an edited version of an email sent to TVO about their May 17, 2017 The Agenda segment on online voting.

EMAIL

I was pleased to see Steve Paikin ask a variety of questions about online voting, Internet security and electoral fraud in the May 17, 2017 The Agenda segment on the topic.

http://tvo.org/video/programs/the-agenda-with-steve-paikin/is-online-voting-the-future

There were many things we didn’t hear in the segment, such as the fact that Toronto, Kitchener and Waterloo have always rejected Internet voting, or that municipalities have to make the decision about online voting without any comprehensive background briefing about the computer security risks, or that Guelph and Orillia just rejected online voting for the 2018 elections.

We also didn’t hear about the many Canadian expert consultations and reports about online voting, consultations where unlike municipal online voting decisions, there was more time to draw on a variety of election expertise.  In every such case, without exception, the recommendation is against online voting.

This includes Nova Scotia, New Brunswick, Ontario, and British Columbia, as well as the federal government.
[added for the web: recommendations on Internet voting from government consultations]

In addition, Quebec has a total moratorium on all forms of electronic voting, including online voting.

As well there is the recent expert study of the PEI referendum, which also recommended against online voting.

Just to give you a flavour of these kinds of expert assessments, here’s what Toronto had to say in its analysis http://www.toronto.ca/legdocs/mmis/2016/ex/bgrd/backgroundfile-98545.pdf

The overwhelming consensus among computer security experts is that Internet voting is fundamentally insecure and cannot be safely implemented because of security vulnerabilities inherent in the architecture and organization of both the Internet and commonly used software/hardware:

  • Internet voting is extremely vulnerable to a wide range of cyber-attacks, and many of these are impossible to detect.
  • Internet voting poses extraordinary and unnecessary risks to election integrity, and even a small issue—were it even detectable—could completely undermine public trust.
  • Every jurisdiction whose Internet voting system has been thoroughly examined by security experts—including the long-running system in Estonia—has revealed major vulnerabilities that could allow the system to be hacked, to reverse election outcomes, or to selectively disenfranchise voters, all while going completely undetected.
  • Many jurisdictions that ran Internet voting pilots—including Washington, DC, France, and Norway—cancelled the projects due to security issues.

Should you have a future segment about online voting, I urge you to include computer science expertise.  Here is a list of contact information for experts specifically in the risks of online voting, including Canadian experts such as Dr. Simons and Dr. Essex:

[embedded list replaced with web link: Internet voting and computer security expertise]

END EMAIL

Comments about Orillia Internet voting

The City of Orillia has invited comments about its proposal for Internet voting in the 2018 Ontario municipal election.

The website is City of Orillia Voting Method – Public Comments and the deadline is Monday May 1, 2017 at 10am Eastern.

They have included a link to their staff report: Clerk’s Department Report CD 17-08 – Alternative Voting Method Options (PDF).

Below is my submission.

COMMENT

Dear Mayor and Council (c/o Janet Nyhof, Deputy Clerk):

I am writing in response to the request for comments about the recommended City of Orillia voting method.

http://orillia.ca/en/news/index.aspx?feedId=6f58f980-7799-42a7-9149-7b35d865e9ee&newsId=c90efff1-5ce5-4d2e-9ee5-40b300572e08

I recommend against using Internet voting.

I have reviewed the Clerk’s Department Report CD-17-08 2018 Municipal Election – Voting Method Options.

http://icreate4.esolutionsgroup.ca/230002_iCreate_NewsModule//Management/Attachment/Download/2f0783f2-adf9-4b98-acc5-53b09cfff307

I have the following concerns with this report, which does not cite computer science and computer security evidence:

* it appears to minimize the disadvantages

* it selectively reports on municipal adoption of Internet voting

* it does not provide a comprehensive analysis of the system-wide security and error risks

I agree with the following conclusions of the report, which are well-supported by social science evidence:

* Internet voting will not increase turnout, nor will it change the voter profile

I have provided additional detail in an appendix below.

Thank you,

Richard Akerman

Appendix

I would like to examine the disadvantages cited in more detail:
*System may be perceived as vulnerable to hackers

All systems are vulnerable to hackers.  This is not perception, this is reality.  This is the nature of computers.  Microsoft, with huge resources, nevertheless releases patches every single month for critical errors (vulnerabilities) in Windows and associated Microsoft software.  The situation is so bad that the Economist magazine recently did a cover story proclaiming “Why computers will never be safe”.
http://www.economist.com/news/leaders/21720279-incentives-software-firms-take-security-seriously-are-too-weak-how-manage

http://www.economist.com/news/science-and-technology/21720268-consequences-pile-up-things-are-starting-improve-computer-security

I want to emphasize that this is not just about e.g. foreign hackers attacking the voting server.  It’s about two significant issues: 1) all systems have errors (bugs), and require extensive examination in order to ensure that errors have been minimized 2) the entire voting system, which in the case of Internet voting means the voter’s personal home computer or computing device, must be secure in order for the vote to be secure

How many hundreds or thousands of insecure home computers might be involved with a municipal Internet vote?  We really have no way of knowing; it would require a survey of a representative sample of users.  The Internet voting vendors almost never mention this security aspect of the election.  We do know that very large numbers of computers are compromised worldwide, due to lack of technical expertise combined with challenges in downloading what may be very large patches, as well as due to older systems such as Windows XP no longer receiving security updates.

Just this month the US Department of Justice began dismantling a network (“botnet”) of compromised computers that numbered in the tens of thousands of machines.  That’s just one example, of many.

https://www.justice.gov/opa/pr/justice-department-announces-actions-dismantle-kelihos-botnet-0

Canadian government and corporate computers are hacked all the time.  Even Loblaw PC Plus points were hacked.

https://www.thestar.com/business/2017/02/20/loblaw-resets-all-pc-plus-passwords-after-breach-steals-member-points.html

Of course, decisionmaking is always about balancing risks versus benefits.  I can tell you that when computer security experts examine online voting, they basically universally find that the risks are too high.  See for example Scientific American from February 2016

https://www.scientificamerican.com/article/pogue-the-challenges-of-digital-voting/

and a consensus statement from US computer scientists advising against Internet voting

http://usacm.acm.org/evoting/category.cfm?cat=30&E-Voting – “At the present, paper-based systems provide the best available technology….”

* Voter authentication
* Unsupervised voting

The combination of unsupervised voting and the inability to conclusively authenticate individual voters raises a number of very significant democratic issues: 1) voter credentials can now be bought and sold 2) since voting is unsupervised, even legitimate voters can be coerced by their friends or family to vote a particular way

* Role of the candidates/scrutineers change

In fact, any meaningful role for candidates and scrutineers in examining the conduct of the election is gone.  Their scrutineer role hasn’t changed, it’s been eliminated.  The entire trust that used to be established by watching physical ballots being counted in public is replaced by a transfer of trust to the black box of a third-party, for-profit, Internet voting technology vendor.  There is nothing to examine, there is nothing to recount.  A vote count comes out of the computer that cannot be challenged or changed.

* a summary of other municipalities’ 2014 Voting Method and 2018 Proposed Voting Methods

Not cited in the list in the Orillia report are:

[Correction to email, should say] Not cited in the list in the Orillia report (or changed since the report was released) are:

* Kitchener – no Internet voting in 2014, no Internet voting in 2018

* Waterloo – no Internet voting in 2014, no Internet voting in 2018

* Guelph – advance Internet voting in 2014, no Internet voting in 2018 (following an extensive debate with over 200 submissions and over a dozen deputants)
* Toronto – no Internet voting in 2014, no Internet voting in 2018

* Ottawa – no Internet voting in 2014, no Internet voting in 2018

https://web-beta.archive.org/web/20140217203039/http://www.therecord.com/news-story/2617898-kitchener-rejects-internet-voting/

http://www.therecord.com/news-story/4236054-waterloo-rejects-online-voting-in-2014-municipal-election/

http://www.therecord.com/news-story/6980847-waterloo-council-rejects-internet-voting-for-2018/

https://www.guelphtoday.com/local-news/guelph-city-council-deletes-online-voting-for-2018-municipal-election-596779

https://www.thestar.com/news/city_hall/toronto2014election/2014/07/23/toronto_cancels_plan_to_allow_online_phone_voting_for_disabled_citizens_in_2014.html

http://www.toronto.ca/legdocs/mmis/2016/ex/bgrd/backgroundfile-98545.pdf

Toronto’s report states, in part:

Internet Voting

Fundamentally, the Internet was designed to share information, not to secure it. Though an increasing amount of daily commercial life—from shopping to banking—has moved online, Internet voting poses security challenges that are unique and, in their current state, insurmountable.

The overwhelming consensus among computer security experts is that Internet voting is fundamentally insecure and cannot be safely implemented because of security vulnerabilities inherent in the architecture and organization of both the Internet and commonly used software/hardware:

  • *  Internet voting is extremely vulnerable to a wide range of cyber-attacks, and many of these are impossible to detect.
  • *  Internet voting poses extraordinary and unnecessary risks to election integrity, and even a small issue—were it even detectable—could completely undermine public trust.
Lastly, I will look at the security aspect of the Orillia report:
* The implementation of an electronic voting solution must ensure that the process is secure, provides confidentiality of the individual voter and provides accurate and reliable results.
The above statement is correct.  However, the report then fails to cover all aspects of “the process” including the home computer.  Securing a central server without securing all of the home computers that connect to it is like protecting a single big tree in a forest and declaring the forest is totally secure from damage, ignoring the fact that many of the smaller trees in the forest could be cut down.

Similarly, the ability to truly, provably separate the identity of an individual voter from the vote they cast is not possible with a computer-based systems.  Computers are designed to track changes made.  It is extraordinarily difficult to make a system that can simultaneously determine that an individual has permission to vote, while then not recording somewhere in the system which user cast which vote.  Lastly, accurate and reliable results require strong evidence.  The computer can’t be inspected in any meaningful way; it’s a black box.  The municipality is transferring the entire trust in the election from a process of open casting and counting of paper ballots to a closed system that exists entirely within the computer and is controlled entirely by the third-party voting technology vendor.

If Orillia nevertheless decides to proceed with Internet voting and is truly confident in the security of its system, I urge you in the spirit of open government to conduct an open, public test of the full online voting system well in advance of the election, with permission for anyone around the world to remotely examine the system in detail for security vulnerabilities and to publicly report their findings.  There is no security in obscurity.
ENDCOMMENT

Comments about Guelph Internet voting

A letter submitted for the April 24, 2017 Guelph Council meeting, agenda item COW – CS – 2017.04 2018 Municipal Election: Methods of Voting.

COMMENT

Dear Mayor and Councillors:

The Internet threat environment has changed since 2013 when Guelph did its initial analysis of online voting.  Since then, Ontario, British Columbia, New Brunswick and the federal government have all released reports on online voting, and all have recommended against it at the provincial or national level.  Threats have gotten worse while security technology has not advanced at the same pace, to the extent that the Economist magazine just did a cover story proclaiming “Why computers will never be safe”.

http://www.economist.com/news/leaders/21720279-incentives-software-firms-take-security-seriously-are-too-weak-how-manage

http://www.economist.com/news/science-and-technology/21720268-consequences-pile-up-things-are-starting-improve-computer-security

Of course, decisionmaking is always about balancing risks versus benefits.  I can tell you that when computer security experts examine online voting, they basically universally find that the risks are too high.  See for example Scientific American from February 2016

https://www.scientificamerican.com/article/pogue-the-challenges-of-digital-voting/

If you do choose to continue with online voting, I urge you in the spirit of open government to conduct an open, public test of the full online voting system well in advance of the election, with permission for anyone around the world to remotely examine the system in detail for security vulnerabilities and to publicly report their findings.  There is no security in obscurity.

In staff report CHR – 2013 – 30 “2014 Municipal Election:  Methods of Voting”, principles for a municipal election are outlined.  Here is my evaluation of online voting against three of those principles:

  • the secrecy and confidentiality of the voting process is paramount;

Use of a third-party vendor for online voting compromises voting secrecy and confidentiality.  Even if the voting systems were developed and hosted in-house, the information necessary to cast a vote (the voter identification) is extremely difficult to completely separate inside the computer from the vote cast.  Additionally, unsupervised remote voting opens the potential for anyone to view a vote that is being cast (and indeed to coerce the vote, or to pay someone for their voting credentials).

  • the integrity of the process shall be maintained throughout the election;
  • there is to be certainty that the results of the election reflect the votes cast;

The chain-of-custody for an Internet ballot extends from the personal computing device, across the Internet, and through to the voting servers.  There are potential threats to the integrity of the process at every stage, from compromised (“hacked”) home computers, through to denial-of-service attacks and potential vote alteration or addition of votes (“ballot stuffing”) at the server end.  Or the computer code could simply have errors in it (all computer programs have errors).  There is no way to observe the entire process; it is a black box.  Therefore there can be no real certainty that the results of the election reflect the votes cast.

Additional information supporting the above statements is available in an appendix to this email.

Thank you,

Richard Akerman

Appendix

Changes since 2013 report

The primary report is the July 16, 2013 “An Analysis of Alternative Voting Methods“.  http://guelph.ca/wp-content/uploads/AnalysisOfAlternativeVotingMethods.pdf

Both Elections Canada and Elections Ontario have been actively exploring the prospect of implementing an online voting channel for a number of years and have since allocated resources to undertake a detailed investigation and feasibility review of doing so.

As of 2017, neither Elections Canada nor Elections Ontario has implemented online voting, nor are they actively exploring the possibility.

A consultation by the Canadian Parliamentary Special Committee on Electoral Reform recommended against online voting[1], and the Canadian government accepted the recommendation.[2]  On March 2, 2017 Elections Canada released an RFP which included the statement “Elections Canada has no plans to introduce electronic casting or counting of votes. Polling places will continue using paper ballots, marked and counted by hand.”[3]

Ontario’s Alternative Voting Technologies Report, released June 2013, recommends against online voting and there is no online voting in provincial elections in Ontario.[4]

[1] December 2016 – Strengthening Democracy in Canada : Principles, Process and Public Engagement for Electoral Reform – http://www.parl.gc.ca/HousePublications/Publication.aspx?Language=e&Mode=1&Parl=42&Ses=1&DocId=8655791&File=291#87 – “Recommendation 4: The Committee recommends that online voting not be implemented at this time.”

[2] April 2017 – Government Response to Report Strengthening Democracy in Canada : Principles, Process and Public Engagement for Electoral Reform – http://www.parl.gc.ca/HousePublications/Publication.aspx?Language=e&Mode=1&Parl=42&Ses=1&DocId=8853290 – “The Government accepts this recommendation.  We will not implement online voting at this time.”

[3] March 2017 – Elections Canada RFP – https://buyandsell.gc.ca/cds/public/2017/03/02/967d72343b6234a0571287c709b7ae1f/ecrs-rfp-16-0167_-_anpp_-_ec-vsm-pppe_-_bilingual.pdf – “Elections Canada has no plans to introduce electronic casting or counting of votes. Polling places will continue using paper ballots, marked and counted by hand.”

[4] June 2013 – Alternative Voting Technologies Report – Ontario Chief Electoral Officer’s Submission to the Legislative Assembly (PDF) – http://www.elections.on.ca/content/dam/NGW/sitecontent/2014/reports/Alternative%20Voting%20Technologies%20Report%20%282012%29.pdf – “At this point, we do not have a viable method of network voting that meets our criteria and protects the integrity of the electoral process.”

Additional Context

In fact, there is no provincial online voting anywhere in Canada, and there is only municipal online voting in Nova Scotia and Ontario.  Reports from Nova Scotia [5], New Brunswick [6] and British Columbia [7] have all recommended against provincial online voting.  Quebec has had a moratorium on provincial online voting since investigating problems with its electronic voting machines in 2005.[8]

[5] Elections Nova Scotia: Annual Report of the Chief Electoral Officer April 1, 2012 – March 31, 2013 (PDF) – https://electionsnovascotia.ca/sites/default/files/ENS%20AR%20Web%202012_13.pdf – specifically pp. 14-16 Appendix I: Internet and Telephone Voting in Nova Scotia.

[6] March 2017 – A pathway to an inclusive democracy (PDF) – http://www2.gnb.ca/content/dam/gnb/Departments/eco-bce/Consultations/PDF/PathwayToAnInclusiveDemocracy.pdf – specifically pp. 20-21 E-voting

[7] February 2014 – Independent Panel on Internet Voting: Recommendations Report to the Legislative Assembly of British Columbia (PDF) – http://www.internetvotingpanel.ca/docs/recommendations-report.pdf

[8] October 2006 – Electronic voting – Le Directeur général des élections du Québec (DGEQ)http://www.electionsquebec.qc.ca/english/municipal/media/electronic-voting.php

There is a consensus statement from US computer scientists advising against Internet voting.[9]

[9] http://usacm.acm.org/evoting/category.cfm?cat=30&E-Voting – “At the present, paper-based systems provide the best available technology….”

END COMMENT

Here are additional documents I tracked down as part of writing the above comment:

2014 Election Cycle

July 16, 2013 — An Analysis of Alternative Voting Methods (PDF) — by Blair Labelle, City Clerk

July 16, 2013 — Staff Report CHR – 2013 – 30 — 2014 Municipal Election:  Methods of Voting (PDF) — Prepared and Recommended by Blair Labelle, City Clerk

June 2, 2014 (Amended September 15, 2014) — Procedures for Voting and Vote  Counting Equipment for the 2014  Municipal Election (PDF)

2018 Election Cycle

September 6, 2016 — Staff Report CS-2016-73 –Municipal  Election  Modernization,  Service  Expansion  and  Ranked  Ballot  Election (PDF; pp. 255-289) – Prepared by Jennifer Slater, Approved by Stephen O’Brien, City Clerk

April 3, 2017 — 2018 Municipal Election Voting Methods  (PDF; pp. 99-109) – by Stephen O’Brien, City Clerk and Returning Officer

April 3, 2017 — Staff Report CS  -2017.51 — 2018  Municipal Election: Methods of Voting (PDF, pp. 110-115) — Prepared by Tina Agnello, Deputy City Clerk; Approved by Stephen O’Brien, City Clerk

Other Reports Cited by Guelph

June 23, 2005 — Risk Analysis of Traditional, Internet, and other Types of Voting  Alternatives for Town of Markham — by Harry M. Kim