Tag: Ontario

Elections Ontario Advisory Committee on Standards for Voting Technologies

There are no, zero, standards for voting technologies in Canada.  It’s kind of mindboggling considering we use both computer vote counting in some provinces, as well as Internet voting in some municipalities.

Thankfully Ontario recognized this and recommended establishing standards and certification for elections technology.

That recommendation has now been implemented, in the
Advisory Committee on Standards for Voting Technologies

The committee is made up of individuals chosen by each political party in the Legislative Assembly of Ontario and three other members appointed by the Chief Electoral Officer.

To date there have been three meetings:

No other material has been posted online.

If you have any questions about the committee, please call 1.855.440.4041 or email advisory.committee@elections.on.ca

Voting in the Ontario 2022 provincial election

For official information, please see Elections Ontario https://www.elections.on.ca/

Election day is June 2, 2022.

You can vote by special ballot, which enables you to vote by mail or drop off the special ballot, but you must register for the special ballot.  You will need to upload an image of an Ontario driver’s licence or an electronic copy of a piece of ID showing your name and current residential address.  The could have mentioned the Ontario Photo Card, which is the main ID alternative for people who choose not to have a driver’s license.

See https://www.elections.on.ca/en/voting-in-ontario/how-to-vote.html and the section Vote by Mail.

The deadline to apply to vote by mail is 6 PM (Eastern Time) on May 27, 2022.

You don’t actually have to send it through the mail.  You can drop the special ballot off at your returning office.  (But if you want to do that, be aware you can just vote in person at the returning office anyway.)  You can find the returning office using https://voterinformationservice.elections.on.ca/en/election/search?mode=electoralDistrict

The interface for voter information is pretty confusing.  You need to get your electoral district, then there’s a side menu that isn’t clear that it is a side menu (none of the items are in blue or underlined).  You need to select “Contact Your Returning Office” to find out where your returning office is.

A screenshot showing the text "This is a clickable menu of links" with the item "Contact Your Returning Office" highlighted in a red box.

It’s a judgment call about uploading your ID, you have to trust IT and the organisation, but we already trust some of that IT and all of that organisation.  There is no other way to vote by mail.

There is an Elections Ontario app but you cannot use it to vote online.  There is no online voting in the 2022 Ontario provincial election.

You can also vote:

  • At the returning office itself until the day before the election, from May 5 until June 1 at 6pm Eastern.  The returning office is typically open seven days a week.
  • At advance voting locations, on advance voting days between May 19 and May 28, from 10am to 8pm Eastern time.

Ontario provincial ballots are mostly computer scanned and computer counted.  For more information see previous blog post 2018 Ontario Provincial Election to use vote counting computers.

Following a much needed recommendation calling for standards and certification for elections technology (as there are currently literally none), Elections Ontario created an Advisory Committee on Standards for Voting Technologies, which from the webpage looks like it held its first meeting December 8, 2021.  None of its work will apply to the current election.

Elections Ontario recommends establishing standards and certification for elections technology

In Ontario, there are no standards in place for choosing, testing, certifying or auditing election technology, including the online voting used in Ontario municipal elections.

This is a huge gap that has opened the door to what is currently basically an unregulated process where individual municipalities choose whether or not to use Internet voting and then procure vendor-based solutions without any guidance.

UPDATE 2022-05-23: The standards committee has been created, see blog post Elections Ontario Advisory Committee on Standards for Voting Technologies.  END UPDATE

It is heartening to see Elections Ontario recognize the gap in standards for voting technology in its Report on Ontario’s 42nd General Election (Modernizing Ontario’s Electoral Process, June 7, 2018).  Elections Ontario makes a long recommendation which I am going to quote in full

Establish common evaluative standards and a certification process for election technology

The Chief Electoral Officer recommends that Ontario establish common evaluative standards and a certification process for technology used in the electoral process in Ontario.

Technology holds a lot of promise for the elections of the future. Increasingly, Ontarians expect that technology will be used to make voting easier, offer more choice to electors for when, where and how to vote, and find efficiencies in the electoral process. Electoral management bodies, including Elections Ontario, are increasingly turning to technology to solve logistical challenges.

In Ontario, the adoption of technology into the electoral process has been done in an ad-hoc way since the late 1980s, and has been led by municipalities. This approach made sense when voting technologies were new and there were no best practices from which to draw. It also allowed municipalities to pioneer technology and discover fit-for-purpose solutions to address their local needs.

With more than 20 years of practical experience at hand, we are at a point where we are actively learning from our past so that we can create best practices and develop future guidelines. Standards can provide consistent guidance for municipalities and the province as we adopt proven technologies using a principled and measured approach.

It is critical that our approach to technology be intentional and evidence-based. Even as the public expects electoral management bodies to find efficiencies through technology, they are also increasingly aware of the possible failures of technology. While there are many benefits to using technology, there are risks involved, as illustrated by recent failures of systems at large organizations.

As the public becomes more informed about software, malware and manipulation of technology data systems, they are increasingly interested in knowing exactly how election technology preserves the integrity of our electoral process and the confidentiality of their personal information. For the public to trust the integrity of the electoral process they must be assured that:

  • Technology used to cast a vote will accurately count the vote as intended.
  • Technology used to cast a vote will uphold the secrecy of the vote.
  • Technology used to tabulate votes will be verifiable and protected from tampering.
  • Technology used to transmit election results will be verifiable and protected from tampering.
  • Technology will not result in the breach of their confidential and personal information.

To ensure we maintain public trust in our electoral system as we adopt technology, the Chief Electoral Officer recommends that Ontario establish a set of common evaluative standards and guidelines. These will advise election administrators as they consider which technology to adopt, how to evaluate the technology, and the specific technical standards to consider for adopted technology.

This is a very significant step forward for Elections Ontario.  In particular I laud the phrase “It is critical that our approach to technology be intentional and evidence-based.”

There is also a strong statement of principles at the end of the report

We continue to balance making voting easier for Ontarians with the need to preserve the integrity of the electoral process. We want to provide modernized, flexible, and convenient ways to vote, but cannot compromise the core covenants of our democracy: accessibility, one vote per elector, secrecy, integrity and security. As we continue on this modernization journey, these values will continue to be at the centre of the work we do.

As a starting point, the principles above are very good, and to them I would add the implementation criteria from Ontario’s own 2013 report on Alternative Voting Technologies.

Our implementation criteria are:

  • Accessibility:
    The voting process is equally accessible to all eligible voters, including voters with disabilities. The voting process will be performed by the voter without requiring any assistance for making their selections.
  • Individual verifiability:
    The voting process will provide means for the voter to verify that their vote has been properly deposited inside the virtual ballot box.
  • One vote per voter:
    Only one vote per voter is counted for obtaining the election results. This will be fulfilled even in the case where the voter is allowed to cast their vote on multiple occasions (in some systems, people can cast their vote multiple times, with only the last one being counted).
  • Voter authentication and authorization:
    The electoral process will ensure that before allowing a voter to cast a vote, that the identity of the voter is the same as claimed, and that the elector is eligible to vote.
  • Only count votes from valid voters:
    The electoral process shall ensure that the votes used in the counting process are the ones cast by valid eligible voters.
  • Voter privacy:
    The voting process will prevent at any stage of the election the ability to connect a voter and the ballots cast by the voter.
  • Results validation:
    The voting process will provide means for verifying if the results clearly represent the intention of the voters that participated in the voting process.
  • Service availability:
    The election process and any of its critical components (e.g., voters list information, cast votes, voting channel, etc.) will be available as required to voters, election managers, observers or any other actor involved in the process.

However, those principles need to be refined for a computer-based system, which the report also does

If the implementation of the network voting system does not both support the Chain of Trust and provide auditable evidence, then the process is open to question. This Chain of Trust is a compilation of all the following measures:

  1. Source code audit to verify that the code will do only what it is intended to do.
  2. Digital signature of the audited source code to protect its authenticity and integrity.
  3. Trusted build of the executable code in front of auditors (based on audited source code).
  4. Signature of the executable code to protect its authenticity and integrity.
  5. Deployment of the executable software in a clean system. Logical sealing of the system to detect any later additions.
  6. Logic and accuracy testing of the voting system to validate it works properly.
  7. Continuous audit of the voting system during the election, through review and validation of logs and other data. The logs must be protected from external manipulations by using cryptographic measures.
  8. Post-election audit that validates that the system behaved correctly by reviewing the logical seals and the protected logs.
  9. Individual voter verification that proves their ballots were used in the final tally (by using special receipts).

A strong emphasis must be placed on audit. Independent auditors must be able to review the source code, verify the build and deployment, audit system logs during the election event, and finally to review both the counting process and the results.

Those are strong starting points, and even more so because they emerge from Ontario’s own multi-year research into the subject.
That being said, Ontario also needs to heed the conclusion of the Alternative Voting Technologies report:

At this point, we do not have a viable method of network voting that meets our criteria and protects the integrity of the electoral process.

It is possible that the introduction of standards for municipal online voting could open the door to provincial online voting, and indeed the very-high-level Elections Ontario Strategic Plan 2019 – 2023 (PDF) says

Advance modern elections in a measured and principled manner

  • Assess and analyze the environment to inform the modernization of future elections.
  • Better understand electors’ needs and behaviours to build modern and responsive services.
  • Recommend legislative change to support modernization of electoral services.
  • Pilot modernization initiatives through by-elections.

It’s not at all clear what this “modernization” might include.

Conclusion

It is critical that both the current deployment and any potential further expansion of online voting should be subject to extensive analysis by computer security experts.

By applying an evidence-based approach to technology with extensive public, independent, unrestricted testing of election technology, Elections Ontario has the opportunity to move from what it acknowledges has been an ad-hoc approach to one that brings the appropriate levels of standards, testing, certification and auditing in what is a high-risk cybersecurity environment.

Additionally, Elections Ontario needs to close an auditing gap by putting in place risk-limiting audits for the computer vote counting it is now using for provincial elections.  We cannot simply trust the counts produced by the vote tabulators (because computers can be programmed to produce whatever result the programmer wants); we must have a public audit to increase the confidence in the results.

I hope that municipalities and the provincial government will accept that putting standards in place may result in the decertification and withdrawal of voting technology, as has happened when “electronic voting machines” were examined in the United States and when Switzerland made one of its online voting solutions available for public testing.