Online voting is impossible to secure. So why are some governments using it?

If you thought electronic voting machines were insecure, wait 'til you meet online voting.

1 2 Page 2
Page 2 of 2

However, Teague says this claim is marketing nonsense. "It means that you have to sign a punitive NDA, which includes among its terms the requirement that even the fact you've signed an NDA is secret," she tells CSO. "I don't know of anyone with any sense of integrity who has signed it."

Everyone Counts disagrees. "We can appreciate that many researchers would prefer our Open Code Advantage program went further towards making our voting platform open source," Everyone Counts communications and administrative manager Stefanie Histed wrote in an email. "However, the program is designed to allow our clients an opportunity to review our systems (either directly or through designated third parties), and the NDA is written and/or tailored in partnership with these clients."

Canada's largest province embraces online voting

Despite the red flashing lights and the ah-OOO-gah warning noise coming from electronic voting security researchers, the province of Ontario, home to more than 40 percent of Canada's population, is pushing municipalities to embrace online voting. The province required "municipalities to pass a by-law allowing an online ballot by May 1, 2017 to allow online voting in the 2018 civil election," according to the CBC.

Ontario has more than 400 municipalities. That's 400-odd RFPs, 400-odd contracts, and a patchwork of online voting systems deployed by several different online voting providers. The province of Ontario sets no standards for online voting, security standards or otherwise, and doesn't even know which municipalities are using online voting, and which aren't.

"Municipalities are not required to inform the ministry on what voting methods they will be using," a spokeperson for the Ontario Ministry of Municipal Affairs wrote in an email to CSO. Ontario municipalities have been using online voting since 2003, the ministry noted, and 98 municipalities offered online voting in the 2014 election, based on polling data reported to the province after the election.

Online voting and mass surveillance

As the Snowden documents make clear, governments around the world are engaged in mass surveillance of their own citizens — including the United States, Canada, and Australia. Given the trivial nature of the security flaws academic researchers have demonstrated in online voting systems, the technical barrier to spying on how citizens vote is extremely low. If online voting traffic is accessible, what’s to stop it from being swept up in that dragnet surveillance of innocent populations?

Some argue that online voting is acceptable at the municipal level because it is unlikely to attract interference from a foreign power. After all, why would Russia care about who becomes mayor of Hicksville?

"The argument against internet voting fails when you apply the standard to all use cases," Brian Lack, president of online voting provider Simply Voting, wrote in a statement to CSO. "While internet voting should not be used to select the President of the United States, the argument against internet voting fails when you apply the standard of a perfect voting system for all use cases. An Ontario Municipal Election has nowhere near the same threat level as the United States presidential elections. Russia, China, and other state-level actors are not likely to use their advanced cyberweapons to influence the outcome."

The Communications Security Establishment (CSE), Canada's counterpart to the NSA, engages in mass surveillance of all Canadians, the Snowden documents revealed. Indiscriminate spying might well lead to collecting online votes — who is voting, when they're voting, whether they vote, and maybe even who they vote for. Given the secrecy in which CSE operates, and the democratic oversight on an agency that Snowden himself said has the "weakest oversight in the Western world," the legal safeguards are flimsy at best.

"There needs to be transparency so that no individual entity is able to exert undue influence on the process in a way that is undetectable," Essex says. "Online voting simply cannot provide that transparency at this time given the limitations of the technology and the infrastructure that exist today."

CSE's counterpart in Australia, the Australian Signals Directorate (ASD), made an "informal relationship" with the NSW Electoral Commission prior to the 2015 election. CSE and ASD are both part of the Five Eyes alliance of spy agencies, and share many of the same tactics, the Snowden documents make clear.

"The NSW Electoral Commission (NSWEC) works with a range of law enforcement and intelligence agencies in relation to voting system security," a NSW Electoral Commission spokesperson told CSO in a statement. "Due to the nature of these relationships, the NSWEC does not discuss nor disclose further details."

Online voting: Complete absence of standards

Unlike electronic voting machines, which are notoriously insecure but at least have some technical standards set by the U.S. government, no technical standards  govern the use or deployment of online voting software.

One of the world's largest online voting providers, Scytl, tells CSO that it would like to see security standards developed. The question should be "about setting-up a framework that will allow the impartial evaluation of online voting systems security," Gwendoline Savoy, Scytl's marketing director, wrote in an email. "This can be achieved by defining the security requirements a government has to comply with in order to implement a secure and transparent online voting system."

There is a reason why no security standards for online voting exist: After $100 million dollars in research and years of effort, NIST, the U.S. cybersecurity standards body tasked with examining the issue, concluded that online voting is impossible to secure. "It is not clear that remote electronic absentee voting systems can offer a comparable level of auditability to polling place systems," NIST concluded in this 2011 report.

"Because of the difficulty of validating and verifying software on remote electronic voting system servers and personal computers, ensuring remote electronic voting systems are auditable largely remains a challenging problem," the report added, "with no current or proposed technologies offering a viable solution."

Without the ability to audit an election for irregularities, for instance to run a recount, online voting makes it impossible to trust the results of any election that uses such technology, and it calls into the question past election results. "In the age of online voting, it's not enough to produce the correct result," Essex says. "You have to have trust in the result. You have to have public confidence in the result. And you have to provide a reason for people to have that trust."

For her part, Teague is baffled that the NSW government has failed to understand the significance of her research. "If a live vulnerability in a state election, that we could expose every vote that went through that system," she says, "wasn't enough to cause them to desist, I don't know what level of evidence could possibly be produced that would burst the bubble of the belief that the system is secure, other than a demonstrated total security breach?"

Copyright © 2018 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Get the best of CSO ... delivered. Sign up for our FREE email newsletters!