The recent New Democratic Party convention in Toronto may have done more than just select Thomas Mulcair as the party’s new leader. It may have also buried the prospect of online voting in Canada for the foreseeable future. While Internet-based voting supporters have consistently maintained that the technology is safe and secure, the NDP’s experience – in which a denial of service attack resulted in long delays and inaccessible websites – demonstrates that turning to Internet voting in an election involving millions of voters would be irresponsible and risky.
As voter turnout has steadily declined in recent years, Elections Canada has focused on increasing participation by studying Internet-based voting alternatives. The appeal of online voting is obvious. Canadians bank online, take education courses online, watch movies online, share their life experiences through social networks online, and access government information and services online. Given the integral role the Internet plays in our daily lives, why not vote online as well?
The NDP experience provides a compelling answer.
Democracy depends upon a fair, accurate, and transparent electoral process with independent verification of the results. Conventional voting may typically require heading down to the polling station, but doing so accomplishes many of these goals. Private polling stations enable citizens to cast their votes anonymously, election day scrutineers provide oversight, and paper-based ballots can be re-counted if needed.
There are ways to build anonymity and oversight into an online election process, but as the NDP experienced, there is no way to guarantee it will be disruption-free. In the NDP’s case, 10,000 computers were used in a distributed denial-of-service attack designed to overwhelm the online voting system and effectively render it unusable for authorized voters.
The only real surprise about the attack is that it took anyone by surprise. Not only is a denial-of-service attack typically cited as the most likely security disruption, the NDP experienced much the same thing at its last leadership convention in 2003. Reports from that convention – which only involved a single ballot to elect Jack Layton as the new party leader – indicate that there was a denial-of-service attack that similarly delayed the voting process.
Online voting threats are not limited to denial-of-service attacks. Security experts point to the danger of counterfeit websites, phishing attacks, hacks into the election system, or the insertion of computer viruses that tamper with election results as real world threats to an Internet-based voting system.
While several Canadian municipalities have successfully used Internet voting, those elections were unlikely to be viewed as “targets” for attack since groups seeking to disrupt an online election will likely prefer to take aim at high profile events that offer maximum exposure.
Douglas Jones and Barbara Simons, the authors of the forthcoming book Broken Ballots: Will Your Vote Count, note that “people running pilots are likely to declare success, in spite of any problems that might crop up. However, it is dangerous to draw conclusions from what appears to be a successful Internet voting pilot. If the election is insignificant, there is little to no motivation to sabotage the election.”
National or provincial campaigns clearly qualify as sufficiently significant to represent an inviting target. There are no “do overs” with elections nor the possibility of keeping online polling open for hours or days to ensure that all citizens can exercise their right to vote. Elections Canada may be anxious to increase voter turnout, but the recent NDP experience suggests that jumping on the online voting bandwagon could place the validity of the election process at risk.