Canada's Liberal Party Holds Online Primaries While Security Experts Scowl
BY Elisabeth Fraser | Wednesday, May 1 2013
Canada’s Liberal party elected a new leader last week. And for the first time in the party's history, the voting took place online. Justin Trudeau, the telegenic son of the late Pierre Trudeau, Canada's most famous prime minister, won in a landslide with over 80 per cent of the vote. But online voting critics say that despite the decisive results, the Internet remains an unsafe place to cast your vote.
Impossible to ensure security and anonymity
“If the Conservative party want to select the next Liberal party leader, this provides them with the perfect opportunity,” says Dr. Barbara Simons, an online voting expert, and co-author (with Douglas Jones) of Broken Ballots: Will Your Vote Count? “I am not saying the Conservatives would do this — I’m just saying this is a very foolish and irresponsible thing for Liberals to be doing, because they open themselves up to vote-rigging that would be almost untraceable, and impossible to prove.”
Simons is one of several experts who have issues with online voting security. Others include University of Ottawa law professor and Internet guru Professor Michael Geist and Princeton University researcher Jeremy Epstein. Online voting does have its defenders, for example Carnegie Mellon University's Michael Shamos, but online voting opponents argue it’s impossible to create a system immune to third-party attacks.
Simons draws parallels between the risks involved in voting and banking online. She points to viruses like ZeuS (“It’s my favorite virus, because it is incredibly smart,”) which has been used by criminals to steal millions of dollars from online bank accounts, leaving its victims none the wiser.
“I think many people feel that what they see on their screen is what goes out on the Internet,” says Simons. “They don’t appreciate the fact that these are different components, and there is software in between that can change the results – they can vote for candidate A, and a virus can change their vote to candidate B, and they wouldn’t know.”
“We are absolutely confident in [our online voting] process as well as in a fair and accurate leadership vote,” says Sarah Bain, Director of Communications for the Liberals. She says the party board evaluated four forms of voting — conventional post, Internet, phone and on-site — and chose to go with online and phone voting. On-site voting was allowed at the party’s final “leadership showcase” in Toronto, held one week before the leadership announcement.
Bob Rae, the party's outgoing leader, said, “The Liberal Party needed to re-connect with Canadians after a bad loss in 2011. Opening up the party to "supporters", and engaging with them through an improved website and social media strategy were key elements in doing that. The renewal is now well under way!”
Bringing the vote to the people
Prior to this leadership race, Liberals had eschewed the idea of online voting, preferring to stick to a traditional, delegated convention model, wherein selected delegates from across the country arrive and vote on the convention floor. In addition to limiting the number of people who are eligible to vote, delegated conventions can often involve high costs for the delegates, especially those who must pay for their own travel and accommodations.
Simons rejects the idea that Internet voting made the Liberal leadership race more accessible. “If they truly wanted to get everyone involved, they could have done it by mail ballot,” she argues. Simons maintains that in-person, paper-ballot voting is the safest way to go, but allows, “The Liberals almost certainly do not have the resources to set up polling places throughout the country, so the next best thing would have been a mail-in ballot.”
Bain counters, “I’m not saying Canada Post isn’t credible, but sometimes there can be delays [in delivering the mail].” On the other hand, party organizers did rely on snail mail to deliver the individualized PINs that members would need in order to vote online or by phone.
The months-long Liberal leadership race was hoped by many to revive moribund Liberal fortunes. Once regarded as Canada’s “natural governing party”, the Liberals have been in steady decline since the mid-2000s, and suffered a serious drubbing at the polls in the last federal election, when hapless leader Michael “Iggy” Ignatieff led the party to their worst-ever showing in the polls, losing his own seat in the process. The election saw the Liberals lose even their Official Opposition status to the formerly third- and fourth-ranked New Democratic Party (NDP).
The hoped-for revival may be within reach — the wildly popular Trudeau Jr. already has polls predicting he could lead the Liberals to victory in the next election, forming a majority government and reducing the NDP to a rump caucus. For the party, Trudeau may be just what the doctor ordered. But it remains to be seen if he will revive the legacy of his father, whose popularity in the 1960s was so widespread that the media dubbed it "Trudeaumania".
Three step process
In addition to online voting, the race featured other new voting methods designed to open up the party to new participants. It allowed people to sign up as “Supporters,” instead of as full party members.
“We had a three step process that would allow us to review the lists (of members and supporters),” says Bain, who insists the online voting system the party used (supplied by Dominion Voting Systems) was secure. “So, let’s say you took my email and signed me up as a supporter — the first email you get from the party is an email asking — are you this individual? And they must respond — "yes," or "no". Other security measures included asking people a series of questions, such as the name of their first pet, which could be used to identify them if they lost their PIN.
Easy to cheat
Caspian Kilkelly is a Montreal-based online security consultant with 15 years of experience in the field. “Are those good security measures? Absolutely not,” he says, when asked about the Liberal’s identity-verification process. “I mean, it’s simple enough to just fake an email address for that, and anyone who knows what they’re doing can fake a response as well. As for the security questions, they’re effective to identify an individual sometimes, but we’ve seen cases of people getting their email accounts stolen by people using those very same authenticators. If I were a motivated hacker, I’d be able to find my way around that in a very short period of time.”
Kilkelly's opposition to online voting is multifold. “Generally, computing systems let us game, cheat and manipulate with much more ease than traditional counting systems; especially in situations like vote counting,” he says. “Aside from basic Man-in-the-Middle-style network attacks, there's software error, the possibility of data manipulation after the fact, and obvious control issues. Would you trust me to set up a computer that you're going to use to vote on, knowing that I'm a representative or supporter of the party you oppose?”
Kilkelly also notes that Dominion Voting Systems bought out the controversial Diebold voting company, whose voting systems were accused of having many security flaws. “Dominion Voting actually owns Diebold, who were notorious for "counting errors" and sloppy security during the GWB-era elections,” says Kilkelly. “They've got a pretty spotty track record for system integrity — i.e,. assuring that the voting system actually counts things the way it's supposed to, and returns results correctly.”
No paper trail
Simons also says online voting leaves no paper trail, hence recounts are impossible. “I really hope that whomever comes in second in this election will demand a recount and expose this system for the sham that it is — because they won’t be able to do a recount,” she states. In response, Bain says, “The [voting] results are independently validated by our auditor. PWC [accounting firm PricewaterhouseCoopers] will be present during the vote count process. They will certify that the count was completed and tabulated correctly.”
While the Liberal leadership vote appears to have gone smoothly, other Canadian parties haven’t always been so lucky. NDP organizers were left scrambling after what the party claims was a denial-of-service attack caused massive voting delays during their own leadership convention last year.
The NDP acknowledged that it was a denial of service attack, making it the second time the the online vote for the party's leadership was undermined by a hostile online assault, with the first in 2003. “I've been told by people who attended the convention that the NDP was apparently so confident in the system that they hadn’t provided people who were actually in the convention room with alternative methods to vote.”
For those that argue online voting saves money, Simons retorts, “Show me the proof – I’ve seen price quotes from the people who run these things, and it’s not cheap. And, even if it was cheap, do we really want democracy on the cheap?”
Online voting suppliers are few and far between, with only a handful of companies controlling the North American market (last year the NDP used Scytl, a Spanish company, to run their online vote). And more often than not, these suppliers are tight-lipped about just how their systems function. “These private vendors who are running these things typically have private software that they won’t let outside reviewers test,” say Simons.
Trudeau’s landslide victory aside, Internet voting remains the subject of much debate across North America. In the U.S., groups like ACCURATE continue to study online voting, and the province of British Columbia has held hearings into the issue of online voting.
Perceived security risks aside, anything short of a massive Trudeau victory was an unlikely scenario heading into the convention. In this specific case, the outcome of the vote does not indicate systemic problems with the online system. Had one of the underdog candidates, such as Vancouver MP Joyce Murray, who came in second, with 3,130 points to Trudeau’s 24,668, or constitutional lawyer Deborah Coyne (who incidentally had a child at the age of 36 with then-71-year-old Pierre Trudeau), emerged victorious, questions would almost certainly have been raised about the security of the voting system. But Justin Trudeau’s popularity, both within the party — and let us not forget that conventions are internal party affairs which are not open to the general public — and with Canadians in general, leaves the validity of his win virtually unquestionable.
But Kilkelly remains skeptical about online voting in general. “You can't have a secure and confidential Internet ballot at the same time, because in order for it to be valid, the voting application would need to know where it came from,” he says. And if the voting application knows the identity of the person casting a ballot, the core precept of democracy — the right to vote anonymously — is violated.
"Despite claims to the contrary, there is no way to certify or validate that the results of paperless Internet-based elections are correct, and that’s a fundamental problem.”
Elisabeth Fraser is a Canadian journalist.
Personal Democracy Media is grateful to the Omidyar Network for its generous support of techPresident's WeGov section.