Sign up for our free weekday bulletin.

Could next year’s municipal election be vulnerable to vote tampering?

Published on

Troy Shantz

With Sarnia committed to a paperless ballot in the next municipal election residents have been asking whether the new electronic voting system could ever be compromised.

The short answer is yes, experts say. But it’s highly unlikely.

A local IT expert experienced in information security said breaking into the system Sarnia has commissioned would take a lot of time and planning.

And it’s unlikely anyone locally would have the combination of motivation and skill to pull it off, said the expert, who requested anonymity.

“But there is no 100% safe security. If it’s manmade it can be broken,” he said. “Security is a series of speed bumps. At the end of the day they may deter somebody from using that road, but someone that’s determined will always get past the speed bumps.”

Sarnia has hired Nova Scotia-based Intelivote Systems Inc. to oversee its first Internet and telephone voting election next fall. The company is preparing to handle 93 Ontario elections in 2018.

But even Intelivote’s president and founder admits no system is completely impenetrable.

“I can’t guarantee that (malicious hackers) can never get into the system, but to be able to modify information in our system requires more than just getting in,” Dean Smith told The Journal.

“The noise coming out of the States tends to be the determining factor for a lot of people,” he said. “…which really has nothing to do with electronic voting the way we do it here in Canada.”

Indeed, some U.S. states are restoring paper ballots as a backup due to mounting evidence of Russian interfered in the 2016 presidential election.

Smith said Intelivote recorded 39 attempts to enter its system during municipal elections in the U.K. in 2007 and none were successful.

The local expert said malicious ‘black hat’ cyberhackers can be found for hire on the dark web, an area of the World Wide Web that requires specific software and authorization to access.

Tampering with an eVote system in Sarnia would likely cost $10,000 to $100,000, depending on the time, planning and resources required, he said.

“If you have the money, they’ll do whatever you want them to do. There are some geniuses out there that, I’m sure if you paid them the right amount of money they … would make the system sing like a canary.”

But “black hat for hire” isn’t something you find on a Google search. It requires knowing the right people in the right places who are paid in Bitcoin, the web-based currency that’s anonymous and untraceable, he said.

In the run-up to the Oct. 22, 2018 election, Sarnia’s eligible voters will receive a letter containing a unique number key, as well as instructions on how to cast their ballots via phone or Internet.

Voters will be prompted to enter a secondary credential, such as a date of birth, to confirm their identity.

Some residents worry that without a paper ballot to back up the electronic system the results could be compromised and no one would ever know it.

And that is a concern, said Zack Taylor, an assistant professor of political science at Western University.

“I worry about electronic voting in that respect. There’s something reassuring about having a paper ballot,” he said.

Taylor said it’s hard to imagine anyone spending the time and resources on a cyberattack when there are much easier ways to sway a municipal election.

Most are decided by 30% to 40% of the population, so changing the outcome is better done by renting a bus and rounding up undecided and gullible voters, he said.

Sarnia’s deputy clerk, James Jenkins, said security features were a big reason Intelivote was chosen during the RFP process.

“What they talk about is a number of security concerns that are out there, and how they’ve addressed them,” he said.

On the night of Oct. 22, Sarnia’s vote results will be received by the city clerk, Intelivote and a third-party auditor.

Intelivote’s Dean Smith is confident in the results of his company’s technology.

“You can’t really be in this industry and do a half-assed job on security,” he said. “That really is job number one.”

More like this