Category Archives: Technology Privacy Surveillance

Op-ed on Halifax Election Published in The Coast

(I just published the following article in The Coast in Halifax. Can’t say I’m feeling inspired by the comments below it — and I’m trying to defend these guys’ rights to fair elections becaaaaussse…?? Oh, I’m sure there’s a good reason, it just slips my mind right now what it is. rw)

Was Halifax’ e-vote Hacked?

Evidence shows last fall’s online voting in Halifax was not secure. But is anyone going to do anything about it?

It’s been several weeks since I revealed evidence that the online voting in last fall’s municipal elections in Halifax was not secure. Now I’m starting to wonder, does anyone care? How many people care about defending our most basic pillar of democracy—our elections?

Read the rest at Halifax’ The Coast.

Elections Ontario Releases Damning Report on Internet Voting

Elections Ontario’s “Alternative Voting Technologies Report” released today tries to put an optimistic face on things — e.g. expressing hope that a unique, enforced, province-wide government-issued ID card could help solve some of the problems — but generally they admit that online voting is too risky. A few quotes from their rundown of other jurisdictions:

“In an April 2013 report on compliance with the voting process, Elections Canada indicated that “current Internet voting systems carry with them serious, valid concerns about system security, user authentication, adequate procedural transparency, and preserving the secrecy of the vote.””

“In 2010, Washington D.C.’s internet voting pilot project was compromised by a group of four University of Michigan professors and students who, within 48 hours of the system going live, gained near complete control of the election server. The students and professors were able to successfully change every vote and reveal almost every secret ballot. Election officials did not detect the breach for nearly two business days.”

“In 2000, the U.S. Military implemented a pilot project to evaluate an internet voting implementation. A total of 84 votes were cast, and the cost was approximately $62 million dollars. It was considered to have failed to address numerous key security issues. The program was intended to continue in 2004, but a report analyzing the security of the system indicated that there remained a significant number of vulnerabilities. As a result, the project was cancelled with unresolved security issues cited as the primary cause.”

“Under the Help America Vote Act, the U.S. Department of Defense had been researching and analyzing plans for potential internet voting possibilities. In 2012, plans for internet voting by overseas military personnel were cancelled after a security team audited their $22 million system and found it to be vulnerable to cyber?attacks.”

The report also reviews the 2012 online voting in the elections in Halifax Regional Municipality, and it is evident that even Elections Ontario was not informed by the Canadian Cyber Incident Response Centre or HRM that there had been significant security concerns flagged during the election period. It’s this frequent lack of honesty surrounding online voting which is most concerning — they become elections whose fairness is based entirely too much on blind trust.

Halifax Election Security — the Story and Documents

I went on CBC radio in Halifax to discuss concerns about the security of their online election, and then was stunned to hear how an elections official went on the next day to patently dismiss all concerns. Consequently, security researcher Kevin McArthur has gone public with some of the background story, and some of the evidence, surrounding my recent video about the security vulnerabilities in the Halifax election.

I’m also posting the documents I obtained from the Canadian Cyber Incident Response Centre featured in the video: Public Safety disclosure halifax election A-2013-00029

Note that Kevin has posted some of the unredacted documents he submitted to CCIRC — very interesting, and the basics are understandable even to non-technical people.

I think the most interesting and important aspect of all this, though, is how it highlights the way the security of internet voting is so complex that the average person can only choose whether to believe any particular expert or authority or not. Why would we want to turn our elections into processes that are so complicated that we’re then requiring people just to accept on faith that they are fair and valid? It’s fundamentally undemocratic. Paper ballots, properly tracked and audited, work great and are easy to understand.

RCMP agrees to stop tracking innocent drivers

Victoria Police Department (VicPD) media rep Cst. Mike Russell dismissed critics of the automatic licence plate recognition (ALPR) program on CFAX in January. Russell said, “There’s conspiracy theorists out there saying we’re creating a massive surveillance database on people…”

“You mean you’re not?” said fill-in host Rosa Harris-Adler, as both she and Russell chuckled.

“Funny enough we’re not doing that,” said Russell. He described it as merely a “technicality” that VicPD had been recording and passing data about all drivers to the RCMP “for deletion.”

We’re not sure who those wacky conspiracy theorists are, but we understand how they became, er, “confused.” There are already millions of records in the police’s ALPR database. And while Russell may have meant to simply suggest that the database doesn’t include records of the movements of most innocent drivers, well, the BC government and RCMP admitted the ALPR program was indeed collecting such records from 2006-2009 until the federal privacy commissioner complained to parliament. And since then, both RCMP reps and Russell’s boss, VicPD Chief Jamie Graham, have gone on the record numerous times saying their hope was to start building exactly such a mass surveillance database of the movements of all vehicles again, as soon as they’d gathered publicly-persuasive arguments for the policing value of keeping such records.

Nevertheless, Russell’s misleading mocking may be moot. VicPD, with the help of the RCMP who administer BC’s ALPR program, has finally agreed to implement our provincial Privacy Commissioner’s recommendations and stop performing that illegal “technicality.” However, as Focus noted in a January 2013 report, there’s been a concerning silence amongst BC’s federal RCMP detachments and RCMP-managed Integrated Road Safety Units as to whether they would voluntarily comply with provincial privacy law. In a recent email to Focus, RCMP Spt. Denis Boucher cleared up the matter. We asked if the RCMP intended to stop all ALPR cruisers around BC from collecting data on most innocent drivers. Boucher replied, “The intent is to implement the solution across the board.”

If we can trust our police, this battle to protect BC from moving a step closer to becoming a surveillance state has been won. Take a conspiracy theorist to dinner?