The basics of what actually happens when Canadians go to vote hasn’t changed in many decades.
A human clerk finds the voter on a paper list, crosses her name off with a pen, then gives her a paper ballot to mark by hand. When the polls close, officials count the ballots one by one, tallying them on a sheet of paper, and phone the results in to a returning officer.
Voters’ great-great-grandparents would be confused by many aspects of modern life, but not this one. Very little has changed since secret ballots were introduced in 1874.
It’s a low-tech 19th-century system that isn’t likely to change anytime soon, in part for 21st-century reasons. The more complex, and electronic, a voting system is, the more vulnerable it is to attack, and the simpler and more paper-based it is, the more secure it is.
That’s what officials in the Netherlands decided in February of last year when they abandoned electronic voting in favour of what interior minister Ronald Plasterk called “good old pen and paper.”
(Dutch voters had to cope with an enormous ballot the size of a double sheet of newspaper, but, Plasterk told Reuters, “no shadow of doubt can be permitted” about the integrity of election results.)
Dutch officials were blunt about where they expected sabotage to come from: Russia.
Canada’s Communications Security Establishment was more circumspect in a report last year on the vulnerabilities of Canadian elections, saying only that “a small number of nation-states have undertaken the majority of the cyber activity against democratic processes worldwide, and we judge that, almost certainly, they are the most capable adversaries.”
Attackers disrupting an election “may … try to delegitimize the concept of democracy and other values such as human rights and liberty, which may run contrary to their own ideological views of the world,” CSE explained.
WATCH: So if Russia could infiltrate the U.S. presidential election, could it happen here in Canada? Does Ottawa have a plan to thwart a possible threat? David Akin reports.
NATO official Janis Sarts warned Tuesday that Russian interference in Canada’s 2019 election should be expected, since it would allow Russian President Vladimir Putin to project strength, and destabilize NATO generally.
The Russians themselves have been menacing, if vague. Last October, the Russian embassy in Ottawa called the Canadian Magnitsky Act, which targets foreign citizens deemed to be guilty of human rights abuses, a “deplorably confrontational act” which “will be met with resolve and reciprocal countermeasures.” Many, though not all, of those targeted by the bill are Russian.
At the time, Global News asked the embassy what Russia had in mind. Press secretary Kirill Kalinin would not agree to an interview or explain what kind of “reciprocal countermeasures” were being referred to.
However, CSE listed points of vulnerability which aren’t currently features of Canadian federal elections:
- Online voter registration could lead to voter rolls being erased, encrypted or “polluted” with fake voters
- Voting by machine creates vulnerabilities, perhaps by tampering with the machines beforehand. “Internet voting presents many more opportunities to adversaries, who can use cyber capabilities, for example, to “stuff the ballot box” or to render the voting website inaccessible”
- It might be possible to alter the reports of votes once they’re counted, but if paper ballots had been kept, “the correct results could eventually emerge”
- CSE thought that tampering with the actual vote count (as distinct from the report of the count) “would be very challenging for an adversary to accomplish if elections were conducted in a manner that includes cybersecurity best practices and paper processes that occur in parallel”
U.S. elections offer much more opportunity to an attacker, creating a sort of perfect storm of vulnerabilities. (The extent and nature of Russian attacks on U.S. voting systems in 2016 still isn’t well-understood.)
To start with, the complexity of the ballot forces some form of electronic counting. Depending on the year and the state, voters can cast ballots for different levels of government at the same time: federal, state, and local. In 2016, California voters also had to keep track of 17 different referendum questions, on everything from the use of condoms by porn actors to banning single-use plastic bags.
On top of that, individual states are free to make their own arrangements about election procedures and security, though election integrity is arguably a national security issue. (In some states, the results leave much to be desired.)
CSE argued that for Canada, vulnerability lay less in the mechanics of voting and more in the larger political ecosystem of the campaign: “at the federal level, political parties and politicians, and the media are more vulnerable than the elections themselves.”
- Political parties keep their own voter databases, which are “valuable, enticing adversaries to use cyberespionage to gain access.” Parties could find their voter databases encrypted.
- Candidates’ and political staffers’ mobile devices could be targeted
- Candidates could be blackmailed
- Hackers could leak material to discredit a candidate (In other countries, Russian hackers have stolen a large amount of genuine but private data, and altered it in such a way as to discredit the person they stole it from)
- Hackers could take over a candidate’s social media presence in such a way as to discredit them
- Bots and trolls could be used to manipulate discussion of the election on social media, and an adversary could create good-quality fakes of trusted media sources
Canadian nurses in France vote in the 1917 federal election. They would easily recognize a modern polling station. (LIBRARY AND ARCHIVES CANADA)