A recent comprehensive study conducted by a team of experts from Brock, Carleton, and Western universities has revealed critical vulnerabilities in the logistics and technology supporting the online voting process during Ontario’s 2022 municipal elections. The study, focusing on computer engineering, cryptography, and political science, identified widespread weaknesses in voting systems supplied by various vendors, putting 70% of races at significant risk of compromise.
The research highlighted two fundamental security flaws. Firstly, a logistic issue arose from discarding voters’ unique login Personal Identification Numbers (PINs), creating opportunities for fraudulent activities. Secondly, a technical vulnerability across multiple vendor systems posed a threat of clandestinely hijacking up to a million online ballots on election day.
The study emphasized the potential risks associated with digital voting, illustrating how the pursuit of convenience and accessibility could compromise election integrity when cybersecurity responsibilities are decentralized to local authorities. In Ontario, the absence of a provincial standard led to 219 municipal clerks independently procuring voting systems, resulting in a fragmented landscape prone to systemic fraud due to human errors.
The researchers stumbled upon these issues after discovering that discarded voter information letters with security PINs in rural post offices could be easily accessed, potentially enabling fraudulent voting. Addressing the challenges faced, James Brunet, a computer science instructor at Carleton University, emphasized the need for enhanced security measures, suggesting a “burn after voting” approach to minimize vulnerabilities.
Furthermore, the study unveiled a significant vulnerability in one-third of online voting systems, where the absence of digital safeguards could allow attackers to manipulate voters into casting fraudulent ballots by creating deceptive on-screen illusions.
Notably, the study identified this flaw in the systems of two major vendors in Ontario. While one company promptly addressed the issue mid-election, the other failed to patch the vulnerability in time, raising concerns about the overall security of the online voting process.
Despite the potential benefits of online voting in enhancing democratic participation, concerns over security vulnerabilities persist. The lack of regulatory standards at the provincial level has left municipalities vulnerable to risks, with experts and advocates calling for a standardized approach to ensure the integrity of elections and prevent potential fraud incidents.