Thesis Format
Integrated Article
Degree
Master of Engineering Science
Program
Electrical and Computer Engineering
Supervisor
Essex, Aleksander
Abstract
Online voting is increasingly prevalent in Ontario's municipalities, despite a lack of regulated technological and procedural safeguards. Individual municipalities, lacking deep knowledge of online voting technologies, are responsible for procuring technology from private vendors which make security and privacy claims that are difficult to verify. These reasons, among others, have contributed to an anomalous environment where election technology, security, and procedures diverge greatly from other robust democracies that use electronic voting. This thesis demonstrates this divergence by first presenting a novel security vulnerability in a popular online voting system used in Ontario, as well as the difficulty communicating this risk to other vendors active in the province. Then, through a broad standards-based review of online voting systems in Ontario, this thesis demonstrates that online voting systems, legislation, and municipal procedures fail to meet most of the Council of Europe's directives for online voting.
Summary for Lay Audience
In Canada, in most elections, voters are required to vote on a piece of paper, which is then mailed or physically dropped in a ballot box. In federal elections, these paper ballots are counted by hand by election officials (with observers present to ensure the counting is fair).
Online voting, or electronic voting, is a relatively new practice of voting in elections by using a computer or mobile phone. Since 2003, online voting has become more popular specifically for elections at the municipal (city, town, county, etc.) level in Ontario. Online voting elections are very different from paper elections. One key difference is that votes can be counted by computer systems in a way that can be difficult to verify by independent observers.
There are potential risks at many stages of the online voting process: Computer systems that count votes could be tampered with, voters could be intimidated into voting a particular way, voters could be impersonated, the secrecy of the vote of voters could be compromised, etc. Despite these potential risks, not much research has been done into how these elections are conducted in Ontario, as well as how well municipalities in Ontario are doing in addressing these risks.
This thesis explores cyber risks to online voting in Ontario and finds that many risks have not been meaningfully addressed by municipalities and/or the companies that sell municipalities online voting systems. It contains two studies, the first of which is about the discovery of a major security vulnerability in an online voting solution used by dozens of municipalities. The first study also highlights the difficulty of reporting these vulnerabilities to companies that sell these online voting systems to municipalities. The second study compares practices in Ontario to Europe, by using international standards for online voting used in Europe as a benchmark. This study finds Ontario broadly fails to meet these European standards for accountable, reliable, secure, and transparent conduct for online elections.
These studies together make a strong argument that much work needs to be done to improve online elections in Ontario.
Recommended Citation
Brunet, James D., "Cyber Risks in Ontario Online Elections" (2024). Electronic Thesis and Dissertation Repository. 10185.
https://ir.lib.uwo.ca/etd/10185
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.