Cyber Risks in Ontario Online Elections
Abstract
Online voting is increasingly prevalent in Ontario's municipalities, despite a lack of regulated technological and procedural safeguards. Individual municipalities, lacking deep knowledge of online voting technologies, are responsible for procuring technology from private vendors which make security and privacy claims that are difficult to verify. These reasons, among others, have contributed to an anomalous environment where election technology, security, and procedures diverge greatly from other robust democracies that use electronic voting. This thesis demonstrates this divergence by first presenting a novel security vulnerability in a popular online voting system used in Ontario, as well as the difficulty communicating this risk to other vendors active in the province. Then, through a broad standards-based review of online voting systems in Ontario, this thesis demonstrates that online voting systems, legislation, and municipal procedures fail to meet most of the Council of Europe's directives for online voting.