Thank you for the opportunity to speak with you today about a critical issue: the fundamental insecurity of all currently available Internet voting systems. If this were a medical hearing to determine whether to approve a new drug for human consumption, safety would be paramount. A drug that is likely to result in serious injury to patients would be rejected, no matter how many people wanted to use it. Internet voting is like a drug we are considering for the country.
If there is even a small chance that Internet voting might result in our elections being hacked, it doesn't matter how many people want it. If Internet voting puts our elections at risk—and it does—we must reject it until such time as it can be proven secure.
I have brought copies of the “Computer Technologists' Statement on Internet Voting”, which unfortunately hasn't been translated, so I guess I can't distribute them, but they will be made available later and I could address the recommendations made in that statement during the question period. It was signed by prominent computer science researchers from major universities throughout the United States. I think it's a fair statement to say that computer security experts are basically in total agreement that we should not have Internet voting at this time, anywhere.
The title of my talk is, “Internet Voting: Making Elections Hackable”. As you know, there are five principles for this hearing, one of which is integrity. Australia did an assessment of Internet voting and there's a quote from the Honourable Tony Smith, who was chair of the joint standing committee on electoral matters in Australia, which says, “it is clear to me...that Australia is not in a position to introduce any large-scale system of electronic voting in the near future without catastrophically compromising our electoral integrity.”
Those of you who have copies of my slides see that the next slide has a list of a large number of sites that have been hacked, starting with Yahoo, where half a billion users' accounts were hacked into, and that includes a lot of Canadians. It also includes, in Canada, the Department of Finance, the Treasury Board Secretariat, Defence Research and Development Canada, the National Research Council, The Ottawa Hospital, and the University of Calgary. In the United States it includes the Democratic National Committee, as I'm sure you've heard, the Office of Personnel Management, the Pentagon emails, the FBI, the White House, the U.S. State Department, Google, AOL, Symantec, and so on and so forth.
A question that I hope this committee will ask itself is, what will happen if we take up Internet voting in this country, and months after a government is seated it is discovered that the election has been hacked? This is not an unrealistic scenario. The Yahoo breach started in 2014 and it was just uncovered. The Democratic National Committee breach occurred months before it was discovered. It typically takes months to discover a breach after it has occurred. You can replace money that's stolen from online bank accounts—and by the way, millions and millions of dollars are stolen annually from online bank accounts—but you cannot replace votes.
Toronto did a security analysis of three systems that were submitted there for consideration. The conclusion of the security analysis was that no proposal provides adequate protection against the risks inherent in Internet voting. Their recommendation was that the city not proceed with Internet voting in upcoming municipal elections.
Quebec has had a moratorium on electronic voting since 2005.
British Columbia had a panel that investigated Internet voting. Their conclusion was, first of all, non-voters usually don't vote over the Internet. It's used primarily as a tool for voters who have already decided to vote, mostly middle-age voters. It's least popular among young people, and that reflects traditional voter turnout. Their recommendation is to not implement Internet voting for either local or provincial government elections at this time.
Estonia is often brought up as an example of a country that has successfully conducted Internet voting. Most people don't know that in 2014, an independent group of international experts performed a security evaluation of the Estonian system. They found that it's vulnerable to state-level attackers who could compromise the secret ballot, disrupt elections, or cast doubt on the fairness of the results, and it is vulnerable to a range of attacks, including vote-stealing malware on the voter's machine, and they recommended that Internet voting be halted. Unfortunately, in Estonia, it has not been.
Basically, Washington, D.C., was considering Internet voting for real elections in the 2010 mid-term. They opened it up two weeks beforehand to allow anyone from anywhere to try to hack into the system. This is the only time this has been done. Two weeks before, it was taken over within 36 hours by a team from the University of Michigan. They could change already cast and future ballots, and they could reveal the voters' secret ballots. They installed the University of Michigan fight song as their calling card, so it would start playing 15 seconds after voting in this sample election, which was quite interesting for those of us who didn't know they had broken in. They also discovered probes coming from China and Iran, and they protected the system from these probes.
I don't think that China and Iran were actually trying to break into a pilot system. It wasn't a real election; it was a toy election. But these probes are always on the Internet, and they are always trying to break in. As I said, no other vendor has allowed such a test because, I believe, they know that their systems would be vulnerable. In fact, the only kind of real-life test you can do is to let anyone from anywhere try to break in, because that's what reality is.