Procedure and House Affairs Committee on June 11th, 2020

Evidence of meeting #22 for Procedure and House Affairs in the 43rd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was vote.

A recording is available from Parliament.

On the agenda

Parliamentary Duties and the COVID-19 Pandemic
Committee Business

MPs speaking

Ruby Sahota
Blake Richards
Ryan Turnbull
Christine Normandin
Rachel Blaney
John Brassard
Kirsty Duncan
Todd Doherty
Scott Reid
Mark Gerretsen
Garnett Genuis
Ginette Petitpas Taylor
Omar Alghabra

Also speaking

Aleksander Essex  Associate Professor, University of Western Ontario, As an Individual
Nicole Goodman  Assistant Professor, Brock University, As an Individual
Pierre Roberge  President, Arc4dia
Michael Morden  Research Director, Samara Centre for Democracy
Ali Ghorbani  Professor and Director, Canadian Institute for Cybersecurity, University of New Brunswick, As an Individual
Guy-Vincent Jourdan  Professor of Computer Science, Faculty of Engineering, University of Ottawa, As an Individual
Chris Vickery  Director of Cyber Risk Research, UpGuard, As an Individual
Clerk of the Committee  Mr. Justin Vaive
Andre Barnes  Committee Researcher

1:05 p.m.

Liberal

Ryan Turnbull Liberal Whitby, ON

Would you be willing to table an outline with this committee of those specific points you made? I didn't quite get them all down. It seemed to resonate with the things we heard from our cybersecurity folks at the House of Commons. I value your points. Would you be willing to submit them?

1:05 p.m.

Professor of Computer Science, Faculty of Engineering, University of Ottawa, As an Individual

Dr. Guy-Vincent Jourdan

Yes.

1:05 p.m.

Liberal

Ryan Turnbull Liberal Whitby, ON

Thank you very much.

I want to talk about procedural safeguards. I know there are technological and procedural safeguards. We've heard about ensuring that members would verify their vote potentially in multiple ways, and that we have a plan. It certainly seems important to many cybersecurity experts to have a plan for what goes wrong, or when something goes wrong we know what to do.

Mr. Vickery, do you have any thoughts on that?

1:05 p.m.

Director of Cyber Risk Research, UpGuard, As an Individual

Chris Vickery

Yes. A way to mitigate the risk of a catastrophic event and single points of failure is to intertwine competing platforms within it. This means if you are sending a vote over the Internet, have it go to not only one cloud routing centre before it gets to the official site, but also send a mirrored, exact duplicate to the competing next company that is fighting with the first company for revenue. Have them receive it and perhaps hold it or even transmit it or let it be viewable to the receiving side, and if they don't match, you have problems. They should match.

Neither one of these companies wants to be known as the company that was compromised and votes were changed. They have a defined interest and a competitive interest in being correct, accurate and as ethical and well-regarded as possible, because otherwise the competitor is going to eat their lunch.

1:10 p.m.

Liberal

Ryan Turnbull Liberal Whitby, ON

Mr. Ghorbani, do you have any thoughts on procedural or technological safeguards specific to online voting?

1:10 p.m.

Professor and Director, Canadian Institute for Cybersecurity, University of New Brunswick, As an Individual

Ali Ghorbani

I would like to second what was said.

In order to make sure that we do have a secure, verifiable and available system, we need to work on diversity, basically. We could end up having two systems marrying each other so if one were closed down, the other one could actually hold on.

Diversity would be a core in terms of making sure that you have everything available at any time for voting to go on.

1:10 p.m.

Liberal

Ryan Turnbull Liberal Whitby, ON

We've also heard the importance of simplicity in the design of the device for interface, programs, software, etc., that's being used for this in the future.

Mr. Jourdan, I wonder if you could comment on usability considering the amount of human error that can occur.

1:10 p.m.

Professor of Computer Science, Faculty of Engineering, University of Ottawa, As an Individual

Dr. Guy-Vincent Jourdan

Yes, obviously, the—

1:10 p.m.

Liberal

The Chair Liberal Ruby Sahota

Unfortunately, Mr. Jourdan, that's all the time we have unless you have a quick yes-or-no type of response. I don't think for this question you might be able to.

1:10 p.m.

Professor of Computer Science, Faculty of Engineering, University of Ottawa, As an Individual

Dr. Guy-Vincent Jourdan

No.

1:10 p.m.

Liberal

Ryan Turnbull Liberal Whitby, ON

Thank you.

1:10 p.m.

Liberal

The Chair Liberal Ruby Sahota

Next up we have Madam Normandin.

1:10 p.m.

Bloc

Christine Normandin Bloc Saint-Jean, QC

I thank all the witnesses for their presentations, which I have found very enlightening.

I would like to put my first question to you, Professor Jourdan. You talked about existing voting systems used by private companies, including for shareholder votes. We have discussed the possibility, even the necessity, of having a portion of our vote be visual, or at least vocal. To your knowledge, does a system with a visual portion of the vote already exist on the market for other companies?

1:10 p.m.

Professor of Computer Science, Faculty of Engineering, University of Ottawa, As an Individual

Dr. Guy-Vincent Jourdan

Yes. To my knowledge, some companies just use Zoom, where everyone takes their turn speaking and raises their hand. I think it all depends on the number of voters.

1:10 p.m.

Bloc

Christine Normandin Bloc Saint-Jean, QC

To your knowledge, are there any systems where a visual response can be recorded and passed on without necessarily going through Zoom, where people vote in succession?

1:10 p.m.

Professor of Computer Science, Faculty of Engineering, University of Ottawa, As an Individual

Dr. Guy-Vincent Jourdan

I don't know whether such a system exists, but it can clearly be prepared and implemented.

1:10 p.m.

Bloc

Christine Normandin Bloc Saint-Jean, QC

Great, thank you very much.

Moreover, complementary to the list request my colleague Mr. Turnbull sent to you, I note that there is already a list of criteria at the U.S. National Security Agency that helps determine whether one system is more suitable than another. If that list is different from the one Mr. Turnbull asked you for, I would like you to please send it to the committee if possible.

1:10 p.m.

Professor of Computer Science, Faculty of Engineering, University of Ottawa, As an Individual

Dr. Guy-Vincent Jourdan

Okay. I will send you the document, which is in English.

1:10 p.m.

Bloc

Christine Normandin Bloc Saint-Jean, QC

That's fantastic. Thank you very much.

You brought up the importance of having a registry of the issues arising during the use of a system and of having an emergency plan. You also talked about the resources currently available at the House of Commons. To your knowledge, are those resources sufficient to implement this kind of a plan and to keep such a registry?

1:10 p.m.

Professor of Computer Science, Faculty of Engineering, University of Ottawa, As an Individual

Dr. Guy-Vincent Jourdan

It is difficult for me to answer. I know that you have a very good base.

As far as I understand, the infrastructure is in place. I think the ability to keep registries also already exists, as there is really nothing exceptional to that.

Do you need to hire more people? I cannot speak to that, but I would not be surprised if you did. However, I don't think that you need to make massive hirings, as you already have a solid team.

1:10 p.m.

Bloc

Christine Normandin Bloc Saint-Jean, QC

Thank you.

I now go to you, Mr. Vickery.

We discussed the visual portion of a vote, a notion that seems to greatly interest members. I would like to know whether the unidirectional communication system you have presented to us would also enable us to send a recording of a visual vote and whether it would protect us from a risk of deep fakes?

1:15 p.m.

Director of Cyber Risk Research, UpGuard, As an Individual

Chris Vickery

The answer is, yes, it could be used to send.... However, I would advise against relying on a visual or video-type of vote. You are going to have problems as technology advances with abilities to forge and manipulate those types of things. It is a losing battle and it is not future-proof.

1:15 p.m.

Bloc

Christine Normandin Bloc Saint-Jean, QC

However, can it be combined? Can we have several vote validation methods, including a visual vote?

1:15 p.m.

Director of Cyber Risk Research, UpGuard, As an Individual

Chris Vickery

Yes, that is actually a very good idea, and it could be used as a layer on top. That would also deter bad actors, because if something shows up anomalously, you're going to know where to start investigating.

1:15 p.m.

Bloc

Christine Normandin Bloc Saint-Jean, QC

I have another question for you, Professor Ghorbani.

You talked about the human factor being the main concern. Can you specify in what way the human factor can be especially critical for an electronic vote?