The recent New Democratic Party convention in Toronto may have done more than just select Thomas Mulcair as the party’s new leader. It may have also buried the prospect of online voting in Canada for the foreseeable future. While Internet-based voting supporters have consistently maintained that the technology is safe and secure, the NDP’s experience — in which a denial of service attack resulted in long delays and inaccessible websites — demonstrates that turning to Internet voting in an election involving millions of voters would be irresponsible and risky. As voter turnout has steadily declined in recent years, Elections Canada has focused on increasing participation by studying Internet-based voting alternatives. The appeal of online voting is obvious. Canadians bank online, take education courses online, watch movies online, share their life experiences through social networks online, and access government information and services online. Given the integral role the Internet plays in our daily lives, why not vote online as well? The NDP experience provides a compelling answer.
Democracy depends upon a fair, accurate, and transparent electoral process with independent verification of the results. Conventional voting may typically require heading down to the polling station, but doing so accomplishes many of these goals. Private polling stations enable citizens to cast their votes anonymously, election day scrutineers provide oversight, and paper-based ballots can be recounted if needed. There are ways to build anonymity and oversight into an online election process, but as the NDP experienced, there is no way to guarantee it will be disruption-free. In the NDP’s case, 10,000 computers were used in a distributed denial-of-service attack designed to overwhelm the online voting system and effectively render it unusable for authorized voters.
The only real surprise about the attack is that it took anyone by surprise. Not only is a denial-of-service attack typically cited as the most likely security disruption, the NDP experienced much the same thing at its last leadership convention in 2003. Reports from that convention — which only involved a single ballot to elect Jack Layton as the new party leader — indicate that there was a denial-of-service attack that similarly delayed the voting process. Online voting threats are not limited to denial-of-service attacks. Security experts point to the danger of counterfeit websites, phishing attacks, hacks into the election system, or the insertion of computer viruses that tamper with election results as real world threats to an Internet-based voting system.