Online threats are a new election reality for our municipal council
David Goyette looks at cyber-attacks and online election interference
The next municipal election in the City of Peterborough is Oct.22. Again this year, the city will permit people to vote via the Internet rather than by paper ballot – a choice made by 10,283 voters in the last election. That is a good decision that demonstrates progressive leadership on behalf of the city, particularly as there have been no reports of cyber-threats or fraud associated with previous Internet voting.
Nonetheless, there have been dramatic changes in both the practice and frequency of online election interference in recent years, and it would be foolish to ignore their possibility here.
We live in an online world. Unfortunately, there are many who view that world as offering an opportunity for cyber-manipulation in order to influence elections. Canada’s Communications Security Establishment (CSE) reports that 13 per cent of countries holding national elections last year had those elections targeted by online adversaries through actions designed to suppress voter turnout, tamper with election results, steal voter information, spread disinformation and propaganda, shape the opinions of voters or conduct espionage.
The CSE reports that “it is highly probable that cyber threat activity against democratic processes worldwide will increase in quantity and sophistication over the next year, and perhaps beyond that.”
This is a disturbing trend that has gained attention this year as a result of the alleged Russian meddling in the 2016 U.S. election and the recent Cambridge Analytica/Facebook controversy.
Could online threats impact our own municipal elections? While we want to hold to the comforting view that this is a problem that occurs somewhere else, the fact of online voting and the use of online tools by every city council candidate means that we should at least put the risk of cyber-threats on our radar.
Here, for example, are six forms of election-related cyber-attacks that have been used in other jurisdictions:
A candidate’s website or social media account can be defaced, disabled or changed to include misleading information.
The capabilities required to carry out such an attack are relatively easy to buy or rent and the timing of such fraud can be devastating to a campaign.
A distributed denial of service (DDoS) can temporarily disable a candidate’s website and deny access to its users by flooding it with high levels of traffic.
This capability can be obtained at a very low cost.
Adversaries can steal a candidate’s database of supporters and then encrypt it to prevent communication. The database might also be sold on the anonymous dark web.
When a candidate opens a malicious link or attachment in an email, their device can be infected with malware that permits its external control and the theft of personal information.
That information can be altered and released to the public to embarrass or discredit an adversary.
A redirect attack, which reroutes communications, can be used to monitor or alter digital information such as vote counts that are being transmitted from polling stations.
Ransomware has become increasingly common. It can freeze access to a candidate’s device in return for a payment. Such payments can be prohibitive for candidates and calamitous for campaigns.
Sadly, we can no longer afford naiveté in the operation or management of local election campaigns. Cyber-attacks are the modern version of the defacing or destroying of lawn signs and we are wise to be alert to them.
For its part, the City of Peterborough could show leadership by including a note on the prospects and penalties for cyber-attacks in the packages that are provided to all its registered election candidates.
‘Cyber-attacks are the modern version of the defacing or destroying of lawn signs’ DAVID GOYETTE