Assessing election cyber threats
OTTAWA • As the potential for cyberattacks to undermine the democratic process becomes alarmingly clear, Canadians can take some comfort in the fact that national elections in this country are still conducted the old-fashioned way.
Canada is not immune to cyber-mischief aimed at suppressing the number of people who vote or manipulating how they vote. But once ballots are cast, not even the most sophisticated cyberattack could tamper with the results.
That’s because Canada still relies on paper ballots, hand-marked by voters and hand-counted by officials in some 25,000 polling stations, under the eye of scrutineers from each of the major parties.
“It’s highly decentralized and it’s paper-based so documents can be verified easily afterwards,” says Marc Mayrand, Canada’s chief electoral officer until his retirement just over a year ago.
“So, there may be an error in transmission from time to time or there may be somebody trying to hack the web system that publishes results for the general public. But it’s always verifiable, you can always go back to your paper trail.”
The same can’t be said of some other countries that have endured cyberattacks during elections, particularly the United States.
For that matter, it can’t be said of local elections in many municipalities, which Mayrand notes have been much more enthusiastic about embracing technology like electronic ballot scanners and tabulators and online voting — and which consequently leave municipal elections with a “higher degree of vulnerability” to hacking.
Democratic Institutions Minister Karina Gould says cybersecurity experts recommend sticking with the oldfashioned way of voting for federal elections “because the reliance on paper ballots results in a more secure system.”
But it’s somewhat cold comfort that ballot counting can’t be interfered with if cyber-shenanigans can influence for whom those ballots are cast — or even prevent some Canadians from casting them at all.
So far, the only real mischief in this country was the robocall vote suppression gambit used in the 2011 federal campaign, in which thousands of voters in almost 250 ridings reported receiving automated phone messages advising them, falsely, that their polling stations had been changed.
A low-level Conservative operative, who always proclaimed his innocence, was eventually found guilty of employing that scheme in one Ontario riding.
“I won’t hide it. The robocall incident was an eyeopener,” says Mayrand. “As we learned from the robocall incident, technology is extremely cheap and easy to use to try to manipulate the electoral process or voters in that case.”
The incident prompted Mayrand to set up an election integrity office within Elections Canada, aimed at identifying trends in cyberthreats here and around the globe, assessing risk and setting up systems to track and prevent nefarious activities.
Mayrand is concerned about individuals who might want to disrupt an election just for the sake of sowing distrust in the electoral system or political operatives who might try to manipulate the results to favour a certain party.
On that score, bots are already a feature of Canadian campaigns.
Research conducted by communications professors Fenwick McKelvey and Elizabeth Dubois and published last November in Policy Options found that bots were used during the 2015 federal campaign to amplify alternative news sites, as well as in Quebec in 2012 to amplify support for the fledgling Coalition Avenir Quebec.
Amplifier bots “can inflate social media rankings, duping reporters, the public and even parties and politicians into thinking a post has more support than it actually does,” the duo wrote.