Cyber Threats To Canada's Democratic Process
How The Democratic Process Is Targeted
This section details three key aspects of Canada’s democratic process and how each is vulnerable to cyber threats.
- Key threat: Prevent citizens from registering
- Key threat: Prevent voters from voting
- Key threat: Tamper with the election results
- Key threat: Steal voter database
Federal, provincial/territorial, and municipal election agencies carry out elections across Canada. While the activities of these agencies will vary, every election involves these essential phases:
- Registering voters: Determining who is eligible to vote;
- Voting: Receiving, counting, and recording the votes; and
- Disseminating results: Informing the public of the election results.
Decades ago, elections were entirely paper-based. Today, as Figure 4 shows, there is a variety of both paper-based and electronic systems used to carry out elections in Canada. While we cannot consider the specifics of every electoral jurisdiction in Canada, what follows below is a general description of the three election phases and the ways in which they may be vulnerable to cyber threats.
Figure 4: Target: Elections
|Government Level||Voter Registry||Vote||Vote Count||Dissemination
|Provincial/Territorial||Footnote 1||Footnote 2|
|Municipal||Footnote 3||Footnote 4||Footnote 5|
For every election, there is a process that determines the eligibility of voters. Only those voters meeting particular criteria (e.g. minimum age and/or residency requirements) are allowed to vote. In Canada, all levels of government maintain and update voter registration lists.Endnote 6
If voter registration occurs online, adversaries could use cyber capabilities to pollute the database with fake voter records. They could also render the website inaccessible or have it display misleading information. Moreover, they could attempt to erase or encrypt the data and thereby make it unavailable.
All of this activity has the potential to embarrass the electoral agency and sow doubt in the minds of voters. It could also slow down voting, leading to voter frustration and/or suppression, which could impact election results. It is also possible that the voter database – potentially containing millions of personal identity records – could be stolen, resulting in a massive breach of privacy.
ARIZONA & ILLINOIS VOTER REGISTRY (2016)
In June 2016, the US state of Arizona shut down its voter registration system for nearly a week after adversaries attempted to gain access to the system. The next month, in Illinois, the state election agency took down its website for two weeks after discovering tens of thousands of voter records (e.g. names, addresses, and driver’s licence numbers) were suspected to have been viewed by the adversaries.Endnote 8
Voting is the process by which an eligible voter casts a ballot for a candidate. Most voting occurs on Election Day but also on advance poll dates and via absentee ballots. In Canada, voters cast their votes via three main methods: paper ballot, electronic voting machine, or the Internet.Endnote 7 After the polls close, the votes are counted and the results are tabulated. Paper ballots can be counted by hand or by using a digital vote tabulation machine. Internet votes are also tabulated digitally.
Neither digital vote tabulation nor electronic voting machines are typically connected to the Internet, but sophisticated adversaries could tamper with these machines prior to their use. For example, an adversary could cause them to improperly count ballots, or wipe all data at the end of the night. Internet voting presents many more opportunities to adversaries, who can use cyber capabilities, for example, to “stuff the ballot box” or to render the voting website inaccessible.
Covertly Changing The Vote Count?
While there is a risk that cyber capabilities could be used to covertly change the vote count and lead to a different election winner, we assess that this would be very challenging for an adversary to accomplish if elections were conducted in a manner that includes cybersecurity best practices and paper processes that occur in parallel.Endnote 9 In general, it is likelier that adversaries would use cyber capabilities to disrupt the voting process in order to sow doubt among voters about the fairness of the election.
In most elections, there is more than one polling place. After the polls close, and counting at the polling stations is finished, the count totals from each polling station must be transmitted to a centralized location. In many elections, the election authority provides frequent updates of the tallies to the public via a website. The same results may be sent directly to the media. Transmitting this vote count can be done by hand, by phone, and/or by Internet. If done using the Internet, adversaries could use cyber capabilities to disrupt or change the vote results while they are in transmission.
If this tampering were discovered, and if there were robust safeguards in place (e.g. paper ballots that can be recounted), the correct results could eventually emerge. However, the delay and confusion would likely reduce the public’s trust in the process and perhaps impact the winner’s ability to govern. In the worst case, it could even lead to challenging the results of the election, sparking a democratic challenge.
The Netherlands (2017)
Responding to perceived software vulnerabilities in its vote tabulation machines and warnings that the election may be targeted by Russia, the Netherlands amended voting procedures in their most recent election. To avoid the possibility of adversaries interfering with the election, all votes were hand-counted.Endnote 11
If this tampering were not discovered, then the vote count would be covertly changed to select one candidate (or party) over another. Covertly changing election results using cyber capabilities is difficult, but not impossible, for an elite handful of adversaries. An adversary’s decision to try – as well as the odds of success – would depend on the safeguards and risk mitigation activities incorporated into the election system.
In December 2016, adversaries gained access to the website of Ghana’s Central Election Commission during the general election as the votes were being counted. An unknown adversary tweeted fake results that the incumbent candidate had lost. The electoral commission then sent out its own tweets claiming these results to be false. While the outcome of the election was not altered, this incident served to sow confusion in the minds of many voters.Endnote 10