Severe flaws in logistics and technology threatened the integrity of the online vote in Ontario’s 2022 municipal elections, a major new study suggests — and points to vulnerabilities across voting systems supplied by different vendors that left 70 per cent of races at “high or extreme risk” of compromise.
The research was conducted by a group of academics from Brock, Carleton and Western universities, all of which specialize in computer engineering, cryptography and political science.
Their study found two core security failures: the first, a logistical flaw that turned discarding a voter’s unique login PIN into an invitation for fraud. The other was a technical vulnerability found across multiple vendor systems that risked secretly hijacking up to a million online ballots on election night.
The findings highlight the tradeoff of digital voting, showing how the drive for convenience and accessibility can undermine an election’s integrity if cybersecurity is left to local budgets and design choices, Brunet. In Ontario, that risk is heightened by the lack of a provincial standard, with 219 municipal clerks left to procure their own systems, creating a patchwork where human errors can open the door to systemic fraud.
‘Burn after voting’
The researchers stumbled onto the problem after a senior official from a rural Ontario municipality described a potential security risk at a high-volume rural post office, noting that voter information letters containing their security PINs were being discarded in recycling bins unopened, as if they were junk mail.
“When people toss stuff in the blue bin, they just throw it in there and it’s there for anybody to see,” said James Brunet, a computer science instructor at Carleton University and one of the researchers who worked on the study.
Some municipalities ask for more authentication, such as a birthdate, to cast a ballot, but in others, the PIN alone is sufficient to vote. So when those PINs are tossed like junk mail at the post office or in the apartment mail room, someone else could pick them up and vote fraudulently, Brunet said.
“Burn after reading I suppose. I mean actually, burn after voting. I would suggest that people vote and then they don’t have to worry about someone voting on their behalf.”
Researchers also uncovered a significant vulnerability in one-third of the online voting systems themselves — the absence of certain digital safeguards could allow an attacker to trick a voter into casting their ballot for someone else by creating an onscreen illusion.
By adding a fake layer to the interface, a hacker could obscure the true choices, hijack the voter’s click and secretly alter the ballot.
Secret vote-swapping flaw
This flaw was identified in the systems of two of the six major vendors in Ontario. In the case of Barcelona-based Scytl, researchers were able to alert the company to the secret vote-swapping vulnerability mid-election, allowing it to patch the system. However, with Toronto-based Neuvote, the flaw was discovered too late and remained unpatched when the polls closed.
In an email to CBC News, company CEO Matthew Heuman said Neuvote has addressed the specific vulnerability, added new security measures and would be working with the researchers going forward.
The Northwest Territories, Yukon, Ontario and Nova Scotia are the only Canadian jurisdictions that allow online voting in some elections.
In Ontario, only 219 of the province’s 444 municipalities offer online voting. In those communities, municipal clerks manage the process, using one of six different online voting vendors — something that results in a fragmented system.
Access versus security
The Association of Municipalities of Ontario declined to comment on the matter. In an email, Elections Ontario said it had “no legal authority over the administration of local elections by municipal clerks, including methods of voting.”
Emails from CBC News sent to the office of Minister of Municipal Affairs and Housing Rob Flack went unanswered.
Those who support online voting argue Ontario is missing a chance to transform democratic participation. More convenient online options promise to unlock a larger cadre of voters, including seniors with mobility issues, busy parents or people who do shift work.
Those were among the reasons the City of Hamilton piloted online voting this summer during a recent school board byelection, a race that went smoothly with no reported security issues.
Online voting ‘a game changer,’ politician says
“If it’s done right, it’s a game-changer,” Cameron Kroetsch, a Hamilton city councillor and advocate of online voting in municipal elections told CBC News.
Despite the success, adopting online voting citywide was ultimately voted down by Hamilton city council in July, despite a recommendation from staff.
Kroetsch argued that local council members rejected the measure due to a fear of new technology. But he noted the province enables that by not setting regulatory standards for municipal elections.
“I mean, it’s not difficult to do, to go out there, rely on the research, set rules,” he said. “But the province is just sort of sitting on this being like, ‘Yeah, yeah. If you want to do it, do it. We don’t really care.'”
In this case, the real threat isn’t a massive conspiracy, it’s a government failure to act, Brunet, computer science lecturer argues. By not creating a simple standard, he said, it’s the province that is leaving democracy vulnerable to security flaws.
“The last thing that we want is people to be able to question the results of elections,” Brunet said. “That’s something that I’m particularly concerned about because we’ve seen that happen in the United States where there’s these claims being made about technology used in elections, where people are essentially trying to deny the results of an election.”
