Canadian New Democratic Party's e-voting system attacked
Last weekend, the Canadian New Democratic Party (NDP) elected a new leader. The multi-tier election was processed via e-voting software from Spanish company Scytl, and several tens of thousands of party members used the online voting service from their homes. However, the e-voting servers were attacked which repeatedly delayed the election process and likely prevented some voters from participating. The incident has sparked a new discussion on the subject of e-voting.
Scytl has since confirmed that there was a distributed denial-of-service (DDoS) attack against the NDP servers. Innumerable simultaneous server requests caused a connection overload that prevented legitimate voters from gaining stable access to the system for hours. The voting deadline was extended several times, and some rounds of voting had to be abandoned and later restarted. Scytl says that the election servers themselves weren't compromised.
In Canada, e-voting systems are also used for local elections in some communities in Ontario as well as in Halifax, Nova Scotia. A quarter of voters used the online service in Halifax in 2008. Further elections with optional e-voting are due to be held there in October and will also involve products from Scytl. Unlike the NDP, however, Halifax will not use its own servers but buy a whole package, including server services, from Scytl.
In view of the NDP's bad experiences, Halifax citizens have started to discuss the reliability of online elections. The mayor, who is leaving office following several scandals, has defended the e-voting plans. A council employee has tested the Scytl system and not found any problems, said the mayor. Halifax now also plans to have the closed Scytl program source code examined by commercial investigators, probably by Ernst & Young. Halifax council doesn't deny that, in a few years, the encrypted election data could be cracked using more powerful computers.
Scytl also supplied e-voting server and client software for the Austrian students' union elections in 2009. These elections weren't exactly secret and were eventually annulled for unconstitutionality by the country's constitutional court.
The NDP elections were won by Thomas Mulcair. The election was called because the previous party leader, Jack Layton, died of cancer. Layton was considered Canada's most popular politician and for the first time turned the NDP into Canada's second strongest party. This gave him the official title of "Leader of Her Majesty's Loyal Opposition". Layton's role will now be taken over by Mulcair. The NDP has not replied to enquiries by The H's associates at heise Security about the e-voting problems.
- US e-voting system cracked in less than 48 hours, a report from The H.
(Daniel AJ Sokolov / crve)