Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Aleksander Essex Profile picture
Aleksander Essex
@aleksessex
Cybersecurity, cryptography, privacy, election technology. Prof at @westernu

Jun 11, 2020, 11 tweets

I spoke to the House of Commons (@HoCCommittees) Procedures Committee (#PROC) today about how to do remote legislative voting in a safe, cyber-conscious way.
parlvu.parl.gc.ca/Harmony/en/Pow…

Remote legislative voting is a way easier technical problem than online voting for general elections. Votes are a matter of public record, which means you can go back and check what was recorded, which means you can actually detect when things go wrong.

But it's not enough to be _able_ to check. You have to actually do it, and you need to have procedures in place so you know what to do when things go wrong.

This may seem like an obvious statement. It's actually not. It should be, but experience has demonstrated time and again a kind of tendency in the election world to only prepare for disasters after they've already happened.

For example, during the 2018 Ontario municipal election, the voting websites of 43 cities (accounting for a million voters) went down on election night. Many had no cyber-incident response plan. One even said said 6 months before the election saying "we hope nothing happens."

Now you might think that was just a fluke, but a similar situation happened in New South Wales last year. Their iVote registration system went down on the eve of the election.

Last week in Sarnia, a city council vote actually passed by mistake. It turns out, that that the word "disagree" sounds exactly like the word "agree" if the first syllable drops in a glitchy Zoom connection. theobserver.ca/news/local-new…

And that just covers accidents and mistakes. What about deliberate efforts from advanced threat-actors? If they're willing to ransom a city for a few thousand dollars, imagine what they can do to an election. And then, why even hack an election if you could hack the law itself?

Secure remote online voting for non-secret parliamentary divisions is doable, but it has to be done right.

There must be procedures for detecting errors (whether due to hacking, accidents, or disasters). Someone must be responsible for checking that an MPs voting intention was correctly recorded and there must be procedures granting opportunity to recover from errors.

And we need to confront our temptation to think nothing bad is going to happen to our elections. The ship doesn't need lifeboats until suddenly it does. When it comes to new election technology, we need a plan for disasters--even the ones that haven't happened yet.

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling