Ontario's 2022 Online Voting Faced Severe Security Risks, Study Finds
Ontario's 2022 municipal online voting faced severe security risks, according to Canadian researchers. More than half of the province's municipalities offered social security voting, with 3.8 million eligible voters participating. However, the method's security flaws could have allowed election fraud.
The study found that e-voting providers, including market leaders Intelivote and Scytl, had vulnerabilities. Attackers could exploit these to manipulate votes using cross-site framing attacks. Additionally, the handling of voting codes posed a significant risk. These codes, automatically sent to voters, are often discarded without proper destruction, increasing the chance of simple election fraud.
Protection against redirection to fake websites was insufficient in many cases due to the lack or incorrect implementation of the HSTS protocol. This oversight could have allowed attackers to intercept voting codes and manipulate votes. Despite these risks, voter turnout for online voting remained low, at below 37 percent, and studies show that e-voting does not increase voter turnout in the long run.
Elections Ontario, the independent agency overseeing Ontario's online voting, must address these security concerns. Strengthening protection against cross-site framing attacks and ensuring proper handling and destruction of voting codes are crucial. As online voting becomes more prevalent, so too must the focus on security and voter education.
