Establishing a Legal Framework for E-voting in Canada
1.0 Executive Summary
Establishing a Legal Framework for E-voting
Canadians have a constitutional right to vote that requires the government to make reasonable efforts to facilitate their ability to exercise their franchise. Even before the adoption of the Canadian Charter of Rights and Freedoms, Canada's legal framework for voting had been constantly evolving to increase access to voting.
One of the ways that has been discussed to increase access to the electoral system is to allow Canadians to cast a vote using a computer, either from home over the Internet or in a controlled environment, such as a voting kiosk in a designated polling area. This is commonly referred to as e-voting, and is slowly being adopted for local, regional and national elections in jurisdictions around the world.
E-voting can serve as an alternative means of voting in addition to in-person, mail-in and advanced voting. The electoral authority would administer it, and it could either be limited to voters who have difficulty getting to the polls (such as disabled or absentee voters) or available to all eligible Canadians.
The authors of this paper acknowledge that there are legitimate concerns with how e-voting would work and whether technological problems or malicious acts could pose a serious threat to the integrity of an election. We are also keenly aware that our democratic system requires voters to have confidence in the voting process.
This paper was commissioned by Canada's electoral authority, Elections Canada. Elections Canada is an independent, non-partisan agency that reports directly to Parliament. As part of its mandate, it must be prepared at all times to conduct a federal general election, by-election or referendum. It is also responsible to administer the political financing provisions of the Canada Elections Act, monitor compliance and enforce electoral legislation.
Elections Canada is also mandated to conduct voter education and information programs, and provide support to the independent boundaries commissions in charge of adjusting the boundaries of federal electoral districts following each decennial census. Finally, Elections Canada may carry out studies on alternative voting methods and, with the approval of parliamentarians, test electronic voting processes for future use during electoral events.
The goal of this paper is to recommend a legal framework for e-voting in Canadian federal electoral events. The research consisted of conducting extensive case studies of other jurisdictions' legal frameworks and experiences, which were then synthesized to present the most pertinent details. Based on this literature review, we present our findings and recommendations on what should be included in a Canadian framework.
The goal of this paper is not to advocate for or against e-voting, but rather to identify what issues a legal framework should address to minimize the risks associated with e-voting and ensure that Canadians can have confidence in the process.
At the minimum, e-voting should be as secure and reliable as special balloting currently conducted by mail. Ideally, it should also meet the following attributes and values that Canadians currently have under the paper-based system:
- facilitated accessibility and reasonable accommodation
- voter anonymity
- accurate and prompt results
- comprehensible and transparent processes
- system security and risk assessment
- detection of problems and remedial contingencies
- legislative certainty and finality
- effective and independent oversight
- cost justification and efficiency
None of these values are absolute, and even the constitutional right to vote may be reasonably limited or rely on trade-offs among conflicting values.
In order to recommend a comprehensive legal framework, this paper looks at the legislation, regulations and procedures that have been developed to introduce e-voting at a national level in Estonia, a regional level in Australia and Switzerland, and a municipal level in Norway and even Canada, to determine best practices. We have supplemented this with observations and reports from international organizations and reputable election observers, including the Council of Europe, Organization for Security and Co-operation in Europe, the International Foundation for Electoral Systems and The Carter Center, along with academic works.
The ideal legal framework appears to be one that demands broad consultation and contemplates risks, problems and threats. It will require strong security measures and testing, but will also outline clear steps to take if worst-case scenarios occur. It will offer clear legislative standards, while allowing the electoral authority considerable flexibility to adopt the most advanced technology.
The legal framework for an e-voting test project or widespread use in a Canadian federal election could take one of a variety of formats. Standards, rules and other normative requirements may be contained in new or amended legislation (particularly the Canada Elections Act), subordinate regulations or direction by Elections Canada contained in policy statements, manuals, requests for proposals and other contractual documents. However, if e-voting is used in a general election, the stakes will be higher and more processes ought to be implemented to ensure that the effective right to vote is not displaced.
Ultimately, whether we use paper or computers to vote, the goal should be to ensure as many Canadians vote as possible, while providing the public confidence that the voting process will perform as Canada's democratic tradition requires.
Main Findings and Recommendations
In considering a legal framework for e-voting in a federal election, the recommendations made in this paper take into account operational elements that are critical in ensuring the implementation of such systems.
Format of the Legal Framework
The legal framework should be a combination of legislation approved by Parliament as well as regulations, policy statements and documents issued by the electoral authority. The framework should achieve legislative certainty while ensuring that adoption of new technology is not hindered by a slow legislative process. Ideally, minimum standards and basic requirements should be listed in legislation, while the electoral authority should be given flexibility to create transparent regulations and public policy documents.
Access and Eligibility
E-voting can be introduced to facilitate accessibility and provide reasonable accommodation to voters who have difficulty attending traditional voting, or it could be expanded to allow all voters to use e-voting. These decisions may involve accommodating cost effectiveness, efficiency, voter fairness and even risk assessment. The legislative framework should treat e-voting as the functional equivalent of special ballots conducted by mail, and non-electronic alternatives should always be accessible. While electronic ballots may be analogous to paper, the constitutionally guaranteed effective right to vote likely demands that voters who do not trust or feel comfortable using computing technology are provided with sufficient options and feel confidence that their vote is secure. We recommend:
- E-voting should be treated as the functional equivalent to special or postal ballots and non-electronic alternatives should always be accessible.
- If there is a desire to limit electronic voting to a specified group, the Canada Elections Act should clearly prescribe the eligibility requirements. (Some jurisdictions only allow out-of-district voters, disabled voters and those who live a fixed distance away from the polls to vote over the Internet.)
- Access to electronic voting should be broad enough to ensure that implementation costs are not overly disproportionate to traditional voting.
- Parliament should grant the electoral authority flexibility in choosing the methods of authenticating voters as long as the methods are secure and reliable.
- Electoral officials should work with diplomatic officials to determine which countries are safe to allow remote voting in.
- The period for e-voting should be conducted over at least a week and end no earlier than the close of advance polls but before voting day. The period should be fair to e-voters but also allow the electoral authority time to react to technical problems.
Public confidence in e-voting will depend on comprehension and transparency. The legal framework should ensure the public has access to information about the system's integrity and security, and methods should be in place to allow key stakeholders to independently verify the security and integrity of the system.
While the implementation of electronic voting in some jurisdictions has required all e-voting source programming code to be published online or to use only open source code, we recognize there may be valid reasons for allowing suppliers to protect trade secrets and for giving the electoral authority the flexibility to choose the most secure and reliable technology. Current legislation allows candidates' representatives to monitor all critical steps of voting. Similar steps should be taken with e-voting to ensure transparency. We recommend:
- Party- or candidate-appointed scrutineers should be able to view all source programming code and inspect physical technology.
- A formalized process should be created for academics and international observers to get similar access to ensure the integrity of the e-voting system.
- Decisions on whether to publicly post source code or use open source technology should not be legislated, but should be left up to electoral officials.
- Electoral officials should be required to provide public reports on the security and integrity of the e-voting system, as well as which external reviewers approve the system.
- Legislation or regulations should ensure that observers or developers immediately report errors to election authorities.
- Procedures should be in place to have election officials inform key stakeholders, including political parties, of security incidents.
Division of Roles and Responsibilities in Administering E-voting
A successful implementation of e-voting will require well-defined roles and responsibilities to ensure the system is secure and to provide the public with confidence that any negligence or mischief at the electoral authority cannot affect the accuracy of the votes or voter anonymity. The legislative framework should ensure that e-voting does not overly depend on any one individual or closely connected group. We recommend:
- Some independent group with recognized technical expertise, internal to Elections Canada or external, should be required to certify and approve that a system is secure, reliable and ready to be deployed in a general election.
- Roles should be assigned to determine if an electronic voting system's security, integrity or privacy has been breached.
- Cryptographic keys should be divided among enough individuals, ideally representing different political parties, to protect voters' privacy and ensure votes are not prematurely de-encrypted.
- A general division of technical roles and duties should be in place across the electoral authority to counter concerns regarding centralization and collusion and to ensure that at least two unconnected people approve any changes.
Contingency Planning for Worst-Case Scenarios
The Canada Elections Act contains some remedial language for reacting to worst-case scenarios, such as allowing the Chief Electoral Officer to adapt the Act in response to an "emergency, an unusual or unforeseen circumstance, or an error" (s. 17. (1)) and permitting a judge to order a revote. Confidence in the e-voting legal framework will be increased if remedial contingencies for known electronic risks are included in legislation and clear disaster plans are implemented to detect and react to problems. The legal framework should ensure legislative certainty and finality of the results. We recommend:
- Clear procedures should be created, preferably in the Canada Elections Act, for cancelling electronic voting, notifying voters and allowing recasting of votes if privacy, security or integrity has been unacceptably compromised.
- The Act should list conditions under which officials may temporarily expand the online voting period if service is interrupted for more than a determined time.
- Requirements in the Act and regulations should be in place on how to treat invalid votes and other irregularities.
- Regulations should detail how electronic votes are handled during a recount, although we recommend that the Act provide judges with increased discretion as to whether e-votes should be recounted in the case of a close election result.
- A clear disaster recovery plan covering all known risks of disruption should be produced before each election.
- The government should ensure that a technical response team, including leading Internet service providers, other departments, and anti-virus and securities vendors, is formed to identify and respond to potential threats during an election.
The Canada Elections Act contains a list of offences, cast in general terms, that may not be sufficiently broad or clear with respect to conduct that specifically concerns e-voting. In order to ensure legislative certainty and discourage disruptions to the electoral system, legislation should be passed to forbid attempts to abuse e-voting. Additionally, the potential for creating widespread voter fraud affecting multiple electoral districts should be taken into consideration in determining appropriate sentences or fines. We recommend:
- Fines and penalties associated with voting offences, including influencing the vote, should be increased.
- The Canada Elections Act should make it an offence for all technical support staff, vendors and anyone who may have access to the system to violate the secrecy of the vote.
- Employers (and others) who use screen capture technology or other methods to observe their computers should be required to take reasonable steps to ensure the secrecy of the vote, including alerting employees.
- Stiff penalties and specific offences should be created for attempts to systematically affect the vote, including disrupting election servers, manufacturing vote-altering software and interfering unlawfully with any electronic voting equipment.
- The Act should ban wilful creation, promotion and linking to spoof election sites that could lead someone to wrongly think that they have voted.
- The Act should make it an offence to wilfully corrupt and submit an e-vote.
- Legislation should prevent unauthorized disclosure of e-voting source programming code.
Technological Standards and Consultation
The legal framework for e-voting should give the electoral authority a high degree of flexibility to choose the most secure technology, work on cost-effective solutions and deliver accurate results. Legislation should generally be permissive to allow new technology as long as it is secure, accurate and protects voter anonymity. A consultative process may be set up to ensure that the best technology is chosen. However, the choice of technology may also depend on certain functionality and features that may require trade-offs, such as between transparency and absolute secrecy. In those circumstances, legislative amendments and parliamentary discussion may be required. We recommend:
- A transparent consultation process should be in place before technological standards or requests for proposals are formalized.
- Parliament should discuss allowing voters to update or recast their e-ballot.
- Officials should be permitted to introduce additional technology, including voter receipts or advanced authentication methods, if they are satisfied that it will increase integrity without disproportionally affecting the privacy of the voter.
- Voters should be permitted to cast a blank ballot.
Testing and the Integrity of the Vote
To ensure the votes are accurate and the e-voting system is secure, the legal framework should require extensive testing at all stages and specific security steps. Ideally, minimum requirements would be in legislation and the electoral authority would be tasked to create detailed regulations and procedures. We recommend:
- Regulations should clearly describe the tests that ought to be conducted prior to e-voting deployment.
- Tests of the software should be completed to ensure it is accessible and usable. Disabled voters, seniors and other groups should be involved in the testing.
- Regulations should require that physical security measures be in place to ensure the integrity of all equipment and prevent unauthorized access during an election.
- Legislation should require auditable and unalterable records of voting activity, threats, disruptions and system activity. The electoral authority could create procedures that include unalterable tape backup and cryptographic encryption of logs.
- Sufficient auditing procedures should be required post-election, even if some details of the audits remain confidential.
- Procedures and timelines should be prescribed for destroying all voting data once all appeals are exhausted.
The electoral authority may seek to deploy e-voting in a controlled environment to facilitate accessibility and accommodate more voters. These may be stand-alone e-voting devices used for voters requiring assistance or secure Internet connected systems running the standard e-voting software used by remote voters in an uncontrolled environment. We recommend:
- Legislation should permit electoral authorities to host controlled e-voting for military voters; voters in penitentiaries; overseas voters at embassies, high commissions and consulates; domestic voters in locations such as offices of the returning officer; disabled voters in the home; and voters on post-secondary campuses, where absentee ballots are common.
- Regulations should require e-voting devices to be tested before and after elections.
- The electoral authority should have access to all software and code installed on machines.
Further Consideration: Specialized Oversight of E-voting
The centralized and technical nature of e-voting requires effective and independent oversight. Public confidence in the system will be enhanced if those overseeing the electronic voting system have the technical expertise, independence, reliability and multiparty support to make tough decisions related to e-voting. Further discussion is required to determine whether this would be most effective within the electoral authority or with a new body with independent powers. We recommend that the electoral authority and those representing various political parties work together to create a board or committee with the authority to make recommendations to the electoral authority or arrive at certain determinations regarding e-voting oversight. Potential members include:
- federal court judges or others with positional independence
- tenured academics specializing in engineering, computer science or law
- privacy or information commissioners
- others recommended by various political parties