Over-shadowing the NDP Leadership conference on March 24th were delays in the members e-voting system apparently due to a Distributed Denial of Service (DDoS) attack. While the online program was delayed during the 2nd, 3rd and 4th ballots, the NDP have stated no data was actually breached – a headache yes.
As Adam Stirling pointed out during our interview this has similarities to voter suppression phone calls during the May 2011 Federal election. So, can e-voting ever be included as part of an election process? In the first half of the interview, we discuss the possible impact to the technological side of elections, followed by the role of social media in the leadership campaigns.
some Twitter stats – via politwitter.ca
Paul Dewar: 8872 followers. 50 Klout score
Thomas Mulcair: 8120 followers. 44 Klout score
Brian Topp: 7946 followers. No Klout score recorded
Peggy Nash: 6607 followers. 17 Klout
Nathan Cullen: 6489 followers. 48 Klout
Niki Ashton: 4114 followers. 44 Klout
Update: Tuesday March 27th
In a statement to media, the company contracted by the NDP to run the advanced and convention e-voting system noted “Well over 10,000 malevolent IP addresses (computers) have been identified so far, as having generated many hundreds of thousands of false voting requests to the system”
via Canada Wire
Scytl Canada was contracted by the New Democratic Party of Canada in an open, global competition to provide the voting services for both advanced and election-day balloting. The advanced balloting was performed via electronic and mail-in ballots using a preferential voting process. This occurred flawlessly, without incident.
The first round of balloting began at 5:00 p.m. on Friday, March 23 and was completed on schedule at 09:00 a.m. on Saturday, March 24, 2012. When the second round of balloting began at 11:00 a.m., there were some initial voter delay and timeout reports that quickly increased in volume.
On receipt of these reports, Scytl determined that the voting system was operating normally and the user delays were being caused by a growing volume of external voter requests. The logs of automated monitors such as Intrusion Detection Systems (IDS) and firewalls were analyzed and Scytl quickly recognized that this might be an external attack on the system. Scytl technicians commenced standard mitigation procedures including increasing the system throughput, identifying and blocking malevolent IP sites and other actions.
Within 20 minutes following the evidence of external attacks, Scytl had an additional team of over twelve high-level personnel involved in these mitigation activities, which allowed the voting portals to be kept open albeit in a slower mode. By keeping ahead of the attackers, Scytl was able to allow the voting process to proceed with an overall three-hour delay.
Preliminary Attack Analysis
Scytl has performed a preliminary forensic analysis on the attack and has concluded the following:
This was an organized and large-scale Distributed Denial of Service (DDoS) attack launched against the voting system in an orchestrated, professional, albeit illegal manner.
Well over 10,000 malevolent IP addresses (computers) have been identified so far, as having generated many hundreds of thousands of false voting requests to the system. This effectively “jammed up the pipe” into the voting system, delaying voter access. This network of malevolent computers, commonly known as a “botnet”, was located on computers around the world but mainly in Canada.
The required organization and the demonstrated orchestration of the attack indicates that this was a deliberate effort to disrupt or negate the election by a knowledgeable person or group.
ABOUT SCYTL CANADA
Scytl Canada is a company incorporated in Toronto, Ontario. Scytl Canada is a subsidiary of Scytl Secure Electronic Voting.
Scytl Secure Electronic Voting (www.scytl.com) is a technology company specializing in the development of secure electronic voting and electoral modernization. It has conducted over 100,000 voting events since its founding in 1994.
Based in Barcelona and with subsidiaries in Baltimore, Toronto, New Delhi, Athens and Kiev, Scytl’s solutions have been used in public elections by governments from countries such as the United States, United Kingdom, France, Canada, Norway, Switzerland, United Arab Emirates, South Africa, India and Australia, among others.
Podcast: With host Adam Stirling (@adam_stirling) on CFAX 1070, Victoria BC
Saturday March 24th saw the New Democratic Party in Canada hold a leadership convention. Nothing new in that, except this time instead of the usual sending pre-selected delegates to represent regions, and vote on the floor on behalf of party members, from what frankly is a geographically huge country, this convention was unique, and somewhat experimental, implementing an online e-voting system for any member to participate in each ballot from anywhere.
On paper it is seemingly an acceptable technological challenge, and nothing that is totally new within secure e-commerce, or even corporate share holder events. The NDP have 130 000 declared members; it is a simple process to tag each with a unique online identifier for tracking, and provide a login/password for e-voting access.
The problem is tying an online system to a live, dynamic multi-ballot political leadership conference where candidates are voted off the list at each stage, and opening windows for members to vote again. At any point, if the technology breaks down, or the online security is breached, the entire process can stop. In a delicate political situation where the leadership of a party is at stake, any issue which stalls access, or deems the process unreliable, can have major impacts. Especially for a party which holds official opposition status.
During the actual convention, as the 2nd ballot opportunity was opened an apparent DDoS attack on the NDP e-voting system was launched. This affected not only party members trying to access and vote online, but also the 4300 at the actual Toronto convention site, as that was the system they had to use. The snaking lineups of people trying to vote from the convention floor only mirrored the frustration of thousands more attempting to vote from across the country, in fact some were on holiday or business in the US and elsewhere worldwide. While online service was restored to the conference floor, and later to the wider online voter base for the 2nd ballot, problems surfaced again for the 3rd, and later 4th and final vote.
To make it clear: the NDP convention team itself stated to the assembled media it was a DDoS attack, and they had identified two IP addresses as being responsible. This while some media outlets, and social media pundits, were messaging ‘hack’. There is a large difference between the two definitions: DDoS – commonly defined as ‘distributed denial of service’ is designed to overload a web server using multiple computers, on many different IPs, and essentially overwhelming its ability to individually serve a webpage or program. As an analogy, it’s like jamming a multi-line phone board with calls. At a certain point the capacity to serve content breaks down. A ‘hack’ is different. In the negative sense it is an attempt to subvert security controls, enter into an online database of information and page content, and either download, manipulate or alter that content.
The NDP have Price WaterHouse for the voting audit, and one hopes they will report very quickly – at the very least to affirm the security around the online voting process was not compromised.
As an affirmation, what the NDP accomplished during the actual convention day is the way forward. Despite a total of 8 hours delay due to online voting technology issues: and kudos to the conventioneers, media and online participants who stayed, it allowed for a more direct and personal interaction for NDP members. (Note – I am not a member of any party, and did not participate in the vote)
The NDP hired the firm SKYTL – a Spain based e-democracy company, with offices in Canada, to run the e-voting system for the convention. Despite the on-day issues it appears they were able to either overcome, or had back-up plans in place for a credible compromise.
The lesson is twofold: securing an online voting process is one issue, and there is nothing indicating the actual voter database, or information was breached during the NDP convention. However, a DDoS is a simple, effective method to upset online participatory democracy – it could be initiated by bored teenagers, a rival party, a company, or even a country. How many were prevented from voting online is the question – how many gave up? The optics for the NDP are not good: during spring 2011 Federal election, and the leadership campaign, the party has almost doubled to 130 000 members, yet only around half voted in the leadership convention.
There is demand for greater participation at all levels of policy and politics – voting is key. The NDP are to be congratulated for taking the risk, and largely accomplishing the goal during a leadership convention. The wake up call is to all other parties, and candidates, and in fact government, that IT security cannot be taken for granted.
As always – your comments and thoughts are welcome….
We all know that sometimes mainstream media can publish too soon, get the parameters around a story wrong, or to put it in simple words for TV and radio: a screw up. In the data age, it is a different matter. The pressure to be ahead of the competition creates some amusing tweets and Facebook posts, but becomes somewhat surreal when a mainstream news outlet, namely ABC Chicago, launches an election page with erroneous data, 24 hours ahead of the vote. (maybe shows a bias?)
This web page was tweeted to me as a direct (private message) from @BC_News_Addict, with concerns. Was it a spam web page masking as an ABC portal , or could US election communication regulations be so regressive as to call a vote, before people have a chance to cast a ballot? At the time of this post it appears the webpage from ABC Chicago was simply a mistake. A data mapping staffer, or journalist, or editor, maybe entered a test page as a live link. (and note, the page was taken down by ABC as of 23:30 PST)
No matter. Testing data integration, especially for political journalism, is essential. It should be within a private module – one where designers, data technology experts, and lawyers get together over coffee, and firm up what can be accomplished within a media editorial board. What happened this evening is the opposite – the tech, and editorial at ABC failed, and went public.
It is a clear example of mainstream media, a national broadcaster, dealing with ever changing IT, web formats and social media, making mistakes. What makes it relevant, it could affect votes.
All graphics are computer screenshots credited to @BC_News_Addict
The question – this is now public. Will it affect the vote? Unlikely coming from a Canadian source. This news came out well over 24hrs before the vote, yet no one reported. Why? Is it journalism protecting democracy? How will ABC deal with the leak?
Conspiracy theories abound with the 2011 Federal election call scandal, with a wonderful response on Twitter by Canadians…
While investigations are continuing by Elections Canada and the RCMP, it appears the voter suppression calls were not limited to simply the riding of Guelph, but occurred in up to 40 others. It will require considerable resources, and time, to uncover the truth – if that ever happens, but in the mean time, watching all Federal political parties make serious mistakes in their public relations is cringe worthy.
By March 30th all Facebook pages will change from the standard wall, or app view, to Timeline. If you have a personal profile you will be familiar with the Timeline view – a large picture, an embedded profile picture, then four columns. Timeline also allows users to see your posts right to the beginning of your account, unless of course, you delete.
Timeline format is moving to business and organization pages, and as these affect brands, it is important to learn the new features, and set the apps, profile pictures and information to the best advantage. One major note, apps that previously provided entrance pages will no longer work. All users, new and subscribed will be directed to the wall, so it is vital to get it right.
While you can set your page right now to the Timeline format – those instructions will appear when you access the administration area – it might be worth playing with some settings first, and look at other pages for ideas, before submitting.
When you access the new Facebook page format, the first obvious change is the administration panel at the top. Now, don’t worry, your viewers don’t see this, only people assigned as page administrators.
The tab right at the top right – Manage, Build Audience, Help and Hide – will lead to page and account management (settings), Facebook’s advertising program (which is the essential reason for the Timeline roll out), a help section – which is actually quite useful, and the hide button which will collapse the Admin. panel window.
Below that, you will see a box with notifications – comments, posts by others etc., a section for messages, one for new likes, and a box which provides a summary of Facebook Insights, their version of Analytics.
This is the major design change to Timeline, and one that requires attention. Viewers will see a large photo at the top of the page, with the profile logo embedded at the bottom left. Getting these right will greatly assist retention.
The cover photo/graphic is best at 851 X 315 pixels, with the profile logo at 180 X 180 pixels. In terms of design, there is no right or wrong answer, except that both should be consistent with all your related marketing, especially the profile logo, and the cover photo should be compelling and tell a story. Facebook does have restrictions and guidelines for cover photos – No price or purchasing information, Contact information should be included in the about section and not on the cover graphic, and importantly – no calls to action such as ‘Share’ or ‘Like’
Below the cover photo and profile logo, you should adjust the ‘About’ section – go to admin section under manage/edit page/basic information/About. The text you enter and save in that tab will appear under the cover photo to the left. Next to that are the apps. You can have 12 apps ordered as you wish, with the top 4 appearing on the page. Note, the Photos App is required. Apps can now be customized (profile graphic and information) so it is worth taking some time to maximize potential. These custom tab images are best at 111 X 74 pixels.
The actual Timeline will be similar to personal profiles, however you can ‘pin’ posts to highlight apps, blogs, offers or events. Those will remain at the top for 7 days, but is a good method to feature ‘push’ content.
Facebook is the number one social media platform with 850 million users, but is facing (pun intended) competition from Pinterest, Google Plus and Twitter. While G+ is not gaining the traction pundits were heralding a few months ago, Pinterest is, and each platform has one design theme in common – it’s all about visuals. The systems are designed to highlight visuals vs text, which might end up being a detriment to actual engagement.
as always, your thoughts and ideas are welcome. Your comments are welcome…
While CFAX 1070 host Adam Stirlingand I normally discuss social media, occasionally news and events create the issues for our regular segments.
This is certainly the case with the @Vikileaks30 Twitter account, which has now been exposed as a Liberal Party staffer, and the almost surreal, widening claims of robot/call centre phone messages which misdirected voters to non-existent polling stations in the May 2nd 2011 Federal election.
There are plenty of media articles, and new revelations daily, if not hourly…
Ottawa Citizen – Allegations Unprecedented
Canada’s former chief electoral officer says recent allegations of systematic voter-suppression phone calls are unprecedented in the country’s electoral history.
“We have never seen anything like this alleged case in terms of this potential organization and impact in terms of numbers,” says Jean-Pierre Kingsley, Canada’s chief electoral officer from 1990 to 2007. “People vote twice, people destroy the signs, but this automated means and this use of call centres is the first time the allegations go as far as they are going. They’re serious.”
Toronto Star – Call Centre Staff Misdirected Voters
However, one employee was so concerned that something was amiss she says she reported it to her supervisor at the RMG site, to the RCMP office in Thunder Bay and to a toll-free Elections Canada number at the time.
Annette Desgagné, 46, said it became clear to her — after so many people complained that the “new” voting locations made no sense or were “way the hell across town” — that the live operators were, in fact, misdirecting voters.
“We’re sending people to the wrong place,” Desgagné recalled telling her supervisor.
Chantal Herbert – Robo-call accusations raise uncomfortable questions
Under Stephen Harper, the Conservatives have pushed the line of what is considered fair game in partisan politics.
It now basically sits on the divide between what is legal and what is not. The evidence suggests that the closer parties play to that line, the greater the chances that some of their partisans will cross it.
The Liberals just learned that the hard way when it was found that one of their staffers was responsible for leaking details of Public Safety Minister Vic Toews’ private life on Twitter.
Too often, the opposition has been prompt to follow the Conservatives down the same slippery slope.
On that score, the addiction of all federal parties to robo-calling is a telling development.
A technique originally used to dispense useful information to prospective supporters is being turned into an instrument of harassment.
When MP Lise St-Denis left the NDP to sit as a Liberal in January, the New Democrats hired a firm to robo-call her constituents of Saint-Maurice-Champlain.
The NDP was not identified as the sponsor of the calls and recipients were not told that if they pressed 1 to signal their displeasure with St-Denis, they would be re-directed to her riding office — where they swamped the phone lines for a number of days.
There is an Elections Canada investigation underway specifically seeking answers in the Guelph, Ontario allegations. However, as nearly 40 ridings across Canada are reporting voter suppression calls, it is now imperative an over-arching, deep investigation is pushed by the House of Commons. Voter suppression – the most common being negative adverts – is nothing new, and while many feel those are unethical, they are not illegal. Voter suppression which actually inhibits someone from voting, such as saying they need to go to a different polling station, IS illegal.
Podcast: CFAX1070 with host Adam Stirling (and read Adam’s commentary)
From @LBMG_PR at #lgla Is social media the new press release? cc @lacouvee @matvic
with a response from Janis LaCouvee
@lisahelps @LBMG_PR @matvic IMO it’s reductive to say that social media is the new press release. It’s one part of communications.
@frank_leonard said tonight at #lgla since he’s been on Twitter he hasn’t written a press release, saves staff time cc @lacouvee @matvic
(Note: Frank Leonard is the Mayor of Saanich BC)
Janis is correct. Social Media is only one part of communications, be that advertising, politics, branding or ‘news’. However, it is true to say Social Media is the central hub of media aggregation. Outside of text, which is an important factor and not to be discounted, Facebook, Twitter, Youtube, Pinterest, Google Plus and even the somewhat re-vamped My Space, are not involved in production. Photographs, video, interviews, and articles are created outside the social media sphere, but in that space they gain an audience and interaction beyond the medium.
Community news especially suffers from a lack of broad based promotion. Despite provisions in Canada (and elsewhere) for community TV, the audiences tend to be small, while the production values often equal or beat commercial operations. Which is why the news that SHAW TV community programs, at least in the Victoria BC area, will soon have a Youtube channel, is welcome.
The weekly Opinion Panel on SHAW TV is a case in point. Host Alan Perry brings together opinion makers from around the region to discuss major issues. For February 10th, we discussed regional amalgamation, big box stores, a provincial judicial review and more…
with Nikki Ewanyshyn, John Treleaven, and host Alan Perry
Continuing a regular spot on Victoria’s CFAX 1070AM, this week’s topics were the proposed Protecting Children from Internet Predators Act (Bill C-30), and the potential of Social Media in the 2012 Presidential election.
In the House of Commons last week, Minister of Public Safety Vic Toews introduced sweeping legislation primarily providing law enforcement mandated access to basic account information from Internet Service Providers. The theme (as all crime bills especially seem to require themes and titles these days) was protecting children from online predators, but in fact is an over-arching policy which goes much further: requiring ISPs to install software to retrieve information account holder information, preserving data, and granting the Minister powers to appoint ‘inspectors’ for warrantless searches:
As noted by the CBC’s Terry Milewski:
The inspector, says the bill, may “examine any document, information or thing found in the place and open or cause to be opened any container or other thing.” He or she may also “use, or cause to be used, any computer system in the place to search and examine any information contained in or available to the system.”
You read that right. The inspector gets to see “any” information that’s in or “available to the system.” Yours, mine, and everyone else’s emails, phone calls, web surfing, shopping, you name it. But, if that sounds breath-taking enough, don’t quit now because the section is still not done.
The inspector — remember, this is anyone the minister chooses — is also empowered to copy anything that strikes his or her fancy. The inspector may “reproduce, or cause to be reproduced, any information in the form of a printout, or other intelligible output, and remove the printout, or other output, for examination or copying.”
Oh, and he can even use the ISP’s own computers and connections to copy it or to email it to himself. He can “use, or cause to be used, any copying equipment or means of telecommunication at the place.”
In short, there’s nothing the inspector cannot see or copy. “Any” information is up for grabs. And you thought the new airport body scanners were intrusive?
Finally, note that such all-encompassing searches require no warrant, and don’t even have to be in the context of a criminal investigation. Ostensibly, the purpose is to ensure that the ISP is complying with the requirements of the act — but nothing in the section restricts the inspector to examining or seizing only information bearing upon that issue. It’s still “any” information whatsoever.
The backlash was fast, and creative. An anonymous Twitter account, @Vikileaks30 began posting details of Minister Toew’s divorce, with the IP of the account traced to a House of Commons address by the Ottawa Citizen. That lead to a call for the Speaker of the House to investigate, which as noted in the podcast, might be problematic: there are as few as four IP addresses serving thousands of MPs, staff and civil servants in multiple buildings on the Hill.
A more creative response was the Twitter hashtag #TellVicEverything which trended around Canada, even reaching the number 2 spot worldwide. Thousands of Canadians posted mundane, often hilarious, missives on what they were doing...you can view highlights here. We have yet to see if the cross party and public advocacy against Bill C-30 will lead to alterations, or even a re-think. Remember, in the US, the SOPA and PIPA bills were essentially dumped after a massive online reaction. More insight via Maclean’s, have a read of Andrew Coyne’s comment in The National Post.
The 2012 Presidential race is heating up, and while the Republicans are still fighting out who will win the nomination – the GOP race is THE BEST reality show on TV – the Democrats are busy building on the online success of 2008. Going beyond using social media primarily for fund raising, an experienced team is using Facebook as the platform to target voters. See the Guardian UK on the Chicago Democrat Headquarters and how Facebook was used to beat an incumbent mayor in Rapid City, South Dakota.
Podcast: On CFAX1070AM with host, Adam Stirling
While writing this, the meme is continuing on Twitter under the hashtag #TellVicEverything. An inventive response to the proposals in bill C-30 – and possibly some alterations in the legislation will be forthcoming (Globe and Mail). It appears Canadians advocating online privacy rights do not appreciate being compared to child pornographers.
The Storify curation below is a very small sample of the thousands of tweets submitted…
Updated February 17th, 1915 PST
Twitter is a limited medium for long form conversations, more suited for quick news headlines, updates and sharing links. Restricted to 140 characters, it is hard to imagine creating a story, but that is exactly what Andrew Coyne messaged, with short bursts of creativity along a theme of ‘Austerity Czar‘.
Andrew Coyne is a columnist with the Canadian newspaper The National Post, and member of CBC’s At Issue Panel – also a prolific tweeter, but this is a new reach…and, quite brilliant. We wait for the second instalment.