Foreign spy agencies may disrupt internet voting: IVTF
ISLAMABAD – The Internet Voting Task Force (IVTF) on Overseas Pakistanis’ Voting Rights has said that internet voting was likely to be attacked by foreign governments and intelligence agencies.
In a report, the IVTF said the applications such as internet banking and e-commerce were typically targeted by insiders, hackers or in organised gangs, whereas an internet voting system used in binding political election results was far more likely to be attacked by foreign governments and intelligence agencies.
It stated that foreign government agencies posed an entirely different class of threat as compared to standard hackers adding these organizations typically had unsurpassed resources and capabilities at their disposal. “We have the example of Skynet, a US NSA operation, specifically deployed in Pakistan. The NSA had actively hacked into Pakistan’s communication infrastructure and was surreptitiously engaged in bulk collection of phone metadata of 55 million mobile phone users. This information was then used to identify potential terrorists who could later be targeted via drone strike. This infiltration was undetected for several years and only revealed as part of the Snowden leaks,” it added.
The Supreme Court has been hearing the identical petitions including the one filed by Chairman Pakistan Tehreek-e-Insaf Imran Khan seeking issuance of directions for granting voting rights to overseas Pakistanis.
On April 12, the top court had convened a session pertaining to voting rights to overseas Pakistanis. The session was presided over by Chief Justice Mian Saqib Nisar, and included members of various political parties, IT experts from Pakistani universities, concerned citizens, and members of the media.
On this occasion, Chairman Nadra Usman Mobeen had demonstrated the IVOTE, an e-voting platform that would allow overseas Pakistanis to cast their votes for the forthcoming general elections using the internet.
But due to technical reasons, cyber security concerns as well as violation of ballot secrecy under Clause 94 of the Elections Act 2017 and Article 226 of the Constitution, the voting rights could not be granted to overseas Pakistanis for very recently General Election 2018. The top court will take up the matter for hearing during the current week.
The 30-member IVTF, including the representatives of Nadra, Election Commission of Pakistan (ECP), IT experts and other stakeholders, also stated that internet voting could not be conducted on the pattern of E-Commerce.
The 31-page report responded the common question as to why voting through internet could not be conducted if applications such as banking or commerce could be conducted online.
The IVTF report stated that online banking and e-commerce systems were vulnerable to cybercrime with attacks costing the economy up to hundreds of billions of dollars every year, adding that banking and e-commerce websites hacked routinely and the costs of these attacks were typically counted as ‘the cost of doing business’.
“A recent study estimates cybercrime revenue at $1.5 trillion per year and indicates that not only is cybercrime a fast-growing phenomenon but also that cybercriminal outfits may actually be making more money than small and mid-size companies.”
The report added that the key tools that banks used to fight cybercrime were not applicable to internet voting.
“For instance, financial institutions maintain detailed records and audit trails of every transaction. In the case of voting, maintaining audit logs or trails that identify the voter is a direct violation of the secret ballot property.”
Moreover, it stated, internet voting cannot recover from attacks in the same way that banks can because miscast votes cannot be easily detected or reversed the way banking transactions can.
“Furthermore, elections are a far more sensitive matter than banking and news of a hacking incident may have a serious negative impact on citizen’s confidence in elections and long-lasting political repercussions.”
In case of an incident, banks and merchants have recovery protocols in place, which include blocking stolen credit cards, reversing irregular transactions, compensating clients for lost funds, IVTF in its findings said, adding these mechanisms do not apply to internet voting.
Leading international cybersecurity professionals have repeatedly voiced serious concerns regarding the security of internet voting.
“Researchers have discovered vulnerabilities and launched devastating attacks on such systems (including those deployed in the US, Estonia and Australia) that impacted tens of thousands of votes. These demonstrations have played a determining role in discouraging deployment of internet voting in several developed countries.”
The IVTF further stated that postal voting had one fundamental security advantage over internet voting. It stated that coercion and rigging efforts on postal ballots were classed as ‘retail’ attacks which required physical effort and coordination and were considerably difficult to mount on a very large scale.
On the other hand, the report stated, internet voting systems enable ‘wholesale’ rigging meaning thereby tens of thousands of votes may be altered in a single successful hack.
“In essence, internet voting carries a far greater threat to election integrity than postal voting. Furthermore, unlike internet voting, postal voting has been successfully employed in dozens of countries to date and its risks and methodology are well understood,” it added.