How an aggressive campaign could hijack digital voting — and why Democrats should be worried
In recent weeks, two stunning examples of stealing votes by obtaining and forging ballots in elections have surfaced—the first in North Carolina provoking extensive coverage, while the second has escaped notice by reporters and election experts. But the overlooked example may be far more important, as it concerns exploitation of a way of voting that is likely to debut in some of the Democratic Party’s 2020 presidential caucus states.
North Carolina gained national coverage after a consultant working for a Republican House candidate hijacked absentee ballots. That operative’s team harvested votes from these mail-in paper ballots by posing as helpers to citizens seeking to vote from home. They assisted voters to obtain ballots, but then filled out or altered some votes—and signed ballot envelopes—before sending them on to election offices. Such meddling is illegal in North Carolina. These details surfaced in hearings before a statewide election board, which ordered a new congressional election. The contractor faces multiple felony charges.
The North Carolina example is a case of stealing votes on paper.
A parallel drama—only using online voting and stealing digital votes—has surfaced in the Canadian province of Alberta. There, renewed allegations about the 2017 election of the leader to a newly formed conservative party offer warnings for 2020’s U.S. presidential caucuses.
That’s because the lessons go beyond technical glitches and human errors that have dogged telephone and online voting—which some Democratic caucuses may debut next year. Instead, they reveal how an aggressive campaign could hijack online votes.
“I ran in a primary for the leadership of a party right here in Alberta, Canada, where this type of manipulation took place, but at that time we couldn’t prove it,” said Thomas Lukaszuk, the province’s ex-deputy premier, speaking last week about his 2014 race to head Alberta’s Progressive Conservative Association. “But now it has become much more obvious in the following leadership race primary that involves Jason Kenney.”
Lukaszuk is referring to the 2017 contest where Kenney was elected leader of a new party, Alberta’s United Conservative Party (UCP). Like U.S. presidential caucuses, that contest was run by the party itself and its contractor—not by a government election agency. In Canada, recent party elections typically have involved telephone or online voting—which Democrats want to offer in 2020’s caucuses to increase participation. Such remote voting is the terrain where thousands of votes were allegedly stolen.
Prab Gill, an Alberta Legislative Assembly member from Calgary-Greenway who left the UCP, described the 2017 vote-stealing tactics in a February 11 letter to Canadian federal police. Kenney’s team allegedly found a way to divert thousands of online ballots from being emailed to eligible voters who registered with the new party, instead sending the ballot access codes to Kenney’s team’s computers, where online security precautions were evaded and votes were clandestinely cast for Kenney.
The contours of the scheme were not that different from what unfolded in North Carolina, where a GOP contractor connived ways to get his hands on absentee ballots. In Alberta, Kenney’s political team sold or gave away party memberships, enabling those voters to take part in UCP leadership elections. This is a common recruiting tactic in Canadian politics—as the government does not track party affiliation or conduct party races.
“The way that these things tend to work is people supporting a particular candidate are trying to convince people to buy memberships,” David Stewart, a University of Calgary professor specializing in elections and political parties said, explaining what may have happened. “They use their group connections, their interactions to try and do that.”
“So, say you went to a number of people who might be members of your church, and said, ‘You know, I’m trying to support Jason Kenney to be leader of the UCP. Would you be willing to take out a membership? It’s not really that difficult. We just need to send in a photocopy of your ID and we can arrange that your vote for Kenney will be recorded without you even having to do anything,”’ he said. “And what they would do then is they could collect the registration information, along with the ID, and have the information [voting specifics and credentials] sent back to an email address that might not go to the person who actually registered.”
Stewart said many people who are enlisted in party registration drives never intend to vote; they are being neighborly to someone they respect who is politically involved. A subset of Kenney’s outreach apparently exploited that tendency in a shrewd way. His team focused on registering new citizens from immigrant communities. But afterward, Kenney’s team allegedly swapped in e-mails that they had created on new members’ paperwork.
“During the early weeks of the [2017 UCP leadership] campaign, I was personally told by Mr. [REDACTED] of the Kenney campaign that the campaign had created 1,000s of e-mails somewhere off-shore, which would be used for voting for Mr. Kenney in the leadership vote,” said MLA Gill’s letter to the Royal Canadian Mounted Police.
“Kenney’s volunteers collected names, addresses and other identification from real Albertans but later added fake e-mail addresses to some UCP membership applications.
“When it came time to vote, eligible voters were supposed to receive PIN numbers by e-mail which would allow them to vote for their preferred candidate online over a three-day voting period. At the time, numerous UCP members complained that they never received their PINs. [The party ignored them.]
“Gill alleges the PINs needed to vote were ‘intercepted’ by Kenney’s team using fake e-mail addresses hosted on a server ‘offshore.’ Team Kenney volunteers stationed at a ‘Kenney Kiosk’ located at the Balzac warehouse allegedly cast multiple fake votes for Kenney using the identities of real Albertans.”
When asked if he believed that thousands of votes had been hijacked in the 2017 online election, Lukaszuk, the former Alberta deputy premier, immediately replied yes.
“I do,” he said. “Just yesterday I spoke to someone in the Sikh cultural community who said that he gave out about 600 memberships to members of his temple, and he tells me that about 80 percent of those people never received a PIN number. It is reasonable to assume that those PIN numbers were mailed somewhere else. It is not out of the realm of possibility that it was in the thousands.”
But the vote-hijacking scheme didn’t stop there—with intercepting login codes as a gateway to impersonating online voters.
Lukaszuk said political parties were aware that some people might try to collect PIN numbers and vote multiple times. So the UCP’s contractor limited how many votes could be cast from one computer, he said. However, Kenney’s team also evaded this safeguard, reported PressProgress, which published social media posts from a former UCP legislative office staffer that provided “a member of Kenney’s volunteer team with instructions on how to cast multiple votes from a single computer using VPN [virtual private network] software to mask their IP address, bypassing the UCP’s internal system for limiting the number of votes that can be made.”
There were other decisions by UCP officials, on the eve of the October 2017 leadership election and during the three days of online voting, which—intentionally or not—played into the purported vote-hijacking scheme.
As the Calgary Herald reported, on the first day of online voting, the two candidates running against Kenney, Doug Schweitzer and Brian Jean, sent a letter to UCP officials protesting Kenney’s use of the VPN software and seeking to temporarily halt the election, writing, the “secret use of software to falsify the sender’s IP address, expressly designed for the purpose of evading detection, is an obvious badge of suspicious behavior.”
But UCP officials replied that there was no evidence of wrongdoing, said using the VPN software was not against party rules and sharply dismissed the protest. Then, before the final day of online voting, the Herald reported, “the party did reissue its PINs Friday evening to all party members who hadn’t voted, saying their call center was busy and it wanted to ensure all members would be able to cast their ballot.”
In other words, the combined official denials and resending of the PINs allowed the alleged vote theft scheme to continue.
These details about the Alberta party election stand apart from other documented problems with online voting—such as voters’ inability to log in, or app stores getting overwhelmed by voters at the last minute, or a vendor’s servers not being properly programmed to handle volumes of vote-casting data. They provide a clear example of how online votes can be hijacked by an aggressive insider campaign—amid an atmosphere of unfamiliarity surrounding a new voting system in a first-time party-run contest.
Lessons for 2020 Presidential Caucuses
Whether computer-savvy activists working for an American presidential candidate could pull off something akin to Kenney’s alleged hijacking of online votes in 2020’s caucuses is an open question. But there are a handful of clear takeaways and lessons from Alberta that U.S. state party officials now planning their 2020 presidential caucuses could heed, some Canadian observers noted, especially if they are planning to debut some form of remote voting—either online or by telephone.
The Iowa Democratic Party, for example, plans to have five early voting sessions and an off-site participation option on the night of its 2020 presidential caucus. The Iowa party has been talking with different vendors about how to do this, studying a mix of voting from telephones or via online platforms, executive director Kevin Geiken has said.
What are the lessons? First, Kenney’s circle apparently realized that email addresses would be one category of voter information not present in government voter databases, which election officials vet and use to update registration rolls. There’s no single email that is tied to a government voter registration file—unlike one’s street address, driver’s license number, date of birth, etc. (This is also true in the U.S.) Thus, shrewd operators were able to submit some officially recognizable voter information, but circumvent the voter authentication protocols to redirect and seize ballot-access PIN numbers.
“The difficulty with this kind of voting is it can devolve not into one person, one vote; but one personal identification number, one vote,” said Stewart, the University of Calgary political scientist. “What’s difficult to do is ensure that the votes cast by the identification number are actually cast by the person who registered to vote.”
Stewart said such double-dealing with emails would be very hard to police. But that twist was not the only loose protocol that could be exploited. Any event that uses a registration push to sign up participants, instead of working with a voter database already in place, is not preferable, said Bret Scofield, vice-president of Simply Voting, which manages online elections elsewhere in Canada and abroad. Reissuing PIN numbers at the last minute, without requiring further privately known credentials, also isn’t a wise approach.
“Your event is only as secure as your credible delivery method,” Scofield said, adding that while relying on email is convenient, there are other options—postal mail, requiring “a ‘second secret’ known only to voters like the last 4 digits of a SSN [Social Security number] or their DOB [date of birth] or some other piece of information not contained within a letter or email, but known to the voter” to produce a more secure election.
“As the importance of the organization, or as the importance of the election increases, that sort of greater attention brings with it greater potential for bad actors,” he said. “So all customers exist somewhere on a spectrum of convenience to security.”
The 2017 UCP leadership contest was also a party-run election where party officials did little to make the process transparent and its results verifiable.
“I don’t think parties, when they are making these decisions [about in-house elections], pay enough attention to the issue of transparency and scrutiny,” said Stewart. “That’s something that these voting systems have to be able to stand up to. They don’t, and it’s a huge error to go in that direction when you haven’t got those issues fully developed.”
But even if the UCP had required more voter authentication layers, that alone would not have guaranteed that a determined candidate would have found a way to hijack votes in an election that’s not run by the government, but is run by a private group and vendors.
At one point, Lukaszuk, Alberta’s former deputy premier, said the “only way” to have a workable electronic voting system—online or telephone—was to have credentials arrive via the mail, “although, mind you, that system was rigged in Alberta,” he added.
“Quite a while ago, there was a Liberal Party of Alberta that had a telephone vote where they were using the regular push-button telephones to vote, and PIN numbers were sent by mail, and there were candidates who were amalgamating addresses and getting PIN numbers for a lot of candidates that way,” he said. “Or certain organized groups were saying, ‘When you get this letter from the Liberal Party, don’t even open it, we’ll come pick it up for you.’”
Steven Rosenfeld is the editor and chief correspondent of Voting Booth, a project of the Independent Media Institute. He has reported for National Public Radio, Marketplace, and Christian Science Monitor Radio, as well as a wide range of progressive publications including Salon, AlterNet, the American Prospect, and many others.
Independent Media Institute
This article was produced by Voting Booth, a project of the Independent Media Institute.