I did an interview last week on CBC’s Radio One’s The Current (starting at the 6:00 mark) about the Atlanta ransomware attack, and what it means for Canada’s municipalities and their plans for online voting this October.

In the case of the recent cryptojacking of Canadian municipal websites, the point should be made that you can by all accounts do everything right in terms of cybersecurity and still be impacted by a hack.

How does one do online voting correctly?

The short answer is: they can’t. At least not with the current technology and political will. We can hardly get science funding in this country to study this question.

Yet many cities are proceeding anyway, so what should they do? That’s really a challenge because in many cases municipalities are left to their own devices to come up with their own security requirements. In some cases they might not have adequate resources to really tackle that adequately.

Who’s doing it in October?

I recently wrote to the Ontario Minister of Municipal Affairs and discovered that provincial government does not actually have a list of all of the cities that will be running online voting. We know in 2014 there were 98 municipalities that ran online voting. But for 2018 we don’t actually know yet.

This seems surprizing given Ontario requires cities to hold a council votes on their intention to use alternative voting methods a year before the election. They just don’t follow up.

Hope for the best, but you can’t ignore the worst.

Atlanta’s experience being shut down by ransomware and Cambridge’s experience with cryptojacking beg the question: if cities are being hit by financial cybercrime today, what security guarantees do you have for October’s election?

This is an important question, and one that your each city must confront if it is to proceed with online voting.

How white-hat hackers are helping cities fight back against ransomware attacks. Interview on CBC Radio One (starting at 6:00).