Expert: Elections Canada, MP websites lack basic data security measures

Without basic encryption on the websites, hackers could manipulate users into going into decoy pages, expert warned

Expert: Elections Canada, MP websites lack basic data security measures

Cyber

By Lyle Adriano

A cybersecurity expert has pointed out that several webpages of Canadian MPs and even the Elections Canada agency lack basic encryption, which can leave their visitors vulnerable to online mischief and manipulation.

The webpages in question use an outdated, unprotected chain to carry information from users to the website owners. This is a problem for webpages that request personal information, such as Elections Canada’s form for those requesting publication and the “Contact me” pages of MP websites.

There are two types of protocols for sending data between a user’s browser and the website they are connected to – the unsecure “HTTP,” and “HTTPS” – a more secure version with proper encryption. The webpages in question all use the unsecure “HTTP” protocol.

“This is what you can really consider the minimum ‘security 101’ for your website,” Western University cyber security expert Aleksander Essex told CBC News.

Essex added that if major political entities, such as Elections Canada and MPs, have not fixed their websites yet, they should consider “what kind of message is that sending.”

The expert warned that without proper security, hackers can alter information on a website easily, and even redirect users to decoy pages. Such tactics can be used, for instance, on the Elections Canada webpage to suppress voters by manipulating locations where to vote.

Essex said that he initially reached out to Elections Canada eight months ago regarding the issue.

“I don’t see any technical reason that it would take as long as it has,” he said. According to him, it just takes a few minutes to convert a single webpage into an HTTPS-safe site.

 

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!