Hacking concerns delay Tory leadership contest ballot distribution

Ballot distribution for Tory leadership contest delayed over hacking alert

Image:
Ballot distribution for Tory leadership contest delayed over hacking alert

The National Cyber Security Centre has warned that cyber actors could alter the votes of scores of party members

The distribution of ballots to Conservative party members for the party's leadership election has been delayed due to security concerns.

The party said it changed its plan for the contest following a consultation with the security agency GCHQ, who warned that hackers could alter the votes.

Postal ballot forms were scheduled to be mailed out starting Monday to around 160,000 Conservative Party members to vote for Liz Truss or Rishi Sunak as the next Prime Minister of the nation.

However, in an email sent to members, the head of membership for the Conservative Party said that postal ballots will arrive by Thursday, August 11, because of measures "to provide some extra security" to the process.

The winner of the leadership contest is still expected to be announced on September 5th.

Under the original plan, Tory members were supposed to get a postal vote with a specific code and then cast their votes either online or by mail.

Additionally, the original plan would have given members the option of changing their mind and voting again, using the alternative method, which would have cancelled out their previous vote.

However, on the recommendation of the National Cyber Security Centre (NCSC), which is a part of intelligence agency GCHQ, the Conservative Party has made the decision to scrap the option for members to amend their vote.

After casting their ballot, each participant's unique code will be rendered inactive, making it impossible for them to change their mind later on in the competition.

"To vote online, simply input the unique one-use codes printed on your ballot paper and fill in the security questions. Once used, your codes are invalid and you won't be able to re-enter the site," the email says.

"If you decide to vote by post … once received by the ballot company we will deactivate your online codes."

It is understood that there was no explicit threat from an adversary state and that the advice was about general vulnerabilities in the voting process.

Russia, China and Iran have all been accused of trying to influence opinion surveys in the past, and a US intelligence head recently accused those states of trying to meddle in the 2020 US presidential election.

"Defending UK democratic and electoral processes is a priority for the NCSC and we work closely with all Parliamentary political parties, local authorities and MPs to provide cyber security guidance and support," a NCSC spokesperson said.

"As you would expect from the UK's national cyber security authority we provided advice to the Conservative Party on security considerations for online leadership voting."

In its email, the Conservative Party advises members to get in touch if they haven't received their ballot packet by August 11th.