Canadian election databases use 'canary traps'—and they work
Source: Ars Technica
Canary traps: a simple tool for detecting leaks
The canary trap is a straightforward method used to identify leakers or double agents. You share a document, image, or database with each recipient, making tiny, unique changes for each copy. If those changes appear verbatim in a leak, you can immediately pinpoint the source.
The Alberta electoral list case
The Canadian province of Alberta recently faced drama surrounding its electoral list—a database containing names, addresses, and voting districts for millions of citizens. Political parties may legally access the list but must adhere to strict usage restrictions, including a prohibition on sharing the data with third parties.
Despite these rules, the Centurion Project—described by the CBC as a “separatist group”—used the list to power an online voter database. Elections Alberta, which maintains the list, obtained a court order to shut down the Centurion site.
How the canary trap revealed the source
Elections Alberta quickly investigated and announced that the list used by Centurion was a copy of one legitimately released to the Republican Party of Alberta. Election officials were confident in this claim because, whenever they release a copy of the electoral list, they salt it with additional but bogus entries. The fake entries inserted in the Republican Party version of the list also appeared in Centurion’s online tool.
Exactly how the data passed from the Republican Party to Centurion remains unclear, but the canary trap enabled Elections Alberta to act swiftly. Both groups publicly pledged to respect the law, and Centurion took down its tool.