was on a script called 'GhostVolunteer' that would automatically fill in the volunteer form on the Conservative Party
website with random data. The idea being to flood the site with legitimate-looking, but completely fake, volunteer offers.
Now there are a number of issues to discuss here. For starters I don't know how the volunteer forms are dealt once
received so its an open question whether GhostVolunteer would even have an effect. Regardless of what you think of the
Conservative Party (and they don't play a convincing victim) they don't deserve to have their volunteer page tied in knots.
But perhaps my biggest concern is the potential for such a program to find wider use in Canada. Imagine if none of the
parties could effectively identify volunteers. The parties wouldn't be overly hurt. Candidates generally recruit volunteers
from among family and friends while parties hire what help they need. This program would instead effect those who
want to get involved in the political process but are not familiar with other contact channels. And that would be
unfortunate in an era when people are largely disengaged from politics.
Minor parties on the other hand would have a hard time dealing with a GhostVolunteer attack. Such parties rely on
volunteers for everything. Nor do they have the ability to deal with piles of spam. The potential to cause minor parties hardship is rather ironic as the script's author is himself a member of a minor party.
I hesitated for a while on whether to write this article or not. If I ignore it the script might never even be used. However, if
it does become widely used by a group with an agenda it would be the kind of dirty trick I dislike the Conservative Party
for. And I won't be a silent accomplice to that. However, if I make all sides aware of the script I risk starting the universal
volunteer block described above. But perhaps by making all sides aware of the potential problem counter-measures can
be taken. In this case the counter is rather simple: CAPTCHA. However, its not unfeasible that similar scripts could be used for email or messaging services that don't have CAPTCHA so I'd rather awareness lead to a MAD-like situation
where no one wants to make use of this type of attack.