After 25 years
working in electoral administration with a large part of that focusing on and
delivering electronic voting, I am in two minds about the latest press release
from Vanessa Teague pointing out a “system hack that would be difficult to
perform” with regard to the NSW Electoral Commission’s iVote internet and phone
electronic voting system.
The first
principle of electoral administration is that processes should be open and
transparent. Our paper systems in
Australia are very open and transparent.
They are conducted in a public place, the counting in the polling place
is observed by scrutineers and subsequent rechecks are all open to
observation. Even postal voting has
strict guidelines so that during scrutiny the identity of the voter is not
revealed.
Electronic
voting has many people who are for and against it. However the benefits to different sections of
the community in a compulsory voting environment are a driving force to its
implementation.
In particular,
electronic voting benefits voters with a disability who would not otherwise be
able to cast their vote secretly or independently. Electoral administrators are quite rightly
being forced to provide for this cohort from the pressure of representative
peak bodies and sometimes from litigation.
Many of the
electoral commissions in Australia have trialled or fully implemented a form of
electronic voting, but mostly these have been in kiosk format. The Australian
Electoral Commission did trial a remote voting system for selected areas of our
overseas defence force in 2007 (AEC), but even this was not a full internet
version as it was conducted on the defence restricted network, giving an extra
layer of protection to the outside world of hackers.
So in Australia
the NSW Electoral Commission was the first to implement internet and telephone
voting in the public domain in 2011 in a general parliamentary election. It was
also used successfully in all subsequent by-elections. At
this point I should declare that I was one of the project team in the 2011
implementation and also in the 2007 AEC federal implementation.
As an electoral
administrator we are very accountable.
We are required to implement the electoral legislation, ensure the
franchise of every voter and provide integrity to all processes. Following each election there is always a
review of our practices by a parliamentary “electoral matters committee”. These committees are where all matters are
reviewed. Voters, peer groups, pressure
groups, political parties, and academics can all make submissions as to how to
improve the electoral process. It is
why the Australian systems are often seen as the best in the world. Vanessa Teague has made many representations
to these parliamentary committees regarding her wariness of internet and
sometimes kiosk electronic voting, so she is aware of how elections in
Australia are formally reviewed.
When reading
arguments against electronic voting, it is usually along the lines that instead
of one paper vote being tampered, or one ballot box being stuffed, that instead
a whole database of votes can be changed.
But it appears that this is not the hack that Ms Teague found in the NSW
system. Her quote is…..
"The
analogy would be pulling someone's postal vote envelope out of the post,
pulling out their vote and finding out how they intended to vote and then
putting a different ballot in instead," Ms Teague said.
So
this finding was not a flaw that could change a whole database of votes.
The
Chief Information Officer of NSWEC Mr Ian Brightwell said……
“It’s
easy enough to [test the attack] if you sit in a local area network and direct
yourself to an internal proxy, but in practical terms to intercept the traffic
en masse you’d have to somehow sit in between that particular server and the
client’s voting,” he said.
So
in this case you would have to actually sit in between the server and the
client “when they are voting” to be able to hack their vote.
Ms
Teague’s press release also says that they alerted the NSWEC when they found
the flaw and waited until it was fixed before publicly talking about it.
So
this is where I am in two minds. As an
electoral administrator I need to know if there is an issue in the conduct of
my election in order to keep the integrity of the election.
I
am sure that the NSWEC were grateful of the information from Ms Teague.
But
to then go public and undermine the confidence of the whole electronic voting
system, and potentially the outcome of the election seems to me to be an unnecessary
act when Ms Teague could have presented this information in the fullness of
time to the NSW electoral matters parliamentary committee as she has often done
previously.
Electronic
voting is a method of voting that is necessary at this point in time for our
special needs groups, but in time it will be more necessary in a paper frugal
society, and indeed it will be demanded by our mobile device equipped
population.
The
tensions brought about by the people who are for and against electronic voting
is good and healthy and will allow for greater security and robustness of
future electronic voting systems. However we must reflect on the timing of the
release of our arguments inside an active election period.
No comments:
Post a Comment