Australian Electoral Commission Refuses To Allow Researchers To Check E-Voting Software
from the after-all,-it's-only-democracy-that's-at-stake dept
The fact that Techdirt has been writing about e-voting problems for sixteen years, and that the very first post on the topic had the headline "E-voting is Not Safe," gives an indication of what a troubled area this is. Despite the evidence that stringent controls are still needed to avoid the risk of electoral fraud, some people seem naively to assume that e-voting is now a mature and safe technology that can be deployed without further thought.
In Australia, for example, e-voting is being used for the elections to the country's Senate, but the Australian Electoral Commission (AEC) has refused to release the relevant software, despite a Senate motion and a freedom of information request. Being able to examine the code is a fundamental requirement, since there is no way of knowing what "black box" e-voting systems are doing with the votes that are entered. A story by the Australian Associated Press (AAP) explains why AEC is resisting:
The Australian Electoral Commission referred AAP to a decision by the Administrative Appeals Tribunal [AAT] in December 2015.
Placing trade secrets above the public interest is a curious choice, to say the least. It seems particularly questionable given Australia's recent experience with e-voting software problems:
In that decision, relating to a freedom of information request, the tribunal found the release of the source code for the software known as Easycount would have the potential to diminish its commercial value.
"The tribunal is satisfied that the Easycount source code is a trade secret and is exempt from disclosure," the AAT said.When the ACT Electoral Commission released its counting code, researchers at Australian National University found three bugs which were subsequently fixed before an election.
As Techdirt readers well know, bugs are commonplace, and there's no particular shame if some are found in a complex piece of software. But refusing to allow independent researchers to look for those bugs so that they can be fixed is inexcusable when the integrity of the democratic selection process is at stake.
When the Victorian Electoral Commission made its electronic voting protocol available to researchers in 2010, University of Melbourne researchers identified a security weakness which was then rectified before the state election.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: australia, e-voting, source code
Reader Comments
Subscribe: RSS
View by: Time | Thread
Lying to congress
Oh wait.... It's probably not illegal for a congressman to lie to congress, just peasants.
[ link to this | view in chronology ]
Re: Lying to congress
[ link to this | view in chronology ]
Re: Lying to congress
They have a House of Representatives and a Senate modeled on the US chambers, but it's otherwise a parliamentary model.
[ link to this | view in chronology ]
Re: Re: Lying to congress
[ link to this | view in chronology ]
Requirements for an e-Voting system
* Only 'key' parameters (eg, pure data nonexecutable) are secret
* Electronically records your vote, to a local and off site archive
* Each ballot recorded in the electronic archive is digitally signed by the machine with a sequence number, and includes the hash of the previous ballot. (and the previous ballot included the hash of its previous ballot, etc. thus ensuring a verifiable chain of ballots.)
* Prints a paper record into a local archive. (eg, a machine that has a bin gradually accumulating a stack of small ballot cards which would be similar to a paper ballot)
* The voter can see an on-screen image of the 'paper' ballot after they have confirmed and submitted their vote -- that way the voter knows that their vote was correctly 'recorded'.
Both electronic and human recounts are possible because of both the electronic and paper archive of ballots.
The paper and electronic archives can be audited to ensure the two archives exactly match. The local electronic and remote electronic archive can also be audited to ensure they match.
The paper ballots that are archived in a card stack would be designed to be human readable, but also easily machine readable such that the machine can read the same thing that a human reads (eg, not a barcode along with a printed indication of what the vote is which is two separate things.)
Now, even if the e-Voting software were closed source, it would be possible to ensure that its behavior is correct. None of this business where the only record is an electronic record -- and it is a correct and true record of what voters voted! I swear! No, really. I promise! Trust me.
Voting results could be instantly available online so that people in Western longitudes know that it is pointless for them to go out and vote.
[ link to this | view in chronology ]
Re: Requirements for an e-Voting system
i am a techno guy, but the ONLY reason we have computer based systems, is they can be controlledby TPTB...
2. um, not mentioned in the article, but, um, OUR computer based voting systems are ALL 'proprietary' / black box software us mere voters are NOT allowed to inspect...
3. those few times white hat hackers have accessed voting machine code, it was a gigantic steaming pile of spaghetti programming...
there are only two reasons for spaghetti code, massive incompetence over time, OR, they are purposefully obfuscating the code to hide eee-vil machinations...
[ link to this | view in chronology ]
Re: Requirements for an e-Voting system
You'd have to be careful with the "chain of ballot hashes" idea. It seems like something that could damage ballot secrecy, if done wrong. (And even if you can verify a ballot is recorded correctly, that doesn't guarantee it's secret, which could still be a problem with closed-source systems.)
[ link to this | view in chronology ]
If that's the case then the correct response by the government *should* be "alright, we shall not continue to use your voting machines then."
But really it should have been in the contract to begin with that the source code being turned over was a non-negotiable condition for being in the business of providing voting machines.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
There is no place for the concept of Secrecy in a Democracy. You guys are now beginning to see why a true democracy will never work. Actually there are 2 reasons.
#1. Agents of the government seek secrecy to gird themselves from scrutiny, be for good or evil.
#2. People will only remain prosperous until they find they can vote themselves largess.
America is currently suffering directly under both of these principals. We are have destroyed our democracy, we are something else right now.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
So why should we be worried about secret democratic election software?
With so much secret surveillance, can you be sure your vote is a secret?
The NSA
Is Your Friend!
Trust The NSA!
[ link to this | view in chronology ]
I'm still amazed
[ link to this | view in chronology ]
Re: I'm still amazed
It is worth the time and effort to just count everything by hand or at least to have that option be possible in the case of a close race.
You can do a lot of remote attacks against a machine, and since the same people I do not trust are in charge of the election machines... yea... not going to even venture a guess on how corrupt the system is.
The ENTIRE process must absolutely be performed in the public eye were even the average joe should catch MOST attempts at deception.
[ link to this | view in chronology ]
Re: I'm still amazed
(yes, Disney World in Orlando has very nice facilities for large business events like a company Christmas party. Such facilities would work equally well to be rented for the kind of event described above.)
[ link to this | view in chronology ]
E-voting would still be useful.
But we shouldn't discard the notion of E-voting entirely. A robust and secure E-voting system would allow for participatory democracies at least in small organizations such as communities, if not large ones such as nations.
A robust, secure universal system would also allow for quicker popular counts, eliminating a lot of the problems we have with mechanical voting (such as gerrymandering and the Electoral college.)
And it's not like mechanical and hand-counted voting systems are particularly secure or free from fraud.
[ link to this | view in chronology ]
Re: E-voting would still be useful.
[ link to this | view in chronology ]
It can't be open and verifiable
We are nearly at the point of "Thank you for coming. Your vote has already been recorded".
If the machines were transparent, then the voters actual chosen candidate would win the election.
We can't have that.
/sarc, /snark, /hope
[ link to this | view in chronology ]
Re: It can't be open and verifiable
Remember the company who claimed their facial scanning software could detect your criminal characteristics?
"An Israeli start-up says it can take one look at a person's face and realize character traits that are undetectable to the human eye. Faception said it's already signed a contract with a homeland security agency to help identify terrorists. The company said its technology also can be used to identify everything from great poker players to extroverts, pedophiles, geniuses and white collar-criminals."
https://www.techdirt.com/articles/20160524/12210734538/israeli-company-claims-soft ware-can-look-your-face-determine-if-youre-terrorist-murderer.shtml
So, perhaps in Version 2 there will be no need to leave home to vote. It will already be done for you, and no way to opt out (unless you're deemed an undesirable and then there will be No Vote For You!)
[ link to this | view in chronology ]
Why Electronic Voting is a BAD Idea - Computerphile
https://www.youtube.com/watch?v=w3_0x6oaDmI
[ link to this | view in chronology ]
Re: Why Electronic Voting is a BAD Idea - Computerphile
It just depends on what your definition of 'work' is.
[ link to this | view in chronology ]
Re: Why Electronic Voting is a BAD Idea - Computerphile
[ link to this | view in chronology ]
Re: Re: Why Electronic Voting is a BAD Idea - Computerphile
[ link to this | view in chronology ]
Maxim
I'm not certain the goodness/badness of e-voting. Until I know specifics, I can't offer a reasoned opinion. However, I am certain a model that relies on closed source, proprietary, trade secrets is now and ever will be unacceptable, if we hope to maintain even the merest illusion of democracy.
This software, if allowed to exist at all, is ONLY appropriately handled under Open Source principles and maintained in publicly readable repositories. The more eyes, the better.
[ link to this | view in chronology ]
Solutions
The bonus... because the ballots are machine marked, you could use a second system to actually count them efficiently.
The bonus bonus: when there is a recount required, you actually have paper ballots. The machines have nothing to do with it, you have the actual paper of record to prove it.
[ link to this | view in chronology ]
Re: Solutions
[ link to this | view in chronology ]
Re: Re: Solutions
[ link to this | view in chronology ]
Re: Re: Re: Solutions
[ link to this | view in chronology ]
But that's not how it works
But it will be disclosed. It probably already has -- just not to researchers who are trying to study the integrity of the election process.
This code has value. Therefore there are buyers. Therefore there are sellers. And the price tag is high enough that both buyers and sellers will accept the risk in order to complete a transaction; see, as the definitive piece on this: Stealing an Election by Bruce Schneier, which is now 12 years old and even more relevant now than it was in 2004.
Given the realities of elections, power, money, and politics, it's just about certain that this code is in the hands of people other than the vendor. So calling it a "secret" is at best unjustified optimism and at worst a cynical coverup. I think the question is not "if", but "who", and "when", and "why".
[ link to this | view in chronology ]
Re: But that's not how it works
[ link to this | view in chronology ]
Those who can't vote by ballot...
The whole point of the vote in the first place is that sooner or later, Cerseis and Joffreys end up dominating the throne.
Though the lords of the US might have figured out that the illusion of enfranchisement is enough to keep the people in line. So long as they think they can vote the bastards out, they won't turn violent.
We'll see how that plays out.
[ link to this | view in chronology ]
Those who vote decide nothing, those who count the votes decide everything
Stalin
[ link to this | view in chronology ]
They might actually have a fair election otherwise instead of the criminal they bribed and blackmailed to enslave the citizenry
[ link to this | view in chronology ]
No E-Voting for Australian Senate
http://www.aec.gov.au/Voting/How_to_Vote/Voting_Senate.htm
This PDF:
http://www.aec.gov.au/election/files/e2016-official-guide.pdf
has more details.
Having verified that I then went back to check that 9news.com.au article which was quoted in the article. And guess what? It refers to "vote-COUNTING software".
As distinct from e-VOTING software.
That is to say, presumably the paper ballots will be scanned in to a computer system and the software used to tally the vote. The reason the AEC is using such vote counting software is because the Australian Senate uses proportional representation and counting its vote by hand can usually take weeks. Senate ballot-papers also tend to be huge, especially in the New South Wales and Victoria. Last election there were only six vacancies to be filled in each state., In NSW that led to a ballot-paper about a yard long with over 100 candidates. This time there has been a double dissolution so here will be twice as many vacancies. Twelve in each state to be precise. Which means in NSW and Victoria the number of candidates could well hit two hundred!
Now having said all that, none of this is to say that the article's point isn't still valid. However, having paper ballots does mean that if any shenanigans do occur it is more likely to be subtle rather than blatant; and if there are any doubts the paper ballots are around to do a recount.
[ link to this | view in chronology ]
Re: No E-Voting for Australian Senate
[ link to this | view in chronology ]
Re: No E-Voting for Australian Senate
Glyn could you please update this story to specify that Australia currently (and will not for foreseeable future) have any E-Voting whatsoever for State nor Federal elections.
All elections use PAPER BALLOTS, which are marked using pencil/pen using NUMBERS in the order of preference wanted by individual voters.
They are then manually counted using the "mark 1 human eyeball" except for the SENATE in certain circumstances only in which the paper ballots are fed into a scanning mechanism and then the numerals (1 to 6) for the top part of the Ballot paper only. IF the bottom part of the ballot, which can have up to 100+ numbers marked (no less than 12) than that is STILL manually tallied.
Oh and it is absolutely mandatory for every Australian citizen 18yrs of age or over to vote, unlike the UK or USA. In fact it's an offense not to vote.
[ link to this | view in chronology ]
Re: Re: No E-Voting for Australian Senate
[ link to this | view in chronology ]
Re: Re: Re: No E-Voting for Australian Senate
Are you saying they don't want you to abstain from voting regarding those issues in which you don't care or don't have enough information to make a correct decision?
Incidentally in the USSR voting was mandatory too. Not that it really helped much.
[ link to this | view in chronology ]
Re: Re: Re: Re: No E-Voting for Australian Senate
There is always a significant number of people who do this. What will get you into trouble (as in a fine) is not getting your name crossed off. There are also many who do their ballot work in the couple of weeks before hand at their convenience and just ignore the day in question.
Unlike other places, we don't have a first past the post and the votes are distributed according to the ballot selection.
This year it is strange because there seems to be very little difference between the majors. The majority of MHR's and Senators seem to be in favour of making this nation a police state and running the nation into the ground.
The Motoring Enthusiasts Party's former senator has come across as a man who wants to actually do his job but a lot of them just toe the party line and are useless.
With regards the majors, one side wants one lot of unsavoury characters to have power, while the other major parties want other groups of unsavoury characters to have power. It is looking like we (as a nation) are between a rock and a hard place, in other words, we're screwed. Damned if we do and damned if we don't.
But the decision is still ahead and we'll need to see what happens in the next couple of weeks. One never knows, we might have a disaster that takes out many of the current candidates and leaves room for a brand new batch.
[ link to this | view in chronology ]
We have been using proprietary voting software for a long time
Most of this is done electronically these days. It is handled by an entity called the TAB. And, sure, you can cheat on a horse race but it is much harder to cheat the TAB.
Elections would seem to be lot easier to handle, after all they are only a two-horse race.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Secrets
[ link to this | view in chronology ]