Australian Electoral Commission Refuses To Allow Researchers To Check E-Voting Software

from the after-all,-it's-only-democracy-that's-at-stake dept

The fact that Techdirt has been writing about e-voting problems for sixteen years, and that the very first post on the topic had the headline "E-voting is Not Safe," gives an indication of what a troubled area this is. Despite the evidence that stringent controls are still needed to avoid the risk of electoral fraud, some people seem naively to assume that e-voting is now a mature and safe technology that can be deployed without further thought.

In Australia, for example, e-voting is being used for the elections to the country's Senate, but the Australian Electoral Commission (AEC) has refused to release the relevant software, despite a Senate motion and a freedom of information request. Being able to examine the code is a fundamental requirement, since there is no way of knowing what "black box" e-voting systems are doing with the votes that are entered. A story by the Australian Associated Press (AAP) explains why AEC is resisting:

The Australian Electoral Commission referred AAP to a decision by the Administrative Appeals Tribunal [AAT] in December 2015.

In that decision, relating to a freedom of information request, the tribunal found the release of the source code for the software known as Easycount would have the potential to diminish its commercial value.

"The tribunal is satisfied that the Easycount source code is a trade secret and is exempt from disclosure," the AAT said.
Placing trade secrets above the public interest is a curious choice, to say the least. It seems particularly questionable given Australia's recent experience with e-voting software problems:
When the ACT Electoral Commission released its counting code, researchers at Australian National University found three bugs which were subsequently fixed before an election.

When the Victorian Electoral Commission made its electronic voting protocol available to researchers in 2010, University of Melbourne researchers identified a security weakness which was then rectified before the state election.
As Techdirt readers well know, bugs are commonplace, and there's no particular shame if some are found in a complex piece of software. But refusing to allow independent researchers to look for those bugs so that they can be fixed is inexcusable when the integrity of the democratic selection process is at stake.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: australia, e-voting, source code


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    ArkieGuy (profile), 17 Jun 2016 @ 6:36am

    Lying to congress

    Isn't it illegal to lie to congress? Sounds like an impeachable offense for some anti-privacy congress critters.

    Oh wait.... It's probably not illegal for a congressman to lie to congress, just peasants.

    link to this | view in thread ]

  2. icon
    DannyB (profile), 17 Jun 2016 @ 6:40am

    Requirements for an e-Voting system

    * Open Source
    * Only 'key' parameters (eg, pure data nonexecutable) are secret
    * Electronically records your vote, to a local and off site archive
    * Each ballot recorded in the electronic archive is digitally signed by the machine with a sequence number, and includes the hash of the previous ballot. (and the previous ballot included the hash of its previous ballot, etc. thus ensuring a verifiable chain of ballots.)
    * Prints a paper record into a local archive. (eg, a machine that has a bin gradually accumulating a stack of small ballot cards which would be similar to a paper ballot)
    * The voter can see an on-screen image of the 'paper' ballot after they have confirmed and submitted their vote -- that way the voter knows that their vote was correctly 'recorded'.

    Both electronic and human recounts are possible because of both the electronic and paper archive of ballots.

    The paper and electronic archives can be audited to ensure the two archives exactly match. The local electronic and remote electronic archive can also be audited to ensure they match.

    The paper ballots that are archived in a card stack would be designed to be human readable, but also easily machine readable such that the machine can read the same thing that a human reads (eg, not a barcode along with a printed indication of what the vote is which is two separate things.)

    Now, even if the e-Voting software were closed source, it would be possible to ensure that its behavior is correct. None of this business where the only record is an electronic record -- and it is a correct and true record of what voters voted! I swear! No, really. I promise! Trust me.

    Voting results could be instantly available online so that people in Western longitudes know that it is pointless for them to go out and vote.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 17 Jun 2016 @ 6:42am

    "The tribunal is satisfied that the Easycount source code is a trade secret and is exempt from disclosure,"
    If that's the case then the correct response by the government *should* be "alright, we shall not continue to use your voting machines then."

    But really it should have been in the contract to begin with that the source code being turned over was a non-negotiable condition for being in the business of providing voting machines.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 17 Jun 2016 @ 6:56am

    Proprietary code in election software is equivalent to secret law.

    link to this | view in thread ]

  5. icon
    Mason Wheeler (profile), 17 Jun 2016 @ 6:57am

    Re:

    Exactly. If your "trade" is democracy itself, you do not get to keep secrets. Otherwise the democracy ends up broken, and that's a higher priority.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 17 Jun 2016 @ 6:57am

    Re: Lying to congress

    There is no way any politician would ever make a rule against lying. There already are rules for perjury, but you can easily tell they only leverage those against pissants, never against colleagues because they are deathly afraid of it coming back and biting them ALL in the asses.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 17 Jun 2016 @ 7:01am

    Re: Re:

    This can NEVER be said enough.

    There is no place for the concept of Secrecy in a Democracy. You guys are now beginning to see why a true democracy will never work. Actually there are 2 reasons.

    #1. Agents of the government seek secrecy to gird themselves from scrutiny, be for good or evil.

    #2. People will only remain prosperous until they find they can vote themselves largess.

    America is currently suffering directly under both of these principals. We are have destroyed our democracy, we are something else right now.

    link to this | view in thread ]

  8. icon
    John Fenderson (profile), 17 Jun 2016 @ 7:04am

    I'm still amazed

    I'm still amazed that anyone -- particularly election boards -- thinks that these machines are an acceptable idea. They are, in fact, the exact opposite of that. They would be dangerous even if the source code was available for audit.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 17 Jun 2016 @ 7:10am

    Re: I'm still amazed

    Agree... I work in IT, the number of exploits possible against any system is just flat out mind boggling.

    It is worth the time and effort to just count everything by hand or at least to have that option be possible in the case of a close race.

    You can do a lot of remote attacks against a machine, and since the same people I do not trust are in charge of the election machines... yea... not going to even venture a guess on how corrupt the system is.

    The ENTIRE process must absolutely be performed in the public eye were even the average joe should catch MOST attempts at deception.

    link to this | view in thread ]

  10. icon
    TheResidentSkeptic (profile), 17 Jun 2016 @ 7:30am

    It can't be open and verifiable

    The proletariat is lucky to be allowed to cast their vote - at least the voting card isn't pre-punched with their decision on it.

    We are nearly at the point of "Thank you for coming. Your vote has already been recorded".

    If the machines were transparent, then the voters actual chosen candidate would win the election.

    We can't have that.

    /sarc, /snark, /hope

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 17 Jun 2016 @ 7:33am

    Re: Re:

    You don't need that because the companies will be storing the votes in a secret open DB/FTP/whatever for anyone interested enough to find. And when someone reports on that fact, they can expect to be charged with election tampering to start with and have their lives ruined.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 17 Jun 2016 @ 7:40am

    Re: Re: Re:

    That is only for the people dumb enough to tell everyone their names along with their discovery.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 17 Jun 2016 @ 7:44am

    Why Electronic Voting is a BAD Idea - Computerphile

    link to this | view in thread ]

  14. icon
    DannyB (profile), 17 Jun 2016 @ 7:48am

    Re:

    But we, at least in the US, already have secret laws, secret interpretations of laws, secret courts, secret court orders, secret warrants, secret arrests, secret evidence not available to the defense, secret convictions, secret prisons, and secret torture.

    So why should we be worried about secret democratic election software?

    With so much secret surveillance, can you be sure your vote is a secret?

    The NSA
    Is Your Friend!
    Trust The NSA!

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 17 Jun 2016 @ 7:54am

    Maxim

    The are two types of software, that in which bugs have been identified and that in which bugs will be identified.

    I'm not certain the goodness/badness of e-voting. Until I know specifics, I can't offer a reasoned opinion. However, I am certain a model that relies on closed source, proprietary, trade secrets is now and ever will be unacceptable, if we hope to maintain even the merest illusion of democracy.

    This software, if allowed to exist at all, is ONLY appropriately handled under Open Source principles and maintained in publicly readable repositories. The more eyes, the better.

    link to this | view in thread ]

  16. icon
    DannyB (profile), 17 Jun 2016 @ 7:54am

    Re: I'm still amazed

    My secret e-Voting company would like to invite your election board for a two week all expenses paid informational seminar at one of the convention centers at Disney World. We will include free Disney Visa gift cards for your convenience on or off the resort property. We can show you two point four million reasons why you should choose our voting systems.

    (yes, Disney World in Orlando has very nice facilities for large business events like a company Christmas party. Such facilities would work equally well to be rented for the kind of event described above.)

    link to this | view in thread ]

  17. icon
    DannyB (profile), 17 Jun 2016 @ 7:56am

    Re: Why Electronic Voting is a BAD Idea - Computerphile

    E-voting already works very well thank you.

    It just depends on what your definition of 'work' is.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 17 Jun 2016 @ 8:01am

    Re: It can't be open and verifiable

    "We are nearly at the point of "Thank you for coming. Your vote has already been recorded"."

    Remember the company who claimed their facial scanning software could detect your criminal characteristics?

    "An Israeli start-up says it can take one look at a person's face and realize character traits that are undetectable to the human eye. Faception said it's already signed a contract with a homeland security agency to help identify terrorists. The company said its technology also can be used to identify everything from great poker players to extroverts, pedophiles, geniuses and white collar-criminals."

    https://www.techdirt.com/articles/20160524/12210734538/israeli-company-claims-soft ware-can-look-your-face-determine-if-youre-terrorist-murderer.shtml

    So, perhaps in Version 2 there will be no need to leave home to vote. It will already be done for you, and no way to opt out (unless you're deemed an undesirable and then there will be No Vote For You!)

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 17 Jun 2016 @ 8:06am

    Re: Why Electronic Voting is a BAD Idea - Computerphile

    Tom seems a bright lad, but I'm not sure how well-read he is on proposals to incorporate blockchain-ing into potential e-voting schemes.

    link to this | view in thread ]

  20. icon
    Whatever (profile), 17 Jun 2016 @ 8:21am

    Solutions

    I always thought that voting machines would work better if they were really just there to help us mark the ballot. Have the machine show what you are voting for, and have it mark an actual ballot for the item. Then the voter takes the completed paper ballot, verifies it, and puts it in the ballot box - where it can be counted.

    The bonus... because the ballots are machine marked, you could use a second system to actually count them efficiently.

    The bonus bonus: when there is a recount required, you actually have paper ballots. The machines have nothing to do with it, you have the actual paper of record to prove it.

    link to this | view in thread ]

  21. identicon
    Rich Kulawiec, 17 Jun 2016 @ 8:24am

    But that's not how it works

    "The tribunal is satisfied that the Easycount source code is a trade secret and is exempt from disclosure," the AAT said.

    But it will be disclosed. It probably already has -- just not to researchers who are trying to study the integrity of the election process.

    This code has value. Therefore there are buyers. Therefore there are sellers. And the price tag is high enough that both buyers and sellers will accept the risk in order to complete a transaction; see, as the definitive piece on this: Stealing an Election by Bruce Schneier, which is now 12 years old and even more relevant now than it was in 2004.

    Given the realities of elections, power, money, and politics, it's just about certain that this code is in the hands of people other than the vendor. So calling it a "secret" is at best unjustified optimism and at worst a cynical coverup. I think the question is not "if", but "who", and "when", and "why".

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 17 Jun 2016 @ 8:34am

    Re: Lying to congress

    Australia has a parliament, not a congress, so they have Critters of Parliament, not Congress Critters.

    They have a House of Representatives and a Senate modeled on the US chambers, but it's otherwise a parliamentary model.

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 17 Jun 2016 @ 9:43am

    Re: Requirements for an e-Voting system

    1. paper ballots, hand counted, locally reported
    i am a techno guy, but the ONLY reason we have computer based systems, is they can be controlledby TPTB...
    2. um, not mentioned in the article, but, um, OUR computer based voting systems are ALL 'proprietary' / black box software us mere voters are NOT allowed to inspect...
    3. those few times white hat hackers have accessed voting machine code, it was a gigantic steaming pile of spaghetti programming...
    there are only two reasons for spaghetti code, massive incompetence over time, OR, they are purposefully obfuscating the code to hide eee-vil machinations...

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 17 Jun 2016 @ 10:00am

    Re: Requirements for an e-Voting system

    Seeing an image isn't enough, because it would be trivial to re-use images. The voter should see the actual ballot and drop it in a box themselves.

    You'd have to be careful with the "chain of ballot hashes" idea. It seems like something that could damage ballot secrecy, if done wrong. (And even if you can verify a ballot is recorded correctly, that doesn't guarantee it's secret, which could still be a problem with closed-source systems.)

    link to this | view in thread ]

  25. icon
    PaulT (profile), 17 Jun 2016 @ 10:31am

    Re: Solutions

    I agree with most of that. You need a paper trail, you need a way for the voter to confirm the vote is actually cast as you wish. Theres probably some verification steps needed to ensure that there's no tampering with the paper and allow for damaged/lost/illegible printouts, but as long as those first 2 requirements are met I'm ok with electronic voting. A black box with no independent paper trail? Not a chance

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 17 Jun 2016 @ 10:47am

    Re: Re: Solutions

    Except for the case where there is a discrepancy and the DA refuses to perform a manual count of the paper ballots.

    link to this | view in thread ]

  27. icon
    Uriel-238 (profile), 17 Jun 2016 @ 11:00am

    E-voting would still be useful.

    E-voting systems should be completely open source. A secret system screams of built-in fraud.

    But we shouldn't discard the notion of E-voting entirely. A robust and secure E-voting system would allow for participatory democracies at least in small organizations such as communities, if not large ones such as nations.

    A robust, secure universal system would also allow for quicker popular counts, eliminating a lot of the problems we have with mechanical voting (such as gerrymandering and the Electoral college.)

    And it's not like mechanical and hand-counted voting systems are particularly secure or free from fraud.

    link to this | view in thread ]

  28. icon
    PaulT (profile), 17 Jun 2016 @ 11:03am

    Re: Re: Re: Solutions

    Same flaw as a completely physical system though. So, not perfect but as good as the system that's worked for a long time

    link to this | view in thread ]

  29. icon
    Uriel-238 (profile), 17 Jun 2016 @ 11:07am

    Those who can't vote by ballot...

    ...electronic or otherwise, eventually vote by AK-47.

    The whole point of the vote in the first place is that sooner or later, Cerseis and Joffreys end up dominating the throne.

    Though the lords of the US might have figured out that the illusion of enfranchisement is enough to keep the people in line. So long as they think they can vote the bastards out, they won't turn violent.

    We'll see how that plays out.

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 17 Jun 2016 @ 12:28pm

    Those who vote decide nothing, those who count the votes decide everything

    Yours Truly,
    Stalin

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 17 Jun 2016 @ 1:24pm

    to investigate would reveal the fix they have already decided on.

    They might actually have a fair election otherwise instead of the criminal they bribed and blackmailed to enslave the citizenry

    link to this | view in thread ]

  32. identicon
    Stephen, 17 Jun 2016 @ 2:20pm

    No E-Voting for Australian Senate

    In Australia, for example, e-voting is being used for the elections to the country's Senate...
    That statement appears to be incorrect. Last I checked the Australian Electoral Commission wasn't using e-voting for the Senate. So I went to the AEC's website to double-check and sure enough Australians are still using BALLOT PAPERS at the July 2 election, not electronic voting. You can find the details at:

    http://www.aec.gov.au/Voting/How_to_Vote/Voting_Senate.htm
    ...this federal election you’ll have new ways to decide your preferences on your white Senate ballot paper.
    This PDF:

    http://www.aec.gov.au/election/files/e2016-official-guide.pdf

    has more details.

    Having verified that I then went back to check that 9news.com.au article which was quoted in the article. And guess what? It refers to "vote-COUNTING software".

    As distinct from e-VOTING software.

    That is to say, presumably the paper ballots will be scanned in to a computer system and the software used to tally the vote. The reason the AEC is using such vote counting software is because the Australian Senate uses proportional representation and counting its vote by hand can usually take weeks. Senate ballot-papers also tend to be huge, especially in the New South Wales and Victoria. Last election there were only six vacancies to be filled in each state., In NSW that led to a ballot-paper about a yard long with over 100 candidates. This time there has been a double dissolution so here will be twice as many vacancies. Twelve in each state to be precise. Which means in NSW and Victoria the number of candidates could well hit two hundred!

    Now having said all that, none of this is to say that the article's point isn't still valid. However, having paper ballots does mean that if any shenanigans do occur it is more likely to be subtle rather than blatant; and if there are any doubts the paper ballots are around to do a recount.

    link to this | view in thread ]

  33. identicon
    Ed, 17 Jun 2016 @ 3:25pm

    We have been using proprietary voting software for a long time

    Once a year, Australia stops and most adults cast their vote for the winner in a race called the Melbourne Cup. Many people cast multiple votes, and everyone backs their vote with money. Ok, we call this betting on a horse, but it's essentially the same thing.

    Most of this is done electronically these days. It is handled by an entity called the TAB. And, sure, you can cheat on a horse race but it is much harder to cheat the TAB.

    Elections would seem to be lot easier to handle, after all they are only a two-horse race.

    link to this | view in thread ]

  34. identicon
    Kronomex, 17 Jun 2016 @ 4:37pm

    Of course they aren't going to allow researchers access to the software. Can you imagine what would happen if they discovered discrepancies that could allow fraud to occur on behalf of the ruling elite? "Trust us, there's nothing here. Move on. Move on."

    link to this | view in thread ]

  35. identicon
    Andrew, 17 Jun 2016 @ 7:28pm

    Re: No E-Voting for Australian Senate

    I will add to this that the computers used are isolated from any network to prevent hacking and that the count is done multiple times with different people entering data, with results compared.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 18 Jun 2016 @ 1:19am

    Re: Re: Why Electronic Voting is a BAD Idea - Computerphile

    Wow, you turned a rational objection into condescension for no reason.

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 18 Jun 2016 @ 1:24am

    Re: But that's not how it works

    What do you mean? That the vendor has provided the code to a bad guy that paid to see it?

    link to this | view in thread ]

  38. icon
    G Thompson (profile), 18 Jun 2016 @ 1:28am

    Re: Re: Lying to congress

    No we have a House of Reps (lower house) modeled on the UK model, the Senate is modeled on the US Senate (using the UK House of Lords model as well) of elected State based representatives only.

    link to this | view in thread ]

  39. icon
    G Thompson (profile), 18 Jun 2016 @ 1:41am

    Re: No E-Voting for Australian Senate

    Exactly!!


    Glyn could you please update this story to specify that Australia currently (and will not for foreseeable future) have any E-Voting whatsoever for State nor Federal elections.

    All elections use PAPER BALLOTS, which are marked using pencil/pen using NUMBERS in the order of preference wanted by individual voters.

    They are then manually counted using the "mark 1 human eyeball" except for the SENATE in certain circumstances only in which the paper ballots are fed into a scanning mechanism and then the numerals (1 to 6) for the top part of the Ballot paper only. IF the bottom part of the ballot, which can have up to 100+ numbers marked (no less than 12) than that is STILL manually tallied.

    Oh and it is absolutely mandatory for every Australian citizen 18yrs of age or over to vote, unlike the UK or USA. In fact it's an offense not to vote.

    link to this | view in thread ]

  40. icon
    John Fenderson (profile), 18 Jun 2016 @ 1:10pm

    Re: E-voting would still be useful.

    I'm not saying that the concept of electronic voting is unworkable. I'm saying that all of the current approaches to it are, open-sourced or not. They all share a showstopper problem out of the gate: there's no way to verify votes or do meaningful recounts.

    link to this | view in thread ]

  41. identicon
    Anonymous Coward, 18 Jun 2016 @ 3:42pm

    Re: Re: No E-Voting for Australian Senate

    Oh and it is absolutely mandatory for every Australian citizen 18yrs of age or over to vote, unlike the UK or USA. In fact it's an offense not to vote.
    NQR. It is an offence to not get your name marked off the electoral role. There are a set of subsidiary offences to do with marking the ballot incorrectly, but these are unenforceable as we have secret ballots and it is an offence to view anyone else's ballot. So, one does not have to cast a vote merely submit a ballot paper. If the ballot paper is unmarked or incorrectly marked, it is counted as invalid.

    link to this | view in thread ]

  42. icon
    Uriel-238 (profile), 18 Jun 2016 @ 7:44pm

    Re: Re: Re: No E-Voting for Australian Senate

    An unmarked ballot paper is an abstention from all the votes.

    Are you saying they don't want you to abstain from voting regarding those issues in which you don't care or don't have enough information to make a correct decision?

    Incidentally in the USSR voting was mandatory too. Not that it really helped much.

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 19 Jun 2016 @ 5:27am

    Re: Re: Re: Re: No E-Voting for Australian Senate

    What it simply means is that the only legally valid requirement is that your name is crossed off the electoral role for that specific election. What you do afterwards is completely up to you. Those who want will simply mark the papers in such a way that the ballots will be discarded in terms of the actual count. They can't be touched as it is a secret ballot.

    There is always a significant number of people who do this. What will get you into trouble (as in a fine) is not getting your name crossed off. There are also many who do their ballot work in the couple of weeks before hand at their convenience and just ignore the day in question.

    Unlike other places, we don't have a first past the post and the votes are distributed according to the ballot selection.

    This year it is strange because there seems to be very little difference between the majors. The majority of MHR's and Senators seem to be in favour of making this nation a police state and running the nation into the ground.

    The Motoring Enthusiasts Party's former senator has come across as a man who wants to actually do his job but a lot of them just toe the party line and are useless.

    With regards the majors, one side wants one lot of unsavoury characters to have power, while the other major parties want other groups of unsavoury characters to have power. It is looking like we (as a nation) are between a rock and a hard place, in other words, we're screwed. Damned if we do and damned if we don't.

    But the decision is still ahead and we'll need to see what happens in the next couple of weeks. One never knows, we might have a disaster that takes out many of the current candidates and leaves room for a brand new batch.

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 19 Jun 2016 @ 10:15am

    Secrets

    Trade secrets are fine within private industry. The public voting process should be transparent (for obvious reasons) and thus software containing SECRETS of any kind should be forbidden from use. (again for obvious reasons)

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.