Australian Electoral Commission Refuses To Allow Researchers To Check E-Voting Software

from the after-all,-it's-only-democracy-that's-at-stake dept

The fact that Techdirt has been writing about e-voting problems for sixteen years, and that the very first post on the topic had the headline “E-voting is Not Safe,” gives an indication of what a troubled area this is. Despite the evidence that stringent controls are still needed to avoid the risk of electoral fraud, some people seem naively to assume that e-voting is now a mature and safe technology that can be deployed without further thought.

In Australia, for example, e-voting is being used for the elections to the country’s Senate, but the Australian Electoral Commission (AEC) has refused to release the relevant software, despite a Senate motion and a freedom of information request. Being able to examine the code is a fundamental requirement, since there is no way of knowing what “black box” e-voting systems are doing with the votes that are entered. A story by the Australian Associated Press (AAP) explains why AEC is resisting:

The Australian Electoral Commission referred AAP to a decision by the Administrative Appeals Tribunal [AAT] in December 2015.

In that decision, relating to a freedom of information request, the tribunal found the release of the source code for the software known as Easycount would have the potential to diminish its commercial value.

“The tribunal is satisfied that the Easycount source code is a trade secret and is exempt from disclosure,” the AAT said.

Placing trade secrets above the public interest is a curious choice, to say the least. It seems particularly questionable given Australia’s recent experience with e-voting software problems:

When the ACT Electoral Commission released its counting code, researchers at Australian National University found three bugs which were subsequently fixed before an election.

When the Victorian Electoral Commission made its electronic voting protocol available to researchers in 2010, University of Melbourne researchers identified a security weakness which was then rectified before the state election.

As Techdirt readers well know, bugs are commonplace, and there’s no particular shame if some are found in a complex piece of software. But refusing to allow independent researchers to look for those bugs so that they can be fixed is inexcusable when the integrity of the democratic selection process is at stake.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Australian Electoral Commission Refuses To Allow Researchers To Check E-Voting Software”

Subscribe: RSS Leave a comment
DannyB (profile) says:

Requirements for an e-Voting system

* Open Source
* Only ‘key’ parameters (eg, pure data nonexecutable) are secret
* Electronically records your vote, to a local and off site archive
* Each ballot recorded in the electronic archive is digitally signed by the machine with a sequence number, and includes the hash of the previous ballot. (and the previous ballot included the hash of its previous ballot, etc. thus ensuring a verifiable chain of ballots.)
* Prints a paper record into a local archive. (eg, a machine that has a bin gradually accumulating a stack of small ballot cards which would be similar to a paper ballot)
* The voter can see an on-screen image of the ‘paper’ ballot after they have confirmed and submitted their vote — that way the voter knows that their vote was correctly ‘recorded’.

Both electronic and human recounts are possible because of both the electronic and paper archive of ballots.

The paper and electronic archives can be audited to ensure the two archives exactly match. The local electronic and remote electronic archive can also be audited to ensure they match.

The paper ballots that are archived in a card stack would be designed to be human readable, but also easily machine readable such that the machine can read the same thing that a human reads (eg, not a barcode along with a printed indication of what the vote is which is two separate things.)

Now, even if the e-Voting software were closed source, it would be possible to ensure that its behavior is correct. None of this business where the only record is an electronic record — and it is a correct and true record of what voters voted! I swear! No, really. I promise! Trust me.

Voting results could be instantly available online so that people in Western longitudes know that it is pointless for them to go out and vote.

Anonymous Coward says:

Re: Requirements for an e-Voting system

  1. paper ballots, hand counted, locally reported
    i am a techno guy, but the ONLY reason we have computer based systems, is they can be controlledby TPTB…
    2. um, not mentioned in the article, but, um, OUR computer based voting systems are ALL ‘proprietary’ / black box software us mere voters are NOT allowed to inspect…
    3. those few times white hat hackers have accessed voting machine code, it was a gigantic steaming pile of spaghetti programming…
    there are only two reasons for spaghetti code, massive incompetence over time, OR, they are purposefully obfuscating the code to hide eee-vil machinations…
Anonymous Coward says:

Re: Requirements for an e-Voting system

Seeing an image isn’t enough, because it would be trivial to re-use images. The voter should see the actual ballot and drop it in a box themselves.

You’d have to be careful with the “chain of ballot hashes” idea. It seems like something that could damage ballot secrecy, if done wrong. (And even if you can verify a ballot is recorded correctly, that doesn’t guarantee it’s secret, which could still be a problem with closed-source systems.)

Anonymous Coward says:

“The tribunal is satisfied that the Easycount source code is a trade secret and is exempt from disclosure,”
If that’s the case then the correct response by the government *should* be “alright, we shall not continue to use your voting machines then.”

But really it should have been in the contract to begin with that the source code being turned over was a non-negotiable condition for being in the business of providing voting machines.

Anonymous Coward says:

Re: Re: Re:

This can NEVER be said enough.

There is no place for the concept of Secrecy in a Democracy. You guys are now beginning to see why a true democracy will never work. Actually there are 2 reasons.

#1. Agents of the government seek secrecy to gird themselves from scrutiny, be for good or evil.

#2. People will only remain prosperous until they find they can vote themselves largess.

America is currently suffering directly under both of these principals. We are have destroyed our democracy, we are something else right now.

Anonymous Coward says:

Re: Re: Re:

You don’t need that because the companies will be storing the votes in a secret open DB/FTP/whatever for anyone interested enough to find. And when someone reports on that fact, they can expect to be charged with election tampering to start with and have their lives ruined.

DannyB (profile) says:

Re: Re:

But we, at least in the US, already have secret laws, secret interpretations of laws, secret courts, secret court orders, secret warrants, secret arrests, secret evidence not available to the defense, secret convictions, secret prisons, and secret torture.

So why should we be worried about secret democratic election software?

With so much secret surveillance, can you be sure your vote is a secret?

Is Your Friend!
Trust The NSA!

Anonymous Coward says:

Re: I'm still amazed

Agree… I work in IT, the number of exploits possible against any system is just flat out mind boggling.

It is worth the time and effort to just count everything by hand or at least to have that option be possible in the case of a close race.

You can do a lot of remote attacks against a machine, and since the same people I do not trust are in charge of the election machines… yea… not going to even venture a guess on how corrupt the system is.

The ENTIRE process must absolutely be performed in the public eye were even the average joe should catch MOST attempts at deception.

DannyB (profile) says:

Re: I'm still amazed

My secret e-Voting company would like to invite your election board for a two week all expenses paid informational seminar at one of the convention centers at Disney World. We will include free Disney Visa gift cards for your convenience on or off the resort property. We can show you two point four million reasons why you should choose our voting systems.

(yes, Disney World in Orlando has very nice facilities for large business events like a company Christmas party. Such facilities would work equally well to be rented for the kind of event described above.)

Uriel-238 (profile) says:

Re: E-voting would still be useful.

E-voting systems should be completely open source. A secret system screams of built-in fraud.

But we shouldn’t discard the notion of E-voting entirely. A robust and secure E-voting system would allow for participatory democracies at least in small organizations such as communities, if not large ones such as nations.

A robust, secure universal system would also allow for quicker popular counts, eliminating a lot of the problems we have with mechanical voting (such as gerrymandering and the Electoral college.)

And it’s not like mechanical and hand-counted voting systems are particularly secure or free from fraud.

TheResidentSkeptic says:

It can't be open and verifiable

The proletariat is lucky to be allowed to cast their vote – at least the voting card isn’t pre-punched with their decision on it.

We are nearly at the point of “Thank you for coming. Your vote has already been recorded”.

If the machines were transparent, then the voters actual chosen candidate would win the election.

We can’t have that.

/sarc, /snark, /hope

Anonymous Coward says:

Re: It can't be open and verifiable

“We are nearly at the point of “Thank you for coming. Your vote has already been recorded”.”

Remember the company who claimed their facial scanning software could detect your criminal characteristics?

“An Israeli start-up says it can take one look at a person’s face and realize character traits that are undetectable to the human eye. Faception said it’s already signed a contract with a homeland security agency to help identify terrorists. The company said its technology also can be used to identify everything from great poker players to extroverts, pedophiles, geniuses and white collar-criminals.”

So, perhaps in Version 2 there will be no need to leave home to vote. It will already be done for you, and no way to opt out (unless you’re deemed an undesirable and then there will be No Vote For You!)

Anonymous Coward says:


The are two types of software, that in which bugs have been identified and that in which bugs will be identified.

I’m not certain the goodness/badness of e-voting. Until I know specifics, I can’t offer a reasoned opinion. However, I am certain a model that relies on closed source, proprietary, trade secrets is now and ever will be unacceptable, if we hope to maintain even the merest illusion of democracy.

This software, if allowed to exist at all, is ONLY appropriately handled under Open Source principles and maintained in publicly readable repositories. The more eyes, the better.

Whatever says:


I always thought that voting machines would work better if they were really just there to help us mark the ballot. Have the machine show what you are voting for, and have it mark an actual ballot for the item. Then the voter takes the completed paper ballot, verifies it, and puts it in the ballot box – where it can be counted.

The bonus… because the ballots are machine marked, you could use a second system to actually count them efficiently.

The bonus bonus: when there is a recount required, you actually have paper ballots. The machines have nothing to do with it, you have the actual paper of record to prove it.

PaulT (profile) says:

Re: Solutions

I agree with most of that. You need a paper trail, you need a way for the voter to confirm the vote is actually cast as you wish. Theres probably some verification steps needed to ensure that there’s no tampering with the paper and allow for damaged/lost/illegible printouts, but as long as those first 2 requirements are met I’m ok with electronic voting. A black box with no independent paper trail? Not a chance

Rich Kulawiec (profile) says:

But that's not how it works

“The tribunal is satisfied that the Easycount source code is a trade secret and is exempt from disclosure,” the AAT said.

But it will be disclosed. It probably already has — just not to researchers who are trying to study the integrity of the election process.

This code has value. Therefore there are buyers. Therefore there are sellers. And the price tag is high enough that both buyers and sellers will accept the risk in order to complete a transaction; see, as the definitive piece on this: Stealing an Election by Bruce Schneier, which is now 12 years old and even more relevant now than it was in 2004.

Given the realities of elections, power, money, and politics, it’s just about certain that this code is in the hands of people other than the vendor. So calling it a “secret” is at best unjustified optimism and at worst a cynical coverup. I think the question is not “if”, but “who”, and “when”, and “why”.

Uriel-238 (profile) says:

Those who can't vote by ballot...

…electronic or otherwise, eventually vote by AK-47.

The whole point of the vote in the first place is that sooner or later, Cerseis and Joffreys end up dominating the throne.

Though the lords of the US might have figured out that the illusion of enfranchisement is enough to keep the people in line. So long as they think they can vote the bastards out, they won’t turn violent.

We’ll see how that plays out.

Stephen says:

No E-Voting for Australian Senate

In Australia, for example, e-voting is being used for the elections to the country’s Senate…

That statement appears to be incorrect. Last I checked the Australian Electoral Commission wasn’t using e-voting for the Senate. So I went to the AEC’s website to double-check and sure enough Australians are still using BALLOT PAPERS at the July 2 election, not electronic voting. You can find the details at:

…this federal election you’ll have new ways to decide your preferences on your white Senate ballot paper.

This PDF:

has more details.

Having verified that I then went back to check that article which was quoted in the article. And guess what? It refers to “vote-COUNTING software”.

As distinct from e-VOTING software.

That is to say, presumably the paper ballots will be scanned in to a computer system and the software used to tally the vote. The reason the AEC is using such vote counting software is because the Australian Senate uses proportional representation and counting its vote by hand can usually take weeks. Senate ballot-papers also tend to be huge, especially in the New South Wales and Victoria. Last election there were only six vacancies to be filled in each state., In NSW that led to a ballot-paper about a yard long with over 100 candidates. This time there has been a double dissolution so here will be twice as many vacancies. Twelve in each state to be precise. Which means in NSW and Victoria the number of candidates could well hit two hundred!

Now having said all that, none of this is to say that the article’s point isn’t still valid. However, having paper ballots does mean that if any shenanigans do occur it is more likely to be subtle rather than blatant; and if there are any doubts the paper ballots are around to do a recount.

G Thompson (profile) says:

Re: No E-Voting for Australian Senate


Glyn could you please update this story to specify that Australia currently (and will not for foreseeable future) have any E-Voting whatsoever for State nor Federal elections.

All elections use PAPER BALLOTS, which are marked using pencil/pen using NUMBERS in the order of preference wanted by individual voters.

They are then manually counted using the “mark 1 human eyeball” except for the SENATE in certain circumstances only in which the paper ballots are fed into a scanning mechanism and then the numerals (1 to 6) for the top part of the Ballot paper only. IF the bottom part of the ballot, which can have up to 100+ numbers marked (no less than 12) than that is STILL manually tallied.

Oh and it is absolutely mandatory for every Australian citizen 18yrs of age or over to vote, unlike the UK or USA. In fact it’s an offense not to vote.

Anonymous Coward says:

Re: Re: No E-Voting for Australian Senate

Oh and it is absolutely mandatory for every Australian citizen 18yrs of age or over to vote, unlike the UK or USA. In fact it’s an offense not to vote.

NQR. It is an offence to not get your name marked off the electoral role. There are a set of subsidiary offences to do with marking the ballot incorrectly, but these are unenforceable as we have secret ballots and it is an offence to view anyone else’s ballot. So, one does not have to cast a vote merely submit a ballot paper. If the ballot paper is unmarked or incorrectly marked, it is counted as invalid.

Uriel-238 (profile) says:

Re: Re: Re: No E-Voting for Australian Senate

An unmarked ballot paper is an abstention from all the votes.

Are you saying they don’t want you to abstain from voting regarding those issues in which you don’t care or don’t have enough information to make a correct decision?

Incidentally in the USSR voting was mandatory too. Not that it really helped much.

Anonymous Coward says:

Re: Re: Re:2 No E-Voting for Australian Senate

What it simply means is that the only legally valid requirement is that your name is crossed off the electoral role for that specific election. What you do afterwards is completely up to you. Those who want will simply mark the papers in such a way that the ballots will be discarded in terms of the actual count. They can’t be touched as it is a secret ballot.

There is always a significant number of people who do this. What will get you into trouble (as in a fine) is not getting your name crossed off. There are also many who do their ballot work in the couple of weeks before hand at their convenience and just ignore the day in question.

Unlike other places, we don’t have a first past the post and the votes are distributed according to the ballot selection.

This year it is strange because there seems to be very little difference between the majors. The majority of MHR’s and Senators seem to be in favour of making this nation a police state and running the nation into the ground.

The Motoring Enthusiasts Party’s former senator has come across as a man who wants to actually do his job but a lot of them just toe the party line and are useless.

With regards the majors, one side wants one lot of unsavoury characters to have power, while the other major parties want other groups of unsavoury characters to have power. It is looking like we (as a nation) are between a rock and a hard place, in other words, we’re screwed. Damned if we do and damned if we don’t.

But the decision is still ahead and we’ll need to see what happens in the next couple of weeks. One never knows, we might have a disaster that takes out many of the current candidates and leaves room for a brand new batch.

Ed (profile) says:

We have been using proprietary voting software for a long time

Once a year, Australia stops and most adults cast their vote for the winner in a race called the Melbourne Cup. Many people cast multiple votes, and everyone backs their vote with money. Ok, we call this betting on a horse, but it’s essentially the same thing.

Most of this is done electronically these days. It is handled by an entity called the TAB. And, sure, you can cheat on a horse race but it is much harder to cheat the TAB.

Elections would seem to be lot easier to handle, after all they are only a two-horse race.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...