Australian Electoral Commission Refuses To Allow Researchers To Check E-Voting Software

from the after-all,-it's-only-democracy-that's-at-stake dept

The fact that Techdirt has been writing about e-voting problems for sixteen years, and that the very first post on the topic had the headline "E-voting is Not Safe," gives an indication of what a troubled area this is. Despite the evidence that stringent controls are still needed to avoid the risk of electoral fraud, some people seem naively to assume that e-voting is now a mature and safe technology that can be deployed without further thought.

In Australia, for example, e-voting is being used for the elections to the country's Senate, but the Australian Electoral Commission (AEC) has refused to release the relevant software, despite a Senate motion and a freedom of information request. Being able to examine the code is a fundamental requirement, since there is no way of knowing what "black box" e-voting systems are doing with the votes that are entered. A story by the Australian Associated Press (AAP) explains why AEC is resisting:

The Australian Electoral Commission referred AAP to a decision by the Administrative Appeals Tribunal [AAT] in December 2015.

In that decision, relating to a freedom of information request, the tribunal found the release of the source code for the software known as Easycount would have the potential to diminish its commercial value.

"The tribunal is satisfied that the Easycount source code is a trade secret and is exempt from disclosure," the AAT said.
Placing trade secrets above the public interest is a curious choice, to say the least. It seems particularly questionable given Australia's recent experience with e-voting software problems:
When the ACT Electoral Commission released its counting code, researchers at Australian National University found three bugs which were subsequently fixed before an election.

When the Victorian Electoral Commission made its electronic voting protocol available to researchers in 2010, University of Melbourne researchers identified a security weakness which was then rectified before the state election.
As Techdirt readers well know, bugs are commonplace, and there's no particular shame if some are found in a complex piece of software. But refusing to allow independent researchers to look for those bugs so that they can be fixed is inexcusable when the integrity of the democratic selection process is at stake.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    ArkieGuy (profile), 17 Jun 2016 @ 6:36am

    Lying to congress

    Isn't it illegal to lie to congress? Sounds like an impeachable offense for some anti-privacy congress critters.

    Oh wait.... It's probably not illegal for a congressman to lie to congress, just peasants.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jun 2016 @ 6:57am

      Re: Lying to congress

      There is no way any politician would ever make a rule against lying. There already are rules for perjury, but you can easily tell they only leverage those against pissants, never against colleagues because they are deathly afraid of it coming back and biting them ALL in the asses.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jun 2016 @ 8:34am

      Re: Lying to congress

      Australia has a parliament, not a congress, so they have Critters of Parliament, not Congress Critters.

      They have a House of Representatives and a Senate modeled on the US chambers, but it's otherwise a parliamentary model.

      reply to this | link to this | view in chronology ]

      • icon
        G Thompson (profile), 18 Jun 2016 @ 1:28am

        Re: Re: Lying to congress

        No we have a House of Reps (lower house) modeled on the UK model, the Senate is modeled on the US Senate (using the UK House of Lords model as well) of elected State based representatives only.

        reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 17 Jun 2016 @ 6:40am

    Requirements for an e-Voting system

    * Open Source
    * Only 'key' parameters (eg, pure data nonexecutable) are secret
    * Electronically records your vote, to a local and off site archive
    * Each ballot recorded in the electronic archive is digitally signed by the machine with a sequence number, and includes the hash of the previous ballot. (and the previous ballot included the hash of its previous ballot, etc. thus ensuring a verifiable chain of ballots.)
    * Prints a paper record into a local archive. (eg, a machine that has a bin gradually accumulating a stack of small ballot cards which would be similar to a paper ballot)
    * The voter can see an on-screen image of the 'paper' ballot after they have confirmed and submitted their vote -- that way the voter knows that their vote was correctly 'recorded'.

    Both electronic and human recounts are possible because of both the electronic and paper archive of ballots.

    The paper and electronic archives can be audited to ensure the two archives exactly match. The local electronic and remote electronic archive can also be audited to ensure they match.

    The paper ballots that are archived in a card stack would be designed to be human readable, but also easily machine readable such that the machine can read the same thing that a human reads (eg, not a barcode along with a printed indication of what the vote is which is two separate things.)

    Now, even if the e-Voting software were closed source, it would be possible to ensure that its behavior is correct. None of this business where the only record is an electronic record -- and it is a correct and true record of what voters voted! I swear! No, really. I promise! Trust me.

    Voting results could be instantly available online so that people in Western longitudes know that it is pointless for them to go out and vote.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jun 2016 @ 9:43am

      Re: Requirements for an e-Voting system

      1. paper ballots, hand counted, locally reported
      i am a techno guy, but the ONLY reason we have computer based systems, is they can be controlledby TPTB...
      2. um, not mentioned in the article, but, um, OUR computer based voting systems are ALL 'proprietary' / black box software us mere voters are NOT allowed to inspect...
      3. those few times white hat hackers have accessed voting machine code, it was a gigantic steaming pile of spaghetti programming...
      there are only two reasons for spaghetti code, massive incompetence over time, OR, they are purposefully obfuscating the code to hide eee-vil machinations...

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jun 2016 @ 10:00am

      Re: Requirements for an e-Voting system

      Seeing an image isn't enough, because it would be trivial to re-use images. The voter should see the actual ballot and drop it in a box themselves.

      You'd have to be careful with the "chain of ballot hashes" idea. It seems like something that could damage ballot secrecy, if done wrong. (And even if you can verify a ballot is recorded correctly, that doesn't guarantee it's secret, which could still be a problem with closed-source systems.)

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2016 @ 6:42am

    "The tribunal is satisfied that the Easycount source code is a trade secret and is exempt from disclosure,"
    If that's the case then the correct response by the government *should* be "alright, we shall not continue to use your voting machines then."

    But really it should have been in the contract to begin with that the source code being turned over was a non-negotiable condition for being in the business of providing voting machines.

    reply to this | link to this | view in chronology ]

    • icon
      Mason Wheeler (profile), 17 Jun 2016 @ 6:57am

      Re:

      Exactly. If your "trade" is democracy itself, you do not get to keep secrets. Otherwise the democracy ends up broken, and that's a higher priority.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 17 Jun 2016 @ 7:01am

        Re: Re:

        This can NEVER be said enough.

        There is no place for the concept of Secrecy in a Democracy. You guys are now beginning to see why a true democracy will never work. Actually there are 2 reasons.

        #1. Agents of the government seek secrecy to gird themselves from scrutiny, be for good or evil.

        #2. People will only remain prosperous until they find they can vote themselves largess.

        America is currently suffering directly under both of these principals. We are have destroyed our democracy, we are something else right now.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 17 Jun 2016 @ 7:33am

        Re: Re:

        You don't need that because the companies will be storing the votes in a secret open DB/FTP/whatever for anyone interested enough to find. And when someone reports on that fact, they can expect to be charged with election tampering to start with and have their lives ruined.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2016 @ 6:56am

    Proprietary code in election software is equivalent to secret law.

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 17 Jun 2016 @ 7:48am

      Re:

      But we, at least in the US, already have secret laws, secret interpretations of laws, secret courts, secret court orders, secret warrants, secret arrests, secret evidence not available to the defense, secret convictions, secret prisons, and secret torture.

      So why should we be worried about secret democratic election software?

      With so much secret surveillance, can you be sure your vote is a secret?

      The NSA
      Is Your Friend!
      Trust The NSA!

      reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 17 Jun 2016 @ 7:04am

    I'm still amazed

    I'm still amazed that anyone -- particularly election boards -- thinks that these machines are an acceptable idea. They are, in fact, the exact opposite of that. They would be dangerous even if the source code was available for audit.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jun 2016 @ 7:10am

      Re: I'm still amazed

      Agree... I work in IT, the number of exploits possible against any system is just flat out mind boggling.

      It is worth the time and effort to just count everything by hand or at least to have that option be possible in the case of a close race.

      You can do a lot of remote attacks against a machine, and since the same people I do not trust are in charge of the election machines... yea... not going to even venture a guess on how corrupt the system is.

      The ENTIRE process must absolutely be performed in the public eye were even the average joe should catch MOST attempts at deception.

      reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 17 Jun 2016 @ 7:54am

      Re: I'm still amazed

      My secret e-Voting company would like to invite your election board for a two week all expenses paid informational seminar at one of the convention centers at Disney World. We will include free Disney Visa gift cards for your convenience on or off the resort property. We can show you two point four million reasons why you should choose our voting systems.

      (yes, Disney World in Orlando has very nice facilities for large business events like a company Christmas party. Such facilities would work equally well to be rented for the kind of event described above.)

      reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 17 Jun 2016 @ 11:00am

      E-voting would still be useful.

      E-voting systems should be completely open source. A secret system screams of built-in fraud.

      But we shouldn't discard the notion of E-voting entirely. A robust and secure E-voting system would allow for participatory democracies at least in small organizations such as communities, if not large ones such as nations.

      A robust, secure universal system would also allow for quicker popular counts, eliminating a lot of the problems we have with mechanical voting (such as gerrymandering and the Electoral college.)

      And it's not like mechanical and hand-counted voting systems are particularly secure or free from fraud.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 18 Jun 2016 @ 1:10pm

        Re: E-voting would still be useful.

        I'm not saying that the concept of electronic voting is unworkable. I'm saying that all of the current approaches to it are, open-sourced or not. They all share a showstopper problem out of the gate: there's no way to verify votes or do meaningful recounts.

        reply to this | link to this | view in chronology ]

  • icon
    TheResidentSkeptic (profile), 17 Jun 2016 @ 7:30am

    It can't be open and verifiable

    The proletariat is lucky to be allowed to cast their vote - at least the voting card isn't pre-punched with their decision on it.

    We are nearly at the point of "Thank you for coming. Your vote has already been recorded".

    If the machines were transparent, then the voters actual chosen candidate would win the election.

    We can't have that.

    /sarc, /snark, /hope

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jun 2016 @ 8:01am

      Re: It can't be open and verifiable

      "We are nearly at the point of "Thank you for coming. Your vote has already been recorded"."

      Remember the company who claimed their facial scanning software could detect your criminal characteristics?

      "An Israeli start-up says it can take one look at a person's face and realize character traits that are undetectable to the human eye. Faception said it's already signed a contract with a homeland security agency to help identify terrorists. The company said its technology also can be used to identify everything from great poker players to extroverts, pedophiles, geniuses and white collar-criminals."

      https://www.techdirt.com/articles/20160524/12210734538/israeli-company-claims-soft ware-can-look-your-face-determine-if-youre-terrorist-murderer.shtml

      So, perhaps in Version 2 there will be no need to leave home to vote. It will already be done for you, and no way to opt out (unless you're deemed an undesirable and then there will be No Vote For You!)

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2016 @ 7:44am

    Why Electronic Voting is a BAD Idea - Computerphile

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 17 Jun 2016 @ 7:56am

      Re: Why Electronic Voting is a BAD Idea - Computerphile

      E-voting already works very well thank you.

      It just depends on what your definition of 'work' is.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jun 2016 @ 8:06am

      Re: Why Electronic Voting is a BAD Idea - Computerphile

      Tom seems a bright lad, but I'm not sure how well-read he is on proposals to incorporate blockchain-ing into potential e-voting schemes.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 18 Jun 2016 @ 1:19am

        Re: Re: Why Electronic Voting is a BAD Idea - Computerphile

        Wow, you turned a rational objection into condescension for no reason.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2016 @ 7:54am

    Maxim

    The are two types of software, that in which bugs have been identified and that in which bugs will be identified.

    I'm not certain the goodness/badness of e-voting. Until I know specifics, I can't offer a reasoned opinion. However, I am certain a model that relies on closed source, proprietary, trade secrets is now and ever will be unacceptable, if we hope to maintain even the merest illusion of democracy.

    This software, if allowed to exist at all, is ONLY appropriately handled under Open Source principles and maintained in publicly readable repositories. The more eyes, the better.

    reply to this | link to this | view in chronology ]

  • icon
    Whatever (profile), 17 Jun 2016 @ 8:21am

    Solutions

    I always thought that voting machines would work better if they were really just there to help us mark the ballot. Have the machine show what you are voting for, and have it mark an actual ballot for the item. Then the voter takes the completed paper ballot, verifies it, and puts it in the ballot box - where it can be counted.

    The bonus... because the ballots are machine marked, you could use a second system to actually count them efficiently.

    The bonus bonus: when there is a recount required, you actually have paper ballots. The machines have nothing to do with it, you have the actual paper of record to prove it.

    reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 17 Jun 2016 @ 10:31am

      Re: Solutions

      I agree with most of that. You need a paper trail, you need a way for the voter to confirm the vote is actually cast as you wish. Theres probably some verification steps needed to ensure that there's no tampering with the paper and allow for damaged/lost/illegible printouts, but as long as those first 2 requirements are met I'm ok with electronic voting. A black box with no independent paper trail? Not a chance

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 17 Jun 2016 @ 10:47am

        Re: Re: Solutions

        Except for the case where there is a discrepancy and the DA refuses to perform a manual count of the paper ballots.

        reply to this | link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 17 Jun 2016 @ 8:24am

    But that's not how it works

    "The tribunal is satisfied that the Easycount source code is a trade secret and is exempt from disclosure," the AAT said.

    But it will be disclosed. It probably already has -- just not to researchers who are trying to study the integrity of the election process.

    This code has value. Therefore there are buyers. Therefore there are sellers. And the price tag is high enough that both buyers and sellers will accept the risk in order to complete a transaction; see, as the definitive piece on this: Stealing an Election by Bruce Schneier, which is now 12 years old and even more relevant now than it was in 2004.

    Given the realities of elections, power, money, and politics, it's just about certain that this code is in the hands of people other than the vendor. So calling it a "secret" is at best unjustified optimism and at worst a cynical coverup. I think the question is not "if", but "who", and "when", and "why".

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Jun 2016 @ 1:24am

      Re: But that's not how it works

      What do you mean? That the vendor has provided the code to a bad guy that paid to see it?

      reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 17 Jun 2016 @ 11:07am

    Those who can't vote by ballot...

    ...electronic or otherwise, eventually vote by AK-47.

    The whole point of the vote in the first place is that sooner or later, Cerseis and Joffreys end up dominating the throne.

    Though the lords of the US might have figured out that the illusion of enfranchisement is enough to keep the people in line. So long as they think they can vote the bastards out, they won't turn violent.

    We'll see how that plays out.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2016 @ 12:28pm

    Those who vote decide nothing, those who count the votes decide everything

    Yours Truly,
    Stalin

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2016 @ 1:24pm

    to investigate would reveal the fix they have already decided on.

    They might actually have a fair election otherwise instead of the criminal they bribed and blackmailed to enslave the citizenry

    reply to this | link to this | view in chronology ]

  • identicon
    Stephen, 17 Jun 2016 @ 2:20pm

    No E-Voting for Australian Senate

    In Australia, for example, e-voting is being used for the elections to the country's Senate...
    That statement appears to be incorrect. Last I checked the Australian Electoral Commission wasn't using e-voting for the Senate. So I went to the AEC's website to double-check and sure enough Australians are still using BALLOT PAPERS at the July 2 election, not electronic voting. You can find the details at:

    http://www.aec.gov.au/Voting/How_to_Vote/Voting_Senate.htm
    ...this federal election you’ll have new ways to decide your preferences on your white Senate ballot paper.
    This PDF:

    http://www.aec.gov.au/election/files/e2016-official-guide.pdf

    has more details.

    Having verified that I then went back to check that 9news.com.au article which was quoted in the article. And guess what? It refers to "vote-COUNTING software".

    As distinct from e-VOTING software.

    That is to say, presumably the paper ballots will be scanned in to a computer system and the software used to tally the vote. The reason the AEC is using such vote counting software is because the Australian Senate uses proportional representation and counting its vote by hand can usually take weeks. Senate ballot-papers also tend to be huge, especially in the New South Wales and Victoria. Last election there were only six vacancies to be filled in each state., In NSW that led to a ballot-paper about a yard long with over 100 candidates. This time there has been a double dissolution so here will be twice as many vacancies. Twelve in each state to be precise. Which means in NSW and Victoria the number of candidates could well hit two hundred!

    Now having said all that, none of this is to say that the article's point isn't still valid. However, having paper ballots does mean that if any shenanigans do occur it is more likely to be subtle rather than blatant; and if there are any doubts the paper ballots are around to do a recount.

    reply to this | link to this | view in chronology ]

    • identicon
      Andrew, 17 Jun 2016 @ 7:28pm

      Re: No E-Voting for Australian Senate

      I will add to this that the computers used are isolated from any network to prevent hacking and that the count is done multiple times with different people entering data, with results compared.

      reply to this | link to this | view in chronology ]

    • icon
      G Thompson (profile), 18 Jun 2016 @ 1:41am

      Re: No E-Voting for Australian Senate

      Exactly!!


      Glyn could you please update this story to specify that Australia currently (and will not for foreseeable future) have any E-Voting whatsoever for State nor Federal elections.

      All elections use PAPER BALLOTS, which are marked using pencil/pen using NUMBERS in the order of preference wanted by individual voters.

      They are then manually counted using the "mark 1 human eyeball" except for the SENATE in certain circumstances only in which the paper ballots are fed into a scanning mechanism and then the numerals (1 to 6) for the top part of the Ballot paper only. IF the bottom part of the ballot, which can have up to 100+ numbers marked (no less than 12) than that is STILL manually tallied.

      Oh and it is absolutely mandatory for every Australian citizen 18yrs of age or over to vote, unlike the UK or USA. In fact it's an offense not to vote.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 18 Jun 2016 @ 3:42pm

        Re: Re: No E-Voting for Australian Senate

        Oh and it is absolutely mandatory for every Australian citizen 18yrs of age or over to vote, unlike the UK or USA. In fact it's an offense not to vote.
        NQR. It is an offence to not get your name marked off the electoral role. There are a set of subsidiary offences to do with marking the ballot incorrectly, but these are unenforceable as we have secret ballots and it is an offence to view anyone else's ballot. So, one does not have to cast a vote merely submit a ballot paper. If the ballot paper is unmarked or incorrectly marked, it is counted as invalid.

        reply to this | link to this | view in chronology ]

        • icon
          Uriel-238 (profile), 18 Jun 2016 @ 7:44pm

          Re: Re: Re: No E-Voting for Australian Senate

          An unmarked ballot paper is an abstention from all the votes.

          Are you saying they don't want you to abstain from voting regarding those issues in which you don't care or don't have enough information to make a correct decision?

          Incidentally in the USSR voting was mandatory too. Not that it really helped much.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 19 Jun 2016 @ 5:27am

            Re: Re: Re: Re: No E-Voting for Australian Senate

            What it simply means is that the only legally valid requirement is that your name is crossed off the electoral role for that specific election. What you do afterwards is completely up to you. Those who want will simply mark the papers in such a way that the ballots will be discarded in terms of the actual count. They can't be touched as it is a secret ballot.

            There is always a significant number of people who do this. What will get you into trouble (as in a fine) is not getting your name crossed off. There are also many who do their ballot work in the couple of weeks before hand at their convenience and just ignore the day in question.

            Unlike other places, we don't have a first past the post and the votes are distributed according to the ballot selection.

            This year it is strange because there seems to be very little difference between the majors. The majority of MHR's and Senators seem to be in favour of making this nation a police state and running the nation into the ground.

            The Motoring Enthusiasts Party's former senator has come across as a man who wants to actually do his job but a lot of them just toe the party line and are useless.

            With regards the majors, one side wants one lot of unsavoury characters to have power, while the other major parties want other groups of unsavoury characters to have power. It is looking like we (as a nation) are between a rock and a hard place, in other words, we're screwed. Damned if we do and damned if we don't.

            But the decision is still ahead and we'll need to see what happens in the next couple of weeks. One never knows, we might have a disaster that takes out many of the current candidates and leaves room for a brand new batch.

            reply to this | link to this | view in chronology ]

  • identicon
    Ed, 17 Jun 2016 @ 3:25pm

    We have been using proprietary voting software for a long time

    Once a year, Australia stops and most adults cast their vote for the winner in a race called the Melbourne Cup. Many people cast multiple votes, and everyone backs their vote with money. Ok, we call this betting on a horse, but it's essentially the same thing.

    Most of this is done electronically these days. It is handled by an entity called the TAB. And, sure, you can cheat on a horse race but it is much harder to cheat the TAB.

    Elections would seem to be lot easier to handle, after all they are only a two-horse race.

    reply to this | link to this | view in chronology ]

  • identicon
    Kronomex, 17 Jun 2016 @ 4:37pm

    Of course they aren't going to allow researchers access to the software. Can you imagine what would happen if they discovered discrepancies that could allow fraud to occur on behalf of the ruling elite? "Trust us, there's nothing here. Move on. Move on."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Jun 2016 @ 10:15am

    Secrets

    Trade secrets are fine within private industry. The public voting process should be transparent (for obvious reasons) and thus software containing SECRETS of any kind should be forbidden from use. (again for obvious reasons)

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.