Electronic voting for NSW 2019


#1

This isn’t my forte. What do you think of the vendor/software/security?
https://tenders.nsw.gov.au/?event=public.cn.view&CNUUID=2C6B65BD-94FA-900F-07DA23EAEDBF8165
https://www.scytl.com/en/online-voting-technology-security/
https://www.scytl.com/en/resource/secure-fully-verifiability-online-voting/


(Alex Jago) #2

Has Vanessa Teague said anything about them? As far as I’m concerned she’s the authority on this sort of thing, at least in the Australian context.


(miles_w) #3

I did some digging and this may in fact be the unnamed “private contractor managing critical election systems” which was compromised by Russian hackers during the 2016 presidential election https://www.bloomberg.com/news/articles/2017-06-13/russian-breach-of-39-states-threatens-future-u-s-elections

A quick google search implicates this company in other security related issues with their software such as Norway iVote 2013 https://theconversation.com/nsws-online-gamble-why-internet-and-phone-voting-is-too-risky-37465

My other concerns are around allowing voting on end user devices (harder to secure) and this being a multinational company which has data sovereignty implications.

Their IP management policies perhaps aren’t ideal, but are still quite good. It looks like the schematics and software are held behind commercial confidence but mathematical proofs for vote shuffling (to assist with anonymisation) and encryption are publicly posted, and they engage in public research both in house and collaboratively with research organisations around the world.

Overall they look promising. Vanessa Teague appears to be up to her ears to verify and independantly audit their software where it has been used in NSW and VIC which gives me a lot of encouragement. Of note is this audit report by Vanessa and J. Alex Halderman on the NSW system in 2015 which was based off a practise voting site that uses “substantially the same client-side code as the real voting site” as well as design documents for the full system https://freedom-to-tinker.com/2015/03/22/ivote-vulnerability/

There appears to be mild interest from the Australian public in e-voting, but our politicians are still generally behind the ball at a federal level. Some states are experimenting with trial systems https://www.dailytelegraph.com.au/technology/why-is-australia-still-not-voting-electronically-on-election-day-yet/news-story/f971e7a8d2441050c5ed5e0ece8d0833?nk=7237a1dc84e5fcfa0fa61cc049fcc1be-1524885767 There is room here for us to have a forward looking policy that places us ahead of the other Australian political parties. If we do write one up, it should probably reference Estonia’s system as one of the world leaders in e-voting https://news.err.ee/115284/graphs-record-number-of-e-votes-given-in-ongoing-elections and hopefully with Vanessa’s input.


(Morgan) #4

Myself, I don’t particularly like broad use of electronic voting (there are obviously some applications vis a vis accessibility, but for the “average joe” not so much), mainly because I know how vulnerable these systems can potentially be, especially if we’re talking about people voting from their malware infested home PCs…

The only remotely valid complaint I’ve seen against our present voting system is the whinging about queues (protip: vote early), beyond that I just don’t see the cost/benefit, sure you can stuff ballot boxes (though it’s harder with the checks and balances in place) or “lose” ballot boxes, but you can do the same in an electronic context and likely easier. There are technological solutions to those problems but the whole system is only as strong as its weakest link (refer earlier remark about malware infested PCs).

But if we must go down this path I’d defer to Vanessa :slight_smile:


#5

As a qualified professional programmer, my response to any sort of electronic or online voting for government elections is not only ‘no’, but ‘HELL no’. This proposal is no exception.

  • The encryption and other mechanisms necessary for anything approximating something resembling security with electronic voting are not understood by the average voter, so the system will be opaque.
  • Even if ‘mathematically verified’, electronic voting methods cannot be easily verified as correct by the voter at the time they are to cast their vote.
  • Electronic voting methods are vastly easier to screw up and subvert in a widespread manner.
  • Online, or any other form of voting method that uses a voter’s general purpose computer, has such ridiculously low security that it should be laughed out of contention instantly.

I could probably go on if I did some quick websearching, but these points are enough already.

Quite. If our politicians were on the ball and legit, they would be vehemently objecting to the idea. If they were on the ball and corrupt, they would be all for it. A lukewarm response shows ignorance.

The only forward looking policy is to just plain reject electronic/online voting. Although I agree, it should definitely reference Estonia’s system. Perhaps by way of https://estoniaevoting.org/.


(Andrew Downing) #6

I’ll just leave this here: https://youtu.be/w3_0x6oaDmI
This guy summarises most of the key issues in about 8 minutes. There are a LOT of problems.