Putting this under technical because the disclosure report goes into detail on the vulnerabilty. @MarkG and other Canberra pirates, any thoughts?
The ACT Electoral Commission seems genuinely interested in having a robust electronic voting system, I’m sure they’ll attempt to address these risks, however slight they are.
They publish a bunch of data and give access to their source code, which is exactly what we as pirates want to ensure that these types of vulnerabilities can be found.
The same type of vulnerability presented by publishing all preference data and having a unique set of preferences (which is even higher than normal as ACT uses Robson Rotation which means that party candidate order is semi-randomised, combined with multi-member electorates and no above the live voting) can also be used to audit that your own vote is actually being counted accurately, but timing information should certainly be omitted.
A robust electronic voting system? That’s a laugh.
With electronic voting there is no way for a voter to verify that a voting machine is functioning correctly when they cast their vote. There is no paper trail, making it much easier for a malicious actor to modify votes. There is basically no way to adequately scrutineer the process from the voter till the final counting process. The only check on any of this is the incidental ability to check preference data afterwards to see if your vote was counted, and that only works if the vote was unique.
Data entry and electronic counting is workable, and the commitment to open source is nice. But the fully electronic stuff should be right out.