Online voting flaws revealed
An IT expert says the NSW online voting system is flawed.
More than 200,000 people used a digital voting system in the 2019 NSW state election that was flawed and vulnerable to voter fraud, according to Melbourne School of Engineering researcher Vanessa Teague.
Dr Teague and other researchers say the iVote system used in NSW could be tricked into disqualifying valid votes. Their evidence is available in PDF form, here.
They group says it warned the NSW Electoral Commission (NSWEC) about the Swiss Post online voting system, which is similar to iVote, ahead of the state election in March.
The NSWEC dismissed these concerns as irrelevant, Dr Teague said.
“iVote's decryption and verification processes are slightly different from those of the Swiss Post system, but the same attack can still be performed after a slight modification,” Dr Teague said in a statement.
“This would allow a corrupted iVote process to produce a 'proof' that it had dealt with votes correctly, while actually changing valid votes into invalid ones that would not be counted.”
The iVote system and the SwissPost system are both products of the Spanish technology company Scytl.
Switzerland scrapped the Swiss Post system this year after discovering code flaws and security weaknesses.
However, more than 200,000 people voted using the very similar iVote system at the 2019 state election, often users were people with disabilities, blind, or living more than 20 kilometres from a voting centre.
The NSWEC says the system's code was reviewed by election technology experts DemTech.
“DemTech presented the detailed findings of their review and highlighted ten items in particular to draw to (the commission's) attention in the areas of potential bugs, possible security issues as well as programming styles and techniques,” a commission report from July says.
“(The commission) considered DemTech's report carefully and concluded that, while there were items raised that needed attention, there weren't any issues of sufficient gravity that would preclude using the software in the state general election.”
Dr Teague said the NSWEC should have allowed more access to the source code for the iVote system.
“Although finding out now is better than never finding out at all, it would have been much better for the integrity of the NSW election if these issues had been identified and corrected before the system was entrusted with more than 200,000 votes,” she said.
“If the source code and documentation had been made openly available for analysis before the election, as the Swiss Post system was, these errors might have been accurately understood and mitigated in time.
“As it stands, iVote is not a verifiable election system and does not provide meaningful evidence that its output accurately represents the will of voters.”