Deficiencies found in Australian electronic voting software

Four cyber and election system researchers have identified three flaws in the use of electronic voting in the Australian Capital Territory (ACT) government’s 2020 elections.

Researchers said the issue did not affect the outcome of the most recent elections, but warned that the flaw could be exploited to influence voting patterns in the future.

“We do not claim that corruption has occurred or that the system was designed with that goal in mind. Certainly, there were errors that were not detected by election law. But,” they submitted. Said (pdf) To continue investigation on 2020 ACT elections and election law.

“The lack of evidence of operation is not enough. The voting system must provide voters and witnesses with solid evidence that the vote is private and the published results are correct.”

Home to Canberra, Australia, ACT was the first jurisdiction in a country to use the Electronic Voting and Counting System (EVACS) and was used in subsequent 2004, 2008, 2012 and 2016 elections. I did.

At the ACT Election Commission Submission In response to inquiries, they pointed out that the use of electronic voting increased to 70% in the 2020 elections. This is more than double the 2016 election.

Epoch Times Photo
Voters use computer voting to register absentee ballots for the ACT elections in Canberra, Australia on October 9, 2001. This was the first time electronic voting was used in Australia. (AAP image / Alan Polit)

The submission was edited by Andrew Conway, Thomas Haines, Tim Wilson-Brown, and Vanessa Teague, CEO of Thinking Cybersecurity.

“Fortunately in 2020, we found three errors that could change the outcome of the election, but the winners don’t seem to have changed,” the researchers say.

First, EVAC S had a problem with how to handle priority voting. The system for grouping votes based on “transfer value” could not group a particular vote because it acquired the transfer value in various ways.

“In 2020, this caused some aggregates to be wrong by more than 20 votes. In general, it can cause a much larger divergence,” they said.

The second problem is that the ACT election law explicitly requires that the count be “rounded down” to six decimal places, while EVACS rounds it to the “closest” six decimal places. was.

“This causes millions of votes, and it’s very unlikely to change the outcome,” the researchers admitted.

Finally, EVACS had further inaccuracies regarding transfer value rounding.

“This is important because the effect of the transfer value can be doubled with thousands of votes. This can cause an error with one-thousandth of the votes and make a difference in a very close race. there is.”

Epoch Times Photo
Voters of Eden-Monaro (Martin Ollman / Getty Images) held in Canberra, Australia, July 2, 2016

Researchers recommended publishing a system containing voting codes and system documentation six months before the election to help identify errors and vulnerabilities.

In addition, all system changes, audits, and declarations must be completed before the nomination of candidates is complete.

They also demanded an on-site electronic voting system that would be used in combination with verifiable paper records by voters. Finally, they said that due to the “high level” of risk associated with current Internet software, Internet voting needs to be stopped.

In Australia, similar concerns were raised about the New South Wales iVote system in 2019. There, Teague, who was working at the University of Melbourne at the time, discovered an error that could convert valid votes to invalid votes and not count them.

However, scrutiny of the voting system reached a frenzy during the controversial 2020 US presidential election.

In one case in Antrim County, Michigan, two counts of the same vote (one done digitally and one manually recounted) revealed very different results.

In early 2016, concerns about the US electronic voting system were already raised, including touch screen flaws, outdated software, hacking over local wireless networks, and inadequate encryption.