In 2015, more than 280,000 votes were received in the New South Wales election from a personal computer or mobile phone. This was the largest-ever binding election to use online voting. But federally, the Joint Standing Committee on Electoral Matters has ruled out allowing Australians to cast their vote online, arguing it risks “catastrophically compromising our electoral integrity”. Despite years of research, nobody knows how to provide evidence of an accurate result while keeping individual online votes private. Internet voting is similar to online banking, except you’re not sent a receipt saying “this is how you voted” because then you could be coerced or bribed. Your vote should be private, even from the electoral commission.
There are three reasons why Australia shouldn’t move to an online voting system:
the system might not be secure;
the code might not be correct; and, most importantly,
if something goes wrong, we might never know.
Computer security researcher Alex Halderman and I (Vanessa) found a serious security vulnerability in the NSW iVote system during March 2015 election. This was caused by some code imported into the secure voting session from an insecure third-party server. It meant an internet-based attacker could have exposed e-votes, changed them, and circumvented iVote’s verification process.
The vulnerability was repaired, but by that stage, 66,000 votes were cast. Just 3,000 votes determined the result of a disputed seat in the Legislative Council. There is no evidence that the security hole was exploited, but also no evidence that it was not.
Some iVote returns differed notably from those cast by more secure channels. The ALP received about 30% of the votes on paper in the Legislative Council, for instance, but only 25% via iVote. The NSW Electoral Commission (NSWEC) blamed these differences on a user interface design problem, but it might also have been a software error or a security breach.
Full Article: Election explainer: why can’t Australians vote online?.