The Australian Electoral Commission (AEC) misled the public about the security of its data during the 2016 federal election and failed to ensure it had not been compromised, a damning audit has found. The National Audit Office has revealed the AEC did not comply with the Federal Government’s basic cyber-security requirements due to time restraints, and accepted the extra security risk. The audit also revealed the Government’s cyber-spy agency, the Australian Signals Directorate (ASD), warned the AEC it was unlikely to resolve its security weaknesses before the July 2 poll. For the first time, the AEC contracted a company to digitally scan and count all Senate votes and preferences. But just days before the election, a decision was made to manually cross-check all ballots to ensure accuracy.
That decision, which came after warnings about potential vulnerabilities, cost the Federal Government somewhere between $6.6 and $8.6 million.
Auditor-General Grant Hehir’s report found the Government agency had not been honest about the security risk.
“Insufficient attention was paid to ensuring the AEC could identify whether the system had been compromised,” Mr Hehir said.