We are the pioneers of the secret ballot electoral system, but when it comes to electronic voting, Australia has long been behind the pack. Kazakhstan, India, Brazil and Estonia are among the countries who long ago swapped pencil-and-paper ballots for e-voting at polling stations or over the internet. Meanwhile, in Australia, most of us continue to bemoan the chore of queuing for hours at the polling booth. … During the NSW state election in March, residents who were vision impaired, disabled or out of town on election day were able to cast their vote with the remote voting system, iVote, in what was the biggest-ever test of e-voting in the country. … But the success of iVote was marred by reports two security experts had exposed a major security hole that could potentially affect huge numbers of ballots and maybe even change the election outcome. University of Melbourne research fellow Vanessa Teague said she and Prof Alex Halderman from the University of Michigan found iVote had a vulnerability to what’s called a man-in-the-middle attack when they tested the system with a practice server in the lead-up to the election. “We could expose how the person intended to vote, we could manipulate that vote, and we could interfere with the return of the receipt number and thus prevent the person from logging into the verification server afterwards,” she told news.com.au.
The pair flagged their discovery with the NSW Electoral Commission, who reassured voters that iVote was safe. The commission have since said no voters lodged complaints regarding the vote verification system. But Dr Teague said the iVote almost-incident exposed how difficult it was for a remote e-voting system to guarantee those twin pillars of the electoral process — privacy and an election result that reflected how people actually voted.
“Paper processes are designed around giving scrutineers the opportunity to watch the process and check that the proper procedures are followed and that the election outcome is right,” she said. “The question (with e-voting) is, then, in the presence of the serious possibility for security problems or software bugs on the computer side, what’s the right process for making sure that we can open the process to the same kind of scrutiny and giver observers the same kind of evidence that the election process is right?”
Of the countries that have moved towards online voting or computer-assisted voting, some have had problems of their own. Security breaches or technical glitches have resulted in some e-votes being declared invalid during elections in Finland and the Netherlands, while during the US general elections in 2006, some electronically cast votes intended for Democratic candidates were actually recorded as Republican. Estonia, which is considered a world leader in online voting, has had its system both rigorously defended and widely criticised of security flaws.
…“I think in the polling place there are quite sensible solutions, but I think over the internet it is just an unsolved problem,” Dr Teague said. “The option for running genuinely verifiable, genuinely private and usable internet voting in the presence of the kinds of security threats that are out there on the internet are just not solved yet.
“I think whenever we’re considering what the (voting) options are, we have to think about scrutiny and verifiable evidence integrity. If we’re thinking about a particular technology — and that might be convenient, it might be appealing, it might be all kinds of things — we have to think about that option in terms of what would be the process for security and giving people verifiable evidence that we got the right answer.”