A report from the Australian National Audit Office (ANAO) last month called out the Australian Electoral Commission (AEC) for ditching compliance with Australian government IT security frameworks. In particular, the ANAO said insufficient attention was paid to assuring the security and integrity of the data generated both during and after operation, as the focus was on delivering a Senate scanning system by polling day. Facing Senate Estimates on Tuesday night, Electoral Commissioner Tom Rogers said he was satisfied with the risks that the AEC accepted ahead of its go-live. “They were not untreated risks — we were aware of them,” Rogers clarified.
“One of the comments in the report, or inference, is that I accepted a higher level of risk and in my way of thinking, that’s what you do with projects. You identify the risks and mitigate or accept them. And for that particular project I was satisfied with the risks that we accepted.”
The commissioner agreed with the ANAO’s assertion that due to the 12-week, tight time frame imposed on the AEC by a confluence of factors — recent Senate voting reforms, a double dissolution election, and a shorter timeline for the return of election writs — it accepted more risks than it otherwise might have.