Articles about voting issues in the Commonwealth of Australia.

Australia: Electoral legislation amendments leave door open to internet voting | Asha Barbaschow/ZDNet

Australia’s Electoral Legislation Amendment (Miscellaneous Measures) Bill 2020 is currently before the House of Representatives Electoral Matters Committee to review the changes put forward by Minister for Finance Mathias Cormann. The changes within the Bill [PDF] would amend the Commonwealth Electoral Act to modify electoral donation and disclosure laws and “address anomalies” in entity registration and public election funding rules; as well as the intention to improve electoral processes, electoral administration, vote issuing procedures, and improve workforce flexibility for the Australian Electoral Commission (AEC). But as cryptographer Dr Vanessa Teague highlighted late Monday, by way of introducing the capability to expand electronically assisted voting methods to Australians working in Antarctica, the Bill somewhat forces the AEC to accept internet voting. While legislation currently allows for electronic voting to be performed by those with vision impairment, the Bill seeks to replace the phrase “sight-impaired people to vote by an electronically assisted voting method” with “an electronically assisted voting method to be used by sight-impaired people to vote”.

Full Article: Australian electoral legislation amendments leave door open to electronic voting | ZDNet.

Australia: Electoral Commission makes progress with 2018 modernisation project | Asha Barbaschow/ZDNet

The Australian Electoral Commission (AEC) is heading a project to modernise its systems, having reached out to the market in 2018 for help on shaping the future of its IT backend. At the time, the AEC said the core software platforms in place had been in use for around 30 years, with its systems environment comprising of approximately 93 systems and supporting sub-systems. The commission has this week published a request for tender (RFT) for an enterprise architecture tool (EA tool), seeking help with the delivery of its modernisation project. The AEC normally operates out of 90 premises around Australia and has 780 staff. When an election is announced, that scales to more than 7,900 premises and approximately 90,000 staff. AEC offices are organised geographically, with a national office in Canberra, an office in each state, and divisional offices in or near each of the electoral divisions. The AEC currently has a small enterprise architecture practice team located within its Information and Communication Technology branch.

Full Article: Australian Electoral Commission makes progress with 2018 modernisation project | ZDNet.

Australia: How will the ACT election be made safe amid the COVID-19 pandemic? | Dan Jervis-Bardy/The Canberra Times

Early voting should be expanded to allow this year’s territory election to be held safely amid the COVID-19 pandemic, the ACT Electoral Commission has recommended. The commission has been forced to reassess the planning for, and staging of, the October 17 ballot because of the disruptions caused by coronavirus. In a special report presented to Speaker Joy Burch on Thursday, the commission said that due to the uncertainty surrounding the virus, it had to be assumed that the threat of further outbreaks and social distancing restrictions would still exist during the election period. It said it urgently needed to settle on a model for conducting the ballot which mitigated health risks to the community and its staff, while ensuring the integrity of the electoral process. The commission examined six options for conducting the ballot, including moving to universal online or postal voting, delaying the election date or maintaining normal procedures.

Full Article: How will the ACT election be made safe amid the COVID-19 pandemic? | The Canberra Times | Canberra, ACT.

Australia: Queensland elections: coronavirus poses ‘lethal risk’ to voters, experts say | Ben Smee/The Guardian

A leading medical ethicist said Queensland was taking a “lethal risk” by holding elections on Saturday, as the Australian Medical Association, virologists and others called for them to be postponed because of coronavirus. Local government elections will be held in council areas across the state. Byelections will be held in two key state electorates, Bundamba and Currumbin. About 570,000 people applied for postal votes before the deadline, but large numbers said they had not received them. The Queensland electoral commission told those people they could vote in person on Saturday and that physical distancing and other precautions would be taken. The New South Wales government delayed its local government elections, due in September. But Queensland was following its own medical advice. Calls to delay the poll, or provide for people to postal vote after election day, have increased. This week Queensland closed its border with NSW and suspended the state parliament.

Full Article: Queensland elections: coronavirus poses 'lethal risk' to voters, experts say | Australia news | The Guardian.

Australia: Electoral hackers facing security blitz | Paul Osborne/Associated Press

Federal police and national intelligence agencies could monitor state and territory elections next year to ensure they aren’t hacked or hijacked by fake news. The Northern Territory goes to the polls on August 22 next year, followed by the ACT on October 17 and Queensland on October 31. An electoral integrity task force has so far overseen the NSW and federal elections and will turn its attention to future polls, a parliamentary committee heard on Friday. Jeff Pope, from the Australian Electoral Commission, told the hearing – when asked by Greens senator Larissa Waters whether the May federal poll was affected by hackers – nothing had affected the commission’s systems. However, the task force’s activities did result in AFP investigations and provided advice on social media posts which were not properly authorised, with subsequent action taken to take them down.

Full Article: Electoral hackers facing security blitz.

Australia: Government steps up against foreign interference | Casey Tonkin/ACS

Australia’s top intelligence agents will form a new taskforce to target foreign interference. A joint statement from Prime Minister, Scott Morrison; Home Affairs Minister, Peter Dutton; and Defence Minister, Linda Reynolds outlined some of the scope given to the Counter Foreign Interference Tasforce. “The number one priority of our Government is to keep Australians safe which is why we’re investing $87.8 million for a new Counter Foreign Interference Taskforce,” the statement said. “It highlights our focus on stepping up our efforts as the threats to Australia evolve.” The taskforce will be led by a senior ASIO officer and combines members of the AFP, AUSTRAC, the Australian Signals Directorate, the Australian Geospatial Intelligence Organisation, and the Office of National Intelligence. “This is a boost to our ability to discover, track and disrupt foreign interference in Australia,” the statement said. “The increase in intelligence collection, assessment and law enforcement capabilities will help turn more intelligence assessments into operational disruptions to better protect Australians from foreign interference. “The new dedicated capability of the Taskforce will also increase the collaboration and streamline the decision-making between agencies, and strengthen Australia’s analysis of the sophisticated disinformation activities happening across the world, particularly against democratic processes and elections.”

Full Article: Government steps up against foreign interference | Information Age | ACS.

Australia: Flaws found in New South Wales iVote system yet again | Stilgherrian/ZDNet

The “Days since last vulnerability found” indicator for the iVote system used in New South Wales’ elections was reset to zero on Wednesday thanks to a new research note from University of Melbourne cryptographer Dr Vanessa Teague. Or rather, the software vendor was notified 45 days earlier to keep with the terms of the source code access agreement while the rest of us found out today. iVote was purchased from Scytl Australia, a subsidiary of Barcelona-based election technology vendor Scytl Secure Electronic Voting, and is based on the system used by SwissPost. In March this year, Teague and her colleagues Sarah Jamie Lewis and Olivier Pereira found a flaw in the proof used by SwissPost system to prevent electoral fraud. Later that month, they detailed a second flaw that could be exploited to result in a tampered election outcome. NSWEC claimed it was safe from the second flaw, and had patched the first. In July, NSWEC ordered Scytl to release parts of the source code in a bid to prove it contained no further vulnerabilities. Vulnerabilities have now been found. “I examined the decryption proof and, surprise, it can easily be faked while passing verification,” Teague tweeted on Wednesday morning. “This exposes NSW elections to undetectable electoral fraud by trusted insiders & suppliers, people who guessed the passwords of the trusted insiders, people who successfully phished the trusted insiders, etc.” Teague’s analysis is detailed in the 8-page Faking an iVote decryption proof [PDF].

Full Article: Flaws found in NSW iVote system yet again | ZDNet.

Australia: Australia concluded China was behind hack on parliament, political parties – sources | Colin Packham/Reuters

Australian intelligence determined China was responsible for a cyber-attack on its national parliament and three largest political parties before the general election in May, five people with direct knowledge of the matter told Reuters. Australia’s cyber intelligence agency – the Australian Signals Directorate (ASD) – concluded in March that China’s Ministry of State Security was responsible for the attack, the five people with direct knowledge of the findings of the investigation told Reuters. The five sources declined to be identified due to the sensitivity of the issue. Reuters has not reviewed the classified report. The report, which also included input from the Department of Foreign Affairs, recommended keeping the findings secret in order to avoid disrupting trade relations with Beijing, two of the people said. The Australian government has not disclosed who it believes was behind the attack or any details of the report.

Full Article: Exclusive: Australia concluded China was behind hack on parliament, political parties – sources    - Reuters.

Australia: Where’s the proof internet voting is secure? | Vanessa Teague/Pursuit

Victoria’s Electoral Commissioner, Warwick Gately AM, says that Victoria should legislate to allow Internet voting because “there is an inevitability about remote electronic voting over the internet.” According to Mr Gately, the NSW iVote system has, “proven the feasibility of casting a secret vote safely and securely over the internet”. The key word here is “proven”. Anyone can claim that their system is secure and protects people’s privacy, but how would we know? Elections have special requirements. Ballot privacy is mandated by law. And elections must demonstrate that the result accurately reflects the choice of the people. So, what has iVote proven? In 2015, our team found that the iVote site was vulnerable to an internet-based attacker who could read and manipulate votes. The attack wouldn’t have raised any security warnings at either the voter’s or the NSW Electoral Commission (NSWEC) end, but it should have been apparent from iVote’s telephone-based verification. When the NSWEC claimed that “some 1.7 per cent of electors who voted using iVote® also used the verification service and none of them identified any anomalies with their vote,” we took that as reasonable evidence that the security problem hadn’t been exploited. But it wasn’t true.

Full Article: Where’s the proof internet voting is secure? | Pursuit by The University of Melbourne.

Australia: New South Wales iVote source code released for researchers to poke around in | Asha Barbaschow/ZDNet

Parts of the source code the New South Wales Electoral Commission (NSWEC) uses to conduct voting has been released, in a bid to prove it contains no vulnerabilities. Scytl, who was awarded a multi-year contract to refresh the NSW online and phone voting software also known as iVote, has on Tuesday made the code available to those that register, at the request of the NSWEC. “We have published the source code to allow independent researchers to review it in order to aid continuous improvement of the code base by finding and communicating any vulnerabilities they may find,” Scytl Asia-Pacific GM Sam Campbell said. “The terms of use are published with the source code and stipulate that any vulnerabilities discovered must be reported to Scytl and the NSW Electoral Commission.” In early March, a group of researchers found a flaw in the Swiss Internet voting system, which is the same system used by NSWEC. The flaw was found in the proof the SwissPost system uses to prevent electoral fraud. Later that month, researchers detailed a second flaw in the electronic voting system, discovering another method that could be exploited to result in a tampered election outcome.

Full Article: NSW iVote source code released for researchers to poke around in | ZDNet.

Australia: Electoral systems evade cyber-attack during federal poll | Justin Hendry/iTnews

The Australian Electoral Commission has revealed the nation’s core electoral systems experienced no successful cyber-attacks during the 2019 federal election campaign. But the agency, which has been increasingly worried by the prospect of external interference, won’t say whether any attempts to compromise the systems were detected. In a bid to guard Australia’s systems against the threat of compromise, the AEC introduced monitoring through a dedicated security operations centre in the lead up to the May 18 ballot. It follows what the agency has described as a worsening cyber environment in the years since the July 2016 election through events like Russia’s alleged cyber interference in the 2016 US election. Many of these concerns stem from the ageing nature of the country’s system for election and roll management, which have been in place since the early 90s and are in dire need of replacement.

Full Article: Electoral systems evade cyber-attack during federal poll - Strategy - Security - iTnews.

Australia: ACT to introduce limited online voting next year | Justin Hendry/iTnews

The ACT Electoral Commission is planning to introduce limited online voting in time for next year’s territory election to allow Canberrans to cast their ballot if travelling overseas. The electronic voting system, which could bear resemblance to NSW’s iVote system, will be developed as part of a refresh of the commission’s election management system. The refresh of the commission’s existing custom-made TIGER system was handed $1.5 million in this month’s territory budget, with separate funding for electronic voting also set aside. The core system has been in place since 1995 and is used to support all administrative tasks associated an ACT election every four years. TIGER, which contains the the electoral role information on around 300,000 ACT electors in a Microsoft Access 365 format, is also used to “support referendums, interstate elections and small external fee-for-service elections”.

Full Article: ACT to introduce limited online voting next year - Strategy - Security - Software - iTnews.

Australia: Politicians need more public money to thwart election cyber attacks: ASPI | Julian Bajkowski /iTnews

The spectre of state-sponsored cyber interference in democratic elections across the world has been a staple example of why nations like Australia need top-notch digital defences. Especially since the Internet Research Agency’s free-for-all in the 2016 US poll coincided with the delivery of an unexpected Trump Tweetocracy, with the degree of Russia’s influence hotly contested ever since. Now, after a considerable amount of research helped along by the Australian Computer Society, the cyber security boffins at the Australian Strategic Policy Institute reckon they have reasonable solution to boost the defences of our political parties big and small: Give them more taxpayer’s money.

Full Article: Politicians need more public money to thwart election cyber attacks: ASPI - Finance - Security - iTnews.

Australia: Rachel Noble to head up Australian Cyber Security Centre | Stilgherrian/ZDNet

The Australian Signals Directorate (ASD) has appointed Rachel Noble as the new head of the Australian Cyber Security Centre (ACSC). Noble is currently serving as Deputy Secretary Executive Group in the Department of Home Affairs. The Group is responsible for enterprise strategy, risk, assurance, security and ministerial, media and intelligence services. Noble has previously held a series of leadership positions in Home Affairs; Defence, including two previous roles at ASD, and the Department of the Prime Minister and Cabinet (PM&C). “I’m delighted that Rachel’s agreed to return to ASD to take this important and challenging role, said ASD director-general Mike Burgess in a statement on Wednesday. “The cyber threat is real and Rachel is ideally qualified to confront it.”

Full Article: Rachel Noble to head up Australian Cyber Security Centre | ZDNet.

Australia: Technology problems are not going to be sorted out by more Kool-Aid | ZDNet

An Australian election is on again. The triennial ritual where the electorate makes a choice of which parliamentarian to elect — who will then decide what sort of greying, white male party apparatchik becomes the Prime Minister. With the dumping of racist and homophobic candidates being a daily occurrence, the campaign is plumbing the depths expected upon its announcement. However, on the plus side, Russian trolls and foreign actors have not stoked or created the scandals that are occurring — this is pure, unabashed, organic, embarrassing Australian politics. For the folks able to take their eyes off the sideshow, a common refrain from the technically minded has been the lack of policy directed towards them. But this week, like an ancient Greek god that hasn’t had a good laugh in a while, the Labor party decided to announce it would erect a AU$3 million Blockchain Academy in Perth if it is elected. This was followed in short order by AU$2 million being put towards a Broadmeadows cyber training centre, adding to the AU$3 million National Centre of Artificial Intelligence Excellence announced last month. On the opposing side, Morrison government said last month it would spend AU$156 million to build a cyber workforce and fight cybercrime if re-elected.

Full Article: Technology problems are not going to be sorted out by more Kool-Aid | ZDNet.

Australia: Government’s $156M cybersecurity pledge a ‘drop in the bucket’: White hat hacker | ARN

The Morrison government’s election promise to spend $156 million to bolster Australia’s cyber defences is a start but more like a “drop in a bucket,” says Security in Depth’s Michael Connory. The “cyber resilience and workforce package” will include $50 million to hire more staff under a workforce expansion program; $40 million for a ‘countering foreign cyber criminals’ capacity within the existing Australian Cyber Security Centre (ACSC); and $26 million for ACSC to expand its assistance to the community. Michael Connory, security advisor at Security in Depth told CIO Australia the fund is “nowhere near adequate” to help deal with the cyber threats facing Australian businesses and citizens. “It’s significantly better than the other political parties are pledging, but it’s still not close to enough,” he said. “$40 million focused on placing 230+ new cyber experienced staff for military cyber operations – while this is absolutely necessary, the figure probably needs to be doubled.” Connory said at this time Australia “immediately” needs an additional 2,300 individuals to manage the $500 million cost of cybercrime that Australians lost last year.

Full Article: Government's $156M cybersecurity pledge a 'drop in the bucket': White hat hacker - ARN.

Australia: Federal election 2019: why can’t we just vote online? | Crikey

Every time election season comes around, the same question crops up again and again: why can’t we just vote online? We can shop, order takeaway and request an Uber from our phones; why can’t we vote over the internet as well? The main reason: maintaining the security and integrity of elections is actually a lot more complicated than it seems. But let’s take a closer look. While we can secure things like online banking to a reasonable degree, our elections are based on the principle of anonymity and this makes it far more challenging to protect them. Our online banking systems permanently record how much people spend and where, so that we can verify whether our balances are correct. But a record of each person’s vote would be extremely limiting to democracy because it would open up the door to peer pressure and coercion. This could stop people from truly expressing their democratic will. The need to keep elections anonymous brings up some major problems: without records, how can we ensure that the final vote tally is an accurate representation of what the people want? How do we know that the result hasn’t been meddled with by a political party or a foreign power? In paper-based voting systems, we rely on simplicity and having observers from each side at every step of the process. This has been relatively effective at preventing large-scale compromises and errors. When we use electronic and internet-based voting systems, we can’t see what’s actually going on inside the computers and servers, and the vast majority of the electorate doesn’t have the specific knowledge to understand the technical processes that underlie these systems. Electronic and internet-based systems also open up the possibility for widespread election tampering that could slip by undetected, corrupting the entire system. This isn’t feasible in a paper-based election because it would require collusion between far too many people, which would surely be discovered.

Full Article: Federal election 2019: why can't we just vote online? - Crikey.

Australia: Cyber spooks hint at hard work defending election from hackers | Sydney Morning Herald

The international Five Eyes network of cyber spies believes Australia is at risk from foreign interference in its federal election, including direct hacks and targeted “fake news”, a security conference has been told. Disinformation is proving to be a broader challenge for the agencies because of how it intersects with free speech, one expert said. Australia’s top secret cyber security agency revealed on Wednesday it is on high alert to guard Australia against such threats during the campaign. Scott MacLeod, assistant director-general for “Protect, Assure and Enable” at the Australian Signals Directorate, made a rare public appearance at the CyberUK security conference in Scotland on Wednesday. Alongside colleagues from security agencies in the other Five Eyes nations, MacLeod said electoral security was a critical priority.

Full Article: Cyber spooks hint at hard work defending election from hackers.

Australia: Electoral Commission spins up cyber ops centre | iTnews

With the date of next month’s federal ballot now set, the agency in charge of Australia’s electoral systems has switched on its new security operations centre to protect against external interference. The short-term SOC capability was established late last month in preparation for Prime Minister Scott Morrison calling the election last week. It will be used it to detect any compromises – or compromise attempts – made against the Australian Electoral Commission’s systems in the lead up to, during and following the May 18 election. The resilience of Australia’s core electoral systems – the age of which remains an ongoing concern for the agency – is particularly acute in this year’s election following Russia’s alleged cyber interference in the 2016 US election. Monitoring services will be provided by Technical Security Services (TSS), which was established by Defence Signals Directorate (now Australian Signals Directorate) alumni Richard Byfield. For up to the next ten weeks or until the results of the election are declared, the company will provide a real-time alerting system for significant cyber security events, as well as at least daily review of log files.

Full Article: Electoral Commission spins up cyber ops centre - Strategy - Security - iTnews.

Australia: Electoral Commission gets AU$11m for polling place tech and IT upgrades | ZDNet

The Australian Electoral Commission (AEC) will be given AU$10.8 million over the next two years to upgrade its IT infrastructure and implement more polling place technology under the 2019-20 Federal Budget. The funding will be separated into AU$4 million in 2019-20 and AU$6.7 million in 2020-21. It will specifically see the AEC “approach the market to scope the deployment of new polling place technology and upgrades to the AEC’s ageing core ICT infrastructure”, according to the Budget documents. The funding follows electronic voting for citizens previously gaining bipartisan support, with both former Prime Minister Malcolm Turnbull and current opposition leader Bill Shorten advocating for electronic voting following the 2016 federal election. “We’re a grown-up democracy; it shouldn’t be taking eight days to find out who’s won and who’s lost,” Shorten said while conceding the election a week after polls closed.

Full Article: Australian Budget 2019: Electoral Commission gets AU$11m for polling place tech and IT upgrades | ZDNet.