Serious weaknesses exposed in an online election in Australia are a warning for upcoming New Zealand local body elections, a computer security expert is warning. Eight councils throughout New Zealand are due to trial online voting in local body elections later this year: Selwyn, Wellington, Porirua, Masterton, Rotorua, Matamata Piako, Palmerston North and Whanganui. University of Melbourne computing expert Vanessa Teague did an analysis of the iVote internet voting system used in the New South Wales (NSW) state election last year, and she and the University of Michigan’s Alex Halderman have found a way to break into the system and interfere with votes. She told Nine To Noon there had been a lot of assurances about the safety of the system, and she wanted to test it and see if this was true.
To avoid doing anything illegal they used a practice server set up by the NSW Electoral Commission for people to try out the new system. Dr Teague said they were able to change votes and to violate voter privacy.
“It only takes one problem to expose the whole chain. Hacking the iVote system would be “pretty challenging”, but was something that a fair number of people had the skills to carry out, she said. “There is only two things that you want your election to do. One is is you want it to keep the votes private. Two, you want to make sure you got the votes that voters actually asked for. And we showed neither of those things was true for iVote.”
While there was no evidence that the election system had actually been hacked, this lack of evidence was itself serious, Dr Teague said.
“It’s not just that it was insecure, it was that it wasn’t verifiable. So we just don’t know.”