As many as 66,000 votes in the New South Wales state election 2015 could have been tampered with. The election was held on 28 March 2015 and is now closed. Voters used the iVote system which is described by its makers as “private, secure and verifiable” in its operation. Further, the Australian Electoral Commission insists that all Internet votes are and were “fully encrypted and safeguarded” at this time. The iVote system is a form of voting where eligible voters can vote over the Internet or telephone as an alternative to voting at a physical polling station. Security is provided using an 8-digit iVote number, a 6-digit PIN and a 12-digit receipt number for each individual. Australia is arguably a perfect test case for electronic voting with its vast distances that prevent some voters from getting to a polling location. A system like this also benefits the disabled and other less mobile voters. However, the system has been derided by non-profit digital rights group the Electronic Frontier Foundation (EFF), “The problem is that the system was not ready to be one of the biggest online voting experiments in the world.” EFF’s Farbod Faraji says that a FREAK flaw has been discovered in the Australian system by Michigan Computer Science Professor J Alex Halderman and University of Melbourne Research Fellow Vanessa Teague.
What could happen here if an attacker were to hack a vote is classic behaviour for a FREAK SSL/TLS protocol Man-in-the-Middle (MiTM) attack; votes could be intercepted, changed or manipulated and then covered over leaving no trace of manipulation. Commentators have been quick to suggest that this problem is potentially huge in its scope for social impact.
In response to this revelation, one disgruntled anonymous individual comments on the Schneier on Security blog as follows, “These ‘National Security’ Internet injectors could already have helped certain powerful people remain in power. Votes could be switched, polls could be manipulated, the media could be fooled and democracy destroyed – all in the name of national security.”
Pamela Smith, president of the Verified Voting Foundation, insists that “current systems lack auditability” as we stand in 2015. “There’s no way to independently confirm their correct functioning and that the outcomes accurately reflect the will of the voters while maintaining voter privacy and the secret ballot.”