The Electronic Frontier Foundation reports that a flaw in the iVote system developed by the NSW Electoral Commission meant that up to 66,000 online votes, were vulnerable to online attack. Michigan Computer Science Professor J. Alex Halderman and University of Melbourne Research Fellow Vanessa Teague, who had previously predicted problems, found a weakness that would have allowed an untraceable man in the middle attack. The untraceable nature of that attack is important and we’ll get back to it.
For their troubles the pair were warmly thanked by the NSW electoral commission who quickly moved to fix the security flaw in the online voting system. Well no not really, what really happened is that commission launched into a stinging criticism of the two engaging in the classic technique of shooting the messenger. And a big shout out to Ian Brightwell the EC’s Chief Information Officer for his completely tone deaf handling of the situation.
The underlying problem is that the using the internet to conduct voting is just not feasible at the moment because, drumroll, the internet’s chronically lacking in security. Which makes the NSW EC’s iVote system experiment in electronic democracy somewhat lunatic, given that any political part with any technical mojo could immediately challenge the results. In fact given that these 66,000 votes were unsecured, then just like a broken ballot box the electoral law requires that they be discarded. Of course there’s a somewhat mind groggling difference between one ballot box and 66,000 dodgy electronic votes.
Now if 66,000 votes are suddenly invalid then it calls into doubt the results of the last election doesn’t it? And that in turn could mean in the worst case that the Governor may have appointed an illegitimate government. All because the NSW Electoral Commission thought that it would be a good idea to run the world’s largest online voting experiment. Which is where my sense of humour runs out, the people of NSW appoint their government through duly constituted, competently conducted and appropriately administered elections. No-one, including god himself and certainly not the CIO of the Electoral Commission has the right to recklessly tamper with that process in any way shape or form. In a better world heads would roll, but of course this is NSW so, not so much. Keep an eye on Ian Brightwell though, I expect great things of him.
Remember Clive Palmer banging on and on about the electoral commission at the last election? I reckon it’d be fun for someone to tell Clive about this just to see if his head explodes. 🙂
The implications of the presence of undetectable security flaws in electronic voting systems would almost certainly have any ‘agents of foreign powers’ paying attention sitting up and taking notice even as we speak. God bless the internet, you can sit at home in Beijing, Pyongyang or Washington and suborn a foreign government without even leaving your armchair… George Smiley where are you when we need you most?