A consortium of university computer science departments has warned the Federal Government that all future computerised voting systems should be made open source to ensure that no votes will be miscast.
In a submission (PDF) to the House of Representatives review into the 2010 Federal Election, the Computing Research and Education Association of Australia (CORE) said that it is crucial, if Australia is to move to electronic voting, that the principles of privacy, integrity, transparency and scrutiny of the electoral system be upheld.
"There is no more reason for a secret, unscrutinised electronic voting process than there is for any other secret process that injects votes into the tally without adequate scrutiny," the association said. "Scrutiny improves security because it allows problems to be identified and rectified."
The association recommended that — to ensure that this happens — all source code, documentation, reports and physical security procedures should be made available to the public.
It also absolutely vital that votes should be private and verifiable by the voters, CORE added.
"Just because a vote is cast on a computer does not necessarily mean that the vote is recorded or transmitted correctly, or that it remains private. Computers may have unintentional program errors, or they may have security vulnerabilities that allow malware or hackers to take control. Any of these could cause a vote to be cast that did not reflect the voters' intention, was not properly transmitted, or was not correctly counted."
The association noted that openness and transparency of the systems has not been the case with electronic voting trials conducted to date.
"The recent trend at both state and federal level to entrust electronic voting to secretive private vendors is not consistent with the degree of transparency we expect for Australian elections. Whether the integrity or privacy of the systems meets our expectations is unclear because we have no details about them," the association said, singling out NSW's iVote system.
"Neither the iVote system nor any associated documentation has been made available for scrutiny by e-voting experts or the public. The NSW Electoral Commission intends to release only the auditor's final report, but on its own this will provide little if any evidence of iVote's security."
The iVote system had a number of flaws, according to the association, including that the system's authentication uses only an eight digit user ID number and a six digit pin.
"This very low standard is not even acceptable for internet banking. Banks in Australia typically require longer [and hence stronger] passwords, and many already use security tokens."
Additionally, while the iVote website encrypted voted information, the information hosted on the electoral commission servers was not encrypted, meaning that anyone who could gain access to the systems could find out how each person using iVote had voted. CORE said the electoral commission had not fully explained how it prevented a person's identity from being connected to their iVote user ID.
The iVote system had also been developed to suit visually impaired voters but had since had its trial expanded to other voters including those who were too far from their nearest polling booth. CORE said that any future electronic voting system should be designed to suit the usability of its intended users, rather than just a simple expansion of current systems.
The association also warned strongly against internet voting, stating that it should only be considered a last resort. If it was introduced, the association said, it should be explained to the public that the privacy and integrity of such a system is lower than that of postal voting.