Researchers found three flaws in ACT e-voting system that could affect election outcomes

The Australian Capital Territory Standing Committee on Justice and Community Safety has been looking into the 2020 ACT Election and the Electoral Act, covering among other things, systems for electronic voting.

The COVID-19 Emergency Response Legislation Amendment Act 2020 introduced temporary amendments to the Electoral Act for the October 2020 election. These included the deployment of an overseas electronic voting solution for eligible ACT electors who were abroad. The amendments expired in April.

The 2020 election also used the territory's Electronic voting and counting (EVACS) system, which was previously used in the 2004, 2008, 2012, and 2016 elections.

EVACS uses a PC to register an individual's vote. These e-voting stations were also made available at pre-polling stations.

Providing a submission [PDF] to the committee was a group of four security researchers -- with vast experience in finding holes in electoral systems -- who addressed the implementation, security, and transparency of electronic voting.

They declared they have identified "serious problems" in the accuracy and integrity of ACT elections, the privacy of votes in ACT elections, and the transparent demonstration of accuracy, integrity, and vote privacy in ACT elections.

"Secretive, unverifiable systems like the ones used in the ACT 2020 election, make it relatively easy to change the recorded list of votes cast, in a way that observers cannot notice," they said. "It also makes accidental errors more likely to remain undetected.

"We are not claiming that corruption occurred, nor that the system was designed with that goal in mind. There certainly were errors undetected by Elections ACT, however."

Dr Andrew Conway, Dr Thomas Haines, ANU acting professor Vanessa Teague, and T Wilson-Brown reported finding three errors with EVACS that could potentially change the results of an election.

The first is that EVACS incorrectly groups votes by transfer value, failing to recognise when votes deserve to be grouped because they acquired the same transfer value in different ways.

"In 2020 this caused some tallies to be wrong by more than 20 votes; in general, it could cause much larger divergences," they added.

See also: Tech-augmented democracy is about to get harder in this half-baked world

Another flaw was incorrect rounding. The ACT Electoral Act explicitly requires rounding down to six decimal places, but EVACS rounds to the nearest six decimal places.

Thirdly, the group said EVACS has some other inaccuracies that are consistent with rounding transfer values, despite this not being specified in the legislation.

"This is important because a transfer value's effect may be multiplied by thousands of votes," they wrote. "This causes errors on the order of thousandths of votes and could possibly make a difference in a very close race."

Fortunately, they said, these flaws did not change the result of the 2020 election.

ACT uses four systems for processing votes: The EVACS Electronic Voting module that runs on computers in polling places; EVACS Paper Ballot Scanning module that scans and interprets paper ballots, recording the results electronically; the ACT Internet voting system (OSEV) that receives votes from the internet; and the EVACS Counting module tallies the votes and outputs a set of winning candidates.

"The only system we have been able to examine is the counting module, and only because we can compare its inputs with its outputs and find errors without seeing the code," they said.

"We believe that the Internet voting system is new, and that the voting, paper ballot scanning, and counting modules have been completely rewritten since 2016. But we cannot be certain, because we have not seen any of the 2020 source code."

The group has asked that electronic voting code and system documentation be opened six months in advance to the research sector so serious errors and vulnerabilities could be found and rectified.

They have also asked that the on-site e-voting system have a voter-verifiable paper record, so that an immutable record of the vote can be verified by the voter independently of the software; and that internet voting be discontinued, due to the high levels of risk involved in current internet voting technology.

RELATED COVERAGE

AEC confident in its security posture with external audits not welcome

The Australian Electoral Commissioner said on Tuesday night that it is 'very, very, very confident' its systems are 'incredibly robust'.

Researchers want Australia's digital ID system thrown out and redesigned from scratch

Researchers find myGovID is subject to an easily-implemented code proxying attack, while the digital identity solution from Australia Post does not possess a fundamental requirement for accreditation.

Flaws found in NSW iVote system yet again

Analysis of source code published at the request of the NSW Electoral Commission shows that the state's election system software was still vulnerable to attack.