Tampering with ACT overseas e-voting system did not need key, researcher finds

Australia's Electoral Commission thought the ACT's e-voting system would be secure so long as its encryption key remained private, but a researcher has found this is not the case.
Written by Campbell Kwan, Contributor
Image: Getty Images

The overseas e-voting system used in the Australia Capital Territory contained various flaws as recent as last year, according to an Australian National University (ANU) cryptographer.

The ANU cryptographer, Thomas Haines, found several key components within the e-voting system could be compromised when performing a review of the system, which he said opened up the potential for single points of failure for both privacy and integrity.

"Avoiding a single point of failure is a very desirable property for an e-voting system -- some might say a necessary one -- but the current system falls short of achieving this on a few points," Haines said.

"The code and documents were to varying degrees rough, out-of-date, and redacted which made assessing the system hard."

Among the flaws uncovered was that the e-voting system's desktop application did not check the consistency of the vote storage component's output with other components.

Alarmingly, the Australian Electoral Commission (AEC) thought this was not an issue due to the votes made through the desk application being encrypted and the encryption key being publicly unavailable.

Haines explained, however, that if an individual controlled the system's vote storage component, they did not need to have knowledge of the key to modify votes. Once getting control of this component, an individual would be able to tamper votes through XORing, he said.

In response to this particular flaw, the commission said it has "acknowledged the issue" and would work to address it in future deployments of the system.

The review also found that the system's web application, which mediates the users' interactions with the other components during both registration and voting, could drop or modify votes without detection.

"The OSEV Desktop application should validate the received ballots to the greatest extent possible. Specifically, it should check that the data provided by OSEV Vote storage is consistent with OSEV Web app, Verify and Check," the review said.

It added that the website used to register and vote did not directly encrypt the vote as it relies upon TLS to secure the vote in transit to the e-voting system app where it is then encrypted. Haines said he was concerned that the procedural mechanisms used by the commission, for example to protect against denial-of-service attacks, may allow a third party to read votes when they are in transit.  

For all of the flaws found by the review, the commission claimed they would have been "mitigated by procedural mechanisms" that are outside the review's scope.

While Haines acknowledged the commission's claims, he said the commission should seek support from members of the public with relevant expertise to ensure they are aware of, and can address, issues with the system.

"Given that the commission may lack the capability to adequately do this in-house we encourage them to seek external advice," he said.

"We encourage the commission to make sufficient information and parts of the system available to public scrutiny, to allow interested members of the public to check that the high-level security properties are achieved."

This is not the first time security researchers have expressed concerns about the integrity of Australia's voting systems, with Dr Andrew Conway, Dr Thomas Haines, ANU acting professor Vanessa Teague, and T Wilson-Brown previously finding three errors with the territory's electronic voting and counting system that could have potentially changed the results of an election.

More recently, Teague warned of the flaws within New South Wales' iVote system after an unknown number of voters were unable to cast a vote at the end of last year. This was put down to the state's iVote online voting system encountering a failure for a portion of the voting period.

"Every serious investigation of iVote found serious problems," Teague tweeted.

Since the iVote failure, New South Wales has sent iVote to the bench as it works to rectify the system's issues by next year's state general election.

Related Coverage

Editorial standards