No surprise: NSW iVote fails during local council elections (Note: Vote already postponed twice)
The NSW Electoral Commission had planned and tested for 500,000 online votes, but on election day it just wasn't enough. Critics are not surprised. By Stilgherrian December 6, 2021 | Topic: Security New South Wales' iVote online voting system failed on Saturday during the state's local government elections, with an unknown number of voters unable to exercise their democratic rights. In a media statement released on Saturday evening, the NSW Electoral Commission (NSWEC) blamed "the increased volume of people using the iVote system". "Almost triple the number of voters have used iVote at these elections than any previous election," NSWEC said. "At the 2019 NSW State elections 234,401 votes were cast using iVote. At close of applications at 1pm today [Saturday] 652,983 votes had been cast using the system since it opened on 22 November." Voting is compulsory in Australia. However NSWEC said any eligible voter who "applied to use iVote" but was unable to cast their ballot would be excused from paying the AU$55 penalty. "The Electoral Commissioner may also determine, after the elections have finished, that other categories of electors should be excused for having a sufficient reason," NSWEC said. Curiously, the state's Local Government Act was amended earlier this year specifically to allow iVote to be used for council elections. This was directly in response to "the challenges of COVID-19". These elections had been postponed twice due to the pandemic, from the original date in September 2020, to September 4 this year, and then to December 4. One might wonder, therefore, why iVote couldn't cope with traffic levels a mere three times above the previous state election. Surely it should have been clear that the pandemic might cause many, many more people to vote online? In response to ZDNet's questions, an NSWEC spokesperson said that the iVote system was prepared based on the usage at previous state elections. "As a contingency the system was planned and tested for a capacity of 500,000 votes -- double the capacity required for the 2015 and 2019 NSW State elections," they said. "There were 283,699 users in 2015 and 234,401 users in 2019. Use of iVote is subject to strict eligibility criteria and criteria for this election were substantially the same as those previous elections. More than 671,000 votes were cast via iVote at this election." Where possible, NSWEC had introduced additional capacity as volumes increased but could not meet demand on election day, they said. Dr Vanessa Teague, a cryptographer with a particular interest in privacy and election security, isn't surprised by the failure. Starting in 2015, she and her colleagues have found numerous flaws in iVote, problems which NSWEC has often downplayed. "Every serious investigation of iVote found serious problems," Teague tweeted on Saturday. That even includes a review [PDF] commissioned by NSWEC itself as recently as July. "What happened today should surprise nobody," Teague said. "[NSWEC] apologises to voters not able to vote as a result of the outage; no apology to candidates who may or may not have failed to get elected as a consequence of their supporters being excluded." As Teague noted, local government elections often have narrow margins. "Of course the really important point is: where is the evidence of eligible voter intent in any of those 650,000 votes, when we know the system that received them had serious IT problems?" she asked. "We may simply not have enough information to determine who deserved to be elected." 'SOMETIMES PEOPLE INSIST ON SHOVING BEANS UP THEIR NOSE' Australian election authorities have traditionally pushed back against criticism of their software systems. At the federal level, in March this year the Australian Electoral Commissioner Tom Rogers made it clear that external system audits are not welcome. "We work with a range of partners, including the Australian Signals Directorate, the Australian Cyber Security Centre, we've had our internal code audited and checked," Rogers told a Senate committee. "And not being rude, I'm sure that Dr Teague is a wonderful person, but we've had sufficient checks in place to assure ourselves that that system is running smoothly." Justin Warren, chief analyst at PivotNine, continues to be amused by this resistance -- not only in electoral matters but right across government. "We keep trying to help governments to be good at computers, but they are remarkably resistant to being helped," Warren told ZDNet. "One thing I've learned from consulting is that sometimes people insist on shoving beans up their nose and there's nothing you can do to stop them. You have to wait patiently until they ask for help getting them out." NSWEC is required by law to release a full report on the conduct of the election by May 2022. Readers may like to consider whether that's soon enough. _______________________________________________ Link mailing list [email protected] https://mailman.anu.edu.au/mailman/listinfo/link
