news, act-politics, act electronic voting, electronic voting, flaws in voting, act election, act election 2020, who won act election, cyber security, act government
Flaws in the ACT’s electronic voting system could have changed the result of the 2020 poll, cyber security experts say. The errors did not cause the wrong candidates to be elected at the October 17 ballot, but the experts say it was only through “good luck” that the seat contests weren’t close enough for the flaws to be consequential. The experts have warned of a “realistic possibility” that the results of future elections could be incorrect unless the so-called EVACS system is fixed. The report recommended changes to the ACT’s electoral laws to open the system up to public scrutiny so that serious “errors and vulnerabilities” can be caught. “If we don’t fix the legislation then we are going to continue to count wrong, and therefore you are going to get the wrong people elected,” one of the report’s authors, Vanessa Teague, said. “We are going to risk that the Legislative Assembly does not reflect the will of the people.” ACT Electoral Commissioner Damian Cantwell said the claims were being examined “very carefully” and he planned to speak with report’s authors in the coming days. Mr Cantwell couldn’t provide an immediate response to the report’s findings because of their “nature and complexity”. He emphasised that the election result was subject to “rigorous external independent scrutiny by appointed representatives of all candidates throughout the counting process, including at the polling places and at the central scrutiny centre”. “The integrity and security of the election, as verified by independent audit and certification of the electronic voting and counting code ahead of every election, is always paramount in the planning and delivery of the election by the ACT electoral commission. “We remain committed to delivering the highest possible quality electoral services. “I do note the authors’ conclusion and view that the assertions are of no consequence to the election outcome.” In the report titled, Errors in the ACT’s electronic counting code, Dr Teague and Andrew Conway found three errors with the electronic vote counting system. The report found the system incorrectly grouped votes transferred after a candidate was excluded, which caused tallies to be wrong by more than 20 votes. In the Hare-Clarke electoral system, when a candidate is excluded from the count, their votes are redistributed. READ MORE “There are several examples in the 2020 count in which votes with the same transfer value are not transferred in the same count when a candidate is excluded. In each case, this results in candidates getting the wrong tally, though by good luck these errors did not change the outcome this year,” the report stated. The report said a feature of the electronic system was at odds with ACT electoral laws, which required the count to be rounded down to six decimal places. The electronic system rounded to the nearest six decimal places. “EVACS has some other inaccuracies that are consistent with rounding transfer values, despite this not being specified in the legislation. This is important because a transfer value’s effect may be multiplied by thousands of votes.” The report stated independent examination of electronic voting between 2001 and 2016 allowed errors in the counting code to be corrected. “Despite this, in 2020 Elections ACT decided to re-implement the code from scratch, not to ask any of the experts who had identified problems or published analyses of it in the past, and not to make the code openly available for public scrutiny in advance of the election,” it said. Dr Teague, who is the chief executive of Thinking Cybersecurity and adjunct professor at the Australian National University’s College of Engineering and Computer Science, criticised Elections ACT for not releasing the source code for the electronic voting system used at the October 17 ballot ahead of the election. It was the first time Elections ACT hadn’t made the source code publicly available before an election. The electoral commission did allow third parties to view the code in advance, however those who did were required to sign non-disclosure agreements which prevented them from speaking publicly about it. Elections ACT defended that approach, saying it would allow them to work with experts to find any bugs in the system without creating unnecessary panic in the community. The expert’s report recommended that the e-voting code and counting code be published six months before an election to allow for external public scrutiny. “We could easily have helped Elections ACT detect and correct these problems if its source code and test data had been made openly available before the election,” the report found. Dr Teague said she would be “delighted” to meet with Mr Cantwell to discuss the report’s findings.
/images/transform/v1/crop/frm/fdcx/doc7ck9lmzxhk318xlnskv0.jpg/r0_295_3773_2427_w1200_h678_fmax.jpg
Flaws in the ACT’s electronic voting system could have changed the result of the 2020 poll, cyber security experts say.
The errors did not cause the wrong candidates to be elected at the October 17 ballot, but the experts say it was only through “good luck” that the seat contests weren’t close enough for the flaws to be consequential.
The report recommended changes to the ACT’s electoral laws to open the system up to public scrutiny so that serious “errors and vulnerabilities” can be caught.
“If we don’t fix the legislation then we are going to continue to count wrong, and therefore you are going to get the wrong people elected,” one of the report’s authors, Vanessa Teague, said.
“We are going to risk that the Legislative Assembly does not reflect the will of the people.”
ACT Electoral Commissioner Damian Cantwell said the claims were being examined “very carefully” and he planned to speak with report’s authors in the coming days.
Mr Cantwell couldn’t provide an immediate response to the report’s findings because of their “nature and complexity”.
He emphasised that the election result was subject to “rigorous external independent scrutiny by appointed representatives of all candidates throughout the counting process, including at the polling places and at the central scrutiny centre”.
“The integrity and security of the election, as verified by independent audit and certification of the electronic voting and counting code ahead of every election, is always paramount in the planning and delivery of the election by the ACT electoral commission.
“We remain committed to delivering the highest possible quality electoral services.
“I do note the authors’ conclusion and view that the assertions are of no consequence to the election outcome.”
In the report titled, Errors in the ACT’s electronic counting code, Dr Teague and Andrew Conway found three errors with the electronic vote counting system.
The report found the system incorrectly grouped votes transferred after a candidate was excluded, which caused tallies to be wrong by more than 20 votes.
In the Hare-Clarke electoral system, when a candidate is excluded from the count, their votes are redistributed.
“There are several examples in the 2020 count in which votes with the same transfer value are not transferred in the same count when a candidate is excluded. In each case, this results in candidates getting the wrong tally, though by good luck these errors did not change the outcome this year,” the report stated.
The report said a feature of the electronic system was at odds with ACT electoral laws, which required the count to be rounded down to six decimal places. The electronic system rounded to the nearest six decimal places.
1/5: Remember how @ElectionsACT didn’t need to make their source code openly available for public scrutiny because it was going through an “audit and certification process”?
They published the votes on Friday and it is immediately evident that the counting code has bugs.#ACTpol
— Vanessa Teague (@VTeagueAus) November 24, 2020
“EVACS has some other inaccuracies that are consistent with rounding transfer values, despite this not being specified in the legislation. This is important because a transfer value’s effect may be multiplied by thousands of votes.”
The report stated independent examination of electronic voting between 2001 and 2016 allowed errors in the counting code to be corrected.
“Despite this, in 2020 Elections ACT decided to re-implement the code from scratch, not to ask any of the experts who had identified problems or published analyses of it in the past, and not to make the code openly available for public scrutiny in advance of the election,” it said.
It was the first time Elections ACT hadn’t made the source code publicly available before an election.
The electoral commission did allow third parties to view the code in advance, however those who did were required to sign non-disclosure agreements which prevented them from speaking publicly about it.
Elections ACT defended that approach, saying it would allow them to work with experts to find any bugs in the system without creating unnecessary panic in the community.
The expert’s report recommended that the e-voting code and counting code be published six months before an election to allow for external public scrutiny.
“We could easily have helped Elections ACT detect and correct these problems if its source code and test data had been made openly available before the election,” the report found.
Dr Teague said she would be “delighted” to meet with Mr Cantwell to discuss the report’s findings.