
New South Wales Attacks Researchers Who Found Internet Voting Vulnerabilities - spenvo
https://www.eff.org/deeplinks/2015/04/new-south-wales-attacks-researchers-who-warned-internet-voting-vulnerabilities
======
makeitsuckless
Internet voting has two essential, unpatchable vulnerabilities: voters cannot
vote anonymously and are exposed to external pressure.

That's why we have voting booths: so people are guaranteed to be able to vote
without someone looking over their shoulder (or pointing a gun at their
heads).

If people cannot vote in total freedom and anonymity, it's not a truly free
and democratic vote.

We should stop trying to "solve" everything with technology. Some things
should be "hard", because it's essential to get it right.

~~~
grrowl
Postal voting has two essential, unpatchable vulnerabilities: anyone can open
an envelope and can be exposed to external pressure.

People are exposed to enough pressure just by virtue of having to interact
with politically passionate people just to get to the booths. In many cases,
they don't check photo ID, just evidence of enrollment.

At very least, I'd like to see internet voting implemented without low-hanging
security issues, enough confidence in their implementation to open-source the
code, and with the backing of security researchers and organisations like the
EFF. At least if we had issues like guns being pointed to heads and potential
invalid double-votes, we could discuss them in the context they deserve.

~~~
atirip
Ours is here [https://github.com/vvk-ehk/evalimine](https://github.com/vvk-
ehk/evalimine)

------
espes
iVote in a nutshell:

"The NSWEC believes that unfettered access to source code by the general
public would not be in the best interest of the State"
([http://www.elections.nsw.gov.au/__data/assets/pdf_file/0003/...](http://www.elections.nsw.gov.au/__data/assets/pdf_file/0003/125454/iVote_Strategy_for_SGE_2015_Amendment_4_-_March_2015.pdf))

This apparently matters so much that it was specifically criminalised:

"A person must not disclose to any other person any source code or other
computer software that relates to technology assisted voting under the
approved procedures, except in accordance with the approved procedures or in
accordance with any arrangement entered into by the person with the Electoral
Commissioner. Maximum penalty: 5 penalty units, or imprisonment for a term not
exceeding 6 months, or both."
([http://www.austlii.edu.au/au/legis/nsw/consol_act/peaea19123...](http://www.austlii.edu.au/au/legis/nsw/consol_act/peaea1912382/s120ag.html))

Oh, and the whole thing runs on custom javascript crypto:
[https://cvs.ivote.nsw.gov.au/scy-libs/crypto-
lib.js](https://cvs.ivote.nsw.gov.au/scy-libs/crypto-lib.js)

~~~
rtpg
I realize the inherit issues with rewriting crpyto, but does the javascript-
ness of it matter? Serious question, I feel like I've heard saying that it can
be a factor.

~~~
gtank
People who object to javascript crypto usually mean that in the context of
"browser javascript", which is fraught with peril [1]. The javascript language
itself isn't necessarily the problem (although parts of it are dodgy by the
standards of what you'd like to implement crypto with).

[1] [http://matasano.com/articles/javascript-
cryptography/](http://matasano.com/articles/javascript-cryptography/)

------
zaroth
The narrative here is confusing..

    
    
      The Chief Information Officer of the Electoral Commission, Ian Brightwell,
      claimed Halderman and Teague’s discovery was part of efforts by “well-funded,
      well-managed anti-internet voting lobby groups,” an apparent reference to our
      friends at VerifiedVoting.org, where Halderman and Teague are voluntary
      Advisory Board members.
    

So, the CIO complains it's a smear job by an anti-internet-voting lobby group,
(which it apparently was?)

    
    
      Yet at the same time, Brightwell concluded that it was indeed possible that
      votes were manipulated. Happily, despite criticizing the messengers, the
      Electoral Commission admitted that there was a FREAK flaw with iVote and
      scrambled to promptly patch it. 
    

Then they admitted the vulnerability and rushed to patch it. Which is exactly
the hoped-for response?

So what is South Wales doing wrong here, you know, other than trying to let
people vote over the internet, which is a horrible idea, only perhaps matched
by the absurdity of our current generation of e-voting machines? I understand
their hands are not clean in many other regards with this program, but
patching their cipher suite just doesn't seem newsworthy...

BTW, an open source voting machine platform (for use at the polling station)
sounds like a great project for USDS or 18F.

~~~
Gustomaximus
> So what is South Wales doing wrong here, you know, other than trying to let
> people vote over the internet, which is a horrible idea...

Was this sarcasm I missed? If not what is so horrible about allowing voting
over the internet? To me the concept it brilliant if executed well. Especially
for engaging the populace in non-compulsory voting countries where people
might avoid casting their vote if it's going to take significant time
commitment or simply they have other commitments such as work etc.

~~~
pjc50
Voting over the internet allows intra-family coercion, reducing the freedom of
women to vote. It also allows for you to vote in front of the party man and
collect a bribe for so doing.

Voting on general purpose PCs is so exploitable as to not be funny. What
percentage of the electorate are running unpatched XP?

~~~
Gustomaximus
These are great points and would absolutely be issues without proper
implementation. Of interest, user atrip commented elsewhere in this thread:

>In Estonia the pressure issue is solved. One can vote as many times needed.
When first vote was given under pressure, one can vote differently later. As
many times is needed. Internet voting is not possible on the voting day, only
before. That assures that when one has no possibilty to vote without pressure
in internet, one has possibility to vote traditionally. Traditional vote
overturnes e-vote.

This would also solve the bribe issue. And not to say there aren't issues. I
feel the opportunity outweighs the risks personally as long as good practise
in the system is followed. The biggest risk in my mind is blatant exploit by
the person in power of the system, much like todays rigged elections.

------
TazeTSchnitzel
Exactly the same thing happened in Estonia when serious flaws in their system
were discovered:

[http://estoniaevoting.org/](http://estoniaevoting.org/)

And if you, in an Internet comment, _dare_ to suggest that Estonia's system
isn't airtight and hyper-secure, you'll get mobbed by Estonian trolls. :/

~~~
femto
As a New South Welshman, I'll mob you if you suggest that the NSW Government
is capable of anything but incompetence. Both major political parties are
paralysed by corruption [1].

The irony is that a world leading electronic voting system was developed by
Andrew Tridgell, who lives in the ACT, which is a stone's throw from NSW (in
any direction) [2]. The NSW Electoral Commission was quite free to download
the GPL source code and use it as a base. I gather the GPL'd system has since
been replaced with a proprietary one by the commercial partner, with the
proprietary system being released under the same name [3].

[1] [http://www.dailytelegraph.com.au/news/nsw/icac-exposes-
the-n...](http://www.dailytelegraph.com.au/news/nsw/icac-exposes-the-nsw-
legislature-as-the-most-corrupt-parliament-in-australian-history/story-
fni0cx12-1227040649242)

[2]
[http://www.elections.act.gov.au/elections_and_voting/electro...](http://www.elections.act.gov.au/elections_and_voting/electronic_voting_and_counting)

[3]
[http://archive09.linux.com/feature/38285](http://archive09.linux.com/feature/38285)

~~~
kyloon
I concur, the entire Opal/Tcard fiasco is already a good example of how things
are done by the NSW Government.

~~~
triggercut
As an aside, back in the early 2000's the NSW Government contracted ERG (a
Perth based technology company) to implement a Smart Card system for public
transport. ERG had already successfully rolled out Smart Card systems for
other local public transport systems worldwide to much success, most notably
for the Hong Kong public transport system, the MTR (Octopus Card), in 1997,
which is still the largest such deployment to date with tens of millions of
transactions daily.

Unfortunately the NSW contract ended in lawsuits back and forth with the NSW
Government trying to reclaim the project cost and eventually (arguably) led to
ERG's demise. Sad that a successful Australian company, a leader in it's
field, able to deploy complicated systems worldwide was (in part) taken down
in it's own backyard by a (in comparison) pretty straight forward project.

------
DigitalSea
Everyday Australia inches one step towards being the new China. This is a drop
in the bucket compared to the kind of legislation the TPP when passed will
impose on Australians.

~~~
anigbrowl
Slavoj Zizek has been persistently arguing (though I don't think he claims the
original observation as his own) that 'western' liberal-capitalist democracy
has developed a dangerous infatuation with the Singapore model of
authoritarian capitalism and its pro-forma ather than substantive approach to
democracy.

~~~
meric
In the Singapore model authoritarian capitalism, elected politicians are given
very high compensation from the state, to reduce the incentive for corruption.
The logic goes, a parliamentarian was paid $1m a year rather than $200,000 a
year, you might actually attract the best talent of society, and when you're
paid $1m a year, a $100k bribe at the risk of losing your position seems much
less enticing. I find there's a grain of truth to that.

In western liberal-capitalist democracies, politicians are paid above average
wages, but not enough to deter doing deals behind the public's back with real
estate developers, corporations, and many expect a role in business after
retirement from politics, in return for doing many favours during their tenure
for those very businesses.

You could almost argue Singapore has a benevolent dictator, but that is
definitely not true for Western liberal-capitalist democracy. Instead I find
this article more descriptive:
[http://en.wikipedia.org/wiki/Corporatocracy](http://en.wikipedia.org/wiki/Corporatocracy)

~~~
kbart
"The logic goes, a parliamentarian was paid $1m a year rather than $200,000 a
year, you might actually attract the best talent of society, and when you're
paid $1m a year, a $100k bribe at the risk of losing your position seems much
less enticing. I find there's a grain of truth to that."

Logically yes, but practically there are many examples proving that increasing
salary only have minimal effect or, in turn, increase bribe size. Just to name
few examples:

1\.
[https://www.aae.wisc.edu/events/papers/DevEcon/2014/foltz.11...](https://www.aae.wisc.edu/events/papers/DevEcon/2014/foltz.11.06.pdf)

2\. [http://mpra.ub.uni-
muenchen.de/41815/1/MPRA_paper_41815.pdf](http://mpra.ub.uni-
muenchen.de/41815/1/MPRA_paper_41815.pdf)

2\. [http://www.independent.co.ug/News/news-analysis/4625-can-
hig...](http://www.independent.co.ug/News/news-analysis/4625-can-high-salary-
curb-corruption)

~~~
meric
_We find that due to raised salary impacts for Ghanaian police officers
relative to customs agents causes the police to increase the value of bribes
taken at each individual stop by between 20-40 percent (~$0.20 - $0.40),
increase the total amount taken on the road, even while they reduce the number
times they receive a bribe._

Bribe size is increased, frequency is decreased, which is what you'd expect
from increasing salary of a public official for the purpose of reducing
corruption.

Take it to the extreme and increase their salary to USD$1m per year, and the
frequency could drop to 0 or 1, and the price could be $10m, so fewer
instances of corruption would happen because fewer people can afford it.

Public officials are also people. Most people have the same inherent desire to
be good, and yet most are vulnerable to same temptations. The reality is not
dictated by law.

Of course, good enforcement and punishment of corrupt behaviour is also
required.

~~~
kbart
IMHO, taking 1 bribe of 3000$ instead of 3 bribes of 1000$ doesn't make you
less corrupt.

~~~
meric
You're right, I think most if not all politicians are corrupt in some way or
other, and if they are all there are to build governments with, then they will
have to do. You could try to start yet another revolution to get rid of the
corrupt officials in government, and after much bloodshed you might even
succeed, but I think you know as well as I do how long that lasts.

------
carrotleads
I find the main media silence regarding vulnerabilities in the Electronic
Voting Machines in India similarly baffling.

~~~
woah
Maybe vulnerabilities in the tech are simply not that important.

~~~
carrotleads
I think its the assumption that EVM's are built as a blackbox and so
unhackable. Snowden has revealed enough to suggest that may not be the case,
so it is quite surprising.

------
l33tbro
This was actually reported a couple of weeks ago [1] in the some of the less
populist Austrlaian press. Didn't seem to get much more media traction it
seems.

[1] [http://www.abc.net.au/news/2015-03-23/ivote-security-hack-
al...](http://www.abc.net.au/news/2015-03-23/ivote-security-hack-allowed-
change-of-vote-security-expert-says/6340168)

------
joshfraser
Two things would help online voting tremendously:

1) Open-source code. That's how you find the bugs and build confidence.

2) Opt-in privacy. Ballots could be like Facebook-posts - public by default,
with optional privacy. After the election closes, the results would be posted
on the web where everyone who voted publicly could verify that their own vote
was counted correctly.

------
jobigoud
One thing I always wondered about traditional voting, how are the final counts
transferred to the central counting system? Electronically? If so, do we know
if this transfer is secure?

~~~
jacques_chester
In Australia the ballots are counted multiple times, including an initial
count at each of the booths. They're then physically relocated to Electoral
Commission offices for recounting, usually twice.

All ballot boxes are numbered and a tally of votes cast is kept. Each box is
sealed in the presence of party scrutineers with numbered tags and signed for.
It's sealed and tagged again before shipment. Each is opened and signed for in
the presence of scrutineers.

The number of ballots is compared to the number of names marked off the
electoral roll at each booth.

If a sufficiently large irregularity occurs, one of the political parties will
take the matter to the Court of Disputed Returns, which can force fresh
elections. This happened recently because several ballot boxes for Federal
Senate votes in Western Australia were lost by the AEC. The number of votes in
question were enough to leave the 6th Senate seat in doubt, so the Court
voided the election.

