Hacker News new | past | comments | ask | show | jobs | submit login
New South Wales Attacks Researchers Who Found Internet Voting Vulnerabilities (eff.org)
234 points by spenvo on Apr 7, 2015 | hide | past | web | favorite | 96 comments

Internet voting has two essential, unpatchable vulnerabilities: voters cannot vote anonymously and are exposed to external pressure.

That's why we have voting booths: so people are guaranteed to be able to vote without someone looking over their shoulder (or pointing a gun at their heads).

If people cannot vote in total freedom and anonymity, it's not a truly free and democratic vote.

We should stop trying to "solve" everything with technology. Some things should be "hard", because it's essential to get it right.

Postal voting has two essential, unpatchable vulnerabilities: anyone can open an envelope and can be exposed to external pressure.

People are exposed to enough pressure just by virtue of having to interact with politically passionate people just to get to the booths. In many cases, they don't check photo ID, just evidence of enrollment.

At very least, I'd like to see internet voting implemented without low-hanging security issues, enough confidence in their implementation to open-source the code, and with the backing of security researchers and organisations like the EFF. At least if we had issues like guns being pointed to heads and potential invalid double-votes, we could discuss them in the context they deserve.

Yes, and this is a good reason why postal voting should not become too widespread. Stick to the ballot boxes.

In Estonia the pressure issue is solved. One can vote as many times needed. When first vote was given under pressure, one can vote differently later. As many times is needed. Internet voting is not possible on the voting day, only before. That assures that when one has no possibilty to vote without pressure in internet, one has possibility to vote traditionally. Traditional vote overturnes e-vote.

At some point, a decision has to be reached, right? You can't just decide ten years later that you changed your mind on some election issue expect to take your vote back.

So if you're an evil person looking to pressure people to vote your way, you would make people prove their vote to you after it's too late to change it. Or, if it's not possible to verify the vote later (I believe it is possible in the estonian system), you'd make them vote at the last minute.

Am I misunderstanding something here? I don't see how this issue has been solved.

Yes, there is a method to verify your vote. But as i said, e-voting is in advance only. On the voting day only traditional voting is possible, traditional vote voids e-vote. E-vote can be changed only when e-voting is active, not later. And yes, one could prevent someone to go and vote traditionally, but this is out of the scope of e-voting. There are myriad of methods how to manipulate traditional voting. And your hypothetical case is really a kidnapping, criminal offence, not scalable.

That's a reasonable approach, though of course it means that you can never have a 100% e-voting system as the security of the thing is contingent on there being a regular paper ballot.

> And your hypothetical case is really a kidnapping, criminal offence, not scalable.

No, there is no need for kidnapping. Human relationships are complicated and pressure can be applied in many ways. A spouse, father, or other person can influence people in his direct vicinity. The secret ballot and requirment that only one person enters the voting booth at a time ensures that that influence does not extend to the election result.

Whats to prevent the government from checking who voted what then later on then?

The best answer to this is probably that "the government" could run DNA tests on all the paper votes too...

The difference is that this would cost hundreds of millions of dollars and require a flawless conspiracy of thousands of people.

Versus one guy and a SELECT statement.

You do not have any idea whatsoever how those systems are built, do you? Everything is logged, and logs changes are logged and logs change logs are logged and all those logs are signed and when the logger looses connection to loggable, then this is logged too and that is logged too.

And finally. The interest of knowing of who voted who is virtually zero. I admit that the principle of anonynous voting is good and needs to be guarded, but the real harm of leak is virtually zero too. The most bigger threat is manipulation of results.

You have no idea whatsoever how these systems are built.

You don't know because you haven't seen the software (or hardware) for them. You haven't because (I assume this part) you weren't one of the state inspectors, and what many (most?) of the manufacturers have done is to insist that no one ELSE be allowed to view the details since it's a "trade secret".

So maybe there is excellent logging like you describe. And maybe there isn't. We DO know that there have been occasional incidents of invalid vote reporting by the machines (such as [1] or [2]) that were not caught by such log systems.

[1] http://www.networkworld.com/article/2275174/lan-wan/e-voting...

[2] http://www.hackingdemocracy.com/

Actually i have seen the software, here it is https://github.com/vvk-ehk/evalimine

You cast your vote at a github-hosted source code repository?

As René Magritte might have put it, "Ce n'est pas le logiciel". You haven't seen the software - you've only seen source code that may resemble what is running when you cast your vote.

I can't tell if you're kidding.

And I don't really care what logs are kept, because any such log is one dodgy programmer, one bribed sysadmin, one lost private key away from being totally or partially compromised.

The system we have works and would require the complete and flawless cooperation of thousands of conspirators -- including mutually hostile, cross-checking party officials -- to subvert the outcomes.

Doesn't need to be that complicated. The UK system has a (paper) record of ballot paper numbers.

There is nothing that prevents an online voting system from having a truly secret ballot. There is a class of algorithms[0] designed to compute a verifiable result from private inputs without revealing those inputs. One of the major applications of them being researched is voting.[1][2][3]

[0] http://en.wikipedia.org/wiki/Secure_multi-party_computation

[1] https://eprint.iacr.org/2014/075

[2] http://arxiv.org/abs/1502.07469

[3] https://www.iacr.org/cryptodb/data/paper.php?pubkey=2203

Normally I would agree with you, but only if we insist everything has to be completely over the internet. If we make it so that voters have to collect a random token from a box (ie you stick your hand in and take one) and that they have to show id to get to pick one then there is no way to vote twice (at least not without a fake id) and no way to connect the voter to the vote. It does require on site access but that could be allowed over a period of several months if need be.

We already have voting by mail, of course, but this way you get to wait until election day to cast your actual vote and it is too easy to connect the vote to the voter.

The issue with a gun being pointed to the head could be solved rather easily by issuing every voter a random number of votes and marking on as special (perhaps it comes in another envelope). All none special votes are automatically ignored, so you would gain nothing by pointing the gun at somebodys head.

This also solves the software trust problem: allow an open specification and an API test endpoint and somebody will write an open source voting program. As a bonus the software could submit the votes to an api at all the registered parties and any news org so that everybody could agree on the count.

The physical vote token is an interesting idea that I've not seen before.

I think mail-in ballots are the best option. Oregon does them, but I'm not sure what other places do.

Every voter gets a ballot mailed to them far in advance of election day along with a booklet outlining the benefits/consequences of measures we're voting for, what each potential representative wants to do, etc. You can take the time to research all available options and make an informed vote, then mail your ballot in at your convenience or drop it off at any library.

Far, far better than having to get up early in the morning and being around people who might attempt to grill you before/after you vote. Less chance of votes being manipulated since there's a paper trail, too.

I really don't know why the rest of the US doesn't do it this way.

That's definitely a "head of household can enforce votes" system, and in countries without strong ID systems is especially vulnerable to creating nonexistent voters.

Edit: relevant link on insecurity of voter registration in "the United Kingdom's shambolic electoral system": http://www.bailii.org/ew/cases/EWHC/QB/2013/2572.html

Sure, but you need to sign your ballots, and if someone's forcing you to sign your ballot or forging your signature, it's a crime.

There's far less social pressure when you can fill out your ballot whenever and wherever than needing to line up somewhere and deal with the social pressure of voting "properly."

No method is perfect, but I think the issues with mail-in ballots are nowhere near as bad as the problems voting booths present.

What social pressure is there in the voting booth? What do you mean by voting "properly"?

>voters cannot vote anonymously

Is it information-theoretically impossible to devise a cryptographic protocol that allows all the desired properties of voting (verifiability, anonymity, preventing double-votes, ....)?

I recall that there exist some protocols that provide at least some of those.

If it's not impossible then it's not unpatchable. Someone just has to come up with the right method to do it.

Could you elaborate a little bit more on those protocols that you mention? Massively interested in those!

I've mostly read about them in passing, but a quick google search turns up some results. They seem to rely on at least partially homomorphic encryption.




Interestingly, the NSW iVote seems to share some ideas with helios. They both appear to use ElGamel encryption, which is a [partially] homomorphic algo.

I don't know anything close to enough about ElGamel to comment on their implementation with any authority whatsoever, except to note that it looks very different to others I've seen. The challenge/proof parts in particular look unusual to me - I haven't spent a lot of time looking into their implementation, so it could just be parsing failure on my part, but it doesn't appear at first sight to use the usual fiat-shamel method other ElGamel implementations I've seen tend to.

Interestingly https://vote.heliosvoting.org/faq gives the answer no to "Should we start using Helios for public-office elections?" on the grounds the people's computers are too easily compromised for this to viable. So perhaps the issue is not the protocol at all?

according to the technical paper they don't even attempt to provide any form of coercion-resistance, so that would already fail one of the criteria usually required of public elections.

But yes, computer security certainly is a problem. But I think it's not intractable. We manage to get online-banking to work with acceptably low compromise rates despite huge monetary incentives to attack them.

So maybe if they handed out small, non-personalized cryptographic devices (similar to TAN generators) that can do all the essential operations and talk to a smartphone to retrieve a ballot and submit the vote then e-voting could work.

It would essentially be your own little portable voting booth. It's important though that the device should be separate from the key used to vote, so you could swap devices and re-cast your vote if you consider it compromised for any reason.

Sweet, thanks for the effort!

What (end-user) computer system do you run it on that's secure enough?

The government could promise to maintain anonymity for online voting, and it wouldn't be any more or less believable than for in-person voting. It would be trivial to subtly mark ballots to track who voted for what, or heck, even hide cameras in the booths.

That would be a problem if internet voting was the only option, but surely if the "normal" way of voting was still to come in to the polling place on the day and cast a paper vote, then online voting as an option for people who are unable to make it to the polling place on the day is not a bad idea?

How do you solve the coercion problem ? How do you solve ballot corruption (ie. I'm selling my vote on ebay) ?

Can you do that even now? I can trivially bring a cellphone into a voting booth and take a picture even now.

That picture could be shooped, therefore it does not provide proof to the coercing party.

The threat model for coercion-resistance is providing proof to someone after you have cast your vote.

The threat model for anonymity is that an observer - either a 3rd party or someone colluding with the voting authority - that does not have access to the voting client itself.

Voting-at-gunpoint coercion as threat model cannot really be defended against because it basically implies that the attacker has full control over the voter. Even some scheme that would allow vote retraction/recasting wouldn't help since the attacker could simply keep threatening the voter until the election is over.

This is illegal in the UK, although not enforced: http://www.halsburyslawexchange.co.uk/election-day-selfies/

We already have postal votes, don't see how internet votes would be worse

Let's say I'm trying to force you to vote for my candidate. Am I going to be happy with you taking the option of going to the polling place to vote privately? No. You'll do it right here where I can watch you click the button for my guy.

Coercion is a problem even with paper ballots, though. I could force you to take a picture with a cell phone of who you voted for on threat of violence.

Any modern voting system should provide deliberate protection against this by letting you claim to have voted for any candidate.

Let's say you're in the voting booth and have taken the picture. You can then do at least one of the following:

  - Exchange your ballot for a blank one and fill it out again
  - Fill in the check box and vote for your real candidate
  - Spoil your vote

This. It's pretty common practice around some parts of the world.

Is that really a problem? There's nothing stopping anyone from pointing a gun at my head and demanding I transfer all my savings to their account. That would have more impact on my personal wellbeing than someone stealing my vote. But we don't ban internet banking.

If somebody steals your savings, one person is affected - you. And while pointing a gun to one person's head will work, it won't scale.

But if somebody works out how to steal an electronic vote, such a solution is likely to scale, and to compromise the outcome of the election, which would have a massive collective impact.

iVote in a nutshell:

"The NSWEC believes that unfettered access to source code by the general public would not be in the best interest of the State" (http://www.elections.nsw.gov.au/__data/assets/pdf_file/0003/...)

This apparently matters so much that it was specifically criminalised:

"A person must not disclose to any other person any source code or other computer software that relates to technology assisted voting under the approved procedures, except in accordance with the approved procedures or in accordance with any arrangement entered into by the person with the Electoral Commissioner. Maximum penalty: 5 penalty units, or imprisonment for a term not exceeding 6 months, or both." (http://www.austlii.edu.au/au/legis/nsw/consol_act/peaea19123...)

Oh, and the whole thing runs on custom javascript crypto: https://cvs.ivote.nsw.gov.au/scy-libs/crypto-lib.js

Most likely because they are using a closed source platform. Fair enough if you are disclosing a companies IP.

From back in May last Year:

"NSWEC is working with voting provider Scytl [http://www.scytl.com/en/] to improve the use of cryptography. It will also incorporate a verification system in which encrypted votes are sent to both NSWEC and an independent auditor, allowing two sets of data to be compared to ensure votes have not been tampered with."

Interesting that on Scytl's website NSWEC isn't listed as a customer. [http://www.scytl.com/en/customers/]

I realize the inherit issues with rewriting crpyto, but does the javascript-ness of it matter? Serious question, I feel like I've heard saying that it can be a factor.

People who object to javascript crypto usually mean that in the context of "browser javascript", which is fraught with peril [1]. The javascript language itself isn't necessarily the problem (although parts of it are dodgy by the standards of what you'd like to implement crypto with).

[1] http://matasano.com/articles/javascript-cryptography/

gtank explains the browser crypto problem well - there are a few issues writing JS crypto on the server though.

I've been going through the CryptoPals challenges with Node.js and have hit a few snags, virtually all of them involving types. I've switched to TypeScript and things have gone much smoother.

The crypto module does add some padding unexpectedly, though I'm not knowledgeable enough to say if that's according to spec or not.

The narrative here is confusing..

  The Chief Information Officer of the Electoral Commission, Ian Brightwell,
  claimed Halderman and Teague’s discovery was part of efforts by “well-funded,
  well-managed anti-internet voting lobby groups,” an apparent reference to our
  friends at VerifiedVoting.org, where Halderman and Teague are voluntary
  Advisory Board members.
So, the CIO complains it's a smear job by an anti-internet-voting lobby group, (which it apparently was?)

  Yet at the same time, Brightwell concluded that it was indeed possible that
  votes were manipulated. Happily, despite criticizing the messengers, the
  Electoral Commission admitted that there was a FREAK flaw with iVote and
  scrambled to promptly patch it. 
Then they admitted the vulnerability and rushed to patch it. Which is exactly the hoped-for response?

So what is South Wales doing wrong here, you know, other than trying to let people vote over the internet, which is a horrible idea, only perhaps matched by the absurdity of our current generation of e-voting machines? I understand their hands are not clean in many other regards with this program, but patching their cipher suite just doesn't seem newsworthy...

BTW, an open source voting machine platform (for use at the polling station) sounds like a great project for USDS or 18F.

There is only one correct response: "We thank the researchers who pointed out our mistakes, and apologize to all voters for our failure to adequately secure a vital system.".

The only correct response now, on the other hand, is the immediate firing of this "CIO", who clearly does not have the mentality necessary to be a CIO or a public servant.

They should also thank the researchers for not making 66,000 votes count towards something ridiculous, because unless I thought they would freak out about my way of proving a point, I would probably have did that when I told them how to secure their thing.

Then again, thanks to the wonders of the group voting ticket, the bar for getting a clearly ridiculous result is pretty high:

"In the New South Wales Legislative Council election of 1999, the Outdoor Recreation Party's Malcolm Jones was elected with a primary vote of 0.19%, or 0.042 of a quota."


This kind of result is perfectly valid. If candidates A and B are polarising, and candidate C is a compromise candidate, and you have a preferential voting system, then it makes sense that many people would put A or B first, and C second, producing a victory for C despite almost zero of the primary vote.

Of course, realistically, what probably happened in this case was more to do with party preferences and backroom deals, because you can give the voters an awesome voting system but then they'll just turn around and ask someone else to tell them what preferences to give anyway...

By ridiculous, I mean "steve the armadillo" just got elected. Or something of that sort.

> So what is South Wales doing wrong here

FYI, it's New South Wales (NSW). Nothing to do with the lower portion of Wales in the UK.

Because, you can slander everyone who discovers vulnerabilities in your software, and you can even lobby to make it illegal to disclose those vulnerabilities, and throw people in prison over it, and so on... and your software will go right on being vulnerable. You can put every security researcher and white hat in the world in prison on trumped-up charges and throw away the keys, and it will not make your software one bit more secure.

It's like, even if I convince every human being alive that I am not bound by the laws of gravity, if I jump off a cliff I will die all the same. To think otherwise is insane, but for some reason when it comes to software (and hardware) security we give people like Ian Brightwell a pass.

I'm OK with something like, 'the people who targeted the site had an agenda to find a hole, they found one, and they were happy to find it. I'm happy to hear about it from them via responsible disclosure and to have fixed it promptly. That would be close enough to ideal for me, and it seems like that's pretty much what happened.

If they denied the hole, or tried to cover it up, or did anything other than fix it immediately upon learning about it, really, that's the most we can hope for.

Did they slander the researchers?

> Brightwell said fears over the system’s integrity were being fanned by “well-funded, well-managed anti-internet voting lobby groups”.

I think this is a bad attitude, but I would agree that it could be (and too often is) a lot worse.

> So what is South Wales doing wrong here, you know, other than trying to let people vote over the internet, which is a horrible idea...

Was this sarcasm I missed? If not what is so horrible about allowing voting over the internet? To me the concept it brilliant if executed well. Especially for engaging the populace in non-compulsory voting countries where people might avoid casting their vote if it's going to take significant time commitment or simply they have other commitments such as work etc.

Voting over the internet allows intra-family coercion, reducing the freedom of women to vote. It also allows for you to vote in front of the party man and collect a bribe for so doing.

Voting on general purpose PCs is so exploitable as to not be funny. What percentage of the electorate are running unpatched XP?

These are great points and would absolutely be issues without proper implementation. Of interest, user atrip commented elsewhere in this thread:

>In Estonia the pressure issue is solved. One can vote as many times needed. When first vote was given under pressure, one can vote differently later. As many times is needed. Internet voting is not possible on the voting day, only before. That assures that when one has no possibilty to vote without pressure in internet, one has possibility to vote traditionally. Traditional vote overturnes e-vote.

This would also solve the bribe issue. And not to say there aren't issues. I feel the opportunity outweighs the risks personally as long as good practise in the system is followed. The biggest risk in my mind is blatant exploit by the person in power of the system, much like todays rigged elections.

Not sure you should have been down voted, but nevertheless, your question is addressed well elsewhere in this thread [0].

[0] - https://news.ycombinator.com/item?id=9332157

Anonymous but verifiable/auditable online voting is a very hard problem that does not seem to be solved yet. How do you ensure that the remote voter gets one and only one vote while also being able to audit that the intended vote was recorded (it wasn't changed on the wire, in memory or on storage), without linking in any way the vote cast with the voter?

Ensuring that remote voting is not done under any form of duress or monitoring seems essentially unsolvable.

Incidentally, voting in state elections is compulsory in NSW so your example doesn't fit this case either way.

>South Wales

South Wales is in the UK. NEW South Wales is the state where Sydney is, in Australia.

Exactly the same thing happened in Estonia when serious flaws in their system were discovered:


And if you, in an Internet comment, dare to suggest that Estonia's system isn't airtight and hyper-secure, you'll get mobbed by Estonian trolls. :/

As a New South Welshman, I'll mob you if you suggest that the NSW Government is capable of anything but incompetence. Both major political parties are paralysed by corruption [1].

The irony is that a world leading electronic voting system was developed by Andrew Tridgell, who lives in the ACT, which is a stone's throw from NSW (in any direction) [2]. The NSW Electoral Commission was quite free to download the GPL source code and use it as a base. I gather the GPL'd system has since been replaced with a proprietary one by the commercial partner, with the proprietary system being released under the same name [3].

[1] http://www.dailytelegraph.com.au/news/nsw/icac-exposes-the-n...

[2] http://www.elections.act.gov.au/elections_and_voting/electro...

[3] http://archive09.linux.com/feature/38285

"The irony is that a world leading electronic voting system was developed by Andrew Tridgell"

Of Samba, Rsync, rproxy, KnightCap, hacking Tivo, SourcePuller and a host of others. Also COMP8440 at ANU ~ https://www.samba.org/~tridge/

I concur, the entire Opal/Tcard fiasco is already a good example of how things are done by the NSW Government.

As an aside, back in the early 2000's the NSW Government contracted ERG (a Perth based technology company) to implement a Smart Card system for public transport. ERG had already successfully rolled out Smart Card systems for other local public transport systems worldwide to much success, most notably for the Hong Kong public transport system, the MTR (Octopus Card), in 1997, which is still the largest such deployment to date with tens of millions of transactions daily.

Unfortunately the NSW contract ended in lawsuits back and forth with the NSW Government trying to reclaim the project cost and eventually (arguably) led to ERG's demise. Sad that a successful Australian company, a leader in it's field, able to deploy complicated systems worldwide was (in part) taken down in it's own backyard by a (in comparison) pretty straight forward project.

In my opinion it was the patronizing tone Alex Haldermann had when presenting his research, that got certain individuals riled up. About the electronic voting itself, it seemed to me that the most relevant problem that he actually discovered was lapses in the operational security during the vote counting process, where certain procedures weren't done correctly or were outright ignored.

Everyday Australia inches one step towards being the new China. This is a drop in the bucket compared to the kind of legislation the TPP when passed will impose on Australians.

Slavoj Zizek has been persistently arguing (though I don't think he claims the original observation as his own) that 'western' liberal-capitalist democracy has developed a dangerous infatuation with the Singapore model of authoritarian capitalism and its pro-forma ather than substantive approach to democracy.

In the Singapore model authoritarian capitalism, elected politicians are given very high compensation from the state, to reduce the incentive for corruption. The logic goes, a parliamentarian was paid $1m a year rather than $200,000 a year, you might actually attract the best talent of society, and when you're paid $1m a year, a $100k bribe at the risk of losing your position seems much less enticing. I find there's a grain of truth to that.

In western liberal-capitalist democracies, politicians are paid above average wages, but not enough to deter doing deals behind the public's back with real estate developers, corporations, and many expect a role in business after retirement from politics, in return for doing many favours during their tenure for those very businesses.

You could almost argue Singapore has a benevolent dictator, but that is definitely not true for Western liberal-capitalist democracy. Instead I find this article more descriptive: http://en.wikipedia.org/wiki/Corporatocracy

"The logic goes, a parliamentarian was paid $1m a year rather than $200,000 a year, you might actually attract the best talent of society, and when you're paid $1m a year, a $100k bribe at the risk of losing your position seems much less enticing. I find there's a grain of truth to that."

Logically yes, but practically there are many examples proving that increasing salary only have minimal effect or, in turn, increase bribe size. Just to name few examples:

1. https://www.aae.wisc.edu/events/papers/DevEcon/2014/foltz.11...

2. http://mpra.ub.uni-muenchen.de/41815/1/MPRA_paper_41815.pdf

2. http://www.independent.co.ug/News/news-analysis/4625-can-hig...

We find that due to raised salary impacts for Ghanaian police officers relative to customs agents causes the police to increase the value of bribes taken at each individual stop by between 20-40 percent (~$0.20 - $0.40), increase the total amount taken on the road, even while they reduce the number times they receive a bribe.

Bribe size is increased, frequency is decreased, which is what you'd expect from increasing salary of a public official for the purpose of reducing corruption.

Take it to the extreme and increase their salary to USD$1m per year, and the frequency could drop to 0 or 1, and the price could be $10m, so fewer instances of corruption would happen because fewer people can afford it.

Public officials are also people. Most people have the same inherent desire to be good, and yet most are vulnerable to same temptations. The reality is not dictated by law.

Of course, good enforcement and punishment of corrupt behaviour is also required.

IMHO, taking 1 bribe of 3000$ instead of 3 bribes of 1000$ doesn't make you less corrupt.

You're right, I think most if not all politicians are corrupt in some way or other, and if they are all there are to build governments with, then they will have to do. You could try to start yet another revolution to get rid of the corrupt officials in government, and after much bloodshed you might even succeed, but I think you know as well as I do how long that lasts.

That's not an unreasonable argument. Here in NZ various political leaders (e.g. Don Brash) and prominent business lobbyists (members of the now-defunct Business Roundtable, for example) have been quite open in their desire to see New Zealand be "more like Singapore" (though not, curiously, on topics such as large-scale state intervention in housing or telecommunications, for example).

The Singaporean model works in Singapore. Australia just has incompetent government.

Rule of law and simple, transparent regulations are way more important than occasional voting. Especially if people can still vote with their feet.

Why China, and not the US, which also engages in these kinds of shennanigans, and has a massive domestic surveillance agency? If you want a big brother that spies on your comms and kicks down your doors, we already have an English-speaking role model. And it already has it's tendrils entrenched - it's not like anglo democracies will extradite their own citizens to China, but it happens with the US.

The "emergency" bulk internet surveillance is chilling too.

I'm not terribly worried about this actually, it seems more like general incompetence and pandering to our friends in Hollywood rather than an intentionally malicious step toward mass surveillance. I don't think its really capable of tracking anything more than who is download GoT on a regular basic... /sarcasm

Seriously though it is indeed concerning the way both major parties are heading with this, even if they had the best intentions its a nasty path.

> Everyday Australia inches one step towards being the new China.

Not sure. At least China gets investment in infrastructure done.

To be fair, Australia is not turning unwilling internet users into an attack force through their infrastructure. What they're doing in this case is weaselly - but hey, at least they've attached their names to their actions.

Less an illusion of accountability than a public intimidation tactic.

I'm not talking about Internet only. Public transport is woeful, too.

I find the main media silence regarding vulnerabilities in the Electronic Voting Machines in India similarly baffling.

Maybe vulnerabilities in the tech are simply not that important.

I think its the assumption that EVM's are built as a blackbox and so unhackable. Snowden has revealed enough to suggest that may not be the case, so it is quite surprising.

missing /sarcasms? I hope so..

This was actually reported a couple of weeks ago [1] in the some of the less populist Austrlaian press. Didn't seem to get much more media traction it seems.

[1] http://www.abc.net.au/news/2015-03-23/ivote-security-hack-al...

Two things would help online voting tremendously:

1) Open-source code. That's how you find the bugs and build confidence.

2) Opt-in privacy. Ballots could be like Facebook-posts - public by default, with optional privacy. After the election closes, the results would be posted on the web where everyone who voted publicly could verify that their own vote was counted correctly.

One thing I always wondered about traditional voting, how are the final counts transferred to the central counting system? Electronically? If so, do we know if this transfer is secure?

In Australia the ballots are counted multiple times, including an initial count at each of the booths. They're then physically relocated to Electoral Commission offices for recounting, usually twice.

All ballot boxes are numbered and a tally of votes cast is kept. Each box is sealed in the presence of party scrutineers with numbered tags and signed for. It's sealed and tagged again before shipment. Each is opened and signed for in the presence of scrutineers.

The number of ballots is compared to the number of names marked off the electoral roll at each booth.

If a sufficiently large irregularity occurs, one of the political parties will take the matter to the Court of Disputed Returns, which can force fresh elections. This happened recently because several ballot boxes for Federal Senate votes in Western Australia were lost by the AEC. The number of votes in question were enough to leave the 6th Senate seat in doubt, so the Court voided the election.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact