Security researchers warn of online voting risks

Australia should reject any form of online voting that doesn’t support a rigorous method of verifying that fraudulent ballots haven’t been cast, a group of high-profile security researchers has argued.

The warning comes as the company that helped develop New South Wales’ electronic voting system calls for use of its software at a federal level. Scytl, the company that helped develop the iVote platform employed by the NSW Electoral Commission (NSW EC), has called for expanded use of online voting at both the federal and state level.

The company is advocating for the use of iVote by blind and low-vision Australians at the next federal election, and for the government to investigate the potential use of the platform to collect votes from overseas voters.

“Scytl sees secure electronic voting and specifically secure internet voting, as a means to collect those votes that are otherwise ‘hard to get’ - those with accessibility issues, those who are travelling on election day, and an ideal substitute for declining postal voting services,” states a submission by the software company to a federal parliamentary inquiry examining the lessons of the 2019 election.

The company said that the NSW EC  “has invested significant time as well as human and financial resource in implementing the iVote system.”

“This was done initially to support the collection of votes from the visually impaired and the system has gone on to show benefit to travelers and others with difficult to collect votes,” the submission adds. “Scytl would be pleased to support the extension of the iVote system to operate for Federal elections.”

In a submission to an ongoing Victorian inquiry examining the conduct of the state’s 2018 election, Scytl said that iVote should be employed in Victoria as an alternative to postal votes and to support visually impaired voters. The company also argued that an Internet voting system should be available as an alternative to postal votes for local government elections.

“Scytl suggests that rather than wait for a national platform to appear, the larger states should take a lead by developing skills in the online voting space so as to understand the operations, risks and benefits of such a system,” states the submission signed by Lachlan (Sam) Campbell, the director of Scytl Australia.

However, security researchers have cautioned that the track record of online voting systems, including in NSW, show that paperless e-voting would be a mistake.

In a submission to the Victorian inquiry, University of Melbourne academics Dr Chris Culnane and Associate Professor Vanessa Teague argued that iVote “has been proven vulnerable to fraud as a result of a series of serious errors and security problems.”

The duo has previously been instrumental in unearthing security vulnerabilities in iVote that would allow a potential man-in-the-middle attack. Earlier this year, Teague was part of a team that found flaws in the Swiss Post-operated sVote system, which was also developed by Scytl. Some of those flaws were present in iVote, although the NSW EC said that they were not able to be exploited.

iVote was also used in Western Australia during the 2017 state election. In their submission, Teague and Culnane said that in the WA election their team had found votes using the platform were funnelled through a CDN that could potentially “read and alter votes”. “It was revealed recently that the content delivery network itself had a vulnerability that dated back to 2017 but hadn't been noticed at the time,” the submission adds.

Teague and Culnane along with Melbourne Uni colleagues Dr Michelle Blom and Dr Andrew Conway, as well as Professor Rajeev Goré from ANU and Professor Peter Stuckey, also made a submission to the federal inquiry, recommending against the use of “Internet voting, email voting, web-loading PDFs or any other form of remote paperless e-voting.”

“Electronic voting risks introducing into Australian elections the possibility of large-scale, undetectable fraud that could potentially be committed from anywhere in the world,” the group argues.

“The key concept is verifiability, the opportunity for voters, scrutineers and the public to detect whether there has been an error or manipulation that changed the election outcome. No existing remote Internet voting system provides this in a way that meets the needs of Australian elections.”

Earlier this year the NSW EC launched a program offering researchers access to the iVote source code used during the 2019 NSW state election in order to assess its security.