Victorian inquiry backs limited Internet-based e-voting

A Victorian parliamentary inquiry has backed the roll out of Internet-based voting for state elections, but only in limited circumstances. A report by the state parliament’s Electoral Matters Committee on the issue was tabled yesterday.

The inquiry endorsed the use of remote electronic voting for electors who are blind or have low vision, suffer motor impairment, have insufficient language or literacy skills, or who are eligible to vote but interstate or overseas.

Internet-based voting should be backed by the “most rigorous security standards available” to the Victorian Electoral Commission (VEC), the report recommended.

In the wake of the 2016 federal election, both Prime Minister Malcolm Turnbull and opposition leader Bill Shorten called for a move towards electronic voting at a federal level.

Electronic voting was first used in Victoria in the 2006 state election as part of a pilot staged by the VEC. Kiosk-based ‘Electronic Assisted Voting’ (EAV) was offered at six locations (five in Melbourne and one in Geelong) for low vision voters.

In the 2010 state election, kiosk e-voting was available at the state’s 101 early voting centres as well as eight interstate voting centres and two locations in the UK.

In that election, those eligible to use the system was expanded from the vision impaired to include electors with motor skill impairment, electors with a first language other than English, and those with low or no English literacy. At that election, blind and low sight voters also had the option to vote via telephone.

In the 2014 Victorian election the open source vVote system was used. The system was available at 24 locations in the state and one in the UK.

In Australia, limited Internet-based voting has been employed for NSW and WA state elections.

In both those states, remote e-voting has been based on the NSW Electoral Commission’s iVote platform, which offers both browser-based Internet voting and telephone voting. iVote was used in the 2011 and 2015 NSW state elections as well as in this year’s WA election.

“During the inquiry the committee heard from the VEC, the NSW Electoral Commission [NSWEC] and the Western Australian Electoral Commission [WAEC] about Australia’s path toward electronic voting,” the Victorian report states.

“All three electoral commissions provided the following advice; while kiosk-based electronic voting is theoretically safer, NSW’s iVote system offers a tried and tested approach to remote voting which, while not perfect, has successfully harvested over 330,000 votes at the 2011 and 2015 NSW state elections combined.”

vVote over three elections facilitated fewer than 2000 binding votes, the report states by way of contrast.

The VEC, NSWEC and WAEC indicated to the inquiry that “electronic voting requires a harmonised, national approach,” the report states. It adds: “iVote is successful in NSW but it makes little commercial or economic sense to implement a state-by-state based approach to remote voting.”

The Victorian report recommends that the VEC work closely with the Australian Electoral Commission and the electoral commissions of the state and territories to develop “agreed principles of integrity and security for any electronic voting system, as part of a coordinated effort to develop a national electronic voting capability in Australia.”

The report notes, however, that the robustness, privacy and verification method of iVote have been challenged — including by a researcher, the University of Melbourne’s Dr Vanessa Teague, who in 2015 uncovered a security vulnerability in iVote that could potentially be exploited to stage man-in-the-middle attacks to subvert votes.

A report released in November 2016 by the NSW parliament’s Joint Standing Committee on Electoral Matters recommended against expanding the use of iVote and called for an inquiry into the system’s security before the 2019 state election.

The system should only be used in that election if a range of security concerns are addressed, the report stated. In addition, iVote’s source code should be released to increase the opportunities for scrutiny, the report said.