Review calls for CIO at Queensland’s electoral commission

There is an “urgent need” for the Electoral Commission of Queensland (ECQ) to invest in technology, including potentially appointing a permanent chief information officer, an independent panel scrutinising the conduct of Queensland’s 2016 local government elections has concluded.

The Queensland government established the inquiry following a large number of complaints relating to the conduct of the 2016 local government elections, a referendum on fixed four-year terms and the Toowoomba South by-election.

The report was tabled in state parliament today.

The 2016 elections and referendum were the first in the state to be conducted without paper electoral rolls, with the ECQ rolling out Electronic Lookup and Mark Off (ELMO) on tablet devices, and Electronic Certified Lists (ECL) on notebooks. The commission also piloted ballot paper scanning in some areas.

“There were many challenges arising from these significant changes,” the report states. “In particular, there were serious issues around the management of the move from printed electoral rolls to electronic rolls.”

One criticism levied at the ECQ in the aftermath of the election was the speed of tallying and reporting votes.

On the night of the local government election, 19 March, the ECQ website went down due to the volume of traffic it was receiving.

Measures to mitigate denial of service attacks were automatically activated; however an analysis by Queensland government ICT service provider CITEC determined the cause of increased traffic was people legitimately attempting to access the site.

A submission to the review by Department of Science, Information Technology and Innovation director-general Jamie Merrick said that unlike previous elections, ECQ did not request CITEC load test the website.

ICT was a major problem during the 2016 elections, the review panel concluded.

“The ECQ relies heavily on technology to conduct elections but does not have a permanent and full-time Chief Information Officer,” the report noted

“The inquiry has identified serious ICT governance issues at ECQ including the level of risk assessment performed, end to end testing, system simulation, and dry runs in the lead up to the election,” the report states.

“This was highlighted in systems’ failure on election night and issues such as the purchase of new computers only three weeks prior to the election with little concern as to the robustness of the systems, computers locking users out and batteries needing to be recharged regularly.”

The report recommends the state’s CIO review of all aspects of ECQ’s ICT, including “technology processes, systems, personnel and contracts”. “This may include the recruitment of a permanent CIO,” it states.

The ECQ “should make ICT a priority, ensuring use of the best of breed technology available,” it adds.

Other recommendations include the use of e-voting by the 2020 election at some pre-polling an polling booths, and that the ECQ investigates the long-term potential of Internet voting and “begins to prepare for full online voting at the first appropriate election”.

“The Government notes that ECQ has established an information Management and Information Communication and Technology Committee with external membership,” the state government's response stated.

“The Government has an expectation that the Electoral Commission of Queensland adopt and maintain compliance with the ICT policies and standards of the Queensland Government Enterprise Architecture (QGEA), with particular emphasis on the ICT Program and Project Assurance Framework,” the response states.

“This sets out a requirement for all high and extreme risk ICT enabled programs and projects to implement assurance reviews at specified times in the life cycle of their implementation. The effectiveness of these reviews is further enhanced by the requirement for them to be independently reviewed by Queensland Government Chief Information Office.”