15 Feb 2016

Is internet voting secure enough to use?

From Nine To Noon, 9:08 am on 15 February 2016

Photo: 123RF

Serious weaknesses exposed in an online election in Australia are a warning for upcoming New Zealand local body elections, a computer security expert is warning.

Eight councils throughout New Zealand are due to trial online voting in local body elections later this year: Selwyn, Wellington, Porirua, Masterton, Rotorua, Matamata Piako, Palmerston North and Whanganui.

University of Melbourne computing expert Vanessa Teague did an analysis  of the iVote internet voting system used in the New South Wales (NSW) state election last year, and she and the University of Michigan's Alex Halderman have found a way to break into the system and interfere with votes. 

She told Nine To Noon there had been a lot of assurances about the safety of the system, and she wanted to test it and see if this was true. 

To avoid doing anything illegal they used a practice server set up by the NSW Electoral Commission for people to try out the new system. Dr Teague said they were able to change votes and to violate voter privacy.

"It only takes one problem to expose the whole chain.

Hacking the iVote system would be "pretty challenging", but was something that a fair number of people had the skills to carry out, she said. 

"There is only two things that you want your election to do. One is is you want it to keep the votes private. Two, you want to make sure you got the votes that voters actually asked for. And we showed neither of those things was true for iVote."

While there was no evidence that the election system had actually been hacked, this lack of evidence was itself serious, Dr Teague said.

"It's not just that it was insecure, it was that it wasn't verifiable. So we just don't know."

The NSW electoral commission did not understand or acknowledge the seriousness of the problem, she said.

No online election system was fully secure, so while the NSW bugs had been fixed, Dr Teague was concerned others would pop up in future elections. 

electionz.com is running the online voting system for six of the local body elections. 

Managing director Steve Kilpatrick said he had looked at online elections worldwide, and was aware of the problems in NSW.

electionz.com would use different underlying technology, and independent security experts would carry out tests, he said.

People would receive voting papers as usual, but this would include an access code and password so they could vote cast their vote online. People could go to their local council office to verify that the vote they cast went to the right recipient if they had concerns, Mr Kilpatrick said. 

Listen to Vanessa Teague on Nine to Noon: