Australian Electoral Commission Refuses To Release Vote Counting Source Code

angry tapir writes: The Australian Electoral Commission has been fighting a freedom of information request to reveal the source code of the software it uses to calculate votes in elections for Australia's upper house of parliament. Not only has the AEC refused an FOI request (PDF) for the source code, but it has also refused an order from the Senate directing that the source code be produced. Apparently releasing the code could "leave the voting system open to hacking or manipulation."

Hmmm,

[Lost+Penguin]

Apparently releasing the code could "leave the voting system open to hacking or manipulation."

Makes me wonder who has access now and does not want competition?

Re:Hmmm,

that is a myth, obscurity is a valid security mechanism, it just should not be the only one. good security uses all means available to delay, ward off or prevent security breaches.

Re:Hmmm,

[TWX]

But for security through obscurity to work, the level of obscurity required is generally high, bordering on outright-secret, or the payoff needs to be so scant that there's no reason to bother in the first place.

Security through obscurity might work for something like a power plant control system because we don't know the architecture of the hardware that it runs on, the operating system or if there is a third-party OS, the language it's written in, or even its name, and given the importance of the application it probably wouldn't be permanently Internet-connected, and if it needs to send out notifications it might communicate through a unidirectional RS232 link or something along those lines, or through a transmit-only fiber link (so that there's not even receive hardware on the platform). Certainly there would be some people that really want to break in, but it's exceedingly unlikely that they'll ever be in a position to do so.

Security through obscurity can also work when the system is not terribly important. I don't doubt that the Energy Management System controllers that interface the HVAC systems in commercial office buildings to the computer networks are garbage as far as their code is concerned, but there's not much someone can do with those in most cases. So even if there's ability, there's no real payoff, and the systems are so incredibly simple and underpowered that they'd make for poor intermediaries in a greater attack even.

By contrast, voting equipment is usually distributed widely and is not particularly heavily guarded, and as it needs to be inexpensive to produce in mass quantities it's often commodity hardware, off-the-shelf parts if you will, and there have been documented cases of electronic voting hardware have exposed and functional USB ports. As vote tallies are imortant it's not inconceivable that someone could borrow or steal a voting machine to figure out how it works and to find some way to mass-tamper with them, like distributing USB fobs to their fellows to use on them to load a package. In these cases, obscurity simply doesn't work because the system can't remain obscure.

of-course

[roman_mir]

it's not those who cast the votes, it's those who tally them up that count.

Re:This is complete crap!!!

[sd4f]

Should have finished reading the article, this bit at the end is probably the truth;

"In addition, I am advised that the AEC classifies the relevant software as commercial-in-confidence as it also underpins the industrial and fee-for-service election counting systems,"

What's probably happening is that some "IT" company whose only client is the government/AEC probably makes a fairly decent earn out of licensing out the software and supporting it during elections. There's a fair bit of corruption like this in Australia, and I am starting to think that someones taxpayer subsidised livelihood is at stake here. Reality is this should always have been open source software and probably available on the AEC website for anyone to download and try out with the full set of figures that are counted.

Take a note from encryption

If your software isn't secure when your source is open, it isn't secure when it's closed. Either it's secure or it's not, but if part of maintaining that security is keeping the source under wraps, your not thinking about security properly. You wont find encryption software claiming that by keeping it souce closed it is increasing it's resilience. If your code can't stand up to scrutiny, then you probably shouldn't be using it,

Flawed vote tallying code

[penguinoid]

Apparently releasing the code could "leave the voting system open to hacking or manipulation."

Maybe they just shouldn't have used code that they know or expect to have vulnerabilities. Open it up to the public; there are plenty of people who will look at it and help fix it.

Re:Security

[Anubis+IV]

It's not just a matter of what could go wrong. It's a matter of what has already gone wrong. They've traded the possibility that a vulnerability will be used to compromise the system for the certainty that the system will be compromised from the get-go. The whole point of securing a system such as this one is to ensure the credibility of the results, but security (regardless of the variety) can't add credibility to something that never had it to begin with.

Corruption

[countach]

So what the AEC is saying is that the election is safeguarded by what is called "security by obscurity". Or in other words, rather than having the software open so that security researchers can point out its flaws, you leave the flaws in place and hope that nobody knows what they are.

People who rely on this method, are known in security circles as "blathering idiots", "damned fools", "corrupt officials hiding something", and various things like that.

It's the moral equivalent of giving all the paper ballots to one single pointy headed official, asking him to count them, and then believing whatever number he decides to cough up. That's what you expect in Cuba, and other dictatorships.