Australian Electoral Commission Refuses To Release Vote Counting Source Code

angry tapir writes: The Australian Electoral Commission has been fighting a freedom of information request to reveal the source code of the software it uses to calculate votes in elections for Australia's upper house of parliament. Not only has the AEC refused an FOI request (PDF) for the source code, but it has also refused an order from the Senate directing that the source code be produced. Apparently releasing the code could "leave the voting system open to hacking or manipulation."

Security

... through obscurity. What could possibly go wrong?

Re:Security

[Joe_Dragon]

some pays the coders $$ so that they will win

Re:Security

[Anubis+IV]

It's not just a matter of what could go wrong. It's a matter of what has already gone wrong. They've traded the possibility that a vulnerability will be used to compromise the system for the certainty that the system will be compromised from the get-go. The whole point of securing a system such as this one is to ensure the credibility of the results, but security (regardless of the variety) can't add credibility to something that never had it to begin with.

Re:Security

[X10]

This gets scored "Funny". I think it's sad, very sad, that there's still people who think that keeping their source code a secret makes their software more secure.

Re:Security

This gets scored "Funny". I think it's sad, very sad, that there's still people who think that keeping their source code a secret makes their software more secure.

Depends on how you define secure. If no one will actively work on improving it, you're not suggesting that keeping source code a secret makes it any less secure, are you?

Re:Security

Posting AC since I modded it 'insightful' -- it is current modded 50% funny & 50% insightful.

I understood the 'funny' moderation to mean 'ironic' or 'sarcastic funny'. Slashdot allows 11 mod choices, clearly not enough but more would be worse/unmanageable!

Re:Security

[INT_QRK]

The confusing part of the conversation, I think, is the straw man idea of "releasing" the source code in order for it to be determined secure. What does "release" in that context even mean? If security is in question (which I assume to mean the constituent attributes of Confidentiality, Integrity and Availability), which security should always be for such a system, then one could use a trusted broker to examine and report on inspection and test of the architecture and code without "releasing" the code so that anyone could examine it, presumably to facilitate vulnerability discovery.

Hmmm,

[Lost+Penguin]

Apparently releasing the code could "leave the voting system open to hacking or manipulation."

Makes me wonder who has access now and does not want competition?

Re:Hmmm,

[mtempsch]

Makes me wonder who has access now and does not want competition?

Even if that [hypothetically] isn't an issue, security through obscurity is no security...

Re:Hmmm,

[litehacksaur111]

I firmly believe that all electronic voting machines should have full source code released and receipts that should be printed and signed by the voter and placed in a box next to the machine in case of recounts or verification questions.

Re:Hmmm,

that is a myth, obscurity is a valid security mechanism, it just should not be the only one. good security uses all means available to delay, ward off or prevent security breaches.

Re:Hmmm,

[war4peace]

They don't understand how it works, therefore they're afraid of it.
Don't assume malice when you're simply facing incompetence.

Re:Hmmm,

Australian senate elections don't use electronic voting machines to record elector's votes.

The AEC use this software to allocate preferences derived from the 'group voting ticket' ballots on pieces of paper (http://en.wikipedia.org/wiki/Group_voting_ticket)

Re:Hmmm,

[TWX]

But for security through obscurity to work, the level of obscurity required is generally high, bordering on outright-secret, or the payoff needs to be so scant that there's no reason to bother in the first place.

Security through obscurity might work for something like a power plant control system because we don't know the architecture of the hardware that it runs on, the operating system or if there is a third-party OS, the language it's written in, or even its name, and given the importance of the application it probably wouldn't be permanently Internet-connected, and if it needs to send out notifications it might communicate through a unidirectional RS232 link or something along those lines, or through a transmit-only fiber link (so that there's not even receive hardware on the platform). Certainly there would be some people that really want to break in, but it's exceedingly unlikely that they'll ever be in a position to do so.

Security through obscurity can also work when the system is not terribly important. I don't doubt that the Energy Management System controllers that interface the HVAC systems in commercial office buildings to the computer networks are garbage as far as their code is concerned, but there's not much someone can do with those in most cases. So even if there's ability, there's no real payoff, and the systems are so incredibly simple and underpowered that they'd make for poor intermediaries in a greater attack even.

By contrast, voting equipment is usually distributed widely and is not particularly heavily guarded, and as it needs to be inexpensive to produce in mass quantities it's often commodity hardware, off-the-shelf parts if you will, and there have been documented cases of electronic voting hardware have exposed and functional USB ports. As vote tallies are imortant it's not inconceivable that someone could borrow or steal a voting machine to figure out how it works and to find some way to mass-tamper with them, like distributing USB fobs to their fellows to use on them to load a package. In these cases, obscurity simply doesn't work because the system can't remain obscure.

Re:Hmmm,

[TWX]

I believe that all 'electronic' voting needs to use a human-readable, human-filled-out paper form that is optically scanned.

Where I live, ballots are large pieces of cardstock with the various questions printed on them, and the voter marks a line between two pre-printed lines (one with an arrowhead pointing at the answer it corresponds with) to indicate preference. The ballots go through the scanning machine and are then deposited into a box like a traditional hand-counted system. If elections are especially close or are challenged by a candidate or group on one side of a particular ballot initiative then the paper ballots are re-counted by machine and by hand. Sometimes a voter makes a mistake when filling out the ballot (like putting X or checkmarks instead of connecting the lines) but if the election official can determine the voter's intent (ie, a checkmark next to a particular candidate's name or in place of where the line should be) then the vote can be counted.

I don't believe that any system of e-voting is practical, even if such a system somehow manages to avoid any sort of tampering with voter's selections.. The electronic safeguards that would be necessary to ensure one voter, one vote would make it impossible to anonymously vote, and the anonymous ballot box is one of the cornerstones of democracy as it prevents a sore winner from seeking retribution against those that attempted to unseat him.

Re:Hmmm,

[gl4ss]

the receipts would need to be anonymous and hence not signed.

unless of course you really want to change how the anonymous, non-sellable non-bullyable voting works in most free countries.

but is this a voting machine or a program used to tally up all the votes from the districts? which could be done with an excel sheet or manual quite easily.

Re:Hmmm,

These aren't electronic voting machines. This is a single computer in the AEC office which is given a table of preferences, a human operator then hand-enters the first-preference totals for each candidate in each seat involved in the election, and the program then uses the second-, third-, etc.-preferences to determine the overall winner. The process is then repeated with a second human operator and any differences are reconciled manually.

That said, the AEC's "trade secret" excuse is bullshit. It's a standard election procedure codified in VB6. That said, the AEC's "security" excuse is bullshit. It runs on a single air-gapped computer, any security issues are to do with how the first-preference totals are collected and given to the data entry operators. The source code has been paid for by Australian tax payers and the AEC is clutching at straws to avoid releasing it.

Re:Hmmm,

[Bert64]

Security through obscurity is an accident waiting to happen... When you talk about a system that noone would bother trying to hack, consider the bitcoin exchange mtgox - it started off as a simple site for trading game cards, and initially bitcoins had very little value - there was very little interest in hacking it. Then pretty much over night bitcoin exploded in value, making it a very tempting target indeed.

Also when you talk about a power plant system, a one way link is the security, not the obscurity aspect.

A secure system is one where even those who know the system inside out cannot break into it.

Re:Hmmm,

[Artifakt]

That's a good argument for using obscurity as just one method in a much larger package, never by itself. If you don't mind me starting from your examples, I'd like to add that even in those examples it will only accomplish much, if anything at all, if the obscurity part is carried out consistently enough to add some value to the other methods. I'd say programming this tool up in VB is itself inconsistent with obscurity. People who find out it was written in VB can make a pretty informed guess as to what sort of hardware is inside the voting machine, just as they could from visible PS2 Ports and USB connectors on the machine exterior, and they can make a really good guess about the OS. So, we know in this case the obscurity part wasn't used very consistently. We can hope the Australians took some other precautions, such as only loading the actual code for a specific election a few days, at most, before the election, not weeks out, or having access ports behind a locked panel, or many similar tricks, but if they didn't get all that right, writing the program in VB has potential to make just about any of those things worse.
          If a potential intruder knows the code is VB, and can make a good guess as to the motherboard manufacturer and type by the layout, numbers, and perhaps even color coding of the ports, that's a great start. Maybe someone can even guess the form factor by that and the overall size the case allows. They can definitely assume it's all running on Windows from the VB, and with a few more assumptions about the establishment trusting genuine Intel, what version of Windows was most commonly in use when that board came out, plus knowing whether that board will boot from a USB divice and so that's a possible easy attack vector, they'd be pretty far along towards developing an exploit. Just imagine what you could safely assume about the OS if you know that system RAM is 256 Mb or less, and the code was originally developed in 2003-5. Hint - XP service pack 1 had support for Java Virtual Machine. Service Pack 1A took that out, and still needed more RAM to run - just knowing the MB RAM limit could conceivably tell you you can take a reasonable shot at an unupgradable version of JVM being available on that machine. Now that's an exploit hole a mile wide - I still wouldn't mention it, except that's been around so long anybody relying on obscurity to protect them from that would leave the keys in their Lamborgini and park it next to a crack den at 2 AM with the engine running. Contrast this with being told the code is in C++ and not having any external cues to the hardware.

Re:Hmmm,

Apparently releasing the code could "leave the voting system open to hacking or manipulation."

Makes me wonder who has access now and does not want competition?

More makes me wonder whether it has already been manipulated or not.

If the inventor wont allow anyone to see how it works, how do you know it really is doing what he claims it is?

Re:Hmmm,

What about human readable computer printed paper that is optically scanned? When I thought about the design of a voting machine, I thought, first have the person make their choices on the screen of the first machine. This machine doesn't count votes, it just produces a machine printed, human readable piece of paper that tells the person's choices in the election using plain sentences (eg For sheriff, I choose Wyatt Erp. On ballot measure 35, I vote Yes. etc ). If the person doesn't like what they read, they try again, until they have a piece of paper that indicates their choices to their satisfaction.

Then, they take that piece of paper, and set it where it can be photographed by a second machine that tallies the vote. This second machine has no moving parts, just a tray on which to place the paper, a camera above the tray and focused on it, a spot to touch when the voter is ready for it to tally, and a light that comes on saying "vote recorded" or "vote not readable" after it tries to record the vote. Because the font and format are both known in advance, it's easy for the second machine to also read the voter's choices. Finally, the voter can fold the piece of paper in half, and put it in a ballot box for use in the event of a dispute.

This way, the voters are required to successfully get past their "can't figure which box to check" problems before they record their vote. It would even be possible to set this system up to allow people to vote using the language with which they are most comfortable.

Re:Hmmm,

[Wootery]

Wait a minute. You're saying pre-SP Windows XP isn't secure enough to be trusted as the basis for a country's democracy?

Now I've heard everything.

Re:Hmmm,

The electronic safeguards that would be necessary to ensure one voter, one vote would make it impossible to anonymously vote, and the anonymous ballot box is one of the cornerstones of democracy as it prevents a sore winner from seeking retribution against those that attempted to unseat him.

Not really. You arrange it so you have two separate systems. The first one is tied to your true identity and permits you access to the polling station (or voting website or whatever). The fact that you visited the polling station, website, whatever, is recorded. If you try again later in the day, the system will recognise that you have already been to vote and will not let you in to vote again. This system knows your true identity but knows nothing about how you vote once you are in the polling station. This is an exact analogue to the system of polling cards used in the UK - you go to the polling station, hand in your card and are then crossed off the list of voters and allowed to go through to the poll booth.

The second system is entirely separate. It exists to present the voting options, register your choice and add your vote to the tally. To take the example of a polling station, when you arrive and register to vote you are given a key - one key per voting machine. You present this key to the machine, it permits access to the vote casting user interface, and once the vote is cast it interlocks the machine from presenting the voting options again until it is removed from the machine and returned to the polling clerk, who inserts it in a "reset machine" facility at his desk. (This is required to stop you just running the voting programme lots of times and casting many votes.) Note that this system knows nothing about your true identity, just that it has been used to register a vote.

Now the simple sketch outlined above doesn't by itself provide a perfect solution - for example, there's nothing to prevent a corrupt polling clerk allowing his friends to go round many times just by giving them the key lots of times, but that is a problem that exists anyway, he could just give them lots of polling cards. And it would be possible to improve the system with relatively little effort so that even a corrupt polling clerk cannot just hand over the key lots of times.

The real question is whether this is all worth it.

Re:Hmmm,

[FatLittleMonkey]

I firmly believe that all electronic voting machines should have full source code released and receipts that should be printed and signed by the voter and placed in a box next to the machine in case of recounts or verification questions.

The system in the article is about counting the pieces of paper we manually write our votes on, because we use a preference voting system (instant run off), if your #1 candidate gets eliminated, your vote gets reassigned to your #2 candidate. In the Senate, there's also a seat-quota system, where preferences simultaneously flow "down" as well as "up", so it's difficult to give the quick result that everyone wants on election night.

The AEC trialled actual electronic voting in one Australian territory, ACT, because it has an even more complex preference system (Hare-Clark).

Here's the source code for the ACT machines: http://www.elections.act.gov.au/__data/assets/file/0004/8185/evacs2012.zip Linux-only.

Re:Hmmm,

that is a myth, obscurity is a valid security mechanism

Not in voting.

No matter how much real security you add, "we are not going to tell you how we count the votes, but rest assured that 90% of the votes did go to El Presidente" is a loud and clear mesage to the voters that they are living in a dictatorship.

Re:Hmmm,

[FatLittleMonkey]

The problem with printing out each vote on site becomes apparent when you look at the history of machine voting. Even punch-card machines (the completely non-electronic punch tables themselves, not the subsequent reader) become unusable during elections because of poor maintenance, lack of cleaning, age, bad design, etc.

With pre-printed forms, you know they are all correct (or all wrong) before the election. With on-site printing, the printers can run out of ink or paper, or jam, or smudge. And that prevents votes from being recorded, which creates delays and long lines, both causing voters to give up. By selectively assigning resources to preferred precincts, and away from undesired precincts, the ruling party can (and do!) target such interruptions to alter the result. You're adding an extra layer of shit to go wrong, and hence be manipulated to go wrong.

Pencil, paper, hand count.

Anything else is more trouble than it's worth. People over-think things.

Re:Hmmm,

[FatLittleMonkey]

They don't understand how it works, therefore they're afraid of it.

That also applies to 90% of the comments in this post. (Or indeed, 90% of comments on Slashdot, full stop.)

That's also probably a better justification for opening source code and design documentation than the usual "obscurity != security" nerd rage. There's less to fear when the lights are on.

Re:Hmmm,

Insightful?

Let's take a hard copy example:

One election official shows you how the voters mark a paper ballot and put it in a ballot box. Describes how election judges from different parties each count the anonymous ballots, how the tallies are compared and reconciled, how the counts are recorded and forwarded to election central for inclusion in the overall count, how the ballots are secured for possible recount, and how the whole process is overseen by observers.

Another election official tells you to drop your ballot in the box, never mind how it is counted - that needs to be a secret in order to prevent fraud, so no observers may be present for any part of the process.

Where would you like to vote?

Re:Hmmm,

[FatLittleMonkey]

Security through obscurity might work for something like a power plant control system because we don't know the architecture of the hardware that it runs on, the operating system or if there is a third-party OS, the language it's written in, or even its name, and given the importance of the application it probably wouldn't be permanently Internet-connected, and if it needs to send out notifications it might communicate through a unidirectional RS232 link or something along those lines, or through a transmit-only fiber link (so that there's not even receive hardware on the platform).

Power companies don't develop bespoke security on their control systems (and would likely suck if they did). A particular power system most likely use off-the-shelf 1970s or '80s Siemens systems whose specs are widely known through the industry because of the decades of technicians who have worked on them.

For example: http://www.wired.com/2013/10/ics/

Security through obscurity doesn't work because it relies on the security of your obscurity, and most of the time your obscurity is weak. Key-based crypto systems are a form of security through obscurity, the obscurity is your key. But you have a reasonable ability to control the key, if they are issued per-person/per-session/etc. A key crypto system becomes useless if the key is distributed to multiple people, because you've breached the security of your obscurity. OTOH, the back-end system for the key-crypto cannot be obscure because someone other than the individual user had to develop it, install it, maintain it, operate it, etc. The same is true of the power station example, since there must be thousands of people trained to maintain such systems, plus all the developers/etc at Siemens, plus any rival company who's reverse engineered a Siemens system to develop "compatible" systems, plus... In the case of a voting system, you've got all the system devs, all the system maints, all the people who have access to the secret Trust Me computer when it's in use, all the people who have access to the secret Trust Me computer when it's not in use, etc. Your obscurity is inherently insecure.

But in the case of voting (or vote counting, in this case), we don't want security through obscurity specifically because obscurity is a known risk in voting systems. We want security through multiple independent observation of the entire process, the more observers the better. A vote count that is carried out entirely within a piece of code on a computer is, by definition, no matter how secure and air-gapped and guarded that computer, unable to be observed by independent observers. It lacks the fundamental requirement of being verifiable.

That's why you can't beat a hand count.

[If they want to put the count on a computer, then every piece of data (in this case, the preference information on individual ballots) should be put on-line - in addition to the hand count. That way, hundreds of independent, 3rd party systems can do a quick electronic count, not just the AEC's secret Trust Me box. (Parties, NGOs, media networks, university politics professors, university statistics students, etc.) Likewise, during the data entry process by AEC officials, on-site observers watching over their shoulders would be able to, would be encouraged to, enter each ballot into their own separate (tablet/laptop-based) systems. If the results of the later official hand count disagrees wildly with the majority of 3rd party systems, it's cause for panic/re-count/inquiries. If a few 3rd party systems get different results from the majority, there's probably a flaw in those. In net, you end up with multiple, overlapping, self-reinforcing and completely open counting systems that assures everyone of the integrity of the system and which gets stronger over time, while at the same time giving the advantage of faster (electronic) results.]

Re:Hmmm,

That's the theory, but in practice the "secret" designs are full of bugs that get shaken out of open implementations. Obscurity is most often used to hide obvious faults with the security and an open system that has been inspected for faults is better than a hidden one where insiders can do probably anything without anyone knowing how to protect the systems.

Re:Hmmm,

[TWX]

The second system is entirely separate. It exists to present the voting options, register your choice and add your vote to the tally. To take the example of a polling station, when you arrive and register to vote you are given a key - one key per voting machine. You present this key to the machine, it permits access to the vote casting user interface, and once the vote is cast it interlocks the machine from presenting the voting options again until it is removed from the machine and returned to the polling clerk, who inserts it in a "reset machine" facility at his desk. (This is required to stop you just running the voting programme lots of times and casting many votes.) Note that this system knows nothing about your true identity, just that it has been used to register a vote.

Except that I have no control or even a method to confirm that this second system is truly a second system. In paper ballot voting in a polling station I physically see that my ballot bears no distinguishing marks before I fill it out, I see that it goes into a hopper with hundreds of other ballots, and I see that they don't note the time that I've come in to vote, only that I have.

I have no such observation of the inner workings of an electronic voting system. They cannot prove to me that they aren't tracking my account with even something so innocent as a simple timestamp relative to when my vote is cast.

Re:Hmmm,

[TWX]

Well, I'd argue pen, paper, hand count, not pencil, but your point still holds.

As voting "irregularities" have been reported on over the years, I've wondered about the possibility of generating ballots on-the-fly. It would be really convenient if one could vote at any polling station in the county or state by simply presenting one's ID and having a ballot for one's various districts generated, so if one's local polling places are overwhelmed or if one wants to vote close to one's workplace one could use a different polling station, but given the failure of governments to maintain voting equipment I don't see how that can be possible. I'd also thought about electronic means that generate a paper receipt, but there's still no real guarantee that the machine tabulated the vote correctly or that the voter will have recourse if the receipt shows something other than what the voter intended.

Hence my support for optical scan with the ability to hand-count.

Re:Hmmm,

All security, aside from a physical barrier, ultimately requires obscurity: obscure passwords, tech used for smart card or biometrics, etc. A few years ago it was even shown that a high-res photo of a typical office key was sufficient to reproduce the key.

You need two components for security: a robust mechanism to assure that only a valid "key" can be used for access, and a way to obscure the method of replicating a valid "key."

Obscurity is an essential component of security, though not sufficient.

Re:Hmmm,

No. Key based crypto are based on secrecy, not obscurity.

Obscurity refers to things which are observable to anyone looking at the system, but which are not *immediately* apparent.
Secrecy refers to pieces of information (such as encryption keys or pass codes) which are known to those who need them, but not otherwise shared. Secrecy can be turned into obscurity if you publish the secret somewhere that observers can find.

Analogy time:
Security: A hardened building with armed guards in the lobby. They *will* shoot you if you can't or won't provide the secret.
Secrecy: The password and ID that you need to provide for the guards to allow you through.
Obscurity: There is a 'maintenance access door' behind the dumpster on the west side of parking level C.

Re:Hmmm,

[FatLittleMonkey]

Well, I'd argue pen, paper, hand count, not pencil, but your point still holds.

Pens in voting booths run out without showing an obvious external sign, you have to test them continuously, one at a time, for the whole day. Pencils in booths can be easily checked by sight at walking pace whether they are blunt without touching them. Much quicker. Also pencils tips don't dry out.

Your concern, I'm guessing, is someone rubbing out the pencil and changing other people's vote? Soft graphite on thin cheap matte paper can't be easily erased without leaving marks or ripping the paper. The marks allow counters/auditors to see changes made to the ballot. A few corrections might be ignored, a thousand ballots in the same ballot box all with the same "correction" either means fraud or a huge design flaw on the ballot. Either way, it's a big red flag.

[I recall reading that the AEC actually chooses their paper & pencil brands specifically for this property.]

Likewise, graphite is just black carbon, it's pretty inert unless you set fire to it. OTOH, many organic inks can be erased with certain basic solvents that otherwise leave the paper unharmed, and metallic inks are never used in cheap pens. In theory you could spray the right fast-drying solvent on each ballot, then re-mark them when they are dry. (More convoluted hence less likely than basic ballot stuffing, but if it's a concern, pens are not the answer.)

I'd also thought about electronic means that generate a paper receipt, but there's still no real guarantee that the machine tabulated the vote correctly or that the voter will have recourse if the receipt shows something other than what the voter intended.

If you are willing to give up the non-sellable/forcible vote, there are one-way functions that can generate keys for tracking ballots. Ie, the voter gets a receipt with a number that enables them to later check their vote online. The key function can't be reversed, so the Ruling Party stooges can't pull up all the votes for Rival Party candidate to to unmask those voters. Indeed, even the personal key isn't linked to the voter's ID, except on the piece of paper held by the voter.

[And therein lies the flaw. It is possible for people to be individually coerced into logging in and showing their vote to Party loyalists. Say by bosses or union heavies. This sort of thing apparently happens in Russia a lot (except using postal ballots), along with the more usual voter intimidation and fraud. Or more peacefully, it allows people to buy votes. "Show me your vote, if it's for Rich Party, win $50".]

Such a system would also allow "floating proxies". A system where you assign your one-vote to a proxy (who either uses it or assigns it to a further proxy) and proxies vote in Parliament/Congress in proportion to the number of votes assigned to each of them. Unlike current representatives, you could reassign your vote as often as you want (hence "floating"), and, unlike current representatives, no voter is unrepresented (because there's no "winning" or "losing" candidates, only proxies.)

[This still has the same flaw. Someone can force you to surrender your key so they can manipulate your proxy.]

Hence my support for optical scan with the ability to hand-count.

Not disagreeing with that part. Except that the hand count should be the "official" count, and the optical scan just the election-night "indicator".

Re:Hmmm,

Blah blah blah blah... All of your concerns are invalid because this is about the Australian Electoral Commission. And voting in Australia is done on pieces of paper.

Re:Hmmm,

[Doghouse13]

I'd also question whether the usual arguments against "security by obscurity" apply in a case where the software is being used "single shot" and infrequently, with massive potential impacts in the event of a breach. The software needs to work right, once, rather than almost right over a continuous period. Frankly it's a case where, gut reaction, I'd prefer the potential bad guys to have no opportunity to spot a potential vulnerability, rather than rely on the overall community spotting and exposing all such loopholes ahead of time. Too much at stake to get it wrong; too much likelihood that a potential vulnerability will remain exposed and unpatched.

Re:Hmmm,

[david_thornley]

I get the impression that security provided by obscurity is generally overrated by people who argue for security through obscurity. This can lead them to skimp on more robust security measures. Moreover, since the obscurity is generally not a problem for a determined attacker, you really do need good security other than obscurity for high-value targets (like election systems). Never rely on obscurity for security when you actually need security. If you can put obscurity into a sound system, go for it.

of-course

[roman_mir]

it's not those who cast the votes, it's those who tally them up that count.

Re:of-course

In other words, it's those who count that count.

This is complete crap!!!

[sd4f]

It's software to tally it up. There's always a paper backup. As an Australian, this worries me.

While our senate voting system is a little odd, adding up the votes isn't simple and can't be done on election night, so it's no surprise to see software being used to calculate it, but with that said, all it has to do is do a number of rounds as candidates reach their quota, and when no one has a quota in that it eliminates the last candidate and moves the preferences accordingly. Our last election, there was even an instance of ~2000 ballot papers going missing, and then supposedly resurfacing much later. The High Court decided on another election for the state involved, which in my opinion is the only fair outcome possible.

If they're worried about hacking it, it's a complete farce; there's no reason why the computer doing the sums even has to be connected to the internet, seeing as I think all the ballots are counted by people (they're farcically large ballots often described as table cloths), they just plod in a few numbers as the data comes in. Someone must be worried that competent, impartial people will have a look and find something which has been giving out porky pies.

Re:This is complete crap!!!

[sd4f]

Should have finished reading the article, this bit at the end is probably the truth;

"In addition, I am advised that the AEC classifies the relevant software as commercial-in-confidence as it also underpins the industrial and fee-for-service election counting systems,"

What's probably happening is that some "IT" company whose only client is the government/AEC probably makes a fairly decent earn out of licensing out the software and supporting it during elections. There's a fair bit of corruption like this in Australia, and I am starting to think that someones taxpayer subsidised livelihood is at stake here. Reality is this should always have been open source software and probably available on the AEC website for anyone to download and try out with the full set of figures that are counted.

Re:This is complete crap!!!

[complete+loony]

http://www.aph.gov.au/About_Parliament/Senate/Powers_practice_n_procedures/odgers/chap18

Orders for production of documents are among the most significant procedures available to the Senate to deal with matters of public interest giving rise to questions of ministerial accountability. It is open to the Senate to treat a refusal to table documents as a contempt of the Senate. In cases of government refusal without due cause, however, the Senate has preferred political remedies. In extreme cases the Senate, to punish the government for not producing a document, could resort to more drastic measures than censure of the government, such as refusing to consider government legislation. (See also Chapter 19, Relations with the Executive Government, under Remedies against executive refusal of information.)

Lets hope that they continue to pressure the government for this information. The rest of the voting process is open, why not the counting software? Or at least easy access to the raw data, so members of the public can analyse it themselves.

Re:This is complete crap!!!

[Mjec]

What's probably happening is that some "IT" company whose only client is the government/AEC probably makes a fairly decent earn out of licensing out the software and supporting it during elections.

We know actually that the software is developed in-house. The AEC does earn some money from licensing the software to other electoral commissions and from using it in union ballots etc.

However, I argue [pdf] that the code used for counting the Senate could be released, because no other election operates that way. What's more I don't think the AEC's competitive edge in the world of elections comes from their great software.

Re:This is complete crap!!!

[lordlod]

If they're worried about hacking it, it's a complete farce; there's no reason why the computer doing the sums even has to be connected to the internet, seeing as I think all the ballots are counted by people (they're farcically large ballots often described as table cloths), they just plod in a few numbers as the data comes in. Someone must be worried that competent, impartial people will have a look and find something which has been giving out porky pies.

They said "hacking or manipulation", they mean that there are potentially bugs which could be triggered by malicious input. The computer doing the tally is not connected to the internet. This is a bit alarmist and they have only tried playing the card recently, the AEC seems to be getting desperate.

The real reason is the other one that they offered, "underpins the industrial and fee-for-service election counting systems". The AEC makes a fair bit of money running elections private organisations and other countries. While what they primarily offer is impartiality, technical assistance is a strong component and they obviously feel that releasing their software would impact that business.

The AEC tallies have been independently verified several times, there isn't a substantial case that the election outcomes are being distorted. However I still believe that the code should be public.

Re:This is complete crap!!!

[MojoMagic]

You are correct. The AEC develops most(all?) of its software in-house. I have helped develop software for them in the past.

Re:This is complete crap!!!

I've written similar code. Here it is, please only read it if you agree to my NDA:

while(paper_in_hopper()) {
    $count++;
}

I've also seen other people's code trying to do something similar. I'm under an NDA, so I can't tell you what the code was, other than to say please don't do this:

$count = $count++;

Re:This is complete crap!!!

[sd4f]

Fair enough, the cynic in me got the better of me.

Re:This is complete crap!!!

Your vote counting algorithm isn't an adequate reflection of the vote system used for elections in Australia. In Australia, we use the proportional representation voting system.

Or

Or it could lead officers on the commission to jailtime. Just sayin.

Nothing to see here, move along.

[GrpA]

This is ridiculous. The Australian government has already sent the software to Russia for peer review, and they determined that it worked perfectly during the Crimean referendum.

I see no reason why the code should be further made public.It could only lead to compromise.

GrpA

Re:Nothing to see here, move along.

[Trepidity]

Surely they wouldn't use the services of a country as untrustworthy as Russia! I have confidence that they'll send it to a legitimate democracy for review, like their close ally Sri Lanka.

Security by obscurity

[chromaexcursion]

A system that few know is far more secure than an open one.
Quit trying to find fault with those who legitimately desire security over openness. Not every close system is suspect.
The stupidest mickey mouse cypher will thwart some of the best hackers, if they don't know the algorithm.
For those that say the count must be open. How can a secret ballot be open? At some point you have NO control. You HAVE to trust someone. If you don't, go home.
Rigging elections is ancient, been done for thousands of years. Computers are just the new toy on the block.
It comes down to if the people that run the system want to game it they can. Actually it's easier to mess with paper ballots. Messing with software leaves a trail.

Re:Security by obscurity

>A system that few know is far more secure than an open one.
This is very wrong, though it is a common misconception. But, since the system in question is dealing with the fate of a country it also dangerously wrong.

The ramifications of a security leak for this software would (surprisingly) be almost nil; politics is a game played by players and if the numbers don't suit what they want then they make them up.

Almost certainly, the reason the info isn't being released is because the software was done by a private contractor on some sort of dodgy deal, and some minor head will roll when it eventually comes out.

Re:Security by obscurity

[Dr_Barnowl]

Actually it's easier to mess with paper ballots. Messing with software leaves a trail.

I) Messing with software doesn't necessarily leave a trail. For example, a system by which your votes are tallied and the results placed in a file on an SD card for collation in a central location, relying purely on security by obscurity, means that you could mess with the data file in transit and no-one would be any the wiser.

II) It's easier to mess with paper ballots, principally because comptuer systems are understood by fewer people than slips of paper. For precisely the same reason, it's much harder to audit voting systems involving computers. Widespread fraud in paper voting systems is difficult to pull off, because the manual nature requires a lot of observers, and most people can understand handling votes in a trustworthy manner. Voting systems based on computers can be manipulated by a single agent, often without a trace. And the pool of people capable of auditing them shrinks the more complex you make them - mickey-mouse ciphers included.

Paper voting spreads trust over a large number of people. Computer voting concentrates it in the hands of a very small technically adept priesthood, much easier to buy off or intimidate. I'm the first to geek out about some cool new method of using crypto, but I've come to realise that as much enthusiasm I have for the technology, I'm not really comfortable trusting the election of my government to it because it's so easy to subvert.

Re:Security by obscurity

[Trepidity]

One way of putting #2 is that it's easier to mess with paper ballots, but harder to mess with a lot of them and get away with it. If you want to change 100,000 paper votes, a lot of people are going to have to be in on it.

Re:Security by obscurity

[FatLittleMonkey]

True, but I think old Doc Barnowl actually just out a word.

II) It's easier to mess with than paper ballots,

Re:Security by obscurity

[FatLittleMonkey]

Or I just misread it. D'oh.

Re:Security by obscurity

[chromaexcursion]

Someone who has a problem with private code voted my initial post down to troll.
Interesting
What I was trying to point out is that private encryption can be much more secure than public.
obviously there needs to be oversight.
A carefully managed system with a private encryption system can be very safe, and far less costly than an open one. But it does mean you can't publish the code.
Given the recent heartbleed issue. How secure is open source?

Re:Security by obscurity

[Dr_Barnowl]

It's true that there is no difference in security between

* A closed source, perfect, crypto component
* An open source, perfect, crypto component

If it's perfectly secure, the privacy of the source code makes no technical difference.

private encryption can be much more secure than public

As above, if the security of your solution is perfect, privacy makes no difference - public can be much more secure than private.

The privacy of your solution DOES make a difference to other factors.

* Trust

People are more inclined to trust something they can inspect. If someone says "my security system is PERFECT... but you can't look at how it works", my first impluse is to think that they have something to hide. And that something could be a super cool proprietary technology, but it could just as easily be a gaping security hole a script kiddie could exploit. Given the fact that if you patent your super cool technology, the detail of it is public anyway, but I still can't steal it, the bias is that it's far more likely to be that your solution has problems, whether they be stupid mistakes, back doors for the NSA to exploit, or rude comments in the source code.

* Peer review

Good security is hard. Even if you're some kind of security savant, people think differently and someone may spot a gaping hole in your solution that you just have a blind spot to. Open, standard security technologies have multiple people poring over them looking for holes. There are people who get their kicks that way. Exposing your technology to as many of them as possible and letting them tell you what their opinion is, is the best way to evaluate your solution.

It's easy to come up with something YOU can't break. It's much harder to come up with something that no one can break. The difference between private and public is that you'll only get to find out AFTER something is depending on your solution not breaking.

Skype make a pretty big deal out of the security of their solution, but the truth is that leaked documents have made it very obvious that intelligence agencies can trivially intercept Skype communications - and we don't know whether this is because there are back doors, or because the security of the protocol is just crap, because we can't inspect the source code and there is no public documentation of the protocol. It's most likely there are back doors, because properly implemented crypto is not trivial to break. So this is a private system that many people trust, yet it's obviously not worthy of that trust.

So closed-source security solutions are not the best idea, for exactly the reason you propose that they ARE.. if you keep the source private, you keep the security holes private. It will just take longer for someone to exploit them, or it will be insiders that exploit them. If you open the source up, when holes get found... yes, some of them will be by bad actors. But some will be found by people with an interest in seeing them fixed.

Uh oh

[thieh]

Sounds like someone is already manipulating the count because they don't want you to see how it is done. Seriously, come on, you can use these in an airgapped settings (USB sticks back and forth?) so hacking should never have been an issue if your system is otherwise clean.

Take a note from encryption

If your software isn't secure when your source is open, it isn't secure when it's closed. Either it's secure or it's not, but if part of maintaining that security is keeping the source under wraps, your not thinking about security properly. You wont find encryption software claiming that by keeping it souce closed it is increasing it's resilience. If your code can't stand up to scrutiny, then you probably shouldn't be using it,

Re:Take a note from encryption

[mpe]

If your software isn't secure when your source is open, it isn't secure when it's closed. Either it's secure or it's not, but if part of maintaining that security is keeping the source under wraps, your not thinking about security properly.

There's plenty of people who don't understand this.

You wont find encryption software claiming that by keeping it souce closed it is increasing it's resilience. If your code can't stand up to scrutiny, then you probably shouldn't be using it,

Plenty of people prefectly prepared to make use of proprietary software. Even though both crypto theory and actual practice indicate this makes no sense.

Could it be Micro$oft ...

... that was the one contracted to produce the code ?

Does the thing run only on Windoze 8 ?

Re:Could it be Micro$oft ...

[ozmanjusri]

Does the thing run only on Windoze 8 ?

Window anyway.

It's a VB6 program running on a single PC, supposedly for security reasons. The system is highly manual and failure prone enough that they're probably too embarrassed to release the code.

The system was developed internally by the AEC in 2001, when an upgrade to Windows 2000 rendered an existing COBOL-based application the commission was using to tally-up union elections incompatible with its standard operating environment. It was re-written as a Microsoft Visual Basic application and runs on Microsoft SQL.

http://www.itnews.com.au/News/...
http://www.crikey.com.au/2013/...

Re:Could it be Micro$oft ...

The article is very light on detail.

However, I'd like to clarify some incorrect, or at least out-dated, points in your post.

The AEC does use software for keeping track of votes.
But it was not written in VB6. Nor was it written in 2001.

How do I know this? Simple. I was on the team that wrote it.
I was on the project in 2012/2013, though the project has existed before and after that.
The AEC does/did have some legacy COBOL systems. But this isn't one of them.

I don't want to go into detail because a) it would be inappropriate and b) I don't know enough about the agency outside of the project to represent them adequately.

The software went partially-live during the last election to show that it worked and it met all milestones. It will likely see further use and development in the future.

Re:Could it be Micro$oft ...

[MojoMagic]

The previous poster was me... For some reason it came through anonymously. Sorry about that. But, while I'm at it, I'd like to clarify that there are separate systems at play for 1) tracking votes and 2) tracking vote results. These are separate problems and you do not want the same system doing this. Why? Because there's something uncomfortable about a system that tracks who you are, where you are and how you voted. :)

Re:Could it be Micro$oft ...

[gronofer]

The previous poster was me... For some reason it came through anonymously. Sorry about that. But, while I'm at it, I'd like to clarify that there are separate systems at play for 1) tracking votes and 2) tracking vote results. These are separate problems and you do not want the same system doing this. Why? Because there's something uncomfortable about a system that tracks who you are, where you are and how you voted. :)

So why do you think they are so strongly resisting the release of the code? It sounds like having extra people examining it for errors could only be a good thing, assuming accuracy is all you care about.

Re:Could it be Micro$oft ...

[promythyus]

How would the system assign votes to identities? The ballot papers are anonymous, and Australian elections are supposed to be a secret ballot.

Re:Could it be Micro$oft ...

[MojoMagic]

First of all, I wrote the previous post at work and, in the chaos of my office I think I misread the original post.

I worked on the software that tracks when and where a person votes.
ie: You walk into a polling station, present your ID and then get given a ballot form. The system records the time, location and TYPE of vote against your ID and synchronises that to a central database in near real-time. It does NOT record WHO you voted for. I'm sorry that I gave that impression. My bad.

I am not familiar with the software used to determine the outcome of votes. But, and this is speculation on my part, I can't imagine that it would be overly complex.

I'm honestly not sure why one wouldn't want to release the code. If nothing else, it might be nice to have a 'reference implementation' for a democratic vote tallying process. I assume a reasonable reason might be that it has not been audited for public consumption. Even a simple audit requires time and money. Both of which are in short supply at the AEC.

Re:Could it be Micro$oft ...

[MojoMagic]

Indeed you are correct. See my above reply to 'gronofer'. I mis-understood the original article. I worked on a related but separate system. I apologise for misleading you, even though it was unintentional.

The details of where you voted, when you voted and the type of your vote are attached to your ID. But, WHO you actually voted for remains completely anonymous... So don't fret. :)

My system was used (among other things) to determine if/when/how a given person attempted to vote more than once. The funny thing is a significant proportion of these offenders turn out to be elderly people who simply 'forgot' that they had already voted. Seriously.

Re:Could it be Micro$oft ...

[Nethemas+the+Great]

I'd be more uncomfortable with the lack of authority chain from my vote to the vote tally. The absence of this clear chain opens the system to fraud. The electronic version of ballot stuffing.

Re:Could it be Micro$oft ...

Fucking god lol..........

Re:Could it be Micro$oft ...

[Whiteox]

I would be more interested in knowing the parameters and outcomes of the software.
Otherwise the code could be as simple as 1+n where n are all the prior votes counted.
Sounds too simple to be an issue so I assume it's got to be a lot more complex than that.
The electoral rolls are marked by hand in each polling place. Even if all sheets are scanned then checked later, it should be a no-brainer piece of code.

Re:Could it be Micro$oft ...

[david_thornley]

You know, they have a technique where I vote for making sure I don't accidentally vote twice. I sign the book when I get my ballot, and if I've already signed I know I've already voted.

Paper is wonderful for elections. It's understandable, impossible to manipulate globally, has fairly obvious security measures to try to stop local manipulation, and leaves a tangible record for audit and recount purposes. Add electronic tabulation to speed up the counting process, and what more could you want?

Re:Could it be Micro$oft ...

[Mister+Null]

First of all, I wrote the previous post at work and, in the chaos of my office I think I misread the original post.

I worked on the software that tracks when and where a person votes. ie: You walk into a polling station, present your ID and then get given a ballot form. The system records the time, location and TYPE of vote against your ID and synchronises that to a central database in near real-time. It does NOT record WHO you voted for. I'm sorry that I gave that impression. My bad.

I am not familiar with the software used to determine the outcome of votes. But, and this is speculation on my part, I can't imagine that it would be overly complex.

I'm honestly not sure why one wouldn't want to release the code. If nothing else, it might be nice to have a 'reference implementation' for a democratic vote tallying process. I assume a reasonable reason might be that it has not been audited for public consumption. Even a simple audit requires time and money. Both of which are in short supply at the AEC.

They could release pseudo code instead of machine code. That way we could be sure that the code works without having to reveal vulnerabilities to potential hackers. And if a hacker/black hat can leverage a problem found within the pseudo code then the whole thing should be rewritten.

Re:Could it be Micro$oft ...

[metrix007]

Probably missing something, but why do you need a sepereate system to track vote results> Could the system that tracks votes not just do a tally...

Of course they can't.

[edibobb]

It's in the interest of national security and the war on child pornography to keep the vote tabulation methodology secret.

Re:Of course they can't.

[DocSavage64109]

They probably match your anonymous votes up with plenty of identifying data the machines collect without your knowledge (like photos, fingerprints, dna). That's why they don't want anyone to know.

Simple fix

[Tablizer]

Then vote to have it released

Re: Simple fix

But what if he votes to have it released but the voting software is rigged to ignore such votes. Thus the software can never be discovered to be malicious. Oh dear.

Re: Simple fix

[Tablizer]

I for one welcome the rise of the Recursion Party.

Flawed vote tallying code

[penguinoid]

Apparently releasing the code could "leave the voting system open to hacking or manipulation."

Maybe they just shouldn't have used code that they know or expect to have vulnerabilities. Open it up to the public; there are plenty of people who will look at it and help fix it.

Lemme see.

Wow. Next thing is introduction of invisible ink on ballots and invisibility cloaks for people monitoring voting stations...

It's fair enough

[mtthwbrnd]

"The AEC rejected the FOI application, citing section 45 of the FOI Act, which exempts "documents that disclose trade secrets"."

You don't expect that trade secrets should be made public, do you? Look the code is not open source and is valuable intellectual property... so I hope I don't get my ass sued off for revealing it here:

int voteCount = votes.Count();

love-hate relationship

The Australian government has had a bit of a weird relationship with open source voting software. For example, the source for the eVACS voting system is available to download. It is not, however, easily buildable - they've specifically removed all config files, design specs, and instructions on how to get it into a usable state. You can look at the source to see the maths behind the scenes, but you don't get to play with a working copy.

As an aside: The man who made the FOI is a friend of a a friend, and I was only slightly surprised to see him on the front page of slashdot. It was probably bound to happen one day.

Stupid lunkheads!

"Security through Obscurity is a Fallacy"(tm). These are words my cryptography professor said on the first day of the course. He repeated it when necessary. The logic is pretty straightforward: knowing the locks on your house doesn't make it easier for a criminal to break in to your house. 10 tumblers and hardened steel deadbolts are common knowledge, and a hard lock is a hard lock (both to pick and to break). I will repeat it: "Security through Obscurity is a Fallacy"(tm). The Australians refusing to show the source are being silly.

Not surprising

Aussie here, posting anon because I work for the Gov.

Honestly there's nothing too surprising about this. Australia is very pro-proprietary it would seem in terms of software and formats. We love using Microsoft products everywhere and Linux is never seen on a desktop, and barely outside of a server room (not including phones of course - we're not too bad in Android use). For the most part, there's no real push for openness or freedom of code as there is particularly in many European countries. I wish it weren't the case and not all of us are blind slaves to this, but there's no culture of openness or any real push to improve on the openness front. The fact the AEC believes that revealing the code constitutes a security risk just goes to show how little the FOSS culture has penetrated the Government.

Incomplete quote

[viperidaenz]

Apparently releasing the code could "leave the voting system open to hacking or manipulation by the wrong people."

Corruption

[countach]

So what the AEC is saying is that the election is safeguarded by what is called "security by obscurity". Or in other words, rather than having the software open so that security researchers can point out its flaws, you leave the flaws in place and hope that nobody knows what they are.

People who rely on this method, are known in security circles as "blathering idiots", "damned fools", "corrupt officials hiding something", and various things like that.

It's the moral equivalent of giving all the paper ballots to one single pointy headed official, asking him to count them, and then believing whatever number he decides to cough up. That's what you expect in Cuba, and other dictatorships.

Re:Corruption

[DNS-and-BIND]

Cuba is freer than USA and other corporate dictatorships.

Re:Corruption

[TVmisGuided]

Given the choice between "security through obscurity" and "security through thorough code review", I'd much prefer the latter. See also: Heartbleed.

Re:Corruption

[thegarbz]

You may not understand the system properly. Everything is still hand-counted and fed into the computer. Unfortunately the preferential voting system is complicated enough that for the senate vote you actually need a computer to figure out who won. The software is not software that is open up to mass public access like for instance a voting machine. It's in house software, developed in house and used in house by the AEC.

If you can't trust a member of the AEC not to tamper with the software then you can't trust any of the remainder of the voting system. In this case security by obscurity is more akin to security but putting the software on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard'.

Security by obscurity is one part of the security chain. It shouldn't be the only part that you rely on, but claiming someone is a damned fool for hiding a piece of code that runs on a machine that no one in the public has access to anyway is a big stretch.

Corruption

[AHuxley]

From 10 Sep 2013, you really want paper ballots in the open been counted by hand with lots of staff, election observers around.
http://www.abc.net.au/news/201...
The complex Single Transferable Vote math has been used around the world for many, many years now in different forms. This rush to keep computer code is interesting.

My perennial comment on this topic

[dbc]

Whenever the topic of whether or not the source code to voting machines should be inspected, I always point here: http://gaming.nv.gov/index.asp... and ask: 1) What do you think would happen to your slot machine if you told those guys you weren't going to show them your source code? and 2) Why not let these guys look at the voting machines, too. Seems like a transferable skill.

open to hacking or manipulation

[khchung]

releasing the code could "leave the voting system open to hacking or manipulation."

In other words, any current or previous programmer in the development team could manipulate the vote results if one wanted to.

Any reasonable man would conclude that should be enough reason to stop using it.

Totally Secure Voting Machine(s)

Each Polling booth should have 2 machines.

At machine 1 you enter your vote (using whatever user interface that is appropriate) electronically.
This machines prints out a piece of paper that confirms your vote visibly for you.

You then insert this vote in to machine 2 which echoes your vote on the screen and tallies the vote independently of the first machine.

If you do not submit your paper vote within 20 seconds an audible warning is sounded "you have not voted correctly" blah blah

Each machine type must be supplied from a different supplier/manufacturer to specification.

You actually 3 independent ways (machine 1, machine 2, Paper ) of counting the votes for which there should be no reason for them not to all match

They're not voting machines, knuckledick.

Australian elections are still paper ballots.
This is just a paper counter.

Refused... Are you kidding me ?

[einar.petersen]

Security by obscurity - just one more way to hide what you are doing... Truth be told, how can the citizenry accept a committee refusing senate ordes and FOIA requests ? Is it not time to stand up and demand fully transparent government, is it not time perhaps to put an end to more than 4 years in office. Is it not time to implement perhaps something like a meritocratic process for the elected to ensure our western governments are not run by nincompoops only looking out for themselves and in politics for the sake of power and money, why on earth would you want to keep secret how elections are being held. It is only by open scrutiny and failsafe mechanisms one can ensure free and open elections. Do we not send observers out in the world to ensure we see free open elections taking place, do we not criticize when we do not see such open and free elections. What is the difference between looking at abstract code and a human being looking at how counting is being done manually.... zero !!! In fact having humans peruse the code is comparable to having observers observe an election to make sure the code performs the task properly. Just like our government seem to like to spy on their people, following their every sms, their every phone conversation, their every email, their every opinion, perhaps it is time for the people to "spy" on their government by having responsible politicians put into effect completely open voting systems and laws opening up every aspect of government and demand complete insight into the electoral process going on inside the voting machines. One could perhaps even consider a lottery where people are selected for for civil service for a period of some years and placed in a non refusable position at some time in your life, age naturally with a guarantee of ability to continue in jobs etc. after ended service. This way you will eliminate the"livelihood politicians" i.e. those who have chosen politics as their livelihood, some even jumping perhaps from party to party, from "belief to belief" according to public opinion just to be able to cling on to a well paid seat in parliament or elsewhere in the system. The same should be done for the civil servants so as to ensure we not in reality are governed by a group of civil servants while the elected perform democratic theater thinking they are in control. The task of any politicians and the political system as a whole should be to ensure that the citizens are free to live their lives as unrestricted as possible, to create a society that allows the individual as much freedom as possible to live life in a way of that individuals choosing. To create the framework where within jobs can be created by the productive citizens of a country. The western democracies need a complete reboot so that the slide towards secret corporate run governments can be averted. We need to free government from undue influence from all power structures other that the citizens themselves. This refusal is a prime example why it is time to wake up and take action before it is to late !!!

Jews... as usual...

Gee... do you think our unelected JEWISH 'masters' could possibly have anything to do with this?

http://balder.org/judea/Hate-Speech-Laws-Immigration-Jewish-Influence-Britain.php

http://balder.org/judea/Hate-Speech-Laws-Immigration-Jewish-Influence-USA.php

http://balder.org/judea/Hate-Speech-Laws-Immigration-Jewish-Influence-Canada.php

http://balder.org/judea/Hate-Speech-Laws-Immigration-Jewish-Influence-France.php

http://balder.org/judea/Hate-Speech-Laws-Immigration-Jewish-Influence-Ireland.php

Why are Jews allowed to torture baby boys? How are they allowed to get away with the sick crime of 'circumcision' (or 'male genital mutilation', as some of us prefer to call it)?

I'm thinking...

Apparently releasing the code could "leave the voting system open to hacking or manipulation.

Or shows the possible backdoors already in the code to the public?

Possible creator of the softwere

You could talk to Dr Clive BOUGHTON http://people.cecs.anu.edu.au/user/3758, I think he was involved in creating this software.

They can only be sure

They can only be sure that it will leave the system open to this, if that is what they use the system for themselves. I'd say that's a confession that any judge should honor.

Lets not get uppity here Americans....

[Kaitiff]

We have it no better here. 60 minutes did an expose` showing how with just a little bit of physical access to a voting machine (which majority party representatives have since they are 'responsible for checking the machines before elections) you can make any result you want come out of our electronic voting machines regardless of what the input was in the voting booth. There have only been 2 times in recorded history that the actual outcomes in a voting district severely varied from the actual results once tallied.. once in Florida... and once in Ohio.. swing states that got baby Bush elected on each of his terms of office. In both cases requests were made for the paper records to review the results and in both cases the requests were denied. The things that make you go HMMM....

Umm...

There is a key piece of information which might not be immediately obvious to non-Australians and that is that our voting system is wholly paper-based, other than the one step where they enter the Senate votes into this computer software to run the count for them. Since they manually tabulate and publish the raw vote counts beforehand (technically above-the-line votes but below-the-line votes are rare and almost never change the outcome), it is possible for others to verify the official count. In fact, the ABC usually predicts the results accurately well before this software is run.

All of which makes the AEC's claim that publishing the source code might allow someone to manipulate the system extremely odd. The only interaction anyone not working for the AEC has with this software is writing on the ballot paper with a pencil. I noted that the FOI request explicitly did not ask for any of the code behind the scanning of the ballots, so even the possibility of somehow confusing the reader with carefully crafted ballot markings is not a risk. I can't speculate as to what their real reason is but this official reason makes no sense at all.

You miss the point

You miss the point; obscurity is a useful tool, not the only one. If we were using only obscurity, you're be absolutely right. However, it's (hopefully) not. However, there are most certainly vulnerabilities (All software has vulnerabilities) and exposing the source code increases the tools that a malicious hacker has for attacking the system.

*sigh*

if you can't release your source code due to it exposing vulnerabilities or methods of manipulation, you need to re-write your code.

Only I can hack the vote says the government.

[tollrunner]

If the source code cannot be revealed to keep it safe from vote hacking keeping it secret limits the vote hackers to the government.

transparency is the security mechanism

[bugi]

That only applies when transparency is not a competing security mechanism.

In this case, transparency protects from institutional and insider attacks on the system of self-governance. Obscurity simply protects the mechanism from observation. One must ask which is more important.

Voting machine study ..

[lippydude]

Executive Summary

"There is insufficient evidence available to allow independent observers to state reliably whether the results declared in the May 2008 elections for the Mayor of London and the London Assembly are an accurate representation of voters’ intentions. Given these findings, the Open Rights Group (ORG) remains opposed to the introduction of e-counting in the United Kingdom, unless adopting ORG’s recommendations for increasing the transparency around e-counting can be proved cost effective."

LIES!!

[sethradio]

Releasing the source code for software does not make it vulnerable to hackers. If that was the case, nobody would use GnuPG.

Software in Australia ...

[wolja]

I'm surprised there is any software to release given the mainly manual nature of our voting system. I'd be more concerned that the transposition from Paper ballots to Paper Tallies to a Computer might be inaccurate. More likely than the software organising the results would be flawed in my opinion.