Slashdot Mirror

← Back to Stories (view on slashdot.org)

Australian Electoral Commission Refuses To Release Vote Counting Source Code

Posted by Soulskill on from the you-can-trust-us dept.

angry tapir writes: The Australian Electoral Commission has been fighting a freedom of information request to reveal the source code of the software it uses to calculate votes in elections for Australia's upper house of parliament. Not only has the AEC refused an FOI request (PDF) for the source code, but it has also refused an order from the Senate directing that the source code be produced. Apparently releasing the code could "leave the voting system open to hacking or manipulation."

19 of 112 comments (clear)

  1. Security by Anonymous Coward · · Score: 5, Funny

    ... through obscurity. What could possibly go wrong?

    1. Re:Security by Anubis+IV · · Score: 3, Insightful

      It's not just a matter of what could go wrong. It's a matter of what has already gone wrong. They've traded the possibility that a vulnerability will be used to compromise the system for the certainty that the system will be compromised from the get-go. The whole point of securing a system such as this one is to ensure the credibility of the results, but security (regardless of the variety) can't add credibility to something that never had it to begin with.

  2. Hmmm, by Lost+Penguin · · Score: 4, Insightful

    Apparently releasing the code could "leave the voting system open to hacking or manipulation."

    Makes me wonder who has access now and does not want competition?

    --
    I am the unwilling control for my Origin.
    1. Re:Hmmm, by Anonymous Coward · · Score: 5, Insightful

      that is a myth, obscurity is a valid security mechanism, it just should not be the only one. good security uses all means available to delay, ward off or prevent security breaches.

    2. Re:Hmmm, by TWX · · Score: 4, Insightful

      But for security through obscurity to work, the level of obscurity required is generally high, bordering on outright-secret, or the payoff needs to be so scant that there's no reason to bother in the first place.

      Security through obscurity might work for something like a power plant control system because we don't know the architecture of the hardware that it runs on, the operating system or if there is a third-party OS, the language it's written in, or even its name, and given the importance of the application it probably wouldn't be permanently Internet-connected, and if it needs to send out notifications it might communicate through a unidirectional RS232 link or something along those lines, or through a transmit-only fiber link (so that there's not even receive hardware on the platform). Certainly there would be some people that really want to break in, but it's exceedingly unlikely that they'll ever be in a position to do so.

      Security through obscurity can also work when the system is not terribly important. I don't doubt that the Energy Management System controllers that interface the HVAC systems in commercial office buildings to the computer networks are garbage as far as their code is concerned, but there's not much someone can do with those in most cases. So even if there's ability, there's no real payoff, and the systems are so incredibly simple and underpowered that they'd make for poor intermediaries in a greater attack even.

      By contrast, voting equipment is usually distributed widely and is not particularly heavily guarded, and as it needs to be inexpensive to produce in mass quantities it's often commodity hardware, off-the-shelf parts if you will, and there have been documented cases of electronic voting hardware have exposed and functional USB ports. As vote tallies are imortant it's not inconceivable that someone could borrow or steal a voting machine to figure out how it works and to find some way to mass-tamper with them, like distributing USB fobs to their fellows to use on them to load a package. In these cases, obscurity simply doesn't work because the system can't remain obscure.

      --
      Do not look into laser with remaining eye.
    3. Re:Hmmm, by Wootery · · Score: 4, Funny

      Wait a minute. You're saying pre-SP Windows XP isn't secure enough to be trusted as the basis for a country's democracy?

      Now I've heard everything.

  3. of-course by roman_mir · · Score: 5, Insightful

    it's not those who cast the votes, it's those who tally them up that count.

    --
    You can't handle the truth.
    1. Re:of-course by Anonymous Coward · · Score: 3, Funny

      In other words, it's those who count that count.

  4. This is complete crap!!! by sd4f · · Score: 5, Informative

    It's software to tally it up. There's always a paper backup. As an Australian, this worries me.

    While our senate voting system is a little odd, adding up the votes isn't simple and can't be done on election night, so it's no surprise to see software being used to calculate it, but with that said, all it has to do is do a number of rounds as candidates reach their quota, and when no one has a quota in that it eliminates the last candidate and moves the preferences accordingly. Our last election, there was even an instance of ~2000 ballot papers going missing, and then supposedly resurfacing much later. The High Court decided on another election for the state involved, which in my opinion is the only fair outcome possible.

    If they're worried about hacking it, it's a complete farce; there's no reason why the computer doing the sums even has to be connected to the internet, seeing as I think all the ballots are counted by people (they're farcically large ballots often described as table cloths), they just plod in a few numbers as the data comes in. Someone must be worried that competent, impartial people will have a look and find something which has been giving out porky pies.

    1. Re:This is complete crap!!! by sd4f · · Score: 4, Insightful

      Should have finished reading the article, this bit at the end is probably the truth;

      "In addition, I am advised that the AEC classifies the relevant software as commercial-in-confidence as it also underpins the industrial and fee-for-service election counting systems,"

      What's probably happening is that some "IT" company whose only client is the government/AEC probably makes a fairly decent earn out of licensing out the software and supporting it during elections. There's a fair bit of corruption like this in Australia, and I am starting to think that someones taxpayer subsidised livelihood is at stake here. Reality is this should always have been open source software and probably available on the AEC website for anyone to download and try out with the full set of figures that are counted.

    2. Re:This is complete crap!!! by Mjec · · Score: 4, Interesting

      What's probably happening is that some "IT" company whose only client is the government/AEC probably makes a fairly decent earn out of licensing out the software and supporting it during elections.

      We know actually that the software is developed in-house. The AEC does earn some money from licensing the software to other electoral commissions and from using it in union ballots etc.

      However, I argue [pdf] that the code used for counting the Senate could be released, because no other election operates that way. What's more I don't think the AEC's competitive edge in the world of elections comes from their great software.

      --
      "But everyone should know everything." -markab
  5. Nothing to see here, move along. by GrpA · · Score: 4, Funny

    This is ridiculous. The Australian government has already sent the software to Russia for peer review, and they determined that it worked perfectly during the Crimean referendum.

    I see no reason why the code should be further made public.It could only lead to compromise.

    GrpA

    --
    Enjoy science fiction? "Turing Evolved" - AI, Mecha, Androids and rail-gun battles. What more could you want?
  6. Take a note from encryption by Anonymous Coward · · Score: 3, Insightful

    If your software isn't secure when your source is open, it isn't secure when it's closed. Either it's secure or it's not, but if part of maintaining that security is keeping the source under wraps, your not thinking about security properly. You wont find encryption software claiming that by keeping it souce closed it is increasing it's resilience. If your code can't stand up to scrutiny, then you probably shouldn't be using it,

  7. Flawed vote tallying code by penguinoid · · Score: 4, Insightful

    Apparently releasing the code could "leave the voting system open to hacking or manipulation."

    Maybe they just shouldn't have used code that they know or expect to have vulnerabilities. Open it up to the public; there are plenty of people who will look at it and help fix it.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  8. Re:Could it be Micro$oft ... by ozmanjusri · · Score: 5, Informative

    Does the thing run only on Windoze 8 ?

    Window anyway.

    It's a VB6 program running on a single PC, supposedly for security reasons. The system is highly manual and failure prone enough that they're probably too embarrassed to release the code.

    The system was developed internally by the AEC in 2001, when an upgrade to Windows 2000 rendered an existing COBOL-based application the commission was using to tally-up union elections incompatible with its standard operating environment. It was re-written as a Microsoft Visual Basic application and runs on Microsoft SQL.

    http://www.itnews.com.au/News/...
    http://www.crikey.com.au/2013/...

    --
    "I've got more toys than Teruhisa Kitahara."
  9. Corruption by countach · · Score: 4, Insightful

    So what the AEC is saying is that the election is safeguarded by what is called "security by obscurity". Or in other words, rather than having the software open so that security researchers can point out its flaws, you leave the flaws in place and hope that nobody knows what they are.

    People who rely on this method, are known in security circles as "blathering idiots", "damned fools", "corrupt officials hiding something", and various things like that.

    It's the moral equivalent of giving all the paper ballots to one single pointy headed official, asking him to count them, and then believing whatever number he decides to cough up. That's what you expect in Cuba, and other dictatorships.

  10. Re:Could it be Micro$oft ... by Anonymous Coward · · Score: 5, Informative

    The article is very light on detail.

    However, I'd like to clarify some incorrect, or at least out-dated, points in your post.

    The AEC does use software for keeping track of votes.
    But it was not written in VB6. Nor was it written in 2001.

    How do I know this? Simple. I was on the team that wrote it.
    I was on the project in 2012/2013, though the project has existed before and after that.
    The AEC does/did have some legacy COBOL systems. But this isn't one of them.

    I don't want to go into detail because a) it would be inappropriate and b) I don't know enough about the agency outside of the project to represent them adequately.

    The software went partially-live during the last election to show that it worked and it met all milestones. It will likely see further use and development in the future.

  11. Re:Security by obscurity by Dr_Barnowl · · Score: 3, Interesting

    Actually it's easier to mess with paper ballots. Messing with software leaves a trail.

    I) Messing with software doesn't necessarily leave a trail. For example, a system by which your votes are tallied and the results placed in a file on an SD card for collation in a central location, relying purely on security by obscurity, means that you could mess with the data file in transit and no-one would be any the wiser.

    II) It's easier to mess with paper ballots, principally because comptuer systems are understood by fewer people than slips of paper. For precisely the same reason, it's much harder to audit voting systems involving computers. Widespread fraud in paper voting systems is difficult to pull off, because the manual nature requires a lot of observers, and most people can understand handling votes in a trustworthy manner. Voting systems based on computers can be manipulated by a single agent, often without a trace. And the pool of people capable of auditing them shrinks the more complex you make them - mickey-mouse ciphers included.

    Paper voting spreads trust over a large number of people. Computer voting concentrates it in the hands of a very small technically adept priesthood, much easier to buy off or intimidate. I'm the first to geek out about some cool new method of using crypto, but I've come to realise that as much enthusiasm I have for the technology, I'm not really comfortable trusting the election of my government to it because it's so easy to subvert.

  12. Re:Could it be Micro$oft ... by MojoMagic · · Score: 3, Informative

    Indeed you are correct. See my above reply to 'gronofer'. I mis-understood the original article. I worked on a related but separate system. I apologise for misleading you, even though it was unintentional.

    The details of where you voted, when you voted and the type of your vote are attached to your ID. But, WHO you actually voted for remains completely anonymous... So don't fret. :)

    My system was used (among other things) to determine if/when/how a given person attempted to vote more than once. The funny thing is a significant proportion of these offenders turn out to be elderly people who simply 'forgot' that they had already voted. Seriously.