Australian Electoral Commission Refuses To Release Vote Counting Source Code

angry tapir writes: The Australian Electoral Commission has been fighting a freedom of information request to reveal the source code of the software it uses to calculate votes in elections for Australia's upper house of parliament. Not only has the AEC refused an FOI request (PDF) for the source code, but it has also refused an order from the Senate directing that the source code be produced. Apparently releasing the code could "leave the voting system open to hacking or manipulation."

Security

... through obscurity. What could possibly go wrong?

Hmmm,

[Lost+Penguin]

Apparently releasing the code could "leave the voting system open to hacking or manipulation."

Makes me wonder who has access now and does not want competition?

Re:Hmmm,

that is a myth, obscurity is a valid security mechanism, it just should not be the only one. good security uses all means available to delay, ward off or prevent security breaches.

Re:Hmmm,

[TWX]

But for security through obscurity to work, the level of obscurity required is generally high, bordering on outright-secret, or the payoff needs to be so scant that there's no reason to bother in the first place.

Security through obscurity might work for something like a power plant control system because we don't know the architecture of the hardware that it runs on, the operating system or if there is a third-party OS, the language it's written in, or even its name, and given the importance of the application it probably wouldn't be permanently Internet-connected, and if it needs to send out notifications it might communicate through a unidirectional RS232 link or something along those lines, or through a transmit-only fiber link (so that there's not even receive hardware on the platform). Certainly there would be some people that really want to break in, but it's exceedingly unlikely that they'll ever be in a position to do so.

Security through obscurity can also work when the system is not terribly important. I don't doubt that the Energy Management System controllers that interface the HVAC systems in commercial office buildings to the computer networks are garbage as far as their code is concerned, but there's not much someone can do with those in most cases. So even if there's ability, there's no real payoff, and the systems are so incredibly simple and underpowered that they'd make for poor intermediaries in a greater attack even.

By contrast, voting equipment is usually distributed widely and is not particularly heavily guarded, and as it needs to be inexpensive to produce in mass quantities it's often commodity hardware, off-the-shelf parts if you will, and there have been documented cases of electronic voting hardware have exposed and functional USB ports. As vote tallies are imortant it's not inconceivable that someone could borrow or steal a voting machine to figure out how it works and to find some way to mass-tamper with them, like distributing USB fobs to their fellows to use on them to load a package. In these cases, obscurity simply doesn't work because the system can't remain obscure.

Re:Hmmm,

[Wootery]

Wait a minute. You're saying pre-SP Windows XP isn't secure enough to be trusted as the basis for a country's democracy?

Now I've heard everything.

of-course

[roman_mir]

it's not those who cast the votes, it's those who tally them up that count.

This is complete crap!!!

[sd4f]

It's software to tally it up. There's always a paper backup. As an Australian, this worries me.

While our senate voting system is a little odd, adding up the votes isn't simple and can't be done on election night, so it's no surprise to see software being used to calculate it, but with that said, all it has to do is do a number of rounds as candidates reach their quota, and when no one has a quota in that it eliminates the last candidate and moves the preferences accordingly. Our last election, there was even an instance of ~2000 ballot papers going missing, and then supposedly resurfacing much later. The High Court decided on another election for the state involved, which in my opinion is the only fair outcome possible.

If they're worried about hacking it, it's a complete farce; there's no reason why the computer doing the sums even has to be connected to the internet, seeing as I think all the ballots are counted by people (they're farcically large ballots often described as table cloths), they just plod in a few numbers as the data comes in. Someone must be worried that competent, impartial people will have a look and find something which has been giving out porky pies.

Re:This is complete crap!!!

[sd4f]

Should have finished reading the article, this bit at the end is probably the truth;

"In addition, I am advised that the AEC classifies the relevant software as commercial-in-confidence as it also underpins the industrial and fee-for-service election counting systems,"

What's probably happening is that some "IT" company whose only client is the government/AEC probably makes a fairly decent earn out of licensing out the software and supporting it during elections. There's a fair bit of corruption like this in Australia, and I am starting to think that someones taxpayer subsidised livelihood is at stake here. Reality is this should always have been open source software and probably available on the AEC website for anyone to download and try out with the full set of figures that are counted.

Re:This is complete crap!!!

[Mjec]

What's probably happening is that some "IT" company whose only client is the government/AEC probably makes a fairly decent earn out of licensing out the software and supporting it during elections.

We know actually that the software is developed in-house. The AEC does earn some money from licensing the software to other electoral commissions and from using it in union ballots etc.

However, I argue [pdf] that the code used for counting the Senate could be released, because no other election operates that way. What's more I don't think the AEC's competitive edge in the world of elections comes from their great software.

Nothing to see here, move along.

[GrpA]

This is ridiculous. The Australian government has already sent the software to Russia for peer review, and they determined that it worked perfectly during the Crimean referendum.

I see no reason why the code should be further made public.It could only lead to compromise.

GrpA

Flawed vote tallying code

[penguinoid]

Apparently releasing the code could "leave the voting system open to hacking or manipulation."

Maybe they just shouldn't have used code that they know or expect to have vulnerabilities. Open it up to the public; there are plenty of people who will look at it and help fix it.

Re:Could it be Micro$oft ...

[ozmanjusri]

Does the thing run only on Windoze 8 ?

Window anyway.

It's a VB6 program running on a single PC, supposedly for security reasons. The system is highly manual and failure prone enough that they're probably too embarrassed to release the code.

The system was developed internally by the AEC in 2001, when an upgrade to Windows 2000 rendered an existing COBOL-based application the commission was using to tally-up union elections incompatible with its standard operating environment. It was re-written as a Microsoft Visual Basic application and runs on Microsoft SQL.

http://www.itnews.com.au/News/...
http://www.crikey.com.au/2013/...

Corruption

[countach]

So what the AEC is saying is that the election is safeguarded by what is called "security by obscurity". Or in other words, rather than having the software open so that security researchers can point out its flaws, you leave the flaws in place and hope that nobody knows what they are.

People who rely on this method, are known in security circles as "blathering idiots", "damned fools", "corrupt officials hiding something", and various things like that.

It's the moral equivalent of giving all the paper ballots to one single pointy headed official, asking him to count them, and then believing whatever number he decides to cough up. That's what you expect in Cuba, and other dictatorships.

Re:Could it be Micro$oft ...

The article is very light on detail.

However, I'd like to clarify some incorrect, or at least out-dated, points in your post.

The AEC does use software for keeping track of votes.
But it was not written in VB6. Nor was it written in 2001.

How do I know this? Simple. I was on the team that wrote it.
I was on the project in 2012/2013, though the project has existed before and after that.
The AEC does/did have some legacy COBOL systems. But this isn't one of them.

I don't want to go into detail because a) it would be inappropriate and b) I don't know enough about the agency outside of the project to represent them adequately.

The software went partially-live during the last election to show that it worked and it met all milestones. It will likely see further use and development in the future.