The Iowa caucus app failure offers plenty of lessons for Australian governments — federal, state and local — involved in digital transformations. We take a dive into the three most pressing issues governments looking to digitise currently face.
The Iowa caucus gives Australia an excellent case study in how governments — or political parties, as the case may be — can do literally everything wrong as part of a digital transformation, and be saved, if barely, by an independent failsafe.
At least that’s the view of Vanessa Teague, Chair of the Cybersecurity and Democracy Network at the University of Melbourne, who, as the official results continue to drop in for the US Democrats’ first primary, emphasises that governments will always need a backup way of knowing how people really voted.
Premium unlocked. But not for long
Secure a year’s access for $̶4̶4̶0̶ $220.
Offer ends 08/12/2020.
“Although the app itself seems to have been pretty disastrous, the overall result was salvageable because the original tallies from each voting centre were public,” Teague says, referring to the primary’s physical, weirdly PE-class style of voting. “If they’d been cast on the unreliable app without an independent record, the overall result wouldn’t have been recoverable.”
And while Australians enjoy something akin to that firewall with the Australian Electoral Commission and our relatively incorruptible system of “pencils”, the caucus failure is a cautionary warning, not a chance to gloat, for governments increasingly looking to digital transformations.
In fact, Iowa offers plenty of other lessons for Australian governments — federal, state and local — involved in digital transformations, and, according to Teague, the three most pressing issues governments looking to digitise now face: incompetence, secrecy, and outsourcing.
More stress testing, more firewalls, more quality assurance
Before you really get started, the first lesson from Iowa is to always, always stress test your shiny new app — basically, make sure it works under realistic conditions, not just for the 12 people employed by some startup.
While the Democrats have been quick to point the finger at “coding issues” — and by all reports the app itself was both underbaked and untested — it’s incumbent on the body purchasing an app to not just make sure that it works, but works at the volume of people it’s designed for.
Basically, make sure it can handle the expected number of users at the expected time of use, and don’t skimp on the time or resources required to safeguard against all errors and attacks — g’day 2016 Australian census, which, Risky Business alleged at the time, saw IBM and the ABS decline DDoS prevention services from their NextGen Networks.
While there’s no evidence of hacking or digital attacks at Iowa, cyber security researchers at Electionland say the caucus app “was so insecure that vote totals, passwords and other sensitive information could have been intercepted or even changed”.
I cannot possibly stress enough how this is the reaction you get from literally everyone who writes code for a living. Use computers to speed up unofficial counts. Make sure there's a human-verifiable paper trail. https://t.co/kwpX0LvJ6K
— dave bonner (@rascalking) February 4, 2020
But in a way, Iowa put Australia to shame with that physical firewall: NSW has offered direct online and telephone voting for years, despite the fact that, as Teague found in a University of Melbourne report last year, flaws in the 2019 iVote system could have made it vulnerable to undetectable voter fraud.
Her report showed that, despite assurance from NSW’s Electoral Commission, an error in the verification process of the SwissPost-Scytl internet voting system could be replicated in sister-platform iVote and allow hackers to “trick” the system into invalidating legitimate votes. Now, Teague says NSW seems to want to continue with e-voting “despite evidence that the results can be easily manipulated, particularly by insiders.”
Don’t keep it secret, keep it safe
As The Intercept rather excellently explains, the Democrats only compounded the app problems by hiding the details of how their computer system works, a system that, while misunderstood as “security through obscurity”, actually does nothing to foster security while simultaneously making it harder for voters to have confidence in the system.
For Teague, the mistaken perception that keeping details of mistakes secret ensures security “unfortunately suits commercial providers at the expense of Australian cybersecurity.”
“A better approach would be much more like ANU’s excellent and detailed report on the intrusion they experienced,” she says, referencing their late 2018 data breach. “When people understand what’s happened and how to deal with it, they can learn from the experience and share their insights with others.”
And despite our vaunted “pencil” system of voting, even federal elections have accountability gaps. Especially, according to Teague, at the Senate count, where votes are digitised using closed-source software supplied by foreign tech companies.
“There’s very little visibility for Australians about exactly how the system works, including even basic data such as what the random error rate is in tests,” she says. “Although we could always go back to the paper records to verify the accuracy of the count, in practice we don’t.”
“It is prohibitively difficult for observers to check that the process is getting the right numbers.”
Outsource at your own risk
Now, there’s plenty of conspiracy theories going around about who the Democrats outsourced the Iowa caucus app to — specifically, a far too on-the nose link between “Shadow Inc” (yes, really) and Democrat establishment figures like Hillary Clinton and current candidate Pete Buttigieg — but the general lessons apply to any third party companies, evil liberal cabal or none.
For Teague, the two elements to consider are incompetence and, possibly more crucial, the “divergence in incentives between a commercial provider motivated by profit and a public authority accountable to the people.”“governments are just as susceptible as anyone else to digital snake oil”
In the words of another digital transformation specialist — speaking frankly and anonymously — governments are just as susceptible as anyone else to “digital snake oil”, but held back further by underesourcing, consistent hollowing out experience, and valuing the appearance of efficiency over service delivery.
They say we can see this in some of the federal government’s more dangerous dalliances with efficiency driven-digital transformations and third parties — specifically Robodebt and the cashless welfare card — where there was no apparent consideration for, respectively, the emotional pain of receiving a debt you may not owe, or the practical challenges of paying for second-hand clothes with an Indue card.
Additionally, NSW’s experience with iVote demonstrates how — even with benign digital transformation efforts meant to assist users — departments and agencies looking to ensure high quality digital systems can be kneecapped by their own lack of institutional knowledge.
Basically, if you don’t have the knowledge to build an app yourself, and have to say, outsource it, who the hell are you to dispute the company’s assurance that it works?
“Rather than setting high standards and insisting that contractors stick to them, we see the expertise itself outsourced,” Teague says. “So often the standards are effectively set by vendors rather than by the appropriate authority.”
Will Australia listen?
The question now becomes whether Australia to heed these lessons, and either handle transformations with appropriate safeguards or, to quote the other digital transformation specialist, understand the difference between what can and should be digitised.
Of specific concern from Teague are all security-critical transformations, including “digital ID, voting and vote counting, and the sharing of sensitive data such as medical data.”
“The problem is that when there’s a serious security or privacy failure it might not become evident for a long time.”
There is apparently a small amount of progress, with Teague citing iVote system’s source code opening up under a “much less restrictive NDA”. However, even here, she calls for a more frank discussion of past failures that could only help inform people in the public and private sectors.
For example, she argues Australians don’t really know what happened in last year’s hack of the federal parliament — which, just yesterday, Christopher Pyne was slammed by Parliament for suggesting was worse than what we have been told — “or the My Health Record digital signature problem, and the Department of Health still denies that patients were identifiable in the 10% sample of Medicare and PBS data they released in 2016.”
“If there was more publicly available honest information about these issues, there’d be more hope of learning how to defend ourselves,” she says.
Tech analyst Justin Warren — who straight up calls e-voting a terrible idea, with the minor exception of careful, accessibility-focused systems — is much more blunt about Australia’s capacity to embed the lessons of past failures, either technical or moral.
He argues that the dogged, ongoing pursuit for Robodebts — which, as we saw yesterday, were considered unlawful long before the federal government was forced to admit — shows us everything we need to know about Centrelink, while the “ABS has pretty much ignored the criticisms from  and seems determined to do whatever they want with our data without asking.”
Elsewhere, Warren says, current proposals “to bypass all existing privacy legislation in the name of ‘data sharing’ are scary, particularly when you combine them with things like metadata retention and The Capability facial recognition surveillance, and that’s without factoring in partnerships between corporations and government.”
Finally, Teague hits out at one fairly egregious clause in a bill currently before Victorian Parliament, the Local Government Bill 2019, which would allow the local government minister to declare any form of voting they wish for council elections.
“So we could soon see e-voting in Victoria with no legislated security or privacy requirements whatsoever,” she says. “I think it’s overwhelmingly unlikely to defend against manipulation any better than iVote.”
Whether Victoria will heed Teague’s final call for consideration to all government’s eyeing digital transformations — “A commitment to openness and the engagement of people with a genuine understanding of the technical details” — remains to be seen.
Subscribe today and save $220 on an annual subscription
Because we are reader funded, we’d love you to join Mandarin Premium. Without your support, we simply can’t do what we do. And we’re looking forward to doing a whole lot more in 2021.
If you subscribe now, you can save 50% ($220) on an annual subscription*. Just enter promo code PREMIUM50 when you subscribe.
*Offer ends 08/12/2020.