Last month, the New South Wales Electoral Commission’s ongoing battle to defend the integrity of its online voting system took chief information officer Ian Brightwell all the way to Switzerland — the famous bastion of modern direct democracy.
After requests from commissioner Colin Barry were knocked back by two other academic conferences, Brightwell finally got his chance to explain the NSW experience of implementing iVote in direct response to a pair of crusading academics who have doggedly attacked the online voting platform both in Australia and abroad. The organisers of the VoteID 2015 conference, held last month in Bern, Switzerland, deemed the claims and counter-claims interesting enough to design a special session around them.
By now, most people who’ve heard about online voting in NSW would have also heard the persistent warnings of Vanessa Teague, a research fellow at the University of Melbourne, and J. Alex Halderman, an associate professor of computer science and engineering from the University of Michigan.
Teague and Halderman have long argued the online voting platform is untrustworthy and were able to demonstrate a third-party vulnerability in the run-up to the state election in March. They have used this as an example of why online voting cannot be trusted in a string of published articles and presentations at overseas academic conferences since.
A recent conference in Canberra also heard Brightwell and information security expert Clinton Firth from CSC Cybersecurity Australia New Zealand explain why, despite the dire warnings, they are still confident of iVote’s integrity. Firth and other information security experts the commission consulted over the incident agreed the risks were overstated by Teague and Halderman.
Brightwell told The Mandarin his presentation in Bern went very well, and said his risk-based arguments as to why the iVote system could be used into the future were well received. He said the NSWEC, as an international leader in online voting, is keen to rebut the arguments of people they consider to be “anti-internet voting activists” so as to counter their influence on the public and political decision-makers.
Compulsory voting makes changes to the way people cast their ballots less politicised in Australia than in the United States. There, online voting technology would make it easier for people to vote without having to take time off work and travel to a polling place on election day — always a Tuesday — so its use is likely to significantly alter election results by increasing turnout among some demographics more than others.
Based on statistics about voter turnout among various demographics in the US, one can draw one’s own conclusions as to which party or parties stand to gain and which stand to lose from online voting. In Australia, it is people with disabilities, absentee voters and the like who stand to gain.
A long, detailed response to the claims made by Teague and Halderman on the NSWEC website states:
“The Commission has always been aware and has accepted that internet web browsers are vulnerable to attack. The Commission has never claimed that the operation of the iVote system was completely risk free and has deployed an advanced multi-layer security detection framework to ensure election integrity. This includes:
Get the Juice - the Mandarin's free daily newsletter delivered to your inbox.You’ll also receive special offers from our partners. You can opt-out at any time.
- Verification service allowing voters to verify their vote was captured by iVote as cast.
- Audit process to ensure that all votes captured are decrypted correctly and match the votes held in the separately managed verification system.
- Verification that the results, for a given candidate, taken through the iVote method align proportionally with results for votes cast through other paper based voting channels.
- Continual monitoring during the election for anomalous network and server activity.
- Testing and hardening of computers used by the system prior to commencing voting.
- Post-election audit of logs.
“The Commission is of the view that a large scale attack would be difficult to execute during the system’s 12 days of operation, and would be detected through one of the security layers outlined above.”
A curious saga
The commission does not dispute the validity of the technical claims the pair have made, but does believe they have overstated the risks. It also takes issue with the way they have chosen to communicate those concerns in Australia:
“On Friday, 20th of March 2015 Drs Teague and Halderman sent a report marked “Confidential report: Please do not distribute” to media outlets and CERT Australia. They did not provide the report to the NSW Electoral Commission.”
CERT Australia was an odd choice. As a federal agency it’s not closely related to the NSWEC and besides, it’s mostly focused on cyber security threats to businesses, not government agencies. Teague had emailed Brightwell before this point, and he wonders why he wasn’t among the first people she contacted. The commission received the report via Defence at about 3.40pm that day, but says that if it wasn’t for an informal arrangement with the Australian Signals Directorate established prior to the election, it may have had to wait till Monday.
The commissioner believes the academics knew about the security flaw at 8am on March 16, shortly after voting began, and that not telling his staff was irresponsible. Halderman admitted at the conference in Switzerland that he was aware of it before March 18, two days before reporting it. The professor apparently defended his actions at VoteID 2015 on the basis he wasn’t legally obliged to give the information to the commission straight away, and wanted more time to prepare a media-friendly way to present it publicly first.
Barry and Brightwell believe his and Teague’s aims were to disrupt the election and damage public confidence in iVote, by making their claims dramatically and publicly, while absentee voters and people with disabilities were still using it. The NSWEC statement, complete with footnotes, argues it was a hatchet job from the start:
“The report and subsequent media presentations by Drs Teague and Halderman appeared to be designed to cause a significant reduction in the public’s confidence in the iVote system, rather than providing a realistic or a quantitative view of the risk of a large scale attack being successfully executed against the iVote system.
“In addition to preparing the report and proof of concept system, Drs Teague and Halderman published a blog, which showed the proof of concept system with a screen which was a facsimile of the iVote system but with an added ‘Ned Kelly’ icon on the display. Whenever a vote was cast in their proof of concept system the icon would appear suggesting to the voter that their vote had been stolen. This system appeared to be developed to provide a dramatic backdrop to their media presentations.
“The ABC TV 7pm news on Saturday, 21st of March chose to use this system in their report, giving a false impression of the [actual] iVote system’s operation to the public during the period when iVote was still taking votes for the State Election.”
Links to activist organisation
Adding to their belief is the fact that Teague and Halderman are both on the advisory board of the Verified Voting Foundation, a non-profit group from the United States that opposes online voting. The commission’s unusually forthright statement devotes over 500 words to casting doubt on the organisation’s intentions and asserts:
“The conduct of Drs Teague and Halderman with respect to the 2015 NSW State election and, in particular, their disclosure conduct is consistent with past practices of US based anti-internet voting activists.”
The commission maintains it takes the the security of iVote very seriously and says it would welcome genuine advice on improving it. It “acknowledges Drs Halderman and Teague’s technical skills in the area of internet security” but says they also regularly make pronouncements beyond their expertise:
“In particular they recommended in “The Conversation” that electors “stick with an old-fashioned paper ballot”. The Commission is not aware of any research done by Drs Halderman and Teague which assesses the comparative risks of internet voting against paper voting for NSW elections. We therefore believe this statement is more likely a strongly held personal view rather than a product of peer reviewed and evidence based research, either conducted by them or other reputable researchers.”
Pulling no punches, the commission says Halderman is “well known for his dramatization of security issues principally for the purpose of discrediting electronic voting systems and in particular internet voting systems” with the following example from last year:
“Dr Halderman led a team of foreign activists to Estonia in 2014. Estonia was one of the first countries to use internet voting, this expedition’s objective appeared to be focused on disrupting the Estonian election, rather than assisting the Estonian authorities. As in NSW, the Estonian National Electoral Committee was not fully advised of a report related to their system until after Dr Halderman and his team had held a press conference, two days prior to the election’s start of online voting.”
The Electronic Frontier Foundation — which is also represented on the Verified Voting Foundation advisory board — and its Australian analogue, Electronic Frontiers Australia, have both taken Teague and Halderman’s side and effectively accused the NSWEC of shooting the messenger.
The Mandarin understands the commission raised a complaint about alleged academic misconduct on the part of Vanessa Teague with the University of Melbourne, which launched an internal review process. The university rejected in strong terms she had contravened research standards, and stood by the original research and the approach to publicising it.
Brightwell says the commission was “surprised” by the finding and is now considering whether to appeal to the Australian Research Integrity Committee.
Update: After this article was published, the university published a rejoinder to the NSWEC. This article has been amended to include the link.