Calls for NSW gov to abandon iVote system

The NSW Greens are calling for the state government to replace its iVote online voting system following a series of historical flaws and technical glitches during council elections last year.

The recommendation is contained in the political party's submission [pdf] to an inquiry into the adequacy of funding for the NSW Electoral Commission ahead of the 2023 state general election.

The inquiry began just days after the electoral commissioner John Schmidt expressed his frustration over a series of failed cyber security funding bids, describing the process as a “circle of hell”.

In its submission, the NSW Greens said iVote’s failure during council elections in December 2021 was of “significant concern”, with the integrity of the system also still an open “question”.

“The committee has long experience with the flaws in the iVote system,” the submission to the inquiry said.

“The failure of the registration and voting functions on election day in the recent council elections adds to the list of issues associated with iVote.”

The technical glitch – which was caused by unprecedented demand – prevented users from voting, throwing the results of at least three ballots in the state into doubt.

The election results of Singleton, Kempsey and the City of Shellharbour are now the subject of a Supreme Court case after a post-incident review showed the ballots were “materially impacted”.

Last week, the court heard that the results should be declared void because iVote had a “defect or irregularity”.

NSWEC has shelved iVote until “extensive reconfiguration” can occur, with the system not used in recent local government by-elections, much to the dismay of organisations like Vision Australia.

In addition to the recent technical issues, the Greens pointed to work by Australian National University associate professor Vanessa Teague, who has identified security flaws in the system over many years.

Past issues with the Scytl-made software include a critical defect – first discovered in the Swiss government’s online voting system – that could have allowed vote manipulation to take place.

The Greens said that the past flaws meant any “assurance that votes stored in the iVote system have not been interfered with is inadequate”.

“Given the proprietary nature of the iVote software and the contractual terms between the overseas-based developer and the NSWEC, it seems unlikely this assurance can be given,” it said.

In a separate submission [pdf], Teague argued that the only way to avoid a repeat of the recent council elections is to ditch iVote and “spend the money on trustworthy electoral processes instead”.

“If you give the NSWEC and the iVote vendor more money, iVote will almost certainly fail again anyway,” she said.

“The failure may or may not be as obvious as the recent local government election failure.

“The way to stop iVote’s problems from undermining the integrity of the state election... is to stop using iVote."

The Greens have recommended the government “urgently commence a properly funded process to develop an open source capacity for technology-assisted voting in conjunction with leading researchers”.

“It is clear that it is a significant project to develop a replacement for iVote which is able to be more readily and regularly audited, and which provides better tools to voters and election auditors to assess the risk of interference," they wrote.

“It will require significant investment, but the costs are likely able to be shared with other Australian and international jurisdictions.”

The Greens said funding for the NSWEC is a more general concern, as highlighted by the electoral commissioner's comments last year.

It has called for the government to establish an independent process to guarantee funding, allowing the commission to “maintain best practice electoral systems”.

“The implications of these comments are clear. The NSWEC believes that significant additional funding is required to address ongoing problems with aging computer systems,” the submission states.

“It is hard to imagine that the commission is confident that these systems are likely to offer some reasonable assurance that the 2023 state general election could be conducted without incident.

“Besides the obvious performance concerns, it is also reasonable to assume that aging systems are less robust against malicious actors, whether local or foreign.

“Compounding those concerns is the limited time available before the election period to install and, especially, test any updated system hardware and software.”

Even the migration to cloud-based voting platforms brings additional integrity risks, “particularly if a foreign-owned platform is selected”, the Greens added.