The NSW government has accepted a parliamentary inquiry’s recommendation to publicly release the source code underpinning its iVote system at least six month prior to the next election and limit any non-disclosure agreements.
But it has rejected a more radical proposal that would see the development process behind the e-voting software subject to “independent oversight by a panel of technology experts” with the power to recommend against the system’s use.
The upper house’s joint committee on electoral matter last year recommended [pdf] making iVote’s source code available to "interest members of the public" six months prior to elections and limiting non-disclosure agreements after concerns were raised.
It said that public release of the source code was “an important ejectment to ensure effective scrutiny of the system” that would “give more opportunity for errors to be detected and addressed prior to voters going to the polls”.
During the inquiry, the committee heard that the source code for the 2019 state election had not been released prior to the election unless a five-year non-disclosure agreement was signed.
When the source code was finally made publically available four months after the election, the non-disclosure agreement was reduced to 45 days, though as this was retrospective it could only be used to address flaws after polling day.
The committee said that while non-disclosure agreements may be necessary to protect systems, they should be “limited to what is necessary for security reasons” and have a much shorter timeframe.
In its response to the report [pdf], released on Wednesday, the government agreed with the recommendation and said that it was also supported by the NSW Electoral Commission (NSWEC), though did not indicate how the non-disclosure agreement would be altered.
“NSWEC proposes to continue making the source code available by updating the source code repository with new updates as they are introduced to the production environment after testing,” it added.
The government also agreed in principle that the “verification of iVote votes… should, if possible, be carried out by a company other than the company with whole iVoters cast their vote” to improve transparency.
But it rejected that the iVote development process should be subject to “independent oversight by a panel of technology experts” with the power to “power to publically recommend against [its] use” on security and reliability grounds.
It said that an independent audit of IT used in technology assisted was already required and that having an independent panel would “undermine the independence of the Electoral Commissioner and potentially threaten public trust in the integrity of the NSW electoral system”.
“These oversight functions in relation to technology assisted voting are appropriate as the NSW Electoral Commissioner is independent from the government”, the government response said, adding that he was required to “exercise his functions in a manner that is not unfairly biased”.
“Accordingly, the government will not implement this measure but will work closely with the NSWEC to consider the adequacy of existing oversight mechanisms in the Electoral Act 2017 and whether additional mechanisms should be established.”
Australian cryptographer Vanessa Teague, who raised concerns with the NSWEC’s source code review process, described the changes as “the minimum possible face-saving rearrangement of deckchairs, none of which will stop it sinking”.
“The requirement to ‘limit any associated non-disclosure agreement to that necessary for security reasons’ is vague and does not mandate honest disclosure to the public in the event that serious problems are found,” she told iTnews.
She said that “unless [the government] was planning to repeal the criminal offence for sharing the source code, this is, again, about the most minimal positive change that a democracy could expect”.
Under the Electoral Act, any person found to have disclosed source code relating to technology assisted voting without the NSWEC’s authorisation faces a $22,000 fine or two years imprisonment, or both.
“Sooner or later a NSW election is going to be close enough for iVote’s security problems and complete lack of meaningful verifiability to matter in court. None of these slight improvements will make a significant difference to its trustworthiness,” Teague added.