Some Victorians may get the chance to vote over the internet next year as the state electoral commission trials a new system it hopes will replace paper polling.
If changes to the Electoral Act are passed, the new system could be trialled in by-elections due to be held in 2013, before being made available to 10,000 eligible voters identified as remote or disadvantaged during wider station elections in 2014.
It was expected online voting would provide an alternative to current paper systems for remote, overseas and postal voters which are deemed more at risk than those cast at the polling station, as they are handled by people outside the electoral commission.
The system --- and indeed all voting platforms -- was not imprevious to hacking. Rather, it was designed to meet or improve on the current level of risk experienced by remote and disadvantaged voters.
Victorian Electoral Commission (VEC) electronic voting manager, Craig Burton, said the system was designed to return an accuracy rating of 99.35 per cent or higher chance of detecting any fraudulent, missing or damaged votes.
By comparison, he estimated online banking would have an accuracy of no more than 95 per cent.
However, internet banking was markedly different to online voting as financial transactions could be validated and possibly contested after the fact, whereas votes could no longer be accessed by the voter once cast.
The live run next year will test the security integrity and functionality of the system.
“It isn't designed for people to vote on their iPhones while they're shopping,” Burton said.
Unlike other voting platforms, the VEC system was designed so attempts to compromise it would be most likely detected, Burton said.
“It won't prevent hacking, but it is very unlikely that you could affect the infrastructure without being picked up because the verification system is independent of the software and hardware. It is also an incredible disincentive for fraud because attackers can’t obscure what they have done," he said.
Online voting systems must find a sweet spot in security which would balance an acceptable level of risk with usuability. Burton noted that it was not ideal to continually lump on security because it would remove such a system from the core competency of election commissions.
Protocols for the internet voting system were under academic analysis, which once complete, would need to be localised to suit the VEC's technology and vote-counting processes.
The completed system will use the Helios and Prêt à Voter protocols developed by Ben Adida of The Mozilla Foundation and Peter Ryan of Luxembourg University, respectively.
“If you are stuck at home and you are ill and can't travel, or require someone to fill out the vote for you because you are blind, then we argue that some of your voting rights are diminished," Burton told attendees at SC's Security on the Move event in Melbourne last week.
Burton said internet voters would be able to verify their candidate preferences by using a tracking number that, together with the entire encrypted vote, would be posted to a public web bulletin board.
To increase its own expertise around security, the VEC had also explored bringing in non-partisan third parties - “essentially IT and election geeks” - to observe the election and help verify the integrity of the e-voting system, Burton said.
Allowing observers in was “a hard sell” for Burton because it clashed with conventional notions of IT security and secrecy. He said opening the system up to scrutiny would increase its security.
It would require legislative changes to allow independent election observers to be brought in, a request the electoral commission was hopeful would pass.
The electoral commission had gleaned lessons learnt from voting deployments in the 2006 and 2010 Victorian state elections
The online system is being developed in parallel with an electronic voting system that would have the capacity to serve up to 250 polling stations and cater for up to a million voters.
Those voters will use a tablet application, currently in prototype form, which would publish encrypted votes to the bulletin board and contain an audio system catering to blind voters.
On arrival a a polling place, voters would receive a printed receipt, one half of which contains a Quick Response (QR) code that would reveal a voters' candidate order to the voting machine. This would ensure the vote is correctly processed.
The voting sheet front page
A second encrypted QR code on the preferences half of the receipt was used by VEC to process and count the actual vote after close of polls.
The receipt was then torn in half and the information containing candidate names destroyed. The remaining half would be scanned and signed by the VEC, then published to the web bulletin board. The voter could retain this half.
Voters would be encouraged to check their receipts on the web bulletin board and perform any of three other verification tests on the end-to-end process.
The other half of the voters' receipt contain empty boxes which are used to print the voter’s preferences. An encrypted QR ensures the vote is correctly processed by comparing the preferences with the random candidate order.
Once voting has completed, the receipt half was then torn in half and the information containing candidate names destroyed. The remaining half would be scanned and signed by the VEC, then published to the web bulletin board.
Voters would be encouraged to have the encrypted QR code decrypted at the polling station in order to ascertain the accuracy of the unused receipt form. Once a form was decrypted, it was rendered invalid and the voter must recast the vote.
Burton said if one per cent of 100,000 voters decrypted the QR code, it would provide the VEC with a 99.35 per cent chance of detecting fraud to the same level as the paper ballot process.
He said 70 per cent of voters in a public Internet election in Norway had checked their votes in this manner.
Burton said the Holy Grail for verifiable election protocol research, for Burton, is recoverable election – an election design where modified, lost or damaged votes were restored by the verification system.