Three NSW council elections have been voided due to problems with the state’s digital voting system, which will be scrapped indefinitely following the major technology glitch.
NSW’s iVote system crashed during the local council elections late last year, with an unknown number of people locked out and unable to vote.
The New South Wales Electoral Commission (NSWEC) applied to the Supreme Court for the results in three councils – Kempsey, Singleton and Shellharbour Ward A – to be scrapped due to this issue, and a judge agreed to void the votes on Thursday.
Voters in these councils will now head back to the polls, but the iVote system will not be in use this time around.
The decision came just a day after the NSWEC announced that the current version of iVote, which has been in use since 2011, would be “phased out” and an updated option won’t be available for the NSW state election next year.
The “short runway for configuration and testing” of the new iVote system before the state election means it will not be ready in time, the NSWEC said.
But the Commission denied that iVote is being scrapped due to the security fears voiced by a number of researchers.
“The decision not to use iVote at the state general election in 2023 has not been driven by any concerns about cybersecurity matters in previous elections,” the NSWEC said in a statement.
The NSWEC last year asked the state government for $22 million to fix “urgent” cybersecurity risks, but this was not provided.
“Lack of adequate investment in the cybersecurity of NSW electoral systems and personnel over time has meant that the commission does not comply, and cannot comply in the immediate future, with the NSW public sector’s mandatory cybersecurity policies,” the Commission told the government.
“Although the overall risk of cyber breaches to commission systems are considered to be lower for a local government election, because the national security implications of such elections are also lower, the scale of these elections and planned introduction of iVote means the threat level remains significant.”
The NSWEC has also recommended a targeted review before internet voting is used again at a future election.
“The review would consider the framework that governs internet voting, in consultation with the NSW government, to confirm it remains appropriate for the environment in which it operates and to identify any opportunities for improvement,” it said.
The NSWEC earlier this year said that iVote would not be used for the state by-elections, and that it would need “extensive reconfiguration and testing” before it could be used again.
The NSW government last year said that digital voting would be “easy” to do.
“I would have thought that in a country that is besotted with the Everest and the Melbourne Cup – where you can literally go up, place a bet and within microseconds of the horse passing that line, you get the score – we could have something similar for an election, rather than waiting weeks and weeks and weeks sometimes to get the decision,” NSW Customer Service Minister Victor Dominello said last year.
Cryptography expert Dr Vanessa Teague, who released a report earlier this year offering an alternative analysis of how iVote’s issues may have impacted the local elections, said the problems should be a “wake up call” and the entire system should be scrapped.
Dr Teague and fellow researcher Dr Andrew Conway found that at least a quarter of the 122 local council elections last year were questionable due to the iVote glitch that prevented a number of people from placing a vote.
This puts the “foundations of democracy at risk”, the researchers said.
“The decision to retain the apparent outcome in all but six contests depends very strongly on their assumptions that the iVotes are accurate, and that the votes they are missing are the same as the votes they already have,” they said.
“If those assumptions are not accepted, there is a possibility that many of the announced election outcomes do not accurately represent the choice of the people.”
Do you know more? Contact James Riley via Email.
Perhaps there is actually the same error rate or risks in the plethora of betting apps. Ultimately who knows or actually cares about betting losses. In the case of the betting apps the loss is not to the party with the golden rule (ie the one that has the gold). In this case of elections results the loss is the public loss of face to the party writing the golden rules (ie the govt of the day) hence the mild interest in the matter.
I for certain that would not be interested in installing any of the betting apps to decide my election results but there are a % of our population who would.
Why isn’t there a requirement for voting systems like iVote to be evaluated under ASD’s Australian Information Security Evaluation Program (AISEP)? Only by expert evaluation can there be any assurance that these programmes actually work correctly & are not vulnerable to malicious interference.