November 14, 2019
Report exposes flaw in iVote system used in New South Wales election
Flaws in the iVote internet and telephone voting system used in the 2019 New South Wales election could have made it vulnerable to undetectable voter fraud, a new report has revealed.
The report by Melbourne School of Engineering Vanessa Teague has shown how the iVote system suffers from an error in its verification process that could allow the verification of votes to be "tricked," meaning some valid votes could be converted into invalid ones, and not counted.
In earlier work with colleagues Sarah Jamie Lewis and Professor Olivier Pereira, Associate Professor Teague showed that an error in the SwissPost-Scytl internet voting system allowed hackers to fake a proof of proper vote decryption.
At the time, the New South Wales Electoral Commission, whose iVote system is supplied by the same provider, issued a press release stating it was confident the issues affecting the Swiss Post system were not relevant to the iVote system.
Associate Professor Teague said her report showed that assessment was incorrect.
"iVote's decryption and verification processes are slightly different from those of the Swiss Post system, but the same attack can still be performed after a slight modification," Associate Professor Teague said.
"This would allow a corrupted iVote process to produce a 'proof' that it had dealt with votes correctly, while actually changing valid votes into invalid ones that would not be counted."
Associate Professor Teague said the problem could easily be corrected by adopting the same software patch applied to the Swiss Post system but noted there are potentially numerous other opportunities for undetectable fraud in the iVote system.
This finding underscores the importance of making source code widely available for full public scrutiny before, rather than after an election.
"Although finding out now is better than never finding out at all, it would have been much better for the integrity of the New South Wales election if these issues had been identified and corrected before the system was entrusted with more than 200,000 votes," Associate Professor Teague said.
"If the source code and documentation had been made openly available for analysis before the election, as the Swiss Post system was, these errors might have been accurately understood and mitigated in time.
"As it stands, iVote is not a verifiable election system and does not provide meaningful evidence that its output accurately represents the will of voters."