12 July 2016
by Yolanda Redrup

Cyber sector adamant e-voting is too complex

12 July 2016
by Brendan O'Reilly

NSW's illl-considered ban on greyhound racing: the thin end of the wedge

The cyber security sector is adamant that developing an e-voting system would be too complex

Australians remember the response of former Labor Agriculture Minister, Joe Ludwig, who (in reaction to allegations of cruelty overseas) hastily shut down our northern cattle export industry, costing the industry hundreds of millions of dollars. NSW Premier Mike Baird is engaging in the same knee-jerk reaction by shutting-down greyhound racing in NSW, and the effects will also be costly.

Both actions were initially driven by exposés made by the Four Corners ABC programme in collusion with animal rights lobbyists. In both cases the TV presentation (funded by our taxes) was more interested in sensationalism than in balance, and, by focussing on a minority of rogue operators, condemned a whole industry.

The debate has erupted in response to the recent election saga, where it has taken the Australian Electoral Commission more than a week to finish counting the votes. Prime Minister Malcolm Turnbull and Opposition leader Bill Shorten joined the debate on Sunday, both mentioning the need to find an e-voting solution in their victory and concession speeches, respectively.

Senior security analyst at cyber security firm Checkpoint, Raymond Schippers, told The Australian Financial Review it would be too difficult to adequately secure an e-voting system.

"The amount of attacks over the internet is insane. In an instant someone could compromise 10,000 computers. And without the voter ever knowing, someone could change their vote and no one would ever be able to confirm it was changed," he said.

"The system now is imperfect, there's no independent verification in place that could confirm each vote. But the possibility of infecting thousands of computers or having incorrect information is very real and a huge risk."

Messy problem
While Australia does not have e-voting, New South Wales and Victoria have electronic methods for disabled and remote voters.

But in March last year the New South Wales Electoral Commission's iVote platform for these voters was tested by cyber security experts and found to be lacking.

Researchers from the University of Melbourne and the University of Michigan uncovered the flaw which allowed hackers to intercept an electronic vote and modify them. To prove this, the researchers infiltrated the iVote tutorial, which taught voters how to use the system, and replaced voter intentions with a ballot that voted for Ned Kelly.

IBRS cyber security adviser James Turner said e-voting was a "messy problem", which he was not confident the government was equipped to solve.

"I love the idea of Australia being able to export some intellectual property in this space ... but we have to create a model that we have a high degree of assurance will work. Anyone can create a system they don't know how to break," he said.

"And we don't have a great track record of delivering IT infrastructure at a national level ... Look at the NBN ... I'm not confident we have the maturity as an industry to pull this off."

In the election, minor party Flux was formed around the need for electronic voting to enrich democracy, and centred on using the blockchain-based voting platform a start-up by the same name had created.

"Blockchain acts as a perfect trust mechanism and I'd argue it's the only way to have a secure online voting system," co-founder of Flux (the start-up), Max Kaye, said.

"The main requirement here is a secure platform, that means desktop computers are right out and websites are pretty much right out. The vectors of attack are so much greater from those platforms, but smartphones have whitelisted software installed and are much more difficult to hack."

But Mr Kaye agreed that it was virtually impossible to secure a user completely from malicious attacks over the internet.

Flux's technology is attached to the bitcoin blockchain, where small amounts of data embedded on that vast, secure network link to larger data files off the blockchain. Using smartphones as the voting booths, users enter their votes, which are bundled into a encrypted number or 'hashes'. That number can only be generated when all the authentic votes are linked together. Flux then embeds the hash to the bitcoin via an inbuilt "comments" capability and sends a minute transaction to itself.

Mr Turner said that e-voting was worth exploring if the government had the "explicit intention of creating intellectual property that Australians can sell to the rest of the world".

"If we're aiming at being an early adopter of e-voting, then I want to know who did the backroom deal because we know that if this is a heady rush to showcase our ability to get something done, global companies will make a lot of money out of our willing naivety," he said.

The managing director of digital agency The Gruden Group's government practice, Andrew Vidler, backed Mr Turner's view that the development of an online voting system would be complex and costly, but said if the government supports "electronic voting" rather than "online voting", that would be sensible.

Physical verification
"The step-change involved in replacing the existing approach, where we solely use paper ballots, and instead use electronic voting – with hard-copy ballots created as a physical verification measure – would mean that situations like the current one, where nine days after the poll the Australian Electoral Commission are still counting, could become a distant memory," he said.

"This is quite readily achieved – and aligns nicely with the narrative that the government has been pushing around adoption of technology to improve."

In 2005 Estonia became the first country to hold legally binding general elections via e-voting. The percentage of the Estonian population voting electronically rose to 30.5 per cent in the 2015 election, but the concept is yet to be adopted in other nations.

The chief executive of listed digital identification and verification company TikForce, Kevin Baum, believes Australia already has the technological skills to develop an efficient and secure online voting system and said he would like the government to support Australian entrepreneurs in building an e-voting platform.

"I would also like to see something along the lines of a hackathon-focused event around addressing some of the issues and concerns and benefits that could be derived from e-voting," he said.

Read more: http://www.afr.com/technology/cyber-sector-adamant-evoting-is-too-complex-20160711-gq36zi#ixzz4E6gSs9oq Follow us: @FinancialReview on Twitter | financialreview on Facebook