On the steps of the New South Wales parliament with @VTeagueAus and Rajeev Gore after testifying to the Standing Committee on Electoral Matters about online voting in the 2019 #NSW state elections. Thanks to the MPs for their excellent questions. Here are a few points... 
Point #1: One of the honourable members asked about the nature of proof. Can you really ever know, for example, the moon landings happened? The good need is we don’t need to go so deep down the rabbit hole.
In deciding to move toward online election we’re not interested in an ideal standard of perfection. interested in proof RELATIVE to the hand counted paper ballot system you were using before.
But with the crypto vulnerabilities @VTeagueAus et al. found in the SwissPost system (to which the iVote system is related) we really saw something new in the world: the ability to announce a fake result and issue a valid-looking proof of the contrary.
Point #2: Like the 2018 Ontario Municipal election, the 2019 NSW election experienced website slowdowns that prevented people from voting. You need to draw a big red circle around this one because no one seems to know WHY it happened.
It was similar in Ontario: the vendor acknowledged the problem was caused by an unauthorized bandwidth restriction but wouldn’t tell us which cities were affected or why the restriction happened.
We need to know what happened so we can learn from it. And we need to learn from it because some election officials actually believed something like this wouldn’t happen and had no backup plan for when the lights went out.
Point #3: NSW and indeed any election jurisdiction using online voting had benefitted in untold ways from independent public scrutiny and would be well advised to encourage it, for example like the Swiss do.
Restrictive tendencies of vendors and governments lead to bad outcomes. As @VTeagueAus pointed out in her submission, critical issues were found in the last three iVote deployments only during the election period.
Electoral commissions need time to let the truth and the facts of the case come out. Remember, Scytl actually issued a press release dismissing the SwissPost vulns as “misunderstandings.”
This kind of hostile interplay between vendors and researchers is common and it’s a problem. Just last week Voatz dismissed the MIT researchers findings as “flawed” and made “in bad faith” to the degree it “negated any degree of credibility.”
Point #4: One of the causes of the tension is applying commercial-grade software and business practices to building critical systems.
Did you know private election equipment vendors often don’t want you to know the identities of the people who own (and therefore control) their company? They actually consider this information “proprietary” and a “trade secret” from which they derive “actual value.”
This kind of secrecy is wildly inappropriate in the context of a democratic election. We have laws for this in campaign finance, but not for the agents counting and declaring the totals? Lord, lead us not into temptation.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
