1/7: @NSWElectoralCom statement on today's Internet voting meltdown.

It says disenfranchised voters won't be fined, but doesn't say whether the election results are expected to stand.

More than 650,000 votes were received, which may be a world record. Image
2/7: Apologises to voters not able to vote as a result of the outage; no apology to candidates who may or may not have failed to get elected as a consequence of their supporters being excluded.
3/7: It's unclear how many people were excluded from voting - when we know how many paper ballots were received we'll be able to make an estimate, assuming (without much evidence) that the 650k came from eligible NSW electors.
4/7: It's also not clear how many tried to verify, or how many verifications succeeded. In 2015, we know that more than 10% of verification attempts failed to retrieve any vote. These will be important questions.
5/7: NSW local govt election details vary, but many use STV to allow a few thousand electors to choose a council of several people. Margins can be very small.
6/7: And of course the really important point is: where is the evidence of eligible voter intent in any of those 650,000 votes, when we know the system that received them had serious IT problems? We may simply not have enough information to determine who deserved to be elected.
7/7: Every serious investigation of iVote found serious problems:
- 2015 arxiv.org/abs/1504.05646
- 2017 arxiv.org/abs/1708.00991
- 2019 dial.uclouvain.be/pr/boreal/obje…
including the one commissioned by NSWEC this year:
What happened today should surprise nobody.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Vanessa Teague

Vanessa Teague Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @VTeagueAus

5 Oct
1/11: If you haven't read the (Aus) Critical Infrastructure Bill because (like me) you foolishly assumed it was about protecting critical infrastructure, now is ... probably too late.
So here's a short summary of the "protections" you can't refuse #Auspol
2/11: Everyone agrees that the threat of cyberattack is serious, the results could be devastating, and Australia is woefully unprepared.

The question is whether forced "assistance" from @ASDGovAu and Home Affairs will make us more or less safe & secure.
3/11: Critical infrastructure isn't just dams and power plants - it will also include financial systems, health providers, and "data processing" (i.e. almost anything). It's clearly important to protect them; less clear that forced "protection" from ASD is the right way to do so.
Read 11 tweets
22 Jun
1/4: When I installed the service Vic app on June 4 (when it became compulsory) the splash screen told me "Your personal details always stay on your phone," which is not true: your check-in details are uploaded to a central database immediately when you check in. #Vicpol @OVIC_AU
2/4: Now (surprise, surprise!) we're debating further access to that database, which never had to be built in the first place. Aotearoa/NZ and the UK have 'automated diary'-style apps in which your check-in data does stay on your phone, with notification to the affected person.
3/4: I even wrote up an idea for the best of both worlds, in which local personal data storage could be combined with automatic notification to govt if you'd visited an exposure site. github.com/AusOpenTech/Au…
Read 4 tweets
24 Nov 20
1/5: Remember how @ElectionsACT didn't need to make their source code openly available for public scrutiny because it was going through an "audit and certification process"?

They published the votes on Friday and it is immediately evident that the counting code has bugs.
2/5: Andrew Conway implemented the count & found notable discrepancies with the official tallies - more than 20 votes in some cases. Our report is at github.com/SiliconEconome…

None of these bugs change the winners. They could have, but this year - by sheer good luck - they didn't.
3/5: You can check Andrew's code for yourself, of course:

PRs welcome.
Read 5 tweets
8 May 20
1/11: A comparison on the state of CovidApp transparency in Aus, the UK and Singapore.

Singapore released app and server code weeks ago.

Aus & the UK released app code, and no server code, within the last 24 hours.

#CovidSafeApp @chrisculnane @rgmerk @noneuclideangrl @1Br0wn
2/11: Singapore & the UK have released whitepapers explaining their crypto and assumptions. The UK's is by @NCSC's Ian Levy: ncsc.gov.uk/files/NHS-app-…
In both cases, there are some things I disagree with, but I respect the authors for putting the details out for review.
3/11: Singapore rotates encrypted IDs every 15 mins.
Aus #CovidsafeApp rotates them every 2 hours.
The UK's app keeps the same one all day. The explanation is that this can helpfully nudge people about how much close contact they've had.
Read 11 tweets
28 Apr 20
1/11: Why there are there two almost-opposite technical threads here, one saying "#covidsafeapp gathers so much LESS data than anything else on your phone," and another saying "this app gathers info that no other app on your phone collects"? The answer is that they're both true.
2/11: It's true that #covidsafepp doesn't do any of the usual nasties, e.g. GPS tracking or microphone surveillance. However, it builds an infrastructure for gathering a completely new kind of mass data: fine-grained detail about who was how close to whom, when.
3/11: Just as #covid19 is a new virus that will probably be with us forever, physical proximity data is a new form of data gathering whose implications will be lasting, and which we are only beginning to understand.
Read 11 tweets
17 Apr 20
1/7: Hang on a minute, I have misunderstood something important. In my blog post I wrote of Tracetogether "Whenever you're within Bluetooth range of a person, you send them your ID, encrypted with the public key of the Singaporean authorities."
Is that what everyone else thought?
2/7: But their whitepaper actually says: "TempIDs are cryp-tographically generated by the backend service."
Those encrypted IDs you send out all the time are AES encryptions, generated for you by a central server, using a key you don't know.
3/7: The public-key-based system I thought they were using is described as an alternative that isn't implemented because of its computational burden. They add that this allows health authority monitoring by "logging the issuance of daily batches of TempIDs." Daily is a key word.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!