The back-end was stress tested and various penetration, information security and privacy assessments undertaken. There was a refreshing transparency to the whole process and the successful online survey saved taxpayers well more than $100 million.
Collecting information, surveying opinion and engaging citizens are core functions of a citizen-centric modern government. This is what makes the inability to transform the pencil and paper voting system into a repeatable electronic system very frustrating.
Tight time constraints
Electoral commissioners are fond of observing that elections are the largest and most complex logistical operations that a country undertakes in peacetime, typically engaging the entire adult population in a prescribed process implemented under tight time constraints.
And they are expensive too. The coming federal election will cost taxpayers about $430 million to administer – including the supply of 4 million pencils – and the NSW state elections cost $100 million-plus a pop. The same process is repeated every three to four years across the eight federal jurisdictions and hundreds of local council ballots.
For nearly a decade, the NSW Electoral Commission (NSWEC) had been a pioneer in the English-speaking world, offering online voting for disabled, elderly and remote electors using Spanish software developed for elections for Swiss cantons.
The iVote software had attracted the attention of security analysts who had led a campaign to have it ditched, claiming there was a “trap door” that could allow votes to be manipulated. The NSWEC admitted the code defect, but said the local implementation had physically isolated the issue, meaning it could not be used by cyber attackers.
It was not the first time defects had been found in the whole iVote system and Electoral Commissioner John Schmidt had made no secret of the urgent need for $22 million of funding to bring the Commission’s systems, including iVote, into cyber compliance. At parliamentary hearings, Schmidt had described his efforts to get funding as “Kafkaesque” and a “circle of hell”.
System capacity issue
In the end, it was not a security bug, but rather a system capacity issue that brought down…