Tampering with ACT overseas e-voting system did not need key, researcher finds

Image: Getty Images

The overseas e-voting system used in the Australia Capital Territory contained various flaws as recent as last year, according to an Australian National University (ANU) cryptographer.

The ANU cryptographer, Thomas Haines, found several key components within the e-voting system could be compromised when performing a review of the system, which he said opened up the potential for single points of failure for both privacy and integrity.

“Avoiding a single point of failure is a very desirable property for an e-voting system — some might say a necessary one — but the current system falls short of achieving this on a few points,” Haines said.

“The code and documents were to varying degrees rough, out-of-date, and redacted which made assessing the system hard.”

Among the flaws uncovered was that the e-voting system’s desktop application did not check the consistency of the vote storage component’s output with other components.

Alarmingly, the Australian Electoral Commission (AEC) thought this was not an issue due to the votes made through the desk application being encrypted and the encryption key being publicly unavailable.

Haines explained, however, that if an individual controlled the system’s vote storage component, they did not need to have

Read More: https://www.zdnet.com/article/tampering-with-act-overseas-e-voting-system-did-not-need-key-researcher-finds/#ftag=RSSbaffb68