CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

NSW Electoral Commission downplays iVote flaw

The CTO of the NSW Electoral Commission says a 'vulnerability' on its iVote site has been resolved, though it questions the motives of the academics who reported the issue.

iVote allows Australians with disabilities and those living remotely to cast their vote online. Screenshot by Claire Reilly/CNET

The NSW Electoral Commission has responded to reports of a flaw in its iVote online voting portal, saying that although the risk of its website being compromised was low, it has taken action to fix the flaw.

The Commission has also raised questions about the authors of the findings, noting that the two academics behind the research are also board members for a group that lobbies against online and electronic voting in the United States.

According to the Chief Information Officer and Director of IT for the NSW Electoral Commission, Ian Brightwell, the flaw discovered in the iVote system required three or four preconditions in order to be exploited. While Brightwell said a hack was "unlikely," he said the Commission moved swiftly to respond to the problem.

"The paper does not provide any evidence of an actual breach of the iVote production system," the Commission said in a statement. "While the likelihood of such a risk occurring is considered low, the NSWEC has decided to remove the monitoring tool from iVote and effectively remove the identified risk."

Brightwell also commented that while the security experts that discovered the vulnerability were noted in their fields, both were on the board of advisors for US lobby group Verified Voting.

"We recognise their academic standing... but they are, in this situation, anti-internet voting," he said.

According to its website, Verified Voting is a non-partisan organisation that, among other things, lobbies governments with a view to "eliminating or greatly reducing the use of systems that cannot be audited nor secured, especially internet voting." In 2013, the group lobbied the President's Commission on Election Administration in the United States [PDF] to "prohibit return of voted ballots over the Internet...[and] protect military and overseas voters by ensuring that marked ballots are not cast online."

The iVote system was brought in for the 2011 state election, and registrations have already doubled the figure reached for that election. Almost 134,000 voters have registered to date for this election alone with more than 105,000 votes cast (compared to 51,000 in 2011).

Despite news of the vulnerability breaking yesterday, Brightwell said iVote saw the most registrations in a single day, with over 18,000 votes cast, more than any other day on record.