Articles about voting issues in Australia, New Zealand and other nations in Oceania.

Australia: ‘Rigged’: Trump talks November delay, Republicans reject idea | Matthew Knott/Sydney Morning Herald

Leading Republican politicians have forcefully rejected US President Donald Trump’s suggestion that the November 3 election may need to be delayed because of concerns about mail-in voting, insisting the election must go ahead as planned. Trump tweeted on Thursday morning, US time: “With Universal Mail-In Voting (not Absentee Voting, which is good), 2020 will be the most INACCURATE & FRAUDULENT Election in history. It will be a great embarrassment to the USA. Delay the Election until people can properly, securely and safely vote???” Later, speaking at the White House, Trump said he believed the election would be be “fraudulent”, “fixed” and “rigged”. “I don’t want to have to wait for three months and then find out the ballots are all missing and the election doesn’t mean anything,” he said. “That is what is going to happen.” Presidential election dates are enshrined in federal law and would require an act of Congress to change – an impossible prospect given Democrats control the House of Representatives. The Constitution makes no provision for a delay to the January 20, 2021 presidential inauguration. Even so, Trump’s tweet and statement were widely seen as a remarkable provocation and a disturbing portent of how the voting process and legitimacy of the election results could be undermined in November. Read More

Australia: Support grows for an Australian active cyber defence program | Stilgherrian/ZDNet

Tuesday’s industry advisory panel input into Australia’s long overdue 2020 Cyber Security Strategy is a grab-bag of ideas, but what jumps out at your correspondent is its support for active cyber defence (ACD). ACD has been at the centre of the UK government’s cyber defences since 2016. It aims to raise the cost and risk of mounting commodity cyber attacks while reducing the return on investment for criminals. The National Cyber Security Centre (NCSC) has deployed anti-spam defences across the .gov.uk domains and is monitoring internet routing to stop DDoS attacks and route hijacks. It’s been remarkably transparent about its progress, and it’s also led to some big wins. While the NCSC is concerned primarily with government networks, telcos and private-sector organisations are able to plug in. The UK’s program is “a best practice model for Australia to emulate”, according to Australia’s cyber industry advisory panel. “The panel strongly supports the increased use of threat blocking for low-sophistication threats,” they wrote. Support for blocking threats at scale was the highest among those on the front lines of the battle against cybercrime — particularly financial institutions.” Read More

Australia: Electoral legislation amendments leave door open to internet voting | Asha Barbaschow/ZDNet

Australia’s Electoral Legislation Amendment (Miscellaneous Measures) Bill 2020 is currently before the House of Representatives Electoral Matters Committee to review the changes put forward by Minister for Finance Mathias Cormann. The changes within the Bill [PDF] would amend the Commonwealth Electoral Act to modify electoral donation and disclosure laws and “address anomalies” in entity registration and public election funding rules; as well as the intention to improve electoral processes, electoral administration, vote issuing procedures, and improve workforce flexibility for the Australian Electoral Commission (AEC). But as cryptographer Dr Vanessa Teague highlighted late Monday, by way of introducing the capability to expand electronically assisted voting methods to Australians working in Antarctica, the Bill somewhat forces the AEC to accept internet voting. While legislation currently allows for electronic voting to be performed by those with vision impairment, the Bill seeks to replace the phrase “sight-impaired people to vote by an electronically assisted voting method” with “an electronically assisted voting method to be used by sight-impaired people to vote”. Read More

Australia: Electoral Commission makes progress with 2018 modernisation project | Asha Barbaschow/ZDNet

The Australian Electoral Commission (AEC) is heading a project to modernise its systems, having reached out to the market in 2018 for help on shaping the future of its IT backend. At the time, the AEC said the core software platforms in place had been in use for around 30 years, with its systems environment comprising of approximately 93 systems and supporting sub-systems. The commission has this week published a request for tender (RFT) for an enterprise architecture tool (EA tool), seeking help with the delivery of its modernisation project. The AEC normally operates out of 90 premises around Australia and has 780 staff. When an election is announced, that scales to more than 7,900 premises and approximately 90,000 staff. AEC offices are organised geographically, with a national office in Canberra, an office in each state, and divisional offices in or near each of the electoral divisions. The AEC currently has a small enterprise architecture practice team located within its Information and Communication Technology branch. Read More

Australia: How will the ACT election be made safe amid the COVID-19 pandemic? | Dan Jervis-Bardy/The Canberra Times

Early voting should be expanded to allow this year’s territory election to be held safely amid the COVID-19 pandemic, the ACT Electoral Commission has recommended. The commission has been forced to reassess the planning for, and staging of, the October 17 ballot because of the disruptions caused by coronavirus. In a special report presented to Speaker Joy Burch on Thursday, the commission said that due to the uncertainty surrounding the virus, it had to be assumed that the threat of further outbreaks and social distancing restrictions would still exist during the election period. It said it urgently needed to settle on a model for conducting the ballot which mitigated health risks to the community and its staff, while ensuring the integrity of the electoral process. The commission examined six options for conducting the ballot, including moving to universal online or postal voting, delaying the election date or maintaining normal procedures. Read More

Australia: Queensland elections: coronavirus poses ‘lethal risk’ to voters, experts say | Ben Smee/The Guardian

A leading medical ethicist said Queensland was taking a “lethal risk” by holding elections on Saturday, as the Australian Medical Association, virologists and others called for them to be postponed because of coronavirus. Local government elections will be held in council areas across the state. Byelections will be held in two key state electorates, Bundamba and Currumbin. About 570,000 people applied for postal votes before the deadline, but large numbers said they had not received them. The Queensland electoral commission told those people they could vote in person on Saturday and that physical distancing and other precautions would be taken. The New South Wales government delayed its local government elections, due in September. But Queensland was following its own medical advice. Calls to delay the poll, or provide for people to postal vote after election day, have increased. This week Queensland closed its border with NSW and suspended the state parliament. Read More

New Zealand: Much awaited report on combatting foreign interference in elections delivered | Charlie Dreaver/Radio New Zealand

Parliament’s Justice Select Committee has released its results of its inquiry into the 2017 General and 2016 Local elections. The report covers a number of areas including allowing spy agencies to vet potential political candidates. Ahead of the 2017 general election the GCSB and the SIS drew up a protocol for managing foreign and cyber-security threats but they didn’t need to use it. But the Justice Select Committee said that was no reason to be complacent. It’s suggesting intelligence agencies should give advice about a particular candidate if the party asks for it. It wanted the agencies to be giving more advice in general about possible foreign interference. The committee’s deputy chairperson, National MP Nick Smith, pointed to the risks of what’s called “astroturfing” on social media. Read More

Australia: Electoral hackers facing security blitz | Paul Osborne/Associated Press

Federal police and national intelligence agencies could monitor state and territory elections next year to ensure they aren’t hacked or hijacked by fake news. The Northern Territory goes to the polls on August 22 next year, followed by the ACT on October 17 and Queensland on October 31. An electoral integrity task force has so far overseen the NSW and federal elections and will turn its attention to future polls, a parliamentary committee heard on Friday. Jeff Pope, from the Australian Electoral Commission, told the hearing – when asked by Greens senator Larissa Waters whether the May federal poll was affected by hackers – nothing had affected the commission’s systems. However, the task force’s activities did result in AFP investigations and provided advice on social media posts which were not properly authorised, with subsequent action taken to take them down. Read More

Australia: Government steps up against foreign interference | Casey Tonkin/ACS

Australia’s top intelligence agents will form a new taskforce to target foreign interference. A joint statement from Prime Minister, Scott Morrison; Home Affairs Minister, Peter Dutton; and Defence Minister, Linda Reynolds outlined some of the scope given to the Counter Foreign Interference Tasforce. “The number one priority of our Government is to keep Australians safe which is why we’re investing $87.8 million for a new Counter Foreign Interference Taskforce,” the statement said. “It highlights our focus on stepping up our efforts as the threats to Australia evolve.” The taskforce will be led by a senior ASIO officer and combines members of the AFP, AUSTRAC, the Australian Signals Directorate, the Australian Geospatial Intelligence Organisation, and the Office of National Intelligence. “This is a boost to our ability to discover, track and disrupt foreign interference in Australia,” the statement said. “The increase in intelligence collection, assessment and law enforcement capabilities will help turn more intelligence assessments into operational disruptions to better protect Australians from foreign interference. “The new dedicated capability of the Taskforce will also increase the collaboration and streamline the decision-making between agencies, and strengthen Australia’s analysis of the sophisticated disinformation activities happening across the world, particularly against democratic processes and elections.” Read More

Australia: Flaws found in New South Wales iVote system yet again | Stilgherrian/ZDNet

The “Days since last vulnerability found” indicator for the iVote system used in New South Wales’ elections was reset to zero on Wednesday thanks to a new research note from University of Melbourne cryptographer Dr Vanessa Teague. Or rather, the software vendor was notified 45 days earlier to keep with the terms of the source code access agreement while the rest of us found out today. iVote was purchased from Scytl Australia, a subsidiary of Barcelona-based election technology vendor Scytl Secure Electronic Voting, and is based on the system used by SwissPost. In March this year, Teague and her colleagues Sarah Jamie Lewis and Olivier Pereira found a flaw in the proof used by SwissPost system to prevent electoral fraud. Later that month, they detailed a second flaw that could be exploited to result in a tampered election outcome. NSWEC claimed it was safe from the second flaw, and had patched the first. In July, NSWEC ordered Scytl to release parts of the source code in a bid to prove it contained no further vulnerabilities. Vulnerabilities have now been found. “I examined the decryption proof and, surprise, it can easily be faked while passing verification,” Teague tweeted on Wednesday morning. “This exposes NSW elections to undetectable electoral fraud by trusted insiders & suppliers, people who guessed the passwords of the trusted insiders, people who successfully phished the trusted insiders, etc.” Teague’s analysis is detailed in the 8-page Faking an iVote decryption proof [PDF]. Read More

Australia: Australia concluded China was behind hack on parliament, political parties – sources | Colin Packham/Reuters

Australian intelligence determined China was responsible for a cyber-attack on its national parliament and three largest political parties before the general election in May, five people with direct knowledge of the matter told Reuters. Australia’s cyber intelligence agency – the Australian Signals Directorate (ASD) – concluded in March that China’s Ministry of State Security was responsible for the attack, the five people with direct knowledge of the findings of the investigation told Reuters. The five sources declined to be identified due to the sensitivity of the issue. Reuters has not reviewed the classified report. The report, which also included input from the Department of Foreign Affairs, recommended keeping the findings secret in order to avoid disrupting trade relations with Beijing, two of the people said. The Australian government has not disclosed who it believes was behind the attack or any details of the report. Read More

Australia: Where’s the proof internet voting is secure? | Vanessa Teague/Pursuit

Victoria’s Electoral Commissioner, Warwick Gately AM, says that Victoria should legislate to allow Internet voting because “there is an inevitability about remote electronic voting over the internet.” According to Mr Gately, the NSW iVote system has, “proven the feasibility of casting a secret vote safely and securely over the internet”. The key word here is “proven”. Anyone can claim that their system is secure and protects people’s privacy, but how would we know? Elections have special requirements. Ballot privacy is mandated by law. And elections must demonstrate that the result accurately reflects the choice of the people. So, what has iVote proven? In 2015, our team found that the iVote site was vulnerable to an internet-based attacker who could read and manipulate votes. The attack wouldn’t have raised any security warnings at either the voter’s or the NSW Electoral Commission (NSWEC) end, but it should have been apparent from iVote’s telephone-based verification. When the NSWEC claimed that “some 1.7 per cent of electors who voted using iVote® also used the verification service and none of them identified any anomalies with their vote,” we took that as reasonable evidence that the security problem hadn’t been exploited. But it wasn’t true. Read More

Australia: New South Wales iVote source code released for researchers to poke around in | Asha Barbaschow/ZDNet

Parts of the source code the New South Wales Electoral Commission (NSWEC) uses to conduct voting has been released, in a bid to prove it contains no vulnerabilities. Scytl, who was awarded a multi-year contract to refresh the NSW online and phone voting software also known as iVote, has on Tuesday made the code available to those that register, at the request of the NSWEC. “We have published the source code to allow independent researchers to review it in order to aid continuous improvement of the code base by finding and communicating any vulnerabilities they may find,” Scytl Asia-Pacific GM Sam Campbell said. “The terms of use are published with the source code and stipulate that any vulnerabilities discovered must be reported to Scytl and the NSW Electoral Commission.” In early March, a group of researchers found a flaw in the Swiss Internet voting system, which is the same system used by NSWEC. The flaw was found in the proof the SwissPost system uses to prevent electoral fraud. Later that month, researchers detailed a second flaw in the electronic voting system, discovering another method that could be exploited to result in a tampered election outcome. Read More

Australia: Electoral systems evade cyber-attack during federal poll | Justin Hendry/iTnews

The Australian Electoral Commission has revealed the nation’s core electoral systems experienced no successful cyber-attacks during the 2019 federal election campaign. But the agency, which has been increasingly worried by the prospect of external interference, won’t say whether any attempts to compromise the systems were detected. In a bid to guard Australia’s systems against the threat of compromise, the AEC introduced monitoring through a dedicated security operations centre in the lead up to the May 18 ballot. It follows what the agency has described as a worsening cyber environment in the years since the July 2016 election through events like Russia’s alleged cyber interference in the 2016 US election. Many of these concerns stem from the ageing nature of the country’s system for election and roll management, which have been in place since the early 90s and are in dire need of replacement. Read More

Australia: ACT to introduce limited online voting next year | Justin Hendry/iTnews

The ACT Electoral Commission is planning to introduce limited online voting in time for next year’s territory election to allow Canberrans to cast their ballot if travelling overseas. The electronic voting system, which could bear resemblance to NSW’s iVote system, will be developed as part of a refresh of the commission’s election management system. The refresh of the commission’s existing custom-made TIGER system was handed $1.5 million in this month’s territory budget, with separate funding for electronic voting also set aside. The core system has been in place since 1995 and is used to support all administrative tasks associated an ACT election every four years. TIGER, which contains the the electoral role information on around 300,000 ACT electors in a Microsoft Access 365 format, is also used to “support referendums, interstate elections and small external fee-for-service elections”. Read More

Australia: Politicians need more public money to thwart election cyber attacks: ASPI | Julian Bajkowski /iTnews

The spectre of state-sponsored cyber interference in democratic elections across the world has been a staple example of why nations like Australia need top-notch digital defences. Especially since the Internet Research Agency’s free-for-all in the 2016 US poll coincided with the delivery of an unexpected Trump Tweetocracy, with the degree of Russia’s influence hotly contested ever since. Now, after a considerable amount of research helped along by the Australian Computer Society, the cyber security boffins at the Australian Strategic Policy Institute reckon they have reasonable solution to boost the defences of our political parties big and small: Give them more taxpayer’s money. Read More

Australia: Rachel Noble to head up Australian Cyber Security Centre | Stilgherrian/ZDNet

The Australian Signals Directorate (ASD) has appointed Rachel Noble as the new head of the Australian Cyber Security Centre (ACSC). Noble is currently serving as Deputy Secretary Executive Group in the Department of Home Affairs. The Group is responsible for enterprise strategy, risk, assurance, security and ministerial, media and intelligence services. Noble has previously held a series of leadership positions in Home Affairs; Defence, including two previous roles at ASD, and the Department of the Prime Minister and Cabinet (PM&C). “I’m delighted that Rachel’s agreed to return to ASD to take this important and challenging role, said ASD director-general Mike Burgess in a statement on Wednesday. “The cyber threat is real and Rachel is ideally qualified to confront it.” Read More

Australia: Technology problems are not going to be sorted out by more Kool-Aid | ZDNet

An Australian election is on again. The triennial ritual where the electorate makes a choice of which parliamentarian to elect — who will then decide what sort of greying, white male party apparatchik becomes the Prime Minister. With the dumping of racist and homophobic candidates being a daily occurrence, the campaign is plumbing the depths expected upon its announcement. However, on the plus side, Russian trolls and foreign actors have not stoked or created the scandals that are occurring — this is pure, unabashed, organic, embarrassing Australian politics. For the folks able to take their eyes off the sideshow, a common refrain from the technically minded has been the lack of policy directed towards them. But this week, like an ancient Greek god that hasn’t had a good laugh in a while, the Labor party decided to announce it would erect a AU$3 million Blockchain Academy in Perth if it is elected. This was followed in short order by AU$2 million being put towards a Broadmeadows cyber training centre, adding to the AU$3 million National Centre of Artificial Intelligence Excellence announced last month. On the opposing side, Morrison government said last month it would spend AU$156 million to build a cyber workforce and fight cybercrime if re-elected. Read More

Australia: Government’s $156M cybersecurity pledge a ‘drop in the bucket’: White hat hacker | ARN

The Morrison government’s election promise to spend $156 million to bolster Australia’s cyber defences is a start but more like a “drop in a bucket,” says Security in Depth’s Michael Connory. The “cyber resilience and workforce package” will include $50 million to hire more staff under a workforce expansion program; $40 million for a ‘countering foreign cyber criminals’ capacity within the existing Australian Cyber Security Centre (ACSC); and $26 million for ACSC to expand its assistance to the community. Michael Connory, security advisor at Security in Depth told CIO Australia the fund is “nowhere near adequate” to help deal with the cyber threats facing Australian businesses and citizens. “It’s significantly better than the other political parties are pledging, but it’s still not close to enough,” he said. “$40 million focused on placing 230+ new cyber experienced staff for military cyber operations – while this is absolutely necessary, the figure probably needs to be doubled.” Connory said at this time Australia “immediately” needs an additional 2,300 individuals to manage the $500 million cost of cybercrime that Australians lost last year. Read More

Australia: Federal election 2019: why can’t we just vote online? | Crikey

Every time election season comes around, the same question crops up again and again: why can’t we just vote online? We can shop, order takeaway and request an Uber from our phones; why can’t we vote over the internet as well? The main reason: maintaining the security and integrity of elections is actually a lot more complicated than it seems. But let’s take a closer look. While we can secure things like online banking to a reasonable degree, our elections are based on the principle of anonymity and this makes it far more challenging to protect them. Our online banking systems permanently record how much people spend and where, so that we can verify whether our balances are correct. But a record of each person’s vote would be extremely limiting to democracy because it would open up the door to peer pressure and coercion. This could stop people from truly expressing their democratic will. The need to keep elections anonymous brings up some major problems: without records, how can we ensure that the final vote tally is an accurate representation of what the people want? How do we know that the result hasn’t been meddled with by a political party or a foreign power? In paper-based voting systems, we rely on simplicity and having observers from each side at every step of the process. This has been relatively effective at preventing large-scale compromises and errors. When we use electronic and internet-based voting systems, we can’t see what’s actually going on inside the computers and servers, and the vast majority of the electorate doesn’t have the specific knowledge to understand the technical processes that underlie these systems. Electronic and internet-based systems also open up the possibility for widespread election tampering that could slip by undetected, corrupting the entire system. This isn’t feasible in a paper-based election because it would require collusion between far too many people, which would surely be discovered. Read More