Australia’s New South Wales Electoral Commission has given its electronic voting system a clean bill of health, dismissing hacking fears as “theoretical,” and accepting a PWC report saying the system to date was protected by “security through obscurity”. Reviews of election processes are routine, and in 2016, the NSW Joint Standing Committee on Electoral Matters kicked off the Wilkins report. It was completed in May of this year, but was only recently made public (PDF). NSW’s “iVote” system was used by nearly 300,000 citizens in the 2015 election, a week after Melbourne University crypto-boffins Dr Vanessa Teague and Dr Chris Culnane demonstrated a FREAK-bug-like “theoretical attack”.
While internet voting is not yet widespread in Australian elections, Wilkins noted that “a number of Australia’s Electoral Commissioners have said to me: ‘We need to be ready to do this efficiently and securely because it is inevitable.’”
… The report’s author Roger Wilkins dismissed as “theoretical” Teague’s and Culnane’s (along with Dr Aleksander Essex, and Professors Rajeev Goré J Alex Halderman) concerns that the system isn’t well-protected against attack. A hack could alter an election result, but Wilkins wrote that argument “places too much weight on theoretical possibility and not enough on empirical likelihood, or probability of things occurring.”
He did, however, concede that Internet voting security needed improvement, writing that it is not attended to as systematically and comprehensively as it needs to be, given the emerging threat environment and the fact that internet voting was now becoming ‘critical infrastructure’”.