iVote source code publication update
To support transparency and public confidence around iVote, the NSW Electoral Commission released key components of the iVote voting system source code following the 2019 NSW State election, for inspection and comment by experts. More than 60 people have downloaded the material for review since it was made available on 31 July 2019.
Arising from this review, the NSW Electoral Commission received a submission from Associate Professor Vanessa Teague, from the University of Melbourne’s School of Computing and Information Systems. Her report raised a concern that a false “decryption proof” could be created for iVote. The purpose of a decryption proof is to verify that the process of decryption did not change the vote.
Associate Professor Teague’s report, “Faking an iVote decryption proof”, stated there was a way for the iVote decryption proof to be exploited so that it showed correct decryption occurred even if vote data had been tampered with.
The NSW Electoral Commission’s Director of Election Innovation, Mark Radcliffe welcomed Associate Professor Teague’s contribution to the ongoing improvement of iVote and online voting systems in general.
“There is no indication of any interference with the iVote system at the recent State election or at any other election where the iVote platform has been used,” he said. The NSW Electoral Commission is implementing an improved version of the proof, as provided last month by Scytl, the code developer, which will address the issue raised in the report. A number of other improvements to the iVote system are also being considered as part of our commitment to continually improve verifiability, security and useability.”
Faking an iVote decryption proof in the manner outlined by Associate Professor Teague would have required an expert in the field to have physical access to our computer performing the decryption and circumvent all the other controls in place. We are confident that could not have happened during the 2019 State election,” he said.
“The NSW Electoral Commission had in place a number of robust procedures and compliance tests to provide assurance about the integrity of the iVote process. These other measures included strict controls to manage the risks of insider attacks,” Mr Radcliffe said.
The NSW Electoral Commission remains committed to improving the integrity and security of the iVote system by inviting independent experts to identify and report to the Commissioner on any potential technical issues or vulnerabilities.
The source code components and documentation remain available in our iVote reports section of the website.
Media enquiries only
Phone: (02) 9290 5936