Go to content

NSW Electoral Commission iVote and Swiss Post e-voting

The NSW Electoral Commission is aware of an issue relating to its iVote internet and telephone voting system, which has been raised in the context of the e-voting system operated by Swiss Post.

The identification of this issue does not affect the use of iVote for the NSW State election.

Swiss Post delivers mail, banking and an online voting platform to cantons for Swiss elections. A ‘Public Intrusion Test’ of the Swiss e-voting system is currently being conducted by Swiss Post and the Swiss Federal Chancellery, offering cash prizes for cryptographers, academics and hackers to identify any weaknesses in their system, either directly or from reviewing its source code. In the course of this exercise an issue has been identified that is also present in the iVote system.

This issue was first raised with the NSW Electoral Commission by the system’s supplier, Scytl, which also supplies online voting software to Swiss Post. Scytl is working with the NSW Electoral Commission and Swiss Post to deploy a fix for the systems this week.

The affected component in the iVote system is the ‘mixnet’. Before votes are decrypted and counted, the mixnet is used to randomise the order of the votes to ensure they cannot be connected to individual voters. This is part of the process that ensures that iVote users have the same ability to cast a secret ballot as voters who use any other voting channel.

Unlike the Swiss Post system, the machine on which the mixnet runs is not physically connected to any other computer systems either within or outside the NSW Electoral Commission. The machine is only used following the close of voting on 23 March. This machine is also securely housed within the NSW Electoral Commission.

A spokesperson for the NSW Electoral Commission said:
“In order for this weakness to be an issue, a person would need to gain access to the physical machine. They would need all the right credentials and the right code to alter the software. Our processes reduce this risk as we specifically separate the duties of people on the team and control access to the machine to reduce the potential for an insider attack. Scytl is delivering a patch which will be tested and implemented shortly to address this matter.”

“We’re pleased to have the opportunity to address this issue ahead of election day and remain confident in the security of the system. iVote is an important voting channel to ensure equal access to democracy, particularly for people with disability and remote voters, and we will continue working to strengthen its operation.”

Elector enquiry centre
1300 135 736 

Media enquiries only
Phone: (02) 9290 5936