Damning report finds AEC bungled security in 2016 election, costing millions

EXCLUSIVE: The Australian Electoral Commission was forced to check every digitally scanned Senate vote by hand after failing to adequately guarantee the data.

Voting at a polling station at Town Hall in Sydney on 2 July 2016.

Voting at a polling station at Town Hall in Sydney on 2 July 2016. Source: AAP

Australia's election authority misled the public about the security of its voting systems in the 2016 federal election, a damning report from the auditor-general has concluded.

The AEC was granted last-minute permission to break the Australian Government's cybersecurity rules and the laws in the Electoral Act due to "time constraints", the report released on Monday reveals.

The Commission took a "significant risk" by failing to meet the standard security requirements, and was warned by Australia's cyber spy agency, the Australian Signals Directorate, that "some of [the agency's] security concerns could not be solved by the AEC in time for the federal election".

A spokesman for the AEC told SBS News there was "no evidence that any of the AEC’s electronic systems were compromised".

He said the AEC had addressed the Directorate's concerns with eight "mitigation strategies". 

Senate votes were digitally scanned and counted by software from Fuji Xerox, an external IT company contracted by the AEC.

But just three days before the electronic system was supposed to be ready, the AEC made a "late decision" to check every single vote with a manual count because the automatic version was not sufficiently accurate.

Federal Auditor-General Grant Hehir's analysis of the election found the manual count was hugely expensive, adding between $6.6 million and $8.6 million to the total cost of the election.

In a letter responding to the audit, the head of the AEC said the Commission had been forced to implement a new system in a short space of time because of the government's changes to preferential voting in the Senate. 

Electoral Commissioner Tom Rogers said the decision to hold a manual count was "not taken because I doubted the integrity of the fully automated process", but rather to maintain "stakeholder confidence". 

Voting at a polling station at Town Hall in Sydney on 2 July 2016.
Source: AAP

AEC 'doesn't know' how many errors were found

The AEC claims it does not know how many mismatches were found between the human count and the software's count.

Vanessa Teague, an expert in digital voting at The University of Melbourne, told SBS News it did not make any sense for the AEC to cross-reference the two counts but not know the results. 

"This is the most basic question that you could possibly ask," Ms Teague said. 

"If they don't even know what the discrepancy between their two different ordinary counting methods is, then how are we convinced that they know that they had sufficient [protection] against cyber attacks?"

Moreover, the audit found the Commission was not open with the public about the security risks.

"The security risk situation accepted by the AEC was not made sufficiently transparent," Mr Hehir wrote in his report.

"The wording used in some of the internal records and published materials would generate confidence in the security of the system, whereas the underlying assessments indicated significant risk."

The IT firm responsible for the vote-scanning tech was not forced to comply with government cybersecurity standards under its contract with the AEC.

The Commission also had the IT company store the scanned votes for 10 months longer than was necessary, according to the report, at a cost of an extra $13,800 per month – or around $138,000 in total.

The Commission's records show the AEC paid Fuji Xerox Businessforce a total of $27 million to design the Senate vote scanning system. 

Government tender documents reveal the AEC also paid multinational e-voting firm Scytl for a 'senate counting solution' in 2016 - the same company that built voting software for the NSW state election in 2015. 

The Scytl tender was originally worth nearly $3 million but was later revised down to $1.8 million. The contracts are confidential. 

Expert: Election results could have been manipulated 

Ms Teague said the AEC's poor quality control meant there was no solid evidence that the Senate election results were accurate, especially in states that were decided on thin margins. 

While every Senate vote was manually checked by AEC staff, they were checking the digital scans and re-entering the data, before computers checked the two results against each other. 

Less than 0.01 per cent of the physical ballot papers were inspected, according to the audit. 

But Ms Teague said a thorough, large-scale audit of the ballot papers was the only way to guarantee accuracy because the digital scans could already have been altered by an accidental glitch or a deliberately-planted virus. 

"There's a big difference between evidence that something's wrong and lack of evidence that the results are okay," she told SBS News. 

"But they're not really producing evidence that the [election] outcome is as they announced it."

She said the auditor's report was "frustrating" because she had written to the AEC prior to the election, warning them of security flaws. 

The Melbourne University professor was responsible for finding a security flaw in the NSW e-voting system used in the 2015 state election, which was later patched. 

She said the revelations in the audit were long overdue.

"Why are we only hearing about this in 2018?"

"Why didn’t we hear about any of these issues at the time? Because that would have given us the opportunity to assess carefully whether there was a big enough problem to investigate further."

The AEC's Tom Rogers said he remained "highly confident" in the integrity of the data and said he was still "incredibly proud" of the Senate scanning system.

Mr Rogers conceded there was "room for improvement" and said he looked forward to "implementing agreed recommendations".

A spokesman for the AEC told SBS News it was "absurd" to suggest there had been a security failure. 

"This was a successful election and the Commissioner and the AEC certainly takes pride in what was achieved," the spokesman said.

The auditor-general's office said it never commented on the findings of its audits. 

AEC's transport costs also blew out 

The AEC also failed to meet its own deadlines for transporting ballot papers to scanning centres.

The Commission planned to spend $5.3 million on transporting the papers but the cost blew out to $8.7 million.

The deliveries were meant to be completed in 18 days but actually took 29.

Published 22 January 2018 at 1:55pm, updated 26 January 2018 at 11:33am
By James Elton-Pym