Serious flaw hits NSW voting system

The NSW Electoral Commission insists a flaw in its iVote software, identified during a test of the Swiss system, won't affect voting for the March 23 election.

A young boy looks into a ballot box

The NSW Electoral Commission insists its iVote platform is safe to use for the March 23 poll. (AAP)

A serious flaw in Switzerland's e-voting software has been discovered in the NSW internet and telephone voting system with an urgent fix being rolled out less than a fortnight from the state election.

But the NSW Electoral Commission insists its iVote platform is safe to use for the March 23 poll.

The revelation comes as an unrelated computer issue caused confusion and delays at pre-poll centres across the state.

Researchers uncovered an issue in the Swiss Post-operated system during a test exercise aimed at identifying weaknesses.

NSW's electoral body confirmed that during the exercise "an issue has been identified that is also present in the iVote system".

The company that supplies the software to Swiss Post - Sctyl - is also behind the NSW iVote program.

"Sctyl is delivering a patch which will be tested and implemented shortly to address this matter," an electoral commission spokesperson said in a statement.

"We're pleased to have the opportunity to address this issue ahead of election day and remain confident in the security of the system."

The affected component - called "mixnet" - is used to randomise the order of votes before they are decrypted and counted to make sure they can't be connected to individual voters.

This ensures people who use iVote can cast a secret ballot just like those who vote in person.

But unlike the Swiss Post system, the machine that runs mixnet is not physically connected to any other computer system and is only used once voting is closed.

The machine is also securely housed within the NSW Electoral Commission.

"In order for this weakness to be an issue, a person would need to gain access to the physical machine," the commission said.

"They would need all the right credentials and the right code to alter the software.

"Our processes reduces this risk as we specifically separate the duties of people on the team and control access to the machine to reduce the potential for an insider attack."

Meanwhile, the commission on Wednesday said it had detected a performance issue with its electronic roll mark-off system which had caused some outages at early voting centres.

Backup arrangements are in place but activating those may result in delays for some voters, a spokesperson said.

"The issue is currently being examined and is expected to be resolved shortly."

Early voting opened on Monday.

Published 13 March 2019 at 3:22pm
Source: AAP