I'm only replying to say a personal thank you for pursuing this. Australia has such weak individual rights, it is so important that people like yourself put your hand to pursue them on occasions like this when it is important. Keep going!
I didn't know about this latest turn of events! This quote in particular is extremely disturbing... I noticed it in the FOI rejection, but now they're telling this to the Senate:
> In relation to the source code for the Senate counting system, I am advised that publication of the software could leave the voting system open to hacking or manipulation.
This was after the Senate asking, this argument has nothing to do even with the FOI request.
"I am advised that publication of the software could leave the voting system open to hacking or manipulation".
Well, if the problems are there, opening up the source to more eyes strikes me as the obvious thing to do; or should those with the knowledge of how to manipulate it as it stands be kept to the bare minimum? :)
But in any case, at least the meat of the implementation of the algorithm should be OK to release I would've thought - surely that isn't someone's intellectual property?
This is software we paid for and strikes me as pretty important to the democratic process, I'd like to have a bit of a look at it.
A smart cookie could vote in such a manner as that when the information is entered into the system, it crashes it? Maybe that's what they mean by manipulation...
Or, is it available online without any authentication other than knowing where it is? So if you know where it is, you could enter votes and then manipulate the election with those fake votes...
> A smart cookie could vote in such a manner as that when the information is entered into the system, it crashes it?
"Informal" votes -- ballots where the voter does not correctly fill out the ballot paper -- are rejected from the tally by the counters under supervision from scrutineers.
If you use hexadecimal, it will be rejected. If you use a very large number, it will be rejected. If you use weird unicode characters, it will be rejected. If it's anything other than a) a single [1] "above the line" or a fully filled-out ballot "below the line" comprised of numbers from 1-n where n is the number of candidates-1, it will be rejected.
If it's crashing on properly filled-out votes, there's a bigger problem.
I hadn't seen that one :) Someone above mentions its VB6 with embedded SQL Server upgraded from COBOL [1]. Can sort of see how they don't want anyone looking at it now.
It seems to be an ongoing misconception in the public, that part of good security is obstification. Know of any simple clear articles I could point people to when they make these sort of ("because Hackers might see") claims?
"I am advised that publication of the software could leave the voting system open to hacking or manipulation"
Shouldn't this "advice" demand substantiation or evidence? Surely it's not enough for one to just get "advice" right? If so then any Joe could lie to this officer and they could write the same thing.
Also, what does that bit about "commercial-in-confidence" mean?
> Also, what does that bit about "commercial-in-confidence" mean?
The AEC does conduct some elections on a fee-for-service basis - things like union elections. They use a version of the same system to tally votes in those elections too. They say that the two systems are totally inseparable, to the point where you can't just cut out the code used in industrial elections. They also say revealing the code (though keep in mind it would still be copyrighted, so couldn't be used by any other organisation) would cause them significant commercial disadvantage. Because they have particular efficiency in the way their software operates which causes them to be more competitive.
As you might suspect, I disagree with pretty much every part of what they claim there.
http://www.brisbanetimes.com.au/it-pro/government-it/vexatio...