Australian Electoral Commission Refuses To Release Vote Counting Source Code 112
angry tapir writes: The Australian Electoral Commission has been fighting a freedom of information request to reveal the source code of the software it uses to calculate votes in elections for Australia's upper house of parliament. Not only has the AEC refused an FOI request (PDF) for the source code, but it has also refused an order from the Senate directing that the source code be produced. Apparently releasing the code could "leave the voting system open to hacking or manipulation."
Re:This is complete crap!!! (Score:5, Interesting)
We know actually that the software is developed in-house. The AEC does earn some money from licensing the software to other electoral commissions and from using it in union ballots etc.
However, I argue [mjec.net] [pdf] that the code used for counting the Senate could be released, because no other election operates that way. What's more I don't think the AEC's competitive edge in the world of elections comes from their great software.
Re:Security by obscurity (Score:4, Interesting)
Actually it's easier to mess with paper ballots. Messing with software leaves a trail.
I) Messing with software doesn't necessarily leave a trail. For example, a system by which your votes are tallied and the results placed in a file on an SD card for collation in a central location, relying purely on security by obscurity, means that you could mess with the data file in transit and no-one would be any the wiser.
II) It's easier to mess with paper ballots, principally because comptuer systems are understood by fewer people than slips of paper. For precisely the same reason, it's much harder to audit voting systems involving computers. Widespread fraud in paper voting systems is difficult to pull off, because the manual nature requires a lot of observers, and most people can understand handling votes in a trustworthy manner. Voting systems based on computers can be manipulated by a single agent, often without a trace. And the pool of people capable of auditing them shrinks the more complex you make them - mickey-mouse ciphers included.
Paper voting spreads trust over a large number of people. Computer voting concentrates it in the hands of a very small technically adept priesthood, much easier to buy off or intimidate. I'm the first to geek out about some cool new method of using crypto, but I've come to realise that as much enthusiasm I have for the technology, I'm not really comfortable trusting the election of my government to it because it's so easy to subvert.