NSW 2015 state election - electronic voting securely in the digital age - Ian Brightwell
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
NSW 2015 state election -
electronic voting securely
in the digital age
Ian Brightwell Clinton Firth
CIO General Manager
NSW Electoral Commission CSC Cybersecurity ANZ
CSC Proprietary and Confidential August 6 , 2 015 1
What will be covered
1. What is iVote?
2. Why use it?
3. Sentiment analysis
4. Security and trust
5. Problems with paper voting?
6. Comparative risks
7. Threat based security design
8. Monitoring – both inside and outside the “walls”
CSC Proprietary and Confidential August 6 , 2 015 2
practise.ivote.nsw.gov.au
What is iVote?
1. Remote electronic voting system for web
or telephone:
• Web browser over internet (including mobiles)
• DTMF phone over PSTN
• Human operator using voice from telephone to web
browser (only in 2015)
2. Registration required with eligibility only:
• For blind, disabled, remote and interstate or overseas
• During early voting period (two weeks before election day)
3. Used at the NSW Parliamentary election in March:
• 2011 took votes for 46,864 electors plus 6 by-elections
• 2015 took votes for 286,669 electors
4. Not to replace ordinary paper ballots voted inside elector’s
electorate (over 80% of votes at federal elections currently are
ordinary)
CSC Proprietary and Confidential August 6 , 2 015 3
Why use iVote? (no particular order)
• Allow independent voting for blind and low vision
voters (BLV want all electors to use it)
• Increase participation outside NSW voting (about 20k extra votes in
2011)
• Potentially greater electoral integrity than paper votes (see Keelty and
ANAO Report)
• Replace postal voting (first class mail may not exist in 5 to 10 years
AustPost CEO)
• Postal voting failing overseas voters (over 60% of postal decs not
returned)
• Has been used successfully by other jurisdictions (Norway,
Switzerland, Estonia)
• More accurate result
• Electors want it (most common question asked, over 90% of iVoters
want it, see NSWEC 2011 iVote Report)
CSC Proprietary and Confidential August 6 , 2 015 4
iVote sentiment analysis
Neither
Very Fairly Total Fairly Very
Mode of Voting satisfied satisfied Satisfaction
satisfied nor
dissatisfied
dissatisfied dissatisfied
Election Day attendance
voting
49% 37% 86% 4% 6% 4%
Pre-poll attendance
voting
70% 23% 93% 2% 4% 1%
Postal voting 73% 22% 95% 0% 2% 4%
iVote 80% 17% 97%* 1% 1% 0%
* Increase from 2011 which was 92%
CSC Proprietary and Confidential August 6 , 2 015 5
iVote security and trust
• In telephone survey 9% had heard news about iVote of which 65% of
them said the news was negative, with 28% in telephone and 41% online
survey hearing news that was about security issues
• 86% to 90% of iVoters surveyed trusted the iVote process
• 1.7% iVoters used verification service, of which 80% to 87% of those
surveyed did so to be confident that their vote was successful
• 91% of verification service users were satisfied or very satisfied with
the verification service
• Overall 98% of respondents said they would recommend using iVote
CSC Proprietary and Confidential August 6 , 2 015 6
Problems with paper voting?
• Relies on trusting the electoral authority and staff
• Partisan scrutiny is the only independent check
• Partisan scrutiny is not truly independent
• Voter can not check their vote was counted correctly
• Initial count is often of poor quality and not fully scrutinised
• Count variances are not justified we just say: “Last count best count”
CSC Proprietary and Confidential August 6 , 2 015 7
Comparative risks
Mitigation
Risk Paper Ballots Electronic Voting
Using the current paper ballot approach Similar to current paper ballot approach
potential voters only require a verbal declaration requirement but with option to provide additional
Impersonation identifying themselves. The declaration requires information such as drivers licence or passport
them to know a name, DoB and address on the number or be sent a registration
roll acknowledgement to their enrolled address
Elector can vote incorrectly causing their vote to
Cast as Guided to ensure vote complies with formality
be informal. General informality for paper
rules. Must make active decision to cast informal
intended ballots between 3% to 6%
vote. Informality typically about 1%
Once the ballot paper is placed in the ballot box
Voter can verify their vote has been decrypted
the voter must trust the Commission.
Captured* as by personally checking the vote appears on
Independent scrutiny is sporadic and mainly
receipt website. Also independent auditor will
Cast focused on polling place votes. The 30% of
confirm the votes decrypted match the votes
declaration votes are typically counted without
available for verification
independent scrutiny
Published preference data which is validated by
Counted as auditors and electors can be counted by anyone
Trust the Commission staff manually counts the
to check the count is correct. Compare to paper
Captured* ballot papers correctly
ballot results
* Captured - is for paper ballots when the ballot box is emptied or declaration envelope is opened or for iVote is when the ballots are decrypted.
CSC Proprietary and Confidential August 6 , 2 015 8
Comparative risks (continued)
Mitigation
Risk Paper Ballots Electronic Voting
Vote encrypted by voter’s computer and not
accessible by the Commission or others until
It is difficult to identify evidence of vote
Tampering decrypted. Decrypted votes matched to verified
tampering with paper ballots
votes to ensure valid. Compare to paper ballots
results
Ongoing monitoring of registrations against votes
Ballot Box would identify stuffing at time it occurs and
It is difficult to identify evidence of ballot papers
potentially allow added papers to be identified
“Stuffing” which may resulted from ballot box “stuffing”
and removed. Compare to paper ballots results
Integrity of paper based elections relies on Combination of technology and procedures give
Integrity Commission staff following procedures and the ability to be confident votes are counted as
being trusted cast. Compare to paper ballots results
Ballot secrecy is persevered in ordinary polling
Voter identity is held separately from the actual
place voting but secrecy could be breached for
preferences voted by a given voter. Voters can
Ballot Secrecy declaration votes as the voter’s details are
not be associated with their vote without very
available to Commission staff at the time of
significant breaches of multiple systems security
opening the declaration envelope
CSC Proprietary and Confidential August 6 , 2 015 9
New approach to cyber
Military have long used Threats traverse ALL in a
intelligence global cyber war
Threats evolve Integrate threat data
and calibrate with monitoring
“If you know the enemy and know yourself, you need
not fear the result of a hundred battles...”
CSC Proprietary and Confidential - Sun Tzu, the Art of War
August 6 , 2 015 10New approach to cyber CSC Proprietary and Confidential August 6 , 2 015 11
Strategic Threat Assessment
Research
Threat Actor
& Analysis
Monitoring
Wargame,
Test and Assess
CSC Proprietary and Confidential August 6 , 2 015 12iVote cyber events
• Chatter
– “Suspension” to correct ballot
– “Researcher” articles
– Positive
• Vulnerabilities (not exploited)
– FREAK
– Bar mitzvah
• Overall
– Comparatively minimal events
CSC Proprietary and Confidential August 6 , 2 015 13iVote registrations CSC Proprietary and Confidential August 6 , 2 015 14
Events triggered by location CSC Proprietary and Confidential August 6 , 2 015 15
Threat actor monitoring CSC Proprietary and Confidential August 6 , 2 015 16
iVote attack timeline CSC Proprietary and Confidential August 6 , 2 015 17
iVote physical events
• Physical
– Town hall breach
• Logistics
– 60% overseas postal votes
not returned
– Difficult to reconcile
movement of declaration
votes
• Manual handling
inconsistencies
– Unable to reconcile ballot
papers in final count ballots
counted at the issuing point
CSC Proprietary and Confidential August 6 , 2 015 18Summary
• iVote restricted eligibility
• Cybersecurity forefront of design
• Minimal security events
• Comparative risk
• Public success
CSC Proprietary and Confidential August 6 , 2 015 19MORE INFORMATION
General Information on iVote
https://www.ivote.nsw.gov.au
NSWEC iVote reports
https://www.elections.nsw.gov.au/about_us/plan
s_and_reports/ivote_reports
ANAO Elections Audit Report
http://www.anao.gov.au/Publications/Audit-
Reports/2014-2015/Second-Follow-up-Audit-
into-the-AEC-Preparation-for-and-Conduct-of-
Federal-Elections/Audit-summary
AEC Report into WA Election
http://www.aec.gov.au/media/media-
releases/2013/12-06a.htm
Killesteyn Report
http://www.law.unimelb.edu.au/files/dmfile/WP_
26_Killesteyn1.pdf
NSWEC Strategic Threat Assessment report
Example report (abridged)
CSC Cybersecurity site
http://www.csc.com/cybersecurity
CSC Whitepaper
CSC Whitepaper – Intelligence
Driving Security Governance
CSC Proprietary and Confidential August 6 , 2 015 20You can also read
