Cyber security experts have criticised the ACT electoral commission's decision to not make the source code for the electronic voting system in use for the election widely available.
Subscribe now for unlimited access.
or signup to continue reading
Voting has been open in the ACT for a week already, with almost 90 per cent of the 43,299 votes already cast done so through computer terminals that record votes electronically.
It is not the first time electronic voting has been used in the ACT, but it is the first time Elections ACT has not made the code running the systems available publicly before the poll.
Anyone wishing to view the code, or the independent audit report on it, is required to sign a non-disclosure agreement that would restrict them from speaking about what they have seen for 60 days.
Vanessa Teague, chief executive of Thinking Cybersecurity and adjunct professor at the Australian National University's College of Engineering and Cyber Security, says it shows Elections ACT isn't being as transparent as it should be.
"I don't think voters are getting any good evidence that their votes are being accurately recorded, transmitted or tallied," she said.
"They might be fine, but you're not getting any real way of checking."
It is common practice for electoral bodies using electronic voting systems to make the source code for those systems public, allowing outside experts to look at the system and point out errors that need fixing before the systems are put in use.
All of the previous systems used by the ACT are still available on Elections ACT's website.
Elections ACT says it wants third parties who view the code to sign the non-disclosure agreement to ensure they will work with them if any bugs are found, and not create unnecessary panic.
"It is in the interests of democratic integrity, but also in recognition of the changing communication landscape, that we've introduced the Deed requirement," a spokesman said.
Not all third parties acted in good faith, and creating doubts around the integrity of the process was a legitimate concern, he said.
Professor Teague didn't sign the non-disclosure agreement when it was presented to her, and said that reasoning wasn't good enough.
"We should be a resource rather than something they feel the need to fight," she said.
Professor Teague also requested the audit report under freedom-of-information laws, but was told the non-disclosure agreement must be signed.
The Canberra Times is not suggesting there are issues with Elections ACT's electronic voting system or that votes are being incorrectly recorded.
A spokesman for Elections ACT said voters could have confidence that their vote was being recorded as cast.
The source code for ACT elections had been provided every year since 2001, the spokesman said, has operated as expected during that time while open to public review and continues to operate as expected this year.
READ MORE:
The code for the 2020 election is different to what has been used previously, including the interface, which is touchscreen-based instead of requiring a keypad.
People can request a physical ballot paper if they wish.
It is unclear if there was time from when the source code and audit report were completed for someone to sign the non-disclosure agreement and have the ability to speak publicly 60 days later before polls opened on Monday.
Independent security researcher T Wilson-Brown said the use of non-disclosure agreements "raises a lot of concerns".
"I can't apply my experience or professional judgment to the facts of how the system has been designed because I just don't know," they said.
"It should concern voters and it should concern candidates."
In 2018, Mx Wilson-Brown went public over an element of the 2016 electronic voting system that showed what time each vote was cast, something they say could create a vulnerability for a vote to be revealed to someone else. The issue was disclosed in the media only months after dealing with Elections ACT over the issue.
Without seeing this year's source code, they say it isn't possible to see if the timing element has changed.
"If we were to sign NDAs, we couldn't tell candidates or the public about any risks until it was far too late," they said.
"It would be great to have sorted this out in 2019."
The voting system in the ACT is electronic, but not online, which removes the avenue for the system to be hacked through the internet. Only a small number of votes will be cast online, by Canberrans who are overseas during the election.