Housekeeping #4, Scrutiny: How do you know that your vote really counts?
In the fourth episode of Housekeeping – the Wheeler Centre's five-part mini-series of short podcast features on Australian democracy – Jarni Blakkarly looks at the possibilities of human error and fraud in our voting system. Why are we still voting with pencils and paper?
You might remember that during the 2013 Australian federal election, something odd happened in Western Australia.
The Senate race in WA was very close; the result came down to just a few votes. The losing candidates asked for a re-count, and the Australian Electoral Commission (AEC) agreed.
But during the re-count, the commission realised that in one electorate, a ballot box containing around 200 ballot papers had gone missing. Later, in a different electorate, they found that another 1100 ballots were also gone.
To this day, neither the ballots nor the boxes have been found.
How did this happen? I mean, how do you just lose ballots? And could it happen again?
The electoral commission weren’t really keen to chat about those lost boxes of West Australian votes … but they did point me to an investigation by former Federal Police Commissioner Mick Keelty.
Keelty couldn’t work out exactly how the ballot boxes went missing. But his report recommended a range of closer procedural guidelines for how ballot boxes should be monitored and stored. So, what are the basics of how this process generally works?
Stephen Luntz has been an election scrutineer for the Greens at all the state and federal elections since the early 1990s. He’s worked on by-elections, local council elections and elections at state and federal levels.
He’s even made a career of vote-counting. He co-owns a business that gets paid to run student union elections.
Luntz described for me the scene for vote-counters at the end of an election day. ‘The voting shuts down; they do a check of how many votes they should have, how many people have been through. And then they open the ballot boxes, have scrutineers check that the seals are the right seals that should be on there – and then they tip the votes out onto a table and start sorting them into piles of who got the number one vote.’
I know this sounds like a lot of detail – but stay with me. There are regular people, often uni students or retirees, who get paid by the AEC to count votes. They’re not allowed to be politically active. Then, there are scrutineers like Luntz. Their job is to watch the vote-counters – making sure they don’t make any mistakes that will disadvantage their candidate.
Luntz says the most common mistakes are simple – twos that might be threes, or just votes placed in the wrong pile. He’s also seen people get pretty creative with their informal votes; once, he saw a ballot paper where somebody had voted below the line in the Senate in Roman numerals. The vote was counted as formal.
‘The old cock and balls is reasonably common,’ laughs Luntz. ‘You get commentary on the candidates. I have seen people’s [commentary on candidates’] alleged fondness for barnyard animals and such like.’
When a scrutineer sees a mistake, like a ballot in the wrong pile, they alert an official supervisor who then decides where it belongs.
But scrutineers aren’t there for the common good. They are primarily there for their candidate. The situation can present all manner of ethical dilemmas for scrutineers, Luntz says. ‘One of the common things is when you have a mistake that goes in your favour and you have this moral conundrum. Do you point that out or are you like, "it’s not my job to point it out?"’
Over the years, Luntz has developed a system that tries to exploit his bias for the overall good of the system.
How did this happen? I mean, how do you just lose ballots?
‘My thing is that I just don’t watch the pile of my candidate, so if a vote is put there wrongly, I won’t see it,’ he explains. ‘I’m busy watching my opponents’ votes. So any vote in there is a vote I want to get out, that’s the easiest way to resolve that.’
Having worked at so many elections, Luntz has seen many instances of disorganisation and under-trained staff. But for the most part, he says the system works well – and that the level of scrutiny trained on the electoral commission is unfair.
Yet the case of the missing ballot boxes in Western Australia were a horror story for the AEC. The commissioner himself resigned not long after.
As someone who is very familiar with how elections work, Luntz has a theory about those missing boxes. He explains that on election night, there are lots of items to keep track of: ballot boxes, electoral rolls and polling booths. Sometimes there are surplus ballot boxes, too, in the case of higher-than-expected voter turn-out. Unfortunately, it’s more expensive to store all the material between elections than it is to dispose of it each time.
‘It’s a terrible waste of resources, really,’ he says. ‘My guess is that when they went to recycle the booths, a couple of piles of ballot papers went to recycling instead of the central tally centre where they were meant to [go].’
Also in this series
In an age where news websites and social media polls are constantly asking for our votes onscreen, paper voting can feel distinctly old-fashioned. Plus, it’s probably the only time since primary school I’ve used a pencil. (By the way, the electoral commission offers pencils instead of pens because it works out cheaper that way. You’re actually allowed to bring your own pen and use it.)
After hearing from Luntz about all the human error in vote-counting, and with more than 1000 ballot papers disappearing mysteriously … surely it’s just a matter of time until we start taking our votes online?
Vanessa Teague is a senior lecturer at the University of Melbourne’s Department of Computing and Information Systems and she has a background in cryptography. By her account, ‘there have been two important electronic voting projects in Australia, each representing opposite ends of the risk spectrum.’
Teague was involved in both of those projects – but in very different ways. At the 2014 Victorian state election, the Victorian Electoral Commission ran a computerised voting system for people who wanted to vote from the Australian embassy in London.
Of course, it made perfect sense to do it online: the ballots wouldn’t have to come all the way back from the UK before the election results could be decided. Some computer booths were also available in Victoria for people with special needs.
Teague says that two key things are at play with any voting process, be it paper or computer. First, there’s accuracy – knowing your vote was recorded as you intended it to be. And then there’s privacy, which is all about keeping your vote secret.
'When you have a mistake that goes in your favour ... you have this moral conundrum. Do you point it out or are you like, "it’s not my job to point it out?"'
The Victorian trial, as it turns out, came up with a nifty solution to meet both those needs. Teague describes the complicated process, which begins with a pre-printed ballot paper on which candidates are arranged in random order.
‘This [randomisation] is going to turn out to be important for privacy. You go to a tablet machine in a booth, and you tell the tablet how you want to vote and you show it your printed candidate list, and you tell it your preferences,’ she explains. ‘Then, that PC prints out your list of preferences – but your list of preferences is carefully arranged to match up with the randomised list of candidates that you had. And it has a serial number on it so that we can link these two values together.’
‘Now, there are two careful and important steps. Careful and important step number one is that you have to check that the candidates line up with the preferences that you wanted – and step number two is that you have to shred the candidate list.’
Only around 1000 people voted on computers at that election, but the feedback was mostly positive.
As for Australia’s second experiment with electronic voting? Well, that went down a little differently.
In 2011’s New South Wales state election, the New South Wales Electoral Commission held a small trial of internet voting. At the subsequent state election in 2015, the system was rolled out on a massive scale. In that election, 280,000 votes were cast over the internet – with people logging in from home, from work, or from any computer.
To use the system, you had to send the commission your identification details in advance. Then, you’d be supplied with a pin which you could use to vote. It was intended for New South Wales voters who were overseas or interstate on election day, but there was no way of checking – so really, anyone could opt in. But as the iVote system opened up for early voting, Teague discovered something very strange.
‘My colleague Alex Halderman and I looked at the code in the practice version of the iVote server,’ she explains. ‘We realised that in the practice version, there was a significant security vulnerability which would have allowed anybody who controlled the voter’s internet connection to expose how the person wanted to vote, and manipulate that vote before it was sent back to the electoral commission. We checked, and we could see that exactly the same vulnerability applied to the real system.’
It was a serious flaw – and not just a theoretical one, either. When Teague and Halderman discovered the security issue, more than a week remained before election day. But iVote had opened early, for pre-polls; in fact, by the time they’d found the problem, the system had already been public for five days – and 66,000 real votes had already been cast.
‘We demonstrated on the practice version that we could manipulate our own vote, and exactly the same code would have worked in the same way.’ Teague says that, had they created their own open wireless network in a busy Sydney café, anyone using the network to vote could have been vulnerable to interference. ‘We could have used our code to tell us how that person wanted to vote – and changed their vote before it got sent to the electoral commission.’
'The rate of fraud that we can tolerate in an electoral context is a lot less than the level of fraud that the banks roll with all the time'
The New South Wales Electoral Commission already had a system where voters could phone in and verify their votes, but predictably enough, very few used it – they trusted the computer.
And while it may initially sound fanciful to talk about rigging an election from a wifi hotspot at a café, Teague points out that there are people who control internet access on a much larger scale – a staff member at an internet service provider or a university, for example.
Of course, Teague and Halderman weren’t out to rig the election; as soon as they discovered the security flaw, they raised the alarm.
Teague had already been in touch with the New South Wales Electoral Commission. She says she had ‘warned them about some errors in their verification protocol, and hadn’t gotten the most helpful response. So when we discovered this issue, we called the Australian CERT.’
The Computer Emergency Response Team, or CERT, is the national cyber-security organisation based in the Attorney-General’s Department – working closely with the Australian Security Intelligence Organisation (ASIO), and the Australian Federal Police (AFP). After CERT was alerted, the problem was quickly fixed. And, to be clear, there was never any indication that votes were actually manipulated in that election – but they could have been.
After fixing the problem, there was no white-hat hacker reward for Teague and Halderman. Instead, the New South Wales Electoral Commission launched a bizarre attack on the two academics, criticising them for making the issue public and questioning their independence. In a published response to the incident, the commission said: ‘It should also be noted that both Drs Teague and Halderman are advisory board members of the US based anti-internet voting lobby group Verified Voting.’
The head of the University of Melbourne’s computing department responded to the Commission’s attack angrily, defending the pair’s work.
Teague recalls the incident with a laugh. ‘There was a long period of not understanding the difference between not liking the message … not understanding that the person who explains to you a problem is not the person who caused the problem.’
We make plenty of other secure transactions online – internet banking and shopping, and now services like Medicare. So why is voting over the internet so hard to get right, and why are some, such as Teague, fighting against it?
‘You don’t really have any expectation of privacy from the person you are transacting with,’ she begins, ‘so it is a lot easier to keep receipts – get a little email confirming the thing that you did, get a telephone call from the bank if they notice something suspicious. Although in a sense you trust it, there is this constant, direct opportunity to verify it is doing the right thing. That’s the first thing.’
Once you step out into the wilds of the internet, there’s no telling what’s going to happen.
‘The second thing is, there’s fraud on those systems. Have you never had fraud on these systems? Have you never had fraud on your credit card; have you never had a dodgy transaction out of your internet banking account? Most people have! But if you think about how close the 2010 election was, the rate of fraud that we can tolerate in an electoral context is a lot less than the level of fraud that the banks roll with all the time on internet banking and electronic commerce.’
Basically, Teague is much more comfortable with the idea of computers in controlled environments such as at polling stations. Once you step out into the wilds of the internet, there’s no telling what’s going to happen.
I put it to her that there’s some irony in the fact that it’s computer scientists who are most emphatic that computers can’t be trusted. She laughs: ‘I think the point is, as a tech person … I think most tech people have a fair degree of scepticism about the precise correctness of a computer. And when you think about both the frequency of accidental software errors and the frequency of deliberate cyber security attacks, you can see that the idea that you should entrust your vote to a computer is something you should be very sceptical of – unless you’re getting really good evidence.’
Hmmm … maybe we’ll stick to pencils.
All messages as part of this discussion and any opinions, advice, statements, or other information contained in any messages or transmitted by any third party are the responsibility of the author of that message and not the Wheeler Centre.