New South Wales Australia invites Internet voting source code review under restrictive conditions

Here’s the good news:

The NSW Electoral Commissioner is inviting requests from individuals who have a private or academic interest and expertise in electronic voting, or a related field, to review aspects of the iVote system source code prior to the NSW State election in March 2019.

and here’s the fine print which turns this into an extremely restricted, private review of secret code:

The following conditions will also apply to any application made, or access granted, to review the iVote voting system source code:

  • The iVote Voting System source code supplied to the NSW Electoral Commissioner by [for-profit Internet voting company] will only be available for review by an individual on the NSW Electoral Roll or the Australian Electoral Roll.

  • The details of each review application received by the Commissioner will be shared with [for-profit Internet voting company], and may also be shared with third parties to enable the Commissioner to establish the identity and expertise of an applicant.

  • The Commissioner may request the applicant to provide additional material in support of their application.

  • Any successful applicant will be required to sign a Deed of Confidentiality and Privacy with both the NSW Electoral Commission and with [for-profit Internet voting company] before accessing any components of the source code for review.

  • The Commissioner and [for-profit Internet voting company] reserve the right to refuse any application, including (without limitation) where an applicant works for a competitor of [for-profit Internet voting company], where an applicant is unable to demonstrate to the satisfaction of the Commissioner sufficient expertise in electronic voting or a related field, or where the Commissioner considers it is not in the public interest to grant access in a particular case or in general.

So just to summarize what this is not:

  • This is not open source or public source code.
  • This is not an independent review.  The reviewers must be known to [for-profit Internet voting company] and must be approved by them.
  • This is not a global review – you must be from Australia.
  • There will be no independent reporting on the results of the review.  The Deed of Confidentiality and Privacy will almost certainly ensure that any and all results are held in secret by the NSW Electoral Commission and [for-profit Internet voting company] and that any reporting will be through their approved and almost certainly anodyne press releases.

Basically they’re asking you to do a code review (probably for free) out of some sense of public duty.  And you only get to do the review if they decide you’re “worthy”, under criteria that they control.  And the results of your review will be secret.  While this is a good PR exercise for them, and certainly more-secure code is better than less-secure code, almost all the benefits accrue to [for-profit Internet voting company].

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s