The NSW Electoral Commission says it is considering a suggestion that it release the source code of its vote-counting software following the discovery of bug by a group of researchers.
Researchers from the University of Melbourne and ANU say the software error caused a mistake in the count in a 2012 council election in Griffith.
Candidate Rina Mercuri, running for the first time in the south-western NSW town, narrowly missed out on a seat.
“We believe the software error incorrectly decreased Mercuri’s winning probability to about 10%,” two of the researchers, Vanessa Teague and Andrew Conway, wrote in a blog post. “According to our count she should have won with 91% probability.”
NSW’s acting electoral commissioner, Linda Franklin, said in a statement that the error in the software had now been “corrected and tested”.
After reviewing the research paper, the commission contacted all the candidates in the count and apologised for the error. Candidates will not be able to appeal as the deadline for challenges was three months after the election.
“It is important to understand that even if the error had not occurred, the unsuccessful candidate may still not have been elected due to the effect of randomisation,” the commission noted.
The randomisation referred to relates to the process of selecting surplus ballot papers and distributing them to remaining candidates when counting votes.
The researchers were able to find the error after code fragments and algorithms were published by the Commission.
“If full source code was available there would be even more opportunity to examine the system to find mistakes before, rather than after, the election,” wrote Teague and Conway. “It would be good for democracy, and good for the Electoral Commissions, to make election-related source code public before an election,” the pair wrote.
Researchers at ANU previously found three bugs in ACT Electoral Commission counting software code and security weakness in the Victorian Electoral Commission electronic voting protocol.
Both sets of code were publicly released and rectified ahead of elections. A joint study between the University of Melbourne and the University of Michigan also found security failures and verification flaws in NSW's online iVote system.
“Our research supports the conclusion of similar studies in Australia and overseas: certified code may contain undetected software errors that impact election results,” Teague and Conway wrote.
The full paper, An analysis of New South Wales electronic vote counting, was authored by Conway, Michelle Blom, Rajeev Goré, Katya Lebedeva, Lee Naish, and Teague.
In it, the researchers called on the Australian Electoral Commission (AEC), which is responsible for federal elections, to release the code used to count Senate votes.
The AEC has strongly defended the secrecy of its EasyCount software code despite freedom of information requests and a Senate order.
In resisting release of the code, the AEC said publication could leave the voting system open to hacking or manipulation and noted concerns about the commercial value of the code.Read more:Use of e-voting in NSW election triples expectations
That claim is “weak” given “it took us three person-days of work to write a similar program,” wrote Teague and Conway in their article. “Of course testing takes a long time - but many interested members of the public would do this for free if they could.
“It could only help the AEC to allow the public to identify errors and resolve ambiguities before the election, rather than leaving it until afterwards.”
The paper also criticises the role of randomisation in distributing candidate preferences and called for its removal from the election process altogether.
The NSW Electoral Commission responded on the same day of the paper's publication that it was “committed to maintaining and improving the integrity and public trust in the electoral process in NSW”.
“The NSW public can be confident that the electronic count system used for elections is a vast improvement from manual counts and has drastically reduced the risk of counting errors and waiting times for election results,” said Franklin.