Legislative Assembly for the ACT: 2018 Week 11 Hansard (25 October) . . Page.. 4402 ..
Directorate, Justice and Community Safety Directorate, Education Directorate, and ACT Health. Initially, work is being undertaken on both Community Services and Health Sub Sector Funding Plans that relate to Early support service provision. This will be undertaken as part of recontracting for these sub sector funding plans for 1 July 2019.
Elections ACT—electronic voting systems (Question No 1747)
Ms Le Couteur asked the Minister for Justice, Consumer Affairs and Road Safety, upon notice, on 21 September 2018 (redirected to the Speaker):
(1) Why do some of the ACT's election systems (for example electronic voting and counting system, the vote collection and counting module) have publicly available designs and code, and others (such as electoral rolls and paper ballot scanning) keep the code secret.
(2) Why doesn't Elections ACT follow best practice as most security experts say that keeping designs secret doesn't help security, instead, they say that system security should depend on public designs, and secret passwords or keys.
(3) How can scrutineers review the operation of the ACT's electronic election systems, when the vendors, designs, and code are secret.
(4) Should public money be spent on systems where the vendors, designs, and code are kept secret; if so, how is this efficient or transparent.
(5) Has Elections ACT considered using electronic systems that are also used by other jurisdictions for example, Victoria uses suVote, and NSW and WA use iVote.
Ms J Burch: The questions were referred to the ACT Electoral Commissioner, Mr Damian Cantwell AM, and his answer, through the Speaker, to the member's question is as follows:
1. The purpose and benefit of making an election system source code publicly available is to allow transparent review by interested parties and ensure that it is devoid of code, malicious or unintentional, that may allow for the manipulation of voter preferences. The ACT Electoral Commission considers an open source methodology essential for a system that is directly accepting, storing and counting voter's preferences in a parliamentary election. Accordingly, the Commission has used open sourced methodology for its electronic voting and counting system (eVACS) since its inception in 2001. Open source code also provides an opportunity for those with less lawful intentions to discover and possibly exploit vulnerabilities in the system. A balance needs to be met against these two conflicting elements. For eVACS, the Commission has always viewed the importance of transparency as paramount and has accordingly released the source code for public scrutiny.
However, the situation is different for the electronic electoral roll system and ballot paper scanning. Both of these systems are commercially developed products that do not directly capture or count votes. In relation to these two systems the Commission has taken the view that the value of transparency through open source does not outweigh the potential security risk of exposing the system to public and open review. In relation to the electoral roll system, there is no relation to this system and an elector's vote,