Confidence in our elections is a cornerstone of our democracy and many questions have been raised by events in the United States Presidential election about our own software, which was originally sourced from the same supplier – Scytl.
Last night I asked questions of the AEC regarding the serious issues found in other audits by the Australian National Audit Office and the Australian Signals Directorate, as well as by leading University cryptographers.
The AEC replied that having purchased Scytl software they then chose not to use it, and have developed their own bespoke system. They claim this has been audited and the AEC had every confidence it worked.
One Nation feel bland assurances of this critical issue is not good enough. Today I will ask the Australian Signals Directorate, who are responsible for cyber security, if they have conducted a server-level and code-level audit of that software. If ASD haven’t, then who did the audit and what was the result?
Audits are normally done by the Australian National Audit Office and that agency has not audited the AEC. We need to know that this software is fit for purpose so the public, candidates and media can have complete confidence in our elections.
Transcript
[Chair]
Thank you, Senator O’Sullivan, Senator Roberts.
[Malcolm Roberts]
Thank you Chair, thank you for attending tonight. My questions should be pretty quick I think, in terms of going through them. I’ve got a number of them. Where are pre poll votes kept during the pre polling period and where are they counted?
I might ask the National Elections Manager to step forward.
[Assistant Commissioner]
First Assistant Commissioner, they are kept in a secure location within the polling booth. We have secure facilities that hold those while they’re not counted until after 6:00 PM on election night.
[Malcolm Roberts]
What percentage of pre-post centres have monitored back to base alarms and monitored surveillance cameras covering the location of the stored paper ballots?
[Assistant Commissioner]
I don’t have that on me, I’ll have to take notice.
We’d have to take that on notice.
[Malcolm Roberts]
Do any?
[Assistant Commissioner]
Pardon!
[Malcolm Roberts]
Do any?
[Assistant Commissioner]
I couldn’t answer right off here now.
[Tom Rogers]
There’s a whole range of security measures that are put in place including the involvement of scrutinies in every step of the process, signed documentation with numbered seals that can’t be cut and security guards, were security guards are required and a range of other measures that provide total security for all of those ballots. We treat that very seriously.
[Malcolm Roberts]
So the Senate first preference votes are counted in the polling place and then, to get a rough count. And then transported to the Senate scrutiny centre to be recounted, is that correct?
[Assistant Commissioner]
Correct.
[Tom Rogers]
That’s correct.
[Malcolm Roberts]
Do you compare the polling place count with the machine count?
[Assistant Commissioner]
We do.
[Malcolm Roberts]
Thank you. The 2013, how often or how, what sort of frequency, what sort of sampling?
[Assistant Commissioner]
The whole time. We manage those numbers all the way through to make sure that we’ve got the right… Are you’re talking about the… Well, sorry, there’s two parts to your question there. The first is that we always compare to the first count and we always see what we’ve done throughout the thing. I think what you’re asking there is how much sampling you just said?
[Malcolm Roberts]
Correct.
[Assistant Commissioner]
Right. We do do a portion of sampling throughout to make sure that it’s consistent.
[Malcolm Roberts]
What sort of portion, roughly?
[Assistant Commissioner]
I don’t have that on me. I have to take that on notice.
[Malcolm Roberts]
Okay, thank you. The 2016 Senate machine count was supplemented by a hand count. Did you compare the scanning accuracy with the manual count accuracy?
[Assistant Commissioner]
Great, so-
[Tom Rogers]
I might just start before Ms. White answers. It wasn’t supplemented, It’s actually part of the process, Senator. So it’s not a supplemented issue. What we’ve got is a manual count and a scanning process. The results of those are compared and where there’s no issues then that vote is then included in the count. It’s deliberately set up that way as a check mechanism. It’s not supplemented by. It’s actually one part of the-
[Malcolm Roberts]
Part of the process?
[Assistant Commissioner]
Yeah.
[Assistant Commissioner]
Correct.
[Malcolm Roberts]
Okay. Thank you. The software you use in the Senate scrutiny centre is sourced from Scytl.
[Assistant Commissioner]
No, it is not.
[Malcolm Roberts]
No. Who is it sourced from?
[Assistant Commissioner]
We, it is a bespoke system that we use within the AEC.
[Malcolm Roberts]
Okay thank you. I understand the AEC issued a contract to Scytl Australia to update the software between 2016 and ’19. Is that correct?
[Assistant Commissioner]
No.
[Malcolm Roberts]
There’s a Tender here.
[Assistant Commissioner]
Yeah, there is. So in 2016, when we had the short lead time to put this new scanning solution in, we had a number of tenders go out to see who could replace or upgrade the systems to be able to do the new process. They did try and do that but we ended up going with our internal process.
[Malcolm Roberts]
Okay, so the serious flaws found in the Scytl software in 2016 and in the 2019 New South Wales state audit. So I note that the 2016 audit found that admin passwords were left in during the election period, admin logs were not kept, software changed logs were not kept and the wifi was not disabled on the computers holding the votes.
[Tom Rogers]
I think you’re talking about the New South Wales.
[Assistant Commissioner]
Your New South Wales, that’s what it was.
[Tom Rogers]
I actually don’t wanna dispatch our New South Wales colleagues but I think you’re talking about the New South Wales state election and I-
[Malcolm Roberts]
We’ve got questions about that, yeah.
[Tom Rogers]
I think that’s what you’re referring to there.
[Malcolm Roberts]
So can you assure the committee that none of these errors affected the 2019 election in federally.
[Assistant Commissioner]
Well I can tell you it didn’t, because we didn’t use that software.
[Malcolm Roberts]
At all?
[Assistant Commissioner]
We’ve never used Scytl software for our election.
[Malcolm Roberts]
You’ve used your own bespoke system.
[Assistant Commissioner]
We have.
[Malcolm Roberts]
Okay. Dr. Vanessa Teague associate professor at the ANU college of Engineering and Computer science and Australia’s leading cryptologist was able to hack into the New South Wales Scytl server and change the votes in real time before they were passed through to the AEC server. Can this be done to the system you propose to use in the next federal election?
[Assistant Commissioner]
Nothing is plausible.
[Tom Rogers]
Just for the record, That’s not the AEC server, that was the New South Wales
[Malcolm Roberts]
New South Wales Again?
[Tom Rogers]
commission again. And we have sufficient measures in place that we’re satisfied with all the security measures that we have for the federal event and for the scanning of the Senate vote.
[Malcolm Roberts]
So Dr. Teague is Australia’s leading cryptologist. Would she be welcome to come back and do further audits?
[Tom Rogers]
Frankly, Senator, no. We’ve complied with, we work with a range of partners including the Australian Signals Directorate, the Australian Cyber Security Centre. We’ve had our internal code audited, checked and a range of other issues and not being rude, I’m sure that Dr. Teague is a wonderful person but we’ve had sufficient checks in place to assure ourselves that that system is running smoothly.
[Malcolm Roberts]
Okay. In Senate estimates on the 27th of February, 2018 in response to concerns raised about the audit software I think by Senator Farrell, Mr. Rogers, you made the following comment, quote “To the extent that I can be confident that nothing untoward happened. I’m very confident that nothing untoward happened and I am very confident the processes we’ve put in place.” That doesn’t sound like a resounding guarantee of the cyber integrity. Can you make an unequivocable guarantee of this as the sole assurance of the sovereign integrity of the software?
[Tom Rogers]
What I can tell you, Senator is that no one would sit in this chair and give an unequivocal guarantee about that issue. I would be cheapening the guarantee by giving it. What I’ve done very clearly is said to the extent that we’re aware and our partner agencies are aware, and the security agencies that we work with, we are satisfied with all the measures we have put in place. But no one is going to give you an unequivocal guarantee on that because there are unknown factors at play. But I am very, very, very confident that we’ve got an incredibly robust system in place that’s worked well and continues to work, and we continue to assess it. We continue to work with our partner agencies. We comply with all Commonwealth guidelines, cyber security guidelines. And I think it’s a fantastically secure system. I can’t give any stronger than that. If I said, I give you an unequivocal guarantee I don’t think anyone would give an unequivocal guarantee about anything, there are factors that I’m not aware of.
[Malcolm Roberts]
Well you’ve certainly lifted a burden from my mind with regard to Scytl. In 2016, it took 29 days to transport the completed ballot to the Senate Scrutiny Centre, you allowed apparently 18 days and it took 29. How long did it take in 2019 to get the ballots to the Senate Scrutiny Centre? And what is your projection for 2022?
[Assistant Commissioner]
So I’d have to take that on notice, and probably ask you to expand a little bit on that because we do a rolling transportational logistics of all our papers every day as they’re counted in our outpost of centres. We continually roll them through to our scanning,
[Tom Rogers]
Count them, all of them, send them off…
[Assistant Commissioner]
So it might take a total of 29 days to do all of those millions of ballot papers but they won’t take 29 days to get there.
[Malcolm Roberts]
So they take from each pre polling centre each day?
[Assistant Commissioner]
And each polling day output and into the output centre. And then they are rolled out and continually scanned through the whole process. If we waited till the 29th day you wouldn’t have a Senate result in time.
[Malcolm Roberts]
What sort of confidence do you have with regard to the integrity of the votes being preserved during that transfer.
[Tom Rogers]
Very high. We’ve got a whole system in place. We, as I said before, we’ve got specially designed boxes. Those boxes are secured by numbered seals that are witnessed at both sites. They’re counted in and out. They’re reconcile when they arrive at the Senate scanning centre-
[Assistant Commissioner]
Scrutineers can also-
[Tom Rogers]
Scrutineers are also involved in the process. It’s a good system, sir.
[Malcolm Roberts]
So you’ve got serial numbers recorded as they leave a pre polling place.
[Assistant Commissioner]
Yes.
[Tom Rogers]
That’s correct.
[Malcolm Roberts]
And when they arrive to the destination.
That’s correct. At the last Senate estimates in response to a question from Senator Farrell again on the AEC budget, Mr. Ryan made the statement that quote, “We are cognizant of the complex cyber environment that we operate in. At the moment we do a 24/7 manual look at security for cyber at election time. Could you please tell me what 24/7 manual look at security for cyber looks like?
[Assistant Commissioner]
Well…
[Malcolm Roberts]
What does it mean?
[Tom Rogers]
Well, I can tell you that. As I mentioned before, Senator, we are compliant with all Commonwealth cybersecurity guidelines. We are always, did it say Mr. Rogers or Mr. Ryan said this, by the way?
[Malcolm Roberts]
Mr. Ryan.
[Tom Rogers]
Mr. Ryan. What it means is that we are fully compliant with Commonwealth guidelines. We monitor our system at 24 hours a day like every other Commonwealth government department does to make sure that it’s safe and secure. And I think that’s what Mr. Ryan was probably indicating. It’s not so much a manual process that we do that in any case. And we’re always monitoring our own system. We’ve got good arrangements in place. We work with other Commonwealth security agencies to make sure our systems are monitored. And we’re very satisfied with the level of security we have on our system.
[Malcolm Roberts]
Okay. Thank you. I understand your software was approved by IBM in 2017 as having a likely error rate below 0.5%. Is that correct? And what was your error rate in 2019?
[Tom Rogers]
I might have to take that one on notice, I think Senator
[Malcolm Roberts]
Okay. Thank you. 16.4 million ballots at 0.5% error rate indicates that up to 80,000 Senate votes nationally were recorded in error. Is that acceptable to the AEC?
[Tom Rogers]
I think I’d wanna look at the statistics of that before I answer Senator, I don’t think we have that here tonight so,
[Malcolm Roberts]
On notice?
[Tom Rogers]
Let me look at that.
[Malcolm Roberts]
Okay. Two more questions, Chair. What audit has been conducted on the software used in the Senate scrutiny centre including comparison of the accuracy of the scanned file against the original paper record and the accuracy of the routine use to allocate preferences?
[Tom Rogers]
I’ll take that on notice.
[Malcolm Roberts]
Thank you. In previous estimates… This is a different line of questioning. In previous estimates, the AEC has indicated that when a federal election follows a state election there is an increase in informal votes as voters vote federally in the manner they voted in the state election. That’s understandable. I note your testimony that the AEC spends extra time and money educating voters in those States. Can I ask if any consideration has been given to allowing the States to specify the voting technique for their own state and federal elections, which would remove this confusion for good? I’m not advocating it I’m just asking about it.
[Tom Rogers]
No.
[Malcolm Roberts]
No consideration? Thank you very much. Thanks Chair.
Thank you very much, Senator Roberts, your economy with your questioning is very much appreciated.