Recent revelations that a ‘sophisticated’ foreign power had hacked computers in the Australian parliament and major Australian political parties, only months before an expected federal election, raises questions as to how vulnerable Australian elections are to hacking.
Ignoring for a moment the potential effects of disinformation campaigns (state sponsored and otherwise) in traditional and social media, the mechanics of collecting and counting votes suggest that our elections are not particularly vulnerable to hacking.
Australian federal elections are still highly decentralised and manual exercises, despite the extensive use of computers for various election processes.
At a time when most people carry a sophisticated miniature computer in their pocket, the idea of voting by marking a piece of paper with a pencil may seem anachronistic. However, having a paper ballot makes counting, re-counting and verifying the vote straightforward, and following the loss of ballot papers from the 2013 Western Australian Senate election, the AEC has devoted considerable attention to ballot paper handling procedures and ballot paper security.
Counting the ballots
Paper ballot papers in Australian federal elections are counted by hand after the close of polling, generally in one of the approximately 7,000 polling places in which they are cast (declaration votes such as postal votes, absent votes and early votes cast outside the voter’s electorate are also counted by hand, but as they need to be sent to the voter’s electorate to be counted the count occurs at a central location for each electorate). They are counted in the presence of scrutineers, appointed by candidates, who are able to keep their own tally of the results.
Votes from each counting centre are reported to the Australian Electoral Commission (AEC) returning officer for that electorate. These are then reported to the AEC and entered into a computer system, which makes the results publically available. The AEC reports votes down to the polling place level, making them easy to reconcile with local observations.
At a recent Senate Estimates hearing, the AEC reported that its election computer system was old, and in need of replacement, but secure. This computer system only consolidates the information that is collated in each voting centre, and the same information is manually recorded (on paper forms) at multiple points during the count, making it straightforward to verify in the event of any doubt.
Parties, political commentators, and professional and amateur election enthusiasts keep a close watch on the results as they come in. These observers regularly spot minor errors and inconsistencies, such as data entry errors (the wrong party’s results being entered into the wrong box, for example). These errors are usually quickly rectified and do not affect the final result.
Importantly, the count on election night is not the only time the ballot papers are counted. In the days after the count on the night (the first scrutiny), the votes are counted again (the ‘fresh scrutiny’ or re-check) at a scrutiny centre for each electorate, and then again for the full distribution of preferences. At any of these standard re-checks any errors that have inadvertently or deliberately occurred in the results can be corrected. And following an appeal or a close election, the same ballot papers may be counted again.
Following changes to the Senate voting system in 2016, the Senate count now has a computerised component where the ballot papers are scanned and the preferences recorded by a computer system. The scanned ballot papers are also hand-entered by data operators to confirm that the scanner recognised the preferences accurately.
While scrutineers are able to observe the Senate ballot paper count, some have commented that the ballot papers are processed so rapidly there is little opportunity to check them. However the first preferences on the Senate ballot papers are recorded in the polling place, so any discrepancies between the count at the polling place and the final result should be able to be identified.
The centrality of the paper ballot paper for federal elections was demonstrated by the 2013 Senate election in Western Australia. The AEC had entered the data for 1,370 ballot papers that were unable to be found at the time of the recount—ballots that could have determined the winner. The High Court, sitting as the Court of Disputed Returns, found that the Commonwealth Electoral Act 1918 did not allow a result to be determined in the absence of the ballot papers, and ordered the election be re-run. This means the result can only be determined by counting the ballot papers, not by the results data in the computer systems.
Unlike some Australian states and territories that allow electronic and online voting, every vote in a federal election is represented by a paper ballot, which can be re-counted as many times as necessary. Ballot papers cannot be destroyed until at least six months after an election.
Australian elections are not completely free of risk, of course. Fraudulent enrolments, tampering with ballot papers and even acts of violence or terrorism are all risks that electoral authorities plan for and respond to. However the very manual and distributed nature of Australian federal elections makes the risk of a cyber-attack successfully compromising an election count unlikely.