The electronic voting system set to be used for the ACT election is neither private nor secure and it is not fit for purpose, a group of four researchers has said.
The system, known as eVACS, is vulnerable to hackers and offers no way for voters to verify their vote has been cast as they intended, the group's new paper said.
It would be difficult to rely on the system in a disputed election result because it could not prove voters were correctly collected and counted in an unbiased way, the experts said.
"While there will always be some risk in any election system, the risks of eVACS are significantly higher than a paper ballot. It should not be used in an election," the paper said.
The ACT Electoral Commission said the matters raised in the paper had been addressed and voters could trust their ballots were securely managed.
"While welcoming proactive engagement by the paper's authors, Elections ACT does not share their views or description of the matters as expressed in the paper," a spokeswoman for the commission said.
"The code has been re-certified by an independent auditor as being free from malicious code and is functioning in accordance with the Electoral Act. It is available for public scrutiny and comment on Elections ACT's website."
The researchers - Chris Culnane, Andrew Conway, Vanessa Teague and Ty Wilson-Brown - released a paper on Monday outlining problems they had identified with the system.
The group found hackers would potentially be able to identify individual voters' ballot information, the system did not use secure connections to transmit voters' data and the system was biased by up to 1.6 per cent towards some political parties, affecting audio voting.
"Nothing about this report is intended to suggest that the system would be adequate for public elections if these specific vulnerabilities are patched. eVACS suffers from fundamental design flaws, particularly the absence of any opportunity for voters and scrutineers to verify the results, that remain unresolved," the researchers' paper said.
Elections ACT releases a copy of the system's source code to allow researchers to examine the system before it is used in the territory election. About 75 per cent of voters cast their ballot electronically in the territory.
The researchers said there was not straightforward way to fix privacy issues with the system, which presently meant any attacker on the network could collect, read and alter votes.
"The system's design is also fundamentally insecure. Even ignoring the TLS issues described above, the system suffers from a fundamental design flaw: it is not designed to produce evidence that the published votes are the accurately recorded and properly processed intentions of the voters. Undetectable failures could be due to bugs, hardware errors, operator errors, deliberate manipulation, insiders or supply chain attacks," their paper said.
The researchers' findings were relayed to Elections ACT and an external software provider. Updated source code has been released by Elections ACT, which is expected to be used at the October 19 election.
Dr Teague, a researcher at the Australian National University, Dr Conway and Ty Wilson-Brown in 2023 told a Legislative Assembly inquiry elections in the ACT were at risk of foreign interference and corruption due to the heavy reliance on the eVACS system.
"The system is inherently brittle because, in the event of a compromise, misrecording of votes could be undetectable. Malware on remote personal devices that individuals use to vote online could misrecord their votes before they are sent to the server," a submission written by the trio said.
Dr Teague and Andrew Conway identified counting errors in the 2020 election as a result of the electronic voting system, but none were significant enough to affect the outcome.
Electoral Commissioner Damian Cantwell in May said a risk assessment for the October ACT election had identified threats to electoral integrity and service quality as the most pressing issues facing the territory.
The risk assessment prompted Elections ACT to abandon an internet-based system to allow overseas voters to cast ballots online.
Mr Cantwell told The Canberra Times he was preparing for an increase in electronic voting, and did not expect to see an increase in demand for paper ballots despite increased cyber security and electoral integrity concerns in the community.
"I think on the trend that we will observe for a number of elections now, where eVACS is available and people know about it, it's known to be a trusted and expeditious means of meeting their obligations," he said.
