For the past month, Australians have been casting their ballots in a nonbinding-yet-divisive survey to advise their elected leaders on the question: “Should the law be changed to allow same-sex couples to marry?” As an overseas Aussie who cares deeply about the issue, I wanted my say. So, one day a few weeks ago, I entered my personal details into a designated government website and received a “Secure Access Code” that allowed me to cast my vote online.
When I checked my mail later that day, however, I found a letter from the Australian Bureau of Statistics (ABS), the agency administering the survey. This letter contained a different Secure Access Code. My reporter’s red flag flew up immediately.
Was it possible, I wondered, that the system would validate both of these codes and let me vote twice? That would be a potentially troubling situation, because if I could do it, then others could, too. I had to find out.
Lo and behold, both codes were accepted, and I was allowed to cast a second ballot, receiving the same message as before: “Thank you. Your response has been submitted.”
Such a glitch, I realized, could throw yet another wrench into a campaign that’s already bizarre and bitter—and there’s still a month left to go. Since the vote was announced, Australia has experienced an outbreak of homophobic violence, “No” ads warning of cross-dressing kids, and a culture war over rugby pitting American rapper Macklemore against a former prime minister. Adding to the mayhem is a convoluted voting process involving a mixture of snail-mail and electronic balloting that experts say is far from ideal.
“Obviously, they stuffed up,” says Ian Brightwell, former technology chief for the New South Wales Electoral Commission, one of Australia’s state-level election boards. “It is fair to say anyone who is interested in e-voting in Australia is concerned about the ABS…I hope to get in front of a Senate committee to stop this happening again.”
Voting twice freaked me out, so I immediately emailed the ABS to come clean and to ask how such a thing could have occurred. “There are measures in place to ensure the integrity of the process,” replied an agency spokesman who wouldn’t reveal his name, citing internal policies—so we’ll just call him Spokesman. “These measures will detect any attempted multiple responses associated with an individual eligible Australian with only the last response counted.” (Spokesman later clarified that only the vote associated with the latest code generated would be counted—that would have been my first vote, based on the code I obtained through the website.)
This response didn’t satisfy Brightwell. “No real information, so not sure if this would be true or not,” he says, adding that the ABS “has not released any information about their systems, and do not intend doing so.” (The Guardian reported last week that campaign observers of the tally were asked to sign confidentiality agreements.)
Spokesman admitted that the flaw I discovered needs to be dealt with, but only after voting concludes on November 7. At that point “work will be done to check the data and reconcile duplicates,” he assured me during our lengthy email exchange. This means the ABS will have a week to clean up the mess before the results are officially announced on November 15.
I spoke with four e-voting experts for this story, and all of them said the problem I encountered raises concerns about integrity, oversight, and the government’s ability to safeguard voter data. Three of them also criticized government officials for not being more transparent about the vote-counting process. “It’s about trust,” says David Glance, director of the Centre for Software Practice at the University of Western Australia. “Do we have absolute confidence that the ABS can do this? I’d say no. And I’d say they’ve done a bad job of communicating.”
Casting multiple votes, Spokesman added, could result in a fine of about $1,640 (US dollars).
Voting is usually compulsory in Australia, but not this time. The prime minister, Malcolm Turnbull, supports same-sex marriage, but his political fortunes are wed, so to speak, to the more ideological wing of his conservative governing coalition. So when other major parties opposed attempts to launch a compulsory national vote on the issue, arguing that Parliament can and should change the law itself, pressure mounted for Turnbull’s team to come up with another plan. This was their compromise: a voluntary $122 million opinion poll overseen by the country’s statisticians—not the federal election board that normally keeps watch on things. “A vote in Australia is covered by all sorts of legislation and there are expectations set up about the process,” Glance told me. This “is a survey, not a vote.”
Nevertheless, a “yes” result could, in theory, hand Turnbull a mandate to push through a marriage-equality law with other major parties, perhaps even by year’s end, without the unanimous support of his deeply divided governing coalition—many of whose members (including former prime minister Tony Abbott, the one at war with Macklemore) are dead set against it.
While the bulk of the voting is done by snail mail in-country (16 million ballots were sent out earlier last month), voters living or traveling overseas can apply for a unique 16-digit code that lets them vote online or by phone. The government also sent letters to overseas citizens, like me, whose whereabouts are known. Both of the ways I voted “are valid,” according to Spokesman. On the other hand, says Glance, “People shouldn’t have to call and ask the ABS if they voted twice.”
The experts I consulted were also troubled by Spokesman’s claims that the ABS is doubling back to check for duplicates. “Clearly, the online voting system is tracking you, so the ABS knows exactly how you voted,” said Rajeev Gore, a computer scientist at the Australian National University. “This is of concern, since your vote is supposed to be private. But a simple online voting system cannot guarantee vote secrecy.”
Spokesman insisted that “personal details will never be seen or stored alongside the answer to the survey question.” But even if that’s the case, Glance told me, “it is definitely possible that someone can take both bits of information and put it together.”
The gap between when the government first announced the vote and when Australians began receiving ballots was just over a month. That’s not a lot of time. “If I was handed the task of building the software to do this under that deadline, I would’ve frankly refused,” says Robert Merkel, a software engineer at Monash University.
Buzzfeed Australia got its hands on internal ABS emails showing how the agency scrambled to get the national survey up and running. That rush may have led to the problems I encountered: “It’s definitely taking [the ABS’s techies] out of their comfort zone,” Glance says. It was probably quicker and easier, he adds, to make the online portion of the survey a “dumb” collection machine, incapable of tracking the history of an individual’s vote in the moment.
Glance compares the situation to the ABS’s much-maligned rollout of the national census in 2016: The government’s computer systems endured a denial-of-service attack that hobbled data collection for 40 hours. The onslaught, Prime Minister Turnbull noted at the time, was “utterly predictable, utterly foreseeable.”
The postal voting has run into problems as well. Multiple ballots were sent to the same households under different names because some voters hadn’t updated their enrollment details. Unopened ballots may even have been stolen and submitted by the wrong person.
“The big issue is the participation will be potentially 50 percent or less, and the unused postal packs can be picked up by anyone and returned and ABS will never be able to tell if it was the correct person who sent it,” Brightwell says. The ABS warns that “theft or tampering with mail is a criminal offence and carries serious penalties”—but this crime may prove difficult to police.
At the top of my mind, of course, was whether the ability of overseas Australians to double-vote would make a difference if those votes were counted. Probably not, the computer scientists told me. There just aren’t enough of us to sway the results a whole lot—certainly not enough to make the loophole pay off for a hacker. “The odds of being able to do it on a large scale to change the results in any substantial way would be probably low,” Merkel says.
But with an inconclusive or closely contested vote, this sort of glitch could undermine public trust: “If the result is close and doesn’t differ by an amount greater than a margin of error, then it should be held in doubt,” Glance says. “The execution was rushed and suited more to a statistical survey exercise than real voting, and so confidence in the result should be treated in this way.”
“Voting doesn’t have a margin of error,” he adds. “Or at least it’s not supposed to.”
In addition to my exchange with Spokesman, who insisted I didn’t really vote twice—at least once the agency goes back and fixes it—I sent the ABS a full summary of what happened, and a formal request that my votes be reconciled. I haven’t heard back.
Update (10/10/2017): The ABS “Customer Assistance Team” finally got back to me, the day after this story published, backing up what Spokesman said earlier: “The ABS can confirm that your responses will be reconciled during the counting process such that only one will be counted.”