The ACT Electoral Commissioner has dismissed concerns raised by an independent researcher that electronic votes cast in ACT elections could be traced back to the person who cast the ballot.

A data security expert and researcher, Tim Wilson-Brown, has warned that two separate vulnerabilities in the electronic voting system could theoretically lead to voters being identified.

Wilson-Brown said one of the vulnerabilities was that electronic votes are time-stamped, and if that data were accessed, it could be cross-referenced with the time an individual was marked off the electoral roll, in order to determine how they voted.

They said the other involved the possibility of a person using publicly available preference data, which is published in chronological order, to determine the votes of people around them at polling time.

That method could also be used to determine the votes of the first and last attendees at a given polling place, the analysis suggested.

"All of the vote preference data is posted online after an election, and it's posted in the order that people voted," Wilson-Brown said.

"So if you happen to vote, and vote a really unique vote right after somebody else who you know the identity of — you're standing next to them in the polling booth — if you get the timing just right, you can look at the vote that happened just before your very unique vote, and you can probably guess that it was them."

Wilson-Brown, who has worked for the Australian Centre for Cyber Security at ADFA and as a developer on the Tor internet privacy network, first made the concerns known to Elections ACT in January.

But in a statement, ACT Electoral Commissioner Damian Cantwell said the issues were hypothetical, and there was no evidence the alleged loopholes had been exploited.

"Elections ACT does not agree with the purely theoretical vulnerabilities raised by Tim Wilson-Brown," he said.

"The risks highlighted describe an extremely low possibility of a voter being able to identify their vote amongst the many thousands of others cast and using information gained to reveal another person's vote.

"There is no evidence that any of the theoretical risks identified have been used to link any voters to their electronic votes as cast in any past ACT election."

Electronic voting has been an option in ACT elections since 2001.

'Convincing case' voters could be identified

Wilson-Brown consulted with several data security academics in preparation of their analysis, including Dr Alwen Tiu, a computer science lecturer at the Australian National University.

Dr Tiu said it painted "quite a convincing case", but more research needed to be done to determine how likely it was to be exploited and at what scale.

"It's certainly theoretically possible that the issues that [Wilson-Brown] mentioned can be used to identify certain voters under a specific set of circumstances," he said, adding that he had not personally scrutinised the software code.

"But whether this is something that could be scaled up and done automatically, I don't know. It could be only applicable in a very restricted setting."

Whatever the potential risk, Dr Tiu said that a scenario where a person's vote could be identified was troubling.

"I think it's good to open up discussions about issues and privacy in electronic voting," he said.

Melbourne University security lecturer Chris Culnane, who also discussed the research with Wilson-Brown, said electronic voting in general raised serious issues about the identification of votes and voters that were not present in a paper-based scheme.

"Because of the amount of metadata you collect when you do it electronically, the issue of identification suddenly becomes far more important," Dr Culnane said.

"Just because it's not something that's been exploited in the past, doesn't mean it's not something that's going to be exploited in the future."

Randomised vote storage being considered

Mr Cantwell did not address Wilson-Brown's concern that if accessed, confidential time-stamped voting data could be compared with when people were marked off the electoral roll.

However he did note that data was protected, and that no cyber security vulnerabilities had been raised.

He said some changes were being considered, as part of continuing efforts to improve the administration of elections.

"Elections ACT will consider the inclusion of randomising the storage order of votes in the forthcoming round of proposed system updates," he said.

"Additionally, although the theoretical risks highlighted by Tim Wilson-Brown do not pose a cyber-related issue, Elections ACT is working with the Federal Government in the conduct of an electoral cyber security maturity review of our electoral systems.

"While an extremely low level of residual risk may arise through the publishing of de-identified voter preference information subsequent to an election, doing so ensures that voters can have confidence that the votes they cast are those that contributed to the final result."

Wilson-Brown said in terms of data security, current paper polling methods were safer.

"When you get your name marked off the roll and submit a paper ballot they get a very small amount of information about you," the researcher said.

"They mark off your name and get some numbers next to some candidates.

"Elections ACT could collect just that amount of data when they do electronic voting."