Download original attachment
(PDF file)

This is an HTML version of an attachment to the Freedom of Information request 'Audit documents for the 2020 EVACS system'.

From:
Carol Boughton
To:
Spence, Rohan
Cc:
Clive Boughton
Subject:
HPE CM: Security issues for the ACTEC telephony (IVR) Platform
Date:
Thursday, 4 April 2019 9:23:06 PM
Ro
Last week you asked the question about the security of IVR voting. Below are some 
comments provided by our partners.
Regards
Carol
Security and IVR/Telephone Voting for ACTEC
An Interactive Voice Response (IVR) in an election context could perform a number of functions, 
but is commonly associated with registration processes, voting options provided for absentee or 
remote voters, and improved accessibility for voters with disabilities.
Certain security aspects of these systems are set out in the Australian Telephone Voting 
[i]
Standard issued by the Electoral Council of Australia (section 10) . However these are more to 
do with the security and privacy requirements, rather than methods used to ensure compliance 
with those requirements
Generally, a telephone voting system will be subjected to all of the security principles that would 
apply at a polling place, such as anonymity and secrecy of the vote, and security of transmission 
of the votes for counting. The IVR servers would mirror the eVACS® system in terms of 
presentation of stored data.
The IVR servers (minimum of two) would be a standalone system either physically located within 
[ii]
an ACSC   certified high level security environment (such as the Vault hosting facility in 
Canberra), or co-located with other appropriate vote storage physical infrastructure (e.g. with 
the Election Server).
A system located within the proposed high level security environment at Vault would be 
protected by Vault’s certified firewall, with a number of access approvals required before access 
to the system is granted.
The IVR system stores votes in an eVACS® generated server which then uploads to the Election 
Server for counting, just like votes from polling places and scanning. The storage media will have 
been encrypted.
[iii]
We are proposing that the IVR platform undergoes its own IRAP Assessment
 in conjunction 
with eVACS®.
Security associated with the PSTN (Public Switched Telephone Network)
The IVR encrypts all communications within its control (and within the hosting facility) via the 
Secure Real-Time Protocol (SRTP).
Transmission issues: Telephone voting via the PSTN means that voters may initiate a call from 
various devices (home analogue/digital landline, business extension or mobile phone) and as 
such the levels of security available will also vary. For example, the 4G network in Australia 
provides encryption of mobile phone calls to base stations, but not end to end.
Where telephone voting for government elections is available (e.g. some jurisdictions in 
Australia), the possibility of unlawful interference with calls over the PSTN is considered an 
acceptable risk, while ensuring compliance with Australian Government Information Security