This is an HTML version of an attachment to the Freedom of Information request 'Vote Secrecy in 2020 Election'.

OSEV Detailed Requirements
v1.2 2020-05-27
Primary Related 
The electoral roll imported into OSEV will have an identifier 
for each voter that is generated by Tiger and not the AEC 
OSEV3 Election Configuration
Electoral Roll Voter Id
OSEV Check
identier. The AEC identifier will not be imported into OSEV.
A RSA encryption key pair will be created by Elections ACT and 
the "public" key from the key pair will be configured in OSEV 
and the "private" key will be known only to appointed Election 
OSEV4 Election Configuration
Vote Encryption Key
OSEV Web Application
Officers at Elections ACT.
A digital signature key pair will be created for verifying data 
from Tiger when importing into OSEV and the "public" key 
from the key pair will be configured in OSEV and the "private" 
OSEV5 Election Configuration
Tiger digital signature
OSEV Check
key wil  be configured in Tiger.
A digital signature key pair will be created for verifying data 
from OSEV when importing into Tiger and the "public" key 
from the key pair will be configured in Tiger and the "private" 
OSEV6 Election Configuration
Osev digital signature
OSEV Check
key wil  be configured in OSEV.
Suburb and electorate combinations and for Kambah, specific 
address and electorate combinations will be imported into 
OSEV so that the electorate of an applicant can be 
Only required where no match has been 
OSEV8 Election Configuration
OSEV Check
found to the electoral roll (OSEV23)
The authentication service will be ?. Using either SAML or 
OpenID(OAuth) protocol. The user will be redirected to the 
auth service for identificaiton and authentication and 
redirected back to the OSEV web application when 
authenticated and the authentication service will provide the 
OSEV11 Registration
Authentication Service
OSEV Web Application
identity details to OSEV.
The following data will be provided by the authentication 
service: email, mobile number, first name, last name, 
TBC - Needs to be confirmed through tests 
OSEV12 Registration
Authentication Service
OSEV Web Application
address, DoB
with the authentication service.
OSEV Web Application  An identity provided by the authentication service will only be 
OSEV13 Registration
Single Registration
and OSEV Check
able to register once for OSEV in an election.
OSEV Web Application  The applicant's name, DoB and Address will be checked 
OSEV14 Registration
Electoral Roll Check
and OSEV Check
against the Certified Electoral Roll as exported from Tiger
During the registration process, besides what may be visible 
in the authentication system, OSEV will show the applicant's 
first name and whether their address matched the electoral 
roll but display no further personal information that was 
OSEV15 Registration
Exposure of Information OSEV Web Application
provided by the authentication system.
After an applicant is forwarded to OSEV from the 
authentication service, applicants date of birth will be 
checked for: if the applicant will be at least 18 years old on or  Also see OSEV14.
before the election date, they may proceed. If too young, the 
OSEV Web Application  user will be presented with a message explaining that they do 
OSEV16 Registration
and OSEV Check
not meet the age requireemnt to vote.
OSEV Web Application  An address will be provided by the authentication service and  Also see OSEV14.
OSEV17 Registration
and OSEV Check
checked against the electorol roll.
Where a match is not found because the 
name and DoB are not on the roll at all, 
If the address, name and DoB combination is not found on the  OSEV will proceed with alternate address 
OSEV Web Application  electoral roll then the applicant will have the option to 
options anyway ending in the user being able 
OSEV18 Registration
and OSEV Check
provide an alternate address.
to submit their vote regardless.
Page 1 of 4

An Election Officer will be able to export a list of vote 
submissions from OSEV Check which will include the voter 
identifer (Not the AEC identifer), the applicant's name, date 
of birth, addresses, email address, phone number, date/time 
OSEV Vote Storage 
of issuing the ballot paper and country of voting provided 
OSEV46 Declaration Vote Process Export Vote Submissions System
during registration process.
An Election Officer will be able to import a list of vote 
submissions with approval status from Tiger including the 
VoterId and approval status (approved, denied or pending, null 
OSEV47 Declaration Vote Process Import Vote Approvals
OSEV Check
or empty = pending).
OSEV Vote Storage 
OSEV will only allow a vote to be exported if the 
OSEV48 Declaration Vote Process Approval
System and OSEV Check corresponding vote submission record is approved.
The OSEV Check web application will provide a web portal for 
Election Officials to use to configure OSEV, import and export 
OSEV49 OSEV Check Web Portal OSEV Check Web Portal OSEV Check
data as described in other requirements.
Data imported from Tiger will be provided with digital 
Contract Requirement: 42: At relevant stages 
signatures to verify the data source and mitigate against 
in the System flow, ensure Harmful Code is 
OSEV51 OSEV Check Web Portal Scan for Harmful Code
OSEV Check
importing data from other sources.
not being introduced.
An election officer can configure the three digit polling place  This should be done during the election 
id for OSEV in the OSEV vote storage system. This must be 
configuration period.
OSEV54 Election Configuration
Polling Place Id
Vote Storage System
done before exporting vote preferences.
An Election Officer must supply the eVACS vote encryption key 
OSEV55 Vote Storage Web Portal eVACS Encryption Key
Vote Storage System
to be able export vote preferences.
An Election Officer must supply the vote decryption key to be  This is the decryption key from the vote 
able export vote preferences. This decryption key will decrypt  encryption key pair (OSEV4). 
OSEV56 Vote Storage Web Portal Decryption key
Vote Storage System
the individual vote packages.
Once a polling place id, decryption key and eVACS encryption 
key has been provided, the OSEV vote storage system will 
Exporting Vote 
decrypt all the votes and compile a single eVACS vote 
OSEV57 Vote Storage Web Portal Preferences
Vote Storage System
preferences csv.
Vote preferences are defined using the 
The eVACS vote preferences file must be the exact format 
canonical/starting position of the candidates.
defined for eVACS and include the total number of votes for 
See document: Definition of OSEV output file 
OSEV58 Vote Storage Web Portal eVACS file format
Vote Storage System
each electorate and batch number, voteID, preferences.
for upload to eVACS.
The vote storage system will encrypt the vote preferences csv 
with the eVACS encryption "public" key before providing to 
OSEV59 Vote Storage Web Portal eVACS encryption
Vote Storage System
the election officer for export.
The vote storage system will create a SHA-256 hash of the 
encrypted eVACS vote preferences csv and provide to the 
OSEV60 Vote Storage Web Portal eVACS hash
Vote Storage System
election officer.
The vote storage system will query OSEV Verify what the 
approval status is for a RegistrationToken and OSEV Verify 
Vote Storage System 
will query OSEV Check the approval status of the 
OSEV61 Vote Storage Web Portal Vote Approval Status
and OSEV Check
corresponding Voting Token.
The OSEV Vote Storage Web portal will display the following 
information about the current election:
a) total number votes stored.
b) number of votes waiting for export and status check.
c) number of votes confirmed rejected.
OSEV62 Vote Storage Web Portal Vote Storage Display
Vote Storage System
c) number of votes approved and exported.
Ballot paper information will include the 
canonical (starting) position of each 
The OSEV web application will encrypt submitted vote 
candidate and so sufficient information is 
Vote Preference 
preferences and ballot paper information to create an 
stored to generate the eVACS preference file 
OSEV63 Vote Preference Data
OSEV Web Application
encrypted vote package.
Vote Preference Digital 
The OSEV web application will digitally sign the encrypted 
OSEV64 Vote Preference Data
OSEV Web Application
vote package.
Page 3 of 4

OSEV Detailed Requirements
v1.2 2020-05-27
Primary Related 
OSEV Web Application  The OSEV web application will push the encrypted vote 
and OSEV Vote Storage  package with the digital signature and the associated 
OSEV65 Vote Preference Data
Vote Preference Delivery System
RegistrationToken to the OSEV vote storage system.
The Vote storage system will store the encrypted vote 
OSEV Vote Storage 
package and the digital signature and the associated 
OSEV66 Vote Preference Data
Vote Preference Storage System
An identifier for an applicant provided by the third party 
authentication service will be stored in OSEV Check so that 
that person can be restricted to only a single registration and 
OSEV67 Data Security
vote submission.
For each person identity provoded by the third party 
authentication service, a VoterToken will be generated by 
OSEV Check and stored in OSEV Check with the authentication 
OSEV68 Data Security
ID and OSEV Verify. 
The OSEV Web Application and Vote Storage System never 
OSEV69 Data Security
VoterToken Seperation -
have access to the VoterToken.
For each VoterToken stored in OSEV Verify, a Registration 
Token will be generated and stored in OSEV Verify with the 
VoterToken and in the Vote Storage System with the 
OSEV70 Data Security
encrypted vote.
The OSEV Check applicaiton never have access to the 
OSEV71 Data Security
Personal information will be provided to the OSEV Web 
application from the authentication service and from the 
applicant through the web application. This personal 
information flows through the OSEV web application and 
OSEV72 Data Security
Personal Information
OSEV Verify and is stored in OSEV Check. 
The OSEV web application does not store personal 
Personal Information 
information and the Vote Storage system never has access to 
OSEV73 Data Security
the information.
Vote preferences are encrypted at the point of submission to  Encrypted with the OSEV vote encryption key 
the OSEV web application and are only stored by the Vote 
(OSEV4) and done by the Web Application 
OSEV74 Data Security
Vote Preference Storage -
Storage System. 
The OSEV web application does not store the vote 
Vote Preference 
preferences and OSEV Verify and OSEV Check never have 
OSEV75 Data Security
access to the vote preferences.
All connections between system components and all web 
OSEV76 Data Security
Encryption in Transit
interfaces include TLS encryption. 
See Election Configuration requirements for 
key pair configuration  (OSEV5, OSEV 6) .
Digital signatures used on importing ballot 
papers (OSEV1), importing the Electoral Roll 
(OSEV2),  Export Vote Submissions 
All data transfered between Tiger and OSEV will be digitally 
(OSEV46), importing vote submission 
Data transfer between 
signed by the source system and the signature verified by the  approvals (OSEV47), Electorate search 
OSEV78 Data Security
OSEV and Tiger
destination system.
information (OSEV 8, OSEV24 and OSEV 25).
User Roles in OSEV:
a) OSEV Check operator. Includes all OSEV check user 
functions including election configuration and declaration vote 
b) OSEV vote storage operator. Includes all OSEV vote storage 
functions including providing keys and exporting vote 
OSEV79 Active Directory
User Roles
The active directory accounts for accessing OSEV Check and 
OSEV vote storages web portals must require multi-factor 
OSEV80 Active Directory
Active Directory MFA
OSEV86 Infastructure ManagemenMonitoring
The System to be monitored for intrusion attempts when live. Contract Requirement.
The system must be configured with protection mechanisms 
OSEV87 Infastructure ManagemenDDoS
against DDoS attacks.
OSEV88 Active Directory
Logging User Access
User access to OSEV systems will be logged.
Page 4 of 4