AUDIT REPORT SUMMARY
Client:
ACT Electoral Commission
PO Box 272
Civic Square
ACT 2608
Manufacturer:
Software Improvements Pty Ltd
Product Name:
eVACS Count source code as at 08/10/2020
Date of Issue:
08 October 2020
Project Number:
ACTEC.1005
BMM Test Report:
ACTEC.1005.01 2020 eVACS Count
Standards Tested to:
N/A
Issues/Observations:
See Observations
BMM Certification:
N/A
Auditor:
Johnathan Shaw, Senior Consultant, BMM Testlabs
Auditor Signature:
Note: The content of this document is strictly confidential. It has been prepared by BMM Australia Pty Ltd (BMM) exclusively for the ACT
Electoral Commission and may not be disclosed to any other party without prior written approval of BMM.
NATA Accredited Laboratory
Number: 15122
Accredited for compliance with ISO/IEC 17025.
bmm australia pty ltd
suite 107, 35 doody street, p.o. box 6223, alexandria nsw, australia 2015
t +612 8337 6900 f +612 8338 0775
level 3, 810 whitehorse road, box hill, vic, australia 3128
t +613 9895 9888 f +613 9899 6277
corporate reg: ABN 65 084 016 044
corporate reg: ABN 65 084 016 044
1
PURPOSE OF EVALUATION
The ACT Electoral Commission (ACTEC) requested BMM to audit source code for the “Count module” of eVACS,
the electronic voting and counting system, for the 2020 election.
The “Voting modules” and “casual vacancy module” are outside the scope of this certification. The voting modules
are the subject of a separate audit of source code.
2
BMM EVALUATION PERFORMED
ACTEC provided the following eVACS count module components for Audit.
• Documentation and
• Count module Source Code (supplied 2/9/2020 with updates 30/9/2020, 07/10/2020, 08/10/2020)
BMM reviewed design documentation and performed a source code review of the above revised eVACS software
“Count module”.
3
DESCRIPTION OF SYSTEM
The count module resides on the election server of the eVACS system.
The
polling place server manages voting at a polling centre, enabling authorised officers to start and stop voting,
check barcodes, authorise voters to cast a (single) vote and to manage the electronic ballot boxes.
The
polling place client allows voters to enter preferences securely and anonymously and collects votes into
secure electronic ballot boxes.
The
data entry client enables manual entry of paper ballots and maintenance of ballot batches.
The
election server
• Imports the electorate and candidate configuration from the TIGER EMS (Election Management System)
system
• Installs the polling place/telephone server’s software, including Operating System and election
configuration on the computers used for servers.
• Counts votes and produces reports on the outcome of the election as well as audit reports to ensure
accuracy and integrity of the election contest database.
• Runs casual vacancy recount.
The major changes in the count software since the 2016 audit were:
• The eVACS count module has now been re-written from “C” computer language to the “Ada 2012”
computer language. The ADA code implements commands to activate the various stored procedures
within the election PostgreSQL database system database on the Election Server. The main work of
counting is done by the stored procedures. No particularly complex Ada code has been created.
•
Implement change to Electoral Act 1992 where surplus votes are transferred at a value including 6
decimal places, rather than as whole votes rounded down. As per below
“Schedule 4- 1A Meaning of
count votes—sch 4”
“(1) For this schedule, count votes, in relation to a candidate, means the number of votes worked out as
follows: BP x TV
(2) Any fraction must be rounded down to 6 decimal places.
(3) In this clause:
BP
means the number of ballot papers to be dealt with at a count that record the
next available preference for the candidate.
TV
means the transfer value of those ballot papers.”
eVACS Count Module
ACTEC.1005.01
Page 2 of 3
4
EVALUATION OF TESTING
N/A - BMM did not perform tests on the current software version.
5
SOURCE CODE EVALUATION
Using the documentation as a guide each module was checked. It was not the purpose of the review to verify that
the code works correctly, rather it was to verify that the code matched the documented scope of the eVACS
system and that no malicious code had been introduced that could insert, alter or delete ballot information
unlawfully.
6
OBSERVATIONS
6.1 A Surplus is defined in the “
Electoral Act 1992 – Schedule 4.1 as “surplus”, in relation to a successful candidate,
means the candidate’s total votes less the quota, if the resulting number of votes is 1 or greater”.
The ACTEC confirmed with BMM that the
bolded text above is a drafting deficiency in amending the act for 6
decimal places. To be consistent with vote values to 6 decimal places a
“surplus” is accepted as “any count greater
than the quota and the minimum surplus that can be calculated has a vote value of 0.000001. Hence the expected
system behaviour is to transfer any surplus calculated.
7
FINDINGS
Following the audit activities outlined in this report, the Auditor was able to make an informed appraisal of the
integrity of the eVACS source code as at 07/10/2020.
The Auditor’s findings were as follows:
•
The code has been written in a modular fashion.
•
Library packages used by the count were confirmed as
o standard libraries surrounding the Ada Standard are all written by AdaCore the supplier of the
Ada Compiler and integrated development environment.
o specialised libraries written for communication with SQL databases
•
There is no evidence in the source supplied of malicious code that can insert, alter, or delete ballots or
otherwise alter the election result.
As a result of the evaluation BMM believes the eVACS “Count module” code as at 08/10/2020 is suitable for use in
the 2020 elections.
eVACS Count Module
ACTEC.1005.01
Page 3 of 3