Reasons for decision
What you requested
“access to documents held by the Commission, including correspondence, relating to the QR codes
used in the 2020 election.
I apply for access to documents containing information about:
Audits of QR codes issued for voting and administrative actions
Missing or extra QR codes
Inconsistencies in QR code production, handling, or destruction
Reviews or changes to the audit method or process
The algorithm used to create voter QR code data
I also apply for documents containing totals and statistics about the number of QR codes:
Printed
Issued to voters or polling officials
Scanned
Recovered from voters or pol ing officials
Destroyed
And how many times each QR code was scanned.
To be clear, I am seeking summary statistics and individual QR code exception reports. You can
exclude documents that only consist of detailed information about large numbers of typical QR
codes.
Just a quick amendment:
I would also like documents containing information about:
The algorithm used to generate the admin QR codes which authenticate pol ing officials
Audits and summary statistics for the QR codes used during user acceptance testing, since
they are identical to the QR codes used during the election.
As a general clarification, I am seeking documents related to the fol owing Elections ACT
processes:
‘Election officials in electronic pol ing places account for e-voting cards in much the same way as
they do for paper bal ots. They provide records of e-voting cards issued which are compared with
the number of electronic votes cast.
Reports of errors, votes not concluded as described on page 14 of the eVACS Operational Concept
Description
– 2 –
The various checks and reconciliations described on page 41 of the HAZOP Study eVACS a election
system, which contain information about discrepancies between the number of e-voting cards
issued, and the number of votes recorded.
I am also seeking documents related to similar admin QR code tracking processes that Elections
ACT carries out to ensure election security. And I am seeking other documents related to QR Code
security, as specified in my request.”
What I took into account
In reaching my decision, I took into account:
Your original access application dated 24 February 2021.
Your amendment dated 24 February 2021.
Your clarification dated 13 March 2021.
The documents containing the information that fall within the scope of your access
application.
Consultations with ACT government officers about the nature of the documents.
Consultations with third parties about information concerning them.
The FOI Act.
The ACT Ombudsman’s FOI guidelines documentation.
Reasons for my decision
I am authorised to make decisions under section 18 of the FOI Act.
I have decided that some documents or parts of some documents that contain the information you
requested contain information that is, on balance, contrary to the public interest to disclose under
the test set out in section 17 of the FOI Act. My findings of fact and reasons are discussed below.
Out of scope
I have redacted information to parts of document 3, due to the redacted information being out of
scope in relation to this access application.
In making this decision I have previously made contact with the FOI section of the ACT
Ombudsman’s office to ensure such activity is in accordance with the FOI Act. The ACT
Ombudsman’s office advised that redaction of information on this basis is in compliance with the
FOI Act.
Schedule 2, section 2.2(a)(xi)
I have decided that the prejudice to trade secrets or business affairs of a person is the
determinative factor in favour of non-disclosure of parts of documents 2 and 10.
Section 2.2 of schedule 2 of the FOI Act provides that:
The following are factors favouring nondisclosure in the public interest:
– 3 –
(a) Disclosure of the information could reasonably be expected to do any of the fol owing:…
(xi) prejudice trade secrets, business affairs or research of an agency or person.
I am satisfied the disclosure of some information contained in these documents could reasonably
be expected to prejudice trade secrets or business affairs of an agency.
The information I have decided not to disclose includes details that could reasonably be expected
to impact the commercial interests of the company who provided QR code printing services to
Elections ACT.
The public interest test set out in section 17 of the FOI Act involves a process of balancing public
interest factors favouring disclosure against public interest factors favouring nondisclosure to
decide whether, on balance, disclosure would be contrary to the public interest.
When weighing up the public interest for and against disclosure under Schedule 2 of the FOI Act, I
have taken into account relevant factors in favour of disclosure. In particular, I have considered
the extent to which disclosure would promote the objects of the FOI Act and promote open
discussion of public affairs and enhance the organisation’s accountability.
Based on the above, I have decided that in this instance, the public interest in disclosing this
commercial-in-confidence information, related to the fees and charges related to the production of
QR codes, in these documents is outweighed by the public interest against disclosure because the
disclosure of information of this nature would significantly prejudice the relevant companies
commercial interests should this information be made publicly available on Elections ACT’s FOI
disclosure log, as is required under the FOI Act.
On this basis, I am satisfied disclosure of some information contained in these documents could
reasonably be expected to prejudice the trade secrets, business affairs or research of an agency or
person.
Schedule 2, section 2.2(a)(ii)
I have decided that the prejudice to individuals’ privacy is the determinative factor in favour of
non-disclosure of parts of documents 5, 6 and 10.
Schedule 2, section 2.2(a)(ii) is a factor favouring nondisclosure if:
disclosure of the information could reasonably be expected to prejudice the protection of an
individual’s right to privacy or any other right under the Human Rights Act 2004.
I am satisfied the disclosure of some information contained in this document could reasonably be
expected to prejudice the protection of an individual’s right to privacy.
The information I have decided not to disclose includes an individual’s personal contact details
such as phone numbers and email addresses and signatures.
The public interest test set out in section 17 of the FOI Act involves a process of balancing public
interest factors favouring disclosure against public interest factors favouring nondisclosure to
decide whether, on balance, disclosure would be contrary to the public interest.
When weighing up the public interest for and against disclosure under Schedule 2 of the FOI Act, I
have taken into account relevant factors in favour of disclosure. In particular, I have considered
the extent to which disclosure would promote the objects of the FOI Act and promote open
discussion of public affairs and enhance the government’s accountability.
– 4 –
Based on the above, I have decided that in this instance, the public interest in disclosing the
private contact information and signatures in these documents is outweighed by the public interest
against disclosure because the disclosure of information of this nature would significantly prejudice
the relevant individual’s privacy.
On this basis, I am satisfied disclosure of some information contained in these documents could
reasonably be expected to prejudice the protection of an individual’s right to privacy.
Information not held by the agency
You have sought the algorithm used to create voter and admin QR codes. The algorithm used is a
library function, 'pgcrypto', provided by PostgreSQL and details of its use are available in the
PostgreSQL Manual. A copy of that Manual is not in the possession of Elections ACT.
You have also sought documents containing information about “audits and summary statistics for
the QR codes used during user acceptance testing, since they are identical to the QR codes used
during the election”. The QR codes used during user acceptance testing are not identical to the QR
codes used during the election. Any QR codes set up and printed for use during user acceptance
testing are valid only for the test election in which they were generated. Any QR code generated
for a test election wil not be valid for a different test election or the real electoral event.
Accordingly, no documentation is maintained regarding QR codes generated and used during
testing.
You have also sought information about missing or extra QR codes, inconsistencies in QR code
production, handling or destruction and reviews or changes to the audit method or process.
Elections ACT could not identify any documents that met the scope of these requests.
You have also sought documents containing totals and statistics about the number of QR codes
recovered from voters or pol ing officials, as wel as documents related to how many times each
QR code was scanned. Elections ACT could not identify documents that met the scope of these
requests. However, the 2020 Election report, which is to be tabled in the Assembly shortly, does
discuss the matter of electors failing to complete their electronic voting process. It is estimated
that there were approximately 383 occurrences of this issue at the 2020 election.
Ro Spence | Deputy Electoral Commissioner
ACT Electoral Commission
Phone: 02 6205 0224 | Mobile: 0434 906 940
xxxxx.xxxxxx@xxx.xxx.xx |
www.elections.act.gov.au |
facebook |
twitter |
youtube
Level 6, 221 London Circuit, Canberra City
Document Outline
