AEC cops flak for senate vote count system

Despite having only 12 weeks to create it.

The Australian Electoral Commission has blasted criticism of its handling of a senate vote scanning system that it had just 12 weeks to deliver before the 2016 election.

An audit of the system – which was outsourced to Fuji Xerox Businessforce for $27.1 million – questions whether it achieved value for money, as well as whether the agency accepted a higher level of IT security risk than normal to get it up and running.

But electoral commissioner Tom Rogers accused auditors of skipping over an enormous list of factors that put the project team under extreme pressure to deliver.

“The lack of focus on these issues … is potentially misleading,” Rogers said.

He also criticised the findings around IT security risk, arguing he’d been kept across the design and was “fully apprised of the system risks and business rules”.

Changes to the way senate votes were cast and counted required a new system in the lead up to the 2016 double dissolution election.

“In the 2013 federal election, 96 percent of senate votes were cast by selecting one group only above the line. It was only the preferences expressed below the line that needed to be entered individually into the [AEC’s] count system,” the auditor said.

“ … For the 2016 federal election, all senate ballot papers needed to have their individual preferences entered into the count system.”

For the 2013 election, the preferences were manually entered into the AEC’s count system, given the relatively low percentage of ballots involved.

This wasn’t going to be feasible with the change in 2016, so the AEC decided on a “semi-automated” system.

It was used to scan 14.4 million senate ballot papers and capture 101.5 million voter preferences using optical character recognition technology.

It was intended that the system would handle the job on its own, but just three days before it was due to be “election-ready”, the AEC decided that “every ballot paper image will now be viewed by a human”.

The auditor said that increased the cost by between $6.6 million to $8.6 million. It also alleged the decision was taken because the system “missed its user acceptance testing (UAT) end date”, and had an accuracy of only 59 percent.

Rogers dismissed the allegation.

“The decision was not taken because I doubted the integrity of the fully automated process, but because I felt it necessary to maintain stakeholder confidence in the outcomes of the process – the first time that senate data would be entered [into AEC systems] in this manner,” he said.

Cost and value

The audit criticised the method in which the AEC engaged Fuji Xerox Businessforce.

The AEC went to open tender in 2014 for “scanning of certified lists and data analysis”, valued at about $1.3 million over four years.

It simply varied an existing agreement with Fuji Xerox Businessforce from that tender to allow it to contract out the new work in 2016.

That didn’t go down well with the auditor, which argued that the 2014 tender may have been different if $27.1 million of work had been on the table, rather than $1.3 million.

“The [auditor] considers that the AEC had therefore procured the services via limited tender (previously known as ‘direct source’),” the audit says.

“In contrast, the AEC considers the services fell within the scope of the original approach to market in 2014 and, accordingly, publicly reported all the purchases as being by ‘open tender’.”

Future senate scanning services have been offered via a different arrangement again; the AEC leant on a process run by the tax office for “capture and digital information services”, and is currently choosing a supplier from an ATO-culled shortlist.

Again, a time crunch was blamed on the lack of a fully open tender.

“The AEC documented in May 2017 that an open tender was ‘not considered a feasible option’ because the time involved ‘would likely lead to a solution not being in place prior to the 30 June 2018 [election ready target date]’,” the auditor said.

The auditor also claimed that the AEC effectively awarded the 2016 package of work to Fuji Xerox Businessforce without “factoring cost” into the decision.

It similarly claimed that Fuji’s price “included a $4.1 million contribution to ‘project infrastructure and equipment’, and the AEC did not include an asset clause in the contract nor put in place a mechanism for ensuring it would benefit from this expenditure in any future purchases of data capture services from this supplier”.

And the auditor appeared to imply the AEC wasted more money by having Fuji Xerox Businessforce store “ballot paper images and XML files … in a non-government controlled environment for ten months beyond the period required”.

“The terms of the contract included a fee for storing the XML files and ballot paper images of approximately $13,800 per month,” the auditor said.

Security concerns

Other portions of the audit are devoted to allegations that the scanning system required the AEC to stomach far higher levels of risk around IT security than it normally would – again due to the project’s time crunch.

The audit includes allegations that the system failed an information security registered assessors program (IRAP) assessment, and was subjected to an Australian Signals Directorate assessment that did not cover the components managed by Fuji Xerox.

However, it is noted that “the ICT supplier was accommodating to the AEC and it actively treated and reduced risks”.

Still, the auditor said that “the level of IT security risk accepted by the AEC on behalf of the Australian government, and the extent of the non-compliance with the Australian government IT security frameworks, was not transparent”.

Ran without issue

The auditor noted it could not test the efficacy of the scanning system because the system had been decommissioned.

Rogers pointed out that the system ran without issue, with no recounts required nor questions of integrity on the senate count.

However, he noted the AEC would “evaluate and, if appropriate, implement additional assurance mechanisms to maintain the integrity of the count” in future.