 Good afternoon everyone. I'm going to do this without notes, so apologies if I forget everything. Firstly a little bit about who I am. I'm a lawyer. I am not your lawyer though, so none of this is legal advice. None of this is something that you should pay attention to. This is based on Australian law. The circumstances will be very different in other places and I'm going to skip over some stuff because it's really complex and not very interesting. As my GitHub activity page shows I'm also not very much a developer. I occasionally tinker with things when I feel like it would be entertaining and then they don't work. So this is where my story of freedom of information begins and I'm going to ask you to bear with me as we run through a little bit in chronological order and then we mix and match a little bit when we get further through. So in late 2013 there was an election in Australia and Asher Wolfe, for some of you may be familiar with, tweeted this during the course of the Senate scrutiny. So the Senate voting system in Australia is pretty complex and so is counted by a computer. Firstly, we have a single transferable vote. That means that you end up with lots of fractional votes, lots of things that are at different values being transferred around. It means we also have group voting tickets, which means that, and some of you may have seen the presentation this morning about visualising how those GVTs work, but basically it means that preferences can be, before votes are even transferred, preferences can be divided up. So you can start with fractional votes. Dozens of candidates, about 150 in the more popular states, hundreds of counts. So each count is around going through passing on various values of votes onto different candidates. It all takes place with fixed point precision, which is very interesting because the law doesn't say fixed point precision, the law just says fractions of votes, but the Electoral Commission has consistently used fixed point precision. The result of that is that you end up with loss by fraction. So you end up with some votes not being counted because there's a truncation of fixed point and then a couple of votes don't get counted. The result of this hugely complex system is a really significant dependence on a comparatively small number of votes. Famously in Western Australia, 14 votes would have made the difference between not just one, but two of the candidates, or two of the senators ultimately being elected, changed depending on how these 14 votes went. Thankfully we ran that election. So that was Ash's tweet and I immediately thought, well, there's a way that we can find out a little bit more about this software, a little bit more about the machines that it runs on, a little bit more about how that works and that is freedom of information. So these are two sections or parts of sections from the Commonwealth Freedom of Information Act and they really embody the purpose and intention of the legislation. Firstly, that information held by the government is to be managed for public purposes as a national resource. That's really fundamental to what I'm going to be talking about continuously and that is that government information is created by taxpayers or created using taxpayer money and should be available as a national resource and that is embodied here. The freedom of information law goes back 250 years next year was the Swedish Freedom of Information Act and it's premised on this idea that that which is built with government money, that which is created with government money, should be a national resource, should be accessible to the people who paid for it. The other thing that's important in freedom of information law is it creates a legally enforceable right for individuals to access documents of an agency. Now, document and I don't expect you to read this is very, very broadly defined and you'll note that it includes any other record of information. So basically any information that is in some kind of recorded form that is held by a government department is in theory amenable to freedom of information action. So it's in theory accessible to any individual. So they talk there about paper or materials, maps, plans, drawings, photographs, diaries, sticky notes, videos, audio files, anything really that already exists should be accessible under freedom of information as well as any copy reproduction or duplicate of that. So I thought this is going to be easy. I want to know how votes accounted, what the software is. I knew that the software had been built in-house at the Electoral Commission so I thought it was a simple matter. I'd just stick in this request and I would get the software back. So on the 4th of October after procrastinating a little bit, I put in a request through the right to no website which means that it was public and said, please can you give me all of the source code for the system used to count Senate votes and also any data specification. So I was worried that they give me source code but I wouldn't know what the input formats were so I wouldn't know exactly how the votes were counted. Exactly a month later so precisely on the last day I got a response that basically said no. It also, commonly with freedom of information requests, you also get a list of the documents that they've identified that they're not going to give you access to. They wouldn't even give me that so they said we've found 54 documents in that broad definition but they couldn't tell me anything about the documents and the basis for that was, they said the code used in counting votes was commercial in confidence. That surprised me. I didn't see why it would be commercial in confidence and honestly they went into a bit of detail explaining it about 22 pages worth but I really didn't see that there was any commercial value in keeping that code secret. The Electoral Commission disagreed. So a couple of days later I put in a request for an internal review and that was basically me saying hey I think you got this wrong can you pass it up to a manager who can, someone higher up in the organisation to review that. And once again exactly a month later just on the last day of the deadline they responded and said no again in exactly the same words including some paragraph references which should have changed that didn't change. So it was a real copy paste response. So when they said no I knew that I was, for the second time I knew I would have to go to an external review process. I knew that I would have to take this further. So I asked for an electronic copy and they'd sent me a PDF, a scanned document that had been put into a PDF that they then emailed. So I asked for something that I could copy and paste from because I wanted to copy out chunks of text and say no that's wrong for this reason, this reason, this reason. The response I got back was we sent you a letter saying that we weren't going to give you the information, that completes these obligations so we're not going to give you a copy in electronic form or in word form. I've also put up there section 20 of the FOI Act which says we're an applicant who's requested access to a document in a particular form, access should be given in that form. So I pointed it out that this was the case, others pointed out that PDFs which are just scanned images are not readable by screen readers or accessible for people with disabilities but I said look I'll just leave it, that's fine. Someone else on the Right to Know website, Matthew Ladner, took it upon himself to put in a freedom of information request for that document in word form and guess what they said. But that's going to be important later. So I'm going to then went ahead and put in a request for review with the Office of the Information Commissioner. Fast, free, good, pick two, that's the rule, right? So Information Commissioner review is free and good but it is not fast. The problem is that they were disbanded on the 31st of December subject to legislation not actually passing the Senate so they still exist they just don't have any money or any staff or any officers. So well before that time in June they said to me look we're not going to be able to make a decision before the office gets disbanded at the end of December. So they punted me off to the administrative appeals tribunal which is a court. That means that I couldn't rely on them to make a decision. The court process is going to cost some money. In addition it was going to require legal representation. Yes I'm a lawyer but I don't do a lot of that sort of work. Certainly not on this side so it was going to be a bit difficult for me to get involved in that and I was thinking about just giving up. I also asked them if they could just make a decision and say they should at least give me the list of documents. I figured once I had that there'd be some file names there'd be something in there that would enable me to make a better argument. They said they couldn't make a decision about the list of documents because that wasn't an access to a fusal decision under the Freedom of Information Act. So I'd applied for access to the source code then come back and said we're not going to give you this list of documents we've compiled so that wasn't a decision to a fuse a freedom of information request that was just them being difficult. So and this to me is where the law is a little bit like computer security. On one side you're trying to design systems that are impenetrable and can't be circumvented. On the other side you're trying to use the system that exists to be as difficult as possible and to cause problems or to do things that are not necessarily intended. So this is where I started my crowdfunding campaign. I thought look there's going to be an application of $861. There's going to be additional fees, transcripts, legal fees, access charges if they ever give me access to the information they get to charge for that. So I thought I'd raise $861 plus the 10% possible fees. When I initially set that up I was thinking maybe I'll make it a lower target. I really didn't think that I was going to raise that money so but I decided no I'll go for the full amount and we'll see how it goes. 11.41 morning I launched the campaign by 1.20 p.m. that is within 100 minutes I'd reach that funding of $861 plus 10%. Thank you. All in all over the course of 30 days I raised more than $10,000 towards this case I had donations ranging from $2 to $2,000. It was truly incredible the response that I received, incredibly humbling for me as well to know that there are other people out there who think this is a serious issue. I should note that there are still some outstanding rewards from the possible campaign. I know that there are some donors in the audience those things will be forthcoming. I expected to have to do about 10. I have to do about 210. So that was really successful. That was really fantastic. So I went down to the AAT and I filed my application. Meanwhile so I went back to the AAC and I said I would like to request that list of documents that you wouldn't give me before. I make this a quest under the Freedom of Information Act and that way when you say no I can go back to the Information Commissioner and get my free review and get a decision just on the list of documents. They said my request was vexatious. That made me a little bit angry. It's a great way to insult a lawyer is to say that they're being vexatious. It also it has the potential to impact on my career. If someone says that I'm vexatious, if that gets published there's a real possibility that future employers would not look kindly upon that kind of thing. So I was a little bit insulted. I was a little bit angry. I did the thing you should never do and I told them what they could do. I said if you really want to go ahead and file a vexatious application declaration so they did. So now I'm glad to report that after about four months again, good free, not quick. The Information Commissioner came back and said that I was not a vexatious applicant that there was no merit in the submissions made by the AAC that I was. They described my original request as being fanciful, as not containing material of any merit, as being ludicrous. They talked about collaborations. They said that Matt Lauder and I had worked together in order to circumvent the process because he put in an FOI request. The Information Commissioner dismissed all of that, said that the very basic threshold which was that I had to put in multiple requests had not been met. Two requests which is all I'd done wasn't enough and that there was no merit in the AAC's application. So that's really good to know that it turns out I'm not vexatious. So the next thing that happened was Senator Lee Lee Annan from NSW moved that the material be disclosed directly to the Senate. So this is a power that the Senate has to compel ministers to provide documents to the Senate and as you can see there the motion was to within one week of the motion table all correspondence relating to the decision to have me declared vexatious and the source code for the software. So that would have meant that all of this stuff was publicly released. I could withdraw my application. That would be the end of it. This is when I started to get a bit of media attention which really helped the crowdfunding campaign. So thank you AAC. This is where I got that label vexatious digital activist which I really like. So this was a real success when this motion passed the Senate and the Senate then compelled the minister to release the material except the government didn't do anything about it. They wrote one page and said we're not going to respond. So in theory the Senate has things that it could do. It can censure the government. It could in theory dismiss ministers and all that sort of stuff. They're not going to do that. They don't care that much. But it was very nice for those three days to hope that that might be the end of things. So then what's next? Unfortunate typo there. Appeals process. So that's where we're at at the moment. I lodged my application and my appeal in the administrative appeals tribunal. That's gone back and forth. I received about 300 pages worth of documentation from the AAC's lawyers explaining exactly why they thought it was secret. There are a couple of things that they consider to be particularly secret. Features of EasyCount, which is the name of the software, that they doubt that others could reproduce without the code. These include the fact that it is object-oriented. The fact that you can type in numbers and it automatically advances to the next text box as soon as you've typed in enough numbers. It automatically considers the validity of votes prior to allowing users to finish entering on that screen. And it plays a noise when there's something invalid. So yeah, it's really high-level advanced material that we're dealing with here. And you know, it's obviously why it's so deep or secret. There are three significant issues which are going to be raised in the hearing. The first one is what constitutes a document. So lots of things constitute documents. They say that all of the source code is a single document. So we're talking about 270,000 lines of code contained in 2,400 separate files in a source control system, I understand. And they say that all of that is one document and either I get all of it or I get none of it. I disagree. They were lying on a case that says that individual pages in a diary are not separate, that the diary is a single document. That's probably fair enough. I think there's a good case to argue that each individual computer file is a separate document. Or at the very least, there's probably some logical distinction you can make around particular classes or something. There's no case law on that at the moment. So that's going to be a novel thing that's being argued before the AAT. I am quietly confident that we can win on that one. The other two issues are related. Firstly, is there a trade secret? And secondly, is there any commercial value that the AAC will lose by publishing the source code? They say that there is commercial value because they are competitors. There are other people who run election for larger organizations. And those people will take their code and discover how to do things that they might not otherwise know how to do or be able to do things faster because they've seen the AAC's code. That's in essence their argument on both of those counts. The problem that I have is that all they have to demonstrate is that there's some value lost. Probably has to be more than a dollar, but it doesn't have to be very much. They don't have to demonstrate that the commercial value lost is outweighed by the public interest in us knowing how votes are counted. They don't have to demonstrate that the commercial value loss will actually happen just that it's reasonably likely to happen. They don't have to demonstrate that it will happen tomorrow. They just have to demonstrate that it's reasonably likely to happen at some point in the future. So it's a very low bar for them to leap in order to prevent any further access to this information. As I said, the public interest is actually irrelevant, which I think is a really significant problem with what I'm trying to do. If public interest was irrelevant, I have no doubt that I would win. Because it's irrelevant, it might be a bit harder. So the other thing that's important is that my argument essentially rests on the fact that copyright will be preserved. So even if they publish all this information, they still own the copyright over the source code. That means that they can control who uses it, who makes derivative works from it, who takes copies of it. That means that or I say that means that they won't lose any commercial value because that value will be protected by copyright. I'm in the process now submitting the final documents there. The final part of that argument, that's due in this Friday. And then we'll proceed as I say to hearing in May or June. So there's a broader lesson here. I think it's really important that we have access to government-created software. It's really valuable. If any of you were in Audrey's talk this morning, she was talking about government economic models and government modeling systems and the fact that they need to be open sourced in order to enable better discussion and better understanding of government decision-making. I think that that is essential. I think that things which are produced with government money should be produced for the benefit of the people, not merely for the benefit of particular part of government. I think government is not a commercial entity. Even though governments sometimes provide fees for services, as the Electoral Commission does, I don't think that that's a good reason to say the government's interest should be solely commercial in these types of activities. So freedom of information is a really useful tool, I think, in extracting information from government because it has the force of law. You can actually, if you win the case, force them to disclose any information, any document that includes source code. In theory, it includes every revision of source code that's stored in a source control system. It's really well respected by government. They take it seriously when you put in an FOI request, even though there aren't very many sanctions that can be applied to them. And it's available throughout the public sector. It doesn't matter whether you are dealing with a local council or the federal government, the Electoral Commission, a government business enterprise, a federal department, a minister's office, all of these organizations have to disclose documents in accordance with the Freedom of Information Act or local variants thereof. But it's the wrong tool. Using FOI to get source code is like playing cricket with a tennis racket. Occasionally, you might get a hit in, but you really actually need to change the game. Firstly, it's expensive, not just in terms of the cost of going to court, the cost of those legal processes, but in terms of getting access to the material if you're allowed access to it in the first place. Mark Newton requested access to the source code for the cybersecurity help button. Some of you might remember from a couple of years ago. It turns out the government spent $300,000 and didn't get the source code for the cybersecurity help button, but it was rejected by Apple for just being a web view. But Mark Newton then requested access to the government contracts that were associated with that. And they said, in order to proceed, just give us $450 and we'll go right ahead. Well, that's not something that we can or should expect any individual to do. And it's not necessarily the best use of raised funds. I support the idea of a freedom of information fund, a fighting fund. I think that's extremely valuable, but that's not the way we want to be dealing with these things. We don't want to have to go through that process. In particular, because of the next thing there, copyright is maintained in whatever's released. So as great as it is to be able to see, for example, the source code of the MyGov website, let's say for a moment we could get access to that. We can't because it's an unreasonable diversion of the resources of the web team, apparently. But copyright is maintained. That means nobody else can use that material in any way. You can't build on it. In theory, you can't even submit patches. You can't say it should be modified in this way. All you have, all you can do is look at it. This substantial unreasonable diversion of resources one is something I haven't touched on. I was very lucky that the AAC didn't say that giving access to the code would be a diversion of resources. This is the main reason used to stop people accessing things, especially where there's some technicality around it, where it requires specialized knowledge to know what should be sacred and what shouldn't be. What they say is that would take more than about 40 hours worth of time by whatever estimate and that's an unreasonable diversion of the resources of the agency which should be dedicated to whatever the agency normally does. So that immediately puts a stop to any further request. That's been the primary excuse used for almost every other request for source code. It's been given in response to requests for things like backup and testing information, information about the procedures used around easy count. So that's a really significant way that governments can basically put a stop to things by saying we think it's going to be too hard so we're not going to bother. Interestingly, that was raised when I put in my request for that schedule of documents, that list of 54 documents. They said it would be a substantial and unreasonable diversion of their resources to give me that two-page document, which they already had. But they said that it would be too hard to think about whether I should be allowed access to it or not so they weren't going to do it. Thankfully, after this court application was made, the lawyers talked them down and said release the list. They released the list, most of it was out of scope. Of the 54 documents, two were source code or data specifications. The rest were things like user manuals and random projects, printouts and that sort of thing. The final problem with FOIs is that there's a really defensive culture. When you go in with an FOI request, people, the people who respond are the legal department, the vast majority of the time. They constantly want to say no. That's their default position. It's very hard to get any material out there. Also, when it comes to source code, they just don't understand. This was Pete Lawler's request for some information about what the version of visual basic easy count runs on. He sent that through Write2Know and their response was the AC currently uses the version of visual basic in csharp.net. It's like the time my mother asked me the difference between Google and a PC. Love you, mum. More than that, this response came after a page of saying, well, we don't have to tell you, this isn't a properly formulated FOI request and we really have no obligation. That's the culture that you face when you try to use freedom of information to deal with source code or indeed anything that's even remotely technical. So what do we need to do? Well, I think we need to work towards open by default and that means open source for all government software by default. National Library of Australia, Geoscience Australia, those both have Github. I'm sure there are other people in government contributing back to the open source world, but they are few and far between. They are small teams working on dedicated pieces of software where somebody's been able to say, hey, this is a good idea or they've been forced to because they want to use GPL. This is really important. I think this is the next big step for the open software for the free software movement. We have done it before. We have worked towards the use of open formats. I know that DocX is not well documented, but the fact that it's documented at all is because people in the free software community pushed for the use of open data formats. We have open source software being used within government. It's now considered a viable option when governments are tendering for work. We have open documentation and open data. The default license for all new written documents in the government is created commons. That's a huge achievement that occurred as a result of the work of people in the free software and open source movement. It occurred because we could demonstrate the benefits of those things for government. Now open data is huge. GovHack is huge. More and more government agencies from the local level to the federal level are realizing those benefits, releasing data by default. I got a particular benefit when for my crowd funding campaign I used a photo taken by the AAC and released under creative commons, so thank you for that. So as I was saying before, government code should be open. We know that there are benefits for open source software. Government is not a part of someone in an open market. It actually has a different place in the world and that place should be providing benefits for individuals. This is a high level policy decision that needs to be made. The only time it will happen is if it starts from the top and comes down. There are things that people can do at an individual level and those are things that people are doing at places like Geoscience Australia and people are doing, I know, at various local government organizations, but realistically in order to make this work properly it needs to be high level. I think there are huge benefits to that, not just in terms of the usual benefits we get from open source software, not just in terms of the benefits for the community, but benefits really for the people who are within government, for government itself, in terms of improved collaboration between public and private sector, improved collaboration between government departments. I think Shadow IT is a really big area where you have people who are creating VBA applications inside spreadsheets to do advanced analysis because there's a small group of people who need that, but they're using a different system to other people who are doing that in state government or in different branches of government. If all of this material were opened by default we would be able to merge those things, take the best of each world and use that consistently and ideally bug-free. And I think that Freedom of Information Reform comes into that. I think we need to be able to say that we need to be able to compel disclosure at some level, but ultimately it's an executive policy decision, not a legislative change that is important here. So this is my explicit call to action. There are ways that we can make this happen. We have to talk to politicians, we have to push for it locally within departments with people that we know. We have to prove the benefits and I don't think that that's a particularly hard thing to do. This is something that Linux Australia might be working on and this Friday at lunchtime there'll be a Linux Australia boff where I understand there'll be conversations about the future of Linux Australia and what its involvement should be in this type of lobbying. There's also the Open Australia Foundation which does a lot of this work. It runs the right to no website and various other websites around democratic engagement and by the way any money that I have raised that I don't end up spending on this court case will end up going back to the Open Australia Foundation for that reason. So I just want to finish with a big page of thanks. These are all people who have donated money or time or moral support or ideas who have acted as experts and this is just the list that I was able to compile when setting up my website. There are hundreds of people who have been supportive of my activity here to try to get access to this source code. I think really though we need to do more than that. We don't just want to look at this individual project it's not just about the Senate voting source code I think we really need to push for change in whole of government policy which is going to be a move towards more open source software from every branch of government as the default position. So that's the end of my talk and I'm happy to take any questions. Thank you Michael. I'm glad that there is a lawyer trying to uncover source code for elections and I'm especially thankful that you came here to talk to talk about it. Thank you. Given that the source code for the programs that count your elections is actually the method by which your politicians are elected, what legal basis do they claim for not telling you how you get your representatives elected? So the short answer is that it's subject-oriented. So they genuinely so the Senate counting class inherits from a proportional representation class that inherits from a generic voting class and they say that they use the proportional representation of the generic voting classes for other software that is used to count commercial elections and therefore that stuff at the very least needs to stay secret. Oh and by the way you can have everything or nothing. So in essence that's their argument is that because the code is also used elsewhere that has commercial value that needs to stay secret. So the question was can you not challenge the election of a senator on the basis that it might be invalid. You would have to find someone willing to do that. It's very very expensive to go to the Court of Dispute of Returns and you generally have to put down a deposit of about twenty thousand dollars to start that process. But also I don't think it'll be successful. I don't doubt that I don't think that any elections have been affected by bugs in the software. It has been the subject of some external verification. I'm not sure to what extent that is it's certainly not a proof of functionality but there's been some testing. I'm sure they're aware of the issues associated with the electoral connection does a very good job a lot of the time anyway. So I reckon that it's probably okay and it will be unlikely to have affected the result but I still think it's important that we see what the code is. Considering the freedom of information is expensive and probably not the best tool as you said is there any other legal research that can be used in this place? Nothing that is as broadly applicable. So there are some things there was a bit of a discussion about whether the electoral act requires scrutineers to be able to observe the internal workings of the computers. There are other pieces of legislation that give you access to certain types of information but generally speaking freedom of information is the one that has the broadest application so that's why I focused on it. Just checking with you aware of the use of open source software in the about 2001 ACT elections you're familiar with that evacs etc. Yes yes I wonder whether they the existence of that and the source code helps at all with the arguments you're making? It certainly helps and it's also helped with the public campaign because there were some bugs found in evacs by one of the people who's been working as an expert witness Professor Rajiv Goy. So it means the existence of publicly available election software means that I have a strong argument to say there's nothing secret about what they're doing but evacs and a lot of the other software the Victorian software which is also part of which are also available. They're not designed to work on multiple different types of elections or on elections which are sufficiently similar where they are. They're mostly first passed the post systems rather than proportional representation systems. Yeah so and the ACT one only works on the hair clerk system that they use in the ACT so it's not broadly applicable to some of the other types of representation that EZCAP can deal with but it is certainly something that I'm arguing about. Thank you very much. It was a very interesting presentation. Those of you who are not New Zealanders might be interested to hear that I think it was two cycles ago in the local body elections. The government changed the system to allow proportional representation voting in some electorates and they got the program for counting the elections wrong and it took them about six weeks to produce the election results. Yeah. Which leads me to the general observation that when dealing with a bureaucracy and governments are generally bureaucratic never impute malice when incompetence will explain the observation. Absolutely. I could not agree more and yeah as I say there have been bugs known to exist in the ACT system. In Australia that could have affected the election and I know that there have been issues in New Zealand as well. I was going to ask you to expand on the issue of scrutiny is because in New Zealand we're I think investigating the electronic voting systems for the national elections which haven't been used in the national elections in the past and this question has come up with scrutiny is we'll be able to you know because how can you trust the system where there's a black box that comes from some vendor or whatever so to a common person's way of thinking scrutiny should be able to fully inspect that part of the system as well so is there any sort of legislation around scrutiny that will allow you to get access. Number one and the other one is I don't quite understand RAC selling actually selling services or software to you know commercially so that they are. Well so and there are two things that the AC is doing one is they sell commercial services where they run elections for local governments that are able to tender in New South Wales and also certain private organizations. They also license out the software to the South Australian and Northern Territory electoral commissions to the value of about $10,000 a year so whoop do you do. In terms of that first question about scrutiny is it's very very hard to know the law is not drafted in a way that it understands the existence of technology. It's drafted on the basis that people will be doing this by hand and even the law in Australia that specifically refers to computers talks about the way the computer has to operate not anything about how the scrutiny process operates in that respect. There's probably an argument to be made that scrutiners should have access to all of that material. The AAC actually said when they started redeveloping EZCAP that they would give access to political parties. They've since rescinded that invitation and I can't use it in the court case because parliamentary privilege. But I think there's a strong case that scrutiners should have access. There's a potential legal case but it would be difficult and expensive to argue. Always the problem. Thank you very much again Michael for coming to us with this interesting talk. The lighting talks start in 10 minutes at 4.35 in the Fisher and Piker Room.