This apparently matters so much that it was specifically criminalised:
"A person must not disclose to any other person any source code or other computer software that relates to technology assisted voting under the approved procedures, except in accordance with the approved procedures or in accordance with any arrangement entered into by the person with the Electoral Commissioner. Maximum penalty: 5 penalty units, or imprisonment for a term not exceeding 6 months, or both." (http://www.austlii.edu.au/au/legis/nsw/consol_act/peaea19123...)
Most likely because they are using a closed source platform. Fair enough if you are disclosing a companies IP.
From back in May last Year:
"NSWEC is working with voting provider Scytl [http://www.scytl.com/en/] to improve the use of cryptography. It will also incorporate a verification system in which encrypted votes are sent to both NSWEC and an independent auditor, allowing two sets of data to be compared to ensure votes have not been tampered with."
I realize the inherit issues with rewriting crpyto, but does the javascript-ness of it matter? Serious question, I feel like I've heard saying that it can be a factor.
People who object to javascript crypto usually mean that in the context of "browser javascript", which is fraught with peril [1]. The javascript language itself isn't necessarily the problem (although parts of it are dodgy by the standards of what you'd like to implement crypto with).
gtank explains the browser crypto problem well - there are a few issues writing JS crypto on the server though.
I've been going through the CryptoPals challenges with Node.js and have hit a few snags, virtually all of them involving types. I've switched to TypeScript and things have gone much smoother.
The crypto module does add some padding unexpectedly, though I'm not knowledgeable enough to say if that's according to spec or not.
"The NSWEC believes that unfettered access to source code by the general public would not be in the best interest of the State" (http://www.elections.nsw.gov.au/__data/assets/pdf_file/0003/...)
This apparently matters so much that it was specifically criminalised:
"A person must not disclose to any other person any source code or other computer software that relates to technology assisted voting under the approved procedures, except in accordance with the approved procedures or in accordance with any arrangement entered into by the person with the Electoral Commissioner. Maximum penalty: 5 penalty units, or imprisonment for a term not exceeding 6 months, or both." (http://www.austlii.edu.au/au/legis/nsw/consol_act/peaea19123...)
Oh, and the whole thing runs on custom javascript crypto: https://cvs.ivote.nsw.gov.au/scy-libs/crypto-lib.js