Byte-ing the ballot

I went to one of the breakout rooms where there was a debate on E-voting and Democracy.

It was chaired by Michela Palese of the Electoral Reform Society who introduced a panel consisting of Areeq Chowdhury from Webroots Democracy & Prof Mark Ryan of Birmingham University, who supported the motion that E-Voting was good and Louise Ferguson of the ORG and Ross Anderson from the Foundation for Information Policy Research who were more sceptical.

Chowdhury’s argument is based on convenience and accessibility.

Ryan was more nuanced and firstly posed the question of time scales, I am unclear if he believes its possible to solve the issue, or that it might become so, that a single system can be built that offers transparency of a result and secrecy of ballot, but he did raise the question of if we can do banking why not elections and answered it in that remediating banking errors is easy compared with remediating a flawed and broken election. The latter is an issue we should all understand because of the Brexit referendum but we should recognise that IT errors caused the failure of Greenwich Nat. West and nearly brought down Knight Capital, so some banking errors are not so easy to remediate.

Ryan quoted Australia, Estonia and the US as places where e-voting is used, but there are problems in all three countries, some of it reported in this blog and much of it catalogued in Chapter 23, “The Bleeding Edge” pages 759-763 of Prof. Ross Anderson’s book, “Security Engineering”.

Ferguson argued that IT does not solve the access problems but did not mention the digital divide. She also addressed the issue of the anti-democratic nature of the adtech industry due to its opaque bidding structures. She argued to ban adverts during elections; it’s a reflection of the arguments made in the TU and Labour movements that postal balloting puts the power in the hands of the press, in particular the Murdoch press. She was also the first person to raise the issue of the unlimited use of postal votes and the extension of the vote to ex-pats. Both these initiatives can be seen to have been done for partisan reasons, but the ex-pat thing has blown up in the Tory’s faces as they seek to regain their votes in the referendum and British citizens in Pakistan claim the same rights as those living on the Costa-del-Sol.

These motivations led me to note that no-one is talking about coercion and personation.

Ross Anderson also opposing started his speech with the statement that elections and democracy have a long kill chain. I am not sure if that’s the right use of the term, but I need to read a bit more before I get into an argument with him. He identified determining who can vote, issues of impersonation, vote capture and counting all as areas where as I.T. is introduced, more vulnerabilities come with it.  He is adamant that there must be a paper trail to ensure the count is verifiable. Much of what he thinks he has put into his book, “Security Engineering” and elections are covered in Chapter 23, pages 759-763. Anderson also attacked the political parties for opening their leadership franchises to their memberships and is particularity hostile to Ed Miliband in letting people vote for £3.

In summing up, the Chair and Ferguson stated that the real answer is political culture, involving both voting to elect governments, but that governments should distribute decision making to local authorities and citizen assemblies and juries.

Someone spoke of the Trade Unions using e-voting systems, in fact they don’t and for many of their ballots, it is prohibited, so I set them right.

So that I didn’t feel to far away from home, someone raised a Point of Order on the vote about the time scales at which benefits to e-voting might accrue, probably a LibDem but the motion was crushed. People that understand don’t like it. …

e-voting: transparency and secrecy

e-voting: transparency and secrecy

I have just had a another do-over on the subject of e-voting. It is my view that,

It is not possible to build a single system that offers both a transparency of result and secrecy of the ballot.

Some people argue that our current system fails these tests but this is not so. The UK’s current process involve three systems, one to check that the voter is entitled, one to record the vote, and one that records the intersection between the other two for the purposes of audit. The ballots and their intersections are not indexed. While the systems are designed to be tracked, doing so requires massive privilege and is very expensive. N.B. Expense is an IT security defence. …

Digital Democracy

Digital Democracy

One of the motions proposed but not debated at the CLPD AGM was called “Digital Democracy & the need for greater voter participation”. It’s quite long at over 550 words and I planned to speak against it, by saying something like,

This motion, despite its length, says only two things: that we’ve read Corbyn/Barbrook’s Digital Democracy Manifesto and that we approve of a digital identity card as part of a system of access to e-voting in public elections.

I have read the manifesto and believe it is flawed, most importantly in it postpones the consideration of what human rights looks like in an age of the ultimate surveillance machine until after the election of a Labour Government, when it proposes a consultation. It proposes a People’s Charter of Digital Liberties but makes no mention of the work other campaigners for digital liberty have done in defining new Human Rights needs in a connected world and old Rights that need defending. These campaigning bodies include Liberty, the Open Rights Group, the Electronic Frontier Foundation and Labour’s members on the European Parliament’s LIBE committee.

But we can’t talk about e-voting without talking about Estonia, the poster child of e-voting, and its failed audits, and its proof that e-voting does not increase turnout, and its alleged failure to meet European data protection standards.

We can’t talk about e-voting without talking about the Surveillance State and its private corporate arm. It’s bad enough that the datenkraken can use our phones to spy on us, but I suppose the fact that the US government has access via them to all they know perhaps should reassure us that there is no risk to making a short cut to British Intelligence of our internet usage records, they already have it.

We can’t talk about e-voting without talking about the digital divide.

We can’t talk about e-voting without looking at whether the ERS removed votes from the 2015 Labour Leadership elections, a fact if true showing the vulnerability of the “transparency of the result” to insider attack.

We can’t talk about e-voting without talking about Russia’s interference in the US, British elections and the Brexit referendum through their advanced hacking capability.

We can’t talk about e-voting without noting that Verify, the current Government identity portal has been criticised as a failure by the Public Accounts Committee and now looks likely to be privatised.

We can’t talk about e-voting without looking at the fundamental criticisms of such systems, that they are hard to build, and it may be impossible to resolve the conflict between having a transparent result and a secret ballot; this is before we address the issues of coercion,  impersonation and 2nd party verification i.e. how to implement polling/counting agents in a proprietary software system.

In the US, engineers and electoral administrators are developing the systems to make this easier, requiring physical receipts of the cast vote, which are then electronically counted with statistical control samples manually counted.

This motion is technically premature at best and otherwise dangerous populist nonsense.

Please remit or oppose.

ooOOOoo

Interestingly, DARPA have announced an e-voting proof of concept, I am pointed at it by Bruce Schneier. …

Venezuela’s Sovereignty

The US seems to have launched a coup in Venezuela, the firing pistol has been fired by Venezuela’s Juan Guaidó, the President of the National Assembly who announced himself President in effect seeking to usurp the elected President, Chavista, Nicolás Maduro. The US issued Maduro with an ultimatum to hold new elections within 8 days. This ultimatum has been echoed by the US’s useful idiots in Europe, Germany, France and Spain joined belatedly by the UK.

Maduro’s record on human rights and economic policy management is not good, but then neither is May’s; and we need to review the threshold at which foreign intervention can be authorised. The rule book on this is the UN Charter which forbids aggressive war, we should honour these rules. The UN Human Rights Council condemns the sanctions against Venezuela and the US and Russia are looking at how to get their way in the Security Council.

The BBC reports that

Britain has issued the embattled Venezuelan president, Nicolás Maduro, a stark ultimatum, warning him it would throw its weight behind the country’s self-declared interim leader unless he called an election within the next eight days – as the US government called on the world to “pick a side” in the crisis.

I can’t find the witty riposte that the Venezuela Government has reciprocated by stating that unless May calls a General Election in 8 days, they will recognise Jeremy Corbyn as the Government of the UK.

The Venezuela Solidarity Campaign will be central vehicle for expressing solidarity with the people of Venezuela and they have launched a petition.

We, the undersigned, condemn the open support of the US administration for ‘regime change’ in Venezuela, which is illegal under international law.

Alongside harsh sanctions which have hit the people of Venezuela hard, comments from Trump himself, VP Pence, and Secretary of State Mike Pompeo amongst others have included threats of military action, threatened to put Venezuela on the state sponsors of terrorism list and invoked the possibility of a right-wing military coup.

We stand for peace and dialogue, not Trump’s war and ‘regime change’ agenda.

 …

Balancing interests

I have been thinking about secure election systems for a while. Two events have provoked me to consider this issue today. Firstly, I was looking at building a voting system in WordPress and came across YOP Poll which does not have a secret ballot hidden from the system administrators. Secondly, the Lewisham Momentum meeting tonight it seems is going to have Momentum staff or nominees on the door.

The point of principle is that when building trustworthy systems, they must have a segregation of duties and are best observed by competing interested parties who can call foul if something wrong is happening.

In the examples above, neither the software, nor its administrators should be trusted, and in the second example, since there is no audit of their decisions neither should the door keepers who are accountable to no-one. …

e-counting at #lab18

In my article “Who’s missing?”, I looked at some of the facts about #lab18’s Card Vote 9, strangely the first vote taken. It would seem that there are 179,000 votes missing, although the number missing from Card Vote 10 was smaller at 143,000. The first expectation is that this comes from missing CLP’s but the CLPs that did not come, one would expect to be the smaller and poorer. If one assumes that the average size of the missing CLPs is 500 (the national mean average is ~850) , that would mean that between 286 & 358 CLPs are missing! That can’t be right!. Although another explanation is delegates that hadn’t picked up their voting books, or were away from the floor, which may explain the higher vote on Tuesday a.m. A third explanation might be abstention.

However I know that at least in one case the initial delegation size stated was ½ the accurate number, I wonder if this happened more than once and if when correcting the delegation size, they updated the master system on which the card vote value was held.

On of the principles of e-voting/e-counting is that the voter should be able to see (physically) what they’ve done. This cannot occur at Labour Party Conference as the voting slip has an identification code which is hopefully unique and the card vote value is assigned to it by the counting machine. Since the results are no longer published with line items, no-one knows if the card vote count is accurate. I think something should be done! …

e-voting using the blockchain

I have written a couple of things about e-voting, most comprehensively in an article entitled e-voting; I was in a hurry. I came across this twitter thread which reinforces the arguments I make, although he summarises the problems as secrecy and coercion. Matthew also takes a pop at the advocates of bitcoin though and that’s because its complex, not because its private and horrendously expensive.

There aren’t 833837 items in the thread, or at least I haven’t found that many, I make it about 14. Why not check it out? …

Online Democracy

In Labour’s Democracy Review, they argue for more IT and remote access and online balloting, they say

Carers, disabled members, shift workers, women and young members have argued it is the poor, disadvantaged and already under-represented who are least likely to have the time and resources to attend meetings. These points have been made particularly at the disability events we have had.

Who the fuck do you think are least likely to have internet access?

In the HuffPo article, they argue that Momentum is an example of how digital engagement creates activity and energy. In my book, Momentum has some questions to answer about it’s on-line democracy. (It’s closed source, and its IT Security Controls are not public and its segregation of duties is not published, and probably non-existent. )

In my short essay, https://davelevy.info/e-voting/, I say,

Bruce Schneier, in a 2004 essay, posed four requirements, that voting systems be fast, accurate, scalable and anonymous. To these I add, transparency.

E-voting systems struggle to meet the Schneier’s first four criteria and yet the last is possibly the most important; critically losers must trust that the result is accurate.

I say [much] more in articles on this blog tagged e-voting.

ooOOOoo

The HuffPo article posted the full review and I have mirrored the section on Digital Democracy on this site. The report itself is pretty moderate in its ambitions, restricting itself to improving training, asking all CLPs to have a web site and making the social media officer a specific role. No harm really; although it is important to maintain the collective nature of decision making in the Party, where remote attendance and postal votes isolate and allow non Party voices i.e. the right wing press to have a larger voice than our members then this must be opposed. …

E-Voting

E-Voting

At my last Union branch meeting, we heard from Gemma Short of the right to strike campaign. As one part of her presentation she mentioned that one of the Unions’ response to the recent Trade Union laws is to demand that they can run strike ballots (and the mandatory political levy and elections) using e-voting technology. I have been thinking about this for a while and its fans need to take stock; there’s some inconvenient truths. …