Robin Wilton wrote in his blog about the fact that an elector’s polling number is written on the ballot paper’s counter-foil. He argues that this means that a polling number’s and hence voter’s vote can be determined.

This is, I believe, to permit court supervised remediation if significant impersonation is suspected. What Robin, didn’t say is that no ID is required to vote, you only have to assert your identity (Remember this if you loose your polling card). If someone else has claimed your vote before you, then you will be given a pink ballot paper and your vote counted. Counting staff and the candidate counting agents can easily see if there are large numbers of duplicate votes.

On the other hand, lets see how someone could find out how you voted. They’d need the electoral register, (this is easy, it’s a public document), the counterfoils and ballot papers (these are kept in secure places which they’d need a court order to legally access). The electoral count does not sort the ballot papers, and the ballot paper was given to you when you turned up. Does your electoral stalker know when you voted? Otherwise, they’ll have to inspect all thirty to forty thousand counterfoils until they find yours. Even if they knew when you voted, they don’t know at what time of the day each numbered counterfoil was detached from the ballot paper. So again in order to find your counterfoil they’ll then have to inspect all of them. Having found your counterfoil, they’ll need to inspect all thirty or forty thousand ballot papers to discover the vote; these are not sorted either. Once they have successfully done all this, they still don’t know if it was you that cast that vote.

I think our vote is more anonymous, and more auditable than if we used computers.


Originally posted on my sun/oracle blog, republished here in Feb 2016. I was fortunate enough to attract some comments on this post.

Thanks David – those are all valid comments, but in part, the impact also depends on your threat analysis. If the threat is of a single ‘personator’ using or determining the way I voted, I agree. If the assumed threat is that someone with valid access to the archived papers could do a complete ‘poll profile’, then the only logistical barrier is the number of ballot papers. Perhaps we should submit a Freedom of Information request to see how many public sector bodies have bought document sorter/scanners with OCR capability! ;\^)

Posted by Robin Wiltona> on May 08, 2005 at 07:49 PM PDT

I have to agree with Robin — individually identifiable ballot papers are inherently suspect, even if you have to do a “join” through two stacks of papers to tie a ballot to an individual.Regardless of what authorization is required to legally access the archives, it seems to me that you’ve created a tempting target for bulk information theft.

Here in Massachusetts, our elections are done with manually marked ballot papers which are electronically scanned when placed into the ballot box. Unlike either the old mechanical lever systems or “modern” direct recording electronic systems (which IMHO are insufficiently auditable) there’s a clear audit trail.

As in your system, no id card is required; the voter list is sorted by address and your name is checked off twice — once when they hand you the ballot, and a second time when you place it in the box. (I’m not familiar with the specific procedures when duplicate voting is detected).

Starting with the most recent local election, they’ve enabled an option in the scanner to reject invalid ballots with overvotes so that one common class of error doesn’t result in an uncountable ballot long after the voter has left.

Posted by Bill Sommerfeld on May 08, 2005 at 10:20 PM PDT


An OCR reader would require that the ballot papers are printed for it, and detect the presiding officer’s mark. It would also be unable to read the polling number on the counterfoil, which is hand-written.

A computerised count cannot be observed and audited by the candidates. Remember, they had to change the law to permit computer print outs to be seen as evidence in Poll Tax delinquency cases. (I laughed so much at that). This is because computers cannot be cross-examined.

Posted by Dave on May 09, 2005 at 01:11 AM PDT

I thought that the point of writing it down was to trivialise the matter of finding the names of everyone who’d voted for the British Communist Party / National Front / Whatever, “all the votes for whom are neatly stacked in that corner over there, all 500 of the insurgent little bastards upon whom we want to sic MI5…”

Posted by alecm on May 09, 2005 at 01:15 AM PDT


I suppose.

I’ve also read your comments at Dropsafe.

That would mean that MI5 would have to send people to each constituency, or only those in which those they were interested in were standing, and with the exception of Sien Fein, the number of votes attracted by these candidates is sufficiently small to make this feasible. Whether MI5 has grown up enough to be interested in the ultra-right is another moot point!

I suppose the point I’m making is that the spooks have easier ways of finding people to spy on than checking up on the ballot box. Like many people, spys’ll do it the easy way if they can.

Posted by Dave on May 09, 2005 at 05:48 PM PDT

Ballot Secrecy in Britain
Tagged on:                     

One thought on “Ballot Secrecy in Britain

  • 14th February 2016 at 12:23 am

    The first of many articles and much reading which led me to the Open Rights Group.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: