Balancing interests

I have been thinking about secure election systems for a while. Two events have provoked me to consider this issue today. Firstly, I was looking at building a voting system in WordPress and came across YOP Poll which does not have a secret ballot hidden from the system administrators. Secondly, the Lewisham Momentum meeting tonight it seems is going to have Momentum staff or nominees on the door.

The point of principle is that when building trustworthy systems, they must have a segregation of duties and are best observed by competing interested parties who can call foul if something wrong is happening.

In the examples above, neither the software, nor its administrators should be trusted, and in the second example, since there is no audit of their decisions neither should the door keepers who are accountable to no-one. …

Summer of 15

From the summer of 2015, through to the summer of 2016, with time off for winter ski trips[1], the Labour Party Head Office ran a purge of the Party’s membership which otherwise grew from about 180,000 to 550,00, a growth of 206%.

This note describes the impact of the purge. These numbers do not include the 125,000 (about 25%) excluded from the leadership election in 2016 by the imposition of a freeze date, nor the tens of thousands rejected as registered supporters.

These numbers have been constructed using Christine Shawcroft’s data (see here on the CLPD site)  and survey techniques[2],[3]. The data values have been normalised[4] between those categories where data is available and those where the values have been derived via survey.

We should bear in mind, that the guilty have been deemed so by the bureaucracy with some oversight from the leadership of the NEC Disputes panel; no hearing, no defence and no appeal.

 


[1] I dunno, I made it up, I have no idea how many of Labour’s Compliance team ski.

[2] The survey work was conducted by someone else.

[3] The sample was constructed via advertisement and opt-in. It is possible that it under-estimates those whose investigation was terminated or finished with no further action.

[4] My stats professor will be turning in is his grave. …

More on Convoy’s Wharf

Vicky Foxcroft our local MP has put in an objection to the current plans proposed for Convoy’s Wharf. The deadline for comments on Convoys Wharf is the 10th – tomorrow!! This is a massive development sold by Boris to developers for £106 million in 2013. I have commented previously on this project on this blog, but you can add your views to the planning application.

Here’s Lewisham Council’s Planning Site, you need to register on the planning portal to comment. It takes 5 minutes.

Vicky argues that there’s insufficient social housing, that the focus on two bedroom properties doesn’t meet the need of local families and that the community projects mandated by the Mayor of London have been ignored. …

And at the end

A final word about #lab18. We’ve finally got a form of accountability over our MPs through the reformed trigger ballot, we may have some unity over Brexit and have put down a marker that the Labour Party still thinks that remain might be the best anwer given the current state of negotiations and the failure to find an answer to the Irish border issue. Perhaps most importantly Corbyn’s speech as a great platform for the future, there are significant policy promises and there were non of the regrets I had on leaving the hall after one of Ed Miliband’s speeches; it just goes to show what can be done when we put our mind to it without the distractions of an unnecessary Leadership campaign.

Otherwise, you can see what I said, didn’t say and thought using the tag #lab18, or select a day view for Sunday, Monday, Tuesday and Wednesday; the CLPD’s yellow pages can be viewed using the tag #yellowpages, which as also available as an xml feed,

ooOOOoo

Here is the Labour Party’s You Tube play list;

 …

Big Brother. No, not the TV show

The police are building a new super database combining records with “intelligence”. Liberty have withdrawn from the government consultation as they rightly feel that it’s a breach of our privacy rights and even the government admit that much/some of the data has no lawful purpose. (I see an ECHT case coming on.)

I have three comments to add.

The Guardian article states that the database will be held on a private cloud provider’s systems; if US owned, then the databases will be subject to US FISA warrants, so the “encrypted at rest” security solution had better be pretty good as the best in the world may be looking for it.

Secondly, government data leaks! The legal precedents in this country show that while the Government may build systems for one purpose, the courts may force disclosure to them in the resolution of private/civil disputes. The first Norwich Pharmacal warrant was issued against the HMRC as the plaintiff showed that the defendants tax records were relevant to the court. It seems that there is a public interest defence against these now, and ensuring the Government’s ability to keep it’s secrets would seem to be in the public interest but we’ll see.

Thirdly, the intelligence databases as noted probably fail the need for a lawful purpose, and fail to deliver most of the privacy rights legislated for by the GDPR, most obviously the need to ensure that personal data is accurate.

I am glad I am still a member of Liberty, and I’ll help them. …

Tory Conference Data Breach

Over the weekend, it seems to have been established that the Tory Party’s confence app suffers a major secutity flaw and that personal details of its users are available to all. While the BBC seem concerned that the ex-Foreign Secretary’s details are available, its of equal concern that all the journalists are also exposed. The maximum fine for any breach is €20m.

A further problem is that under the new laws, people who suffer a breach of rights no longer have to prove harm. This would seem to be a breach of rights and so will be treated at the serious end of the spectrum and there’s a low burden of proof.

Additionally I would add, this app It should have had a data privacy impact analysis and if deemed a high risk, permission needs to be sought from the ICO to deploy it.

The cyber-security controls should have been defined before and tested before and after the DPIA.

The Tories have 72 hours to notify the ICO of the breach and will need to consider remediation for each an every user impacted.

I am sure the ICO would not want the Tories to be their first case as they would like to have established a precedent based tariff; they wouldn’t want the governing party to be the precedent; expectations are that the ICO will be one of the more forgiving of the European data protection supervisory authorities. …

I.T. implications

In my many articles on Labour’s Democracy Review, and in a preview I talk about the Information Technology implications of Labour’s coming rule changes. I have extracted the following quote from my article, The denoument, as I’d like it to be easier to find,

In the NEC rule changes as presented to Conference the NEC talks about using IT to maximise participation. All constituency documents, are to be available to all members via a clockwork platform, sorry, I made it up, an electronic platform, “provided by the Party”; I hope that’s the national party as I have thought hard about this and creating a shared disk is not hard, managing the Access Control List (ACL) is, particularly if your membership and volatility is large.

 …