A ‘digital democracy’ can’t ignore security

digitaldemocracyThis morning, there’ll be a Parliamentary debate in Westminster Hall on the report of the Speaker’s Commission on Digital Democracy.

Overall, it’s a good report which you can see here. It proposes some interesting and useful new ideas for opening up Parliament and giving people new channels to get involved and be informed, while generally not running away with itself and succumbing to the techno-evangelism that has people proclaiming that the internet will solve all our problems.

However – you knew there’d be a however, didn’t you? – it drops the ball when it comes to online voting. Not quite as badly as the ‘Viral Voting’ report last week did, but it has a very worrying approach to security in its conclusions. Yet again, there’s an expectation that security problems don’t have to be bad if we want to pretend that they’re not bad, rather than facing them head on.

The section in question is here. The Commissioners deserve credit for speaking to the Open Rights Group and including their comments in the report which sums up the problems very well:

“Voting is a uniquely difficult question for computer science: the system must verify your eligibility to vote; know whether you have already voted; and allow for audits and recounts. Yet it must always preserve your anonymity and privacy. Currently, there are no practical solutions to this highly complex problem and existing systems are unacceptably flawed.”

Unfortunately, when faced with the fact that “there are no practical solutions to this highly complex problem”, the Commissioners don’t then adopt the sensible position that efforts need to be made to try and solve that problem before any real deployment of online voting can begin. Instead, they talk about how ‘the concerns about security must be overcome’. Not the issues or the fundamental problems, just the concerns. They then go on to recommend that ‘in the 2020 general election, secure online voting should be an option for all voters.’ And they can all be given a jetpack or a hoverboard as a reward for voting, I expect.

Yet again, the cart is being placed several miles ahead of the horse. Trying to push for implementation of an idea by a certain date in the hope that fundamental problems can be solved by then is asking for trouble, and for a system to be rolled out (probably alongside a massive PR campaign to assure that it’s perfectly safe) that’s riddled with security issues. I understand the appeal of online voting, and I understand the appeal it has for politicians who want to be seen to be engaging with technology, but engaging with technology means understanding it, and understanding it means accepting that security is a fundamental issue not a peripheral concern.

If you really want secure online voting to happen, then you’ll need to spend a lot of money and time developing a secure system, in the same way our current voting system evolved over time in response to security challenges. Rushing something through to meet an arbitrarily imposed deadline is always going to see security being compromised, and that’s an attitude we shouldn’t accept when our entire democracy is at stake.

Worth Reading 91: The Psalm of Protection

Five more interesting things for you, gathered from across the internet.

The Whiffle Flib test – Hopi Sen offers a way to ensure that political speeches are devoid of all meaning and context.
Security Myths and Passwords – Why making people change their passwords once a month doesn’t improve security. (via)
Leadership That’s Working? – a look at Northern Irish politics now that Protestantism and Unionism are slipping away from the status of an absolute majority (via)
What If We Responded to Sexual Assault by Limiting Men’s Freedom Like We Limit Women’s? – And the ‘what about the men?’ whiners turn up straight away in the comments to prove the point.
Friends without benefits – “I seem to have a chronic inability to be angry about people claiming benefits. I know I’m supposed to be furious. I’m meant to be incensed that people can have 10 kids and not work. I’m meant to be incandescent that a family where no one has a job brings in near to my previous salary in benefits. But nothing happens. I’ve tried reading the Mail, the Sun and the Express, I really have, but somehow it fails to make me cross at all. (Well, the people claiming benefits don’t.)”