Overall, it’s a good report which you can see here. It proposes some interesting and useful new ideas for opening up Parliament and giving people new channels to get involved and be informed, while generally not running away with itself and succumbing to the techno-evangelism that has people proclaiming that the internet will solve all our problems.
However – you knew there’d be a however, didn’t you? – it drops the ball when it comes to online voting. Not quite as badly as the ‘Viral Voting’ report last week did, but it has a very worrying approach to security in its conclusions. Yet again, there’s an expectation that security problems don’t have to be bad if we want to pretend that they’re not bad, rather than facing them head on.
The section in question is here. The Commissioners deserve credit for speaking to the Open Rights Group and including their comments in the report which sums up the problems very well:
“Voting is a uniquely difficult question for computer science: the system must verify your eligibility to vote; know whether you have already voted; and allow for audits and recounts. Yet it must always preserve your anonymity and privacy. Currently, there are no practical solutions to this highly complex problem and existing systems are unacceptably flawed.”
Unfortunately, when faced with the fact that “there are no practical solutions to this highly complex problem”, the Commissioners don’t then adopt the sensible position that efforts need to be made to try and solve that problem before any real deployment of online voting can begin. Instead, they talk about how ‘the concerns about security must be overcome’. Not the issues or the fundamental problems, just the concerns. They then go on to recommend that ‘in the 2020 general election, secure online voting should be an option for all voters.’ And they can all be given a jetpack or a hoverboard as a reward for voting, I expect.
Yet again, the cart is being placed several miles ahead of the horse. Trying to push for implementation of an idea by a certain date in the hope that fundamental problems can be solved by then is asking for trouble, and for a system to be rolled out (probably alongside a massive PR campaign to assure that it’s perfectly safe) that’s riddled with security issues. I understand the appeal of online voting, and I understand the appeal it has for politicians who want to be seen to be engaging with technology, but engaging with technology means understanding it, and understanding it means accepting that security is a fundamental issue not a peripheral concern.
If you really want secure online voting to happen, then you’ll need to spend a lot of money and time developing a secure system, in the same way our current voting system evolved over time in response to security challenges. Rushing something through to meet an arbitrarily imposed deadline is always going to see security being compromised, and that’s an attitude we shouldn’t accept when our entire democracy is at stake.