As per my previous blog post I recently attended the one-year-on gathering for the Digital Democracy Commission at Portcullis House. The most obvious thing missing from that session was any discussion of electronic voting for elections. This was especially odd since the initial report stated that online voting should be available to everyone by 2020.
Shortly before that meeting I had heard about the publication of the Secure Voting report from the organisation WebRoots Democracy which includes a foreword from the Speaker of the House of Commons Mr John Bercow. WebRoots is a campaign organisation advocating electronic voting as one of the solutions to the political disenfranchisement of young people in this country. They were one of the groups that responded to the initial Digital Democracy consultation – their submission can be found here.
I’ve read up on WebRoots and they look to be a very well organised group of idealistic and dedicated young professionals who have an impressive track record of positive media engagement.
The two things that jumped out at me from reading their website were that there’s no indication of how they are funded, although I’m sure its no different to most NGOs, and that none of the employees of the organisation has a technical background. There are complex technical questions surrounding the concept of online voting. These especially include issues of how to ensure both identity (proof you’re allowed to vote) and anonymity (confidentially of who you vote for) in a system that is also demonstrably tamper-proof.
The Secure Voting report is well written and thorough. Statements in the executive summary state that the government should implement a programme for accessible online voting using multiple pilots and and elsewhere it praises both the Electoral Registration service and GOV.UK Verify both of which are provided by the Government Digital Service. Given that I was rather surprised to see that the overall recommendation seems to be outsource the provision of electronic voting to one or more of a set of 3rd party providers rather than have GDS or the Parliamentary Digital Service (PDS) build and support such a platform.
I was further concerned that the code behind the voting systems provided by many of these companies is, and will remain, closed-source. This means that in such an online voting environment the public can never be sure how the system they are relying on truly works. This worry is especially timely as it coincides with an excellent presentation from Frank Pasquale at LSE in January about algorithmic accountability and the issues of “black box” decision making (video here).
The many issues related to online voting addressed in the Secure Voting report have been long debated in the technical community. Perhaps the best known instance of this is the video provided by Tom Scott on this topic.
As a long time supporter of the Open Rights Group my first instinct was to look for their response to the publication of the report. Unfortunately, I found the reply quite dismissive and, most importantly, I was disappointed in the lack of any offer to reach out to WebRoots to discuss the unanswered issues in this area.
What I would very much like to see as the next steps forward regarding this proposal are the following. Firstly, I believe that WebRoots should hire a full-time technical consultant with a strong background in operation security if they are to persuade sceptics that any of the systems they are proposing for piloting are fit for purpose. Secondly, I would like an explanation from WebRoots as to why they think that such a critical system for our democracy should be outsourced to one of more commercial companies rather than built and run by one of the successful government digital teams. Finally, I strongly suggest that, rather than releasing stand-alone reports, WebRoots specifically reaches out to its critics, such as the Open Rights Group, with a view to engaging with them in a long-term robust public discussion as to the risks and rewards of online voting in the UK.