May 7, 2010
Sit down and be counted?
Online interactions between people and government fascinate me. Which is just as well, given I’ve spent a long time working on innovation and programmes that attempt to do this sort of thing.
I’ve written before about some of the challenges behind the “government account” concept: online tools that would help citizens to transact with government in smarter ways. They represent a wicked problem – in that you can describe what such an account does in a single, simple line but nobody’s actually managed to produce one in practice, for all the money that’s been spent trying.
This is because as soon as you endow them with any sort of real usefulness you also need to build in so many safeguards to a) protect privacy, b) be proportionate in what information is shared for what purpose, and c) to guard against misuse (fraud, impersonation etc.) that you quickly render them unusable by real people, and unimplementable by government machinery. Yet the “vast savings in the future” business case sits there, taunting us to try and try again to find a way. And it’s human nature to want to believe (sometimes in the face of very strong evidence) that simple conceptual challenges must have simple solutions. Truly, a wicked problem.
Proposed solutions inevitably gravitate towards two poles: the absolute identity model (beloved by the “nothing to hide, nothing to fear” brigade) where everything is pegged back to a single (probably biometrically-founded) master record. Or non-personal, “opt-in” models. (“Non-personal” in the sense that although you can create your account to look like it’s about you, it’s not evidentially reliable for any form of ‘strong’ transaction. The sort you might later conceivably have a court case about, for instance.)
If you try and get clever, and design hybrid solutions that mix-up trusted and non-trusted areas of information, then you can solve more of the implementation challenges on paper, but you magnify the usability (and security) problems exponentially. And so we go on – that’s another story.
But let’s set aside conceptual discussion for a moment and focus on just one very topical instance of interaction with government: voting.
The scenes of chaos last night at polling stations were quickly followed by cries for a better way. Our Victorian processes and infrastructure can’t cope, say the people – and now we have teh shiny internetz – surely A Way Must Be Found.
(What tickled me a little is that some of those cries for A Better Way came from people who would probably have serious reservations about the unintended consequences of this sort of thing.)
Bear in mind that for any electronic voting solution there are a few core concepts that need to be considered – notably the need to have a referencing method, and a proof process.
A referencing method might be a list of National Insurance numbers, for example – a common index by which people and government agree that they’re talking about the same person. In traditional voting, this is the electoral roll – a list assembled for the specific purpose of enfranchisement. Although it’s shared (and sold) for other purposes, this isn’t generally used to enable other business with government. It’s not (that I know of) connected to your tax or benefit records, for example (other than having ancillary involvement in identity verification, credit-reference-style).
It’s worth bearing this in mind when you consider the referencing method that online voting might use. You want to connect your voting record to other things you do with the state? You’re sure you don’t want to think about that a little more, liberally-inclined Twitter-folk? So, your referencing solution might instead be merely the migration of electoral rolls to an online register, but one that’s not connected to other government interactions. Sensible precaution, or massive missed efficiency opportunity? That’s the sort of real-world difficulty we face with these decisions.
The proof bit is where the voter makes a claim (to an acceptable level of proof) that they are that person. That could be as simple as replying to a letter sent to your house, showing online (or by phone) that you know something about other account records that only the account holder would be likely to know, or as complex as turning up at a government office bearing original birth certificates.
But bear in mind that if the proof bit isn’t done online, there’s an extra level of complexity in sending you whatever you need to then use online to demonstrate you’ve done the proving. Even if you just want it emailed, that means someone has to be responsible for the email addresses, not letting them be used by spammers or left on a disk on a bus (etc. etc.).
Even the simple gets complex. It’s the nature of this territory. It’s all ultimately based on what level of risk, whether of error or malefaction, is acceptable.
You’ll spot at this stage that the relative level of proof required for traditional voting is absurdly small. You need a card in your hand (which you can pick up from anyone’s doorstep or shared mailbox) or, failing that, some identity that can be checked against paper records at the polling station. Can it be fiddled? Of course it can.
An acquaintance of mine received two polling cards in 1992, one at his parents’ address, and one at his student address. Both were in marginal constituencies which changed hands. He happened to be travelling between the two areas that day… And that wasn’t even ‘intentional’ fiddling – just sloppy record-keeping.
There is something – I think of it as channel friction – which comes into play here. It’s relatively burdensome to blag your way into a polling station; to extend a trembling hand full of someone else’s utility bills or to queue for half an hour. It’s a lesser pain to do things on the phone: it might cost you money, it takes time, you need to work harder to cover your tracks. But online, you have a very well-greased channel – register another 50 voters at a time? Sure. *click* Scan the registers for names that can be more easily spoofed? *click* Do all of this on a massive scale without leaving your bedroom? *click* Not to mention all the other service disruption and denial tactics at hand.
And while you’re thinking about the information flows as you design your solution, have a think about the potential impact of e-voting on political volatility. I may be strapping on the tin-foil hat here, but isn’t it conceivable that if we make the tools very easily available then their use might be demanded (by both sides) more and more frequently? For that budget decision, to go into that war, to execute that prisoner? I’m not saying that this level of ‘open’ government is necessarily bad – just that it’s different. And there are serious societal implications, from digital inclusion to softer issues of how online channels can lead to selective participation and extremity of view, to be borne in mind.
Be careful what you wish for; perhaps there are very rational, if unstated, reasons not to modernise some things?
Honestly, I’d love someone to crack this one. I really would. If you believe there’s a potential solution to this one, do please sketch it out below. Let’s have the discussion.
I’d love, as always, to hear a view from the VRM crowd – the self-assertion of the data you want to share is a useful concept when you’re buying things or services, but I’m baffled as to how it would solve either the “who am I saying I am” test, or the “who I am” test.
Personally, I vote postally. Because it makes more sense to me. It strikes an acceptable balance between my time spent, electoral administrators’ time spent, security and emotion. I’d like to have a go at improving the actual design, mind you – those multiple envelopes were bonkers – but it works.
Sure, I don’t get to smell the plyboard booths, and finger the grubby, stubby pencil but it does the job. And I don’t have to avoid eye-contact with rosette-wearers outside (really, why do they do that?) or risk a late-night lock-in with the police and an angry mob.
So, over to you.
If you think there’s a way to improve this electronically, pitch it… And if reading this has been useful, and opened up a few more areas of thought around this, do share it with others.
With you on this one, Paul. It’s a damned tough nut to crack. Several people have asked me today why they can’t do this when they can do other things online, and I think you explain it well.
This isn’t grocery shopping, and it isn’t online banking, I think it’s a lot more serious when you are choosing who is going to represent your country.
And what happens when the servers crash for six hours? Or you discover that the sysadmins during the last General Election were being threatened and paid off by Russian mafia to stop votes being counted, or to add the occasional 100 or so extra in the marginal seats. Or… Or… Or….
And I also agree that if we open this particular Pandora’s Box then we had better be damned sure that we are ready for all the other things that are in that box, hiding under “ease of voting”. That actually worries me more. Unless we can do it right.
I just with I knew how to define “right”.
Yes very useful indeed. One (perhaps rather reckless but nevertheless worth-making) point is that there is a tendency to get over-analytical regarding a mooted electronic online system. My view is that almost anything’s better than the current system. Queues are one thing. But (and this has happened at every election I’ve voted at in London and that’s 5 of them) my card has never been checked and I have never been asked for ID. So, from a personal point of view at any rate, the proof argument doesn’t seem to check out.
I believe online voting, however basic, would help greatly and would encourage more people to exercise their fundamental right. As it stands, less than two-thirds of the registered populace voting seems a little absurd. It might also help to manage a more democratised system based on e.g. proportional representation. New electoral algorithms could be built in as part of the overall design. It may take years to perfect but, by being generally positive about reform, I think we could move towards a system that has been truly worth investing in.
I don’t have any intelligent views about systems design. My view is based largely on hope, hope that people will understand that the old-fashioned, first past the post electoral approach is largely broke and it needs fixing. Soon.
There is another fundamental reason why internet voting cannot be trusted. Our electoral system is supposed to involve a secret ballot whereby we can be sure that votes are not cast under coercion. Remote voting, like postal voting, cannot guarantee this.
Actually the contrast is more extreme even than you paint it. Currently you don’t have to prove anything whatsoever to vote in person, you only have to be able to give the name and address of somebody (a) who is on the register, (b) hasn’t voted already and (c) (ideally) is you. But there is no reconciliation of (a) with (c).
That’s not only faintly bizarre in its own right, it’s an extreme example of a much wider issue: putting things online exposes how unsystematic/insecure/generally random many of the offline processes are to start with. Nobody wants to replicate the holes online, but making the online service more secure then prompts the previously unasked question of why the offline service should be less secure. Surprisingly often, the first round of that process concludes at the point where it becomes apparent that, for example, applying the level of security for the online channel to transactions by phone would mean that no transaction would ever get done on the phone. The logical next step might be thought to be to close down the telephone service instantly, but that is never in practice what happens.
(And being registered in more than one place is entirely legal. Voting more than once isn’t. Reconciling the first with the second would be a basic requirement for an online system but is not done at all in the current offline system, which makes it another example of the same point.)
food for thought… yep, guess it is open to issues, but so are the kids going through the streets collecting up postal votes. No matter what we do there will always be some issues, witness the fuss about the 100 or so who couldn’t vote in Sheffield… But.
We are just your ordinary joes, surely there are clever people who can sort the tech? What about that Gary chap who hacked into american systems? Why can’t govt employ these geniuses instead of the fwits running their IT at the moment? I don’t suggest whoever built the NHS system is competent to run online voting, but I am guessing we do have that talent somewhere in this country?
surely?
chris
I think you might be interested in my talk on e-voting http://blip.tv/file/574494/
Good, very thoughtful post.
I would be wary of being able to vote online.
Facebook’s chat system was hacked on election day, so people could see their Friends’ live, private chats. It was just one example of how supposedly secure online systems are breached regularly.
Chris think that there should be people clever enough to do this, and quotes the NHS system. The problem is, the security and the usability requirements are inherently incompatible.
I have had to consider both security and usability for public organisations’ IT and public information web sites – at national level but for nowhere near the numbers of people who would use a voting system for general elections. My experiences lead me to think that it would be an incredibly expensive system to build.
If you think people are cross now about a few hundred or a few thousand not being able to cast their vote at a polling station, think what their reaction would be if the country’s internet were taken down by a severe denial-of-service attack that also affected financial transactions, all communications…
Maybe I’ve watched too many episodes of ‘Spooks’…
I also thought about lack of checks on identity at the polling station. The chances of the real elector also turning up at the polling station to vote are reasonably high, so presumably off-putting to any thinking of breaking the law. The problem lies in proving who you are when registering on the electoral role.
I would like to see more done to educate the public about democracy and the existing systems first, anyway. I am rather shocked by how many believe unquestioningly what the tabloids tell them. It will be cheaper to educate them than to make a secure, easy-to-use electronic voting system.