May 7, 2010
Online interactions between people and government fascinate me. Which is just as well, given I’ve spent a long time working on innovation and programmes that attempt to do this sort of thing.
I’ve written before about some of the challenges behind the “government account” concept: online tools that would help citizens to transact with government in smarter ways. They represent a wicked problem – in that you can describe what such an account does in a single, simple line but nobody’s actually managed to produce one in practice, for all the money that’s been spent trying.
This is because as soon as you endow them with any sort of real usefulness you also need to build in so many safeguards to a) protect privacy, b) be proportionate in what information is shared for what purpose, and c) to guard against misuse (fraud, impersonation etc.) that you quickly render them unusable by real people, and unimplementable by government machinery. Yet the “vast savings in the future” business case sits there, taunting us to try and try again to find a way. And it’s human nature to want to believe (sometimes in the face of very strong evidence) that simple conceptual challenges must have simple solutions. Truly, a wicked problem.
Proposed solutions inevitably gravitate towards two poles: the absolute identity model (beloved by the “nothing to hide, nothing to fear” brigade) where everything is pegged back to a single (probably biometrically-founded) master record. Or non-personal, “opt-in” models. (“Non-personal” in the sense that although you can create your account to look like it’s about you, it’s not evidentially reliable for any form of ‘strong’ transaction. The sort you might later conceivably have a court case about, for instance.)
If you try and get clever, and design hybrid solutions that mix-up trusted and non-trusted areas of information, then you can solve more of the implementation challenges on paper, but you magnify the usability (and security) problems exponentially. And so we go on – that’s another story.
But let’s set aside conceptual discussion for a moment and focus on just one very topical instance of interaction with government: voting.
The scenes of chaos last night at polling stations were quickly followed by cries for a better way. Our Victorian processes and infrastructure can’t cope, say the people – and now we have teh shiny internetz – surely A Way Must Be Found.
(What tickled me a little is that some of those cries for A Better Way came from people who would probably have serious reservations about the unintended consequences of this sort of thing.)
Bear in mind that for any electronic voting solution there are a few core concepts that need to be considered – notably the need to have a referencing method, and a proof process.
A referencing method might be a list of NI numbers, for example – the basic index by which people and government agree that they’re talking about the same person. In traditional voting, this is the electoral roll – a list assembled for the specific purpose of enfranchisement. Although it’s shared (and sold) for other purposes, this isn’t generally used to enable other business with government. It’s not (that I know of) connected to your tax or benefit records, for example (other than having ancillary involvement in identity verification, credit-reference-style).
It’s worth bearing this in mind when you consider the referencing method that online voting might use. You want to connect your voting record to other things you do with the state? You’re sure you don’t want to think about that a little more, liberally-inclined Twitter-folk? So, your referencing solution might instead be merely the migration of electoral rolls to an online register, but one that’s not connected to other government interactions. Sensible precaution, or massive missed efficiency opportunity? That’s the sort of real-world difficulty we face with these decisions.
The proof bit is where the voter makes a claim (to an acceptable level of proof) that they are that person. That could be as simple as replying to a letter sent to your house, showing online (or by phone) that you know something about other account records that only the account holder would be likely to know, or as complex as turning up at a government office bearing original birth certificates.
But bear in mind that if the proof bit isn’t done online, there’s an extra level of complexity in sending you whatever you need to then use online to demonstrate you’ve done the proving. Even if you just want it emailed, that means someone has to be responsible for the email addresses, not letting them be used by spammers or left on a disk on a bus (etc. etc.).
Even the simple gets complex. It’s the nature of this territory. It’s all ultimately based on what level of risk, whether of error or malefaction, is acceptable.
You’ll spot at this stage that the relative level of proof required for traditional voting is absurdly small. You need a card in your hand (which you can pick up from anyone’s doorstep or shared mailbox) or, failing that, some identity that can be checked against paper records at the polling station. Can it be fiddled? Of course it can.
An acquaintance of mine received two polling cards in 1992, one at his parents’ address, and one at his student address. Both were in marginal constituencies which changed hands. He happened to be travelling between the two areas that day… And that wasn’t even ‘intentional’ fiddling – just sloppy record-keeping.
There is something – I think of it as channel friction – which comes into play here. It’s relatively burdensome to blag your way into a polling station; to extend a trembling hand full of someone else’s utility bills or to queue for half an hour. It’s a lesser pain to do things on the phone: it might cost you money, it takes time, you need to work harder to cover your tracks. But online, you have a very well-greased channel – register another 50 voters at a time? Sure. *click* Scan the registers for names that can be more easily spoofed? *click* Do all of this on a massive scale without leaving your bedroom? *click* Not to mention all the other service disruption and denial tactics at hand.
And while you’re thinking about the information flows as you design your solution, have a think about the potential impact of e-voting on political volatility. I may be strapping on the tin-foil hat here, but isn’t it conceivable that if we make the tools very easily available then their use might be demanded (by both sides) more and more frequently? For that budget decision, to go into that war, to execute that prisoner? I’m not saying that this level of ‘open’ government is necessarily bad – just that it’s different. And there are serious societal implications, from digital inclusion to softer issues of how online channels can lead to selective participation and extremity of view, to be borne in mind.
Be careful what you wish for; perhaps there are very rational, if unstated, reasons not to modernise some things?
Honestly, I’d love someone to crack this one. I really would. If you believe there’s a potential solution to this one, do please sketch it out below. Let’s have the discussion.
I’d love, as always, to hear a view from the VRM crowd – the self-assertion of the data you want to share is a useful concept when you’re buying things or services, but I’m baffled as to how it would solve either the “who am I saying I am” test, or the “who I am” test.
Personally, I vote postally. Because it makes more sense to me. It strikes an acceptable balance between my time spent, electoral administrators’ time spent, security and emotion. I’d like to have a go at improving the actual design, mind you – those multiple envelopes were bonkers – but it works.
Sure, I don’t get to smell the plyboard booths, and finger the grubby, stubby pencil but it does the job. And I don’t have to avoid eye-contact with rosette-wearers outside (really, why do they do that?) or risk a late-night lock-in with the police and an angry mob.
So, over to you.
If you think there’s a way to improve this electronically, pitch it… And if reading this has been useful, and opened up a few more areas of thought around this, do share it with others.