Some end of term reflections for Local Government Chronicle

LGC asked for some reflections at the end of my term a a council leader. Here’s what I wrote for them:

There are only a couple of weeks left until I step down as both Brighton & Hove City Council’s leader and as a councillor. While, after eight years, I will lose that ‘Cllr’ title I will continue to have a passion for the sector and all that it delivers for citizens. LGC have asked for my reflections having led the UK’s first Green council, albeit a minority administration.

I’m writing this just hours before we launch our end of term report. In that report we show that our administration has delivered on over 85% of the 195 manifesto pledges we made in 2011. Brighton’s economy is booming with a famously vibrant creative digital cluster, we are a top UK seaside destination, a place where people want to come live and work. Our ambition and delivery for Brighton & Hove has been recognised in many ways including as the world’s first One Planet City, the 2014 CIVITAS European City of the Year for Sustainable Transport and part of the UK’s first new UN Biosphere Reserve in over 40 years.

These and our other achievements have only been possible through collaboration. If there ever was an age of heroic leadership, then that time has gone. Collaboration and co-operation are now the only forms of leadership that can deliver the outcomes our citizens deserve. Locally this has meant intense cross-party working and collaboration with partners in all sectors as well as our neighbouring authorities in the Greater Brighton city region that we have founded.

Nationally the learning and co-operation that has developed through the Key Cities group of 26 mid-sized cities have been invaluable. The collective voice, and thinking, we have been able to present to government and other bodies like the Local Government Association has helped move forward the devolution debate whilst also providing mutual support to the challenges each of our areas face.

We are indisputably now in a multi-party age, and I think that’s a good and healthy thing. In some ways I’d argue that we are just catching up with the rest of Europe who have long had to deal with more parties sharing power at local and national levels. This new reality not only requires new ways of organising TV leaders’ debates, but also puts a clear expectation on political leaders. They will have to be far more collaborative with their erstwhile opponents, and civil servants will need to do more to facilitate and support this type of joint working.

Perhaps as the only Green council leader, being a little freer from the traditional political tribes, I have had an advantage in working with anyone from any party. But I do also think local government has already developed more collaborative leadership capacity than we always get or give ourselves credit for: I see cross-party cabinets and committees delivering positive change in areas right across the country.

Here in Brighton & Hove we made an early change to the committee system in 2012, and we haven’t regretted it for a moment. It wasn’t a move backwards, it was a positive choice to a new way of working which involves all members of all parties far more whilst also being open and understandable to citizens. It has been a particular strength in our new Health & Wellbeing Board arrangements which I chaired, providing system leadership with health partners and all parties were represented as major decisions were being taken.

Finally, as someone with a background in technology, I have worked hard to try and support the local government sector in advancing its transformation for the digital age. It hasn’t always been smooth or easy as legacy systems, skills shortages and capacity restraints are real challenges for all of us. But the potential digital provides us to improve services for citizens, to rethink how we work and reduce costs must be pursued aggressively. Again I strongly believe collective action and collaboration are key to overcoming some of those barriers we face. Even after 10th May I will continue to actively support this stream of work and remain a lifelong champion for the power of local government to improve people’s lives. I know hard times are ahead for councils, but I can’t help feeling optimistic that the passion, creativity and collaboration I’ve seen will get us through the trials and tribulations. Thank you for a fantastic eight years. I’m just off to find somewhere to put down my party political hat.

Is past performance a guide to the future? The Brighton & Hove Green council’s end of term report

I happened to hear a bit of BBC Radio 4’s World at One yesterday. Presenter Martha Kearney was trying to explore the issue of manifesto promises: Does legislating on them help (as per the Conservative’s announcement on taxation yesterday), how often are they broken and do people actually trust the promises made. In service of this topic she interviewed Labour’s Rachel Reeves and the Conservative’s Michael Gove, both senior national parliamentarians for their respective parties. Rachel Reeves spent most of her interview mentioning reams of the promises Labour are making in their 2015 manifesto, while avoiding the questions on her party’s past performance. Meanwhile Michael Gove kept wanting to rehearse in detail his party’s past achievements while avoiding Kearney’s exhortations to expand on the promises they were making for the future.

It seemed a rather odd and unsatisfying set of encounters for a rather key point central to electioneering: the manifesto pledge. Apparently we are seeing huge pledge inflation, more pledges are being made and manifestos are getting fatter than ever. But what value are pledges when future circumstances are likely to change? And can we make any judgements for their future governing based on parties’ past performance? Mr Gove justified his desire to rehearse his party’s record in government on this very basis, that because (in his view) they had delivered on previous promises their future ones could be trusted. Then why legislate your tax pledge was Ms Kearney’s rebuttal.

I don’t think manifesto pledges can be the only part of electioneering, one should also be considering for example the personal values and judgement of future representatives. But past performance, where available, is also a useful metric if not a guarantee of future progress.

So in the spirit of openness I published the Green minority administration’s record last week. On election four years ago we almost immediately began tracking the 195 pledges we’d made in our 2011 manifesto. By our own judgement we are on course to deliver over 85% of those pledges. I think that’s pretty a good result for a minority administration running a council for the first time in our party’s history during a period of unprecedented austerity cuts to our budgets. But I might be biased!

What’s interesting is how few administrations locally or nationally produce such end of term reports, nor do independent bodies provide such analysis either. If we are seeing ever more pledges being made, then that does give ever more opportunity for such progress reporting to be done. Perhaps something for FactCheck, IFS and others to consider for 2020?

You can download the full PDF Brighton & Hove end of term report here.

My farewell speech to Full Council

Here are my remarks this evening to my last meeting of Brighton & Hove City Council after having been presented the LGiU Judges’ Special Award for Contribution to Local Government by the Mayor.

Dear colleagues

It has been a huge privilege and honour to serve on this council for the past eight years and as your leader for these past three years. I believe I leave the city and our council are in a better condition than it was four years ago.

We don’t always agree, nor should we, it is in debating our differences that we have represented our city as the tough decisions have been made.

But I am in no doubt that you are all here because you want to make a difference. I very much hope that continues with whoever the next 54 councillors of this city will be in May. I also hope that the good grace and humour with which we usually treat each other can continue – our common passion for the city, in putting city before politics is what should unite us.

The next council faces an incredible prospect, bittersweet in many ways. Budget cuts continuing beyond what any modern councillor has experienced. No councillor would have wished to deal with such significant and unrelenting budget pressures. Yet at the same time few could have dreamed that finally devolution could be moving so quickly after such a long wait. Juggling those two changes will I’m sure be challenging, exciting and hugely important for our future.

As your leader I have had the privilege to attend a number of events and conferences in the UK and Europe which have always left me with a clear impression: Brighton is a global city, one which has a fantastically good and strong reputation around the world. Every mayor I have met knows Brighton and most have visited. Treasure this, few cities our size have anything like the reputation or recognition we do.

Also we are all fortunate to have an incredible cadre of officers working for us. True public servants who work so hard with such passion, integrity, creativity and talent. Let’s keep nurturing them and showing our appreciation.

I’m extraordinarily grateful for the privilege you have bestowed on me in being your leader these past few years. I have done my best to serve this city and the council in all that I have done. Any achievements and progress I have made for our collective endeavour has only been possible due to one person who very fortunately is here with us today: My wife Ania who through her endless love, advice and support has made me able to do what I have done. Thank you.

Colleagues, I wish you all the best, thank you once again. Good luck for the future. In me you will have a lifelong champion for the great city of Brighton & Hove.

Thank you.

Thoughts on devolution, governance, accountability & heroic mayors

Map of the Greater Brighton City Region
Map of the Greater Brighton City Region

I’ve been really pleased to see talk of widespread devolution across the UK gain so much interest in recent months. While, as the Centre for Cities are ably proving, the party manifestos are woefully short of the true fiscal devolution city regions like Greater Brighton actually need, at least many more people are having the debate. The big news south of the Scottish border has been Osborne’s big deal with Greater Manchester: A genuine shift of power to the city level, including health and social care, for the price of a directly elected ‘metro mayor’. We are also seeing significant change elsewhere, some pushed by local powers such as the new Bristol-Cardiff-Newport ‘Great Western Cities’ initiative, and others imposed from Whitehall such as in Birmingham.

However another key factor for this devolution journey isn’t been given quite enough attention: Will the governance, accountability and involvement structures be sufficient?

I have some thoughts on this because, as Brighton & Hove City Council’s Leader, I chair the Greater Brighton Economic Board for our city region. Champions of the mayoral system may argue that I lack legitimacy and mandate – most citizens in the region will never have voted for me, only the few thousand in my own ward will have had that chance.

Essentially the direct-elected mayor model espoused by the UK so far is the American one: a presidential model. Yet I don’t see many pro-mayor groups campaigning for the British Prime Minister being ditched for a directly-elected President! But shouldn’t they be arguing that David Cameron was only elected by the residents of his constituency, and so on…?!

Of course in reality it’s not quite that simple. Cameron was chosen by his party membership as a leader and then won majority support in Parliament to govern. Similarly locally I was elected by my local party, elected by the whole council as their leader and backed by the city region board to be their chair. Lots of mandates, but few directly from the voters. Perhaps some think local government is so dramatically different that the parliamentary model only works at national levels – but given that the whole model emerges from the city government of Athens, such criticism bears little scrutiny.

If ones believes in direct mandates for presidents and mayors then the question must be, does a direct mandate alone make a difference and at what price? The UK experience of directly elected mayors has been very mixed, and often resulted in stalemate when councillors sought to frustrate a mayor’s plans because they came from opposing parties. This is not dissimilar to the logjam the US government regularly finds between presidents and Congress. This is because the UK model used so far has the mayor elected directly and quite separately from council elections. Hence quite often the two bodies do not politically align and so regularly use their ‘democratic mandates’ to oppose the other.

There are other local electoral models which can help to prevent this: As I understand it the Danish model uses a party list with the top candidate on each list being effectively the party’s proposal for Mayor. The council seats are then allocated proportionately to the votes cast. The largest party will win the mayoralty and have the largest base of support in the council, though of course may still need a coalition to wield a majority. This is where sharing out the Deputy Mayor portfolios (who chair key committees) becomes useful in building support.

In Brighton & Hove we have innovated almost annually with our governance structures. We had committee systems, early adoption of a formal scrutiny system, a shadow cabinet in anticipation of a directly elected mayor (the referendum was lost), an executive cabinet system imposed by statute and now a new streamlined committee system. Having worked in both opposition and administration through executive cabinet and committee system I have had lots of experiences to consider which will inform the next few paragraphs.

I should make clear that I am not a structuralist – great outcomes may be provided in any halfway decent structure. Mayor George Ferguson is delivering well in Bristol and here in Brighton our record of achievement through committees is equally strong.

However, different structures will have tendencies for and against values which I hold to be important in delivering public services: Openness, accountability, scrutiny and learning. The risk with the directly elected mayor model, and the executive cabinet system, is that too much is down to the approach taken by a very small number of people. An open, creative, humble mayor could foster wonderful things, but equally they might be arrogant and autocratic leading to little scrutiny and learning (and the same goes for the ‘Strong Leaders’ the cabinet system demands).

It is interesting to note the positive anecdotal feedback councillors are reporting in those authorities who have moved to a committee system after the Localism Act re-introduced this option. APSE’s research on the cabinet system also highlights how disempowered many councillors feel by centralising decisions amongst only 8 or 9 people.

The retort from some will be a witticism about how bad ‘design by committee’ is. Yet aren’t juries justice by committee? Haven’t we welcomed the enhanced status of Select Committee in our Parliament? How many of those who champion Mayors and Cabinets would support the same model in Westminster? 95% of national decisions in the hands of one person or a cabinet of 8-9? Very few. Most would support aims to open up Parliament to involve more people, not fewer. So why would local government deserve any less than a similarly open and inclusive approach? It doesn’t.

So where does this leave us in the devolution debate, especially in relation to city regions? First and foremost the structures need to be right for the place — there is no ‘one solution to fit them all and in its neatness rule them’ (with apologies to Tolkien). But I believe there are principles which need to be considered:

  • Does the planned structure encourage collaboration? Or could it risk stand-offs between bodies who can each independently claim a democratic mandate?
  • Is openness, scrutiny and accountability baked in? Rather than having to add those as afterthoughts, make them integral. Digital channels must be tapped to build inclusion and involvement.
  • How are existing elected representatives going to be included? They need to be part of the journey otherwise you risk trouble brewing.

It’s too early to say what future structures will develop for Greater Brighton. I’m open to ideas, and the decisions will be for my successors. I do quite like the Danish model but that would require a long overdue shift to proportional representation here which seems unlikely in the near future.

My final thought is: Beware those suggesting structural approaches which reinforce the model of heroic leaders. If there was ever truly a time when heroic leaders were the right people for the job, that time certainly isn’t now.

(While drafting this post I spotted Simon Cooke’s blog on a similar theme in relation to West Yorkshire’s devolution journey, definitely worth a read)

Digital transformation of local public services must go faster

It’s been a very busy few weeks. I was very lucky last night to receive, on behalf of everyone working for the public good in Brighton & Hove, an award from the LGIU. This evening, to my great relief, Brighton & Hove City Councillors set a budget.

This week also saw the release of SOCITM’s annual ranking of council websites and digital channels. I was really delighted to be asked to write the foreword which, combined with report’s finding that progress has been rather slow, delivers a strong call for a new way of speeding up digital transformation. I copy my foreword below while the full report and more is available from SOCITM here.

Local government will be dead by 2020 if something doesn’t change. Even if we weren’t facing greater funding cuts than any other part of government, which we are, then the relentless growth in costs and demand for our services risk finishing us off.

This isn’t because local government people aren’t working incredibly hard, they absolutely are! They are resilient, dedicated, creative and much more. But in the process of coping with all the pressures it becomes harder and harder to step back from the daily grind to rethink services from scratch. Capacity is under immense strain and investment in training staff is an easy budget to cut in the grand scheme of ugly choices politicians face at budget-setting time.

So capacity is limited and, through no fault of their own, digital capabilities in the sector are very limited. Given all that, what has been achieved so far is miraculous – there is some fabulous digital work out there, some brilliant apps, websites and more as evidenced by this report. But it’s not enough. If we continue at this pace of change then the transformation will only be ready long after our sector is dead and buried.

So what to do? Let’s keep celebrating and supporting local diversity and innovation. But if we are to have any hope of getting ahead of the scissors of doom — the relentless curves of demand growth and budget cuts bearing down on us — we also need to turbo-charge digital transformation across the sector.

My proposal is that the sector funds and backs a collective approach to digital transformation. This should be an approach which prevents reinvention of the wheel where possible (how many separate times are councils building ‘My Account’ functionality?!) and which provides collective leadership. A place to support local government, highlight best practice and to host reusable design patterns and code. In other words a Local Government Digital Service by and for local government, not a centralising force which I know many would rightly resist. We need to do this for ourselves, together — now.

The new governance structures devolution is producing, including combined authorities and city regions, should provide new momentum for driving digital transformation. These devolution negotiations give us the space to consider what ‘local’ means. From the perspective of our citizens is one local authority area the right level of ‘local’ for digital service delivery. It will depend, but I don’t think we have got it all right yet by any means.

There are great opportunities ahead to make public services more personalised, more responsive and more efficient than ever. To me the digital mantra of faster, better and cheaper seems possible not just for file sharing and email, but for whole swathes of essential public service delivery. Thank you for all the progress evidenced in this report, lets now build on that to renew local public services and beat those scissors of doom. We’re not dead yet.

The full SOCITM report ‘Better connected 2015’ is here.

Some thoughts on 2014

Much has happened in 2014 to put Brighton & Hove on the map. After working with our neighbouring areas – including councils, universities and businesses – we won ‘City Deal’ status from government, bringing millions of pound of investment to our Greater Brighton region. This includes government funds to upgrade the facilities for technology and digital businesses at New England House.

 

Signing the Greater Brighton City Deal at Wired Sussex's FuseBox in New England House
Signing the Greater Brighton City Deal at Wired Sussex’s FuseBox in New England House

 

We’ve worked very closely with the Coast 2 Capital Local Enterprise Partnership and Wired Sussex to win a number of big investments from government and Europe. Particularly close to my heart was winning a Digital Catapult Centre for Brighton.

In the summer we were also named the third best city in the country for small and medium sized businesses to grow, and we had record visitor numbers of 10m people coming to the city. We hope to keep growing that number having started work on building the iconic i360 observation tower and begun the process of building a new world-class conference centre as part of the ‘Brighton Waterfront’ project.

Digging the first sod for the i360. Once we got out of the way they opened up a vast hole below for moving a sewer tunnel and laying foundations.
Digging the first sod for the i360. Once we got out of the way they opened up a vast hole below for moving a sewer tunnel and laying foundations.

 

We won the City of the Year Award in Europe, for our work on sustainable travel. Figures this year showed that the number of people killed and injured on our city streets had fallen – meaning our work to improve travel safety is paying off.

This year we also opened two new libraries at Woodingdean and Mile Oak, creating new community hubs for residents to access books and the Internet at a time when most other councils are closing them. We also pioneered, with Sussex Police and Rise, drop-in domestic violence surgeries in council customer service centres.

 

Selfie outside one of our new libraries.

 

I started chairing the Health & Wellbeing Board this year, which was significantly reformed to bring together health and council colleagues together on an equal footing for the first time.

2014 has not been without its challenges, but 2015 brings opportunities to address them. Council officers are working on redesigning the refuse and recycling department to give residents an improved service. Work is also due to begin on a permanent travellers’ site, which will help reduce the unauthorised encampments that have disrupted residents and businesses for many years.

//www.youtube-nocookie.com/embed/9zLnVohMjns?rel=0

The council is consulting on what is going to be its toughest budget yet, now that our government funding has been cut by some 40%. The debate comes to a head in February when councillors will be agreeing the budget and deciding how best to fund and provide services for residents for the year ahead. After years of dwindling funds for local services, this time mounting government cuts are going to hurt. Combined with the general and local elections in May, it’s certain that 2015 will be an extraordinary year for our city. My best wishes to you all for the New Year.

Starting the 2015/16 budget process

The Coalition Government’s relentless cuts to councils, led by Secretary of State Eric Pickles, has created an extraordinary situation: Councillors of all parties across the country are united in their disgust at the way in which councils are being treated.

In recent days alone we’ve heard the Conservative Chair of the Local Government Association, Sir Merrick Cockell, warn once again of the devastating effects of the continued austerity measures imposed on councils. Sir Merrick’s successor as LGA Chair, Labour’s David Sparks, has also this week spoken out against the unsustainable funding situation facing council services. Meanwhile similar warning’s are being issued by the Association of Directors of Adult Social Services (ADASS), the Rowntree trusts and many more.

There is a great deal of unity in expressing our deep concern about these national policies. We know we are only halfway through the government’s austerity programme, one which is set to continue regardless of who forms the next government after the general election.

But when it comes to the local decisions of how to best cope with these cuts, the differences start to emerge. Even experienced opposition councillors, who know options are few, can’t help themselves but blame the situation on whoever the incumbent party is. Local voters are too busy leading their lives to notice that across the country council administrations of every political hue are being forced to cut back.

All councils face the same crunch: Huge year on year reductions in government funding whilst service demand grows as the population increases, ages and health needs grow more complex.

In Brighton & Hove we face a £25 million hole in our budget for the next financial year, £18 million of that as a direct result of government cuts and the remainder due to increased pressure for our services.

As a Green minority administration we are committed to protecting the essential public services that our citizens depend on. So we will continue with a ‘value for money’ efficiency programme which has saved tens of millions so far. But that won’t be enough so we are also proposing a 5.9% council tax increase for next year. This is equivalent to £1.48 more per week for the usual comparator of a band D household, though the majority of homes in Brighton & Hove are in bands A to C.

This increase won’t plug the hole completely, but it will give us enough breathing room to retain public services, particularly social services for adults and children. We know that by making such bold proposals there is much greater engagement by residents in the realities of the huge challenges facing council finances. As the debates developed we’ve seen many agree that a greater contribution through council tax is needed to protect the services they value.

Opposition parties will continue to utter empty platitudes about the need to be more efficient and cut down on management, but citizens deserve better than such comments which could never plug our budget gap. We’ve saved tens of millions in efficiencies already, and reduced management spend to its lowest ever. Rather than having a go at each other, residents need their councillors to work together on the huge challenges ahead.

As a Green I’m committed to protecting public services, reducing inequality and improving my city’s wellbeing. These are particularly tough challenges at a time when budgets are being squeezed so hard. Yet I do believe that by backing a 5.9% tax increase we can keep supporting those in need while keeping Brighton & Hove great.

My plans for the future

In 2010 as a family we agreed that, if re-selected for the 2011 council elections, this would be my last term on the council, and so it will be. It has been a huge honour and privilege to serve the residents of Regency ward since 2007, it’s a wonderful area to represent. To have been able to serve my second term as a councillor in administration, leading our city, has also been an immense honour.

In dealing with the challenges we’ve faced, I’ve done all I can to contribute positively to our city for the benefit of all who live, work and visit here. I’m proud of what we’ve been able to achieve as a Green administration that I have led since 2012.

However at this stage in my life I am ready for a new challenge. I won’t be pursuing active politics any longer but do want to continue public service in some way. I have no firm plans as yet and intend to continue in my current role until the council term ends as there’s lots still to do.

This has been my decision, taken with my family.

My passion for our city is undiminished and I wish all those involved with continuing to support our city’s wellbeing the very best. You have my support and admiration.

Update on Independent report on Estonia’s e-voting

On Saturday 10th May we (the Independent Team) informed key stakeholders in Estonia that we would be reporting our findings the coming Monday. We contacted the Estonian Elections Committee, other officials and agencies as well as media. We did this impartially and openly to avoid being seen to favour any one political party or media source.

Late on Sunday 11th May we launched our website summarising the findings and supporting them with photos and videos.

On Monday 12th May we held a press conference – to which there had been an open invitation – to present our findings and answer questions from anyone who wanted to. That day a first response to our work was posted by the Estonian Electronic Voting Committee’s Facebook page, to which we responded.

On Tuesday 13th May we met privately with members of the Estonian Electronic Voting Committee (which is part of the overall Elections Committee).  There we talked through our findings and shared technical details of issues and vulnerabilities that will not be published until the current elections are over. We also assured them that we would not publish any demonstration code until after the election, and would not interact with the live voting system if they chose to proceed with using it for the European Parliamentary elections. They confirmed they would proceed with using their system. I was particularly surprised when the Electronic Voting Committee members said they could think of no circumstances in which they wouldn’t proceed with using their system.

The same day the Elections Committee published a lengthy response to The Guardian’s reporting of our findings. We responded in full here.

Since Monday we have had significant interest from a range of people in Estonia’s tech industry who we have met or corresponded with. We have also seen local and international media reporting on our findings.

Sadly, despite repeated requests, we have not been able to meet with representatives of the Estonian government nor the key Parliamentary committees with oversight on these issues. The Estonian Prime Minister and President have used the media (and social media) to dismiss our work and suggest we are working to favour one political party over another in Estonia. That simply isn’t true, such a response would appear to be a case of trying to shoot the messenger rather than hear some uncomfortable truths.

On Saturday 17th May we published the detailed technical analysis report to expand on and support the findings we had published a week earlier. The paper has also been submitted to an academic conference.

I have been pleased to see such widespread discussion of our findings. However some have sought to shut down the debate by seeking to query our independence and integrity. These claims have no truth and team members have a strong record of examining the security of e-voting systems around the world without any fear or favour for political parties of any type.

Some have suggested that Estonia is uniquely able to deliver secure online voting because of their universal ID smartcards and cyberwar protections. They would argue that no other country than Estonia has the infrastructure to use online voting. Whilst I agree that Estonia has a highly developed online infrastructure, which is incredibly exciting for e-government applications, even that isn’t enough for the uniquely difficult problem of online voting.

The debate is for Estonian citizens to have now with input from the EU and NATO where they have obligations as a member-state. If I was an Estonian I would be voting on paper but happily making use of their online services for tax, health and more.

Estonia and the risks of internet voting

Originally posted on the Open Rights Group Blog.

In my capacity as an ORG Advisory Council member I’ve been working with an independent team of election observers researching the Internet voting systems used by Estonia. Why should anyone in the UK be interested in this?

Two reasons: Firstly Estonia is regularly held up as a model of e-government and e-voting that many countries, including the UK, wish to emulate. Secondly, after years of e-voting being off the UK agenda (thanks in part to ORG’s previous work in this area), the chair of the Electoral Commission recently put the idea of e-voting for British elections back in play.

Before our or any other government leaps to copy the Estonian model, our team wanted to better understand the strengths and weaknesses of the Estonian system. So several of us monitored the internet voting in operation for Estonia’s October 2013 municipal elections as official observers accredited the Estonian National Election Committee. Subsequently the team used the openly published source code and procedures for the Estonian system to build a replica in a lab environment at the University of Michigan. This enabled detailed analysis and research to be undertaken on the replica of the real system.

Despite being built on their impressive national ID smartcard infrastructure, we were able to find very significant flaws in the Estonian internet voting system, which they call “I-voting”. There were several serious problems identified:

Obsolete threat model

The Estonian system uses a security architecture that may have been adequate when the system was introduced a decade ago, but it is now dangerously out of date. Since the time the system was designed, state-level cyberattacks have become a very real threat. Recent attacks by China against U.S. companies, by the U.S. against Iran, and by the U.K. against European telecoms demonstrate the proliferation and sophistication of state-level attackers. Estonia itself suffered massive denial-of-service attacks in 2007 attributed to Russia.

Estonia’s system places extreme trust in election servers and voters’ computers — all easy targets for a foreign power. The report demonstrates multiple ways that today’s state-level attackers could exploit the Estonian system to change votes, compromise the secret ballot, disrupt elections, or cast doubt on the fairness of results.

Abundant lapses in operational security and procedures

Observation of the way the I-voting system was operated by election staff highlighted a lack of adequate procedures for both daily operations and handling anomalies. This creates opportunities for attacks and errors to occur and makes it difficult for auditors to determine whether correct actions were taken.

Close inspection of videos published by election officials reveals numerous lapses in the most basic security practices. They appear to show the workers downloading essential software over unsecured Internet connections, typing secret passwords and PINs in full view of the camera, and preparing election software for distribution to the public on insecure personal computers, among other examples. These actions indicate a dangerously inadequate level of professionalism in security administration that leaves the whole system open to attack and manipulation.

Serious vulnerabilities demonstrated

The authors reproduced the e-voting system in their laboratory using the published source code and client software. They then attempted to attack it, playing the role of a foreign power (or a well resourced candidate willing to pay a criminal organization to ensure they win). The team found that the Estonian I-voting system is vulnerable to a range of attacks that could undetectably alter election results. They constructed detailed demonstration attacks for two such examples:

Server-side attacks: Malware that rigs the vote count

The e-voting system places complete trust in the server that counts the votes at the end of the election process. Votes are decrypted and counted entirely within the unobservable “black box” of the counting server. This creates an opportunity for an attacker who compromises this server to modify the results of the vote counting.

The researchers demonstrated that they can infect the counting server with vote-stealing malware. In this attack, a state-level attacker or a dishonest election official inserts a stealthy form of infectious code onto a computer used in the pre-election setup process. The infection spreads via software DVDs used to install the operating systems on all the election servers. This code ensures that the basic checks used to ensure the integrity of the software would still appear to pass, despite the software having been modified. The attack’s modifications would replace the results of the vote decryption process with the attacker’s preferred set of votes, thus silently changing the results of the election to their preferred outcome.

Client-side attacks: A bot that overwrites your vote

Client-side attacks have been proposed in the past, but the team found that constructing fully functional client-side attacks is alarmingly straightforward. Although Estonia uses many security safeguards — including encrypted web sites, security chips in national ID cards, and smartphone-based vote confirmation — all of these checks can be bypassed by a realistic attacker.

A voter’s home or work computer is attacked by infecting it with malware, as millions of computers are every year. This malicious software could be delivered by pre-existing infections (botnets) or by compromising the voting client before it is downloaded by voters by exploiting operational security lapses. The attacker’s  software would be able to observe a citizen voting then could silently steal the PIN codes required to use the voter’s ID card. The next time the citizen inserts the ID card — say, to access their bank account — the malware can use the stolen PINs to cast a replacement vote for the attacker’s preferred candidate. This attack could be replicated across tens of thousands of computers. Preparation could being well in advance of the election starting by using a replica of the I-voting system, as the team did for their tests.

Insufficient transparency to establish trust in election outcomes

Despite positive gestures towards transparency — such as releasing portions of the software as open source and posting many hours of videos documenting the configuration and tabulation steps — Estonia’s system fails to provide compelling proof that election outcomes are correct. Critical steps occur off camera, and potentially vulnerable portions of the software are not available for public inspection. (Though making source code openly available is not sufficient to protect the software from flaws and attacks.) Many potential vulnerabilities and forms of attack would be impossible to detect based on the information provided to the public. So while the researchers applaud attempts at transparency, ultimately too much of how the I-voting system operates is invisible for it to be able to convince skeptical voters or candidates in the outcomes.

To illustrate this point, the team filmed themselves carrying out exactly the same procedural steps that real election officials show innearly 24 hours of videos from the 2013 elections. However, due to the presence of malware injected by the team before the recordings started, their count produces a dishonest result.

Recommendation: E-voting should be withdrawn

After studying other e-voting systems around the world, the team was particularly alarmed by the Estonian I-voting system. It has serious design weaknesses that are exacerbated by weak operational management. It has been built on assumptions which are outdated and do not reflect the contemporary reality of state-level attacks and sophisticated cybercrime. These problems stem from fundamental architectural problems that cannot be resolved with quick fixes or interim steps.

While we believe e-government has many promising uses, the Estonian I-voting system carries grave risks — elections could be stolen, disrupted, or cast into disrepute. In light of these problems, our urgent recommendation is that to maintain the integrity of the Estonian electoral process, use of the Estonian I-voting system should be immediately discontinued.

Our work shows that despite a decade of experience and advanced e-government infrastructure Estonia are unable to provide a secure e-voting system. So we believe other countries including the UK should learn from this that voting is a uniquely challenging system to provide online whilst maintaining the fundamental requirements of fair elections: secrecy of the vote, security and accuracy. The significant costs of attempting to build such a system would be better directed at other forms of e-government which can provide greater and more reliable benefits for citizens without risking the sanctity of elections.

Read and watch more about this work at https://estoniaevoting.org