The Register recently published two articles by Thomas C Greene examining e-voting security. Unfortunately the pieces are rather flawed. The first, “E-voting security: looking good on paper?” examines paper based voter verifiable audit trails (VVAT). The article doesn’t start well:

The voter’s paper receipt has become the security idee fixe of DRE skeptics, and a shibboleth identifying those who are on the ‘right’ side of the debate.

This is not true in two ways… Firstly, the potentially paper token used in VVAT is not a receipt! A receipt is something you can take with you to prove a transaction occurred. If VVAT did mean using a receipt then we’d be allowing vote selling. But we don’t mean a receipt, we mean a paper ballot which is left in the polling station. Secondly, paper trails are not an ‘idée fixe’ for e-voting skeptics, both David Dill’s US resolution on VVAT and our European resolution are carefully worded to not imply paper. The resolutions support any form of voter verifiable audit trail that meets the requirements set out, it’s just that right now the best example uses paper.

Now that I’ve cleared up those two points let us proceed to some of his other assertions in the first article…

People imagine that, so long as the printout matches their recollection of votes cast, it’s proof that the DRE machine is recording their votes properly. In fact, it’s no such thing. It’s proof only that the printer is recording their votes accurately.

I’ve never ever heard anyone claim that a printout proves that the DRE machine is accurately recording their vote. Greene presents an obvious statement as insight. The whole point of VVAT is that we can never be sure of what the DRE machines are doing with our votes, hence the need for a second channel.

The receipt has no immediate diagnostic value. It can only tell a voter whether the data sent to the printer is the same data he recalls entering at the touch screen. The machine could well be rigged for a miscount, only with voter choices printed accurately. This sort of discrepancy would not be discovered until the electronic results are tabulated, by which time the damage will have been done.

Again statement of the obvious – of course the machine could show/print one thing to voters while store another. This is why VVAT is needed and electronic results cannot be trusted! Yet such arguments, logically correct whilst missing the point, get echoed by people such as VoteHere’s highly competent founder Jim Adler.

The only useful purpose of the paper trail would be to enable a recount using a different medium when there is reason to suspect the electronic results. However, for the printouts to be of any value in a recount, voters would have to review them carefully and note any discrepancies before the receipts are collected.

Similarly in a blog post Jim Adler refers to his 64 year old mother wondering over what happens if she doesn’t check the paper ballot in a VVAT process. In other words he argues that VVAT doesn’t prove the accuracy of machine results or the accuracy of paper for recount as neither is checked if the voter doesn’t look at the paper. Furthermore Adler’s mother could testify in court that she didn’t look at paper so it can’t be trusted for a recount. But I say people could equally testify that they didn’t check electronic verification codes proposed by Adler’s company, thereby making the counting of electronic votes invalid.

Of course if all voters did not check their printouts then we could not have much confidence that the paper accurately recorded the voters’ intent. However, as Fergal Daly from Irish Citizens for Trustworthy E-voting writes in a letter to The Register (“Letters: We want our e-voting paper trail”), it would take only a small percentage of voters to check their printout to make the probability of fraud going undetected in an election vanishingly small. Of course some won’t check, but you can bet many will, particularly if it’s made clear that in a recount the paper result is the legally binding one.

Furthermore, there is no guarantee that the paper record will be the one recounted.

This is where legislation needs to be changed. Greene argues that under current legislation recounts would have to be done in the same manner as the original election and that there would be no mandate to hold the paper result over the electronic result. All VVAT campaigners are asking for changes in legislation and electoral procedures to accompany VVAT. In most countries, including the UK, legislative changes will be necessary before any form of e-voting can be used in a general election. Such legislation will need to give the paper trail (if used) primacy, procedures will need to be modified and it must be made clear that there will be a high chance of the VVAT being counted. Thus not only if there are doubts over a result or the result is particularly close, but a significant random number of constituencies must recount no matter what. This significantly increases the chances of fraud being detected.

In his second article, “E-voting security: getting it right”, Greene summarised his first piece with the following:

The much-celebrated voter verifiable paper trail is useless as a security measure for Direct Recording Electronic (DRE) election systems, and actually introduces far more problems than it solves.

A strong claim which I don’t believe he actually backs up in the article. Anyway let us proceed to his second piece. He begins by acknowledging the less than satisfactory approaches most e-voting vendors have taken to developing and testing their products. Yet when Greene comes to providing remedies he seems to be rather naive:

Guarding against post-certification tampering [of source code] would be a simple matter. First, as soon as certification is complete, checksums of all software components, compilers included, would be recorded, and then verified later, on election day before the machines are put to use. Any machine with the wrong checksums would be pulled.

There are several issues here but it is by no means ‘a simple matter’. Yes checksums can be generated, but will ordinary voters trust them? Checksums are not infallible and how can voters trust that they are properly verified? There is a significant amount of code on your average DRE… the voting system, the user interface (including audio files, device drivers for sound output & touchscreens) as well as the operating system (which can be a behemoth like Windows 2000). That’s a lot to checksum and keep tabs on. But what happens when there is an update to any one of those components, especially if it’s time critical? Are checksums going to protect the system integrity? No. The reality is that under the pressure of election day most polling workers will ignore a checksum which doesn’t verify.

Credit where credit us due though… Greene is right on the money when he recommends improving the physical security surrounding elections and e-voting hardware. His recommendations in this area are good but costly. Then things get worse again…

It is crucial that there be an independent testing and certification authority, and that it be in possession of all source code, compilers and firmware, to verify that the equipment works properly, and to guard against vendor backdoors and default admin passwords, etc.

While independent testing is crucial we cannot assume, as Greene seems to, that cerification always catches holes. As Chris Soghoian and Avi Rubin argue, who tests the testing authorities?

Later on in his article Greene suggests that terminals use ‘cryptographically protected’ hard disks to store votes as a backup for recounts. Not only would using hard disks for vote storage create logistical issues if the main storage is removable flash memory, but it misses the point. A hard disk would not be a second independent channel as VVAT could be. The hard disk would be a copy of the existing electronic channel which would still be counted with the same electronic algorithm. Thus recounts would only differ if a bug or hardware failure prevented the same electronic votes getting to all digital storage media used.

Greene also weighs in on the topic of logging:

Most importantly, all database activity should be logged, and the access logs and system logs should be audited before an election is certified.
…
The terminals must be capable of extensive access and system logging, and logs must be audited when a machine is suspect or malfunctions

Logs are an important part of catching attacks. They help prevent the worse case scenario of an undetected successful compromise of a system. But what about voter secrecy? The unique challenge with e-voting, a challenge Greene never acknowledges, is that votes must be secure, accurate and anonymous. This makes electronic voting unlike most other electronic transactions. Thus we cannot just apply the ‘usual’ techniques to e-voting without thought. Detailed logs, useful from a security and audit perspective, may well undermine the secrecy of a ballot and so must be implemented with great care.

Greene mentions an ‘elections database’in his second article without ever clarifying what this is, the electoral register, the place storing cast votes or what?

His checklist of 12 things that could be done to secure elections is not too bad. Though again it just doesn’t acknowledge the unique challenges e-voting presents.

Greene’s conclusion is worth repeating in full…

Quality elections don’t come cheap

It isn’t necessary for the vendors to re-design their equipment radically. Indeed, all that’s needed is for the public to demand that they do what they do, only the right way. “Good enough” simply isn’t good enough; the system has got to be right.

Basic security and common sense are all that’s required. The DRE systems offer many real advantages in terms of preventing overvoting, minimizing undervoting, clearly recording voter intent, and offering handicapped access. They can improve the accuracy of election results dramatically, and extend voter franchise, so long as they’re built right, certified right, and secured properly.

At the moment they’re not, but they can be.

Doing it right will not be difficult, though it will be expensive, and the vendors will whine at demands that they make their systems reasonably secure. However, we shouldn’t balk at a system that’s expensive and good, considering what’s at stake here. At the moment, the systems are expensive and lousy, which forms the basis of the vendors’ profits. Under a proper regulatory regime, they will have to earn their money; they will have to work for it. They won’t like it very much, but they’ll get over it in time.

Surely the public deserves to vote on equipment that’s at least as reliable as a video poker machine.

Yes the public deserve to vote on reliable, secure and accurate systems, if such systems must be used. But doing e-voting ‘right’ will be difficult AND expensive.

In his letter to The Register Fergal Daly, acknowledges the fact that us campaigners know that DRE+VVAT sucks, but it’s better than DRE. Greene attacks DRE+VVAT when we know it isn’t ideal. Still most of Greene’s arguments land wide of the mark. Whenever I make a presentation to promote VVAT I conclude by saying “If adding VVAT in the form of a paper trail to an e-voting system sounds expensive and complicated, that’s because it is. But it’s the best way to fix a broken system. Ideally we’ll never get these expensive systems that have few benefits yet many risks. My preferred system is pencil and paper, it works!”

After a few days to re-synchronise I can now report some thoughts on the European Science Foundation’s E-Voting in Europe Workshop held in Bregenz, Austria.

There was an interesting mix of attendees ranging from academics, testing lab employees, civil servants, suppliers and electoral lawyers. The quality and openness of the debate was without a doubt the highest I have experienced at any e-voting event, other attendees commented to similar effect. Nevertheless I would say that the underlying assumption was still that implementation of e-voting is a matter of when and not if. But when for this group was further off (7-10 years) than others, such as the UK government, might hope.

The first day kicked off with Michael Remmert talking about the recently finalised Council of Europe standards on e-voting. I haven’t had a chance to look at the latest draft in detail but I find it interesting to note that they currently recommend Election Markup Language (EML) for encouraging vendor interoperability. I helped to write the first drafts of EML, my experiences forming part of a forthcoming paper. EML has its failings but it’s gratifying to see it still being referred to.

Most of the other presentations were pretty much as expected. Many speaking of e-voting improving turnout with no evidence to back such claims. Nadja Braun, a lawyer from the Federal Chancellry of Switzerland, accepted that in the short term cost savings wouldn’t be found in implementing e-voting. Her sensible presentation was unfortunately marred by a comment in response to a question where she claimed that Switzerland could take higher risks with voting systems because “it wasn’t Eastern Europe.”

Results from several surveys were presented which generally indicated a high level of confidence in the systems used by voters. Anne Marie Oostven, in an excellent presentation which won the best paper award, showed how important voter education is. She surveyed users of a system which was supposed to have had a voter verification process. The verification process never made it into the final software but by this time surveys had already been printed asking about the feature. Even without any voter verifiability voters reported a very high level of trust in the verification process! I loved this presentation for so many reasons – it was well put together, the results highlighted how we cannot assume voters will instinctively see the risks in e-voting and it was a finding emerging from an unintended sequence of events. The best of science!

Christopher Soghoian, a PhD student supervised by Avi Rubin at the John Hopkins Information Security Institute, also had a great little presentation. Chris and his colleagues asked a group of students to write ‘good’ software for DREs and also compromised software with hidden backdoors. Some backdoors were concealed in whitespace and others in image files – lots of creative approaches were tried. Then… here comes the fun part, each team of students was given three of their DRE programs. They had to find if there were any backdoors or exploits hidden in the code. The students knew that one program was ‘good’, one was ‘bad’ and one unknown.

It was found that those good at making backdoors were often poor at spotting backdoors in code, especially those that were hidden in methods not used by those examining the code. In other words code auditing requires different skills to writing clever code. Chris finished up his presentation with a proposal that security services such as NSA and GCHQ take a role in examining e-voting code. A good idea, I think, as it’s likely that our enemies’ services will be trying to examine our e-voting systems. Finally he mentioned that Avi wants to test how reliable the code certifying labs are by submitting the code of a real DRE system compromised with an exploit inserted by the John Hopkins crew. If the lab catches the exploit then so much the better, if not then we begin to worry even more. This is a superb idea, airport security regularly gets tested with government agents trying to smuggle guns or bomb-like apparatus past the security checks. Shouldn’t certification labs also be kept on their toes?

A presentation from Spanish e-voting supplier Scytl was interesting for how underwhelmed many felt once it was over. Scytl have made some very large claims about their system in papers and press coverage. In his presentation their founder Dr Andreu Riera said “The magic thing is that if that server is kept honest then the whole system is honest!” I begin to worry whenever magic is mentioned in the context of technology… There are several potential problems I can see with their system but the most surprising is the poor voter verification. Their system provides an electronic verification code which only proves (if you trust the system and it hasn’t been compromised) that your ballot has been decrypted. Why does a voter care about this? Verification of my vote being accurately recorded and (ideally) counted is what I care about. Verification of vote decryption is a procedural notification… imagine if Amazon would inform you when they had successfully encrypted your credit card details for sending to the bank for processing… I wouldn’t care. I want to know when I’m going to get my book. Scytl would have been much better served if they hadn’t burst into the e-voting community making such huge claims.

Some interesting new legal issues were raised by several speakers. In particular Niels Meißner, Volker Hartmann and Dieter Richter from Physikalisch-Technische Bundesanstalt, Germany raised the problem of “intermediate storage”. This problem is concerned over what the legal status is of a vote between a voter clicking ‘send’ and a server recording the vote. Does the vote count as being cast or is it still technically in the voter’s hand? This is particularly important when considering what happens when an election closes with votes still in transit.

The final day of presentations began with a presentation by Alexandros Xenakis from the International Teledemocracy Centre at the University of Napier. Essentially his presentation regurgitated portions of Electoral Commission reports on the e-voting pilots 2002-2003 conducted in Sheffield and St.Albans. When asked why he had omitted the cost of £75 per vote cast that Sheffield incurred in 2003 and costs in general, Xenakis responded that as a Greek citizen he didn’t care how the UK government spent their money! Ok… but still for those in other countries trying similar experiments costs would be of interest, I imagine.

I’m a big fan of public disclosure. Tell people your interests and let them decide your motivations. So I couldn’t help but raise an issue with Xenakis during his Q&A period. The International Teledemocracy Centre is funded by British Telecom (BT) and in fact all the pilots Xenakis examined were run by BT. I don’t think there’s a conspiracy there but I do know that this BT connection at least got Xenakis access to what were otherwise closed pilot activities. It would be professional to raise these facts and let fellow academics draw their own conclusions. It’s also courteous and sensible as it prevents accusations of impropriety at a later date. Xenakis claimed his paper was a comparative analysis of publicly available documents – not publishing cost figures or the fact that BT was the main supplier seems a little odd. Xenakis didn’t take kindly to my interjections but my day was going to get even more antagonistic…

But first Margaret McGaley gave a fun and clear presentation on the mess that has been e-voting in the Republic of Ireland. It was incredible to hear that her co-author had spent thousands of Euros on freedom of information requests on the e-voting system due to repeated government attempts to block his access. This resulted in Margaret’s supervisor going to appeal which he invariable won. Freedom of Information should not be costing interested citizens thousands… crazy!

I hadn’t submitted a paper to this workshop as I’d thought I’d be at another conference which didn’t work out in the end. But as the workshop progressed I felt that I could contribute something on the European push for voter verifiability][fp_vv]. I asked Robert Krimmer, one of the conference organisers, if I could have ten minutes to speak and he very kindly agreed. Unfortunately the session chair hadn’t been briefed and was ready to run to coffee before Robert managed to reign in the brewing caffeine stampede to let me do my bit. It didn’t start well with everyone wanting their cup of joe but I pushed onwards with a very short presentation I call “Voter Verifiability: The Elevator Pitch” which is a micro version of something I presented at the University of Bournemouth to a very positive response.

Perhaps I didn’t judge my crowd so well but I went for it (as I normally do) with lovely Keynote slides, Salling Clicker enabled Bluetooth phone controlling my Powerbook and yours truly walking around the whole conference room. When compared to people stuck behind a podium with 30-odd Powerpoint slides apiece I probably wasn’t fitting in.

Anyways I did my piece, at the end of which the session chair promptly pushed everyone to coffee with no time at all for Q&A. At this point Thomas Buschbaum, from the Federal Ministry for Foreign Affairs came up to me. He said that I had not been sufficiently subdued or academic. He felt that I had been campaigning and should have been thrown out – I would have been if I was a supplier, he felt. He challenged my credentials and academic standing in a rather abrupt manner. I replied that I did not feel he was adressing me in an appropriate way. I continued stating that he did not have to agree with me but listening to the varying viewpoints was key to government gaining legitimacy for introducing a change such as e-voting. He responded saying that just because I couldn’t build a workable e-voting system didn’t mean one wasn’t possible. As I began to respond he lifted his hand in front of my face and blocked me from his view. He would not acknowledge me from that point onwards.

Indeed from that point on, until the workshop ended that afternoon most people seemed to steer clear from me. Some ‘friendlies’ suggested that I could have taken a softer approach and spoken less loudly. I was very much surprised, my presentation had been short and uncontroversial merely summarising the arguments for and against e-voting, highlighting Florida 2000 as an example of where voters’ intentions were not accurately recorded before explaining voter verifiable audit trails and showing the web address for the European campaign for voter verifiable e-voting. I did ask people to support the resolution on voter verifiability, so what? A resolution for e-voting would surely have been accepted with grace.

It was a shame that such an excellent workshop was marred, for me at least, by the events of the final day. But still it was wonderfully organised and an excellent range of people attended the event. Yes, they seem mostly optimistic about e-voting in the long term, but many could also see most of the problems. That’s step one, I just hope that they will give people like me a chance to explain why vendor assurances aren’t enough to say that the key challenges in e-voting have been successfully overcome. That will be step two.

Comments copied from the previous version of my blog:

Never mind. The Minister is a far-right womanoid lifeform of depressing nature, much given to poor imitations of Thatcher, and it’s no surprise that the ogre’s character will filter down to her dwarves. Congrats on pissing off a dull and dishonest little government!
http://yorkshire-ranter.blogspot.com
12:03:21 GMT 15-07-2004 Alex

I cannot understand why this workshop has been marred for you, just because you met one person of the austrian foreign ministry who is not as diplomatically skilled as one might have assumed. There was only one coffee break left after your lecture, so your perception that most people would have steemed clear from you cannot be based on sufficient data ;-), I think.

The form of your presentation has been absoutely adequate to the content. There was no doubt that you were rallying for your resolution. This campaigning was absoutely profesionally and adequately done – a perfect show! I agree with you that a pro e-voting resolution campaign would also have fitted perfectly into the workshop. I don’t think that it would have been ok to include a corresponding paper to your lecture into the proceedings volume as the style would not have been similar to that of the other papers. But the lecture you gave was just great and had a very appropriate style.

And nobody but one person assumed that just because you did a very good campaign show and you didn’t tried too hard to show off with your academic regalia, that you do not have a perfect academic standing.
07:43:53 GMT 28-07-2004 Peter Wilm

Kind words
Thank you for your kind words Peter, perhaps it seemed worse at the time then it does now 🙂
15:08:07 GMT 28-07-2004 Jason Kitcat

Reading Ron Rivest's own notes of his talk at the Kennedy School of Government's Digital Voting Symposium reminded me how easy it is for technologists to be seduced by technical solutions.

In his talk he likens the e-voting machines of today to cars built without any roof. Paper trails he likens to an umbrella for owners of such roofless cars when, he argues, owners would be better off waiting for new designs resistant to rain. New car designs in his analogy are like the new ideas for e-voting systems centred on cryptography (as opposed to those that just use crypto to secure communications). Such new systems, as proposed by David Chaum and Andy Neff, are based on some very clever mathematics. This maths theoretically proves elections to be accurate and secure.

Rivest is a technologist and cryptographer and so it's not surprising that he's seduced by these proposed systems. But he forgets human nature… candidates, election agents and voters want to be able to trust votes that they can see and not fancy mathematics or cryptography. This isn't an anti-science perspective… I'm not arguing that voters are ignorant and so we can't use technology. I'm arguing that democracy is precious and complex technical systems create too many opportunities for abuse to be worth it.

In the final analysis Rivest is with the majority who fail to even stop and ask… why do we need electronic voting systems?

Thanks to Ian Brown for pointing me to Ron Rivest's notes

CNET News.com hosted an interesting discussion between various voices in the e-voting debate. It delves into some of the specifics of US electoral legislation but it's still surprising to read some academics claiming that:

• e-voting systems are not systemically unauditable
• examining e-banking is a useful way of exploring e-voting issues

No, no, no! While e-voting machines may survive to be examined if questions arise after an election, we cannot be sure that the code on the machine is that used during the election. Candidates have confidence in the results of 'traditional' elections because they can all watch the paper ballots being counted. This simply is not possible with an all-electronic election.

And as for e-banking, it isn't anything like e-voting because it doesn't have to be secure, private AND anonymous. It is the need for these three factors that makes e-voting uniquely challenging technically.

Also US-centric, but useful, is the Association for Computing Machinery's Member Opinion Poll on whether they should lobby for voter verifiability in e-voting. So far 93.9% of respondents somewhat or strongly agree with a physical record of ballots (a stunning 84.98% or 2,382 members strongly agree). This is important because not only does ACM rarely get involved in policy (though more than it used to) but because members have to authenticate themselves before voting.

I'm still catching up on email – horrible how it builds up when you don't have a decent Internet connection.

A few weeks back now The Register reported on how the Dutch have open sourced their e-voting system. To be precise this isn't the code for the Powervote/Nedap kiosks, this is the code developed by LogicaCMG for the KOA remote e-voting project for expats. However as Wolter Pieters says on his excellent page about Dutch e-voting only source not proprietary to LogicaCMG has been published. So you cannot compile and run what has been released.

A report in KableNET contradicts this, quoting an officials as saying “The complete software is available.” But the Kable article is confused over whether this is the software to run the Nedap kiosks or for the KOA remote project.

Either way, it is a good step to publish some of the code, but in terms of verification partial publication is nowhere nearly enough. It's great that the Dutch government forced this much code to go online but we also need measures to track how this code is used on election day. How can we be sure that the source published is that used?

Updated 3/7/04 with link + comment on KableNET story]

The dust has settled a little on the European and local election results. So the time seems right to provide a bit more analysis on the various trends and issues that arise.

Turnout

Across Europe turnout was down significantly. This was partly due to incredibly low turnout in the accession countries. At first blush this is a surprise – surely the new EU members would be proudly trooping down to their polling stations? Actually, no. The deputy foreign minister of Poland was interviewed by David Dimbelby on the BBC's Euro election night coverage. He summarised the issue rather well… In essence he said that having had referendums on EU membership last year many felt like this issue had been 'done' for the time being. There was little evidence of EU activity on which to base another vote. This was especially so when you think that very few had any idea about what the European Parliament does now and might do for them (I might add, not many anywhere in the EU know much about the parliament!). Several of the new member countries, including Poland, don't have a strong tradition of voting in any elections. So roll all those issues together and you get low turnout.

But the UK bucked the trend, turnout was up here, even in regions where all-postal ballots were not being piloted. We went from 24% to 38.2%, an impressive boost

How could this be in a country famous for its ambivalence to Europe? Anger over the war in Iraq played a part, as did increasing coverage of European issues thanks to wrangles over the constitution and UKIP's rise to prominence by snagging media-friendly Kilroy as a candidate. Technical issues helped too, combining several ballots is a well known ploy for boosting turnout. Having the London elections and council elections at the same time helped increase media coverage and motivation for voters to turn out. Additionally the more proportional d'Hondt voting system for European elections encourages participation as people know that voting for 'the other parties' does have an affect.

Still we could obviously do better, any election turnout below 50% is depressing. But before we can see serious turnout gains the European Parliament and the semi-proportional voting system we use to elect MEPs both need radical reform. How far the new MEPs can push this agenda will be interesting to watch.

Spoilt & Postal Ballots

I've already explored the high number of spoilt ballots recorded in the London elections. Just a small addition to the London story, eGov monitor Weekly reports that the electronic counting used in London was deemed a complete success – counting all the ballots for three elections was completed in one day. No mention has been made of what role the e-counting had in the high number of spoilt ballots reported. I can't find a link to the report on the eGov monitor site so here's the report copied from their email newsletter:

Use of electronic counting in London's combined local, European and mayoral elections has been deemed a success with no reported technical issues, election officials said today.

Counting of ballot papers started on Friday morning and was completed by 8pm the same day. The procedure which would have normally taken several days had the count been conducted manually. It was the second time that e-counting technology had been used in London elections, and also the only implementation to take place in the UK during last week's elections.

A spokesperson for London Elects, which managed the planning of the elections, indicated that the outcome of the trials had been more than satisfactory. “The technology worked excellently and we were able to count almost six million ballot papers under three different electoral systems within hours, rather than days if they were counted manually”, a spokesperson told eGov monitor Weekly this morning. “This reflects the planning we have done, and the hard work put into these elections by DRS, who supplied the technology, and particularly the London boroughs.”

This positive outcome is contradicted by a Guardian report which claims that problems were experienced with the e-counting in London. In particular the report claims that ballots were rejected when a crucial bar code was torn. It isn't made clear if ballots rejected in this manner were subsequently hand counted.

(More background info on the e-counting in London and the London Elects micro-site on how they counted the ballots)

For the European elections spoilt ballots were only a major issue in areas piloting the postal ballots. For example, South Shields (a pilot area) had 4,145 spoilt ballots, more than the number spoilt across all Scotland! Altogether over 85,000 votes were discarded in the four pilot areas. Barbara O'Toole, an incumbent Labour MEP, lost her seat to LibDems by 11,500 votes. Observers are speculating that she may have lost her seat to the spoilt ballots. It's impossible to say for sure but, as with London, the results are undoubtedly different from what voters intended.

On the matter of fraud in the postal pilots returning officers and police officers have been wheeled out to state that:

“the scale of fraud and malpractice is broadly similar to previous years“

But this isn't entirely convincing. How can we be sure that fraud is higher or lower? Surely the whole problem with all-postal ballots is that it is so easy to perpetrate fraud undetectably. As the Electoral Commission has stated in reviews of previous pilots, there are not sufficient measures in place to detect fraud (see pp8 of my report Uncertain Elections for more on this [PDF]).

The key measure ostensibly designed to discourage fraud in postal ballots is the witness statement. This, for those haven't seen one, is a little form where the voter signs to say that they cast their vote and nobody else did. They then get a witness (which can be anybody) to sign the form and provide their address. The forms are complicated, completely unverifiable and reinforce the feeling that postal ballots aren't anonymous.

Indeed it would seem that a key reason for the massive numbers of spoilt ballots in the pilot areas was the witness statement. [The Independent reports] that up to 60,000 ballots were declared invalid due to the witness statement, often because they weren't included with the ballot when posted back to the returning offcers.

An excellent Guardian leader on the postal ballots correctly argues that not only did turnout rise in areas without the pilots, but forcing the pilots into more areas than recommended had backfired. A key reason for people not voting is a lack of faith in politicians and the political system. Not only did the postal pilots undermine faith in the procedural strength of our electoral system, but by forcing them in areas which the Electoral Commission felt weren't ready the politicians reinforced the lack of trust. It was clear that John Prescott thought boosting turnout in northern regions would help prop-up the notorious stay-at-home Labour vote. As the Guardian says:

By forcing through compulsory postal voting for apparently self-interested reasons, when the systems were not in place to support it, the government simultaneously undermined both its own claim on the voters' trust, and the voters' faith in the voting system. What someone once called a double-whammy.

Whilst the FT and the Mirror were quite positive on the postal ballots, The Indepedent's leader summed up the matter rather well, if a bit strongly:

“The scheme was cynically conceived and incompetently executed. By concentrating the experiment in the north of the country, Labour was blatantly trying to get its core vote out … Whatever benefit it may have had in boosting turnout, these gains will only come at considerable cost to the integrity of the system.”

Winners & Losers

It goes without saying that UKIP have gained considerable coverage from their meteoric rise. However others also did well… the LibDems had a decent result, nudging their vote share upwards, though losing control of several big councils must have stung.

My party, the Green Party did rather well too. In the local elections we retained all our seats except our only one in Wales. Additionally we added 9 new council seats to those we held. In the European elections we held on to our two MEPs, Jean Lambert in London and Caroline Lucas in the South East region. This is more of a coup then it might at first seem. Due to the recent EU enlargement the number of seats in both these regions had been reduced by one. So we had to win even more votes just to hold on to what we had. This was particularly so with Caroline who last time only scraped in by around 250 votes! This year she had a 'majority' of around 18,000 votes.

Overall the Green Party pushed their vote share upwards. One real unreported success was in Brighton & Hove where the Green vote was, by a whisker, the second largest, pushing Labour into third place. The results:

Brighton & Hove
Elections for European Parliament 2004

Conservative 15,844
Green 12,106
Labour 12,072
UKIP 7,936
LibDem 7,899
Seniors 1,353
BNP 1,055
Respect 996
English Democrats 471
C.P.Alliance 274
Independent 172
Rejected votes 114

(Source: Brighton & Hove Green Party)

This is a great result which confirms that Brighton is the city most likely to see a Green MP elected in the next general election. Strangely, however, the local paper (The Evening Argus) has chosen not to report on this achievement. The headline on the day following the Euro results was “Dog Bites Child” – not a whisper about the Euro results.

A few psephological notes: The Brighton & Hove breakdown is for 3 Westminster constituencies so the votes will be split non-uniformly between each seat during a general election. Additionally the less proportional voting system used for Westminster will natural have an impact, cutting into many of the smaller parties who showed up here. Nevertheless having Greens come second and UKIP come fourth pushing LibDems into 5th place is a story. Respect also have shown themselves to be a non-story with a poor showing locally and nationally.

Long term I can't see UKIP becoming a power in Westminster, but they will probably hold on to their MEPs for some time. The trouble is that with the current European Parliament it's not hard to find people angry about extravagant costs, distant bureaucrats and so on. What the rising vote of parties like UKIP and the BNP shows is that, as LibDem MP Richard Allen says on his blog, the chances of getting proportional representation in Westminster are hovering somewhere around zero.

Two interesting e-voting links.

The first is a very accessible overview of how to throw a presidential election in the USA by attacking DREs.

The second is a rebuttal of the League of Women Voters' pro e-voting position by Dr. Barbara Simons. Partly due to Barbara's advocacy, the League has since moved to a neutral position on e-voting.