Dutch e-voting controversy

Well it's the turn of the Dutch to get some controversy on their e-voting system. The system in the news at the moment (KOA) is only for overseas voters but still it aims to count real votes. The Dutch government rather bravely opened the system to experts, even if the result was criticism. Crypto academics were not impressed with the system at all. Let's see how long the government sticks with it.

What I find surprising is that LogicaCMG were picked to build and run the system. They have no experience in this field at all. If you must get a commercial provider for e-voting, at least pick one who has done e-voting before and can pretend to understand voting's unique challenges.

More on DMeurope.com.

ID cards a go-go

It's all systems go for David Blunkett and his madcap ID card scheme. The consultation on the draft legislation is online on the Home Office website.

The excellent SpyBlog has already taken the legislation apart already!

The LibDems have a rather good press release on the subject and the Green Party have a nice summary briefing paper, with a less good press release on their classy new site.

ID cards are definitely a solution looking for a problem to solve. Every where you look the government is putting forward a different reason for introducing ID cards: reducing terrorism, cutting down health service tourism, preventing identity theft, improving public service delivery or stopping illegal immigration. I'm unable to see how ID cards will have a positive impact on any of these issues. It would appear that the government fundamentally doesn't understand security or authentication issues.

A cost-benefit analysis would show that ID cards are not worth the risk or expense. They create a single point of failure which Blunkett ignores by claiming biometric cards will be 'foolproof'. Nothing is foolproof, especially not technology. But what really takes the biscuit is the expectation that citizens will have to pay to not only get or renew a card but potentially we'll even need to pay to correct the information held on the ID card database.

How not to introduce e-voting

Ireland really are making what can only be called a pig's ear out of introducing e-voting.

The mess just gets worse and worse. I pity the poor electoral officers who are sitting there waiting to see what they're going to be using on June 11th.

The latest developments are reported in The Irish Times, in essence the independent commission set up to assess whether the e-vote should proceed wanted legal indemnification. Without it they wouldn't approve the e-voting system. In other words the commission don't want to be sued when it all goes wrong with the e-voting because they let it go ahead under political pressure.

Surprise, surprise they got the legal indemnification from the Irish government and I think we'll see a green light (with caveats) when the report comes out in a week.

Interestingly the source code for the e-voting system is only leased to the government and some more legal jiggery-pokery was had before the commission were allowed to see the source. Now they have about a week to examine the source and write the report. No problem then.

VoteHere release some code (sort of)

You turn your back to start packing and something happens!

VoteHere have released the code and documentation to their VHTi voter verification technology. You can download it here but read the license first.

Essentially it gives you the right to look at the source code for 60 days and that's it. You can't really use the source for anything useful and more importantly it's referred to everywhere as a 'reference source implementation'. In other words the code could be completely unrelated to what is on the machines using VoteHere's VHTi system.

The Good

Let's be fair, VoteHere have taken a brave step and released this to the world. Of course they're hoping to get some good PR out of this and try to regain some attention amidst the controversy and competition from people like the Open Voting Consortium (more on them when I get back from Poland).

This download does offer insight into the design of the VHTi system and that's no bad thing. This is much more than any other supplier has done so far. And they've done it pretty much willingly – of course they need business but they don't have a gun to their head in the form of legislation or a specific negative story. Opening up the system's design to scrutiny is an important step.

The Bad

Jim Adler, the VoteHere CEO, is a smart guy… but what makes him think that anybody is going to delete the files after the 60 days of the license has expired? There's no realistic way for VoteHere to check compliance (even if they do take your email address on download). It seems like they want to have their cake and eat it – if you're going to put your code on your website you have to let go of it, not try to keep the leash on. 60 days is just silly, they'd have looked a lot better with some kind of standard non-time limited license.

The system is based on patented ideas anyway (software patents are a bad thing but we know that, move along now) so, within the US at least, they're pretty much protected for the moment, license or no license.

But, reference implementation or not, there's absolutely no guarantee that this design or source is going to go anywhere near an e-voting machine.

The Ugly

I'm supposed to be packing but here's one problem I found in a PDF included in the download package:

VoteVerificationCodes Collisions

As currently implemented, a very small number of BSNs may receive the same VoteVerificationCode for more than one BallotAnswer assigned to the same BallotQuestion. If these BSNs are used, it is possible that the voters VoteReceipt will be ambiguous. Though this may appear to be a problem, the event probability is small enough that extremely high confidence can still be achieved via the protocol. A simple remedy would be for voters who receive colliding BSNs to spoil the BSN and ask for another. Subsequent versions of the VHTi library will implement VoteVerificationCode generation so as to completely eliminate collisions within the same BallotQuestion.

Let me explain, quickly as my suitcase isn't done! The VHTi system works by showing the voter a number for the candidate they selected. So say I voted for Ronald McDonald as President on a kiosk then the screen would show his name and a number, 32 for this example. Then I get a printed receipt with the contest and number: President 32 So I can go home and check on a website by entering some code on the receipt which anonymously identifies me. The website should then also show: President 32 Each voter is given a different set of numbers for their choices. So two people voting for Ronald should have different numbers. Only I know that 32 is Ronald McDonald so the receipt can't be used for coercion or vote selling. (However there's no guarantee that because it shows 32 on the website that Ronald McDonald is who gets the vote in the system – I'm not keen on this system but now isn't the time to pick at it).

So what does VoteVerificationCodes Collisions mean? It means that in some cases the choices for a contest could all have the same number. So: President of Country – Ronald McDonald (32) – Humpty Dumpty (88) – Mickey Mouse (91) Is what the ballot could be for someone. But with the problem noted the ballot would be: President of Country – Ronald McDonald (32) – Humpty Dumpty (32) – Mickey Mouse (32) Thus seeing a 32 on the verification website won't mean much. If such a collision doesn't occur often then VoteHere are right, statistically the system (if it works as advertised) should still have enough voters checking to prevent large-scale fraud. But that's not the point, some voters will have been knowingly denied the right to verify that their vote was counted as they intended. This isn't a good bug to have, it's plain ugly.

I'm off to pack now, really.

Easter Hols

I’m off to Poland for a week to see my partner’s family. I’ll be offline during that time so have a peaceful Easter break and I’ll see you once I emerge from the email backlog at the end of next week.

Where’s the context?

I've been playing with RDF Site Summary (RSS) for some time. When I first tried aggregating RSS feeds I did it with a webpage (think of a mini My Yahoo!) which was ok, but a long scroll. Additionally it didn't alert me to which items were new.

So these days I'm using NetNewsWire Lite and so far, so good. It collects all the feeds quickly and I can skim through those that it highlights as unread. But still it seems best to only read blogs and such things through NetNewsWire. Why? Because there's no context for the headlines coming through. So while for a blog where there is only one 'top headline' at a time this is ok. But for something as dense as BBC News online there's a sharp contrast.

BBC New Online     Net News Wire Thumb

The screenshots show BBC News headlines in exactly the same amount of space when shown through a browser and NetNewsWire (Click the thumbnails to enlarge them). Not only does the web version pack more news links in, but it gives them context with their size, placement and pictures. Now with NetNewsWire I know the full version also shows dates in the headline listing but nothing shows me a headline's importance or relationship to other articles.

So while RSS is very useful and will continue to appear in unexpected places, I'm going to stick to reading my news in Safari.

You win some, you lose some

A remarkable few days in the e-government world.

e-voting rollbacks

On March 31st it emerged that the US SERVE project to allow American military to vote from abroad via the Internet had actually been cancelled. In January we heard that it had been put on hold thanks to a critical report on it's technology from an elightened minority a 'Security Peer Review Group' that political pressure had foisted on SERVE. In fact SERVE is so cancelled they've already wiped their website!

This is a big win for those of us opposed to e-voting as it shows that even an organisation as technologically dependent as the US military can see the risks involved with e-voting. Tie this news in with the decision to hold no e-voting pilots in the UK this year and Switzerland's announcement that Swiss living abroad will have to wait until 2010 to vote online and perhaps we're making some progress!

ID card stampede

Now the bad news… The Prime Minister, in his 1st April briefing, seems to have decided that there are only a few minor details to resolve with ID cards now that the main arguments have been won (err… what?). Let me quote directly as it's rather a shocker:

Question You mentioned earlier there might be a need to adjust terrorism laws further and you made reference to ID cards. Can you tell us more about that? And I thought the Cabinet had decided to defer ID cards for a few years.

Prime Minister There are certain issues that are going to come up in the near future about terrorism laws and what we need to do in respect of that, and the … will publish proposals on it. But we need to make sure that in the light of fresh information and operations such as the one that we have >just seen that we are keeping our law up to date with the reality on the ground. The second point in relation to ID cards is that I think there is no longer a civil liberties objection to that in the vast majority of quarters. There is a series of logistical questions, of practical questions, those need to be resolved, but that in my judgment now, the logistics is the only time delay in it, otherwise I think it needs to move forward.

(Full textBBC News Online report)

This is unbelievable in my view. Blair explicitly ties ID Cards with terrorism when we've had other ministers claiming the issues aren't directly related. ID Cards in Spain did not prevent the bombing there and they wouldn't have stopped the 9/11 attacks either.

Yes the logistics of creating a national ID card database are terrifying, particularly with the government's record on large IT projects as shabby as it is. But to completely ignore the widespread opposition, on civil liberties grounds, to ID cards is quite astonishing. Stand.org.uk have lots more to say on it – understandably seeing as the Home Office basically tried to ignore the 5,070 consultation responses Stand marshalled.

Election Manipulation?

What with Taiwan's close election result after an attempted assassination on the President being disputed and much being made of the Socialist's surprise win in ]Spain's general election][3] just after the bombing in Madrid, are we seeing a terrible new method of electoral manipulation? Possibly, but it's a high risk strategy, nobody can ever be sure how an electorate will respond to such extreme actions. In the end resorting to violence undermines whatever political arguments the terrorists might want to make.