Taking the time to get things right

Despite the widely reported Accenture survey which showed the UK government slipping down the e-government performance league table, I say let the government departments take their time to get things right.

The original government gateway was horribly rushed (PDF) resulting in all sorts of problems including the exclusion of non-Microsoft browsers and some wacky PKI implementations. The methodology of these surveys is open to suspicion but that doesn’t prevent them exerting some pressure on departments. I wish they wouldn’t… just slowing down a little would help immensely in making good design decisions which we’ll probably have to live with for a long time. That isn’t to say that like many long time Internet users I’m impatient for the government to be a bit more like Amazon.com!

My current favourite example of a British e-government transactional service has to be the Court Service’s Money Claim Online which is simple and easy to understand. I was owed some small sums of money and probably would never have found the time or inclination to file a Small Claims Court case. Too much hassle, I’d need to find a court to file in, probably involve a solicitor and so on. With Money Claim Online I pay a small fee (£30) and type everything in online then bang off the claim goes. Fantastic.

There’s one small niggle in that your claim details explaining the situation have to be typed in a box which states that no more than 24 line are allowed. But it seems that when the box wraps a line of text this counts as an additional line of text, instead of just when I enter a line-break as one would expect. So I had some fun re-formatting my claim to get past the error messages. Other than that it worked wonderfully… well I haven’t got the money yet, but I’m hopeful.

The Money Claim Online service reduces the transaction costs of individuals wanting to get some justice but have previously felt that it wasn’t possible due to the cost and complexity. Making litigation easier may not be that desirable in the end, but making access to government services in general is highly desirable.

Just when you thought it was safe!

e-voting in Ireland put on ice, the US finally getting to grips with voting kiosks and no e-voting in this year’s elections here in the UK. One might have been lulled into a false sense of security…

Fortunately the Sunday Times slaps us out of our stupor to reveal that the government is thinking of spending £150 million to expand e-voting with a launch target of 2007. Just to rub salt in the wounds the article focusses on how text message e-voting will boost engagement amongst young people while all forms of e-voting will help battle declining turnout.

How many times do we have to show quite clearly that e-voting DOES NOT boost turnout? At least this time the government are going against the recommendations of the Electoral Commission. Time and time again ministers and civil servants accept that they shouldn’t link e-voting with turnout before turning around and just doing that.

Other nuggets of joy:
* The article mentions voting by email, I hope, no I pray, that this is journalistic enthusiasm running amok and not something the source actually stated.

  • Again going completely against the Electoral Commission’s findings the government will propose increasing the deposit for parliamentary candidates (currently £500) to try and prevent extremist candidates. How this can possibly be spun as being democratic I don’t know. As the Commission rightly argues, cutting the deposit will increase the choice available to voters. Though only a decent voting system (Single Transferrable Vote) will make that choice meaningful. You can’t beat extremist candidates by pretending they’re not there or excluding them – open dialogue which removes ignorance and misunderstanding is the only way. Seems to me that an election campaign is an ideal forum for doing that.

  • A proportion of polling booths will be closed, probably to ‘encourage’ use of the e-voting channels and to save money to spend on all those technological goodies. The remaining booths may contain voting kiosks rather than pencil and paper and postal voting could remain an option. Sounds like a nightmare to manage.

The Sunday Times article. Of course this is based on a leak but most agree that the Times family is pretty cosy with Number 10 so I wouldn’t be surprised if this isn’t the first leak in a softening up exercise.

More ‘reassuring’ news on ID cards

Just in case you felt jumpy about the UK government implementing a national database of biometric and personal data accessible from a vast range of locations… here's a reassuring report on how technical problems in the ID card trial has delayed its launch, shortened the trial from 6 to 3 months (surely problems should extend a trial!) and even resulted in the system being returned to the supplier once.

Choice quote from the story: NEC, which is providing the fingerprint-recognition technology for the project, said the Home Office will not allow it to comment.

Full News.com story based, it seems, on a story from Silicon.com here.

No e-voting in Ireland this June!

Excellent result in Ireland, the Minister responsible has been forced to announce that there'll be no e-voting in Ireland this year. After having spent over 52m euros on this project, it's unsurprising that there have been calls for the minister's resignation. If he does go he won't be the first or last political casualty of e-voting.

The Commission's report is available online here.

Other reports: enn.ie, the register, ars technica

Dutch e-voting controversy

Well it's the turn of the Dutch to get some controversy on their e-voting system. The system in the news at the moment (KOA) is only for overseas voters but still it aims to count real votes. The Dutch government rather bravely opened the system to experts, even if the result was criticism. Crypto academics were not impressed with the system at all. Let's see how long the government sticks with it.

What I find surprising is that LogicaCMG were picked to build and run the system. They have no experience in this field at all. If you must get a commercial provider for e-voting, at least pick one who has done e-voting before and can pretend to understand voting's unique challenges.

More on DMeurope.com.

ID cards a go-go

It's all systems go for David Blunkett and his madcap ID card scheme. The consultation on the draft legislation is online on the Home Office website.

The excellent SpyBlog has already taken the legislation apart already!

The LibDems have a rather good press release on the subject and the Green Party have a nice summary briefing paper, with a less good press release on their classy new site.

ID cards are definitely a solution looking for a problem to solve. Every where you look the government is putting forward a different reason for introducing ID cards: reducing terrorism, cutting down health service tourism, preventing identity theft, improving public service delivery or stopping illegal immigration. I'm unable to see how ID cards will have a positive impact on any of these issues. It would appear that the government fundamentally doesn't understand security or authentication issues.

A cost-benefit analysis would show that ID cards are not worth the risk or expense. They create a single point of failure which Blunkett ignores by claiming biometric cards will be 'foolproof'. Nothing is foolproof, especially not technology. But what really takes the biscuit is the expectation that citizens will have to pay to not only get or renew a card but potentially we'll even need to pay to correct the information held on the ID card database.

How not to introduce e-voting

Ireland really are making what can only be called a pig's ear out of introducing e-voting.

The mess just gets worse and worse. I pity the poor electoral officers who are sitting there waiting to see what they're going to be using on June 11th.

The latest developments are reported in The Irish Times, in essence the independent commission set up to assess whether the e-vote should proceed wanted legal indemnification. Without it they wouldn't approve the e-voting system. In other words the commission don't want to be sued when it all goes wrong with the e-voting because they let it go ahead under political pressure.

Surprise, surprise they got the legal indemnification from the Irish government and I think we'll see a green light (with caveats) when the report comes out in a week.

Interestingly the source code for the e-voting system is only leased to the government and some more legal jiggery-pokery was had before the commission were allowed to see the source. Now they have about a week to examine the source and write the report. No problem then.

VoteHere release some code (sort of)

You turn your back to start packing and something happens!

VoteHere have released the code and documentation to their VHTi voter verification technology. You can download it here but read the license first.

Essentially it gives you the right to look at the source code for 60 days and that's it. You can't really use the source for anything useful and more importantly it's referred to everywhere as a 'reference source implementation'. In other words the code could be completely unrelated to what is on the machines using VoteHere's VHTi system.

The Good

Let's be fair, VoteHere have taken a brave step and released this to the world. Of course they're hoping to get some good PR out of this and try to regain some attention amidst the controversy and competition from people like the Open Voting Consortium (more on them when I get back from Poland).

This download does offer insight into the design of the VHTi system and that's no bad thing. This is much more than any other supplier has done so far. And they've done it pretty much willingly – of course they need business but they don't have a gun to their head in the form of legislation or a specific negative story. Opening up the system's design to scrutiny is an important step.

The Bad

Jim Adler, the VoteHere CEO, is a smart guy… but what makes him think that anybody is going to delete the files after the 60 days of the license has expired? There's no realistic way for VoteHere to check compliance (even if they do take your email address on download). It seems like they want to have their cake and eat it – if you're going to put your code on your website you have to let go of it, not try to keep the leash on. 60 days is just silly, they'd have looked a lot better with some kind of standard non-time limited license.

The system is based on patented ideas anyway (software patents are a bad thing but we know that, move along now) so, within the US at least, they're pretty much protected for the moment, license or no license.

But, reference implementation or not, there's absolutely no guarantee that this design or source is going to go anywhere near an e-voting machine.

The Ugly

I'm supposed to be packing but here's one problem I found in a PDF included in the download package:

VoteVerificationCodes Collisions

As currently implemented, a very small number of BSNs may receive the same VoteVerificationCode for more than one BallotAnswer assigned to the same BallotQuestion. If these BSNs are used, it is possible that the voters VoteReceipt will be ambiguous. Though this may appear to be a problem, the event probability is small enough that extremely high confidence can still be achieved via the protocol. A simple remedy would be for voters who receive colliding BSNs to spoil the BSN and ask for another. Subsequent versions of the VHTi library will implement VoteVerificationCode generation so as to completely eliminate collisions within the same BallotQuestion.

Let me explain, quickly as my suitcase isn't done! The VHTi system works by showing the voter a number for the candidate they selected. So say I voted for Ronald McDonald as President on a kiosk then the screen would show his name and a number, 32 for this example. Then I get a printed receipt with the contest and number: President 32 So I can go home and check on a website by entering some code on the receipt which anonymously identifies me. The website should then also show: President 32 Each voter is given a different set of numbers for their choices. So two people voting for Ronald should have different numbers. Only I know that 32 is Ronald McDonald so the receipt can't be used for coercion or vote selling. (However there's no guarantee that because it shows 32 on the website that Ronald McDonald is who gets the vote in the system – I'm not keen on this system but now isn't the time to pick at it).

So what does VoteVerificationCodes Collisions mean? It means that in some cases the choices for a contest could all have the same number. So: President of Country – Ronald McDonald (32) – Humpty Dumpty (88) – Mickey Mouse (91) Is what the ballot could be for someone. But with the problem noted the ballot would be: President of Country – Ronald McDonald (32) – Humpty Dumpty (32) – Mickey Mouse (32) Thus seeing a 32 on the verification website won't mean much. If such a collision doesn't occur often then VoteHere are right, statistically the system (if it works as advertised) should still have enough voters checking to prevent large-scale fraud. But that's not the point, some voters will have been knowingly denied the right to verify that their vote was counted as they intended. This isn't a good bug to have, it's plain ugly.

I'm off to pack now, really.

Easter Hols

I’m off to Poland for a week to see my partner’s family. I’ll be offline during that time so have a peaceful Easter break and I’ll see you once I emerge from the email backlog at the end of next week.

Where’s the context?

I've been playing with RDF Site Summary (RSS) for some time. When I first tried aggregating RSS feeds I did it with a webpage (think of a mini My Yahoo!) which was ok, but a long scroll. Additionally it didn't alert me to which items were new.

So these days I'm using NetNewsWire Lite and so far, so good. It collects all the feeds quickly and I can skim through those that it highlights as unread. But still it seems best to only read blogs and such things through NetNewsWire. Why? Because there's no context for the headlines coming through. So while for a blog where there is only one 'top headline' at a time this is ok. But for something as dense as BBC News online there's a sharp contrast.

BBC New Online     Net News Wire Thumb

The screenshots show BBC News headlines in exactly the same amount of space when shown through a browser and NetNewsWire (Click the thumbnails to enlarge them). Not only does the web version pack more news links in, but it gives them context with their size, placement and pictures. Now with NetNewsWire I know the full version also shows dates in the headline listing but nothing shows me a headline's importance or relationship to other articles.

So while RSS is very useful and will continue to appear in unexpected places, I'm going to stick to reading my news in Safari.