London confirms choice to use e-counting again

Given the signs, I’m not hugely surprised that London Elects have decided to go with e-counting again for 2010. It’s only likely to cost the taxpayer about £1.5 million more than doing it manually… and that doesn’t seem to bother Boris, but it bothers me. The DRS release claims that, if the GLA agree to use them in 2016 too, then they will be £0.2m cheaper per election than manual counting. But based on my review of the GLA figures for manual counting, they were seriously inflated to make e-counting look more attractive (and the Electoral Commission concurred). So I challenge DRS’ claim to cost-effectiveness.

As is often the case, rather than recognising the fundamental difficulties with e-counting (or e-voting), the GLA have decided that last time’s problems were because of the supplier they chose. So they’ve dumped Indra for a joint venture between DRS Data Services and Electoral Reform Services. (Disclosure: I’m a member of the Electoral Reform Society who own Electoral Reform Services.)

These were the same two suppliers involved in running the last Scottish Parliamentary elections, which also experienced significant problems as observed by ORG. Given his background and the sensitivity of these contracts, it is interesting that Lord (Neil) Kinnock remains on the board of DRS.

ORG will be planning to observe these elections once again. I hope they are trouble-free and improve on the experience in 2008. We’ll be watching!

Full announcement on the DRS website


Why can’t I vote at my ATM? Hansard Society Debate

This evening the Hansard Society hosted a panel debate in Portcullis House, Westminster with the title “Why can’t I vote at my ATM? – the practicalities of the ballot box.

I along with Electoral Commission Chair, Jenny Watson and Tom Watson Harris MP made up the panel. The audience was filled with a wide variety of interesting people including current and former Electoral Commission staff, civil servants, Lords and activists.

While we didn’t all agree on the reasoning, there was a fairly general consensus that electronic voting shouldn’t be pursued at the moment. There was lots of interesting debate on issues of access and turnout. I hope the society will put online a podcast or summary of the event in some form. I post below my opening speech for the event.


Thank you for inviting me here to participate this evening.

I come to this issue as a programmer, as someone who has observed elections for the Open Rights Group and who, as a local councillor, has had a very personal interest in elections.

As an observer the ultimate compliment one can pay an election is to say that it was ‘free and fair’.

What does an election process need to do to be considered free and fair?

There are three key properties that ALL must be met. An election must be:

  • Secure
  • Verifiable
  • Anonymous

By secure we mean that the results cannot be changed, that only those entitled to vote actually do so and people can only vote one time.

Verifiable means that candidates, agents, observers and voters can check the result and have confidence that the result reflects the will of the people. Voters need to be sure that their intention was accurately recorded and counted.

Finally to prevent coercion, vote selling and bribery voters absolutely need to be secure in the knowledge that their vote is secret and that people cannot know how they voted. I am aware that the UK currently doesn’t have a completely secret ballot, we should, but that’s a debate for another day.

  • Secure
  • Verifiable
  • Anonymous

A properly run paper-based election can meet those three requirements.

However with current technology electronic voting cannot meet those three principles. It just isn’t technically possible to have an electronic system which is secure and anonymous whilst also being verifiable.

When the Open Rights Group observed electronic elections in the UK we were unable to declare confidence in the results, because we just couldn’t properly verify the counts at all, it was hidden behind the technology.

Online banking is a completely different problem, the transactions are not secret, we can see them in our statements and merchants collect lots of personal information about us to push through their anti-fraud systems. Technology is great for so many things, but not voting.

If you’ve heard the complaints from the music and movie industries over recent years, then you’ll know that computers are good at copying. With electronic voting we risk undetectable ballot stuffing on a massive scale.

Currently the very nature of paper – that you need a vehicle to move around lots of it, that it’s logistically challenging to deal with thousands of ballots – limits fraud and increases the chance of fraudsters being caught. With electronic votes the fraud can happen in a computer, where none of us can see inside, with millions of votes changed or copied whilst controlled by someone on the other side of the world.

I’ll save more details of the technical problems with electronic voting and counting for the questions, if people are interested. But there is a broad consensus in the computing world that these technologies should not be used. The Association for Computing Machinery and the British Computer Society as well as scores of academics have voiced their opposition. So far e-voting has been cancelled in Ireland, Netherlands, Germany, Italy and the province of Quebec. There have been serious problems found with e-voting systems in India, Japan, France, Belgium and of course the United States.

I might add that these systems are hugely expensive, costing many times more than traditional paper-based elections. In a 2003 e-voting trial in Sheffield, for example, the cost was £70 per e-vote cast versus £1 per paper vote. And on average turnout still declined during the UK’s electronic voting pilots between 2000 and 2007.

On turnout, we need to be very careful. Much of the over £50 million spent on UK pilots in the last 10 years was based on blind faith that online voting would boost turnout. It didn’t, simply because ease of voting is not the main factor for why people don’t vote. Indeed there are studies showing that people who live furthest from their polling station are most likely to vote!

People choose not to vote because they feel all politicians are the same, that their vote doesn’t count or they don’t know enough about the issues to vote. That’s a challenge for the political system to address, one which electoral reform could help with as there’s data clearly showing higher turnouts in countries with fairer electoral systems.

That being said, politics aside, what should we do about our electoral processes? We absolutely and urgently need individual voter registration and that could be tied in with an online electoral roll. That’s a place where technology could help voters, election administrators and party activists.

We need to clamp down on postal voting, it’s the source of most allegations of fraud. It will need to still be available, but in a much more controlled and secure manner.

We need to review polling day. I know the Electoral Commission have done quite a bit of interesting work on this. Moving elections to the weekends, perhaps all weekend, is one option but the consultation responses to this were, I understand, rather mixed. What we could do is declare a public holiday on election day, we could also consider offering, before polling day, early voting in town halls.

Finally, I think counts need to stay open, be manual, paper based and easily scrutinised. It’s only by watching piles of ballots add up, by observing them being sorted and checked, that we can have confidence in the result. What could help would be more standardised procedures for the counts. This would assist with training of all involved – at the moment every count across the country can be done in a different way. Let’s not stamp out local innovation, but let’s make sure there are minimum standards so we can have confidence in a modern, paper-based electoral system.

In closing, I believe electronic voting & counting are not the way forward, let’s update our existing electoral system whilst keeping it secure, verifiable and anonymous. The real challenge for engagement and turnout lies with our political culture and the fairness of our voting systems, not election administration.

technology voting

Upcoming events in Brighton & Cambridge

Two events coming up soon which will be of interest to digital rights type people:

  • Debating the Digital Economy Act Thur 29th April
    I’ll be one of the contributors at this debate, organised by Wired Sussex here in Brighton.
  • Internet Voting: Threat or Menace Tue 27th April
    Jeremy Epstein from SRI International is over in the UK and will be giving a talk at Cambridge Uni’s Computer Lab Security Seminar series. I did one of these a few years ago and it was highly enjoyable – the audience were engaged and very generous with their interest.

London: We have a non-answer on e-counting

So London Mayor Boris Johnson did answer Andrew Boff’s question on e-counting, or did he? Here’s the background on the question, and the section of Mayor’s question time copied in below (source [PDF]):

Question No: 3574 / 2009
Andrew Boff

For the 2012 elections would the Mayor prefer a £5million+ electronic count where the bulk of the costs would go to a foreign computer company or a £3.5million manual count where the bulk of the costs would go into Londoner’s pockets?

Answer from the Mayor:

The Authority’s Scheme of Delegation quite properly gives the Chief Executive, in his role as the Greater London Returning Officer, the right to take all the decisions about how GLA elections are delivered. That accords entirely with the practice across the country that politicians contest elections, and do not decide how they should be run.

The answer completely dodges the nub of the question as well as the budget setting powers of the Mayoralty along with the London Assembly. Of course politicians in power get a say in how elections are delivered, why else would a race for e-voting have been begun when Robin Cook had suggested an electronic general election after 2005 was a target?

Boris either doesn’t care, doesn’t understand or doesn’t want to take on his Chief Executive.

The question now becomes, how do we hold the Greater London Authority’s Chief Executive to account about election arrangements if the directly elected Mayor won’t?


Where next for e-counting in London?

On 18th November I hope to find out the future of e-counting in London. Conservative London Assembly Member, Andrew Boff, will be asking London’s Mayor, Boris Johnson the following question:

Question No: 3574 / 2009
Andrew Boff

For the 2012 elections would the Mayor prefer a £5million+ electronic count where the bulk of the costs would go to a foreign computer company or a £3.5million manual count where the bulk of the costs would go into Londoner’s pockets? (Source [PDF])

This question sums up the view the Open Rights Group and I have been advocating. Does it really make sense to splurge a huge sum of money on e-counting when we know a manual count would be cheaper, let alone easier to verify and more trusted by voters and politicians alike? In these times of restricted public funds wouldn’t the millions for e-counting be better spent on other priorities – I certainly think so.

The back story is that after strong urging from the Electoral Commission and the Open Rights Group, London agreed to conduct a cost-benefit analysis of continuing with e-counting versus using manual counting. When it finally emerged the analysis was obviously biased towards e-counting, trying to minimise the greater cost of e-counting as much as possible.

When a round table was organised to discuss stakeholder views of the analysis, attendees were told that London would proceed with e-counting regardless, rather making the process and that meeting pointless. The Guardian picked up the story. At this point ORG released its own comments on London’s analysis (which I led on drafting) but the Electoral Commission had yet to release theirs.

When the Commission did release their views (something which I was very remiss not to blog on then, sorry loyal readers) we were in for a pleasant surprise. The response was very direct in criticising the weakness of London’s analysis and failings in the UK Government in providing a clearer framework for the use (or not) of such voting technologies. The killer quote:

“However, having studied the cost-benefit assessment, we are concerned that there are potentially a number of gaps that suggest the advantages of e- counting may have been overstated. For example, it was assumed that e- counting was free from human error. Conversely, the assumptions made about the speed and accuracy of manual counting seem overly negative. Also, important safe-guards, such as preparing a manual count as a back-up and the manual checking of a random sample of ballot papers do not appear to have been considered when costing e-counting.

“Therefore, we would suggest that a determination that e-counting is affordable and that the cost is not significantly or disproportionately more than that of manual counting cannot be made without undertaking further analysis of the costs and benefits which takes into account these and other points…”

The Commission also notes the moral hazard in there being only 2 likely suppliers for running an e-counted London election. It also adds a final significant warning:

“We believe that there are considerable risks in undertaking a large scale e-counting exercise in the absence of such a national framework and that the current cost-benefit analysis by GLRO does not sufficiently fill the gap created by this absence.”

It was the strongest public statement I have ever seen from the Commission, and I couldn’t have been more delighted by the firm approach they took. GLA officers are understood to be re-doing some form of analysis following the Commission’s request for more work, meanwhile however procurement also seems to be going ahead. More coverage by Mark Park.

The hope is that Andrew Boff’s question will reveal the current direction and show how committed Boris Johnson is to spending taxpayer funds on election technology.

notes from JK voting

A bad day for the public interest

What a strange day it has been. I’ve had a very productive time at work whilst lots of other things have been bubbling over:

  • London Elects and the Greater London Returning Officer (the people responsible for the London Mayoral and Assembly elections) had asked for responses to their cost-benefit analysis of manual vs e-counting in 2012. I had just completed ORG’s response earlier this week, which argued that given the £1.5m saving from going manual, there seemed to be no good reason for e-counting. Today was a ’round table’ to also explore issues covered in the analysis. However rather than being the consultation event we expected, ORG’s Executive Director was told that the decision to e-count the 2012 London election had already been taken. Not even a pretence of keeping an open mind! No proper debate or consideration has taken place, just a firm commitment to press ahead with e-counting regardless of costs or consequences.
  • Meanwhile in Brighton & Hove I submitted a formal request to Brighton & Hove City Council’s acting Chief Executive that he ‘call-in’ a decision made by the Tory Cabinet earlier this month. This means the decision is suspended and hopefully will be examined by a scrutiny committee. Why? Because the reports for the decision, over pedestrianising parts of East Street,  failed to include comments from any residents in spite of several having provided detailed objections. Council decisions cannot be based on consultations which have failed to include residents views. This just makes people (more) cynical about consultations and prevents decisions being taken on the balanced information.
  • Finally some Freedom of Information requests I put in some time ago have come to fruition, somewhat explaining why such huge rent rises are being demanded from seafront businesses. The reason? A big fat commission-based fee for the consultant leading the rent reviews for the Council. More details in “Huge consultant fees encourage seafront rent hikes“.

Problems with the 2009 European Election Count

Errors displayed at the Southampton 2009 Euro count

This post is long overdue, I apologise, by-election campaigns and such like got in the way.

On Sunday June 7th the count for the South East region of the European Parliamentary elections was conducted at St Mary’s stadium, Southampton. In attendance were lots of media as well as candidates, agents and activists along with significant others.

I went along with my wife as one of the Green Party’s candidates and proceeded to experience a very long night with very little information and lots of frustration. What had to happen was for each local authority in the region to count its ballots and submit the results to the Southampton HQ. A few areas were delayed by recounts, mismatched ballot accounts (i.e. ballots lost or in the wrong pile) but there were clearly technical issues in Southampton also delaying matters.

I had learnt a few weeks earlier that the results from local authorities were to be transmitted to Southampton via a ‘secure website’. In essence, as I understand it because I never saw the system or any detailed specifications, returning officers would type the results (twice to verify) into an SSL form which was then emailed to Southampton and also stored in a database. I copy below the full response I received about my enquiries from the Regional Returning Officer Mark Heath.

I had concerns about this setup, what checks were being done and so on. So I ensured local Green agents texted us their results so we could check them against what the system claimed. I felt the returning officers should be collecting out-of-channel verification too via fax or telephone, but they weren’t interested in that idea — too quick and happy to trust the technology sadly.

On the night I saw the technology staffers and returning officer team looking tensely at a couple of computers. No surprise when all the informational displays were showing server errors, exceptions and so on. This left many unhappy candidates and agents who were quick to query the sense of these systems with the returning officer. How I wish they would remember these feelings in the weeks after… every election I observe with technology their are howlings about the problems on the night but a week later most are too busy celebrating their wins or analysising their losses to make the case about how the election was run.

Let’s run through the problems we had with the informational screens:

  • They crashed regularly, especially earlier in the night;
  • The colour coding was confusing as reds, greens, yellows were used in a non-political sense to inform what status various local counts had;
  • They were often difficult to read with too small text or windows not at full size;
  • The updates scrolled by so fast it was impossible to do much than see the top party on the first pass.

You can see the full range of problems screens on Flickr.

It’s worth noting that while they would have been detected in the end, someone could have caused chaos and mayhem by manipulating this results system either just the display (which was basically a webpage on a projector) or the tabulation/counting of results themselves. Given those possibilities I was concerned that the Electoral Commission had not had a role checking this software and that fairly serious failures were happening on the night.

I’m a technologist. I spend all day with computers, programming them, using them, talking about them. I remain deeply concerned by the use of technology in elections especially when it is done without the proper rigour of testing and certification. Things can and do go wrong, especially for high pressure events like elections.

I don’t think we would have been any worse off if in Southampton a fax had been received from every count with the results which was manually checked against the online results. These could have been tabulated in a public way the way ballots are checked. We have to be more cautious before jumping both feet first into a computer-only solution.

Responses from Regional Returning Officer to my queries prior to election day:

The system is secure, and has been fully tested already which has shown it to work fully  -and indeed without the potential errors that a system that requires data to be managed via Phone / FAX & re-inputted on several occasions – but I will let you know chapter & verse shortly. Thanks.

UPDATE: Adrian Windisch, Chair of Reading Green Party, writes to say Thanet Borough Council’s website reported 6,001 Green votes, but the South East region count recorded 3,001 votes. This was later corrected on the Thanet website following Adrian’s enquiries. Which goes to show these things do need checking!

On your question, the suppliers have advised us that:

“The European Regional Returning Officers Managements System (ERROMS) application along with the application databases reside on high powered servers within defined security level segments.

All hardware devices within ERS’ live hosting environment are duplicated to facilitate a highly redundant and resilient network. Market leading security appliances at the perimeter provide rich stateful inspection of traffic flows protecting the web servers from malicious activity. A further layer of security has been added to the servers using Anti-Reconnaissance software. The web servers are load balanced to enhance performance, should one of the servers fail the other will automatically service the entire load until the offending device is returned back to its functioning state. The database servers are hosted within an isolated network forcing database requests to be inspected by the firewall a second time. All databases using live replication software are replicated to a secondary offsite server which provides redundancy and disaster recovery.

Databases are further protected with database level passwords and access-granting security features. Intrusion Detection and Prevention Systems detect suspected efforts at server intrusion. A 24×7 automated monitoring system using specially designed intrusion detection parameters detects and blocks attempts at security breaches. The system logs all intrusion attempts, and these logs can be preserved to aid in prosecution of attackers, should such action be warranted.

All servers have been hardened to remove any non-essential code and are subject to strict operating system security such as permissions and password access. The hosting network and Web Applications are scanned weekly to ensure our web sites, servers, and internet-connected devices are free of known vulnerabilities. It also determines whether our site passes the SANS Top 20 Internet Security Vulnerabilities list as defined by SANS, the FBI and FedCIRC.”

The key elements to reduce error include;
• Initial entry of  results are submitted twice to reduce keying errors and are only accepted when both sets of results match.
• Additionally, submitted data is emailed to provide an electronic paper trail that can be used for confirmation of data submitted by both the RRO and LRO’s
• Declaration of Local Results is generated from the system with results authorised by the RRO and can be checked by the LRO’s against local records to ensure that the submitted values are correct.

Effectively this means the submitted results by the LRO are checked 3 times before local declaration and will help eliminate the transposing of figurers received via phone/fax which has been experienced before.
There are now 6 regions using this. We wouldn’t be doing it unless we were satisfied that it was secure. The risk of transposing figures data is one of the reasons for moving away from the phone/  fax route, although that remains available as a contingency / fall back option.


Sir Alistair Graham calls for e-voting pilots to be halted

Today, at the Association of Electoral Administrators conference in Brighton, Sir Alistair Graham, chair of the Committee on Standards in Public Life, has publicly called for the 2007 electoral pilots in the UK to be halted. The Committee recently published their eleventh report which called for major reform of the Electoral Commission and our electoral system, particularly with regard to preventing fraud.

This is a major development – it’s the first time an establishment voice has called for the halt of e-voting pilots. The speech couldn’t be better, Sir Alistair makes every point I would have wanted to, he even notes that the government has been extremely misleading in their use of some figures from Northern Ireland. I’m so pleased!

Sir Alistair and the minister Bridget Prentice MP were on BBC Radio 4’s World at One, Prentice absolutely refused to accept anything Sir Alistair had to say.

Some choice quotes from the text online, delivery may have been different, but really read the whole thing as it’s all SO GOOD:

“Electoral fraud is not a trivial matter. It is an affront to the democratic principle of one-person one vote. Left unchecked it will eventually undermine trust and confidence in the democratic process and by implication the electorate’s consent to the outcome of elections.

“I should like to put this question to you. How does DCA or the Electoral Commission know about the extent of electoral fraud when neither of them have kept any statistics nor have undertaken any research on the issue? Is it that, in their obsession with increasing participation at all costs, they have turned a blind eye to the risks of electoral fraud and its consequences on the integrity of our democratic system?

“The current systems to combat electoral abuse in Great Britain are unsatisfactory already, so to proceed with these pilot schemes, appears ill-timed and betrays confusion over priorities. Unfortunately it appears to come down to the obsession with modernisation as a means of increasing participation at elections.

“In any event the primary responsibility for increasing participation at elections rests squarely with the political parties. Deep-seated voter disengagement will not be solved by tinkering with the mechanics of the electoral system.

“So in relation to the elections this May I am calling for the pilots to be put on hold. It is a matter of serious concern that we are experimenting with insecure methods of voting when the current registration and absent voting procedures are so insecure. In relation to the checking of absent votes in May there should be a guarantee of 100% checking.

“As the integrity of the electoral system in Great Britain is being damaged through increased incidents and perception of electoral fraud why are we not replicating the measures used successfully in Northern Ireland in Great Britain too?”

Full text of the speech (thanks Glyn)


Links to news coverage…

BBC News Polling experiments ‘high risk’

Yorkshire Post Why ringing the electoral changes failed to dent voter apathy Dump e-voting to stop fraud, Labour warned ‘Modern’ voting offers opportunities for fraud