|foundation for information policy research|
Response to e-Democracy Consulation by FIPR
We have summarised below our views on the two main threads of the consultation -- e-participation and e-voting. These supplement our discussion with members of the various government departments involved in the initiative at a meeting on 17 October 2002, whose notes are published here.
We are very enthusiastic about the use of new communications technologies to increase public participation in national and local government. Even the use of relatively low-tech mechanisms such as e-mail discussion lists can lead to significant increases in the quality of decision-making after public input.
Officials from the Department of Trade and Industry and the Home Office have taken part in discussions for several years on the ukcrypto mailing list. Nigel Hickson spent several years debating cryptographic issues with other list members, and the resulting electronic signature legislation was much improved. Simon Watkin has recently been clarifying many points that should be addressed in secondary legislation flowing from the Regulation of Investigatory Powers Act. We have attached Watkin's initial message seeking to begin a discussion with list members; the resulting several hundred e-mails -- many from Watkin seeking to explain and clarify certain points -- show what can be achieved with very little investment beyond the time of officials. They also reinforce the fact that genuine engagement and debate achieves far more than a simple request for comments in a standard consultation exercise.
This type of government participation in online debate is currently extremely rare. The fact that e-mail lists have existed for many years suggests that political will is more important in taking advantage of such participation than new technology.
In response to the specific consultation question on political parties' use of the Internet to contact voters, we do not believe that unsolicited e-mail messages should be sent by parties to voters. They should require explicit permission from the person they are contacting, as companies are required to obtain under Directive 2002/58/EC on the processing of personal data and the protection of privacy in the electronic communications sector.
Our enthusiasm for e-participation is equally matched by the strength of our reservations over remote e-voting.
The problems in Florida's elections over the last two years shows how much can go wrong in even relatively simple devices located at polling stations. Allowing voting via an enormous variety of personal computers connected via the Internet to a remote balloting station creates a highly fragile system that could fail for a very large number of reasons. As mobile phones and the phone network itself become more programmable, they are also beginning to suffer from many of the security problems of the PC.
Software aimed at specific limited security problems such as firewalls do not address these far wider problems. Bruce Schneier, one of the world's best-known cryptographers, recently reaffirmed this view: "A secure Internet voting system is theoretically possible, but it would be the first secure networked application ever created in the history of computers."
Internet (and all fully-electronic) voting systems are different from all other computer transaction applications because of their stringent privacy requirements. These preclude full system auditability, providing many extra avenues for attack. Since it is not possible for the voter to independently confirm (after the election) that their ballot was received and tabulated correctly, the type of self-checking that is possible with applications such as banking is not available.
Even a system that requires no client-side programmability, such as that suggested by CESG in its "e-voting Security Report", is still vulnerable to denial of service attacks on clients, servers and the communications infrastructure. This is particularly acute in the case of the Internet, which allows denial of service attacks from anywhere around the globe -- and it is estimated that around 4,000 such attacks occur every year. The programming, configuration and operation of central servers all provide many further ways in which these systems could be attacked. And simple usability difficulties could cause problems for all but the most technically sophisticated voters, who are already over-represented in election turnouts.
Increasing voter turnout is a laudable goal. But technical quick-fixes are unlikely to be effective long-term solutions to social and political problems of political engagement. With the potential to severely damage public confidence in the electoral process, the very limited benefits that remote e-voting may provide are completely outweighed by the security risks it presents.
Copyright © FIPR 2002. This document may be copied freely in whole or in part provided attribution is given.
Problems viewing this site?