May 2007 UK e-voting pilots riddled with flaws
In an exhaustive 64 page report on the May 2007 e-voting pilots in England and Scotland, the Open Rights Group (ORG) - a non-profit lobbying body for digital civil rights - enumerates a catalogue of failings that could likely impact on both the security and veracity of results. Of course the democratic electoral process is one where the concept of security must extend beyond mere technical considerations to encompass public confidence in accuracy and impartiality of vote processing. On this occasion the ORG asserted that "E-voting is a ‘black box system’, where the mechanisms for recording and tabulating the vote are hidden from the voter. This makes public scrutiny impossible, and leaves statutory elections open to error and fraud."
The ORG inspectors identified numerous technical failings. They summed these up thus: "Inadequate attention was given to system design, systems access and audit trails. Systems used both inappropriate hardware and software, and were insufficiently secured. Problems included: use of desktop productivity software, machines in public areas with open ports, informal transfer of files using personal devices, and single-factor authentication."
Specific technical problems observed included computers in open areas of polling stations with accessible unused USB ports, SOHO switches with unused ports, insufficient monitoring of access to unsecured voting laptops, and postal vote scanner failures that in some cases led to significant miscounts. Interestingly the Electoral Commission's official findings on the 2006 postal voting pilots make little mention of any objective technical problems, preferring to discuss the pilots in broad upbeat terms. We must wait another couple of months before the official report on this year's pilots is published, but experience suggests the failings identified by the ORG are unlikely to feature prominently in that report.
Inadequate procurement processes, rushed deployment and overdependence on suppliers are cited by the ORG as primary contributors to the observed failings. E-voting has not been a spectacular success anywhere so far, and the lack of co-ordination, rigour and foresight typical of UK government IT projects is still clearly apparent here. But the extensive reliance of e-democracy on COTS equipment and software is probably the most worrying factor, particularly bearing in mind the recent move by Microsoft to amend New York's e-voting statutes (PDF) in order to exempt their products from the normally rigorous independent technical scrutiny applied to bespoke e-voting systems.
- Findings of the Open Rights Group Election Observation Mission in Scotland and England., report by the ORG
- Electoral pilot schemes, the Electoral Commission e-voting pilot archive
- AN ACT to amend the election law, in relation to electronic voting machines and systems, proposed amendment by Microsoft