January 29, 2007 | Jason Kitcat

May 2007 e-Voting Pilots Announced

Finally, two months behind schedule, the Government has announced which local authorities will be running e-voting pilots. The programme is small compared to 2003, when 14 authorities trialled remote e-voting. This year there will be only 5, with a further 6 authorities testing e-counting. We hear that many authorities weren't keen to risk e-voting in their areas, which in itself is good news.

The Government has released no information about the types of technologies or the suppliers that will be used in May 2007. This makes it difficult for us to fully assess the risks these pilots will pose to elections in those areas. In the meantime, to learn more, please do come along to our free e-voting events starting 6th February with a screening of the superb Hacking Democracy.

Also, as if by magic, we can reveal our brand new ORG e-voting microsite - dive in!

Comments (13)

  1. Daniel Gray:
    Feb 01, 2007 at 12:50 PM

    Just of curiosity, if representatives from ORG were invited to examine an eVoting system to check its' method of operation, would this be something you'd be interested in? Whilst at the current time we still have to operate in a somewhat clandestine way (the joys of competition eh?) we do wish to encourage transparency, and want to get as many opinions on risk as possible.

  2. Jason Kitcat:
    Feb 01, 2007 at 03:56 PM

    Hello again Daniel

    With regards to point 3, perhaps I should have been more clear, the pilots so far have shown that e-voting doesn't deliver the benefits (increased turnout, decreased costs) that it is claimed to provide. The risks are still unclear as proper security evaluation and monitoring was not done, or not publicly revealed to have been done which is as good as not doing it from a public trust perspective.

    Personally I would be interested to see how any e-voting system works. However what the aims would be for you and for ORG of any such examination would need to be discussed.

  3. BBall:
    Feb 03, 2007 at 07:59 PM

    I am absolutely against e-voting and voting machines.

    In a democracy, the ballot box is the sword and its people the wielder.

    Ballots should be fine parchment and gold lettering.

  4. Jason Kitcat:
    Feb 01, 2007 at 11:05 AM


    Thanks for your comments.

    1. While the EML standard in theory would allow ballots to be shifted to another e-voting system for a recount, in practice this hasn't been done for any live elections ever. Additionally such a transfer would most likely break the security protections of whichever system the ballots were leaving. Furthermore, a meaningful recount is one which re-examines the voter intent, not the records of a system acting on voters' behalf.

    2. You may have missed a bit in our briefing paper: page 3, para 7, endnote 4 "Due to a historical anomaly brought over from an early version of the Australian Ballot, the British vote is not completely anonymous..." and so on. In most circumstances the British ballot is practically anonymous, however I do object to the current state of affairs which breach our own Human Rights Act and international treaty commitments. Why I say "votes must be anonymous" I mean it - it is not false - the United Nations and Council of Europe agree that a free and fair election must have the secret ballot. So under international treaties (to which the UK is a signatory) indeed votes must be anonymous.

    3. We've been doing pilots since 2000, e-voting has been tried and used elsewhere with many problems reported. We've had a chance to trial this stuff and it's found to be seriously wanting. Why keep coming back for more and spending piles of tax-payer money? Equating e-voting to the Wright brothers' desire to fly is a little bit unbalanced I'd say. We're not opposing electricity or printing presses here, were are against a specific implementation of technology in our electoral process.

  5. Daniel Gray:
    Feb 01, 2007 at 12:26 PM

    Hello again,

    1. The point about security protections is well made, and is an example of where the existing EML standards need to be refined to promote common protection systems. How is a record in a database different to a paper ballot by the way? If a system can be shown to record intent correctly then they're equal surely? (don't say no-ones proved the systems yet, we're not talking about that, assume the system is proved).

    2. Saw that footnote eventually, bit like hiding the plans to the bypass in a locked filing cabinet in a toilet hmm? As I've said before you might not like the current law, but the current law is the current law, and all elections must be conducted within it. Just out of curiosity what aspect of conducting an operation over the Internet breaks anonymity? If there is no association between credentials and person, and no association between ballot and IP host what's the connection? And I want a specific here, not "well there's identity theft online", which is too vague.

    3. Contradicition there, you assert that because we've run lots of eVoting pilots we know the risks, but the original point was that we don't know the risks. Surely if we know the risks we can mitigate them? And that's what the pilots are meant to do, promote development of eVoting systems to mitigate these risks. I wasn't trying to make you appear luddite with the Wright brothers example, just to indicate that not knowing all the risks up front isn't a case for not doing something. The Wright brothers had no idea of the potential impact of their work, nor the risks, so an overall balance couldn't have been made.

  6. Daniel Gray:
    Jan 31, 2007 at 10:48 PM

    To IT Expert :

    "When you vote by computer, the computer is voting by proxy for you, you don’t know how it voted, it is not a pen and paper."

    You might want to check out the pre-encrypted ballot system. Various mechanisms exist for a voting system that takes a meaningless (without a physical key) n-digit number as your vote and allows the verification of voting servers through a response code tied to this (the number you enter is referred to as a PCIN). There's more detail on this on my blog @ here , here and here.

    Basically you can make it virtually (as far as possible in any system> impossible for a man-in-the-middle attacker or client-side virus or trojan to either inspect or influence a vote.

  7. andyl:
    Jan 30, 2007 at 12:44 PM

    Anonymity. This is a difficult one because at the moment current paper ballots do have a number and can be tracked back to the voter. The ballot number and voter number are recorded at the polling station. If this is still deemed to be a desirable feature then some method of pseudo-anonymisation will be needed which will also make tracking people's votes non-trivial and as secure to the same level as at present. This is one of the issues that makes electronic voting a complex problem.

    On the specifics of the next local elections.

    1. I am pleased to see that the need for signatures to obtain the ballot paper at polling stations has been got rid of. They were trialled at the last local election. I asked the people manning the station how they knew that the signature was valid as they had nothing to compare it against. They didn't know, all they knew it was the rules from on high.

    2. Electronic counting of paper votes. Well this could obviously work (recounts would have to be manual). However counting votes doesn't take a massive amount of time and is generally agreed to not have significant problems. So this seems to be a solution in search of a problem. It certainly wouldn't be much cheaper as you would have to have people on hand in case the result is tight and you need a full recount. Also at least one person would be needed to examine rejected ballots and see if the voter's intention is clearly indicated but machine-unreadable.

    3. Additional central polling stations outside of local wards. This seems to be the least controversial of the proposals (at least if using traditional methods).

  8. Daniel Gray:
    Jan 31, 2007 at 08:28 PM

    Hi Jason,

    Me again, you thought I'd gone away for the winter huh?

    Nice argument : "It will always give you the same numbers no matter how many times you click recount, so it’s not meaningful." Would you rather that the computer "spat" out a different number each time? The argument around this doesn't seem to make much sense... you have a set of data (paper ballots, db records), you perform a count operation of these records (manually, algorithmically), you get a result. How do the two differ? Given the EML standards that are available one system can give the ballots to a different count system which accounts for your different set of tellers example. Where's the problem?

    "Voting is a uniquely difficult problem for computer science because votes must be anonymous" - Come on Jason, you know this statement is completely false (as another respondent above has pointed out), so why persist in repeating it? Why is it in the briefing pack you've produced? It's a complete myth! Lying to the public about current electoral law will only weaken your position my friend.

    "The opportunities for fraud and failure with paper ballots are well known, containable and hence manageable. There is nothing false or FUD-like in saying that e-voting changes the level of risks or number of opportunities for fraud, it’s a true statement." - Surely that's why we're conducting pilots rather than jumping feet first into deploying e-voting systems for general elections? To assert that something should not be done because the risks associated are unknown (which isn't completely true, you can make a very reasonable guess at attack vectors and mitigate in the initial stages of any system design) isn't very progressive. What if the Wright brothers had decided that building an aeroplane wasn't a good idea because they didn't know the exact risks associated with it?

    Anyway I'll leave it there for the time being. Interesting to speak with you again.

  9. sarette.com » Blog Archive » e-voting:
    Jan 30, 2007 at 06:41 PM

    [...] The Open Rights Group (essentially, a British version of the EFF) have spoken out against the new program. [...]

  10. IT Expert:
    Jan 30, 2007 at 02:51 PM

    Identity theft costs the UK 1.7 billion a year:

    When you vote by computer, the computer is voting by proxy for you, you don't know how it voted, it is not a pen and paper.

    I don't want my computer voting for the Russian mafia candidate just because they write the best virus software. If 2 million people don't know their computers are running a root kit, then they have no way of knowing if that root kit changes the vote they are making.

    eVoting is a bad solution in search of a problem.

  11. Jason Kitcat:
    Jan 29, 2007 at 11:00 PM


    1. Surfing the web is most definitely not anonymous, which is why systems like Tor exist to help try and anonymise Internet use. If everything online is anonymous by default then why are so many bank accounts and credit cards being defrauded online? Why is identity theft such a fast-growing crime? It's not anonymous online and making anonymous, secure votes with computers IS difficult.

    2. The opportunities for fraud and failure with paper ballots are well known, containable and hence manageable. There is nothing false or FUD-like in saying that e-voting changes the level of risks or number of opportunities for fraud, it's a true statement.

    3. Diebold are not the only manufacturers with flawed systems. Nedap systems have been withdrawn in Ireland and shown to have major problems in the Netherlands, resulting in withdrawal of systems by SDU. PG Elections machines in Canada had problems too leading to a moratorium in the province of Quebec. This isn't a problem with one supplier - it's fundamentally a difficult problem to solve with technology. There's no denying that much of the technology on sale today isn't of great quality which just makes the situation worse.

    4. A meaningful recount is one whereby it is actually a re-count. That is, the count is done again. With paper ballots new tellers can be brought in, so new eyes examine the ballot papers and a different result is possible. With e-voting the same algorithm counts the votes in the database again and spits out a number. It will always give you the same numbers no matter how many times you click recount, so it's not meaningful.

    5. Perhaps you don't need to know how an e-voting machine works in order to vote on it. But you certainly need to know how an e-voting system works to trust it.

    6. For more on turnout and all the other points you raise, see our briefing pack which explains it much better than I can in a short post

    So-called 'technical progress' is not inevitable, which is why we and many other countries have not built new nuclear power stations, have said no to genetically modified foods and so on.

  12. David Roberts:
    Jan 29, 2007 at 10:33 PM

    "Voting is a uniquely difficult problem for computer science because votes must be anonymous"

    Umm, no it's not. Most computer orientated functions are anonymous - e.g. surfing the web. It's usually the opposite which is difficult via computers, hence social network and the myriad of other services making computing more 'personal'

    "e-voting introduces new risks, doubts, and opportunities for fraud and failure"

    As does any method of voting. This is all just FUD (Fear Uncertainty and Doubt) in itself, which is somewhat ironic. Anything can fail, anything can be defrauded, and anything has risks. Stating this for e-voting is completely inconsequential.

    "e-voting machines are demonstrably less secure, accurate and reliable than suppliers promise"

    'demonstrably'? Where? I haven't seen any 'demonstrably' less secure e-voting machines, unless you're referring to Diebold machines, in which case the solution is obvious: don't use diebold. I'm sure I could find a pen or pencil that would make 'manual' voting less secure too. This is once again meaningless rubbish.

    "Systems currently being considered in the UK do not allow for meaningful recounts"

    What? As far as I know, any method can be recounted easily, whether via e-voting or not. What on earth is a 'meaningful' recount?

    "e-voting is a black box system: unlike pencil and paper methods, what happens inside is not intuitive to voters"

    This is definitely misleading. Yes, it's is technically a 'black box' system, but what happens inside is not unintuitive, it is simply not shown. You don't need to know how a computer works in order to operate it, and I'm sure you wouldn't need to know exactly how an e-voting machine works in order to vote on it.

    "Contrary to claims by the Department for Constitutional Affairs, e-voting does not increase turnout"

    How do you/we know? I would really like to see a source of evidence here. Where's the proof of this? And you cannot simply speculate that " didn't increase turnout with e-voting" since all countries are different. Statistics are manipulated lies, not unlike the entirety of what has been
    written about e-voting on this site.

    I find it somewhat ironic that you have a website too. Aren't you scared of its inherent vulnerability that is demonstrably less secure than other methods of spreading your word? Aren't web severs too complex for you to use because they are black box systems, and what happens inside is not intuitive?

    You literally make me laugh. You stand in the way of obvious progress (which is essentially inevitable) with poor excuses.

  13. Credit Card Debt:
    Feb 10, 2011 at 05:20 PM

    I don't think we are yet ready for e-voting since 100% secure technology does not yet exist. As mentioned above, if people can steal credit card details online, they can find out who you voted for.

This thread has been closed from taking new comments.