November 13, 2007 | Becky Hogge

Open Rights Group dismayed by Ministry of Justice response on e-voting

In the May 2007 local elections Open Rights Group observers, accredited by the Electoral Commission, took part in the monitoring of pilot electronic voting and electronic counting schemes. We observed serious failings in the process. Since then, further problems have come to light in other countries leading to many electronic voting solutions being banned or withdrawn. In light of this, yesterday's Government response to an Electoral Commission report is of great concern.

While the Government acknowledges some of the Electoral Commission recommendations for extending implementation periods for systems, it has ignored the fundamental failings observed in trials so far. It has ignored the analysis by computer security experts that shows the technology for secure computer-mediated voting does not currently exist, let alone a secure system for remote electronic voting. Remote voting systems also threaten the privacy of voting, allowing third parties to coerce and influence other voters, particularly within their household.

The only bright spot is that there is a reliable method that permits the secure operation of electronic vote-counting machines: this requires the performing of hand counts on statistical samples and comparing results with the machine tally to detect errors or fraud. Far less brightly, our experience last May was that e-counting didn't have these checks, was rather expensive, and even turned out to be considerably slower than a manual count would have been.

But back to yesterday's Government response. It states that:

"All the pilots supported successful elections... all pilots had comprehensive contingency plans to ensure that electors were not disenfranchised and retained their option of a paper ballot."

This is not the considered view of the observers present at these elections who saw signifcant problems which included disenfranchisement, with voters turned away from the polling station when they found themselves unable to vote by telephone or online (see Open Rights Group, May 2007 Election Report [pdf], page 25).

The Electoral Commission's report made a great deal of sense, in that it made clear their desire to see "a robust, publicly available strategy that has been subject to extensive consultation" before any further pilots took place.

The Government's refusal to halt its pilots is therefore of great concern and reflects a disconnect between Government policy, the evidence and current expert thinking in the field. If the Government's goal of "evidence based policymaking" is to be upheld, then a public debate about the role technology has to play in our electoral process is long overdue. A scheduled public consultation on the introduction of e-voting would be a welcome development.

However, the Government's response to the Electoral Commission's report makes it clear that, from their point of view, this question has already been answered: e-voting is the way forward and the imperative now is to "support [the] implementation of a modernisation strategy", ie to make it work. What public consultation they will engage in will be focused around not if but how e-voting should be introduced. They refuse to accept, despite evidence from the UK and from abroad, that e-voting may not be a viable or desirable area of pursuit.

Elections are one of the most complicated areas it is possible to conceive of to which to apply digital technology. Not only must the system be robust and easy to use, it must ensure voters' anonymity and privacy, yet be transparent and auditable, and be completely secure against both external tampering and fraud by employees, consultants and the outsourced workers often used to develop components of the system.

A single software or hardware engineer can bias marginal seats a percentage point or two and there is a low probability of a professionally executed fraud being detected. In comparison, while fraud is possible with traditional voting systems any large scale fraud would require huge manpower and be difficult to conceal. We are told that e-voting will increase participation, yet the pilots tell a story of voter turnout increased marginally, if at all. The risks posed to our democracy by the introduction of e-voting outweigh these unproven benefits considerably.

Every voter expects their vote to count, and to count once. Until there is consensus that that expectation can be met, remote electronic voting should be reserved for the purposes for which it is fit - naming cats on Blue Peter and voting on the X factor.

[Read more] (2 comments)

November 09, 2007 | Becky Hogge

iPlayer: Open Rights Group on Groklaw

My interview with Sean Daly at Groklaw went online this morning:

Q: Now, let's talk about DRM for a moment. It seems that the current situation the BBC finds itself in with the iPlayer is largely due to the choice to use DRM. My understanding is that without DRM, the rights holders of third-party producers of television programs which are leased to the BBC would withold their programs from online distribution. What do you think is the solution to this? Should those programs just be taken offline?

Becky Hogge: OK, so you're right to identify the problem; in fact you've got it in a nutshell. The BBC is having to negotiate with the people who own the rights in the programs that it broadcasts, because the BBC doesn't own all those rights. For a start, it's bound to use 25% of its commissioning budget to commission programs from independent producers, or "indies" as they're called in the industry. And those indies, most of them, keep the rights, and, like you say, lease them to the BBC for broadcast in a certain window.

Equally, some of the BBC content that the BBC produces itself has got all sorts of complicated rights issues associated with it. That's when the actors, and the cameramen, and all the people that go into it don't necessarily sign over all the rights to the BBC in perpetuity. So this is a really, really difficult problem for the BBC. But at the Open Rights Group, we think that the BBC needs to be tackling this problem head on. Because if it doesn't, it's going to keep having to use digital rights management. And digital rights management is slowly but surely going to eke away the way it can fulfill its public service remit.

This isn't just about a small group of Linux users who can't access iPlayer and are getting stroppy about it. Using DRM is going to push the BBC into more and more of a commercial environment. And what's more, DRM is always going to lead to the kind of platform neutrality issues that the BBC is experiencing now. If you think about it, Apple iTunes, which uses the Apple DRM, is already being accused of distorting the market by regulatory bodies inside the EU. And the BBC is always going to face these issues. Now, what it could do is it could start now to think creatively about how it's going to negotiate with indies and other rights holders in the future.

Read the interview in full here. This morning, I've been at the BBC Future Media and Technology building in White City, recording a podcast for BBC Backstage together with some of the technical team behind iPlayer and Mark Taylor from the Open Source Consortium. I'll post a link to that as soon as it's up.

Update: Here's the BBC Backstage podcast.

[Read more] (1 comments)

November 01, 2007 | William Heath

ORG appoints new directors

We're delighted to announce three new appointments to the Open Rights board of directors.

Our recruitment process sought significant Board level experience including specific skills in areas such as law and finance. The new Directors possess both of these in spades: David Harris is a practicing IP / IT barrister, Dan McQuillan was Amnesty's web guru and Vijay Sodiwala brings substantial board level technology, media and telecommunications business experience. These appointments will nicely complement the existing range of skills and experience on our board.

Please have a read of their brief biographies, and the existing members, on our Board and Advisory Council page.

[Read more]

October 31, 2007 | Michael Holloway

Supporters Update - October 2007

Here - for your enjoyment - is this month's Supporters Update.

[Read more]

October 30, 2007 | Becky Hogge

Parents (and everyone else too): have your say in the Byron Review

The Byron Review is an independent review of the risks to children from exposure to potentially harmful or inappropriate material on the internet and in video games. ORG are preparing to submit a response and we're going to meet Tanya Byron, the clinical psychologist and star of BBC's House of Tiny Tearaways who's heading the review, at the beginning of next week. The deadline for ORG to submit a response is 30 November, and we need your help.

Questions for parents The call for evidence includes questions about the approaches parents are taking to making sure their children stay safe online or make the most out of video games. We'd like to gather the views and experiences of parents out there. Here are some examples of questions we need you to help us answer:

In what ways do parents seek to manage perceived risks of video gaming and how do they feel about their ability to do so?

What, if anything, needs to be changed in order to help children, young people and parents manage the potential or actual risks of going online and what are the pros and cons of different approaches?

You can read and respond to all the questions here.

Questions for everyone Also, there are some really open-ended questions for everyone, like "What are the benefits of video games for society?" or "What are the opportunities presented by the internet for children and young people?". ORG needs you to help answer these questions.

How to get involved The Review document is up on our interactive consultation tool, ready for your comments. Please take a look and add your views. There's also a wiki page for collecting resources.

[Read more]

October 29, 2007 | Michael Holloway

Government wants to be open

The results of the Freedom of Information (FoI) consultation are now public. Contrary to initial proposals, and in line with ORG's position, FoI regulations will not be modified to discourage applications. Equally encouraging are three newly announced inquiries, all touted to 'make Government more open'.

As you may remember from our collaborative drafting process, proposals would have blocked many of the more politically sensitive FoI requests on the grounds of cost. Along with the majority of other respondents, we argued that penny pinching was contrary to the spirit of the legislation. Due in part at least to this public pressure the Government have been forced to listen, and cool off on these proposals.

In the very same announcement, Michael Wills MP also spoke of 3 separate moves toward a new culture of 'openness' in Government. First, they will review the '30-year-rule', which is the period after which government records become historical and are handed over to the The National Archives. Of more interest to ORG, is a review of 'the way we share and protect personal information in the public and private sector', to be led by representatives of the Information Commissioner's Office and the Wellcome Trust. Last but certainly not least, is a consultation on extending the application of FoI regulations to include 'a range of organisations that perform public functions' i.e. private contractors doing government works. Watch this space for regular updates on each of these issues.

The last one is particularly interesting. ORG would have used these kind of powers in our recent e-voting campaign, when some of our FoI applications were turned down on the grounds of commercial confidentiality because the materials were held by private firms.

[Read more] (1 comments)

October 24, 2007 | Jason Kitcat

Gould Review on Scottish Elections Published

The Electoral Commission and the separate review by Ron Gould that the Commission instituted have published their reports on the Scottish elections of May 2007

The Gould Review in particular identifies a number of important issues, many of which ORG addressed in our own report on the elections published this June.

  • The Review identified 'fragmented and antiquated' legislation which made it difficult for elections to be properly run as responsibilities were split between too many bodies. The Review makes a number of good recommendations including appointing a Chief Returning Officer for Scotland and removing administrative responsibilities from the Electoral Commission to help clarify its role.
  • The Review finds that combining the Scottish parliamentary and local government elections was problematic and should not be repeated.
  • The Review agrees with ORG's finding that combining the two parliamentary ballot papers onto one sheet was the primary reason for the high level of rejected ballots. The Review argues that ministers appeared to want to combine the ballots from very early on whilst going through the motions of consultation and analysis. The Review recommends that in future two ballot sheets are used. Interestingly these findings are based on analysis of actual rejected ballots. From this the Review suggests, and ORG agrees, that anonymised rejected ballot images should be made available for analysis in all future elections.
  • The Review recommends that in future registered party names are used on ballot papers before any descriptions, if they are to be allowed. The ordering of these names would be by a public lottery. This confirms ORG's view that the use of 'Alex Salmond for First Minister' at the top of the regional ballot was confusing for voters in May 2007.
  • That electronic counting added complexity and contributed to ballot design problems was acknowledged by the Review. These were compounded by many late changes and decisions by ministers which were often poorly communicated to stakeholders.
  • The Review comments that while lead supplier DRS did put emphasis on delivering a reliable system, some problems encountered on election night were missed because final testing did not use the same configuration and data as used on the night.

While the Review makes a number of positive, but minor, recommendations regarding electronic counting, it unfortunately fails to address the security and technical issues encountered by ORG observers. It seems that once again a lack of technical expertise has led an elections report team to focus on other matters at the expense of important issues regarding the security, accuracy and auditability of e-voting and e-counting systems. Whilst building trust in e-counting systems is mooted, the obvious method of using sample manual recounts to check the accuracy of electronic counts is not once mentioned.

While ORG remains unaware of any plans to introduce e-voting in Scotland, the Review states that:

"We strongly recommend against introducing electronic voting for the 2011 elections, until the electronic counting problems that were evidenced during the 2007 elections are resolved."

We welcome this caution but it raises questions about moves that Gould may be aware of that we aren't!

The Review overall concludes that there was too much emphasis on completing counts quickly and this, along with managerial failings and politically-motivated decisions by ministers led to 'voters [being] overlooked as the most important stakeholders to be considered at every stage of the election.' ORG welcomes the Review's repeated emphasis on conducting accurate and high-quality counts over speedy counts. However it's notable that the Review lacks the kind of strong language which will encourage rapid action on the problems noted. The Review notes that:

"... we have had no intention of -- and, in fact, have scrupulously sought to avoid -- assigning blame to individuals and institutions or questions the legitimacy of the 3 May 2007 elections results."

Given this perspective it's difficult to see how the Review could have come to any strong conclusions that would force political action. By avoiding the question of the results' legitimacy the Gould Review has abdicated itself from an important responsibility. ORG expressed doubts over the results, as did others, and yet the Review we've all been made to wait for dodges the issue.

[Read more] (2 comments)

October 24, 2007 | Glyn Wintle

Microsoft accepts EC competition ruling on interoperability info: analysis

It's taken a while to pick apart Neelie Kross's announcement that Microsoft have accepted the conditions of the European Commission's 2004 ruling on abuse of market position. The European Commissioner for Competition Policy stated at a press conference on Monday that:

"Put together, these changes in Microsoft's business practices, in particular towards open source software developers, will profoundly affect the software industry. The repercussions of these changes will start now and will continue for years to come."

Yet it is not clear whether the news for open source is all that good.

Groklaw rightly points out that the €10,000 one-off fee for secret interoperability information "to be paid by companies that dispute the validity or relevance of Microsoft's patents" is out of reach of most of the open source community. And the options the European Commission lay out for open source developers implementing patented interoperability information are "design around these patents, challenge their validity or take a patent licence from Microsoft.", when, as Groklaw points out "The GPL can't take a license for a patent, period."

The FFII are one group not happy with the decision. In a statement issued yesterday, Benjamin Henrion, FFII representative in Brussels, accused the commission of misunderstanding the challenges faced by open source:

"The Commission does not understand how open source works. It naively accepted Redmond's assurances that they will play fair. It is a sham. They have planned for years to control the open source economy through software patents."

Business Week have a range of reactions from elsewhere in the software community, including the Free Software Foundation Europe and the European Committee for Interoperable Systems. As they put it, "The open-source software sector isn't popping open champagne bottles just yet."

[Read more] (2 comments)