The Open Rights Group have released their report on the 2008 London e-counting elections. The key finding is:

“…there is insufficient evidence available to allow independent observers to state reliably whether the results declared in the May 2008 elections for the Mayor of London and the London Assembly are an accurate representation of voters’ intentions.”

Once again voting technology has obscured the counting process and made it impossible for independent observers to have reasonable certainty in the results. A very expensive way to reduce confidence in our elections.

I was at the London count this year, as a Green Party counting agent, and everything in the report fits with what I noted.

Stuart Wilkes-Heeg's report “The Purity of Elections in the UK: Causes for Concern” [PDF download] has garnered some decent press coverage. Funded by the Joseph Rowntree Reform Trust (who also funded ORG's election observation mission in 2007), it's a good report which covers a broad number of areas in which our electoral system is weak (disclosure: I was interviewed by the report's author for their research).

A leader column in The Guardian, and a BBC News report both give the subjects a good airing. But it's so depressing to hear the same old 'maybe' response from the Government. They let this situation get to it's current appalling state whilst ignoring clear calls from The Electoral Commission and many other independent voices.

A clear, simple individual voter registration system based on diverse photo IDs (not the national ID card) is clearly what's needed — I just don't understand why the Government is running scared from this.

Michael Wills (Minister of State, Ministry of Justice):
There are no plans in the short term to extend the use of e-voting and e-counting to (i) local, (ii) European Parliament and (iii) general elections. (source)

How short term…?

I was sorely disappointed by the Ministry of Justice’s response to the Electoral Commission’s evaluations of the May e-voting & e-counting pilots in England (which implicitly addressed the ORG report on the elections which was formally submitted to both bodies).

Given past form it wasn’t an enormous surprise that the government failed to take on most of the lessons the disastrous May pilots offered up to them. As I’m knee deep in the Regency By-Election campaign ORG’s Chief Commandant par excellence (aka Executive Director) has led the charge on the blog posts: Firstly Open Rights Group dismayed by Ministry of Justice response on e-voting which is a joy to read and then a quick one on the Scottish Affairs committee.

By the way, if you’re not a member of ORG, why not?! Join today

(Also if interest is the Kable report on all this.)

Seven people are charged with conspiracy to defraud the returning officer in Bradford in connection with postal voting in the 2005 general election. (BBC News)

No further information is available but this is continued evidence of the security problems with postal voting that many including myself and the Committee for Standards in Public Life have drawn attention to. It's rather strange that it's taken more than two years for people to be charged, but without further information it's hard to know why this could have been.

I've just published a comment on the ORG blog about the Gould Review of the Scottish Elections this May '07.

Some additional interesting links since I submitted that piece:

• This Tuesday, Des Browne MP the current Scotland Office minister, commented on the Gould Review accepting a number of the recommendations including to not have e-counting at future Scottish Parliamentary elections, only at STV-based local elections. Full debate in Parliament

• David Cameron has called for Douglas Alexander (previously the Scotland office minister) to be stripped of his role as Labour elections chief. It's a cunning political move which further damages Labours reputation but Gould's review is careful not to name names, so Cameron doesn't exactly have a smoking gun. Guardian report and Times report

• BBC New coverage

I was delighted and relieved that agreement was nearly unanimous at the Open Rights Group's party conference fringe events. Attendees did not want to see e-voting and e-counting in British elections and were vocal in expressing their views.

I'd never done all three party conferences in one season before, truly a fascinating but exhausting experience. The events were hugely enjoyable to participate in and we were delighted by the thoughtful contributions our guest speakers and audiences made. You can listen to all the events on the ORG website.

Thanks to these events we've networked with politicians and agents from across the political spectrum. We've also significantly raised the level awareness on the severity of the risk e-voting and e-counting present electoral systems.

Now we wait for the government's response to the Electoral Commission's evaluations…

My friend Anne-Marie Oostveen, a founder of the 'We Don't Trust Voting Computers' foundation and current at Oxford Internet Institute writes:

Just a quick update on the Dutch e-voting situation. The last couple of days have been quite exciting in the Netherlands with regards to the use of voting computers. As you all might know, the foundation 'Wijvertrouwenstemcomputersniet' initiated a serious debate about the risks associated with the use of the voting machines by approximately 98 % of the Dutch population. It wasn't until the foundation showed with a well-documented hack how easy it was to commit fraud that Mr. Atzo Nicolai, the Dutch Minister for Government Reform and Kingdom Relations, decided in December 2006 to set up two committees to investigate the electoral process.

The first committee was led by ex-Member of Parliament L. Hermans and looked back to the early 60s to examine the decisions made surrounding the introduction of voting computers. The second advisory committee was chaired by Minister of State Mr. F. Korthals Altes. The task of this committee was to review the current electoral process in the Netherlands and make proposals to improve or alter it. One point the committee considered concerned the risks of using electronic voting versus paper ballots. The committee issued its 'Voting with Confidence' advisory report last Thursday 27 September 2007 in The Hague. Main conclusions: the ballot paper is preferable to electronic voting since it makes a recount possible and it is more transparent. Internet voting should be limited to people living abroad, citizens resident in the Netherlands will have to cast their ballots in polling stations, making vote selling and coercion very difficult, if not impossible.

The deputy Minister for Interior A. Bijleveld said in a first response that she would accept the committee's advice, and ban electronic voting. She announced that the 'Regulation for approval of voting machines 1997' will be withdrawn forthwith. Elections in the Netherlands will be held using paper ballots and red pencil for a while. After that, citizens will probably be using 'vote printers' and optical scan counting computers.

But this was not all! The icing on the cake came on yesterday 1 October 2007 when a Dutch judge declared that the use of the Nedap e-voting machines in recent Dutch elections has been unlawful. The District Court of Alkmaar decertified all Nedap voting computers currently in use in The Netherlands. The court order is a result of an administrative law procedure started by 'We do not trust voting computers' in March 2007.

More information: http://www.wijvertrouwenstemcomputersniet.nl/English

Articles in English: * http://www.engadget.com/2007/09/27/dutch-government-abandons-e-voting-for-red-pencil/ * http://www.dutchnews.nl/news/archives/2007/09/time_not_right_for_electronic.php * http://www.votetrustusa.org/index.php?option=com_content&task=view&id=2594&Itemid=26 * http://politics.slashdot.org/article.pl?sid=07/09/28/1216207 * http://www.theregister.co.uk/2007/10/01/dutch_pull_plug_on_evoting/

There will be an English translation of the 'Voting with Confidence' advisory report in a couple of weeks time.

Kind regards, Anne-Marie

I count 29 reports published by the Electoral Commission relating to the 2007 pilots in England. A bumper crop for one of the smallest set of pilots we’ve seen. I’ve not read them all page for page, but I’ve had a good long read. I do think these are the best Commission pilot reports ever and the team should all get a medal for the work they’ve put in to get these out in time for the statutory deadline.

They are really rather critical (good!) in particular, on e-voting, the Commission states that:

…there was insufficient time available to implement and plan the pilots,
and the quality assurance and testing was undertaken too late and lacked sufficient depth.

The level of implementation and security risk involved was significant and
unacceptable. There remain issues with the security and transparency of
the solutions and the capacity of th local authorities to maintain
control over the elections.

The Commission recommends that no further
e-voting is undertaken until the following four elements are in place:

• There must be a comprehensive electoral modernisation strategy
  outlining how transparency, public trust and cost effectiveness can be
  achieved.

• A central process must be implemented to ensure that sufficiently
  secure and transparent e-voting solutions that have been tested and
  approved can be selected by local authorities.

• Sufficient time must be allocated for planning e-voting pilots.

• Individual registration must beimplemented.

The Commission cannot support any further e-voting in the absence of a
framework incorporating these recommendations.

On e-voting supplier’s quality management, the Commission comments on all suppliers other than one who did try to be open:

No detailed information was provided by other suppliers about their development and configuration management processes, despite the information being
requested on more than one occasion.

This sounds very much like e-voting supplier tactics in the US.

Furthermore:

The level of security assurance of the pilots conducted in 2007 was
below that associated with other government IT projects, and best
practice in security governance was not followed.

But these rather worrying paragraph crops up:

However, the basic service provision of internet and/or telephone-based
services is a well-understood area, and while there are clearly issues
to be resolved related to security, transparency and usability, the
long-term implementation risk associated with the use of mature
technology within sufficient timescales by appropriately qualified
organisations should be acceptable.

So, yes, strong words from the Commission on failings in the implementation and procurement processes. But the Commission does seem to think that, overall, remote e-voting isn’t that challenging a proposition. I strongly disagree as do the vast majority of computer security academics. Those that are working on secure voting algorithms are focussing on polling station systems, not remote systems. The consensus is that the risks of remote e-voting, in particular, are far from acceptable as eloquently described in the SERVE (and subsequent) reports. I think it’s time to pull out my favourite quote from noted cryptographer and security expert Bruce Schneier:

“Building a secure Internet-based voting system is a very hard problem, harder than all the other computer security problems we’ve attempted and failed at. I believe that the risks to democracy are too great to attempt it.”