Can Current Technology Deliver Secure Mobile Voting Solutions?

red check mark over black box

Insecure technology is regularly cited as barrier to the use of online voting systems, in particular when casting your vote through your mobile phone, rather than putting your cross on a piece of paper and putting in a box at the polling station or mail box. At the same time those detractors trust the same mobile technology to place stock trades, initiate high value payments and more recently accessing their health records.

Internet voting – challenging but necessary

i voted sticker lot

What did you think of the US election? I don’t mean the candidates and the outcome. What did you think of the election process? Should it be possible for national elections of this type to be done online? Last week the IET published a paper on internet voting in the UK, led by our good friend at the University of Surrey, Professor Steve Schneider. It’s well worth a read. As the paper explains, internet voting for statutory political elections is a uniquely challenging problem. Firstly voting systems have exacting requirements and secondly, the stakes are high with the threat of state level interference.

The gold standard for voting

Electoral fraud isn’t a huge problem in the United Kingdom but it does happen, and it looks as if it’s been happening with increasing frequency in certain areas. So the government has decided to do something about it and they are going to introduce an “voter ID” scheme that will require people to provide some evidence of their identity when they go to vote, initially in local elections but presumably in general elections downstream.

The voter ID scheme will be trialed in 18 areas which have been identified by police and the Electoral Commission as being “vulnerable” to voting fraud, including Bradford, Birmingham.

From Voters will have to show passports to combat voter fraud in ‘vulnerable’ areas with large Muslim populations

And, as it happens, in my own dear Woking. But that is not the reason for my interest in the topic. My particular interest in electronic voting because it is one of the hard cases for digital identity. If we can figure out how digital identity can support something as complicated as electronic voting (complicated because of the requirements for secrecy, privacy, auditability) that shows it can be used for a wide variety of other applications. I’ve written before that I am in favour of electronic voting of some kind but I’m very much against remote voting, because I think that in a functioning democracy voting must remain a public act and if it is allowed in certain remote conditions then we cannot be sure that a voter’s ballot is either secret or uncoerced. While not the topic of this post, I think it is possible to imagine services where trusted third parties or electoral observers of some kind use mobile phones to go out and allow the infirm or otherwise housebound to vote.

We live in a Venmo world now, so if the under-30s want to vote using an app that tells their friends that they voted, or perhaps even how they voted, or perhaps allows them to add a funny picture or an acute comment, well so be it. But make it secure, and make them go down to the polling station to use it.

From Yes, we should make voting social, mobile and local | Consult Hyperion

 So it is not beyond the wit of man to come up with alternatives to the postal vote. But that’s not what is being proposed. The UK government is not currently proposing an app or any other kind of electronic voting here, it is merely proposing to add a basic test of entitlement at the ballot box. The entitlement is to be established using the proxy of the voters identity. How will this identity be established and the entitlement authenticated? Well…

Local authorities will be invited to apply to trial different types of identification, including forms of photo ID such as driving licences and passports, or formal correspondence such as a utilities bill

From Voters in local elections will be required to show ID in anti-fraud trials | Politics | The Guardian

Wait, what? A utilities bill? I should explain here for any baffled overseas readers of this blog that the United Kingdom has no national identification scheme or identity card or any other such symbol of continental tyranny, so our gold standard identity document is the gas bill. I understand that these are notoriously difficult to forge and that the skilled artisans behind the North Korean $100 bill “supernote” threw down their tools in frustration when faced with the multiple layers of security that are part of the British Gas quarterly statement for residential users. The gas bill is a uniquely trusted document, and the obvious choice for a government concerned about fraud. By the way, if for some reason you do not have a gas bill to attest to your suitability for some purpose or other, you can buy one here (for theatrical or novelty use only).

Why is it that the government never ask me about this sort of thing? Since they don’t have an identity infrastructure, why don’t they use other people’s? I would have thought that for a great majority of the population, especially the more transient and younger portion of the electorate (e.g., my sons) social media would provide a far better means to manage this entitlement.

I judge it to be far harder to forge a plausible Facebook profile than a plausible gas bill, so if I turn up at the polling station and log in to the Facebook profile for David Birch (if there is a Facebook profile for a David Birch, incidentally, I can assure you it isn’t me) then they may as well let me vote.

From Special Feature: Electronic voting, electronic identity and electronic entitlement | Consult Hyperion

None of this will help, of course, because the main source of electoral fraud in the UK is not personation at the polling station but fraudulently-completed postal ballots. Indeed, this is precisely what has been going on in my own dear Woking, where four people were jailed for electoral fraud last year. As far as I can understand it from reading the various reports, including the source reports on electoral fraud in the UK, the main problem is that postal votes are being completed by third parties, sometimes in bulk. No proof of identity is going to make any difference to this and so long as we allow people to continue voting by post I can’t see how the situation will improve. I notice that the minister in charge of voting was quoted on the BBC today:

Constitution minister Chris Skidmore said  “…In many transactions you need a proof of ID.”

From Electoral fraud: Voters will have to show ID in pilot scheme – BBC News

This is not, strictly speaking, true. In almost all transactions that we  take part in on a daily basis we are not proving our identity, we are proving that we are authorised to do something whether it is to charge money to a line of credit in a shop, ride a bus or open the door to an office. In these cases we are using ID as a proxy because we don’t have a proper infrastructure in place for allowing us to keep our identities safely under lock and key while we go about our business. What you should really be presenting at the polling station is an anonymised entitlement to vote that you can authenticate your right to use. It is nobody at the polling station’s business who you are and, in common with many other circumstances, if you are required to present your identity to enable a transaction then we have created another place where identity can be stolen from.

The real solution is, of course, not using Railcards or football supporter’s cards, or indeed special-purpose election ID cards, but a general-purpose National Entitlement Scheme (NES).

From Special Feature: Electronic voting, electronic identity and electronic entitlement | Consult Hyperion

If memory serves, I think this is what my colleagues at consult Hyperion and I first proposed in response to a government consultation paper on a national identity scheme around 15 years ago. Oh well.

Voting and common sense

Well, it’s General Election day today in the UK so I’ll be off down to the local polling station to cast my vote later on. This may be the action of a dying breed. Something like a sixth of the votes cast at this election will be postal votes and there are calls to allow people to vote at home using their PCs or smartphones just like they do for “Britain’s Got The X-Factor On Ice” or whatever it is that the general public watch on their televisions now. I’m not a fan of this kind of electronic voting.

A hacked election, or worse still, an election in which online voters buy and sell votes, would be a disaster for democratic legitimacy.

[From On internet voting, rescuing migrants, Malaysia, Turkey and gas, Scotland, the Miliband brothers: Letters to the editor | The Economist]

Well, a hacked election would be a problem, or a least an election that is hacked more than it is through postal votes right now. But buying and selling? I’m not so sure. I don’t see the ethical difference between “vote for us and we’ll give you free childcare” or “vote for us and we’ll ring-fence your pension” or “vote for us and we’ll push up your house price” and “vote for us and we’ll give you £10”. But that’s not my point. My point is that equating electronic voting with a lazy alternative to the polling booth is the wrong way to look it at.

You argue that allowing online voting in Britain would increase the number of youngsters who participate in elections (“Apathetic fallacy”, April 18th). But where is the proof? Actually, the evidence is that internet voting does not increase voter participation.

[From On internet voting, rescuing migrants, Malaysia, Turkey and gas, Scotland, the Miliband brothers: Letters to the editor | The Economist]

Frankly, if someone can’t be bothered to get off the couch and go round the corner to vote, I’m not sure I should care what they think about the way that the country is going to be governed for the next five years. That’s not what electronic voting should be about. Electronic voting should be about process re-design, modernisation and re-implementing democracy for the post-industrial age.

Is there a way to use technology to improve democracy — not only by changing the medium but by rethinking the whole interface? Well, there might be. And it is a brand new idea — in humans, at any rate.

[From Humans are doing democracy wrong. Bees are doing it right » The Spectator]

This is where electronic voting can help. Not to deliver voting by text message or WhatsApp but to deliver a new and better voting system. Now, I’m not qualified to say what that system should be, although I can see that there are many interesting alternatives to our “one man, one vote (if he can be arsed)” system.

Under Quadratic Voting (QV), by contrast, individuals have a vote budget that they can spread around different issues that matter to them in proportion to the value those issues hold for them.

[From Humans are doing democracy wrong. Bees are doing it right » The Spectator]

In an industrial age, a simple cross on a ballot paper made sense. Today, however, it should be possible to implement more sophisticated democratic systems to deliver a more accurate mandate but with simple user interfaces for everyone to use. QV on paper while standing in a polling booth might be daunting, but if you can download the smartphone app and then spend as long as you like messing around allocating your vote budget before taking the phone down to the polling booth to deliver your secure and cryptographically-protected votes via Bluetooth Low Energy (BLE) from your Trusted Execution Environment (TEE) is a different matter. Just as I always thought about eCash in the only days, Bitcoin might be more useful for voting than for paying.

Well, technology can make it easier to vote. But if there’s an app for that, we should still make people vote in public.

[From Yes, we should make voting social, mobile and local]

And to finish, one of those songs you saw on “Top of the Pops” as a kid that blew you away. I still have this album on my iPhone and I still listen to it around once every month. The best song about democracy EVAH.

Happy election day everyone.

Special Feature: Electronic voting, electronic identity and electronic entitlement

Dgwb blog white border

There is a good way to fix the problems with voting, and it’s not with photocopies of gas bills or Railcards. Time for a National Entitlement Scheme.

Something must be done.

At Consult Hyperion, we are interested in electronic voting for three main reasons:

  • We are thought leaders in the digital identity space and electronic voting is a key “stress” application for digital identity;
  • We advise public sector clients on national identity and identity-related schemes (eg, the Irish Government’s Public Services Entitlement Card);
  • While people think about electronic voting in national and other political elections, there are a great many other applications of interest to our clients. A good example is the use of electronic voting for corporate purposes to replace postal voting at shareholder meetings, where the techniques developed for political elections could be used to reduce costs.

The practical deployment of, and experiences learned from the use of, new electronic voting systems are invaluable input into the wider question of identity infrastructure for a modern society, which is why we were delighted to be able to sponsor the 4th International Conference on e-Voting and Identity at the University of Surrey last year. This turned out to be an excellent event and we learned a lot about the different approaches to the problem, constraints, potential solutions and so on. As it happens, there are a great many practical problems around voting, and the solutions are complicated. But there are real social needs that must be addressed, and one of them has just reappeared in the British media.

Voters should be required to show photo ID at polling stations in Great Britain to lessen the risk of fraud, the Electoral Commission has said.

[From BBC News – Voters ‘should be required to show photo ID at elections’, says watchdog]

Personally, I’m in favour of voter IQ laws as well as voter ID laws, but there you go. While electoral fraud is not rampant in the UK, it is certainly not non-existent. The Electoral Commission in fact identified 16 out of the 400 local authority areas in the UK as being at risk, one of these being my own dear Woking, where we have a long and proud traditional of electoral fraud and only last year one of the candidates in local elections was found guilty of electoral fraud. The Electoral Commission highlighted the major problems that have been identified around postal voting (which I do not think should be allowed, but that’s another issue). Foreign readers might be surprised to learn that when you go to vote in the UK you simply give your name and it is crossed off of a list of eligible voters, much as it was when the first Viscount Watkinson was returned as Woking’s MP in 1950 when the constituency was created, or for that matter when Sir Talbot Buxomley was first elected MP for Dunny-on-the-Wold in the reign of George III. This arrangement is no longer immune from the suspicion of personation, so the Commission has recommended the use of photographic ID.

The research revealed that some people were concerned that a requirement for photographic identification would discriminate against certain groups of electors, who would not necessarily have any form of photographic documentation, such as a passport or driving licence.

[From Security Document World]

Similar issues are to the fore across the pond where the US voter ID situation is in a bit of a mess. If I understand the current situation properly, one of the problems with the just-introduced Voting Rights Amendment Act 2014, which is a response to the Supreme Court striking down part of the Voting Rights Act last year, is that there is potential for discrimination against people who are not able to obtain a “Voter ID” card. You can see their point. In other countries, this isn’t a problem, because everyone has some form of ID card. But in the US which, like the UK, has no identity infrastructure, then “systems” developed for other purposes will have to be sub-optimally commandeered. This is the sort of thing that is going to be proposed in, to pick a random example, Nevada.

The new voting system also would link with Department of Motorized Vehicle’s license database, allowing poll workers to visually verify the identity of the person attempting to vote.

[From Nevada secretary of state gets mixed reaction to voter verification proposal – Las Vegas Sun News]

Since the British government recently announced that it was going to put driving licence details online anyway, then I imagine there would be some pressure to use this database, despite its being known to be notoriously inaccurate. But what else do British subjects have to hand with a photograph on it, if not a passport or driving licence? My son could use his student ID card, I suppose (although I am rather against allowing students to vote, on principle) although I’ve no idea how it might be verified on the day. Perhaps they could ask us to sign to vote?


On a recent expedition to New York I was asked for photo ID as condition of entrance to a well-known landmark. I produced the (expired) building pass for our Madison Avenue office as was waved through. Which illustrates what is to me a central problem: if I am required to produce a photo ID at a polling station, it will do nothing to prevent fraud. The polling stations are manned by local volunteers doing their civic duty, not by expertly-trained anti-fraud personnel who are skilled in the inspection and detection of counterfeit identity documents. If I show up to vote and present a driving licence, a Portugese fishing licence or an England football club supporter’s card, the polling station staff will have no means to verify it. As it happens, some UK pressure groups are against photo ID in principle anyway, because it discriminates against people who don’t have a photo ID. Consequently,

the idea of voters being requested to provide a non-photographic form of identification at the polling station was welcomed in principle by both the public and electoral administrators.

[From Security Document World]

This seems utterly stupid to me but it is certainly in the great British tradition of pointless activity! It follows the tried and tested political theory of “something must be done, this is something, therefore it must be done”. So the Mother of Parliaments will rest on a franchise that is protected by photocopies of gas bills, since as we all know, electoral terrorists dedicated to subverting democracy will be unable to forge those. Not that I can produce one anyway, because my gas bill is electronic.

Compared to this, the TSA’s decision to accept Facebook profiles as valid identity for boarding flights in the US seems sound. On balance, I judge it to be far harder to forge a plausible Facebook profile than a plausible gas bill, so if I turn up at the polling station and log in to the Facebook profile for David Birch (if there is a Facebook profile for a David Birch, incidentally, I can assure you it isn’t me) then they may as well let me vote.

The USA’s Transport Security Administration is accepting sight of a traveller’s Facebook profile as a form of ID, it has emerged.

[From Facebook profile accepted as ID at airport security | The Drum]

One can imagine that this approach might itself still be further secured by the addition of photo ID. There’s an app for that…

An upcoming app for Android, iOS, and Google Glass called NameTag will allow you to photograph strangers and find out who they are — complete with social networking and online dating profiles.

[From Facial recognition app matches strangers to online profiles | Crave – CNET]

So all we need to do is equip the polling clerks with Google Glass and job done? I don’t think so. I think we should think about what infrastructure is needed here and then work out the best to way implement it. There are a great many circumstances in which I would certainly imagine a Facebook profile to be a much better form of identification than a photocopy of my gas bill, but voting isn’t one of them, especially if there are already concerns about fraud.

But Electoral Commission chairwoman Jenny Watson said most voters could use passports, driving licences or even public transport photocards to prove who they are at polling stations. Those without any of these documents could request a free elections ID card, she added.

[From BBC News – Voters ‘should be required to show photo ID at elections’, says watchdog]

I am not making this up. Gas bills, Facebook profiles and railcards. That is where our democracy is in 2014. What a joke.

This is something.

The real solution is, of course, not using Railcards or football supporter’s cards, or indeed special-purpose election ID cards, but a general-purpose National Entitlement Scheme (NES). Few readers will remember this, but some time before the UK government’s last attempts to introduce a national identity card, there were consultations around a much better idea, which was a national entitlement card. As my colleague Neil McEvoy and I pointed out in Consult Hyperion’s response to this consultation, the “card” is only one mechanism for storing and transporting entitlements and in the modern age there might be better ones, such as mobile phones for example, that can not only present credentials but also validate them.

It is time to revisit that proposal to try and get the British government out of its muddle about identity infrastructure. A future administration will certainly have to introduce something, not only because of the issue of voting fraud but due to continuing concerns about illegal immigration, health tourism, benefit fraud and so forth. Suppose that the vision for national identity (based on the concepts of social graph, mobile authentication, pseudonyms and so on) focused on the entitlement rather than on the transport mechanism or biographical details? Then, as a user of the scheme, I might have an entitlement (ie, a public key certificate) on my purpose-built national entitlement card (so that’s some of the population taken care of), I might have a entitlement certificates on my bank card (so that’s the overwhelming majority of the population taken care of) and I might have certificates in my mobile phone (so that’s 99.9% of the population taken care of). Remember, these certificates would attest to my ability to do something: they would prove that I am entitled to do something (access the NHS, open my office door, buy things in Waitrose), not who I am. They are about entitlement, not identity as a proxy for entitlement. The government could give out free smart card readers (as they do in Spain) or leave it to the banks to distribute them.

In practice, I think the example set by a modern countries such as Turkey and Estonia are most attractive: I log in to the whatever with some pseudonym, the service provider sends a message to my mobile phone (over-the-air or via NFC or BLE in the future), the PKI in my SIM decodes the challenge and signs the response, and I’m connected. Securely and simply. And if other service providers want me to log on in the same way, they can issue their own certificates as well. There’s a similar approach to this in Norway except there the IDs are issued by the banks and used by the government and other private sector organisations. Imagine a national entitlement scheme that used this technology: it would be efficient and cost-effective, since it would use the phones that people already have to deliver services that they definitely want.

And, best of all, my phone would be able to check the entitlement presented by your phone, so none of us would need special equipment. I show up with my phone and claim that I am entitled to vote: my phone presents a meaningless but unique number, this is entered manually or automatically into the polling clerk’s phone which flashes up my picture if I am entitled to vote or a red cross if I am not. I show up with my entitlement card and the polling clerk reads it using their NFC interface, and so on. Instead of postal votes, the polling clerk can go to the old folk’s home and let them vote individually, certain that they are not being threatened or cajoled.

Should people be allowed to go one step further and simply log in to vote from home? For political elections, I think not. Voting must be in public in order to dispel any suspicion of coercion. Maybe it won’t have to be a polling booth any more (you could have general elections that last a week during which people can vote at Post Offices or bank branches or whatever), but it has to be somewhere public.

Therefore it must be done.

It seems to me that a national plan to finally do something useful about identity might obtain “parasitic vitality” (to use one of my favourite ID phrases) from the specific issue of voter ID. In the UK and in the US, this might be a way to both improve security around the act of voting as well as vector for deployment. Maybe electronic voting can be a focus to get the Cabinet Office’s Identity Assurance (IDA) scheme a flagship and get the public and private sector working together to deliver an infrastructure that will be of benefit to all.  I should mention in passing that we have been working with the Cabinet Office on one of their “Alpha Projects” in the North of England which, as it happened, included photo ID for authentication as one of the use cases.

I’ll be talking about the idea of National Entitlement Scheme (NES) in my keynote at the 17th annual Consult Hyperion Tomorrow’s Transactions Forum in London on 19th and 20th March 2014. Unfortunately, mine will only be the second most interesting keynote at the event, because the kick-off keynote will be by Felix Martin, the author of “Money: The Unauthorised Biography”. As always the Forum — thanks to the fantastic support from our platinum sponsors Visa Europe & VocaLink, and our sponsors Fiserv & Olswang — is limited to 100 places. Oh, and did I mention that all delegates will be getting a complementary copy of Felix Martin’s excellent book, by the way?

See you at the America Square conference centre on 19th March at 9.30!

Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
Verified by MonsterInsights