E-voting: why it was abandoned in the UK

Back in the early years of this century, the UK was at the forefront of testing out e-voting for public elections. An extensive series of pilots were held and then … e-voting fell out of favour, because the pilots were not a success for a wide range of reasons. The issue still keeps on popping up, so having recently come across again what I wrote back in 2003 about those pilots, those lessons are worth restating. Here is what I wrote back in the summer of 2003. Luckily the last paragraph turned out to be wrong.

E-voting: triumph or disaster?

According to the e-voting industry, the e-pilots this May [2003] were a triumph. “Everyone’s a winner” said the Athena Consortium, responsible for pilots in Swindon and Stroud. Stroud’s own press release talked of “E-voting success … The figures are a major success for the Council.”

Whilst one in five of the total votes cast in Stroud were cast electronically, overall turnout was down 7% from the last comparable elections. Letting people vote in a different way provided a choice which some took, but it didn’t result in more people voting overall.

It was a similar story elsewhere. Swindon saw its turnout fall by just over 1%. Across all of the e-voting pilots, turnout was unimpressive, being down slightly (0.4%) on the last comparable elections.

Given the failure of the e-pilots to boost turnout, it is not surprising that the Government and the Electoral Commission focused on other aspects of May’s pilots in their immediate reactions.

The Electoral Commission’s initial response has been to highlight the successes of all-postal pilots in raising turnout and to be largely quiet about the e-voting pilots.

The minister, Nick Raynsford, has been more forthcoming in praising e-voting pilots, though using the argument that they were a success because of the number of people who used them – regardless of the fact that often fewer people in total were voting – and glossing over the cost and security issues.

The more subtle version of the turnout argument, and the one which the government and Electoral Commission are increasingly using, is that e-voting and similar might not raise turnout now. But imagine in an even more wired world in 15 years time…

Well, maybe. But online banking hasn’t finished off phone banking. Phone banking hasn’t finished off postal banking. And none of them have finished off banking in person. The penny post was introduced the century before last and the postal service is still with us.

Even so, providing choice – a range of voting channels in the jargon – can’t be bad, can it? That depends on practicality.

Basic errors

e voting screenIn several of the pilots, very basic errors were made – for example in two of them there were no backup alternatives available for key pieces of IT equipment.

One of these was Sheffield, despite the city’s advantage of having also run an e-pilot last year as well. Indeed, the Sheffield pilot was littered with basic IT project management blunders. Two staff were made available by one of the contractors to maintain IT equipment on polling day – but they were not provided with any transport with which to get to the polling stations if a problem occurred!

One polling station never received its ISDN line for on-line checking of whether or not people had voted – so allowing people to vote twice on the day, once there and one at another polling station, without any checking taking place that would catch them.

It’s the future – it’s the back of an envelope

Presiding officers at polling stations were not all supplied with paper registers to use in case of IT failure – with the result that when an inevitable malfunction occurred in one polling station, staff had to improvise ways of trying to keep records of who was voting and, according to Richard Allan MP, the result was that they “literally used the ‘backs of envelopes’.”

Given these blunders, and others both in Sheffield and elsewhere, it is perhaps no great surprise that neither the Electoral Commission nor the Office of the Deputy Prime Minister (ODPM) have so far shown much interest in taking responsibility for the actual performance of the pilots on the ground.

But despite their experimental nature, the pilots are still about real elections – with real candidates, real voters and real decisions to be made. Is it really satisfactory for the public and candidates to have to go through an election which is being run so badly?

There are in theory two important quality controls on the e-voting pilots. The ODPM has drawn up a list of preferred suppliers for local authorities to work with and also has a say over the overall pilot programme each year. Yet these controls have manifestly failed – too many of the pilots in May were badly run.

It would be too easy to say that the lesson from the technical problems with May’s e-voting pilots is that for e-voting to work, we just have to get a bit better management. The pilots have rather exposed a much more widespread failure to manage IT projects successfully – across several councils and several contractors and with inadequate supervision from ODPM. These widespread flaws can’t be remedied by a brief set of exhaustions to get it right next time.

iMacs or brown envelopes?

There is no doubt that e-voting is rather sexier than the traditional ways of voting or even all-postal voting. A voting future which involves iMacs and websites is more eye-catching than one dependent on pencil stubs and brown envelopes. But that doesn’t mean it is any better, especially when the matter of security is added to the list of concerns.

Securing computers

The old IT joke is that the only secure computer is one which is switched off with all the cables pulled out. Very secure, but not very useful.

Despite the need for care, some of May’s e-pilots showed a naïve approach to security. One example was the Chorley pilot, where the statutory instrument passed by Parliament said that the ballot papers should have bar codes on the back which can be “read by an electronic scanner but not by eye.” Although it is an esoteric skill, reading barcodes by eye is possible – and no doubt there would be many training sessions at conference on how to read a bar code if this “security” system was to be widely used!

More generally, one of the most important requirements for an e-voting system the public can trust is to have a clear audit trail. To have confidence in the result, we not only need to know the result but also to be able to check how it was derived. It is rather like bank accounts – how many people would trust their bank if they were only told their balance at the end of the month, but never sent any statements or given information in-between?

However many of the e-voting systems piloted have very few, if any, audit trails that can be checked in practice and many of the involved have little interest in audit trails. For example, the Basingstoke returning officer stated that if there was a query over the number of votes the computers said were cast, he would only be willing to check the figures after he declared the official result and it became legally binding, only subject to very expensive legal action.

It would be like a bank telling a small business it was going to call in a loan and bankrupt it – but if you said it had got its figures wrong on the size of the loan it would only check them after you had been bankrupted rather than before.

Lib Dem agents save the day

Other major security problems at Basingstoke were only avoided by the intervention of the Liberal Democrat agent, Keith Watts. One concern with electronic machines is that someone may electronically stuff them with votes before polling begins. It is therefore important to be able to check that the machine is ‘zeroed’ before voting starts. Yet in Basingstoke the original plan was to let machines be used even if the machine refused to produce a zero print.

Similarly in Epping the Chief Executive was prepared to side-step the safeguards which normally come from the ability of agents and candidates to query a result before it is declared. In his case, he told a member of an ODPM study visit that he was prepared to declare results even without agents or candidates present.

In one ward in Epping, there were more spoilt votes than there were for one of the Labour candidates (just over 100 votes). Although the result was queried, and it was confirmed that there was roughly the same number of spoilt votes across each machine used in the ward, it is still very difficult to believe that there wasn’t a significant technical failure here, such as a collective configuration error.

It was nearly much worse. When Jon Whitehouse, one of the Lib Dem agents, went to a briefing session he was startled to hear that the machines were all set to be configured with a “none of the above” option on the ballot paper.

Never mind that the law does not allow this, nor that no-one had been consulted on this major change!

When Jon protested he got the machines changed, but it was only thanks to his last minute decision to attend the meeting (when another engagement was fortuitously cancelled) that the election did not go ahead with “none of the above” on the ballot paper by mistake.

As with many of the other e-pilots, the clear conclusion is that the pilot system is deeply flawed – letting far too many wrong or bad decisions through.

The verdict

It is easy to slip into being too enthusiastic about e-voting – it sounds modern, talking about it attracts media interest (would journalists turn up to hear a minister talking about wanting a new envelope design for postal votes?) and there are plenty of companies with a sniff of big profits at a possible e-enabled general election making their case.

But what really have we seen so far? It’s expensive, it comes with extra security and fraud risks, many of the pilots have been embarrassingly basic errors and it barely raises turnout.

There are some benefits – e-voting systems can be designed to cope well with the needs of visually impaired people and some people certainly like e-voting. The downsides though are large – including the risk of technical failure wrecking an election, the security problems and the high costs so far.

Is the Government listening? Probably not so far – the ODPM’s press release on the pilot results only conceeded, rather dismissively, “a few minor technical problems.”

Read more by or more about or .
This entry was posted in Online politics and Op-eds.
Advert

10 Comments

  • David Walden 25th Jan '11 - 12:17pm

    The basic problem with e voting (and many other of the ‘new’ methods) is that there is no guarantee that it will be a secret ballot.

    The only way to assure that is to go back to having everyone casting votes in polling stations. If people can’t be bothered to go and do that (hardly an onerous task, in my opinion) then in my opinion they will get the government they deserve. The only exception that can be allowed is a duly certified medical reason. I think this whole initiative is an attempt to solve a problem that does not exist.

    People don’t turn out to vote if they don’t believe that it will make any difference. That is the question all politicians should be addressing.

  • Andrew Shuttlewood 25th Jan '11 - 1:40pm

    Why are people STILL trying to push e-voting. It is a stupid idea. Really really stupid. Please, if somebody suggests it tell them to stop suggesting it and forget about it.

    It is utterly moronic, and if you ask around you’ll find that out of computer professionals the only people who want it have some sort of vested interest in it.

    I hate to make an argument from authority, but I’ll just post some information from somebody far more skilled to speak about it than me:

    http://www.schneier.com/blog/archives/2004/11/the_problem_wit.html
    http://www.schneier.com/blog/archives/2006/11/more_on_electro.html
    http://www.schneier.com/blog/archives/2008/07/dan_wallach_on.html

    The chap who wrote this is pretty much an expert in the field, he’s best known for two well known books he’s written, and also as a participant in various new encryption key challenges, which led to multiple new encryption algorithms frequently in use today.

    Applied Cryptography
    http://www.amazon.co.uk/dp/0471117099/?tag=libdemvoice-21

    and Secrets and Lies
    http://www.amazon.co.uk/dp/0471453803/?tag=libdemvoice-21

  • 1) Stop tinkering with ballot box voting. Simple and transparent is best.
    2) Shift elections to weekends
    3) New electoral system, so every vote counts
    4) Make voting compulsory.

    Not rocket science.

  • Andrew Suffield 25th Jan '11 - 10:31pm

    One concern with electronic machines is that someone may electronically stuff them with votes before polling begins. It is therefore important to be able to check that the machine is ‘zeroed’ before voting starts. Yet in Basingstoke the original plan was to let machines be used even if the machine refused to produce a zero print.

    And that’s not even sufficient anyway. There was one vote counting machine in the US which would print zeros when given a memory card with negative values on it, with the outcome being every bit as bad as this sounds.

    The chap who wrote this [Schneier] is pretty much an expert in the field, he’s best known for two well known books he’s written, and also as a participant in various new encryption key challenges, which led to multiple new encryption algorithms frequently in use today.

    He’s also published at least two systems for casting paper votes, with mechanical assistance available for those who want it, which were even more secure than current systems (one of them, memorably, allowed you to verify that your vote had been counted correctly while making it impossible for you to prove what your vote was, so it was immune to both counting errors and vote buying).

    Such systems look roughly like: you go to a machine which presents you with a ballot in a form you can handle (any language, read aloud, braille, or whatever) and cast your vote. It spits out a piece of paper. You validate the contents of this piece of paper however you like and put it in the ballot box; if it’s wrong then you rip it and hand the halves in to the officer, and cast a new ballot. This piece of paper can be securely and efficiently counted both by hand and by machine; and in fact, should be counted by both, and you keep going until the totals agree. No ambiguous ballot papers, no “lost boxes” because you know exactly how many ballots were cast. Hugely more reliable than any current system.

    Of course, it’ll never happen. Almost all the people who want these systems want them for very bad reasons.

  • Evote or Not Evote. At the moment I live in France and have since 2005 meaning this vote in December is the last vote I will be entitled to! To vote in a postal ballot I need to register with my last voting authority. They will then send me an acknowledgement and given time a ballot. The completed ballot is then returned by post (there is no fax/email/electronic) mechanism)to send. My ex local authority admitted many postal ballots were too late to be included.!!!

    The UK is reputed to be a modern technically literate country. We can bank online vote for TV online et al. With blockchain and other encryption systems are you seriously telling me that evoting in a general election is too difficult for our returning officials. If so they need serious help! As for how serious voting is for some voters – it ought to be very serious!

Post a Comment

Lib Dem Voice welcomes comments from everyone but we ask you to be polite, to be on topic and to be who you say you are. You can read our comments policy in full here. Please respect it and all readers of the site.

If you are a member of the party, you can have the Lib Dem Logo appear next to your comments to show this. You must be registered for our forum and can then login on this public site with the same username and password.

To have your photo next to your comment please signup your email address with Gravatar.

Your email is never published. Required fields are marked *

*
*
Please complete the name of this site, Liberal Democrat ...?

Advert



Recent Comments

    No recent comment found.