Thursday, March 29, 2007

Government confirms woeful Internet voting security procedure

The idea of Internet voting is not something that fills me with fluffy warm participation feelings as it is well documented. Exposing the voting for local or general elections on the public Internet is, quite simply, universally stupid anyway. However, I've just learnt what the security protocols for getting, and exrecising an Internet vote will be and it's actually quite frightening.

According to the Constitutional Affairs minister, Bridget Prentice, if you want to vote via the Internet or by phone you will have to pre-register the same way you do for postal votes. In other words you fill in a form and either post it, or give it to someone to hand in.

In order to "secure" the Internet voting system there will apparently be a "combination of two codes, one provided by the elector and one by the local elections office" which will be used to "identify electors when they log on to vote".

So let me get this straight. I choose a code which the system has to know in conjunction with one issued to me by the electoral officer? How does my code make it onto a system? Something tells me I won't be entering it myself, something tells me I will have to put it on that form that I hand over to some random town hall person, post, or even worse, hand it over to a party political collector.

I dread to think what format the "code" will take. If its four figures you can guarantee that people will use their PIN number. That will be their PIN on a form with their name and address on it too. If it is six figures, they'll probably use their date of birth.

Call me a cynic, but as we saw with all-postal vote pilots, there are going to be massive appeals and claims about abuse of an Internet system, and the so-called security measures that will apparently protect voting integrity is frankly pathetic.


SimonW said...

Perhaps they will send an "activation pin" which you use once to confirm your registration and then choose your own "code"

Your own code should surely be a least 8 characters.

The current turn up and vote in person system is of course no means secure.

Perhaps we adopt the Northern Ireland approach to voting;

"Vote early and vote often"

dizzy said...

I agree re: current normal voting as well

Anonymous said...

Well, that's not really the case in Northern Ireland, is it? I seem to remember that they have indidivual voter registration in which you need to include your NI number(unlike the rest of the UK's household registration), you can only vote by post if you have a reason (like illness or are abroad), and you need to have ID like your passport to vote.

Its hardly easy to vote early and often with those safeguards, surely?

SimonW said...

I know "early and often" is an old and outdated view of NI elections and no longer applies. I used it here as a reminder of the lack of security with our correct voting system on the mainland.