Sunday 20 October 2013

GDS and the Electoral Commission

Have you recently received your voter registration form?

If so, you may have noticed that, depending on where you live, you can now register on-line via www.elecreg.co.uk. This website is operated by a company called Halarose Ltd, who have contracts with 80 UK local authorities to provide "democracy through technology", as they call it.

The briefest of investigations on the Companies House website suggests that Halarose has a paid-up share capital of 9¼ pence, which looks like the start of an interesting story, but that's not why we're here today.

What follows in this paragraph and the next would be correct if NSLOOKUP was correct ... NSLOOKUP suggests that the IP address of www.elecreg.co.uk is 54.247.162.156 and if you look that up on RIPE you draw a blank. Which is odd, because RIPE is where you'd expect to be able to find the details of a European website.

... but NSLOOKUP isn't correct so, in the event, there's no UK-electoral-rolls-stored-in-the-US story here ... But the electoral rolls of these 80 UK local authorities aren't being stored in Europe. They're being stored in the US, on Amazon servers, according to ARIN, the Regional Internet Registry for North America. That looks like the start of another interesting story but, again, that's not why we're here today. ... please see update below 

"You do not have to vote", it says on the back of the form, "but by law you have to give us the information we ask for in this form". It is now a legal requirement to register. That's all to do with the Electoral Registration and Administration Act 2013. Interesting. But not why we're here today.

"Important information about how you register to vote", it says on an accompanying sheet of paper, which mentions individual electoral registration (IER), can be found if you trot along to http://www.electoralcommission.org.uk/voter-registration/individual-electoral-registration. Don't bother. You get "Page not found". Boring. And not why we're here today.

That's four topics we're not interested in just at the moment. And there's a fifth. The password – or "security code" as they call it – to log on to www.elecreg.co.uk is printed in plaintext for all to see at the top right corner of the voter registration form. Bad practice, securitywise. To put it mildly. But that's still not why we're here today ...

Working with GDS
... no, the object of interest today is GDS, the Government Digital Service, the "elite team of digital experts" as the Guardian called them, tucked away in the Cabinet Office, where they have "sparked a radical shake-up in the way the government does its business".

"Some of the UK's best designers and developers" are working at GDS according to the Guardian and they have a lot to teach Whitehall. They are busy producing 25 exemplars, and in GDS's own words:
We are running this programme of continual iteration in the open. You can follow our progress at www.gov.uk/transformation, where we’re regularly publishing information about every exemplar. You’ll see performance data, screenshots and status reports of where each service is at, and we’re going to add more to it as each service progresses ...

It’s important that we continue to publish these updates in public, that we report on the services we’re transforming, and that we blog about our progress. Publishing this means more of our colleagues can see what’s happening and what part they play in the process. It’s also the best way to make sure that we’re accountable for the things we build. As our design principles say, if we make things open, we make things better.
Exemplar #1 is devoted to IER and, it's odd, but the development of this exemplar isn't open, you can't follow GDS's progress, there's no performance data, there are no screenshots, there's no status report and you have no idea how GDS are transforming the electoral registration service, which makes it hard to hold them to account and hard to know if they're making things better.

But then, you're just the public.

The Electoral Commission are a different kettle of fish. They've had the pleasure of working with GDS on two pilot exercises to see if matching electoral roll data against the National Insurance Number database, and other databases, would make it easier to compile a complete and accurate roll.

Back to the Electoral Commission website.

In their July 2013 report on the second data-matching/data-mining pilot, they say (p.2 onwards):
• There were considerable delays to the original timetable for establishing this pilot. A significant cause of the delays was the lack of capacity and resources within Cabinet Office (and the Government Digital Service (GDS), which is part of Cabinet Office) due to their workload related to the transition to IER ...

• For the national data mining, Cabinet Office’s original intention was that pilot areas should adopt a fairly standardised approach to checking the data received and contacting the individuals identified, to ensure that results were comparable. In practice, however, the nature and extent of follow up work varied widely.

• Much of this variation was caused by practical difficulties, for example the need to spend more time than expected in ensuring the accuracy of the data received. However, some of the variation could have been avoided if there had been fewer delays and a greater level of support provided by Cabinet Office to pilot areas. In particular, a few areas told us they felt unsupported and were unclear about what to do ...

• It is not possible to produce an overall figure for the cost of this pilot. This is because we do not have final costs for all pilot areas or any costs for Cabinet Office (including GDS), who conducted much of the work.

• We are also therefore unable to estimate the cost per new elector registered or the likely cost of any national rollout. Any estimates of these would need to include the cost of coordinating and managing the pilot (the role taken by Cabinet Office in this pilot), as any future work with data mining would require some form of central coordination ...

• The reasons that so many existing electors and ineligible individuals were returned on the data include poor data specifications from Cabinet Office ...

• Inconsistent address formatting and incomplete addresses are likely to have contributed to the significant numbers of existing electors returned in the data (Cabinet Office could not provide the data which would have allowed for a definitive assessment) ...

• In order to answer this question [Is data mining a cost effective way of registering new electors?], we would need to assess the cost benefit of data mining by, for example, calculating the cost per new elector registered. However, we are unable to do this as Cabinet Office could not provide details of their expenditure on the pilot. As they managed the process and conducted much of the matching and data processing, their costs could be significant and are crucial in reaching any realistic assessment of cost effectiveness ...

– The addresses appeared to be more complete than those held in other national databases but a poor data specification from Cabinet Office meant that the format was inconsistent ...

The findings from this pilot do not justify the national roll out of data mining ...

In addition, there were numerous issues in this pilot with the communication and support provided by Cabinet Office ...

Cabinet Office need to ensure that they maintain good communication between themselves, the data holding organisations and EROs [electoral registration officers] throughout the process, including after data from the national databases has been returned to EROs ...
Four professors, as we have already seen, found GDS's performance to be less than exemplary. Now GDS have lost the Electoral Commission's vote. And along the way, Francis Maude's faith in data-matching has been undermined. That voter registration form that landed on your doormat has a weighty story to tell.

----------
Update 21 October 2013
Halarose contacted DMossEsq today and asserted that, contrary to the suggestion in the post above, their UK electoral registration service is hosted in the EU, as it is legally required to be, and not in the US.

Normal people will fall asleep reading the following paragraphs but as long as they wake up understanding that DMossEsq accepts Halarose's assertion and that this update is intended to make amends for his mistake, then all will be well.

How did the mistake arise?

Let's take it that RIPE and ARIN are correct and that 54.247.162.156 is the IP address of a website on some Amazon server in the US. Why did DMossEsq think that it was the IP address of http://www.elecreg.co.uk?

Ask most responsible adults how you find out what the IP address of a website is and they'll head for the door.

Quite right, too.

Of the remainder, some will say "PING it" and others "use NSLOOKUP". If you enter "PING www.elecreg.co.uk" or "NSLOOKUP www.elecreg.co.uk" at the command prompt, you'll be told that the IP address is 54.247.162.156. Try it. You'll see. DMossEsq didn't make the whole thing up.

The trouble is that PING and NSLOOKUP are wrong.

If you browse www.elecreg.co.uk and you use Chrome to "View page info", then click on the "Connection" tab, then click on "Certificate information", then click on the "Details" tab and then click on the "Subject Alternative Name" field, you'll find that there are eight names for the certified website – electorregistration.co.uk, www.electorregistration.co.uk, www.elecreg.co.uk, www.herainteractive.co.uk, www.halarosews.co.uk, elecreg.co.uk, herainteractive.co.uk and halarosews.co.uk.

PING all eight names, and eight times you're told that the IP address is 54.247.162.156. Ditto if you use NSLOOKUP. Now you've got 16 pieces of evidence pointing one way and one communication from Halarose pointing the other.

So you look for an alternative to PING and NSLOOKUP. And you find NetworkSolutions. And what do they say?

They say that:
  • the IP address of both elecreg.co.uk and www.elecreg.co.uk is 213.166.13.58
  • the IP address of both electorregistration.co.uk and www.electorregistration.co.uk is 213.166.13.40
  • the IP address of herainteractive.co.uk, www.herainteractive.co.uk, halarosews.co.uk and www.halarosews.co.uk, all four of them, is our old friend 54.247.162.156, in the US
Check 213.166.13.58 and 213.166.13.40 on RIPE and you find that they are both in Europe.

Given that NetworkSolutions can, why can't PING and NSLOOKUP get their IP addresses right? No idea. Infuriating.

Updated 23.11.13:

GDS continue to provide IER with all the help they can, see Reaching all our users:
Our project is aimed at around 47 million people who are eligible to vote in UK elections ... I put up two large, colourful banners to attract attention.

4 comments:

Anonymous said...

54.247.162.156 belongs to Amazon's servers hosted in Dublin. There was a clue in your ARIN link: "AMAZO-ZDUB1". If you traceroute the address you'll see eu-west-1 amongst the output which refers to Amazon's European region located in Ireland.

David Moss said...

Thank you for that comment, Anonymous.
It's been a year since I last tried to get to grips with IP addresses and their location.
I might take another year off now.

data scientist course said...

Astounding Blog! I might want to thank for the endeavors you have made recorded as a hard copy this post. I am trusting a similar best work from you later on too. I needed to thank you for this sites! Much obliged for sharing. Extraordinary sites!
data scientist course in hyderabad

Mallela said...
This comment has been removed by a blog administrator.

Post a Comment