Sunday, 29 December 2013

RIP IDA – individual electoral registration


The key to success with regard to IER lies in being boring.
The more boring the better.

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

If all goes well, the media will pay not the slightest attention to the changes promised for 2014 in the way the electoral register is compiled in Great Britain.

Beginning on 10 June 2014, England and Wales will switch from compiling the electoral register on a household basis to individual electoral registration (IER). In Scotland, the equivalent date is 19 September 2014 – the delay there is to cater for the referendum on Scottish independence.

IER will be a yawn and a bore. That's if all goes well. The new electoral register will be ready for the 2015 general election and it will be complete enough and accurate enough not to impugn the legitimacy of the election result.

The Electoral Commission published a readiness report back in October 2013. They've got the forms ready and they just need political approval before Electoral Registration Officers (EROs) send them out to individuals to register. That will be in July 2014 and there will be an accompanying public awareness campaign.

It is to be hoped that that public awareness campaign will be workmanlike, clear, simple and above all uncontroversial. Dull. Worthy. Yawn-inducing, as befits a highly respected, confident and mature democracy.

There are a few worryingly interesting bits of IER.

Confirmation
There is the "confirmation" element, for example:
The Government’s plan for the introduction of IER includes the intention to compare existing electors’ names and addresses on the electoral registers with records held by the Department for Work and Pensions (DWP) in order to verify the identity of people currently on the registers. This process is known as ‘confirmation’.
EROs will be provided with reports comparing their electoral register records with records on DWP's Customer Information System database (CIS). On the basis of trials already carried out, it is expected that about 75% of the electoral register can be "confirmed" in this way.

How good is CIS?

Back in April 2007 there were about nine million records on CIS that no-one could account for, please see Fraud fear as millions of NI numbers are lost. Surely, you may say, DWP could clean up their data? They already had. Before the clean-up, there were more like 20 million unaccountable records according to David Blunkett.

Back in the old days of the National Identity Scheme/Service (2002-10 RIP) when we were all going to have government-issued identity cards (RIP), the Identity & Passport Service (RIP) were going to build a brand new National Identity Register (RIP). Then they decided to use CIS instead ...

... and then the National Audit Office (para.4.13, p.23) pointed out that they could only use CIS if it met the security standards laid down by CESG, the information assurance arm of GCHQ. Which it didn't, please see the Public Administration Select Committee report Good Governance – effective use of IT, pp.295-304, particularly para.24ff. At which point the whole ID cards project collapsed into obvious chaos.

The Electoral Commission may say that CIS confirmation will "verify the identity of people currently on the registers" but they're just being polite. If there's a mismatch between CIS and the electoral roll, which database is right? Neither of them? Is it the EROs' job to clean up the CIS? No. It's all too interesting. No more chaos. Expect CIS confirmation quietly to disappear.

Verification
In one sense there's nothing new about "verification". It's always been the EROs' job to verify that people are who they say they are and that they are allowed to vote. EROs know how to do that and they will continue to verify the entitlement to vote, boringly it is to be hoped, without fuss and behind the scenes.

But there is supposed to be a new element in 2014, an IER digital system for verification, please see para.1.12 onwards in the readiness report:
1.12 ... [the] Commission has some remaining concerns around the timetable for developing the other significant element of the system - for verifying electors’ personal identifiers under IER ...

1.13 We are aware that some testing of the system has recently taken place ... We understand that there are further tests on the algorithm to be completed ...

1.15 ... the system for verification has not yet been fully tested, and according to the current plans will not have been fully tested until March 2014 ... We understand that the testing programme will be conducted on a rolling basis between now and next March, but the key risk is that it will not be fully clear until then whether the system is fully robust ...

1.17 We have not yet seen a detailed plan for the full testing process, although we understand from officials that this will be shared shortly ...

1.18 It will be important for this testing to demonstrate the ability of the system to cope with the volume of registrations ... We (and EROs) ... await reassurance on this point.

1.19 It is also important for effective and realistic contingency plans to be put in place in the event that problems with the verification system do arise ... We have not yet seen any detailed plans although we are aware that the [Electoral Registration Transformation] Programme team are working on them. We would welcome sight of them when they are available ...
It's not clear from the quotations above what digital identity verification is. The only thing that is clear is that the Commission's welcome for this new component of IER is heavily qualified. That is only to be expected after their experience of the dog's dinner served up by the data-mining pilots.

The suspicion is that what is intended here by "digital identity verification" is something to do with the Government Digital Service's identity assurance scheme, IDA.

IDA was meant to provide us with an "ecosystem" of competing private sector "identity providers". Philip Virgo tells us that there were initially "80 expressions of interest" in joining the IDA framework, please see Who won the battle between DWP and Cabinet Office over ID Policy?. 80 became eight a year or so later in January 2013. By September 2013, eight had become five. And now we're down to two, please see Beta launch for identity assurance this year:
... an official from the IDA programme ... explained that the first two identity providers will start supporting the scheme from the end of November ... These two providers come from a pool of five companies- Digidentity, Experian, Mydex, The Post Office and Verizon- who have signed contracts to deliver IDA services, out of a total of eight companies who were originally on the framework.

The official said that they are hoping for new providers to join in and start working on the programme next year ...
We do not know which two "identity providers" now occupy the shrinking "ecosystem".

And we do not know which brave "new providers" might join where 78 have already pulled out.

Perhaps the government could lean on the two banks which it controls, Lloyds and RBS? Let's hope not. We've been here before. There's no upside. It's all risk.

Perhaps the government could invite Facebook to help. Or Google:
Andrew Nash, Google’s Director of Identity, ran us [Francis Maude and ex-Guardian man Mike Bracken] through the current issues facing identity.He explained how Google aim to grow and be part of an ecosystem of identify providers, and encouraged the UK Government to play its part in a federated system. The UK ID Assurance team and Google agreed to work more closely to define our strategy – so look out for future announcements. Andrew also took the opportunity to walk the Minister through the Identity ecosystem.
All far too interesting for the Electoral Commission to let them become involved. Expect digital verification politely, quietly and firmly to be swept under the confirmation carpet.

On-line registration portal
Ditto the on-line registration portal, para.1.21 onwards in the readiness report:
1.21 ... we are concerned that the website which will enable online registration in Great Britain has also not yet been fully tested.

1.22 The current plan indicates that while the user-facing part of the application ... will be developed for the majority of users by the end of October 2013, testing the process that takes place ‘behind’ the screen ... will not be completed until later (likely to be March 2014). As with the verification development work more generally, this is a tight timetable given the intended IER start date in June 2014 and we have not seen a detailed timetable for this testing ...

1.23 We also understand that the technical development work required to allow use of the online application system by certain important groups of electors ... will not be completed until March 2014.

1.24 The [Electoral Registration Transformation Programme] team have assured us that this development work has been fully scoped and timetabled and that they are confident of delivering the work to time. However, ... this remains an important area of concern.
The Electoral Commission hardly need reminding that an on-line registration portal with no identity assurance and no "ID hub" is an invitation to electoral fraud. Unicorns. Too interesting. Drop it. Keep it boring.

Cloud computing
Always keen to follow the latest fad, the Government Digital Service want to store all our data "in the cloud", as they say. They have chosen to use Skyscape and Carrenza.

Storing data in the cloud is the most efficient way of losing control of it.

The Commission may care to look into the current practice of using the cloud for electoral rolls. One company, Halarose, which provides electoral registration services to 80 local authorities, runs its services on Amazon's cloud servers located in the Republic of Ireland.

Do the Commission agree that this raises interesting questions whether our data is properly under the control of the people who owe us voters a duty of care? If the questions are too interesting, perhaps the Commission would look into changing the current lenient procedures which countenance use of the cloud, not just by Halarose but throughout the electoral registration system.

The key to success with regard to IER lies in being boring. The more boring the better.

----------

Updated 8.1.14
Keep it boring. A simple enough suggestion. So what do the Electoral Commission do? They only go on the radio this morning and announce that we're all going to need photo-ID to vote. That's what.

Far too interesting.

What photo-ID? Passports and photo-ID driving licences. Or a special voting ID card for people who don't have a passport or a photo-ID driving licence. The special voting ID card will be free. "Free"?

If you need photo-ID to vote, why don't you need it to register?

The credit card companies rejected photographs on credit cards in the UK because, based on tests with supermarket staff, that would increase fraud and not reduce it. How would the people manning polling stations fare any better? What happens when you are refused your right to vote because one of these people says you don't look like yourself?

How long before someone points out that if you can register on-line you ought to be able to vote on-line? Perhaps proving your identity on-line using GDS's non-existent identity assurance system? Or, for old-timers, using biometrics.

How long before someone points out that if you need photo-ID to vote, then you must need it to get married? Or to get your children into state education? Or to be given non-emergency state healthcare?

It is strongly suggested that the Electoral Commission conduct trials to see if the benefits of photo-ID voting outweigh the costs. If not, the initiative is counter-productive and disproportionate and should be dropped. There is no loss of face in acknowledging the authority of a large-scale independent trial. The larger and the sooner, the better.

Then, let's hope, we can get back to boring. Please. Boring, boring, boring.

Updated 10.6.14

Today is the first day of individual electoral registration in England and Wales. There is not a single press release about it. Anywhere. Not even on the Electoral Commission's website.

Updated 28.6.14
UK should consider e-voting, elections watchdog urges

Rowena Mason, political correspondent
The Guardian, Wednesday 26 March 2014 18.31 GMT

... the head of the Electoral Commission, Jenny Watson, warned that the ... long-term trend of falling voter turnout was particularly marked among young people ...

... the election watchdog would examine a range of ways to make voting more accessible, including the "radical" option of internet voting and US-style same-day registration for those not on the electoral roll ...

... "we plan to look at a variety of options, assessing how they will help citizens engage more effectively" ... more could be done to make the system more reflective of wider society ... "an increasingly disenfranchised younger generation" ...

... "Unless our electoral system keeps pace with the way many voters live the rest of their lives – where the way they bank and the way they shop has been transformed – it risks being seen as increasingly alien and outdated, particularly to young voters as they use it for the first time" ...
The claims Jenny Watson makes for on-line voter registration and on-line voting are hypotheses. The potential benefits are great. It is worth testing these hypotheses. And they have been.

Estonia allow internet voting. And the University of Michigan discovered that the system is open to being hijacked – the result of the election may not be decided by the voters. The university had previously discovered the same fault in a proposed eVoting system in Washington DC. And now we hear that Norway have given up on eVoting after some careful testing:
E-voting experiments end in Norway amid security fears

BBC News – Technology
27 June 2014 Last updated at 12:12

... voters' fears about their votes becoming public could undermine democratic processes.

Political controversy and the fact that the trials did not boost turnout also led to the experiment ending ...

... criticism was levelled at the encryption scheme used to protect votes being sent across the net ...

... there was no evidence that the trial led to a rise in the overall number of people voting nor that it mobilised new groups, such as young people, to vote ...

... there was also some evidence that a small number of people, 0.75% of all voters, managed to vote twice in 2013 ...
The result of these on-line voting tests is to cast doubt on the hypothesis. It seems to be wrong. On-line voting doesn't boost participation and it introduces dangerous features which undermine the trustworthiness of the election. Conclusion: it is irresponsible to assume that on-line voting is a cure-all.

What about on-line registration to vote?

The Government Digital Service (GDS) introduced an on-line system on 10 June 2014 in pursuit of individual electoral registration in England and Wales. The system collects application details and forwards them to electoral registration officers (EROs) who have to decide whether to register the applicant to vote.

How do the EROs know whether the applicant is who they say are?

GDS have provided a check based on use of the applicant's National Insurance number. That is the same check they use in DVLA's view-driving-record application. And what do the Driver & Vehicle Licensing Agency have to say about it?
Access to the service is currently allowed by matching the user’s data to the driving licence number. We also use an existing link to the Department for Work and Pensions (DWP) to check if the National Insurance Number (NINO) provided matches details held by DWP and HM Revenue & Customs.

Whilst this authentication process is fairly quick and straightforward, there are some downsides ... it does not provide us with the level of confidence the user is who they say they are in order to offer them more information such as their photo image or allow them to link to a transactional service.
Again, a perfectly sensible hypothesis, but the test results suggest that it would be irresponsible to rely on on-line voter registration.

Updated 3.7.14

All this febrile raving about photo-id and electronic voting and same-day registration? Too exciting. We need boring.

The Electoral Commission have started their public awareness campaign for individual electoral registration, hat tip Halarose:



30 seconds of total inanity. The postman delivers a letter. Men turn into women half way downstairs to the accompaniment of irritating music and then read the IER information leaflet while they enjoy a cup of tea.

The shoutline? "Make sure you're in".

Congratulations to the Electoral Commission. Perfect. A collector's item. More like that, please.

No comments:

Post a comment