Friday 16 May 2014

GDS and security, Mae West and Estonia (Mae Westonia?)

Who cares?
The latest example of GDS's inability
to take security seriously

Servicemen during the Second World War kept their morale up in many ways. Among others by having pin-ups, dear old Mae West among them.

70 years later, the wars are different, sentiment has moved on and the front line in digital services has a new pin-up – Estonia.

Some things never change, of course. The fascination with vital statistics, for example – only the other day, there was Jordan Hatch of GDS, the UK Government Digital Service, transfixed by Estonia's dashboard :)

And not just him. His boss, too, Public Servant of the Year ex-Guardian man Mike Bracken CBE:

Tweet text

You don't need to use army issue any more, you can bring your own device, BYOD. That's got to be a morale-booster in any language. That and the "police record query".

But what's all this about "graffiti" and "retrofuturism"?

No mystery. Cast your mind back to October 2012. And even to May 2012 when Francis Maude, Cabinet Office minister, went over to Estonia and actually met the future.

Which leaves just one tweet requiring explanation – why does eVoting suddenly get a mention? What is @sikkut's point that is being "completely taken"?

It helps if you know that @sikkut is Siim Sikkut, the National ICT Policy Adviser in the Government Office of Estonia: "My job is to help the government shape the future of information society and ICT sector in Estonia".

He was defending the honour of Estonia. Certain persons were impugning it. And Siim's point was that you always get deadbeats like that turning up. Just ignore them. That's the point that was "completely taken". There's nothing to see here.

And who are these deadbeats?

The University of Michigan (@umich) and the Open Rights Group.

Acting in concert, these fifth columnists have examined Estonia's electronic voting service and – how dare they? – declared that it is defective. It's not clear, they say, that in an election the result would be determined by the voters. Instead, the election could be hijacked by malware under the control of a foreign power:

Mr Kitcat didn't choose Russia as his example at random. Russia brought Estonia to its knees back in 2007. Very easily. Using a simple distributed denial of service attack, DDoS. Which worked precisely because Estonia is so dependent on digital public services. Is that what we want in the UK?

You need to know that Jason Kitcat is Leader of Brighton & Hove City Council, a Green city councillor, a member of the Open Knowledge "worldwide non-profit network of people passionate about openness", a member of the Open Rights Group (ORG) and the founder of the free e-democracy project: "This project evangelised the use of Free Software in government". He's obviously in favour of digital government.

And he's convinced that Estonia's eVoting system fails the tests for democratic legitimacy. Not just him/ORG but also the University of Michigan, who demonstrated that not only Estonia's but also Washington DC's eVoting system doesn't work, please see Hacker infiltration ends D.C. online voting trial.

ORG and @umich have put together a video of their findings:

Estonia has issued a statement: "We believe that online balloting allows us to achieve a level of security greater than what is possible with paper ballots".

And ORG/@umich have responded: "The Election Committee have failed to demonstrate or prove this very significant claim. Our independent and detailed analysis of their system’s procedures, design and available source code suggests that the system provides security far below that of a well-run paper-based election".

"Estonia is a model for all of us", we were told. Not if ORG/@umich are right, it isn't.

"Estonia has become the home of NATO Cooperative Cyber Defence Centre of Excellence and Estonian President Toomas Hendrik Ilves has become one of the most vocal cybersecurity advocates on the world stage". So said Sten Tamkivi. And a fat lot of use that is, if ORG/@umich are right.

You're in the UK. Not Estonia. What do you do? The symbol of your digital government mission is being impugned, morale among the troops could collapse, you risk being unmasked, how do you respond?

Never mind. No-one cares how you'd respond. This is how GDS responded:

Tom Loosemore (@tomskitomski), in the Twitter thread above, is No.2 at GDS to Public Servant of the year ex-Guardian man Mike Bracken CBE. Tony Bowden (@tmtm) works for mySociety and is based in Tallinn.

It's a small world. In his extraordinary speech to the Code for America Summit last October (3'18") Public Servant of the year ex-Guardian man Mike Bracken CBE explained that 10 years before, he had been at mySociety, making the tea for Saul Tom Steinberg, who developed digital services that the two of them couldn't give away to UK local authorities for free.

How long before the same thing happens to electronic voting systems?

Several times already, we have noted GDS's disinclination to take security seriously. This case of the ORG/@umich report on eVoting in Estonia is an egregious example of the problem. Faced with a security challenge to democracy, GDS respond by talking about dashboards and graffiti, BYOD and travel expenses – anything, really, apart from the problem.

How long before the servicemen tear down the pictures of Estonia currently stuck up on their locker doors, revealing the dependable Mae West behind?


Jason Kitcat is standing for election to the European Parliament next week. You could vote for him if you like. Or against. On paper.


Updated 2.6.14

Hat tip: Andrew Orlowski

Jaan Priisalu is the director general of the Estonian Information System Authority and he told Sky News that "it’s quite clear that you can have problems with your neighbours" – true – "and our biggest neighbour is Russia" – alert – "and nowadays it’s quite aggressive" – nothing gets past Mr Priisalu.

What are Estonia doing about this Russian aggression?

According to Sky, "Estonia intends to back up crucial national databases in the UK and other countries".

How would that help?

"Planned 'data embassies' would allow the Estonian government to 'operate in the cloud' – maintaining the normal operations of state digitally, even if its physical territory is occupied by an invading force".

It wouldn't.

If Estonia's "physical territory is occupied by an invading force" then having its "crucial national databases" backed up in the UK or anywhere else wouldn't help and it's baffling self-deception to believe that it would.

"Estonia has arguably the most advanced digital government in the world" – fat lot of use that is.

Updated 28.12.14
Estonia offers e-residency to foreigners
... But what does it mean?

... Wang, a Canadian-Taiwanese user experience designer ... qualified for an Estonian ID card ... foreigners like Wang are set to gain extended access to some services with Talinn’s new initiative – e-residency ... Wang says she will be applying for e-residency, although she admits she doesn’t know much about it, and is not yet convinced it will give her access to more benefits ...

Updated 20.2.15

Is electronic voting secure? Will the result of an electronic election be determined by the voters or by the best hackers?

Jason Kitcat, the Open Rights Group and the University of Michigan say no, it's not secure, please see above.

Estonia says yes, it is secure, please see above.

Who do you believe?

Forget that. It doesn't matter what you believe.

The question is what does the Speaker's Commission believe? We refer here to the Speaker of the UK Parliament and his Commission on Digital Democracy, which has just tweeted the following:

None of Jason Kitcat, the OpenRights Group and the University of Michigan's objections is dealt with. Estonia's Prime Minister simply asserts that electronic voting in his country is secure.

It is to be hoped that Mr Speaker will delve a little deeper into the subject.

Updated 14.3.15

Digital-by-default ...
... and the effect it has on your knees

"Check it out", says the Estonian embassy in the UK:

"Check it out" means watch this chirpy little BBC film – ID cards are great, eVoting is great, it only takes 19 seconds to complete your tax return because the Revenue already know everything about your financial affairs anyway, etc ... Don't miss the punchlines: you have to trust the government implicitly; and Russia can bring your country to its knees quickly and painlessly using nothing more than a computer:

Updated 12.4.15

Six months ago Martha Lane Fox gave it as her opinion that Online voting should be made mandatory. What about all the problems associated with eVoting? "Of course we can cover for all the fraud and I don’t think it makes the procedure any less robust, in fact quite the opposite", she said.

Never mind all the hard work that went into designing the Estonian eVoting scheme and the Washington DC one, and never mind all the hard work put in checking them by the University of Michigan and the Open Rights Group, please see above, Martha Lane Fox thinks eVoting is robust or, more of a double negative, she doesn't think that it's not robust. What's more it should be mandatory.

That may be sufficient reason for some people. After all, Martha Lane Fox is the salesman who successfully promoted digital-by-default to the British government. There can't be much that she doesn't know about technology. Can there? Or government policy-making. Or democracy.

Before your confidence in Martha Lane Fox gives you undentable confidence in mandatory eVoting you should note that your confidence may be dented by a speech given a fortnight ago by ... Martha Lane Fox.

On 30 March 2015 she delivered the annual Dimbleby Lecture.

Cybercrime is a bit of a problem on the internet, she said. Cybercrime would presumably include warping election results.

A new institution should be set up she said, DotEveryone, to solve the problem of cybercrime: "That, for me, would be DOT EVERYONE’s third big task – help us embed our national values in the digital world ... It will make sure the UK fills the moral and ethical gap that exists at the heart of discussions about the internet".

In other words, she doesn't yet know how to solve the problem and she can't have done six months before when she nevertheless declared eVoting to be safe and declared without reason that it should be mandatory.

Updated 19.4.15

Who's at the other end of the computer?

Martha Lane Fox and other salesmen may try to convince you that eVoting is safe. And inevitable. And many of you may be convinced.

Not so the SNP (the Scottish National Party).

They're not falling for it.

They take it as axiomatic that MI5 can use computers to intervene in any British ballot to produce the result they want:
The SNP's very Scottish conspiracy...

... “I couldn’t work out how it was possible to interfere on any scale with the postal ballot,” Andy Anderson, one of the authors, told the Telegraph. “You need the ballot paper number, the signature and date of birth of the voter. Then it occurred to me. All that information went into a computer – and who’s at the other end of the computer in London? MI5” ...

Updated 6.9.17

The estonian world website said yesterday Possible security risk affects 750,000 Estonian ID-cards: "all the cards issued to e-residents are also affected ... we have restricted the access to Estonian ID-card public key database to prevent illegal use ... some Estonian politicians called to postpone the upcoming local elections, due to take place on 16 October".

Bruce Schneier, who knows a thing or two about security, says: "We have no idea how bad this really is ... My guess is that it's worse than the politicians are saying ... And because this system is so important in local politics, the effects are significant ... This is exactly the sort of thing I worry about as ID systems become more prevalent and more centralized. Anyone want to place bets on whether a foreign country is going to try to hack the next Estonian election?".

And Martha Lane Fox? What does she say?

Updated 13.8.18

West Virginia ignores the experiences of Washington DC and Estonia and aims to introduce on-line voting. Will someone give them the phone number for the University of Michigan?
West Virginia to introduce mobile phone voting for midterm elections

West Virginians serving overseas will be the first in the country to cast federal election ballots using a smartphone app, a move designed to make voting in November's election easier for troops living abroad. But election integrity and computer security experts expressed alarm at the prospect of voting by phone, and one went so far as to call it "a horrific idea."

No comments:

Post a Comment