Month: May 2020

How to enact remote voting for the Canadian House of Commons

As best I understand, the Government requested on May 25, 2020:

(f) the Standing Committee on Procedure and House Affairs be instructed to review and make recommendations on how to modify the Standing Orders for the duration of the COVID-19 pandemic as part of an incremental approach beginning with hybrid sittings of the House as outlined by the report provided to the committee by the Speaker on Monday, May 11, 2020, including how to enact remote voting, provided that (i) the provisions applying to committees enumerated in paragraph (e) shall also apply to the committee, (ii) the committee be instructed to present a report no later than Tuesday, June 23, 2020, (iii) any report which is adopted pursuant to this paragraph may be submitted electronically at any time with the Clerk of the House, and shall be deemed to have been duly presented to the House on that date, (iv) following the presentation of any report pursuant to this paragraph, the House leaders of all four recognized parties may indicate to the Speaker that there is an agreement among the parties to implement one or several of the recommendations of the committee and the Speaker shall give effect to that agreement;

With the disclaimer that I don’t read every single line of Hansard, I gather this passed on May 26, 2020.

So the Standing Committee on Procedure and House Affairs, otherwise known as PROC, is charged to produce a report on enacting remote voting by June 23, 2020, which is very little time indeed to gather evidence and analyse it.  They have already produced a report recommending remote voting (Internet voting), as detailed in my previous blog post.

It’s not clear the extent to which they understand the amount of effort that will be needed, given the complexity of implementing a remote voting system with robust authentication in a Canadian context with the technology we actually have in place, as the discussion on the previous report included statements such as:

I think this section [on remote voting], given the recommendation, is really substantiated by the U.K. Parliament and how quickly it moved to implement an electronic remote voting procedure.

What’s interesting about the things that I think are really relevant is that Karen Bradley is quoted in that letter. I would recommend that this quote appear in our report. She said, “The Committee is satisfied with the assurances it has been given about the security of the system.”

Also, I did a bunch of Google searching—

The UK uses a completely different technology infrastructure than Canada, their Parliamentary votes are conducted differently, and they have a dedicated Parliamentary technology team, the Parliamentary Digital Service. The situations are not interchangeable.

As I’ve said in my previous post:

There really needs to be a separate, dedicated, technology-focused report just on electronic voting (Internet voting) for the House of Commons that gives more specific guidance including an assessment of risks and risk mitigations.

As I indicated in my post about the UK system, you have to consider a variety of complex issues when introducing a voting system.

Considerations for a voting system include the chain-of-custody, as multiple systems are most likely involved with the transmission and counting of the vote, concerns about auditability and concerns about security, as well as usability.

So it’s good that there will be a separate report, but there isn’t enough time to do much of an investigation.  And ideally an investigation will involve more than “I did a bunch of Google searching”.

At a minimum, PROC needs to consider:

  1. For every voting scenario, how remote voting would work, or if it would not be possible to replicate the attributes of the in-House voting scenario remotely.  (I link to all the different ways a vote can be conducted — Putting the Question as it is called — at the end of this post.)
  2. How to deal with authentication, to reduce the risk that someone other than the Member of Parliament is voting.
  3. How to make the system usable, including reducing the risk of Parliamentarians voting the opposite of the way they intend (it took all of a day for this to happen in the UK).
  4. How to implement the system using modern software development approaches, learning the lessons of previous failed IT systems.
  5. How to detect and deal with situations in which the Parliamentarian is voting under duress.

Hopefully their duress solution will be better than the April 2020 U.S. Senate staff report‘s idea:

Another option would be to provide senators with a code word that they could use to make clear to those in the chamber that they were voting under duress.

I would also note that that same staff report indicated:

that system will become a prime target for adversaries … wishing to disrupt the system to undermine confidence in the country’s institutions, or to alter the outcome of significant votes. Therefore, any system the Senate adopts must provide a level of security that would ensure confidence in the validity of senators’ identities and votes similar to that which exists on the Senate floor.

Presumably in conducting its analysis PROC will be continuing the Parliamentary Duties and the COVID-19 Pandemic work.

Keeping in mind that remote Parliamentary voting is not at all the same as voting in a general election, most notably because Parliamentary votes are public, with no anonymity and no secret ballot, here is information about Submitting a brief to a Committee:

Guide for submitting briefs to House of Commons Committees

The Clerk of PROC is Justin Vaive, and the email address is PROC@parl.gc.ca

Previous Posts

For more information see my previous posts:

Putting the Question

As one might expect, Bosc and Gagnon provides a detailed explanation of the voting process in the House.

Chapter 12 – The Process of Debate – Decisions of the House – Putting the Question

You can read all the details there, but I have to include the marvelous Figure 12.3 Putting the Question. Law as code, if you will.

Figure 12.3 Putting the Question
Image depicting, in a series of boxes linked by lines, the steps required for the House to make a decision on a question. It begins with debate concluding, followed by the Speaker putting the question, then listing options for voice votes or recorded divisions. If necessary, the Speaker casts a deciding vote. At the end, the Speaker declares that the motion has been adopted or rejected.

(Above section copied from previous blog post.)

Set Up a Secure Electronic Voting System for the Canadian House of Commons, Recommends Procedure and House Affairs Report

I’m going to preface this with a plea: if an electronic voting (Internet voting) system proceeds, please involve computer security, voting system, voting technology, user experience, and web design experts from inside and outside of the government.

Also, for any journalist reporting on this: it does not mean that we could use Internet voting in a general election.  Parliamentary votes are not anonymous and not secret.  Parliamentarians vote by literally standing up in front of everyone else.  It’s a public vote.

I will also mention that in 2016 the ERRE committee already recommended, and in 2017 the government accepted, that there should be no Internet voting in general elections.

In the Parliamentary context, if they wanted to make this simple, they could just have a voice vote over videoconference (one by one, unless you want vocal chaos), or e.g. have people hold up cards on videoconference that say “Yea” or “Nay”.  It’s nothing like an anonymous secret ballot general election.

Committee Recommendation

On May 15, 2020 the Canadian House of Commons Standing Committee on Procedure and House Affairs (“PROC”) released its fifth report of this session: Parliamentary Duties and the COVID-19 Pandemic.  I will focus only on section Discussion – A. Observations and recommendations – ii. Legal and procedural matters – (e) Voting.

Committee recommendations are not binding on the Government; the course of action will depend on the Government’s response.

The Committee therefore recommends:

That the House of Commons set up a secure electronic voting system for conducting votes in virtual sittings as soon as possible in order to guarantee the right of members to vote safely in the event of a pandemic or any other exceptional circumstances threatening their safety and/or that of their families and communities.

Par conséquent, le Comité recommande :

Que la Chambre des communes mette sur pied un système électronique de vote sécurisé pour la tenue des votes dans le cadre des séances virtuelles, et ce, aussitôt que possible, afin de garantir le droit des députés à voter en toute sécurité en cas de pandémie ou dans toute autre circonstance exceptionnelle menaçant leur sécurité et/ou celle de leurs proches et de leurs communautés.

Note that these procedure changes are intended to be temporary.

(b) Temporary nature of procedural changes

Witnesses appearing before the Committee have been unanimous in their viewpoint that any changes made to the procedures and practices of the House of Commons should be temporary and made in response to the challenges of the COVID-19 outbreak.[85]

[85] For example, see House of Commons, Standing Committee on Procedure and House Affairs, Evidence, 1st Session, 43rd Parliament, Meeting 11, 23 April 2020, 1240 (Emmett Macfarlane, University of Waterloo); and [Hon. Anthony Rota, Speaker of the House of Commons], 1120. [original footnote link: [85]]

Considerations for Remote and Internet Voting

See the end of this post for the current process of Putting the Question, as it is called.  I will walk through each of the voting scenarios as it applies to remote presence and then Internet voting.

Speaker puts the question.

  • No dissenting voice – seems like this could be done by videoconference as long as everyone is present and the technology is working
  • Dissenting voice – Voice division – Since this is literally all of the members shouting at once, I don’t see how this could be done by videoconference.
  • Dissenting voice – Members call: “On division” – I can’t actually figure out how this works.  I think this is a way to anonymously register dissent concerning a voice vote – if so, there is no way to reproduce this feature in a simple online system.
  • Recorded division – All members in favour rise as their places and their names are called, then all members opposed rise in their places and their names are called – this could easily be done on videoconference as long as everyone is present and the technology is working.  Maybe not by having them stand, but by having some visual or text signal, e.g. they could literally raise their hand or make some other indication in the chat channel.
    • A recorded division may be conducted in one of two ways: as a party vote or as a row-by-row vote. Generally, a recorded division on an item of government business is conducted as a party vote, and a recorded division on an item of Private Members’ Business is conducted as a row-by-row vote.  (i.e. this is the same procedure, just with people called in a different order depending on whether it is a party vote or a row-by-row vote.)

So I’m not actually convinced you need Internet voting.  Except for voice division, you could just call on people one by one over videoconference the same way we already do when they are physically present in the House.

I’m not sure what the driver for introducing electronic voting (Internet voting) would be, other than the hope that it would be faster than calling on people over videoconference.  It means a big and rapid investment in authentication infrastructure, web infrastructure, and software design.

The UK implementation of “remote voting” built on an entire pre-existing infrastructure, was developed by a dedicated UK Parliamentary Digital Service, and still encountered challenges.  I’m not sure that Canada has the same technology infrastructure in place, and we definitely don’t have a Canadian Parliamentary Digital Service.

Hidden inside that single word “secure” in the Procedure Committee (PROC) recommendation is a whole world of technology complexity.

Need for a Separate Report and Modern Software Development Practices

There really needs to be a separate, dedicated, technology-focused report just on electronic voting (Internet voting) for the House of Commons that gives more specific guidance including an assessment of risks and risk mitigations.

UPDATE 2020-05-27: The committee has been called upon to produce a report on how to enact remote voting by June 23, 2020.  See my blog post How to enact remote voting for the Canadian House of Commons for more information. END UPDATE

As I indicated in my post about the UK system, you have to consider a variety of complex issues when introducing a voting system.

Considerations for a voting system include the chain-of-custody, as multiple systems are most likely involved with the transmission and counting of the vote, concerns about auditability and concerns about security, as well as usability.

Auditability is a really challenging one.  Basically either each individual MP would have to check that their vote has been counted based on their intention, and even then, they’re no longer all standing in a room where they can see how other members voted.  Unlike counting people in a room, online it’s hard if not impossible to get a good sense of whether the vote count reflects the votes cast.

Auditability considerations are somewhat mitigated by the party system, in which votes are whipped and party whips will check to see that members voted as expected.  Auditability is an even greater concern in the case of a free vote.

Usability is a key consideration for any new interface.  It only took a day for some UK members to vote the opposite way from what they intended.

Security is also a challenging one given that computers can lie, with customized malware capable of showing one result (e.g. a Yea vote) on screen and sending another (e.g. a Nay vote) to the voting software.  In that light, it’s worth mentioning that every month there is a Patch Tuesday, with May’s software updates including both Microsoft and Adobe releasing patches for vulnerabilities (“A remote attacker could exploit some of these vulnerabilities to take control of an affected system.”)

There is also a larger question, deeply related to human intentionality, about the physical and psychological differences between literally standing to be counted versus tapping a square on a screen.

The House would do well to draw upon the Government’s existing guidance for modern software development, including the Digital Standards.  The Standards surface a number of key approaches that help mitigate the risks of software development, including:

  • Design with users
    Research with users to understand their needs and the problems we want to solve. Conduct ongoing testing with users to guide design and development.
  • Iterate and improve frequently
    Develop services using agile, iterative and user-centred methods. Continuously improve in response to user needs. Try new things, start small and scale up.
  • Work in the open by default
    Share evidence, research and decision making openly. Make all non-sensitive data, information, and new code developed in delivery of services open to the outside world for sharing and reuse under an open licence.
  • Address security and privacy risks
  • Empower staff to deliver better services
    Make sure that staff have access to the tools, training and technologies they need. Empower the team to make decisions throughout the design, build and operation of the service.
  • Collaborate widely
    Create multidisciplinary teams with the range of skills needed to deliver a common goal. Share and collaborate in the open. Identify and create partnerships which help deliver value to users.

Briefs Submitted

You can see all the briefs submitted in evidence to this study.  The only ones relevant to electronic voting (Internet voting) :

  • two voting technology vendor submissions
  • a submission including expert cybersecurity considerations explaining why unlike for a general election, Internet voting is feasible for Parliamentary voting

Parliamentary voting, on the other hand, is entirely workable from a cybersecurity perspective because it differs from general elections in three crucial ways.

First, an MP’s vote is a matter of public record, which makes it possible to verify it was correctly recorded and counted. Second, the federal government has the resources to provide MPs with the necessary cybersecurity infrastructure to ensure the protection of electronic information. Third, the government has the capacity to provide MPs training on procedures necessary to ensure votes are successfully entered into the record.

  • a non-technical submission from Gregory Tardi that outlines some reasonable considerations

Bearing in mind the ever-present failings of computer-based systems, if the House decides to function in a virtual fashion, perhaps even on a temporary basis, it should gather two fundamental and vital working groups from among the staff of the House Administration:

  • a working group of legal advisors to engage in liaison with like-minded jurisdictions, especially from Commonwealth states, designed to exchange information on the best ways to ensure democracy, constitutionalism and the maintenance of parliamentary privilege, and
  • a working group of technical experts, whose principal task would be to design failsafe methods for the protection of MPs identity in their access to the system.

In order to render a virtual functioning of the House of Commons viable, the highest grade of hardware and software should be placed at the disposal of Member. Particular care should be taken in methodologies to verify each participating Member’s identity. In its preparation for the 43rd federal general election, Elections Canada worked extensively to prevent computer intrusion and fraud. That experience could be put to good use here.

If you find it surprising that only 1 of 14 briefs submitted would have independent expert technology analysis, the normal number of briefings from computer science subject matter experts submitted to a Canadian Parliamentary committee is sadly zero. Witnesses called to present at committee and briefs submitted are overwhelmingly individuals with political science or social science backgrounds.  In the 2016 Special Committee on Electoral Reform (ERRE) they called a single computer science expert in online voting, out of 196 witnesses called, even though online voting was a specific subject of consideration for the committee.

Canadian Parliamentary committees need to do better in seeking out computer science subject matter expertise.  On this topic, I will mention I have a list of over a dozen experts with Internet voting and computer security expertise.

Background – Electronic Voting Within the House

The issue of electronic voting within the House has been considered.  House of Commons Procedure and Practice, Third Edition, 2017 (referred to as Bosc and Gagnon) says basically there hasn’t been any recent action to implement electronic voting.

Chapter 12 – The Process of Debate – Decisions of the House – Calling the Vote and Announcing the Results – The Issue of Electronic Voting

The Issue of Electronic Voting

Proposals to install a system for electronic voting in the Chamber have been made over the years with a view to improving the management of the time of the House.382 In 1985, the Second Report of the McGrath Committee recommended computerized electronic voting, but the matter was not taken up by the House.383 In 1995, the Standing Committee on Procedure and House Affairs, noting that the practices of deferring several votes to the same day and time, and of applying results of votes, had “greatly speeded up the voting process”, recommended that the House not proceed at that time to a system of electronic voting.384 In 1997, the Committee briefly returned to consideration of the question of electronic voting, but did not report to the House.385 In 2003, a special committee endorsed the principle of electronic voting in the Chamber and recommended in two of its reports to the House that the necessary electronic infrastructure be installed in the Chamber during the summer of 2004.386 While the greater part of this infrastructure was installed as recommended, no further action has been taken in respect of electronic voting.

I’ve left in place the footnote links to the Procedure and Practice website, rather than pulling them all out within this blog post.

I have written a previous blog post considering this issue: Electronic voting in the Canadian House of Commons.

House of Commons Administration Report

UPDATE 2020-05-21: The report Virtual Chamber: A Report in Response to the Statement of the Speaker of the House on April 8, 2020 – May 7, 2020 – Version 2.0 (PDF) is available.  It has a brief section related to remote voting under the heading “Decision making” on page 18.  It’s a report from the House of Commons Administration on their considerations and analysis of what is possible; it’s not the same as a committee report.  END UPDATE

Putting the Question

As one might expect, Bosc and Gagnon provides a detailed explanation of the voting process in the House.

Chapter 12 – The Process of Debate – Decisions of the House – Putting the Question

You can read all the details there, but I have to include the marvelous Figure 12.3 Putting the Question.  Law as code, if you will.

Figure 12.3 Putting the Question
Image depicting, in a series of boxes linked by lines, the steps required for the House to make a decision on a question. It begins with debate concluding, followed by the Speaker putting the question, then listing options for voice votes or recorded divisions. If necessary, the Speaker casts a deciding vote. At the end, the Speaker declares that the motion has been adopted or rejected.

Remote voting in the UK House of Commons – Remote Divisions become reality

On May 12, 2020 the UK House of Commons conducted its first remote Division (remote vote).

UK Parliamentary Business – News – MPs cast first ever remote votes in Commons Chamber
The vote was conducted through MemberHub, the UK Parliament’s member website, which has Microsoft authentication.  Multi-factor authentication (MFA) was used to protect the authentication for the remote voting (the Internet voting).

There is some background on the development of the system in a Wired UK article by Chris Stokel-Walker: Inside the troubled, glitchy birth of parliament’s online voting app

Messaging about the voting system, which piggybacks on existing parliamentary IT systems, through the MPs MemberHub application, hasn’t been enormously clear. …

“We were asked to start looking into it just before Easter weekend,” says Matt Stutely, of Parliament Digital Services, who has been developing the voting service. Stutley dug out what he calls “a dusty chest of war plans we have in case we were ever asked to implement [online voting]”.

UPDATE 2020-05-14: Matt Stutely, the Head of Business Systems Development for the Parliamentary Digital Service, has written a blog post about the process of developing this service in the incredibly tight timeline of four weeks.

MPs make history with remote voting – the story of how it happened

In early April 2020, we were asked by the House of Commons to build a remote voting application for Members in just four weeks.

He indicates that making a service for remote voting (Internet voting) for the House of Lords will be next.

END UPDATE

UPDATE 2020-05-13: On May 6, 2020 the Procedure Committee wrote to the Speaker about the remote voting system.  The correspondence system has the full letter (PDF).

Members who by their actions facilitate a non-Member to cast a vote in a division of the House are very likely to be found to have committed a contempt of the House and to have breached the Code of Conduct, and can expect to be punished accordingly.

Call for Evidence

The Procedure Committee is conducting a Call for Evidence about all aspects of changed procedures during Coronavirus restrictions.  The call ends 3 June 2020.

Full Report

On May 8, 2020 the Procedure Committee issued a full report regarding remote voting in divisions.

This report notes:

The integrity of the system depends on Members. The remote voting system is not as secure as a system where a Member must vote in a division lobby in person.

and the Rt Hon Karen Bradley MP, Chair of the Procedure Committee, said

The present remote voting system was developed at high speed as a temporary measure for use during the pandemic.

For more information:

There is some technical detail in the full report, although at a very high level.  See Technical aspects of the remote voting system on pages 11-16 of the PDF above (items 23 through 51).

24. System security is delivered by the use of MemberHub, which uses single sign-on and multifactor authentication. All data is encrypted and sent over a secure connection, and voting records are stored in both MemberHub and the existing electronic divisions system. The bicameral Information Authority has issued a decision statement confirming it is content with the information security of the remote voting system, taking account of advice it received from the National Cyber Security Centre. The Speaker has been informed of the Information Authority’s decision.

28. The existing arrangements for divisions in person through the lobbies have particularly secure authentication arrangements which may be evident but are worth repeating here. To gain access to a voting lobby a Member must first gain access to a secure area of the estate using a security pass with a photo, and must pass a number of security staff and doorkeepers. In order to vote successfully, a Member who has taken his or her seat in the House25 must pass through a lobby containing several other Members and typically actively patrolled by party whips, and must then give a name to a division clerk and pass out of the lobby between two tellers.

29. This high level of authentication is not replicated in the remote voting system over MemberHub. …

30. The Committee’s opinion on the suitability of the remote voting system over MemberHub is given on the basis that the system is designed for temporary use during the COVID-19 pandemic and has not been designed for permanent use to replace the existing arrangements for physical divisions.

END UPDATE

Remote Division

Before the remote Division, the Speaker made a Statement, including:

I ask all Members to pay careful attention to what the Procedure Committee says about the integrity of the system. As the Committee states, any attempt to allow anyone who is not a Member to vote is likely to be a serious breach of privilege.

The UK House of Commons and UK Parliament Twitter feeds shared images:

Remote Division was called.

The results are in Hansard and can be viewed in detail at https://votes.parliament.uk/Votes/Commons/Division/783

More detail about the system is expected to be forthcoming in a blog post by the UK Parliamentary Digital Service this week.

Parliamentary votes are different from votes in a general election in at least three major ways:

  1. Votes can be coerced (in fact the role of the Whip is basically to enforce party direction on how to vote)
  2. Votes are not anonymous
  3. Votes are not secret

That being said, there are still lots of considerations for remote voting and technology voting, including concerns about the chain-of-custody, as multiple systems are most likely involved with the transmission and counting of the vote, concerns about auditability and concerns about security.

Auditability is a really challenging one.  Basically either each individual MP would have to check that their vote has been counted based on their intention, and even then, they’re no longer all standing in a room where they can see how other members voted (unlike the Canadian system where members stand one-by-one to be counted, in the UK MPs literally go to gather together by Aye and No votes in two physically separate locations, as described in the Voting section of MP’s Guide to Procedure).  Unlike counting people in a room, online it’s hard if not impossible to get a good sense of whether the vote count reflects the votes cast.

Security is also a challenging one given that computers can lie, with customized malware capable of showing one result (e.g. an Aye vote) on screen and sending another (e.g. a No vote) to the voting software.  In that light, it’s worth mentioning that the vote took place over the web on Patch Tuesday, with both Microsoft and Adobe releasing patches for vulnerabilities (“A remote attacker could exploit some of these vulnerabilities to take control of an affected system.”)

It will be interesting to learn what risks were identified and how they were mitigated.

There is also a larger question, deeply related to human intentionality, about the physical and psychological differences between literally standing to be counted or literally voting with your feet by moving to one room or another, versus tapping a square on a screen.

Remote voting (Internet voting) in a Parliamentary context is different from electronic voting in the chamber itself.  I covered some of the considerations for in-chamber voting in the Canadian context in my blog post Electronic voting in the Canadian House of Commons.

The First Incorrect Votes

In a remote Division on 13 May 2020, the Deputy Speaker reported

I have been informed that a small number of Members have inadvertently cast their votes, by electronic means, in the opposite way to the one in which they intended to vote. I am informed that their use of technology was not quite as good as they felt it ought to be and that a few Members have made a mistake. There is no provision under the current temporary system by which a Member can change their vote once it has been cast, but I am satisfied that even if a small number of votes had been cast in a different way it does not affect the result of the Division.

When such a situation is detected and affects the result of the Division, the Speaker has the authority to call a revote:

If problems in the conduct of a remote division which might have affected the result are reported after the result is announced, the Speaker may declare the division to be null and void and make arrangements for it to be re-run.

Auditability in a Whipped Parliamentary System

This also gets to a point about voting in a whipped Parliamentary system, which is that in the absence of a free vote, Whips are expecting votes along party lines, which makes it pretty easy to detect potential voting errors.  So there are definitely different auditability concerns than in a totally free vote; even if an individual member doesn’t notice they have voted opposite from their intent, their party is likely to notice very quickly.

SIDEBAR: This is another example of how Internet voting in a Parliamentary context differs from Internet voting in a general election.  In a general election, in order to preserve the secret ballot and to limit coercion, it must not be possible for anyone, including the elector, to show how they voted, or to verify how they voted.  Which makes one wonder e.g. how many Ontario and Nova Scotia municipal Internet votes might have been incorrectly cast, with no way to verify the intended result.  END SIDEBAR

News Story

In a story that I think is probably from PA Newswire, with headline including “amid remote voting errors”, it was reported

The division list showed 22 Conservative MPs supported the amendment, and in theory rebelling, although they included Chancellor Rishi Sunak – who made a mistake in the voting process rather than staging a shock bid to depart the Government.

A source close to Mr Sunak blamed “online teething problems with the system”, adding: “The Chancellor did not intentionally vote against the Government. He called the chief whip straight away to explain.”

As dozens of newspapers and news sites carried the wire story, you can pick your source, the first one that comes up in Google for me is the Express and Star.

Background

Remote voting (Internet voting) was authorised by the UK House of Commons Speaker on May 6, 2020 and was extended to May 20, 2020 by agreement of MPs.

The system was developed by the UK Parliamentary Digital Service.  Thanks to the Parliamentary Digital Service and Head of Business Systems Development Matt Stutely for responding to my questions on Twitter.  Thanks to the Procedure Committee, on Twitter @CommonsProcCom, for sharing links to its detailed report.