Tag: United Kingdom

Remote voting in the UK House of Commons – Remote Divisions become reality

On May 12, 2020 the UK House of Commons conducted its first remote Division (remote vote).

UK Parliamentary Business – News – MPs cast first ever remote votes in Commons Chamber
The vote was conducted through MemberHub, the UK Parliament’s member website, which has Microsoft authentication.  Multi-factor authentication (MFA) was used to protect the authentication for the remote voting (the Internet voting).

There is some background on the development of the system in a Wired UK article by Chris Stokel-Walker: Inside the troubled, glitchy birth of parliament’s online voting app

Messaging about the voting system, which piggybacks on existing parliamentary IT systems, through the MPs MemberHub application, hasn’t been enormously clear. …

“We were asked to start looking into it just before Easter weekend,” says Matt Stutely, of Parliament Digital Services, who has been developing the voting service. Stutley dug out what he calls “a dusty chest of war plans we have in case we were ever asked to implement [online voting]”.

UPDATE 2020-05-14: Matt Stutely, the Head of Business Systems Development for the Parliamentary Digital Service, has written a blog post about the process of developing this service in the incredibly tight timeline of four weeks.

MPs make history with remote voting – the story of how it happened

In early April 2020, we were asked by the House of Commons to build a remote voting application for Members in just four weeks.

He indicates that making a service for remote voting (Internet voting) for the House of Lords will be next.

END UPDATE

UPDATE 2020-05-13: On May 6, 2020 the Procedure Committee wrote to the Speaker about the remote voting system.  The correspondence system has the full letter (PDF).

Members who by their actions facilitate a non-Member to cast a vote in a division of the House are very likely to be found to have committed a contempt of the House and to have breached the Code of Conduct, and can expect to be punished accordingly.

Call for Evidence

The Procedure Committee is conducting a Call for Evidence about all aspects of changed procedures during Coronavirus restrictions.  The call ends 3 June 2020.

Full Report

On May 8, 2020 the Procedure Committee issued a full report regarding remote voting in divisions.

This report notes:

The integrity of the system depends on Members. The remote voting system is not as secure as a system where a Member must vote in a division lobby in person.

and the Rt Hon Karen Bradley MP, Chair of the Procedure Committee, said

The present remote voting system was developed at high speed as a temporary measure for use during the pandemic.

For more information:

There is some technical detail in the full report, although at a very high level.  See Technical aspects of the remote voting system on pages 11-16 of the PDF above (items 23 through 51).

24. System security is delivered by the use of MemberHub, which uses single sign-on and multifactor authentication. All data is encrypted and sent over a secure connection, and voting records are stored in both MemberHub and the existing electronic divisions system. The bicameral Information Authority has issued a decision statement confirming it is content with the information security of the remote voting system, taking account of advice it received from the National Cyber Security Centre. The Speaker has been informed of the Information Authority’s decision.

28. The existing arrangements for divisions in person through the lobbies have particularly secure authentication arrangements which may be evident but are worth repeating here. To gain access to a voting lobby a Member must first gain access to a secure area of the estate using a security pass with a photo, and must pass a number of security staff and doorkeepers. In order to vote successfully, a Member who has taken his or her seat in the House25 must pass through a lobby containing several other Members and typically actively patrolled by party whips, and must then give a name to a division clerk and pass out of the lobby between two tellers.

29. This high level of authentication is not replicated in the remote voting system over MemberHub. …

30. The Committee’s opinion on the suitability of the remote voting system over MemberHub is given on the basis that the system is designed for temporary use during the COVID-19 pandemic and has not been designed for permanent use to replace the existing arrangements for physical divisions.

END UPDATE

Remote Division

Before the remote Division, the Speaker made a Statement, including:

I ask all Members to pay careful attention to what the Procedure Committee says about the integrity of the system. As the Committee states, any attempt to allow anyone who is not a Member to vote is likely to be a serious breach of privilege.

The UK House of Commons and UK Parliament Twitter feeds shared images:

Remote Division was called.

The results are in Hansard and can be viewed in detail at https://votes.parliament.uk/Votes/Commons/Division/783

More detail about the system is expected to be forthcoming in a blog post by the UK Parliamentary Digital Service this week.

Parliamentary votes are different from votes in a general election in at least three major ways:

  1. Votes can be coerced (in fact the role of the Whip is basically to enforce party direction on how to vote)
  2. Votes are not anonymous
  3. Votes are not secret

That being said, there are still lots of considerations for remote voting and technology voting, including concerns about the chain-of-custody, as multiple systems are most likely involved with the transmission and counting of the vote, concerns about auditability and concerns about security.

Auditability is a really challenging one.  Basically either each individual MP would have to check that their vote has been counted based on their intention, and even then, they’re no longer all standing in a room where they can see how other members voted (unlike the Canadian system where members stand one-by-one to be counted, in the UK MPs literally go to gather together by Aye and No votes in two physically separate locations, as described in the Voting section of MP’s Guide to Procedure).  Unlike counting people in a room, online it’s hard if not impossible to get a good sense of whether the vote count reflects the votes cast.

Security is also a challenging one given that computers can lie, with customized malware capable of showing one result (e.g. an Aye vote) on screen and sending another (e.g. a No vote) to the voting software.  In that light, it’s worth mentioning that the vote took place over the web on Patch Tuesday, with both Microsoft and Adobe releasing patches for vulnerabilities (“A remote attacker could exploit some of these vulnerabilities to take control of an affected system.”)

It will be interesting to learn what risks were identified and how they were mitigated.

There is also a larger question, deeply related to human intentionality, about the physical and psychological differences between literally standing to be counted or literally voting with your feet by moving to one room or another, versus tapping a square on a screen.

Remote voting (Internet voting) in a Parliamentary context is different from electronic voting in the chamber itself.  I covered some of the considerations for in-chamber voting in the Canadian context in my blog post Electronic voting in the Canadian House of Commons.

The First Incorrect Votes

In a remote Division on 13 May 2020, the Deputy Speaker reported

I have been informed that a small number of Members have inadvertently cast their votes, by electronic means, in the opposite way to the one in which they intended to vote. I am informed that their use of technology was not quite as good as they felt it ought to be and that a few Members have made a mistake. There is no provision under the current temporary system by which a Member can change their vote once it has been cast, but I am satisfied that even if a small number of votes had been cast in a different way it does not affect the result of the Division.

When such a situation is detected and affects the result of the Division, the Speaker has the authority to call a revote:

If problems in the conduct of a remote division which might have affected the result are reported after the result is announced, the Speaker may declare the division to be null and void and make arrangements for it to be re-run.

Auditability in a Whipped Parliamentary System

This also gets to a point about voting in a whipped Parliamentary system, which is that in the absence of a free vote, Whips are expecting votes along party lines, which makes it pretty easy to detect potential voting errors.  So there are definitely different auditability concerns than in a totally free vote; even if an individual member doesn’t notice they have voted opposite from their intent, their party is likely to notice very quickly.

SIDEBAR: This is another example of how Internet voting in a Parliamentary context differs from Internet voting in a general election.  In a general election, in order to preserve the secret ballot and to limit coercion, it must not be possible for anyone, including the elector, to show how they voted, or to verify how they voted.  Which makes one wonder e.g. how many Ontario and Nova Scotia municipal Internet votes might have been incorrectly cast, with no way to verify the intended result.  END SIDEBAR

News Story

In a story that I think is probably from PA Newswire, with headline including “amid remote voting errors”, it was reported

The division list showed 22 Conservative MPs supported the amendment, and in theory rebelling, although they included Chancellor Rishi Sunak – who made a mistake in the voting process rather than staging a shock bid to depart the Government.

A source close to Mr Sunak blamed “online teething problems with the system”, adding: “The Chancellor did not intentionally vote against the Government. He called the chief whip straight away to explain.”

As dozens of newspapers and news sites carried the wire story, you can pick your source, the first one that comes up in Google for me is the Express and Star.

Background

Remote voting (Internet voting) was authorised by the UK House of Commons Speaker on May 6, 2020 and was extended to May 20, 2020 by agreement of MPs.

The system was developed by the UK Parliamentary Digital Service.  Thanks to the Parliamentary Digital Service and Head of Business Systems Development Matt Stutely for responding to my questions on Twitter.  Thanks to the Procedure Committee, on Twitter @CommonsProcCom, for sharing links to its detailed report.

UK 2005 Securing the Vote report and 2007 e-voting trials

Nothing remains of the May 2005 Securing the Vote report on the UK Electoral Commission site.  There used to be a page Securing the vote – detailed proposals for electoral change announced but it is now gone.

The only location where a copy could be found was in a document repository from The Guardian newspaper: http://image.guardian.co.uk/sys-files/Politics/documents/2005/05/20/eleccommission.pdf

The UK did extensive reporting on the 2007 pilots, the website was http://www.electoralcommission.org.uk/elections/pilots/May2007 but it is no longer online. There is a copy in the Internet Archive.

Although there is no longer an organising page on the Electoral Commission page, some of the reports from 2007 are still available from them, as well as being copied in the Internet Archive.

There are two considerations to highlight from the UK Electronic Voting Summary:

  • New voting methods should be rolled out only once their security and reliability have been fully tested and proven and they can command wide public confidence.
  • The necessary costs for secure and reliable systems must be able to be reasonably met by the public purse.

I will highlight only one item from the Technical Assessments of the e-voting Pilots, item 3.4.4 from Assessment of the pilot process – Quality management:

While there were variations between the different pilots, in all cases the quality and testing arrangements appeared to be inadequate. It is difficult to tell whether this was purely because of lack of time, or whether some of the suppliers were not used to implementing effective quality processes. Significant quality management failings include:
a. Lack of detailed design documentation;
b. Lack of evidence of design or code reviews or other mechanisms for ensuring that the solutions operate correctly and do not include deliberate or accidental security flaws;
c. Lack of evidence of effective configuration management.

This kind of haphazard voting software development has been shockingly common, e.g. for US voting machines as well.

Note: The preceding is extracted from previous blog post Province of Ontario Internet voting.

UPDATE 2019-07-08: Just to bring all the pieces of the puzzle together, I will also point to a 2008 news release – Official report on internet voting pilot at Rushmoor elections published.

Other key findings in the report are that:

  • there was no impact on turnout, which actually decreased very slightly from 36 percent in 2006 to 35.2 per cent at these elections;
  • most internet voters (70 per cent) said they would have voted anyway;