Following the 2019 British General Election, significant concerns were raised by voters surrounding the integrity of the British postal voting system, in particular, the anomalous increase in the total postal vote percentage from 18% in 2017 to a staggering 38% in 2019. This anomaly, coupled with suggestions from the likes of Dominic Raab and Laura Kuenssberg that candidates had been privy to the details of the votes before the election, have led to numerous complaints and enquiries to the Electoral Commission, with little more than warnings yet issued in response.
However, there is one aspect that has escaped the scrutiny now being directed at the likes of Idox, Civica and Democracy Counts, that is the actual physical security of digital software and machines connected to the postal voting system.
Following the privatisation of electoral system management in 2010, Idox has won a staggering number of contracts to provide digital software and services, now accounting for 90% of all services provided to UK local authorities. These services include postal vote management support and providing a software database of all requested postal votes. They also provide training and staff to deal with the system.
As part of their package, Idox provides clients with software that allows “Returning Officers to compare 100% of signatures and dates of birth on returned Postal Vote Statements with stored application forms… the software allows users to run their opening sessions at remote locations, even outside the council’s network infrastructure for ultimate flexibility”.
Anyone with access to the software database would, theoretically, know exactly who had already voted and returned their postal vote.
Andy Anderson, the Democratic Socialist Federation Education officer and an agent for Labour for Independence, wrote an extensive report on “how the postal ballot was rigged” during the Scottish referendum. These allegations, the so-called “McTernan Plan”, suggest that once the ballots were initially opened the identification data would have been inputted into computer systems. By cross-referencing this data withheld data on who had applied for a postal vote, a list of those who had not returned their ballots could be created, leading to the possibility of producing thousands of fake “genuine” votes.
In one example of the remote access services that Idox offer, the company worked with the London Borough of Hounslow and Hugh Symons Information Management to develop a remote electoral scanning service. This service allows the external scanning of all documentation with image files then being sent automatically to the Council’s electoral management system (EMS).
Referring to Household Enquiry Forms, the paperwork sent to every household in the country to check whether voter registration records are correct, Kully Tumber, Electoral Services Manager at London Borough of Hounslow said:
“17,000 postal returns and we haven’t had to open a single envelope, scan in a single form, search for storage space or employ any temporary staff! It takes the Scanning Bureau only a matter of hours to open, sort and scan the forms, freeing up staff to deal with enquiries quickly and efficiently, providing a better customer experience to the residents of Hounslow.”Kully Tumber, Electoral Services Manager at London Borough of Hounslow
While the system is described as “fully secure”, the use of remote software has been a major point of controversy in the United States following the 2016 Presidential Election that was won by Donald Trump. While the primary concern in the U.S. surrounded the security of voting machines, there have been serious questions raised about swathes of the American process, including the use of remote access software.
Scientists and experts have been warning for well over a decade that election-management systems are ripe for potential exploitation, with computer scientist J. Alex Halderman, the director of the University of Michigan Center for Computing and Society stating in 2018 that hackers are “going after the machinery of elections, the infrastructure, polling places, voter registration systems, etcetera,” adding that concerns had been raised as far back as 2006
“While I was in grad school at Princeton in 2006… there was quite a dispute between researchers who hypothesised there would be vulnerabilities in polling place equipment and the manufacturers that insisted everything was fine… One possibility is that attackers could infiltrate what is called election-management systems.”J. Alex Halderman, the director of the University of Michigan Center for Computing and Society
Former United States Secretary of Homeland Security Jeh Johnson has said that the challenges of defending electronic voting systems aren’t “just in the future, they are here today”, admitting that hackers had gained access to voting-related systems across the United States.
“In recent months, malicious Cyber-actors have been scanning a large number of state systems, which could be a preamble to attempted intrusions. In a few cases, we have determined that malicious actors gained access to state voting-related systems.”Jeh Johnson, former United States Secretary of Homeland Security
These “attempted intrusions” have targeted online registration databases and two successful breaches of these databases were found in Illinois and Arizona before the 2016 American election.
The Mueller Report and leaked documents from the NSA suggest that the night before the 2016 Presidential election a Florida based election software company named VR Systems remotely accessed the central election computer in Durham County, North Carolina. The U.S. Department of Homeland Security believes that VR Systems was targeted by hackers and their remote software quickly became an ideal conduit for further interference.
“Election security experts widely condemn remote connections to election-related computer systems — not only because they can open a door for intruders but because they can also give attackers access to an entire network, depending on how they’re configured.”Politico
Furthermore, in 2018, Election Systems & Software (ES&S), a voting machine manufacturer based in Nebraska, admitted that it had installed remote-access software on its election management system workstations. The source code for this software was stolen in 2006 and left the system vulnerable to being exploited.
An investigation published by Motherboard last year revealed that over 30 systems from ES&S had been left exposed to the internet for periods of months and even years. The exposed systems included key swing states such as Florida, Michigan and Wisconsin. The issue with the systems wasn’t the machines themselves, but rather the SFTP server and firewall that was used to speedily transmit votes.
“They run software and, if they have any kind of internet connectivity, even for managing the voting system/process itself, then there’s a reasonable chance that vulnerabilities exist, which could provide unauthorised users with the ability to have an impact on the normal operation of the system”Sean Newman, director of product management at Corero Network Security
The issues surrounding security and online electoral systems are not unique to the United States. Estonia, for example, adopted a system of online voting in 2007, with over 30 per cent voting online by their 2015 election. However, an independent report into the system found massive technical problems and security flaws.
“Estonia’s internet voting system has such serious security vulnerabilities that an international team of independent experts recommends that it should be immediately discontinued,” researchers concluded. “A state-level attacker, sophisticated criminal, or dishonest insider could defeat both the technological and procedural controls in order to manipulate election outcomes.”
Similarly, Norway trialled online voting in 2011 and 2013 and was forced to end the endeavour following concerns over security. France also stopped allowing citizens living abroad to vote online for security reasons.
An election must ensure that the correct winner is achieved, yet it must also ensure that the voting public can be certain the loser lost the election in a fair and trustworthy manner. Public confidence in a system of election is essential to the democratic process. While there is no evidence that the British electoral management systems have ever been compromised, there should be little doubt that hostile actors, both domestic and foreign, would be all too willing to attempt to exploit the system should vulnerabilities arise. The willingness of the United States, Russia, Israel and many other countries (including Britain) to interfere in the democratic political systems of other states is also without question.
The privatised nature of our political voting systems means that the security of the entire democratic process is, not in the hands of our governments, but private companies who are not beholden to the same riggers of public scrutiny and access that governments are. What systems of defence these companies have in place is unknown. What challenges they have already faced is similarly unknown. Just how secure our democracy is, is therefore also unknown.
A long-standing critic of the entire voting system in the U.S., we shall let Oregon Senator Ron Wyden have the last wise words.
“These companies want to be gatekeepers of our democracy, but they seem completely uninterested in safeguarding it.”Ron Wyden, Democrat Senator for Oregon