Happy 2018! We hope it brings you happiness and democracy. Maybe they are the same. We’ve sleepily stumbled back into the office to bring you the first fridayblog of the year!
In this week’s blog: scarily named security issues threaten to ruin everything, we’ve lost some civic tech mapping friends, we read Her Majesty’s Government’s Democratic Engagement Plan, and we note, with excitement, that there are just four months until the local elections.
🔓 Nothing is safe 🔓
We came back from the Christmas hols to find that the internet, and all computers that run on Intel chips, are in Meltdown. Like nearly all companies who operate on the web, our systems are affected and we’ve some serious patching underway. We’ll be applying fixes to all our systems once the necessary updates are available. Some of our services may see a small amount of downtime while we apply security fixes.
This bug has only just been announced but there’s a chance that some people have known about it for a long time (in some cases the bug dates back to 1995). This should make us think hard about what we mean when we say something is “secure”, especially when we think about critical systems — such as any potential online voting system.
Because the exploit allows hackers to read large amounts of secret information, it would be impossible to know if someone had hacked a voting system, logged in to a database of votes, changed the tallies and then covered their tracks. Even cryptographic voting systems could be undermined if the hacker managed to get the private keys from the systems, something made possible as a result of the bug.
Imagine the flaw had been announced the day before an online vote for a national government: what would the correct reaction be? Either the vote could be run as planned while knowing that the result couldn’t be trusted, or the vote could be delayed until a full security audit and upgrade could be carried out. Even then, there is nothing to say that there aren’t more bugs like this that haven’t been announced yet.
The conversation about online voting should start with the assumption that something like this will happen. It should never think of security as something you either have or don’t have – it’s all about degrees of risk and how to manage it.
🗺 Civic tech mapping sadness 🗺
Open source mapping platform Mapzen announced that it was shutting down earlier this week. This is sad news for two reasons. First, because we recently switched to using Mapzen as our directions provider on our ‘Where Do I Vote?’ platform. We were looking forward to using the service in anger for the upcoming local elections in May. We’ll be switching back to the Google Maps API as an interim position and evaluating other alternatives between now and May.
Second, this is sad to see because Mapzen was a substantial contributor to the open source and open data mapping communities as well as following a business model oriented towards providing services on top of open source software. Our friends over at Civic Hall published an exit interview with one of Mapzen’s senior engineers, which is worth a read.
📄 Every Report Matters 📄
In the last Fridayblog of 2017, we mentioned that we’d been to the Cabinet Office to chat about National Democracy Week. Later today, we’ll email over our ideas for the week and for categories for the new democracy awards. Got ideas? Comments? Do please add them to the doc!
At the same meeting, HM Government also launched their ‘Democratic Engagement Plan’ — a 90 page report, which we’ve now read in full. It’s all about voter registration — a rather narrow view of democratic engagement, but a reasonable starting point — and particularly about ensuring the register is complete, by reaching out to under-registered groups. All well and good, though it would have been interesting to see some reflections on registration by default.
Two elements stood out for us. First, the report mentions an Atlas of Democratic Variation, an interactive map of registration levels broken down into small geographic areas, which we’re looking forward to seeing.
Second, the report also provides an update on a project to provide an ‘Am I Registered?’ digital lookup service for voters, in response to the complaints of many election officers who have to deal with thousands of duplicate registrations. The service would be pretty handy for voters too. Here’s what the report says:
“…on establishing the feasibility of implementing an online lookup tool which would allow citizens to check their registration status in real time[,] … exploratory work found that the potential costs of a look-up tool - tens of £ millions - far exceed the costs of processing duplicate applications. There is also no obvious solution to the technical barriers to implementation. Both factors point towards needing to find an alternative solution, most likely implemented at a local level.”
We’re keen to see details of the exploratory work mentioned — if we find out any more, we’ll update you!
⏲ Four months to go ⏲
Start the countdown! Fire up the engines! Stoke the boilers! It’s four months yesterday to 3 May 2018 — local election day! We’re looking pretty good for wide coverage of the polling location finder, including, fingers crossed, very-nearly-complete coverage of London — and for an improvement in the quantity of candidate information too. The crowdsourcer is up-and-running, so don’t forget to add details if you spot candidates out there in the wild.
🔜 What’s next? 🔜
We’re getting together in Cardiff on Monday to plan the next sprint, review some mighty codebase changes, check we’re all on target for May and plot for the Big Plan for the next few years… more to follow, exclusively to Fridayblog!
Photo by Pablo Guerrero on Unsplash