Britain’s next prime minister will be chosen next week using unproven and controversial technology, security experts have confirmed… new statesman is not transparent or robust enough to guarantee the safety of the process.
Rules established by the 1922 commission state that if at least two candidates receive more than 100 MP nominations, the party’s membership will elect the leader. They will do this using an online voting system, making Britain the second country in the world to elect its head of state through online voting. But while Estonia has spent 17 years developing a system that allows about 40 percent of its voters to vote online, it will be the number one option for conservative members — and they’ll have less than a week to access and trust. touch with the system.
Tory party officials have tried to reassure voters that the leadership race will be immune to foreign interference if it is voted online next week. But “e-voting” and “i-voting” are still relatively immature technologies with significant security challenges.
These techniques remain controversial, even among the cryptographers who have spent decades developing them. “Nobody has come up with a completely satisfactory solution until now [for online voting]including myself,” said Peter Ryan, a professor of applied security at the University of Luxembourg, who worked at GCHQ and the Ministry of Defense before spending nearly 20 years studying and developing online voting systems.
A perfect system would be easy to use, guarantee voter anonymity and show them that their vote was counted correctly. But these competing demands are extremely difficult to balance in theory, and even more so in practical applications. The new statesman has asked the Conservative Party to guarantee that voters remain anonymous and that they can check how their votes are counted, but has not yet received a response.
Ryan said he was concerned about the lack of transparency around a system used to decide who runs the UK. When the party gave its members the opportunity to vote online in this summer’s leadership elections, he approached the Conservative Party and Civica, the software vendor that managed the vote, to ask for details on how it would work: “Civica said something like: “We cannot discuss an election of such sensitivity.”
Content from our partners
Party chairman Jake Berry made similar comments in a statement Thursday afternoon (October 20). “Without going into the security measures we will take, for reasons you will no doubt understand, we are pleased that the online voting system will be secure,” he said.
“My answer is,” Ryan said, “just because it’s such a sensitive election, you should talk to experts and show a little transparency about the process. We have no reason to really trust the process, other than blindly. to trust.”
In August, conservatives were advised by security experts at the National Cyber Security Center (NCSC) to drop plans to allow members to change their vote after they submitted it, over concerns it would increase the risk of hostile actors would interfere in the process. The party accepted the advice and made no further changes.
Ryan said the implication was that NCSC was otherwise “moderately satisfied” with the system. “If you can trust Civica to maintain the security of their servers and so on, the system will probably work fine, but there’s a lot of trust there.” He said he did find the company trustworthy and competent, but “Having to put such trust in a single outfit is very disturbing… I really want transparency in the process so we can verify that it will be done right.”
The contest’s short timescale means that a foreign power, even with advanced cyber capabilities, would find it difficult to compromise a sufficient number of voters’ devices to change the outcome. It is not yet clear who will lead the process, but any credible vendor would also be expected to have firewalls installed around their servers to protect them from outside attacks.
The bigger concern among security experts relates to how the party verifies voters. Tortoise news organization has taken legal action against the Conservative Party after it refused to disclose details of its membership. Tortoise’s journalists had successfully registered memberships for four fake individuals, including two foreigners. “In a way, what am I more concerned about? [than the prospect of a breach]Ryan said, “is that we have this shady electorate that we know nothing about, that is in no way representative of the UK.”
As the country continues to feel the effects of Liz Truss’s economic mismanagement, the UK needs hardly any more reasons to reject a system in which less than 0.2 percent of the population nominate the country’s prime minister. If the party cannot guarantee that the votes of even this small minority are well represented, it will only give more weight to the call for general elections.
[See also: Boris Johnson’s path back to power is a treacherous one]