The need to rebuild identity integrity and democratic accountability

I have just read the report of the Association of Electoral Administrators on the future of electoral administration in the UK. We may be about to have a long overdue referendum on the choice between “first past the post” and casting our votes in order of preference (the alternative vote). But it is far more important to cleanse the UK election system, from the initial register to the processes for exposing and prosecuting malpractice and fraud (as in the stealing of local government elections).  

The AEA report is dry and sensible. But remember what lies behind it. The UK electoral register is one of the main start points (and reinforcers) for identity and benefit fraud. More-over, as was shown in Birmingham in 2004 and again in 2009 , it is all too easy for it to also be used as the start point for election stealing to reinforce control over inner city communities by a mix of organised crime and political extremists.

It unlikely that the Birmingham election in 2004 really was “the most corrupt since 1895”. Short of an election petition (read the AEA report to see how near to impossible it is to raise one) there is almost no way of exposing corruption in a system that has become ever more vulnerable. The budgets and tiemscales available to election administrators to check the register have been cut, year on year. Some council take the role seriously, Others do not. Meanwhile the mainstream political parties have come to rely on national mass media campaigns with telephone and e-mail canvassing, rather than local volunteers who might discover, by door-to-door canvassing, that dozens, perhaps hundred, of voters are supposedly living in flats or houses that have been derelict for years – and claiming postal votes.

Given the scale of funding cuts in prospect, it is essential that those making them, whether Ministers in Whitehall or Councillors in Town Hall, are seen to have a democratic mandate. If the new localism is to mean devolved decisions on important matters, it is essential that the consultations, let alone the contracts, are not stolen by local groups who have taken charge of the register and thus the routines for formal democratic accountability.

By comparison, debate over the US planned routines for identity governance, e.g “Trusted identities in cyberspace , is merely “interesting” – even though we may well have to live with the consequences as the databases containing our personal data (including our Internet access codes and footprints) move off-shore, perhaps at an accelerating pace as cost-cutting gathers momentum.

On monday the Identity Governance group of the Information Society Alliance has two meetings: one on electronic voter registration (looking at the systems in use of other nations) and the other on the overall principles. We have some very thoughtful papers to review. It is most unlikely that most Britons would wish to go down the Scandinavian route, tying voter registration to the resident’s card, but most of the world (including the developling world) now has more robust electoral registration systems than we do.

The wider issues are also getting seriously interesting. On the one hand are those who wish to see routines that would dovetail with those being developed in the US to meet their homeland security agenda. But six months ago I blogged on the need to recognise that the battle between the private and public sector over the control of personal identity goes back millenia (to the contrast between ancient Sumeria where the rulers were also under the God-given laws and ancient Egypt where the ruler was a God). At that time we were planning a relaunch of the ID governance group after several false starts: discussions hi-jacked by those who knew the “answers” (mainly to do with PKI, federated identies and third party trust services), but did not even understand most of the questions.  

I am pleased to say that this time round the group is now making real progress. It helps that HMG will probably have to cull most of its semi-incompatible ID systems, let alone its error prone personal databases, as part of the current round of cost-cutting. This makes it easier to persuade players to stop hunting the “holy grail” of best practice and begin by ensuring that the cull begins with those which fail to follow adequate practice.

I personally would like to see the essential applications moved across to use databases run by those who have demonstrated that they do know how to securely manage personal identities – based on robust registrations and transaction footprints under the “permission” of the individual.

But we now have a more balanced group, including from banking and finance (who began their transition to global electronic authentication routines over 150 years ago with the early cable systems) as well as government and its current and would-be suppliers. I am much more interested to hear what the group members think is practical. They, in any case, will be dictating the contents of the report, not me. I am also looking forward to future inputs from the professional bodies: especially from the Law Society on the argument that we should use the law of Tort , to claim damages from those whose negligence with our personal information idwnetities has caused us grief, rather than agonise over legislation.

However, I am even more interested in ensuring that we remain a functioning democracy. Hence the need to give priority to cleansing the electoral register, both as a key point of leverage in the fight against ID fraud and as the key to cleansing our electoral system.