Eight things you can't do online

Twenty years ago, less than 5% of the UK population had access to the internet; today it is approaching 90%.

Much of that growth can be attributed to the number of everyday activities that can be done online, often more conveniently and more cheaply than if they were done in person. In fact it seems like we can do almost everything online: anything from chatting to shopping or paying bills, from sending a greetings card to booking a taxi or completing your tax return.

However, even today there are still a number of activities which cannot be done online. Here are some examples:

• Applying for a passport – you can complete the form online, but the form must still be printed, signed and posted to the Passport Office with your witnessed passport photograph.
• Registering a death – you need to take the medical certificate and various other ID papers in person to the local registrar.
• Registering a birth – also must be done in person and requires ID.
• Getting married – you can webcast the ceremony if you like, but legally the married couple and witnesses must be in the same room!
• Opening a bank account – many banking transactions can be done online, but if you’re new customer opening an account for the first time you’ll normally have to visit the local branch with various proofs of identity address and identity.
• Obtaining prescription drugs – this has changed recently with the electronic prescription service, which allows the doctor to send the prescription straight to the pharmacy of your choice, and if the pharmacy is an online pharmacy they will deliver the drugs to your door. But there are still certain controlled drugs which have to be collected in person from a bricks-and-mortar pharmacist.
• Buying firearms – you can buy a gun privately but the transaction must be completed face-to-face and ownership certificates signed.
• Voting in public elections. There is widespread use of online voting in many non-government organisations, but (though there were some pilots in 2002 and 2007) there is no internet voting service for UK government elections. You can only vote in person by attending your local polling station, or by post.

So, why is this? What is it that all these activities have in common?

The answer seems to be that both parties involved in the transaction need to have the highest possible degree of trust in the identity of the other party. The problem of authenticating a person’s identity is common to most internet transactions:

On the internet, can you really be sure that the person using the browser at the other end really is who they say they are?

Even if they are who they say they are, can you be sure that their computer is not infected with a virus, or that there isn’t someone snooping over the internet connection, or that the web server application or database isn’t controlled by some third party – in any of these scenarios the information or instructions provided by the person at the other end of the internet connection could be modified or deleted before they reach their intended destination.

Each online activity – social networking, shopping, banking – approaches this problem of identity by creating a set of rules appropriate to the level of risk – most likely based on the commercial consequences of an identity being faked. For example, an online shop might require you to have a password, and have rules about whether you can order goods above a certain value, or for delivery to a non-registered address. An online bank on the other hand, might require two-factor authentication and require special software to be installed on your computer. Shops and banks know that they cannot entirely prevent fraud, but these techniques allow the risk to be managed to a level which is commercially acceptable for them and their customers.

So the reason that passport applications, registering births and the other activities mentioned above cannot be done entirely online is not just that the risk of fraud cannot be eliminated, but that the consequences are not acceptable. Our society wants to minimise the risk of guns being sold to people who may not be authorised to own a gun. Our society wants to minimise the risk of fraudulent passports and birth certificates being created, particularly as these are precisely the kind of documents that banks and other organisations might want to see before they will do business with you.

In the case of public voting, we want to minimise the risk that government election results might be manipulated or tampered with. Of course the requirement that votes must be cast in person at a polling station, or via a postal ballot delivered to an elector’s registered address, does not eliminate the risk of fraudulent voting. For example it would probably not be difficult for one person to visit more than one polling station, and vote on behalf of someone else. But it would be hard to do this, without detection, on a large enough scale to change the election result.

So, will this ever change? Will there always be activities that cannot be done online? Interestingly, there are already plans to allow the government’s identity service GOV.UK Verify to be used for registering births and passport renewals; perhaps this might be used in future to authenticate voters too?

In a future blog we will look at some of the other properties which an online voting system for public elections might require.

WebRoots ‘Secure Voting: A guide to a secure #onlinevoting in elections.’

Civica Election Services has a 20 year history delivering electronic voting projects, but as mentioned above, voting in public elections online is still something that we cannot do in the UK. WebRoots Democracy, an organisation that looks to reverse growing political apathy in the UK, believes that this should not be the case in today’s technologically advanced world. As such, they are the first and only organisation in the UK to campaign for the introduction of online voting in Local and General Elections.

As part of this campaign they have recently compiled a report on ‘Secure Voting: A guide to a secure #onlinevoting in elections’. The report includes contributions from global experts and academics in the electronic voting field and includes examination of the key security challenges faced.

With our experience in running elections and providing online voting services for professional bodies, companies, and political parties, WebRoots asked that we at Civica Election Services (formerly ERS) submit a contribution to this report. In our section of the report (pp27-32) we evaluate the safeguards from peer-pressure available, the ability to ensure the correct vote is submitted and received, guaranteeing the system is sufficiently secure, along with several other aspects and concerns surrounded around online voting.

See our full contribution to the WebRoots report here and find out more about online voting and the challenges it has faced.