Election fraud report recommends government consider new national IP database
- Summary:
- Sir Eric Pickles, a former secretary of state, has published a report on election fraud and one of his suggestions for a national database of IP addresses, is unlikely to go down well.
The recommendation in question is for the government to consider the creation of a new national database that holds voters’ IP addresses, so that these can be used as evidence when seeking to prosecute potential fraudsters.
IP addresses, whilst used on their own are not personal data under the Data Protection Act, it’s safe to assume that concerns will be raise about the information being used in combination with other datasets to create identifiable, personal data.
The report was commission by Prime Minister David Cameron after an east London mayor was removed from office and a poll was declared void, having been found guilty of using “corrupt and illegal practices” in an election.
Pickles’ long list of recommendations attempts to address how the electoral system could be made more secure and work as a reinforcement to support everybody’s basic democratic rights. That being said, pressure groups have already slated the outcomes and said it is like using a “sledgehammer to crack a nut”.
However, Pickles said that change was needed. In his opening statement in the report, he notes:
The events and judgment in the Tower Hamlets case loom large in this review with significant evidence being related to that case. Indeed, the judgment of Richard Mawrey QC was one of the reference points for this review.
The abuse there was facilitated by weaknesses in the system that is employed throughout Great Britain. We take our democratic institution for granted. We need to make sure that people trust the system and that perceptions can play as big a part in undermining the system as well as actual proof of fraud.
Electoral fraud and corruption is intertwined with other forms of crime as well. Local authorities have a large procurement role. A group of people who cheat their way to power are unlikely to hold a higher moral standard when handing out public contracts, or when making quasi-judicial decision on planning and licensing. Electoral registration fraud is connected with financial crime and illegal immigration.
Therefore we need to be both comprehensive and robust in our approach to tackling fraud and the opportunity for it. I believe that the series of measures put forward in this report for the Government to consider take that approach. They also recognise the need to support engagement and not create undue barriers to democratic participation by legitimate electors.
A new database
Whilst the report is broadranging and focuses on everything from people needing to speak English and Welsh only in voting booths, to requiring forms of ID when you go to vote, the bit that hasn’t yet caught much attention, but would in reality likely cause a backlash, is the proposal for a new national IP database.The report states that IP addresses could be retained by the IER Digital Service (the digital transaction service which enables the transmission of registration applications and the matching of application data to DWP records), so that this information could be interrogated by law enforcement in order to establish an evidence trail when wanting to prosecute potential fraudulent applications.
However, whilst making the recommendation, the report also goes on to note the number of concerns/limitations that are likely to come with its creation - including validity, cost and privacy. The report states:
Whilst this change may be technically possible, it is unclear as to the potential costs to creating and maintaining a secure data storage environment to facilitate its use, as well as providing some form of interrogation interface which would allow law enforcement to access this information.
In addition, concerns regarding data privacy and the creation of new national databases will need to be addressed. The IER Digital Service was specifically designed not to retain application data once matching is complete, in order to mitigate concerns raised by the Information Commissioner and others during the development of individual electoral registration. Appropriate legal and physical safeguards would need to be put in place to ensure that the use of this information was proportionate and could not be abused.
Finally, further investigation would be necessary to determine the effectiveness of the IP address in establishing a link between a given individual and a potentially fraudulent application; for example, the IP addresses of computers located in multi-use locations, such as public libraries or workplaces, would not, in themselves, establish that link. In addition, it would also be worth considering whether, particularly in cases of organised fraud, fraudsters would be able to find ways of masking an IP address or giving a false trail.
Care.data
The suggestion that the government should create a new national database of IP
addresses for voters is likely to face the same challenges that were brought to NHS England’s controversial care.data programme.Care.data was created pull together all of the UK public’s GP health records, store them in a central database and share them with the Health and Social Care Information Centre (HSCIC). The NHS believed that the sharing and analysis of information across the NHS will will help to ensure that the quality and safety of services is consistent across the country.
However, despite ensuring people that the data would be pseudonymised,NHS England’s failure to communicate the implications of data sharing led privacy campaigners to successfully argue that more work needed to be done to ensure people’s data was handled correctly. For example, it was more than once suggested that by matching data with other databases, people could possibly be identified by the data.
And despite then NHS director for patients and information, Tim Kelsey, saying that it was “moral obligation” for big data programmes like care.data to proceed, the programme was scrapped a couple of months ago.
If you look at the information that can be gleaned from an IP address, and how it can be used to identify people in combination with other data sets, it doesn’t take a great deal of imagination to assume that similar concerns would arise.
My take
Whilst I’m not against the idea of data sharing in principle - as there are huge benefits to be gained - it needs to be done properly, transparently and with the proper checks in place. Citizens need to be given control and insight into how their data is being used, and the plans need to be communicated effectively.
I realise this is just a recommendation at this stage, but if the plans go ahead, the government should be aware that this is a recipe for disaster if mishandled.