We have another short survey this week containing further questions on the key issues facing the Party. These surveys are consultative, rather than being formal voting processes, but your input is invaluable as we continue to build the party's structure and we very much hope you'll be able to find the time to complete it.
Posted by rodcorp on January 29, 2004 at 04:50 PM in Your Party Surveys | Permalink | Comments (0) | TrackBack (0)
Thank you very much to all those who have taken part in the survey of 16th January 2004, which you can still take. The results (to date) are as follows:
Posted by rodcorp on January 29, 2004 at 04:17 PM in Your Party Surveys | Permalink | Comments (2) | TrackBack (0)
This is an web version of a working document on membership. It sets out the requirements for membership, which pretty much boils down to: "for important activities like voting on policy, how do we ensure that its 1-human-1-vote?". You can make suggestions in the comments at the bottom, and we'll read them all.
- - -
R. McLaren
Status: DRAFT, 29 Jan 2004
Contents of this document:
1. Note on this document
2. Introduction (What is membership?)
3. Requirements
4. Implementation options
4.1. Credit-card billing
4.2. Electoral roll
4.3. Driving licences, passports and NI numbers
4.4. Mobile phone
4.5. Biometrics
4.6. Yahoo-style membership
5. Open issues, questions, and other notes
6. Recommendation and conclusion
1. Note on this document
This is itself an experiment in “open” design. I’ve tried to write this so that it can be read and commented on by reasonably non-technical people. This document doesn’t look in any detail at other requirements outside of membership, such as the mechanism for voting, or discussing etc.
It’s not finished.
Comments, suggestions and improvements are welcomed, though at the end of the day a decision will have to be made, which will probably have to be somewhat dictatorial. Apologies for that in advance.
How to comment: at the moment, there isn’t a single editable document on a system like a wiki, so I will attempt to coherently collate any responses sent to info@yourparty.org, or to the volunteers list (yourpartypeople@yahoogroups.com) or in comments on the blog site. If you comment, I’ll try to cite you accurately.
Rod McLaren / rodmcl & yahoo , com
2. Introduction (What is membership? Why?)
Your Party is an online political party, whose members take policy decisions by voting. There are also additional activities (such as discussion, debate, etc, etc) for which it would be very useful/essential to have confidently-identified members. We have stated that we will accept anyone who is a UK national (whether resident or not) or a UK resident as a member.
The underlying principle of Your Party voting and representation is 1-human-1-vote, so we need to ensure that members are identified correctly. Every member must be a unique human, and no human should be able to adopt the identity of an additional unique human.
To achieve this, we need to prove that a user (member) is a human being and that they are entitled to use that particular human identification. We need to do this to avoid two common types of fraudulent membership (and therefore voting):
· Alice “steals” Bob’s identity so she can make two votes. This kind of fraud is serious but its impact is relatively small: Alice can vote twice, Bob can’t join the party, and Your Party might have a bad PR story.
· Alice generates thousands of new and unique identities by generating thousands of unique email addresses (or whatever electronic identifier number the system uses). This kind of fraud is serious and its impact is potentially massive: Alice can then vote as many times as she has “identities”, so Your Party actually becomes Alice’s Party, and Your Party has a bad PR story about vote hijacking.
In both of these fraudulent cases Alice would have successfully identified herself as a unique individual, but as she wasn’t required to prove that she was who she claimed to be, she was able to cheat the system. So we need to authenticate a user as a particular human.
This system aims to be at least as secure and accurate as that (the electoral roll) underpinning elections in the UK.
There will also be a second type of authenticated identity on Your Party: that asked for when members log in to the site. We merely need to know their Your Party identity and we need some proof that they are the member that they say they are. A unique username and the corresponding password should be enough.
To summarise:
· to become a member, you need to inform Your Party of your real-world identity and prove that it is yours (example: name and address; and proof of that address)
· to log-in to the site thereafter, you need to give Your Party your Your Party identity and prove that you are the member that you claim to be (example: a unique member name; and a password)
3. Requirements
We need to design and implement an online membership scheme that satisfies certain security requirements:
1. clearly and uniquely identifies users to the site (and each other) when they participate
2. ensures one man, one vote
3. prevents (to a reasonable degree) fraudulent voting
4. collects information that will be legally required or required in order to participate in certain activities (eg Your Party may need to know where the user lives in order to meet Electoral Commission reqs)
There are also some requirements that aren’t specifically about identifying individuals, but are be required for voting, “user-friendly” or other purposes:
5. after the user has become a Member, logging-in should be quick and easy for them
6. the user should be able to get a reminder if they forget their password (and perhaps any other information that we’ve asked them to choose, with the exception [for security reasons] of financial details)
7. forename, surname (we should ask for this because, as the BBC’s iCAN put it, it encourages people to commit to their positions, and consider their words, and to keep criticism constructive)
8. user’s location (may be useful or legally required for voting purposes)
And finally, some “Your Party-friendly” requirements:
9. possibly some other useful information (this could be optional for the user)
10. The scheme should be low-cost, and relatively easy to support and maintain for Your Party
At this time, the scheme is not required to work across multiple platforms: users can only register as a Member on the website.
4. Implementation options
Some of the options below authenticate the user against their residential (or residential billing) address. We make the assumption that credit-card companies/banks or the electoral roll are “trusted sources” for this information. Similarly, there are other trusted sources such as the passport agency (for passports), the DVLA (for driver’s licences) and gov??? (for NI numbers).
4.1: residential billing address (the Credit-Card option)
We ask for the usual email address etc, plus: credit-card (or debit-card) details in order to authenticate the user and to take the membership fee. If the transaction doesn’t validate, they can’t become a member. Level of membership fee to be decided (Labour is £24, Cons: £15, LibDem: £5. So £5 max? Also look at micro-transactions: sub £1)
· What data do we collect? What data do we store?
-- Forename, surname, email address, password, (password reminder question and answer). [this will henceforth be referred to as the standard information]
-- Credit-card/Debit-card number, expiry date, name on card, security number, (issue number and date), billing address incl postcode.
-- Store what?: Store CC number as one-way encrypted? What else do we store? DPA issues?
· What does it require?
-- Deal and implementation for a merchant account with eg Worldpay
· Advantages
-- Could raise funds for eg election deposits
-- Fraud is expensive, therefore unlikely
-- Can perhaps mitigate the barrier to entry by making membership fee low?
· Disadvantages
-- Access: Members need a CC or DC to become a member
-- CC details are a barrier to entry (nervousness about what we may use them for)
-- Merchant account deal and implementation may be costly and slow us down
-- DPA compliance will slow us down and involve lawyers (however DPA probably an issue for all options)
-- Doesn’t work well for under-18s
-- What is the worst thing that could happen?: Alice can vote three times if she has 3 cards registered at 3 separate addresses. (However it is impossible for her to register thousands of times without both funds and cards that are registered at different addresses.)
On raising funds: if we did collect a small membership fee, we should make it very clear what it is to be used for. Eg: raising funds to pay deposit fees, rather than something vague like “running the party”.
An alternative is not to charge a membership fee – to use the CC to authorise the user’s identity but cancel the transaction.
4.2: residential address (the electoral roll option)
We ask for the usual email address etc, plus: name, house name or number, and postcode. We then see if the name-and-address is in a name/address database (these are supplied by data aggregation companies like AFD, QAS and Capscan, who buy electoral roll data from local councils, and then clean and de-duplicate the data), try full address if there’s no match, and fail the user if there’s still no match.
Nb: this method doesn’t prove that the person at that address unless we send something to them and ask them to post proof of address.
· What data do we collect? What data do we store?
-- Standard information, plus: house number, postcode. Should work in 90% of cases. Fail back to full address, so may ask for this too.
-- Store what?: …
· What does it require?
-- Deal and implementation for an name/address data source, such as AFD.
· Advantages
-- Mapping users against an electoral roll data source may make a lot of sense!
-- lower barrier to entry than with CC?
-- No cost to user
-- Should work for under-18s
· Disadvantages
-- The name/address data sources can be up to 12-18 months out of date
-- Anyone who opts out of the marketing provisions under the UK People’s Act will not appear in the data
-- If you’re not in the data source, you can’t become a member. The underlying address data (from the post office) is about 95%, but name data (which comes from the electoral roll and other sources) is perhaps 70-80% accurate.
-- Data source deal and implementation may be costly and slow us down
-- Users can register as multiple people unless we actually post them something (cost!) to make sure that they respond from that address
-- Data Protection Act compliance will slow us down and involve lawyers (however DPA is probably an issue for all options)
-- Doesn’t work (practically) for non-UK-residents
-- What is the worst thing that could happen?: The people that have moved house in the last 18 months might not be able to become members; and people on the electoral roll in two locations can become a member twice.
4.3: driving licences, passports and NI numbers
[This is not necessarily a proposal to allow members to choose which one of the three to provide - I’m covering these in the single option, because they have the same disadvantages as far as I know]
We ask for the usual email address etc, plus: some proof of ownership of a passport, a driving licence or a NI number.
· What data do we collect? What data do we store?
-- Standard information, plus: passport number and expiry date, OR driving license number and expiry date, OR NI number
-- Store what?: …
· What does it require?
-- Relationship with a trusted source (passport agency / DVLA / gov???) to authenticate
· Advantages
-- Data is accurate
-- lower barrier to entry than with CC? (however, very large privacy concerns!)
-- No cost to user
· Disadvantages
-- It’s very difficult to authenticate: we would need real-time links to the trusted source [no idea yet whether this is at all possible, but it seems unlikely]
-- Massive DPA compliance issues potentially
-- None are ideal for under-18s, nor for non-UK-residents
-- What is the worst thing that could happen?: a nasty breach of DPA probably
4.4: mobile phone number
Usual details plus: we send an sms to the phone. The user types the information (in the sms) into the website.
Nb: this doesn’t prove that users have a current billing relationship with a trusted source (the mobile operator) because 50% of mobiles are pre-pay.
· What data do we collect? What data do we store?
-- Standard information, plus: mobile phone number.
-- Store what?: …
· What does it require?
-- Outbound sms delivery
· Advantages
-- Relatively simple for the user; possibly for Your Party too
-- lower barrier to entry than with CC? (however, privacy concerns?)
-- No cost to user
· Disadvantages
-- Sms delivery costs
-- Access: not everyone has a mobile phone
-- Registration can fail if sms delivery is slow
-- DPA compliance will slow us down and involve lawyers (however DPA probably an issue for all options)
-- Users can have multiple mobile phones
-- If a user changes their mobile number, or if two users share a single mobile number, or if old mobile numbers are recycled, we have a problem
-- What is the worst thing that could happen?: PR fallout from excluding people who haven’t got mobiles
4.5: biometrics
On paper, biometric solutions sound ideal for identifying individual humans. However, they’re expensive, and they don’t work.
4.6: Yahoo-style membership
We sign people up the same way that Yahoo do: ask for the usual email address etc, plus: we ask them to type in a word that appears in a computer-generated picture (a “captcha”). This step requires a human to eyeball the picture, so it discourages people using automated means to generate 1,000s or 100,000s of email addresses, but it doesn’t stop them from creating several or many identities if they’re inclined to take the time.
This method might be useful for a two-level membership scheme: use this for people who want to discuss etc, but require them to become full members (with voting rights)
· What data do we collect? What data do we store?
-- Pretty close to the standard information.
-- Store what?: …
· What does it require?
-- Fewer external suppliers
· Advantages
-- Simple for the user; possibly for Your Party too
-- Very low barrier to entry
-- No cost to user
· Disadvantages
-- Users can create hundreds of identities if they’re prepared to spend the time. Therefore more a PR disadvantage than a real (vote-affecting) disadvantage perhaps.
-- DPA compliance will slow us down and involve lawyers (however DPA probably an issue for all options)
-- What is the worst thing that could happen?: someone painstakingly creates 100 identities, and can therefore vote 100 times. However, If users are able to automate the captcha part of the signup, then there’s a risk of a massive number of fraudulent IDs being created.
5. Open issues, questions, and other notes
IP addresses:
Probably record IP address as part of the user authentication method. For most authentication options?
Storing data:
In principle, we want to store as little user data as possible, in order to minimise security risks DPA issues, cost of data maintenance, etc. However, we do of course need to do hosting (and related security) well.
Sampling and Auditing:
It has been suggested that sampling may make it more effective to use different authentication methods that were previously expensive for the organisation though low-barrier for the member. Instead of authenticating every user, we’d authenticate a sample of them. Auditing and sampling can be very effective at identifying fraud. Disadvantage: the identification scheme can be criticised for not being accurate. DPA compliance?
Age:
We haven’t nailed down whether there are age limits to membership. If we accept under-18s as members, then verifying their identities is difficult because (a) they don’t have credit cards and (b) occasionally you have two individuals with the same name at the same address, (c) etc.
Addresses:
How do we authenticate UK nationals who aren’t residents? Using residential address is impractical, as we’d need address data globally. Credit-card is less impractical. Alternatively, look at whether the terms make sense: perhaps members need to be UK residents? – especially if we end up linking voting rights to geographic constituencies [this will no doubt come up in the planning for the party constitution]
Multi-level:
We should also look at registering users on two levels so that there’s a lower barrier to discussing, debating etc, and a higher one for voting.
Choice:
Do we let users pick which authentication method they’re most comfortable with? Disadvantage: complexity and length (cost) of development time
6. Next steps, and recommendation
Next steps are:
get feedback, scope out (budget) a recommendation, and build.
Recommendation:
Still working on this, but I currently lean towards the credit-card option for its balance of accuracy with fund-raising. However, even though the idea of a two-tier membership may address some of its barriers-to-entry, it is recognised that it is not ideal for attracting membership. Name and address also looks like a good option.
Posted by rodcorp on January 29, 2004 at 10:30 AM in News about Your Party | Permalink | Comments (14) | TrackBack (1)
The All-Party Parliamentary Group for e-Democracy is gathering information after their first public session (27 Jan 2004), on MPs and blogging. It was like being at a club: most seemed to know each other well. Talking: MPs Watson, Allan and Soley; Crabtree; Benn. It has been described comprehensively and entertainingly elsewhere. The main thrusts seemed to be:
Posted by rodcorp on January 28, 2004 at 10:12 PM in Internet, politics and democracy | Permalink | Comments (4) | TrackBack (0)
Want to volunteer to help Your Party? We want to hear from technical people, designers, writers, marketing experts - everyone. If you're interested, then email us. You can also join our Your Party People email list, which is hosted by Yahoo groups. (If you have a Yahoo email address it's super-easy to join, if not you'll have to fill in a bit more info).
All people and ideas welcome, though please note we are not using this list in order to determine Your Party's position and policy on political issues.
Posted by rodcorp on January 27, 2004 at 11:28 PM in News about Your Party, Volunteers | Permalink | Comments (6) | TrackBack (1)
Robbie Hudson's Web as the voters' weapon in the (UK) Sunday Times, 25 Jan 2004, looks at the the web and politics in the States (Dean, MoveOn, MeetUp, Iowa, etc) and the UK (FaxYourMP, Public Whip, Your Party, etc), and concludes that e-democracy is here to stay, but takes a fairly neutral view on it. Their sidebar has a good list of political sites. Choice quote: Richard Allan, MP: "Democracy is happening on the internet — the question is whether we want to engage with it practically or have it bite us on the backside."
And some seemingly skeptical assertions on e-democracy noted elsewhere, which will need to be thought about: iSociety's Will Davies: "constitutional democracy is representative, whereas social software (and its ilk) is only presentative". MySociety's Tom Steinberg: "There is an inverse correlation between the passion felt for a policy issue and the ability of direct democratic tools to deal with it".
Posted by rodcorp on January 25, 2004 at 07:29 PM in Internet, politics and democracy, Your Party in the media | Permalink | Comments (0) | TrackBack (0)
From the think tanks: Adam Smith Inst wants to see "People before politics" as a fix for NHS healthcare. Still on the public sector, Demos (and former health secretary Alan Milburn) ask: Are you local? - arguing for "demand-led" rather than one-size-fits-all devolution.
The Electoral Reform Society suggests that first-past-the-post could give Burnley council to the BNP. (And here's the ERS's summaries of single-member, multi-member, and mixed voting systems. Nb their own preference for the single transferable vote.)
Other things: BBC Wales' parliamentary correspondent has an online diary. The iSociety's Will Davies on Infrastructural Liberalism. Joseph Beuys (the artist) and direct democracy [via Aharon, by email]. For technical readers: eEurope Action Plan 2005 first-drafts its European Interoperability Framework for delivery pan-European e-gov services.
Communicating directly: Daniel Finkelstein, ex-research director of the Tory party, asked in The Times yesterday Why should broadcasts be restricted to political parties?
I think people should be able to communicate directly with voters in the most effective way possible. And why should that right be restricted to political parties? What about the anti-war movement? Or those people who want to bring back capital punishment?Interesting.The political debate in this country is being crippled by a fear of freedom. It’s time to remove the shackles.
Posted by rodcorp on January 23, 2004 at 04:56 PM in Internet, politics and democracy | Permalink | Comments (0) | TrackBack (0)
Europarliament.net tracks MEP attendance in the European parliament. Finland and BeNeLux get a gold star; UK, Portugal, France and Italy don't. [via the Public Whip, its UK equivalent]
And: The Stationery Office-hosted Early Day Motions site records those notices of motions given by MPs that aren't expected to be debated in the UK parliament.
Posted by rodcorp on January 23, 2004 at 04:44 PM in Internet, politics and democracy | Permalink | Comments (7) | TrackBack (0)
We've set up a new survey which looks at some of the issues facing the party. It's not part of the formal decision-making process – we won’t have that in place until the party launches in late February - but it is an important part of the consultative process as we try to get it right.
The original survey is still online. It's about your attitudes to internet democracy and politics.
(Our surveys are hosted by YouGov, an online research and polling company.)
Posted by rodcorp on January 17, 2004 at 11:57 AM in News about Your Party, Your Party Surveys | Permalink | Comments (0) | TrackBack (0)
Over 2,000 people have already taken Your Party's first survey. It's about your attitudes to internet democracy and politics, and is hosted by YouGov, an internet research and polling company.
Posted by rodcorp on January 15, 2004 at 12:01 AM in Your Party Surveys | Permalink | Comments (0) | TrackBack (0)
Recent Comments