Voter ID the British way

The Prime Minister, Alexander Boris de Pfeffel Johnson, once wrote about ID cards that if he were ever asked to produce one as “evidence that I am who I say I am” that would take it out of his wallet and “physically eat it”. Now, however, he has announced that he intends to introduce mandatory voter ID for elections. Since Britain doesn’t have an ID card, or a functioning digital identity infrastructure, he will thankfully be spared the indignity of eating an ID card (or, presumably, his phone) at the polling station. What’s more, since Britain doesn’t have a problem with voters being impersonated at the polling station in the first place*, it doesn’t matter.

If you are wondering why it is that Britain is about to demand an ID that people do not have in order to solve a problem that does not exist.. well, it’s security theatre that will keep everyone happy. A rigorous ID requirement would be problematic, because a quarter of the British electorate lack either of the principal photo ID documents, a passport or a driving licence. Hence when you go to vote you will produce either some photo ID document (eg, a Portuguese fishing licence or a British passport) that the chap at the polling station cannot conceivable verify (in Britain polling stations are manned by cheerful local volunteers, not ex-Israeli airport security counterfeit document detection experts) or some random non-photo ID document from a peculiarly English assortment of possibilities including your local library card (these are notoriously difficult to forge, of course)

To me this represents a wonderful, pragmatic British compromise — a countermeasure that doesn’t work to a problem that doesn’t exist— that avoids dealing with the real problem: the electoral fraud that does not happen at the polling booth. The main source of such fraud in the UK is not personation at the polling station but fraudulently-completed postal ballots, a situation that led one British judge to call it “a system that would disgrace a banana republic”. As far as I can understand it from reading the various reports, including the source reports on electoral fraud in the UK, the main problem is that postal votes are being completed by third parties, sometimes in bulk. No proof of identity is going to make any difference to this and so long as we allow people to continue voting by post I can’t see how the situation will improve. It is not beyond the wit of man to come up with alternatives to the postal vote. But that’s not what is being proposed. The UK government is not currently proposing an app or any other kind of electronic voting here, it is merely proposing to add a basic test of identity at the ballot box.

(This is a subject of some interest to me. My home town of Woking, one of the few places in England where people have been jailed recently for electoral fraud, was part of the government's original voter ID pilot scheme which trialled different types of identification, including formal correspondence such as a utilities bill. I should explain here for foreign readers that in the UK we see the British Gas quarterly bill as a uniquely trusted document.)

The real way forward is, of course, not about using gas bills or indeed special-purpose election ID cards only for the purposes of voting, or a national identity scheme that Mr. Johnson dreads, but a general-purpose National Entitlement Scheme (NES). This sort of thing has been put forward for decades by informed industry observers (eg, me) but I think it now has added momentum because of the combination of technological evolution in the field of identification, authentication and (in particular) authorisation as well as the pandemic pressure to manage vaccination certificates and test results. Much as a person should be able to demonstrate that they have been vaccinated without giving away personal details so should be allowed to vote without disclosing their identity.

The key technology enabler here is that of the “verifiable credential” (VC) and the ability to create and present credentials that demonstrate proofs rather than data. This is often explained through the canonical example of proving to a bar that you are over 21 without providing a date of birth or age. As The Economist explained recently, individuals can be identified to (for example) a smartphone app much in the same way as for online banking, authenticated against their smartphone using biometrics and then when seeking entrance to a “COVID-secure” venue the app can respond to the venue's requests for credentials (such as a valid test certificate) with a simple “yes” or “no” and nothing else. The individual’s name, age, address, the date of their vaccination and the like would not be transmitted from the app.

It seems a pretty small step to present the credential ENTITLED_TO_VOTE using a similar mechanism at the polling station. Or, indeed, anywhere else.

* There was precisely one conviction for “personation” fraud in the UK in 2019.