Voter ID, Again

I vote for Verifiable Credentials.

May 13, 2024

Dateline: Woking, 13th May 2024.

A Very British Solution to Voter ID

In 2004, the former Prime Minister of our United Kingdom, Alexander Boris de Pfeffel Johnson wrote in a newspaper that if he were ever asked to produce an ID card as evidence that “I am who I say I am” in "any other venue, public or private” then he would "take that card out of my wallet and physically eat it in the presence of whatever emanation of the state has demanded I produce it”. This was before his government introduced (pointless and expensive) mandatory voter ID requirements at polling stations. Which is why I would have loved to have been a fly on the wall when Mr. Johnson was turned away from his local polling station after forgetting to bring acceptable photo ID. And I would have loved to have been a fly on the wall even more when he turned up with his driving licence to eat in front of the baffled clerk at the polling station.

IDentity

Britain doesn't have an actual ID card, or a functioning digital identity infrastructure, but fortunately Britain doesn't have a problem with voters being impersonated at the polling station in the first place, so it doesn't matter. Voter ID in the UK is a sort of security theatre designed to keep everyone happy.

A rigorous ID requirement would be problematic, because a quarter of the British electorate lack either of the principal photo ID documents, a passport or a driving licence. Hence when you go to vote you will produce either some photo ID document (e.g., a Senior Citizen Railcard or a British passport) that the chap at the polling station cannot conceivably verify. In Britain polling stations are manned by cheerful local volunteers, not ex-Israeli airport security counterfeit document detection experts, so when he glanced at my passport I strongly doubt he would have been able to subvert a concerted attack on the Woking Council election by agents of a foreign power.

The reason that none of this matters is that the main source of electoral fraud in the UK is not personation at the polling station but fraudulently-completed postal ballots, a situation that led one British judge to call it "a system that would disgrace a banana republic". As far as I can understand it from reading the various reports, including the source reports on electoral fraud in the UK, the principal problem is that postal votes are being completed by third parties, sometimes in bulk. No proof of identity is going to make any difference to this and so long as we allow people to continue voting by post I can't see how the situation will improve. It is not beyond the wit of man to come up with alternatives to the postal vote, but that's not what is being proposed. The British government is not currently proposing an app or any other kind of electronic voting here, it is merely proposing to add a pointless test of identity at the ballot box.

Pointless and, I might add, a total waste of money. Up until June of last year, the Electoral Commission had spent more than £4.5million on advertising to raise awareness of the Voter ID policy and the “Voter Authority Certificate”, which is the government’s alternative for those who don’t have ID, and which almost nobody has taken up.

(Data from Meta’s ad library shows the Electoral Commission spent more than £410,000 on Facebook ads in the last 90 days alone.)

Overall it seems to me that Voter ID represents a wonderful, pragmatic British compromise — implementing a countermeasure that doesn't work against a threat that doesn’t exist— that avoids dealing with the real problem: the electoral fraud that does not happen at the polling booth.

Woking Leads the Way

My home town of Woking, one of the few places in England where people have been jailed for electoral fraud, was part of the government's original voter ID pilot scheme which trialled different types of identification, including formal correspondence such as a utility bill.

(I should explain here for foreign readers that in the UK we see the British Gas quarterly bill as a uniquely trusted document.)

When that pilot scheme was announced, Chris Skidmore (the responsible minister) was quoted by the BBC as saying that "in many transactions you need a proof of ID" which is not, strictly speaking, true. In almost all transactions that we take part in on a daily basis we are not proving our identity, we are proving that we are authorised to do something whether it is to charge money to a line of credit in a shop, ride a bus or open the door to an office.

In almost all cases, therefore, we are presenting ID as a pointer to some other attribute because we don't have a proper infrastructure in place for allowing us to keep our identities safely under lock and key while we go about our business. This point about moving to transactions based on authorisation instead of identification is really important. It is the fundamental mechanism that we have to enable population-scale security and privacy together.

At the same time as the voting ID pilot, Scott Corfe produced an excellent Social Market Foundation report (called A Verifiable Success - The future of identity in the UK) in which he highlighted what he called the "democratic opportunity" for electronic identity verification to facilitate internet voting thereby increasing civic engagement. I agree, but if we are to implement the kind of electronic identity verification envisaged by the Social Market Foundation, then what you should really be presenting at the polling station is an anonymised entitlement to vote that you can authenticate your right to use. For voting, as for many other applications, the shift from identification to authorisation means a practical solution to pressing problems.

Give a gift subscription

Entitlement and elections

The real solution, then, is not about using gas bills or indeed special-purpose election ID cards only for the purposes of voting, or the national identity card that Mr. Johnson proposed eating, but introducing a general-purpose National Entitlement Scheme (NES). This sort of thing has been put forward for decades by informed industry observers (e.g., me) but I think it now has added momentum because of the combination of technological evolution in the field of identification, authentication and (in particular) authorisation as well as the pandemic pressure to manage vaccination certificates and test results.

Switching to credentials is often explained through the canonical example of proving to a bar that you are over 21 without providing a date of birth or age. As The Economist explained recently, individuals can be identified to (for example) a smartphone app much in the same way as for online banking, authenticated against their smartphone using biometrics and then when seeking entrance to a "COVID-secure" venue the app can respond to the venue's requests for credentials (such as a valid test certificate) with a simple "yes" or "no" and nothing else. The individual's name, age, address, the date of their vaccination and the like would not be transmitted from the app. It seems a pretty small step to present the credential ENTITLED_TO_VOTE using a similar mechanism at the polling station if the government actually wanted to do anything about personation.

Personally, I agree with my good friend Steve Wilson: “Verifiable credentials technology is the solution”. The enabler here is the cryptographic technology that gives us the ability to create and present credentials that demonstrate proofs about data rather than the data itself. If Mr. Johnson had proposed to implement a system based on using smart phones and even smarter cryptography, I can imagine that that would have a number of spin-offs and turn into a significant engine for new products and services. But he did not. We’ve ended up with what the Electoral Reform Society called “an expensive distraction” that will waste tens of millions of pounds at every election and inconvenience large swatches of the public for no increase in net welfare.