Title: Head in a Virtual Cloud...

The recent elections, and in particularly the low turn out, seem to have brought the 'digital is the solution' crowd out of the woodwork. Internet voting is, as it was after the Florida fiasco in the States, being touted as the silver bullet that will get people voting in their masses.

Various people have pointed out some of the fallacies involved in the arguments for Internet voting. Most of these revolve around questions of security and whether digital identification is good enough. If you cannot secure the voting infrastructure and uniquely identify the voter, how can you verify the results.

I do not think many people would argue with the view that the Internet is insecure, and there have been attempts to suggest that people should be able to vote at automatic cash machines. Buying votes acquires a new twist! The idea was quietly dropped when it became clear that it was unworkable, but that did not stop the enthusiasts from continuing to plug their silver bullets, all of which assume that the voters are going to behave like some kind of rational computer making no mistakes.

The real problem with these arguments, though, is that they miss the whole point. The security/identification issues are not even in the loop - what matters in the first instance is the access to the Internet.

Let us look at some real figures. The population of the UK is about 60 million. Lets be conservative and assume that a third - 20 million - are under voting age, not registered, or otherwise ineligible to vote. That leaves us 40 million voters to process. At the moment about half the population are on-line, but the pundits predict that virtually everyone will be on-line by the next election. I have my doubts, but lets knock 5 million off for technophobes and such like - so we are down to a potential 35 million votes to process.

The polling stations are open from 7am to 10pm on polling day. Obviously this may change and the hours be extended, but we will work the assumption that they will not be, given the political vested interests involved. So there are 15 hours available to vote in - that's 15 x 60 minutes = 900 minutes.

So, 35,000,000/900 is just under 39,000 voters a minute!

But that's only a start. I have to confess that I am a long time member of the Labour Party (old Labour, not new) and I usually work in one of the local committee rooms on election day. Now it just happens that those of us that work on elections regularly have a rule of thumb about voter turnout patterns. It reflects experience accumulated over many elections. It is that about half the voters who are going to vote have voted by 6pm - the other half vote between 6pm and close of poll.

So what does this do to the figures? Well it means that we have to process about half the votes - say 17 million - in just four hours (240 minutes) that's over 70,000 voters a minute. This is not looking good! We can get computers capable of handling that volume of transactions, but will cash strapped local authorities be able to afford them?

But we are not at the end yet, although I freely confess we are moving out of the realm of hard figures now.

What happens when you have something to do that you can do over time, with a fixed deadline? Let's say that the online voting - which should just take a couple of minutes - in spread over a couple of weeks, with a deadline of 10pm on the 'election day'. Let us be realistic - most people will leave it till the last moment. I would hazard a guess that several million people will leave it until the last five to ten minutes - especially if it turns out to be a close election and people think their vote is likely to matter.

Well, yes we can get (at a price) machines capable of handling hundreds of thousands, if not millions, of transactions a minute. I will leave aside who is going to pay for these machines and the cost of getting genuine mission critical software, which cannot be given a test run. Processing of the votes is not the real issue.

The real issue is Internet access. Remember earlier on I said that about half the population are on-line? This is the case, but the unasked question concerns the quality of their access. The truth is that most of them use free providers, and have frequent access problems. Virtually every one I know who uses a free provider has access problems - so much so that they are taken for granted.

Even more fascinating, is the fact that none of them were interested in my suggestion that they use a non-free provider, even one charging as little as Demon's £10.00 a month. The Internet is an optional extra to them, if it was not free, they probably would not bother.

Now, given that most free ISPs cannot handle their regular traffic, what do you think is going to happen when (say) a million people all try to log on to vote at the last minute? Frankly I doubt that the ISPs have even enough modems to cope, let alone enough bandwidth. The resulting fiasco would make the Florida chad affair look like a masterpiece of good planning.

While we are on the subject of elections, I thought I would share a little snippet with you. I was chatting to a campaign worker from a nearby constituency. He's the guy who looks after their PC, and does the elections stuff on it. "It's very slow", he admitted. "We used to have a DOS program that did all the election stuff, but Milbank [Labour Party HQ] decided it needed upgrading and sent out new Oracle software, which takes four times as long to print out the material."

Given that most of the computer stuff for an election involves printing material for use by canvassers and people who do the knocking up on election day, it was not difficult to see why the volunteer was looking so long in the face. I do not know why it is, but it seems that whenever the Labour Party (or any other party for that matter) touch IT they always mistake image for content. Obviously photo opportunities for the leader to be seen with Larry Ellison of Bill Gates are more sexy than those with Richard Stallman...

But that's enough about elections. I have a couple of bouquets to award!

First, ten house points and a gold star to Informant Communications Ltd, who organised the ACCU Spring Conference. Apart from brilliant conference organisation, they are the first people I know who actually managed to issue a post-conference CD with all the papers on. Mine arrived a couple of days ago, and I am going to go through the material on it over the next couple of weeks.

The second is a red star for National Geographic. I had a query about an invoice for a book I got off them, which I sent to their e-mail address. Wonder of wonders, I got a reply within a working day. Now that is how e-mail should work. All too many 'bricks & mortar' companies decide they need a web site and set one up complete with an e-mail address, which they then do not staff.

...And there is one brickbat to a company that should know better

Dell Computers in the US are the recipients of a large brickbat for a crass e-commerce system. We are in the process of gradually upgrading our Linux stuff to 'real' servers. We looked around and rather liked the look of Dell's Poweredge 1550 rack mount servers. We decided to buy one and install SuSE Linux on it (Dell only provide Red Hat or Windows).

Off we went to the web site and used their configuration pages to build up the server we want. Clicking on the 'buy' button produced an option to pay by credit card, which we did. There was a long pause, and then a page came up saying thank you for choosing Dell, and a representative will be in touch with you sometime over the next seven days to discuss your order.

Really, I ask you what stupidity, having an on-line sales system that does not work until a sales rep has rung to talk to you about the order. Needless to say, we did not wait for them to contact us, we rang them at the start of business the following day and made our displeasure very clear. Get your act together Dell, there is a recession on and you are going to need every sale you can make.

And the server itself? Very nice. SuSE Linux went on to it very smoothly and everything worked just fine first time. The installation took about an hour, and that included a load of networking and development packages. Eat you heart out Microsoft. I would not have tried doing that with Windows without allowing several days to get it up and running. I would recommend the Dell server any day - provided you do not buy it via e-commerce.

I need to wrap up, but there is one other thing I would like to draw people's attention to, and that is a couple of URLs about secure programming. Go to http://portal.suse.de/en and search on the phrase 'security and specific' (there are several parts to the paper, this will pick them all up. I read the first part when it came out and thought it was quite good (it's about buffer overruns), but I have not had a chance to read the other parts yet. More when I have read them. The other piece is mainly for Unix programmers and it is at www.whitefang.com/sup/. This is very solid stuff and well worth a read.

Application programmers often do not think of security issues when they write programs, but security is just as much about how you write your programs to be secure in a networked environment as it is about firewalls, encryption and the like.

Well that's about all for this issue - have fun with your programming.