Is YOUR personal data at risk when you go and vote tomorrow? — Warning issued

With the General Election just days away, an encryption expert has issued a warning about the UK Government's ability to safeguard data following the data breach at the Electoral Commission back in 2021

GETTY IMAGES | GBN
Aaron Brown

By Aaron Brown


Published: 03/07/2024

- 12:04

The decision to require all voters to provide photo ID means the British public must trust that the Government can be trusted to safeguard our personal data, executive cautions

Tomorrow's General Election poses a significant dilemma for voters — presenting them with a "difficult choice" between safeguarding privacy and preserving democracy, argues Simon Bain, CEO and founder of OmniIndex.

Mr Bain — a data security expert and the brain behind the Californian firm's patented encryption technology — believes the introduction of mandatory photo ID for all voters, first implemented during the local elections last year (followed by the May elections earlier this year, when ex-Prime Minister Boris Johnson was turned away) should concern Britons who are worried about the privacy of their data.


"As this year’s general election quickly approaches, many voters across the UK will — for the first time — be required to hand over a form of ID to vote for their preferred member of parliament. Registrations for the electoral roll increase in the run-up to elections as members of the public opt to vote for the first time — meaning the Government holds more of our data than ever before," Mr Bain explained to GB News.

a polling station sign with union flags outside

Starting from 7am tomorrow, thousands across the UK will cast their vote — provided they bring a valid photo ID or registered for a Voter Authority Certificate from the UK Government

GETTY IMAGES

If you don't have photo ID to cast your vote, you're able to apply for a Voter Authority Certificate from the UK Government. But this requires you to hand over a recent digital photo and your National Insurance Number.

Mr Bain added: "While much has been said of the legislation’s impact on the public’s ability to exercise its democratic right, there are larger issues at play concerning the protection of what is highly sensitive and private data. The government holds an immense volume of data on the general public, and frankly, it is doing very little to protect it from being stolen.

"This leaves the public with a difficult choice — to maintain their privacy or sacrifice it in exchange for their vote."

The Chief Executive draws on several recent cases when the UK Government mishandled personal data to highlight his concerns. In August 2023, the Electoral Commission publicly confessed that scammers had accessed its systems two years earlier.

Even worse than the delay in informing all of us, the Electoral Commission didn't spot the data breach itself until October 2022 — some 14 months after attackers first gained access to the sensitive information. During that critical period, the public’s private data could've been stolen, shared, used, and discarded, all without the UK Government being aware that it had lost it — let alone the rest of us, Mr Bain rebukes.

He chastises central Government, which "states that the attack's impact on individuals is low, but it admits that names and addresses were accessed, which could be combined with other data in the public domain to infer patterns of behaviour or to identify and profile individuals, all without anyone knowing.

"Lastly, it urges those in Great Britain on the electoral roll between 2014 and 2022 — roughly 46 million people — to remain vigilant for unauthorised use or release of their personal data. Remaining vigilant only goes so far, though, as once data falls into the wrong hands, it can be used to destroy lives and cause untold amounts of stress on the public, all because it wasn’t protected properly in the first place.

"Clearly, despite the legal requirement to hand over our data in exchange for the ability to exercise our democratic right, the Government cannot guarantee the safety of it."

In response to the breach, the Commission strengthened security measures, including login requirements, and improved its ability to monitor for active threats. Firewall policies were also amended, but Mr Bain believes many of these changes should've "already been in place".

UK Government "continues to place its faith in outdated and inefficient technologies that hold little hope of keeping us safe," the encryption expert warns. "Given the length of time it took to identify the breach in the first place, trusting the Government to protect your data seems, at best, unwise and, at worst, totally irresponsible.

"Instead, any modern country's government should openly embrace the latest technological advancements to ensure that data is protected adequately. The latest advancements in encryption, AI and web3 storage technologies mean that data can be stored in an encrypted state at all times so that criminals can’t access or steal it. Homomorphic encryption can allow the necessary parties to perform analytics on data sets and access the necessary insights while ensuring that it isn’t at risk of theft."

President Biden issued an executive order in May 2021 that required all US governmental bodies to review their security measures and implement zero-trust architecture, multi-factor authentication, and data encryption at rest and in transit.

Despite the estimated £40 million cost each decade for the new photo ID checks implemented by the Conservatives in a bid to combat electoral fraud ...little has been done to upgrade digital security.

LATEST DEVELOPMENTS

Mr Bain, who has spoken on the topic of encryption and AI at Oracle conferences, advises: "the Government could instead channel funds and time into adequate protections. Instead, we are left between a rock and a hard place, facing a decision over whether to protect our data from theft by keeping it private or exercising our right to vote."

Polling Booths are open 7am to 10pm on Thursday July 4, 2024.

You may like