Security

EU parliament moves to email voting during COVID-19 pandemic

Comment

Image Credits: Picture Alliance (opens in a new window) / Getty Images

The European Parliament will temporarily allow electronic voting by email as MEPs are forced to work remotely during the coronavirus crisis.

A spokeswoman for the parliament confirmed today that an “alternative electronic voting procedure” has been agree for the plenary session that will take place on March 26.

“This voting procedure is temporary and valid until 31 July,” she added.

Earlier this month the parliament moved the majority of its staff to teleworking. MEPs have since switch to full remote work as confirmed cases of COVID-19 have continued to step up across Europe. Though how to handle voting remotely has generated some debate in and of itself.

“Based on public health grounds, the President decided to have a temporary derogation to enable the vote to take place by an alternative electronic voting procedure, with adequate safeguards to ensure that Members’ votes are individual, personal and free, in line with the provisions of the Electoral act and the Members’ Statute,” the EU parliament spokeswoman said today, when we asked for the latest on its process for voting during the COVID-19 pandemic.

“The current precautionary measures adopted by the European Parliament to contain the spread of COVID-19 don’t affect legislative priorities. Core activities are reduced, but maintained precisely to ensure legislative, budgetary, scrutiny functions,” she added.

The spokeswoman confirmed votes will take place via email — explaining the process as follows: “Members would receive electronically, via email to their official email address, a ballot form, which would be returned, completed, from their email address to the relevant Parliament’s functional mailbox.”

“The results of all votes conducted under this temporary derogation would be recorded in the minutes of the sitting concerned,” she further noted.

Last week, ahead of the parliament confirming the alternative voting process, German Pirate Party MEP, Patrick Breyer, raised concerns about the security of e-voting — arguing that what was then just a proposal for MEPs to fill and sign a voting list, scan it and send it via email to the administration risked votes being vulnerable to manipulation and hacking.

“Such a manipulation-prone procedure risks undermining public trust in the integrity of Parliament votes that can have serious consequences,” he wrote. “The procedure comes with a risk of manipulation by hackers. Usually MEPs can send emails using several devices, and their staff can access their mailbox, too. Also it is easy to come by a MEP’s signature and scan it… This procedure also comes with the risk that personally elected and highly paid MEPs could knowingly allow others to vote on their behalf.”

“eVoting via the public Internet is inherently unsafe and prone to hacking, thus risks to erode public trust in European democracy,” he added. “I am sure powerful groups such as the Russian intelligence agency have a great interest in manipulating tight votes. eVoting makes manipulation at a large scale possible.”

Breyer suggested a number of alternatives — such as parallel postal voting, to have a paper back-up of MEPs’ e-votes; presence voting in EP offices in Member States (though clearly that would require parliamentarians to risk exposing themselves and others to the virus by traveling to offices in person); and a system such as “Video Ident”, which he noted is already used in Germany, where the MEP face identify in front of a webcam in a live video stream and then show their voting sheets to the camera.

He also suggested MEPs might not notice manipulations even if voting results were published — as looks to be the case with the parliament’s agreed procedure.

It’s not clear whether the parliament is applying a further back-up step — such as requiring a paper ballot to be mailed in parallel to an email vote. The parliament spokeswoman declined to comment in any detail when we asked. “All measures have been put in place to ensure the vote runs smoothly,” she said, adding: “We never comment on security measures.”

Reached for his response, Breyer told us: “My concerns definitely stand.”

However security expert J. Alex Halderman, a professor of Computer Science and Engineering at the University of Michigan — who testified before the US Senate hearing into Russian interference in the 2016 U.S. Election — said e-voting where the results are public is relatively low risk provided MEPs check their votes have been recorded properly.

“Voting isn’t such a hard problem when it’s not a secret ballot, and I take it that how each MEP votes is normally public. As long as that’s the case, I don’t think this is a major security issue,” he told TechCrunch. “MEPs should be encouraged to check that their votes are correctly recorded in the minutes and to raise alarms if there’s any discrepancy, but that’s probably enough of a safeguard during these challenging times.”  

“All of this is in stark contrast to election for public office, which are conducted with a secret ballot and in which there’s normally no possibility for voters to verify that their votes are correctly recorded,” he added. 

NationBuilder probe closed

In further news related to the EU parliament the European Data Protection Supervisor (EDPS) announced today that it’s closed an investigation into the former’s user of the US-based political campaign group, NationBuilder last year.

Back in November the EU’s lead data regulator revealed it had issued its first ever sanction of an EU institution by taking enforcement action over the parliament’s contract with NationBuilder for a public engagement campaign to promote voting in the spring election.

During the campaign the website collected personal data from more than 329,000 people, which was processed on behalf of the Parliament by NationBuilder. The EDPS found the parliament had contravened regulations governing how EU institutions can use personal data related to the selection and approval of sub-processors used by NationBuilder.

The contract has been described as coming to “a natural end” in July 2019, and the EDPS said today that all data collected has been transferred to the European Parliament’s servers’.

No further sanctions have been implemented, though the regulator said it will continue to monitor the parliament’s activities closely.

“Data protection plays a fundamental role in ensuring electoral integrity and must therefore be treated as a priority in the planning of any election campaign,” said EDPS, Wojciech Wiewiórowski, in a statement today. “With this in mind, the EDPS will continue to monitor the Parliament’s activities closely, in particular those relating to the 2024 EU parliamentary elections. Nevertheless, I am confident that the improved cooperation and understanding that now exists between the EDPS and the Parliament will help the Parliament to learn from its mistakes and make more informed decisions on data protection in the future, ensuring that the interests of all those living in the EU are adequately protected when their personal data is processed.”

At the time of writing the parliament had not responded to a request for comment. Update: A spokeswoman said:

The European Parliament has taken into account the advice of the EDPS and has put in place the appropriate processes and workflows to ensure that the IT platforms and data processing operations related to the 2024 EU parliamentary elections are fully compliant with the regulation EU 2018/1725.

Also, a project has been launched to allow that, in any call for tender to outsource services which involve the processing of personal data on behalf of the EP, the company will be assessed also trough data protection criteria.

The Data Protection Service of the European Parliament is closely involved in the establishment of these criteria.

More TechCrunch

Meta’s Oversight Board has now extended its scope to include the company’s newest platform, Instagram Threads. Designed as an independent appeals board that hears cases and then makes precedent-setting content…

Meta’s Oversight Board takes its first Threads case

The company says it’s refocusing and prioritizing fewer initiatives that will have the biggest impact on customers and add value to the business.

SeekOut, a recruiting startup last valued at $1.2 billion, lays off 30% of its workforce

The U.K.’s self-proclaimed “world-leading” regulations for self-driving cars are now official, after the Automated Vehicles (AV) Act received royal assent — the final rubber stamp any legislation must go through…

UK’s autonomous vehicle legislation becomes law, paving the way for first driverless cars by 2026

ChatGPT, OpenAI’s text-generating AI chatbot, has taken the world by storm. What started as a tool to hyper-charge productivity through writing essays and code with short text prompts has evolved…

ChatGPT: Everything you need to know about the AI-powered chatbot

SoLo Funds CEO Travis Holoway: “Regulators seem driven by press releases when they should be motivated by true consumer protection and empowering equitable solutions.”

Fintech lender SoLo Funds is being sued again by the government over its lending practices

Hard tech startups generate a lot of buzz, but there’s a growing cohort of companies building digital tools squarely focused on making hard tech development faster, more efficient and —…

Rollup wants to be the hardware engineer’s workhorse

TechCrunch Disrupt 2024 is not just about groundbreaking innovations, insightful panels, and visionary speakers — it’s also about listening to YOU, the audience, and what you feel is top of…

Disrupt Audience Choice vote closes Friday

Google says the new SDK would help Google expand on its core mission of connecting the right audience to the right content at the right time.

Google is launching a new Android feature to drive users back into their installed apps

Jolla has taken the official wraps off the first version of its personal server-based AI assistant in the making. The reborn startup is building a privacy-focused AI device — aka…

Jolla debuts privacy-focused AI hardware

OpenAI is removing one of the voices used by ChatGPT after users found that it sounded similar to Scarlett Johansson, the company announced on Monday. The voice, called Sky, is…

OpenAI to remove ChatGPT’s Scarlett Johansson-like voice

The ChatGPT mobile app’s net revenue first jumped 22% on the day of the GPT-4o launch and continued to grow in the following days.

ChatGPT’s mobile app revenue saw its biggest spike yet following GPT-4o launch

Dating app maker Bumble has acquired Geneva, an online platform built around forming real-world groups and clubs. The company said that the deal is designed to help it expand its…

Bumble buys community building app Geneva to expand further into friendships

CyberArk — one of the army of larger security companies founded out of Israel — is acquiring Venafi, a specialist in machine identity, for $1.54 billion. 

CyberArk snaps up Venafi for $1.54B to ramp up in machine-to-machine security

Founder-market fit is one of the most crucial factors in a startup’s success, and operators (someone involved in the day-to-day operations of a startup) turned founders have an almost unfair advantage…

OpenseedVC, which backs operators in Africa and Europe starting their companies, reaches first close of $10M fund

A Singapore High Court has effectively approved Pine Labs’ request to shift its operations to India.

Pine Labs gets Singapore court approval to shift base to India

The AI Safety Institute, a U.K. body that aims to assess and address risks in AI platforms, has said it will open a second location in San Francisco. 

UK opens office in San Francisco to tackle AI risk

Companies are always looking for an edge, and searching for ways to encourage their employees to innovate. One way to do that is by running an internal hackathon around a…

Why companies are turning to internal hackathons

Featured Article

I’m rooting for Melinda French Gates to fix tech’s broken ‘brilliant jerk’ culture

Women in tech still face a shocking level of mistreatment at work. Melinda French Gates is one of the few working to change that.

1 day ago
I’m rooting for Melinda French Gates to fix tech’s  broken ‘brilliant jerk’ culture

Blue Origin has successfully completed its NS-25 mission, resuming crewed flights for the first time in nearly two years. The mission brought six tourist crew members to the edge of…

Blue Origin successfully launches its first crewed mission since 2022

Creative Artists Agency (CAA), one of the top entertainment and sports talent agencies, is hoping to be at the forefront of AI protection services for celebrities in Hollywood. With many…

Hollywood agency CAA aims to help stars manage their own AI likenesses

Expedia says Rathi Murthy and Sreenivas Rachamadugu, respectively its CTO and senior vice president of core services product & engineering, are no longer employed at the travel booking company. In…

Expedia says two execs dismissed after ‘violation of company policy’

Welcome back to TechCrunch’s Week in Review. This week had two major events from OpenAI and Google. OpenAI’s spring update event saw the reveal of its new model, GPT-4o, which…

OpenAI and Google lay out their competing AI visions

When Jeffrey Wang posted to X asking if anyone wanted to go in on an order of fancy-but-affordable office nap pods, he didn’t expect the post to go viral.

With AI startups booming, nap pods and Silicon Valley hustle culture are back

OpenAI’s Superalignment team, responsible for developing ways to govern and steer “superintelligent” AI systems, was promised 20% of the company’s compute resources, according to a person from that team. But…

OpenAI created a team to control ‘superintelligent’ AI — then let it wither, source says

A new crop of early-stage startups — along with some recent VC investments — illustrates a niche emerging in the autonomous vehicle technology sector. Unlike the companies bringing robotaxis to…

VCs and the military are fueling self-driving startups that don’t need roads

When the founders of Sagetap, Sahil Khanna and Kevin Hughes, started working at early-stage enterprise software startups, they were surprised to find that the companies they worked at were trying…

Deal Dive: Sagetap looks to bring enterprise software sales into the 21st century

Keeping up with an industry as fast-moving as AI is a tall order. So until an AI can do it for you, here’s a handy roundup of recent stories in the world…

This Week in AI: OpenAI moves away from safety

After Apple loosened its App Store guidelines to permit game emulators, the retro game emulator Delta — an app 10 years in the making — hit the top of the…

Adobe comes after indie game emulator Delta for copying its logo

Meta is once again taking on its competitors by developing a feature that borrows concepts from others — in this case, BeReal and Snapchat. The company is developing a feature…

Meta’s latest experiment borrows from BeReal’s and Snapchat’s core ideas

Welcome to Startups Weekly! We’ve been drowning in AI news this week, with Google’s I/O setting the pace. And Elon Musk rages against the machine.

Startups Weekly: It’s the dawning of the age of AI — plus,  Musk is raging against the machine