40 comments

[ 2.5 ms ] story [ 72.0 ms ] thread
While the data contained in the electoral registers is limited, and much of it is already in the public domain

What is not generally in the public domain is the National Insurance number, mandatory on electoral registration since 2015, very useful for impersonation purposes. I wonder if they got those?

I tried to take myself off it using the webpage, I couldnt remove myself only change my name.

Dont see the point of being on it, I wont be voting ever again!

It is a criminal offence to not register.
> It is a criminal offence to not register.

Afaik that is not correct. It is a criminal offence to refuse to complete the registration form or to give false information. But if you're not asked ro register then no offence is committed.

I stand corrected, they are generally rather persistent in asking though ...
Which is rather amusing, as my partner, a Chinese national, is regularly hounded to register, despite not being eligible to do so (and in fact, would be committing an offense if she tried).
Apparently you must register to vote. You can opt out of the extended register. [1]

Not being on the electoral register is a huge pain too. It affects your credit quite significantly.

[1] https://www.manchester.gov.uk/info/500328/voting/6470/regist...

I'm registered to vote, but because I don't live at my last UK address since leaving the country over 10 years ago, I can confirm: it's a factor in a bad credit rating.
> It affects your credit quite significantly.

I dont care, I closed my bank accounts because I dont like the way the banks share data with credit agencies. One of the reasons why I stopped using crypto.

Privacy is massively undervalued. :)

I'm glad you're in a position to not need a bank account. Unfortunately the vast majority of us rely on having a bank account and a credit record to exist in society.

You can argue that it sucks, and I'd partly agree, but that is how society works right now.

Privacy is undervalued, I agree. But I also like having a roof over my head and a way for my employer to give me money each month.

I would live on the streets but everything is owned by someone or something so you become incarcerated by different entities against your will. Violence always wins. And we can only suicide for free, euthanasia costs money.

Life is intelligent slavery now, more psychological than physical, and way more stealth than most people realise.

Anyway don't worry about me you have yours and your loved ones backs to watch and your grown up toys to worry about. Nothing has changed in thousands of years.

This is me, do you believe the police? Cambridge police saw me not far from the train station, USAF staff also asked if I wanted a lift somewhere in the best trolling manner possible. https://www.facebook.com/norfolkpolice/photos/a.296009593089...

The UK down plays its surveillance as its best to not wake the population up plus its a stealth form on entrapment, illegal in the UK and it also provides a facility for deniable ops like murders.

It doesnt look like it is a criminal offence but when I tried to remove myself the option wasnt there, so I changed the name. I could remove other people on the system.

https://www.legislation.gov.uk/ukpga/2013/6/section/5/enacte...

Maintenance of registers: invitations to register in Great Britain

(1)A registration officer in Great Britain must give a person an invitation to apply for registration in a register maintained by the officer if—

(a)the officer is aware of the person’s name and address,

(b)the person is not registered in the register, and

(c)the officer has reason to believe that the person may be entitled to be registered in the register.

It isn't a criminal offence. It's a civil penalty that can be levied if they require you to register and you don't.

The legislative text (it's an amending regulation—think a diff—but the underlying statute hasn't been updated on Legislation.gov.uk yet) is here: https://www.legislation.gov.uk/en/uksi/2013/3198/regulation/...

The Electoral Commission's guidance - https://www.electoralcommission.org.uk/running-electoral-reg...

I can't find any reports of people actually receiving the penalty. It'd certainly be useful if the Electoral Commission collected these statistics, but they don't. It seems fairly rare, and it's likely to be one of those things that's there to encourage people to register to vote rather than something to be actively enforced.

I'd also note that given there is a requirement for an in-person home visit to encourage registration before service a formal notice, it's pretty likely that COVID restrictions and guidance meant quite a lot of the home visits didn't happen over the last few years.

Leave the country for however long it takes to lose the vote, then upon returning simply forget to register?

Ireland is close, and would probably suffice.

I've a vague memory of it being 7 years, but on checking it seems to be 15.

This is another good case for security-by-minimisation. I struggle to see why NI numbers were required on the electoral register — particularly when democracy in the UK had been functioning for over a century without them.

The best way to ensure valuable data doesn’t leak into the public realm is to minimise the amount of unnecessary data collection.

I struggle to see why NI numbers were required on the electoral register

I don't, they were introduced shortly after the plans for an ID card died out. It's simply a proxy ID register.

Best way here would have been to only collect the information at the constituency level. Why is there even a need for a national database? If you're concerned about fraud then periodically cross-check hashed NI numbers or something like that.
One reason they're recorded is to try and detect voter fraud.
While officially they serve a similar purpose, NI numbers aren't used like SSNs are for identification, so the impersonation impact is more limited than an equivalent leak of US SSNs would be.
NI is more about the right to work.

That said I'm sure it'll be a factor in credit card applications.

(comment deleted)
This is the same government demanding a back door into encryption of messaging devices.

If the UK govt operated in the private sector, they would have been fired several times over

Nah, they would just pay a fine and keep on doing business. At least in the US.
It's the same in EU. Google and Facebook got fined a couple of times and they just don't care.
The phrase you’re looking for is “slap on the wrist”.

A fine is a fee you pay for wrongdoing that makes you think twice next time.

> These registers include the name and address of anyone in the UK who was registered to vote between 2014 and 2022

So the headline may as well read “ALL UK voter’s data since 2014 leaked”

I’m angry about this. Our technology strategy in this country is completely backwards.

Thus providing an example of why we should stick with our pencil and paper, manually counted voting system, and not computerise it.

Most of the info lost is already publicly available (if one is willing to visit libraries in each electoral ward), so could be collated. Despite that, the manual process of the polls means that it is very difficult to corrupt, and even more so to corrupt without being detected.

In a completely electronic system, it would be so much easier to cheat, and get away with it. It would also be difficult to convince folks that the systems are robust.

In that sense Estonia is 'brave'.

I believe the word is “courageous”, minister.

That’s the beauty of turning up and putting an x on a piece of paper. You can of course slip in the occasional fraudulent vote (pretend to be someone who isn’t going to vote). You can register a false person in the address. It’s quite easy to swing dozens of votes across the country, with an increasing risk of being caught

But the effort it takes would be better spent getting the vote out for your candidate. You can pretend to be your neighbour once or twice, but if you turn up at the voting station several times you’re going to be noticed.

Better to offer a lift to your identified voters to make sure they legitimately vote for you even though it’s raining.

> It’s quite easy to swing dozens of votes across the country,

the best liars believe what they say

I think he literally means dozens of individual votes, not dozens of elections.

7AM-10PM, I could do... what... 30 votes, if I planned meticulously? With the risk of a collision going up with each attempt, and the chances of swinging an election very close to nil. Like OP said, it's more effective to campaign.

Wonderful to see a Yes, Minister reference on HN
Yes for this reason we went back to pencil and paper in the Netherlands. Years ago.
To me the report seems very vague as to whether the details were exposed by accident or as the result of an attack. Like, the organisation is trying to make it _sound_ like it was the result of an attack, but they seem to know very little about it so that makes me suspicious.
> It said the attack had “used a sophisticated infiltration method, intended to evade our checks”, which was why it had taken so long to detect.

They seem pretty clear that it was an attack rather than accident, but I agree the details seem intentionally vague. Maybe it wasn't quite that sophisticated after all...

You can almost guarantee that. Even if they don’t want to share it, a Freedom of Information request will force them to.
From the article:

> McNally [Chief Executive] said: “We regret that sufficient protections were not in place to prevent this cyber-attack. Since identifying it, we have taken significant steps with the support of specialists to improve the security, resilience and reliability of our IT systems.

Finding out nearly 2 years after a breach is really poor considering the potential for phishing given someone full name and address.

The Electoral Commission should really be pressed to give a proper post mortem and not get away with "sufficient protections" and "significant steps".