BLOCKCHAIN

Brexit: Technical Risks Petition Do not prorogue Parliament Could Blockchain be the Solution

The Petition Do not prorogue Parliament in the UK has taken the media headlines by storm, From a political stance it may have merits but from Technical and Technology perspective it’s become a ticking time bomb for trust, Democracy and your Digital Persona.

Discoloser the following is not political but about technology and the vulnrabilites we do see or understand on how a petition game be gamified but not only a petition this is just one case that potentially covers many Verticals and Horizantals

This is not the first time to be mentioned or looked at, only 6 months ago the article Is the revoke Article 50 petition being hijacked by bots? Unlikely, say experts

As per the article the response from the Government Digital Service (GDS), a unit of the Cabinet Office tasked with running online services.

‘Any UK citizen wherever they are in the world can sign petitions, as well as any UK resident, so we can’t mandate the use of official IDs like National Insurance numbers for authorisation purposes. Therefore our primary tool for validation is a confirmation link sent via email. ‘Since 90% of our emails are sent to large providers like Google, Apple and Microsoft that have their own anti-abuse measures, we are generally confident that these are valid accounts.

From Cyber-security experts also believe it would be difficult for a bot to influence the petition count. But not impossible. ‘This petition has generated a lot of signatures in a very short space of time. However, Brexit is a very contentious issue, so it’s not a huge surprise given the political situation at the moment that it has attracted a lot of signatures,’ David Emm, Principal Security Researcher at Kaspersky Lab, told Metro. ‘Technically speaking, it would be very difficult to automate signing of this petition in mass numbers.’ ‘The fact that you’re required to provide your e-mail address, and then from this address verify you want to sign the petition, would mean that anyone wanting to spoof signatures would make it hard to do so en masse, using a bot.’

When we look at the process to register your signature is very straightforward and easy Name, Email and postcode with a tick box asking you to confirm that your eligible to sign as a citizen or resident of the UK. 

Highlighting the process of the petition with remarks & Conclusion step by step

Once the form is Completed you then have a new screen saying you get an email to validate your signature.

So far it’s a very easy and simple process once you get your email and confirm your email address you have now been authenticated.

You have now submitted and confirmed your Email address and your signature has been added to the petition 60 seconds and you have completed the task.

Now let’s look at what is Trending on social media

Remark: As per the GDS comments back in March 2019 to the Metro they actually provide very relaxed security and look at Remainer vote charts to correspond to Postcodes. “Could GDPR have a role in why they are seeking to not obtain more information” or “That the petition really has no relevance at all and requires no security or Trust Factor”

‘This means that we can’t use anti-abuse technologies like captchas as they have significant accessibility, privacy and performance issues,’

‘Since 90% of our emails are sent to large providers like Google, Apple and Microsoft that have their own anti-abuse measures, we are generally confident that these are valid accounts.

Remark: So now we actually can find a small problem these email providers are the most common used for creating social media accounts “Fake Accounts”

  • Facebook Removes a Record 2.2 Billion Fake Accounts.2019

Conclusion: So in order to create a facebook account you need an email so we can say there is a potential 2.2 billion accounts in circulation mostly used with bots and troll farms

Remark: postcodes are very easy to find online and there white pages online or to even go a bit more far fetched its very easy to purchase call centre data with Name Address

  • Data hacking and even Call centre cold calling data provide a bot all it needs

Conclusion: To keep this very simple and basic Let stay with Call centre data that can be purchased in mass scales and very cheap its a common practice call centres resale data to other centres so using the chart for remain or leave identifying the Post code can be filtered in Call centre database and submit for a signature you now have the post code and name that are real just the email is not real.

The response when approaching a tech community on Facebook end of August:

“Given that they match email and surname and postcode to voter roll, and have substantial (and non-publicised) anti-fraud techniques in place (that cover things like mass signing from single IP, known VPN and Tor addresses, repeat signing in short timeframe, previously abusive email and so on) and given that historic rates of fraud have been assessed at 0.3% to 3.0% and given that the only effect is to trigger a debate and given there is no “ranking” of polls only a threshold of 100,000 then I think this is a non-issue.

Remark: There is a potential issue if the Email, Surname and Postcode is collected by the division of petition at parliament then cross referenced with a voters roll this could fall under GDPR.

Conclusion: When submitting the signature there is no allocation for the signer to approve under GDPR Compliance.

Remark: In the case of mass signing from single IP or repeat signing in short timeframe this was not experienced when testing multi signatures.

Conclusion: IP, Device ID, and mac address seem to fall under GDPR Compliance therefore if the portal is storing such elements it could be in breach of GDPR Compliance

The response when approaching a tech community on Facebook end of August:

“Given that they match email and surname and postcode to voter roll, and have substantial (and non-publicised) anti-fraud techniques in place (that cover things like mass signing from single IP, known VPN and Tor addresses, repeat signing in short timeframe, previously abusive email and so on) and given that historic rates of fraud have been assessed at 0.3% to 3.0% and given that the only effect is to trigger a debate and given there is no “ranking” of polls only a threshold of 100,000 then I think this is a non-issue.

Remark: There is a potential issue if the Email, Surname and Postcode is collected by the division of petition at parliament then cross referenced with a voters roll this could fall under GDPR.

Conclusion: When submitting the signature there is no allocation for the signer to approve under GDPR Compliance.

Remark: Given that historic rates of fraud have been assessed at 0.3% to 3.0% “This is an estimation provided by the tech community” or is it fact?

Conclusion: Based on using just Facebook fake accounts with a number of 2.2 billion accounts but there are also other sources ending with a total of 3 billion accounts and this not including other social media platform, there is a large supply of email accounts in circulation that can be used for fake signature combined with a bot and there innovative ways to bypass trigger systems which will be covered shortly.

 0.3% to 3% is a safe estimate if this was being done manually and if we look at the history of past petitions the ratio of 100k plus signatures is not very high, but the main 2 out of the list clearing 1 million signature also appeared out of nowhere and both are related to Remain objectives. Even if we look at the low end of the ratio of automated fake signatures this could be 3% to 30% or even more over time as this could be hyped up with media which shades over the bots.

Remark: “When the new Petitions service was built last year one of the primary design goals was to make it fast and accessible – especially on mobile devices where we get the majority of our traffic, “explained Andrew White from the Government Digital Service (GDS)

Conclusion: Now this may sound complicated or even expensive and you would think this is too James Bond “007” so who or why would anyone actually do this? Well it exists and has for many years which in turn is the GREY market of the telecoms sector, which services millions daily in the high streets via Calling cards all those lovely cheap calls you get on your prepaid card.

We always hear about troll, spam or fake news farms but now your going to find something more effective and dangerous than Cambridge Anylitica, SIM FARMS yes 1000s and even 10s of thousands of sim cards rotating in a sim bank and they don’t even need to physically be in the UK and the UK side can be Virtual even with the defence mechanism of Mobile operators its a day to day issue costing them millions in Per minute and SMS, you can buy the hardware easily enough from China and you get a good coder that won’t break the bank and you can create an algorithm that rotates a virtual MAC address and IP so if you have 10,000 SIMs in the rack you can rotate them. “A lot of the hardware comes with basic anti blocking Softare”

10,000 SIMS can be seen as 10,000 Signatures over a few minutes can be rotated again and again now this can trick the petition portal as IP and MAC falls under GDPR and can go around IP Blockers and Blacklisting so Imagine just 1000 sims rotating at 2 mins = over 10 hours 300,000 Signatures now do the maths with 10,000 Sims thats 300,000 in One hour
Even a small farm of 100 sims can cause a lot of signatures and with the current explanation for the portal makes it highly easy to spoof more so if you have Call Centre data, Emails and Sim farms and you might be surprised how many exist with this combination of all 3 “Do you receive Call Center calls selling you something?

We will come to an end as we need to move onto part two and where blockchain technology falls into place as a potential solution to provide Trust, Protecting your individual Digital Persona, immutable and transparent democracy.

Cambridge Analytica, Social Media, Mainstream Media and Political Debate vs Trust,  Democracy and Violation of the people’s perception.

Cambridge Analytica: Seen as one of the largest intrusion on our personal information and the gamification of thoughts, opinions and feelings. 

The truth Data has always been used down to what newspaper, which type of milk and so on for many years down to areas a long time before the internet even arrived and played a role in politics, so we can’t really say too much on this when we readily put our lives all over the web it simply became stream lined and more precise. 

Social Media: Too many people rely on this for their daily lives and is the easiest way to influence on a targeted direct level. Social media has problems preventing spam and the real truth is human beings are very easy to influence and become sheep via social media.

You do not need to have a large following you simply need to have post that gathers a lot of fake comments, likes or shares and this is easily purchased for as little as 5 pounds but if you look at the spam farms they can boost a post that is seen by many and the sheep start to add real shares, comments and like “Fake spark with the right topic creates the wave”

Mainstream Media and Political Debate: This is a lethal combination political debate at this moment in time due to Brexit on its own is a dangerous divide but when we add the Mainstream media that push out the hottest topics put the physical world outside of Mainstream into a frenzy that picks up the political debate and what is called a worthless petition, but to many at heart it’s not worthless as its become supernova based on a large divide of expectations and not only being online, but now into physical demonstrations which will fuel antitrust, anti democracy and pure chaos from the politicians now being transferred online and offline 

Conclusion: Trust,  Democracy and Violation of the people’s perception.

Our trust is being abused by technology, social and mainstream media alongside the violation of our rights personal and digital person, in what we use everyday has now become a weapon of officials driving forward no trust in what we use or expect from a parliament or Government specially when we look at the petition portal if you look very carefully at the 1000s of petitions and look at the numbers each have then look at just 2 main petitions based on Remain its become weaponized and highly vulnerable to manipulation “So the reality is the petition portal is worthless and has no real value” the Petition portal is enable to the people suggest debate via a portal that they should trust in a government or parliament they should trust to deliver democracy.

Reality check: Its an illusion of trust and democracy that can be gamified when it suits them or there agenda all Government, Parliament also MEPS should be banned from sharing or discussing the promotion of petitions and prosecuted for encouraging antitrust and anti democracy and should only go public when the petition is closed and been debated with the final conclusion debated.

Mainstream media: should be fined and banned from covering petitions that are in process stages and should only cover the outcomes.

You should look at the 1000s of petitions from human rights to animal wealthfare, healthcare and so on they have realistic numbers of signatures and are based on common opinions but they have not received 300,000 signatures in a matter of hours or been influenced by the media.

We will be presenting an alternative concept where blockchain technology could fit and deliver on trust, Democracy and protect our digital persona and fighting back against the possibility of fake signatures.

Part Two coming Brexit: where blockchain could solve AntiTrust, Anti Democracy and reduce the manipulation of fake signatures. Which will provide all petitions on the portal a level playing field all round “Lets learn from the lazy mistakes of the past and take the current situation as driver to become more civilized and democratic.

Click to comment

You must be logged in to post a comment Login

Leave a Reply

Most Popular

To Top