GDS sets out plans to tackle online petition fraud
The Government Digital Service is working to improve its approach to fraud in online petitions following concerns over the validity of almost 80,000 signatures on the petition calling for a second referendum on European Union membership.
Online petitions allow for more fraudulent signatures - Photo credit: Flickr, Garry Knight
The petition, which garnered more than 4 million signatures in the days after the UK voted to leave the EU, called on the government to change the rules of the referendum to require a rerun if the vote in either direction was less than 60%.
However, a number of signatures were found to be fraudulent, with around 30,000 people claiming to be from Vatican City, which has a population of 800.
The signatures were removed at the time, but in a blogpost Andrew White of GDS said that the team was now working to develop tools that would help automate the process.
“We’ll be using a combination of tools that make the invalidation of signatures into an admin task rather than relying on developers to do the work,” he said.
He also said that the service would “be relying less” on blacklists of domains that allow users to create scripts that set up temporary email accounts, because new “disposable domains” are created constantly.
“Instead we’ll be switching to whitelists and then applying aggressive rate limiting to unknown domains and/or IP addresses,” White said. “We’re looking forward to seeing how this will perform next time.”
White also set out how the team had responded to the surge in interest in the petition, which he said was predicted by the team after the petition received 20,000 signatures in the space of an hour on the morning that the result was announced.
This included scaling up the number of servers – eventually increasing to 12 application servers and six background workers, after resizing the database instance during the night of Friday 24 June when there was a lull in activity.
White said they would not normally resize the database during high activity, but that this change allowed the increase in servers, meaning that the system could “comfortably cope with the peak evening traffic of over 100,000 concurrent users who were signing the petition at over 140,000 signatures per hour”.
He said that the changes made to the application and systems that allowed this to happen would ensure they were ready for a similar situation.
Newly created organisation aims to improve national resilience
Email addresses and info about eligibility for payments accidentally revealed
Ministers stress mass deletion was result of ‘human error’
Education secretary confirms that technology will not be used again
OneTrust presents the reasons why your organisation should invest in privacy management - and offers three easy tips for getting started
The remote-first world has seen email being relied on more than ever as a core communication mechanism - but with 93% of IT leaders acknowledging a risk to sensitive data, what steps should be...
One Trust breaks down the modular approach of the new SCCs