GDS sets out plans to tackle online petition fraud
The Government Digital Service is working to improve its approach to fraud in online petitions following concerns over the validity of almost 80,000 signatures on the petition calling for a second referendum on European Union membership.
Online petitions allow for more fraudulent signatures - Photo credit: Flickr, Garry Knight
The petition, which garnered more than 4 million signatures in the days after the UK voted to leave the EU, called on the government to change the rules of the referendum to require a rerun if the vote in either direction was less than 60%.
However, a number of signatures were found to be fraudulent, with around 30,000 people claiming to be from Vatican City, which has a population of 800.
The signatures were removed at the time, but in a blogpost Andrew White of GDS said that the team was now working to develop tools that would help automate the process.
“We’ll be using a combination of tools that make the invalidation of signatures into an admin task rather than relying on developers to do the work,” he said.
He also said that the service would “be relying less” on blacklists of domains that allow users to create scripts that set up temporary email accounts, because new “disposable domains” are created constantly.
“Instead we’ll be switching to whitelists and then applying aggressive rate limiting to unknown domains and/or IP addresses,” White said. “We’re looking forward to seeing how this will perform next time.”
White also set out how the team had responded to the surge in interest in the petition, which he said was predicted by the team after the petition received 20,000 signatures in the space of an hour on the morning that the result was announced.
This included scaling up the number of servers – eventually increasing to 12 application servers and six background workers, after resizing the database instance during the night of Friday 24 June when there was a lull in activity.
White said they would not normally resize the database during high activity, but that this change allowed the increase in servers, meaning that the system could “comfortably cope with the peak evening traffic of over 100,000 concurrent users who were signing the petition at over 140,000 signatures per hour”.
He said that the changes made to the application and systems that allowed this to happen would ensure they were ready for a similar situation.
Report from crossbench group of peers accuses government of failing to deal with a growing problem
Consultation opened on addition of eighth principle for the health system’s use of data
Annual fraud data shows lost phones, online shopping sprees and some mysterious missing timepieces
Study from NFER shines a light on disparities
PublicTechnology talks to Rich Turner about why organisations need to adopt a ‘risk-based approach’ to security – but first make sure they get the basics right
CyberArk's David Higgins explores the cyber risks of hiring independent contractors
CyberArk's John Hurst looks at the true cost of GDPR breaches