GDS sets out plans to tackle online petition fraud

Written by Rebecca Hill on 22 August 2016 in News

The Government Digital Service is working to improve its approach to fraud in online petitions following concerns over the validity of almost 80,000 signatures on the petition calling for a second referendum on European Union membership.

Online petitions allow for more fraudulent signatures - Photo credit: Flickr, Garry Knight

The petition, which garnered more than 4 million signatures in the days after the UK voted to leave the EU, called on the government to change the rules of the referendum to require a rerun if the vote in either direction was less than 60%.

However, a number of signatures were found to be fraudulent, with around 30,000 people claiming to be from Vatican City, which has a population of 800.

Related content

Fraudulent signatures discovered in EU referendum petition
Do you know the right class for your data?

The signatures were removed at the time, but in a blogpost Andrew White of GDS said that the team was now working to develop tools that would help automate the process.

“We’ll be using a combination of tools that make the invalidation of signatures into an admin task rather than relying on developers to do the work,” he said.

He also said that the service would “be relying less” on blacklists of domains that allow users to create scripts that set up temporary email accounts, because new “disposable domains” are created constantly.

“Instead we’ll be switching to whitelists and then applying aggressive rate limiting to unknown domains and/or IP addresses,” White said. “We’re looking forward to seeing how this will perform next time.”

White also set out how the team had responded to the surge in interest in the petition, which he said was predicted by the team after the petition received 20,000 signatures in the space of an hour on the morning that the result was announced.

This included scaling up the number of servers – eventually increasing to 12 application servers and six background workers, after resizing the database instance during the night of Friday 24 June when there was a lull in activity.

White said they would not normally resize the database during high activity, but that this change allowed the increase in servers, meaning that the system could “comfortably cope with the peak evening traffic of over 100,000 concurrent users who were signing the petition at over 140,000 signatures per hour”.

He said that the changes made to the application and systems that allowed this to happen would ensure they were ready for a similar situation.

Share this page



Please login to post a comment or register for a free account.

Related Articles

‘Treated as suspects’ – ICO calls for end to excessive demands for personal data of rape victims
31 May 2022

Information commissioner tells forces to immediately stop gathering info in a manner he claims is putting a major dent in conviction rates

‘A core part of national infrastructure’ – ministers consider regulating to make the cloud safer
27 May 2022

Consultation launched seeking feedback on risks and mitigations for systems that now underpin a wide range of ‘essential services’ 

EXCL: Wall of silence surrounds plan for nationwide collection of citizens’ internet records
26 May 2022

Online notice reveals controversial trials are to be expanded into a national service – about which government, law enforcement, watchdogs and all the UK’s major ISPs declined to answer questions...

ICO hits facial recognition firm with £7.5m fine and order to delete all UK data
25 May 2022

Regulator finds that collection of online images was not fair, transparent or lawful