Remote Plenary Sessions and Committee Meetings
Chief among those processes are the plenary sessions and committee meetings. These sessions and the conversations, decisions, and votes that occur within them are at the core of much of your parliament’s work and as such can be a particular target for adversaries. In a modern, pandemic-impacted world, such sessions and meetings are taking place in increasingly diverse fashion depending upon your country’s context, both in-person, completely online, and in a “hybrid” fashion.
As outlined in the House Democracy Partnership’s recent Parliaments Responding to a Pandemic guide, the typical parliamentary debate structure is different from a normal conference discussion or standard organizational meeting. Needs for remote voting, the submission of official proposals and amendments, structured debate, and even simultaneous interpretation to ensure inclusion of all constituencies often require additional features not found in most standard technology solutions. As a result, when hosting a virtual or hybrid session, it is likely that your parliament may need to develop (or already has developed) custom software, or purchase expensive, enterprise solutions (such as Cisco’s Webex Legislate) designed specifically to manage parliamentary sessions remotely. Whatever option your parliament chooses, it is important to give thought, as outlined in the Parliaments Responding to a Pandemic guide, to how all members and staff will be able to access such a system. It’s also crucial to ensure such a system is properly secured.
When building and implementing technical solutions for parliamentary sessions, it’s important to ensure basic security fundamentals are in place. These include steps to ensure data is secured “at-rest” within the system itself, properly encrypted while in transit, and that only authorized users are able to access the system. There are many approaches that can be taken to ensure such security, including many of the fundamentals outlined throughout the rest of this Handbook. End-to-end encryption on any data sharing and communications systems used, strong password and two-factor authentication requirements and/or IP address restriction for users to access such systems (unless they are intended to be open to the public), the requirement of virtual private networks (which will be discussed later in the Handbook), and the limitation of access to only trusted, clean devices are all helpful steps.
Remote Voting
The need for robust security is perhaps most critical when dealing with remote voting. As the aforementioned Parliaments Responding to a Pandemic guide highlights, MPs are elected to parliament for the specific purpose of voting on behalf of their constituents. The ability to trust and verify these votes is crucial not only to the functioning of your parliament itself but to the democratic system as a whole. Such votes are relatively easily verified when an MP votes in person, but when participating virtually, technical authentication becomes a greater challenge that requires significant care and focus. As outlined in expert testimony given to the Canadian House of Commons’ Standing Committee on Procedure and House Affairs, parliaments typically choose one of four options for remote voting:
- Email voting: where members receive a ballot form electronically and submit their vote via email. This option is generally considered insecure, in part due to its lack of end-to-end encryption, and should be avoided.
- Web-based voting: where members access and cast ballots via a website on either a computer or mobile phone. This approach requires investment in secure infrastructure, including secured devices with strong authentication controls as mentioned above.
- Application-based voting: where members download an application to access and cast ballots. Similar to web-based voting, but uses a specific app, which can be downloaded to a phone or tablet as opposed to being accessed through a browser.
- Video voting: where members vote on-screen by a show of hands or a voice vote. For non-anonymous voting this can be the least technically complicated and least technically sophisticated to set-up and secure. It does still require robust encryption and authentication systems, however, to avoid impersonation or interruption during voting sessions.
Whatever option your parliament chooses to implement for remote voting - if it uses remote voting at all - it is important to address cybersecurity basics throughout the voting process as well. Such fundamentals include ensuring the devices that MPs use to cast votes are properly secured physically and free from malware, that members’ internet access is properly secured when voting (and when conducting other parliamentary business as well), and that members have stable internet connections and are able to vote when called upon. As outlined in the Parliaments Responding to a Pandemic guide, when adopting remote voting, there is a need for extensive testing of the system before it goes live and a need to provide support and training to MPs to ensure they can use the system effectively. It is important to remember that part of security is availability. There is also a need in particular to ensure that women MPs and staff are able to use online systems safely, including remote voting, and have access to the technology to do so. When women, particularly elected women, go online they face greater levels of intimidation and harassment, and this factor should be considered when developing and using technology like remote voting to ensure that all MPs are able to fulfill their functions effectively. Further, it is critical to ensure adequate remote multi-language access in countries where multiple formal languages are spoken by members and staff.