After the surprising Brexit- the day Britain decided to leave the EU- a petition for a re-vote made headlines as it overnight grew from 25 votes to over a million.
I kept an eye on the petition page over that weekend and watched the number of signatures/votes climb to well over 3 million votes. I also put in some votes myself, a few from Togo, Zambia and some I don’t remember.
Turns out all you need to sign the petition is an email (in my case a temporary email generated online), tick the box that ‘Yes, I’m a British citizen’ and write some random data in the rest of the fields. Postcode is only validated for UK, so anything will do as long as you set a different location. Afterwards you need to verify your email, and your vote is in.
Here was my theory. If you can put in random fake signatures then I bet you a lot of people would do just that. For laughs. For contribution. For… well, for whatever reason they might have. The data, in JSON format, was publicly available and therefore I decided to take a closer look at the petition data.
I generated some C# classes based on the JSON and made myself a console app in Visual Studio. I renamed the RootObject and pulled in JSON.net for deserialization.
While I choose to read in the data straight from the site you could add it to the project by copy and paste, just make sure to mark the file as Content and set to copy to output.
With that done I decided to take a look at the signatures, and sorted them by count by country. Well, second on the top ten list was Vatican City with 36 200 signatures at the time of writing, which is funny as the population is only 820. So… yes.
And as for North Korea on third place, internet is not publicly available there, – and in the few cases where it would be it would probably be restricted to local sites according to Wikipedia.
It is sad though. If anybody can sign, even if that anybody is a bot with fake mails, then that number becomes less significant. I would say not significant at all, even if I’m convinced the majority of the signatures are real.
You’d think the site is lacking in terms of validation, but they are actually slightly better than Change.org (also a petition site) that let me sign the Swexit using a fake email, no validation and no email verification.
Notice my supportive comment from the most recent ‘supporter’ (I’m not by the way, but that is a different discussion and story to tell)
A few weeks ago I received an email (for each registered vote I had put in) that the Brexit petition had been turned down. At the time it had reached 4-5 million votes. I wonder if the petition would have had a bigger impact if the votes had been verified and one could (to some degree) guarantee unique voters.
What do you think? Making it easy to sign/vote makes more people take action, but at the same time increases the risk for fake signatures (and impulse votes). And how certain can we be the signatures are unique with more registration requirements? What would be a good way to solve this problem? I’d love to hear your thoughts on this!