This was presented by Virgile Deville from Democracy Earth at the Impacts of Civic Technology Conference (TICTeC@Taipei) in Taipei on 12th September 2017. You can find out more information about the conference here: http://civictechfest.org/agenda Abstract: Hong Kong’s 'small circle' election system means that only 1,200 people had a vote for the Chief Executive of the city, from a population of 3.77 million. Prof. Benny Tai, leader of the Umbrella Movement, working with more than 20 civic communities in Hong Kong, led a campaign against this lack of inclusion, and commissioned the building of the PopVote application. Seeing that the referendum provided an extraordinary opportunity for a large scale experiment, Democracy Earth were happy to collaborate to see how blockchain technologies such as Bitcoin or the IPFS network could best be leveraged to make the election process secure from cyber attacks. Popvote aimed to collect a million citizens’ votes for the Chief Executive election, but it looked to future reuse, too. On a low budget, it was built as Open Source software that could also cater for future referendums. Crucially, based on previous experiences, it also had to be able to withstand cyber attacks. Virgile shares the project’s outcomes, some encouraging; others disappointing. He also spells out how such collaborations are becoming more and more relevant to civil society, especially in a world of cyber attacks, data leaks and electoral fraud.

1. The Impacts of PopVote in Hong Kong
2017 Chief Executive Election Civil Referendum

2. Organisation
Presentation
Popvote.hk was created by the
University of Hong Kong and Hong
Kong Polytechnic University to run
small-scale e-polls for specific
groups or organizations, mid-scale
e-polls for specific communities or
sectors, and large-scale civil
referendums for the general public.
popvote.hk

3. Organisation
Presentation
A group of tech professionals
specialising in civic engagement
technologies such as polling
chatbots, digital deliberation,
strategic voting predictions and civil
referendums, with the aim to
promote democracy and strengthen
civic society.
civicdata.hk
@HKCivicData
/CivicDataHK

4. San Francisco based foundation
backed by YCombinator and Fast
Forward working on decentralized
democracy by implementing
blockchain technologies for liquid
democracy. Currently working on
Sovereign, a liquid democracy app
and on a paper called “The Social
Smart Contract”
Organisation
Presentation
democracy.earth
@DemocracyEarth
/DemocracyEarth

5. Local context and history

6. Local context : chief executive small circle election
>0.01% of
1200-people
Election committee
decides
3,7m registered voters
!
Civil society considers this a
threat for HK’s autonomy as
nominated candidates are loyal
to Beijing

7. 2014’s Referendum on universal suffrage
792 808 people participated
Through mobile app, website and polling stations to decide on
alternative way of electing the chief executive. Considered illegal
and invalid by China state council.
Winning proposal : allows candidates to be nominated by
35,000 registered voters, or by any political party which secured
at least 5% of the vote in the last election for Hong Kong's
legislative committee.
Suffered possibly the largest
DDoS attack in history

8. 2017 Chief executive election civil referendum

9. Letter of
intent
A 2-step process like open primaries
Step 1:
Civic nomination
Step 2:
Voting
2014 civil
referendum
Umbrella
Movement
4 month
later
If candidate gathers
more than
37 790 Votes
(1% of registered
voters), they are
selected for the
voting phase.
Polling
station
Voting
channels

10. App design : voting process

11. Detected cyber attacks
Attacks targeting organizers email accounts
Attacks targeting polling station wifi
Try to bypass phone certification popvote voting app
DDoS Attacks targeting telegram voting app
Thousands bots making request at the simultaneaous causing lag
Bypass of phone certification exploit
Interference with wifi signal causing slow connection
SMS interception through SS7 external call attack

12. Suspected smear campaign
2017/03/18: Local IT group raised security concerns about Popvote modified version of
Telegram Client.
Rumor spread that voters data had been leaked (HK Id card number)
Was picked up by national media.
Privacy
Commissioner for
Personal Data,
Hong Kong
PCPD started to take interest. After asking for a meeting with
organizers, Popvote modified Telegram client had to be taken
down and be replaced by a Telegram classical chatbot.
This undermined the confidence of public citizens placed in Popvote and
didn’t allow for usual high participation.

13. PR crisis strategy: transparency about data handling

14. Results
65K + citizens took part in the civil referendum
62K
Voted against
59K
Voted in favor
1K
Voted in favor
2,7K
Voted against
She got elected by 777 election committee members

15. Project Assessment

16. Key learning
- A smear campaign can cause more damage than a large DDoS attack
- Should have prepared informational campaigns on the security of new technologies to
address privacy concerns preemptively
- Be ready to handle PR crisis when opponents try to smear your technology
- Might not use Telegram again
- Telegram is harder to hack / attack but it creates a software dependence having to rely
heavily on a trusted third party
- Failed to be adopted by the general public as users had to download a dedicated app.
Also, older generations were not used to interacting with chatbots
- Exposed to opponents creating bots with similar names to confuse users and further
erode their trust in the bot

17. Blockchain architecture didn’t get implemented
Crypto
login
Decentralized
storage
Data
anchoring
Voting
explorer
Github repo → https://github.com/LucasIsasmendi/r2bot-family

18. Exploring how to build a decentralized digital democracy → frama.link/paper

19. Thank you for listening !
Download slides → https://frama.link/popvote
Let’s keep talking:
@virgiledeville
vir@democracy.earth
democracy.earth
@DemocracyEarth
/DemocracyEarth
/DemocracyEarth
chat.democracy.earth