Ups and downs of signatures

I emailed the House of Commons petitions Committee at 4am this morning (yes that’s right) with some concerns over the frequency with which our e-petition to ban driven grouse shooting is yoyoing up and down at the moment as bot attacks add signatures and then these are removed later in the day (often quickly).

Just to be clear – I do not see any more of the working s of the e-petition than any of you do so I know no more about it than you.

You’ll notice that the response below sounds calm and reassuring. there are no doubts at all about our current total being way over 100,000 signature and the claim that the whole process is robust – so it must be.

I might enquire further – but not for a while as I have another two days of Bird Fair to enjoy!

Dr Avery,

Thank you very much for your message. I will answer as best I can!

The short answer is that I can’t give you a full explanation of the process by which attacks are spotted – I’m a parliamentary procedure expert rather than an IT one. The technical side of the site is looked after for us by the Government Digital Service. They are, understandably, fairly reticent about sharing too much about their security techniques – because to do so might well undermine their effectiveness. You might try them through the Cabinet Office though:

https://www.gov.uk/government/organisations/cabinet-office

I can say that there are both automated and manual checks that GDS do on signature patterns, which identify suspicious patterns and block or remove fraudulent signatures. This monitoring is happening more or less constantly. To answer your understandable concern about over-correction, I can assure you that signatures are only removed when we are sure that they are not genuine.

As some more practical reassurance, I can tell you that when we had a similar problem with the EU referendum petition, we were contacted by many people who were concerned that their signatures might have been wrongly removed. In every case, we checked the system for them and found that the signature had not been removed.

Best wishes,

[registration_form]

39 Replies to “Ups and downs of signatures”

          1. Sorry Alan. I was only now told about your comment.
            I am not on Facebook.
            I just noticed that the Stone Curlew petition also had extremely high activity. I can’t remember the exact details but i’m pretty sure that later the overall numbers were reduced.

          2. Thanks Anand. Not to worry, I think we know more now about this, though I don’t know if it is the end of the story, I am still tracking both our petition and ‘theirs’ carefully.

  1. Mark, sounds like you are not sleeping at night! Please don’t wear yourself out. Shame our govt. doesn’t take as much care over postal votes in referendums or elections as it does over petitions given what we’ve heard today about being one person being able to vote twice in the EU referendum!

    1. Not just the EU referendum either Wendy, if I hadn’t been honest I too could have voted in two neighboring constituencies, and I suppose if I’d kept quiet it might have been interesting to have seen how long before they caught up with me? Wouldn’t be the system at fault of course? Gives you a lot of confidence in the robust electoral system doesn’t it?

      1. I’ve long had a concern that second home owners, students etc., could be registered in more than one constituency and vote twice with next to no chance of being caught.

  2. From what I remember some 70,000 “signatures” were removed from the EU referendum petition! So we are not quite at that stage….. (though even with that number of removals, that petition is still over 4 million, which says something in itself – much good it will do us, more’s the pity).

    1. Holborn and St Pancras look too high as well as St Albans which was less than Watford this am

  3. Dear Mr Avery,

    please accept our apologies, the bot is not meant to cause any distress to anyone.

    The bot does not have any interest any of the petition it targets – it generated 40,000 signatures for Art 50 petition, 12,000 signatures for British Space elevator petition, and a few thousands signatures for your opponents’ petition (to make things even).

    The purpose of the bot is to raise awareness of how easily the official UK gov petition site can be abused.

    If you think the bot attacks were unsuccessful – that was done purposefully. The bot was designed to send thousands of requests from single IP from single email domain. This was done in a very blatant, crude way so it could be easily spotted.

    Now – you may be thinking – what if the bot generated only 100-200 signatures per hour and routed traffic via 100s of proxy servers to become undetectable?

    If you are thinking this – check the trending petition section in the upcoming days.

    The bot could be easily blocked by adding standard CAPTCHA verification, something which is done on any legitimate site.

    Please ask your MP and HoC Petition Committee why the site does not have basic CAPTCHA checks

    See this video to see how simple the bot is – only 100 lines of code – https://www.youtube.com/watch?v=gkZGPCBlA6U

      1. Thanks Adam Adams. For my wasted time? Well, my motivation for monitoring our petition was simply good will, so no cause for complaints really. Did you need to keep making your point, using our petition, day after day? No you didn’t, you had thousands to choose from. ‘The bot does not have any interest any of the petition it targets’? But you did; you admitted choosing a specific petition to target. Bit weak that , buddy.

        1. RE “‘The bot does not have any interest any of the petition it targets’? But you did; you admitted choosing a specific petition to target. Bit weak that , buddy.”

          Well, I do admit that I had to choose one of the top petition to avoid too-quick detection as “British Space Elevator” was too obvious. Note I put 3 youtube videos targeting 3 different petitions. However once the petition Id is configured it stays the same for a few days.

          And I do realise this might have been not the best idea as there are many people invested in this petition, which is a great cause, therefore the bot will only target joke petitions from now on.

  4. So am I being completely stupid in that I understand that you are responsible for the abuse the petition has been receiving AdamAdams?

    1. Do you realise how much stick people have taken because of your irresponsible activities Adams?? ….. Mark’s not the only one that has been awake thinking/worrying/wondering about the figures….. You stupid, stupid person! You’re just one sad PITA!!
      Don’t expect any thanks from me for ‘making things even’ …… I can’t be doing with people playing mind games ….. and certainly when it concerns something that means so much to so many ……

    2. It is the House of Commons who is responsible for defrauding British people by claiming the numbers they publish represent “signatures” while not implementing basic CAPTCHA anti-bot measures.

      What if all petitions are signed by bots? See this petition archive from last night http://archive.is/sCMa1. 669 “signatures” for Glucose Monitors petition added Friday night, at 21:30, really?

      1. Adam – thank you for your comments. I can see the points you are trying to make and can see their value.

        Could I ask you please to make them somewhere else from now until 9 September please? Come back to us on September 9 after we have heard whether we are getting a debate in parliament and then play away to your heart’s content. Deal?

        1. Hi Mark,

          The bot’s main purpose is to raise awareness of the negligence by the House of Commons as they have not added standard CAPTCHA “I am not a robot” checkbox even after the second referendum petition abuse.

          “I am not a robot” is a simple checkbox to the normal users, however it turns into a complex puzzle that only human can solve if someone is behind VPN or proxy.

          This is clear negligence and carelessness on their end as CAPTCHA is a basic check that is implemented by any serious website. There is no hacking involved and the bot uses only free services (free proxies, email providers and domains).

          HoC say they have number of checks to detect and delete in-genuine signatures whilst also claiming they only delete signatures that they are 100% sure are fake. It is not possible to reconcile these two things.

          The bot can route traffic via 1000 of free proxy servers (to hide IP) and use hundred of different domains (also free) – not possible to detect.

          The bot by being so blatant is essentially trying to force HoC to fix this.

          This is to ensure integrity of the petitions so that petition like yours would be treated seriously.

          However I do realise there is a side effect to this as there are many people invested in your petition, which is a great cause, therefore the bot will be changed to target only a joke petitions like British Space Elevator, or to “Call for a vote of no confidence in David Cameron” (which is trending at the moment).

          Note the bot was on today therefore there may be a final correction, however the bot was turned on only after your petition gained 112k signatures, which means the HoC debate should not be affected.

          Apologies again for any distress caused, especially after reading about your cause and started appreciating your great work!

          1. Adam Adams – thank you. I appreciate the point you make, I appreciate the fact that you only turned your attention to us after we reached 100,000 signatures and I appreciate your promise not to target us from now on. Thank you.

      2. You are an idiot! You could proven your point by generating your own petition on a meaningless issue (giving Michael Gove an award for services to beard growing, or name a haystack after Boris) to demonstrate this on and make your point, instead you’ve derailed the democratic process and caused nigh on irreparable damage to a campaign that has been carefully built up over several years against some of the most powerful groups in the country.

        I hope Mark gives every bit of identifying data he has on you to the cops. Also captchas actually make it harder for some people with disabilities to sign online forms and it is best practice under the Equality Act 2010 to not use them, twerp.

        1. Again, the bot targeted a number of petitions, it did not target this particular one only.

          Also the bot was on only after the petition reached 100k threshold therefore the debate should not be affected.

          If the bot really affected the outcome of the petition it only confirms HoC were negligent by not implementing basic bot-prevention measures

          Does HoC allow a bot created in one night to derail years of work? Negligence

          RE “identifying data he has on you to the cops” – even if there was any identifying data, what crime would that be? Computer Misuse Act 1990 provides only for unauthorised misuse. There was nothing unauthorised about submitting thousands of signatures to a HoC website that allows this.

          RE “captchas actually make it harder for some people with disabilities to sign online forms and it is best practice under the Equality Act 2010 to not use them”

          New CAPTCHA is a simple “I am not a robot” checkbox which becomes a complex puzzle for someone hiding behind VPN. Not possible for a bot to bypass this.

          1. To be honest …… I really don’t care about your excuses ……. You targeted a petition because it was successful for your own ends.
            You have a problem with HoC then take it up with them. Don’t use the work of people who have put their backsides and more into getting a petition as far as requesting a debate …… You have no idea of the distress you did cause …… the arguments, the nasty comments, the posts casting aspersions, the doubts of the petition’s credulity …. all for YOU to prove a point ……. selfishness personified.

          2. Did your bot ever target more than a handful of constituencies for our petition? That is, did it ever target all, or most?

          3. No. You have caused the derailing and the ammunition given to the very powerful pro-grouse shooting interests, not the HoC. Again, why did you not create your own petitions and boost them? Is it because you knew the HoC actually does have behind the scenes bot-detectors and you knew that they would be tripped at once? Kind of makes your argument a farce of Botham-esque proportions, doesn’t it? Face it, you just wanted to try and show off and upset the apple cart because you wanted to be the big man. That it wasn’t doing it in the precise way YOU wanted is just an after the fact justification. Back under your bridge, preferably one without wi-fi receptition.

      3. OK i will am going to stick my neck out ..
        This reminds me of the story about Feynman.
        When he figured out how to crack safes at Los Alamos during the Manhattan Project. The solution by those in charge was to ban him form entering certain areas not to figure out better overall security.

        1. Yes that was a very funny and illuminating story, I’m also reminded of some years ago when bunch of kids with a video camera ‘broke’ into a parked passenger jet on a runway and sent in the film to ITV news to show how lax airport security was. The difference here is that people who aren’t responsible for the inadequacy have been affected by supposed attempt to highlight it. There was a valid point to be made here, but this wasn’t a valid way of doing it – well meaning, hardworking people have been compromised.

  5. OK Adams, so you fancy yourself as a clever- clogs! You’ve made your point, though I suspect there are a large number of people genuinely interested in these petitions who will just regard you and your kind as anti-social pains in the neck!

  6. I noticed the Scottish govt petition site had an ‘I am not a robot’ feature when I signed their licence game shooting petition.

  7. 115,487 and a healthy 38 signatures in the last hour, isn’t life fine and dandy?

  8. Iain Gibson To those who have been deterred from signing the petition “because it doesn’t apply to Scotland” (shame on you, RSPB), it’s worth pointing out that it is the UK Parliament that will be urged to debate the subject (I’m pretty sure there hasn’t been devolution for England yet), and that the persecution of Hen Harriers in England DOES affect the Scottish population. Hen Harriers are partial migrants, and although we only really hear how few pairs are nesting in England, some Scottish birds spend the winter on English moors, and probably lose their lives there. It is also known that certain gamekeepers organise clandestine shoots of harriers at communal winter roosts in southern Scotland and England. Many Scottish birds winter on farmland, marshes and coastal saltmarsh in England and in France, but they also have to run the gauntlet of guns and pole traps across the grouse moors of northern England as they migrate northwards again in springtime. For the avoidance of doubt, it should be made clear that Scottish Hen Harriers are also in serious trouble, partly home-grown but also due largely to the ‘sink’ effect in England.

      1. In RSPB promotions for the petition to licence game hunting in Scotland, also quoted in RPUK.

        1. It was also quoted by RSPB Representatives at Hen Harrier Day at Vane Farm (when I was there on the Saturday).

Comments are closed.