3.1
This chapter will discuss the electronic security mechanisms built into the e-petitions system which are designed to prevent fraudulent activity. The discussion will consider whether these mechanisms are fit for purpose, instances of fraudulent activity on petitions and, if fraudulent activity does occur, what impact this has on any possible outcome for the petition.
3.2
Comparisons will be drawn regarding the process for creating or signing a paper petition, which cannot collect signatures online.
The e-petitions system
3.3
The e-petitions system consists of the following components:
public website hosted in the aph.gov.au website for use by members of the public to sign and create petitions
public application programming interface (API) to support the public website component by retrieving and submitting data
Administrator Portal used by the Petitions Committee Secretariat to process petitions from initial request to tabling in Parliament
Internal API to support the Administrator Portal by retrieving and submitting data
SQL database containing data for the system accessed by both the internal and public API.
3.4
The e-petitions system allows external users to:
request a new e-petition;
create a paper petition via a downloadable template.
3.5
The website that hosts the e-petitions system also provides information for users to learn about the petitioning rules and workflow process of petitions.
3.6
The system is owned by the Department of the House of Representatives. The Department of Parliamentary Services (DPS) provides technical support and undertakes any required maintenance and enhancement activities.
3.7
To request a new e-petition, users are required to enter their petition details (petition summary, reason and request), full name and contact details into a series of mandatory fields and agree to the terms and conditions of petitioning the House. When complete, a link is sent to the principle petitioner via the email they input into the system which must be clicked on within 24 hours in order to verify their request. This step is designed to prevent ‘bot’ attacks or fraudulent activity.
3.8
To sign an e-petition, users are required to enter their name and email address and agree to the terms and conditions of petitioning the House. Again, when complete, a link is sent to them via the email input into the system which must be clicked on to verify their request in order to prevent fraudulent activity. Each e-petition can only be signed once per unique email address and the system performs a check to verify if the email address has been used before. If it has, the petitioner receives a notice and the signature is not added to the petition.
3.9
To create a new paper petition, users may input their petition details and personal information into an online form to create a downloadable petition template. Paper petitions can also be created by the petitioner in a different format, but petitioners should ensure that the petition meets the rules for the form and content of a paper petition.
3.10
Signatures to paper petitions must be made by the person signing the petition unless a petitioner is incapable of signing, in which case they may ask someone else to sign on their behalf. The original petition documents must be posted to the secretariat. When received, the secretariat enters the paper petition details, principal petitioner’s details and final signature count into the e-petition system via the administrator portal.
3.11
The security of petitioner’s personal information is discussed at the end of this chapter.
System security
3.12
The e-petitions system contains inbuilt security features designed to both prevent fraudulent activity, and provide as much accessibility as security requirements permit. The system was designed, as far as feasible, to be as accessible as creating or signing a paper petition.
3.13
The inbuilt security features of the e-petitions system include:
Two factor authentication: after entering their details, a petitioner must click on a link sent to them via email to verify their identity to create or sign a petition;
Google ReCaptcha tool: the tool is used to identify suspicious user activity and prevent bot attacks. If requested by the tool, users must pass a picture selection challenge before they can proceed; and
Unique email address per signature: a petitioner can only use their email address to sign a petition once. If multiple attempts are made, the user receives an error and subsequent attempts are not recorded against the petition.
3.14
Due to the potential impacts such measures could have on accessibility, the e-petition system does not:
… require an individual to provide proof of identity to sign a petition in either e-Petitions or the paper-based system.
or
… use geo-blocking to prevent users in other countries from signing petitions.
or
… prevent the use of temporary email addresses to sign petitions.
3.15
A broader discussion on the impact of petitioning security on accessibility was presented in Chapter Two, including the suitability of using official records for verifying a petitioner’s identity.
3.16
As with paper petitions, and as a further security measure, the committee secretariat also inspects the signatures of all e-petitions prior to the petition being presented. If suspicious or fraudulent activity is identified on an e-petition, both DPS and the Committee are notified and appropriate action is taken (usually the removal of signatures from the petition).
3.17
Further discussion on instances of fraudulent activity on petitions, including any impact that fraudulent activity may have on possible petition outcomes, is presented in more detail below.
3.18
Previously, some users have experienced difficulties in successfully verifying their identity when signing or creating an e-petition. These issues have mostly related to the requirement to click on a verification link in an email sent, because this two-step process was considered onerous.
3.19
Other users have experienced trouble accessing the system during periods of high user activity, being called ‘bots’ during the verification process, not being able to proceed with signing a petition, or failing to receive a verification email.
3.20
While these issues had a considerable impact on accessibility for the users involved, they were not the experience of most users and have been addressed in a recent system upgrade.
Security of personal information
3.21
The House of Representatives (the House) e-petitions system only collects personal information necessary to verify signatures or to contact a principal petitioner about their petition.
3.22
The details of the principal petitioner are stored in the e-petitions secure database as are the signatories to e-petitions. This information is accessible only by database administrators in DPS and the committee secretariat.
3.23
Only the name of the principal petitioner is published with their petition and the total number of signatures collected. Details of signatories to e-petitions are not provided to the principal petitioner or to any other third party.
3.24
Each petition that is presented to the House is presented in hard copy (e-petitions are printed on paper) and include the full details of the principal petitioner and the names only of signatories to the petition (sometimes additional signature information is included on paper petitions presented to the House, but this is not required).
3.25
Once presented, petitions are kept securely archived and can only be accessed on request and under strict security controls.
3.26
There have been no known security breaches to impact on the security of petitioner’s personal information since the introduction of the e-petitions system.
Other jurisdictions
3.27
Some other jurisdictions that provided submissions to this inquiry use similar security mechanisms to prevent fraudulent activity on their e-petitions.
3.28
For example, the Legislative Council of Victoria submitted that requests made to their e-petitions system ‘are validated to ensure they do not contain malicious code’ and that they have ‘protocols to distinguish between human and automated/bot access to the website’.
3.29
The House of Representatives, Parliament of New Zealand, explained that a signatory’s name and email address are also required when signing e-petitions through their system. The requirement to provide an email address is only required to confirm that a signature has not already been recorded on that petition for that person. This is to ensure that the process of signing an e-petition remains similarly accessible to signing a petition on paper.
3.30
The Clerk the House of Representatives, Parliament of New Zealand went on to say that some security measures were necessary to uphold the integrity of the process:
We consider that these relatively light verification requirements for signatories are appropriate, given that there is no threshold, and the number of signatures has no procedural effect. On the other hand, the volume of signatures is a matter of political significance, and so some requirements are needed to reduce the prospect of the numbers being inflated through large-scale fake or repeated signatures.
3.31
The Clerk also noted some accessibility issues with a version of Google ReCaptcha they previously used and instead have utilised a newer version of the tool that does not require user input.
3.32
The Queensland Parliamentary Service (QPS) listed a number of inbuilt security features of their e-petitioning system. These features include:
use of anti-forgery token;
basic verification of data entered into the online form;
time limitations on signing time;
built in exercises designed to prevent bot attacks;
ongoing monitoring of signature statistics; and
system identification of duplicate or suspected fraudulent signatures.
3.33
Notably, the use of Google ReCaptcha was excluded from QPS’s system design because it was deemed to have accessibility risks for some demographics.
3.34
The QPS’s e-petitions system is currently being used by two other domestic jurisdictions and is being considered by another.
3.35
The Legislative Assembly for the Australian Capital Territory (ACT) is one of the jurisdictions using a version of the QPS system. The Legislative Assembly has described it as a ‘simple’ e-petitions system for collecting signatures online, which has not posed any major security or accessibility problems to date. Likewise, they have had ‘no identifiable need’ to implement further security measures, including the use of official records for verification purposes.
3.36
While QPS have not identified any significant data breaches to date, their submission also acknowledges that, despite the inbuilt security features, risks to the security of the system remain. These risks were not identified in their submission.
3.37
QPS also commented that the security of personal data acquired during the petition creation and signing process is maintained through deletion from the petitioning database after the petition cycle has concluded. As per other domestic jurisdictions, hard copies of petitioners’ information and signature records are maintained and accessible to the public from the QPS Table Office.
3.38
In their submission, the Scottish Parliament outlined features of a new online petitioning system currently under development that complies with that jurisdiction’s recently introduced data protection regulations. Features will include the requirement for users to create a user account to reduce the amount of data collected, and the incorporation of new data protection technology.
Implementing additional security
3.39
The terms of reference for the inquiry set out to examine the impact that security features have on the accessibility of the petitioning process. As discussed above, some existing security features have caused accessibility issues in the past, but these issues have now been resolved.
3.40
Other security mechanisms, such as checking of signatures and the possible use of official records to verify a petitioner’s identity, have been discussed in Chapter Two.
3.41
Some submitters expressed their concern that, if additional security features were to be implemented, this could both significantly decrease the accessibility for some petitioning cohorts that would otherwise be eligible to petition, and would significantly separate the levels of accessibility between paper and e-petitions.
3.42
The Department of the House of Representatives, for example, made this statement:
[Because of electronic security measures] e-petitions are, in effect, subject to a higher standard of up-front checking than paper petitions. … any proposal to increase security checking through the online system would risk placing a significantly higher burden on e-petition signatories than paper petition signatories. This could be seen to be inequitable, and therefore best avoided, unless the Committee believes the risks and consequences of fraudulent representations are significantly higher for a-petitions than for paper petitions.
3.43
The risks and consequences of fraudulent activity are discussed in more detail later in this chapter.
3.44
Further, Associate Professor of Constitutional Law Luke Beck, from the Faculty of Law at Monash University made the connection between petitioning accessibility and citizens’ right to petition the House. Associate Professor Beck warned:
The Committee should not recommend any measure that would weaken or prevent access to, and participation in, the petitioning system unless (i) there is actual evidence about fraudulent or other problematic activity and (ii) the recommended measure is proportionate to addressing that actual mischief.
While the matter would not be able to come before the courts, measures that reduce the ability of Australians to communicate with their elected representatives or with a House of Parliament that are not proportionate to a legitimate purpose would be unconstitutional for contravening the implied freedom of political communication.
3.45
The Department of the House of Representatives, which is the owner of the e-petitions system and responsible for upholding the integrity of the petitioning process, also had concerns about the significant resourcing implications that additional security mechanisms, such as the thorough checking of the validity of each single signature, might have:
The secretariat is not resourced to review the names of signatories to e-petitions, as they do for paper petitions. To give a sense of scale, in 2020 there were 990,636 signatories to petitions, of which 916,385 were to e-petitions. Further, I anticipate that any outliers picked up by the secretariat over and above those identified through the current automated checking processes would only be the obvious, 'Mickey Mouse' style, names. In my view, this would not result in significant improvements to the security of the system.
3.46
No evidence was received that provided support for the implementation of additional security mechanisms.
Committee comment
3.47
The Committee recognises the concerns pertaining to the security of the petitioning system. The security of petitioners’ information is of paramount importance to the Committee, and no issues in the security of petitioners’ information have been identified.
3.48
The Committee is of the view that while additional security measures could be enforced, this would detract significantly from the accessibility of the petitioning process, and would not add sufficient value to justify the imposition on petitioners.
Fraudulent activity on petitions
3.49
Fraudulent activity on petitions can be malicious attempts to inflate the signature count such as; the provision of a false name to sign a petition; making a false declaration of citizenship or residency status; or forgery of an individual’s signature.
3.50
Known instances of fraudulent activity are rare and are usually picked up by the committee secretariat during a scan of petition signatures prior to the petition being presented to the House. Any duplicate or obviously false signatures are removed from the petition and not included in the petition’s final signature count.
3.51
This was the case with petition EN1938, for which the Hon. Kevin Rudd AC, 26th Prime Minister of Australia, was the principal petitioner. Some instances of fraudulent activity were identified as appearing on the petition, which were confirmed by DPS following a check of the petition data. The signatures were removed prior to the petition being presented and were not included in the petition’s final signature count.
3.52
It is, however, openly accepted that fraudulent activity on petitions can and does occur. No petitioning system is foolproof or robust enough to entirely prevent fraudulent activity, without significantly compromising accessibility.
3.53
This is recognised by the House of Representatives and noted in the House of Representatives Practice, which is the authoritative text on the procedure and practice of the House. The text notes, in relation to an instance of signature forgery, that:
It was also considered that neither Members nor the House could ensure that every signature on every petition was genuine.
3.54
Mr Rudd, in his submission, also supported this notion and noted the risk of decreasing accessibility if system security was bolstered too much:
In the 800-year history of these petitions, it’s unlikely that there has ever been a system that is impervious to false signatures … it would be a bad outcome for the Committee to undermine genuine engagement with petitions in the name of stamping out a problem at the fringes.
3.55
Associate Professor Beck commented that ‘fraudulent activity is possible with a paper petition just as fraudulent activity is possible with an e-petition’.
3.56
The impact that instances of fraudulent activity can have on any possible petition outcome is discussed further below.
The impact of fraudulent activity
3.57
The act of petitioning allows citizens and residents to put their grievances directly to their elected representatives in the form of a request to the House of Representatives. The petition must make a request for action on something that the House can do, such as:
introduce legislation or repeal or change existing legislation;
to take action for a certain purpose of for the benefit of a particular persons;
or to redress a particular grievance, for example by the correction of an administrative error.
3.58
A number of formalised and indirect actions are taken on petitions which are outlined in more detail below, including any impact that fraudulent signatures have on these actions.
Number of signatures
3.59
The minimum number of signatures required for a petition is one, that of the principal petitioner.
3.60
Signatures to petitions must:
Not be copied pasted or transferred on to the petition and must appear on a page that contains the petition request. Signatures that are photocopied or are obvious duplicates are excluded from petitions under this rule, as are signatures that appear on a blank page that do not contain the petition request.
Be in the persons own handwriting or be added to an e-petition via the House website. Signatures collected electronically through other means are excluded from petitions under this rule.
Declare that they are a resident or citizen of Australia and not a Member of Parliament. Under this rule, signatures with obvious pseudonyms are excluded from the final signature count.
3.61
Prior to presentation, petitions are scanned for obvious non-compliant signatures, but so long as the principal petitioner’s signature is in order, and the petition meets all other standing order requirements, the petition can still be considered valid.
3.62
In effect, this means that a petition can still be valid even if widespread fraudulent activity is found to have occurred and the offending signatures are removed.
3.63
Apart from the single signature required of the principal petitioner, the petitioning process also does not require a petition to reach a certain threshold of signatures in order for any formalised action to be taken by the House.
3.64
These actions are outlined below, but this effectively means they can be taken regardless of whether a petition receives one or 100 000 signatures. As such, any fraudulent signatures added to a petition which are not detected do not have any impact on whether these actions are taken.
3.65
The issue of signature thresholds on petitions were discussed in some detail in the former Committee’s report into the future of petitioning the House, and so will not be continued in this report beyond any relevance to fraudulent activity.
Action taken on petitions
Presentation to the House
3.66
After a petition has been certified as ‘in order’ (validated) by the Committee and, for e-petitions, after it has closed for collecting signatures, a petition is presented to the House. This is usually done by the Committee Chair on a Monday of each House of Representatives sitting week.
3.67
The Chair presents a number of petitions at a time. The terms of each petition are not read out, but are included in a summary which is published on the Committee’s webpage. The Chair makes a short statement in relation to general aspects of petitioning and the full terms of each petition, including the final signature count, are recorded in the Hansard for that day.
3.68
Members of Parliament, other than the Chair, may also present petitions. Members also do not read out the terms of each petition, but will usually make a statement on the matter raised in the petition. Again, the full terms and signature count of each petition presented this way are included in the Hansard for that day.
Referral to minister
3.69
After a petition is presented to the House it is usually referred to the minister responsible for the matter raised in the petition with a request for a response within 90 days. In practice, over 99 per cent of electronic petitions are referred to a minister.
3.70
Ministerial responses do not necessarily provide agreement to act on the request in the petition, but may include more information about the matter raised, such as detail on current policy, or an explanation as to why an action will not be taken.
3.71
When received, ministerial responses are seen by the Committee, presented to the House, recorded in the Hansard and then published on the Standing Committee on Petition’s webpage.
Referral to a committee
3.72
The House of Representatives standing orders also provide Members with the authority to refer a petition to a particular committee for further inquiry. In practice, this has not been done since the introduction of that standing order.
Indirect action
3.73
Apart from the minister directly agreeing to a petition request, it is difficult to measure the other possible outcomes of a petition.
3.74
The act of petitioning, however, does create broader awareness of the issues raised in the petition, which can lead to other, less direct actions. The impact of a petition is therefore not limited to how the House responds.
3.75
The House of Representatives Practice provides the following description of this effect:
An important effect of the petitioning process is that Members and the Government are informed, in a formal and public way, of the views of sections of the community on public issues. Even if no action is immediately taken on a petition, it and others like it may assist in the creation of a climate of opinion which can influence or result in action. The petition usually forms part of a broader attempt by individual groups within the community to draw public attention to grievances. Petitions also provide a focal point for individuals and groups attempting to organise campaigns on various issues—for example, public meetings are sometimes organised around the signing of petitions.
3.76
The House of Representatives Standing Committee on Procedure also made comment on the sense of community that petitions create in their report on petitioning the House:
Petitions foster a sense of unity and purpose within a community which is publicly demonstrated when the petition is presented to the House. In this sense, a petition provides a measure of a community’s strength of feeling on an issue, and in turn, provides Members of Parliament with a ‛sounding board for concerns experienced by the voting public.’
Other jurisdictions
3.77
In some similar jurisdictions, such as the Parliament of New Zealand, there is no requirement for a signature threshold to be reached that would trigger a certain procedural action.
3.78
Others, such as the UK Parliament and the Legislative Assembly for the ACT do require a petition to meet a certain threshold to prompt an action (such as referral to a committee, or debate in parliament). With these requirements in mind, the ACT observed that it has ‘encountered no security issues to date’.
3.79
Further, while the Scottish Parliament does not have thresholds for certain actions, petitions to their parliament are considered on the merit of the issues raised and not the amount of signatures collected.
3.80
The House of Representatives, Parliament of New Zealand, also confirmed the detection of some possibly fraudulent signatures collected on their petitions, but nothing that was ‘widespread or co-ordinated’.
3.81
Nevertheless, submitters from other jurisdictions did recognise a need for the prevention of fraudulent behaviour and outlined certain actions that they take.
3.82
For instance, the Legislative Council of Victoria stated that, while they were not aware of any significant issues with fraud, they ‘carefully scrutinise all petitions and requests for e-petitions to the extent possible’ for compliance with the standing orders.
3.83
Other practices for reducing fraud undertaken by other jurisdictions include:
checking for irregularities such as fake signatures or addresses outside of the permitted jurisdiction;
disallowing petitions and/or signatures that contain such irregularities;
disallowing duplicate signatures; and
implementing practices designed at reducing fraudulent behaviour.
Impact of fraud on petition outcome
3.84
Because there is no threshold for signatures, instances of fraudulent activity have no impact on any direct action taken by the House, providing the petition meets the standing order requirements and the principal petitioner’s signature is in order.
3.85
There are, however, concerns that fraudulent activity can have a negative impact on indirect actions regarding the petition if the signatures collected are falsely inflated.
3.86
This was articulated by the Department of the House of Representatives who noted that ‘concerns about fraudulent signatures or the system's security may lead to debate which distracts from the substance of the petition’. The Department of the House of Representatives also stated:
Members may also refer to the number of signatures as an indication of the strength of community sentiment, not only when presenting the petition but when debating a matter identified in the petition.
3.87
These comments point to the political significance that falsely inflated petition signatures can have. The Clerk of the Parliament of New Zealand made this related point:
There is no procedural difference whether a petition has one signature or thousands, but the number of signatures can be a relevant factor when members and committees are making their political judgements about how to consider petitions.
3.88
Both submissions recognised that there was therefore a need to apply certain security measures to prevent, where possible, fraudulent signatures from being added to petitions. The Department of the House of Representatives, for example, stated:
Having some security measures, such as those already in place, helps reduce the likelihood of such concerns being raised.
3.89
The Clerk of the Parliament of New Zealand also remarked:
We consider that these relatively light verification requirements for signatories are appropriate, given that there is no threshold, and the number of signatures has no procedural effect. On the other hand, the volume of signatures is a matter of political significance, and so some requirements are needed to reduce the prospect of the numbers being inflated through large-scale fake or repeated signatures.
3.90
Mechanisms currently in place to reduce fraudulent behaviour on petitions have been discussed throughout this report.
Committee comment
3.91
The e-petitions system works to balance security and accessibility concerns through providing a range of measures to prevent fraudulent activities. The Committee recognises that any system which aspires to remain as accessible as signing a paper petition cannot completely eliminate the risk of fraudulent signatures.
3.92
When fraudulent activity occurs on petitions, it is usually for the purpose of inflating petition signatures to provide the perception that there is more support for the topic raised than there actually is, or to call into doubt the integrity of signatures in support of a petition. This does not impact the direct effect of a petition, and does not necessarily have a negative impact on the indirect effect of the petition, but may cause concern for adversaries of the topic (or indeed petitioners) or be of political significance.
3.93
The Committee is of the view that the current security mechanisms in place set the appropriate balance between accessibility and security. While fraudulent activity may occur, it is isolated. Given the lack of a signature threshold to prompt a specific action, any fraudulent signatures which are not excluded from a petition’s final signature count are considered an accepted risk.
3.94
Any changes to the current arrangements through additional security mechanisms are not recommended due to their potential to exclude or restrict access to petitioning for people who currently exercise this right.
Mr Ken O’Dowd MP
Chair
June 2021