Democratic Rights and Legislative Duties in the Time of COVID-19
The COVID-19 pandemic has affected many sectors in normal life due to its physical distancing consequence. This affects our democratic life such as the inevitable hybrid meeting of parliaments around the world. The hybrid meeting consists of participants who attend either remotely or physically in the parliament building. This approach replaces the traditional meeting with the physical presence of all members of parliament because it is not possible especially due to many countries policy of closing borders. For example, European Parliament has accommodated remote participations in meetings of its parliament members since March 2020. The hybrid meeting depends heavily on technologies such as videoconferencing, web streaming (live and recording), and online voting.
The uniqueness of the hybrid meeting of parliaments compared with other online systems such as online classes is the legal responsibility of the remote participants to ensure that democratic rights are being observed and legislative duties are being addressed. As the saying goes “there is nothing new under the sun”, a similar system with the high legal requirement has also been around for some years. The system is a videoconferencing in cross-border court proceedings in the European Union, where the comprehensive guide covering organizational, technical and legal aspects has been provided by the General Secretariat of the European Union (since 2013). What is videoconferencing in court proceedings about? It is a videoconferencing for experts, witnesses, and other parties who are not able to be present physically in courtrooms or witness rooms and still need to fulfill the legal basis of the process. What can we learn from this to apply to hybrid meetings of parliament? This article presents this topic focusing on technicality and the security and privacy issues.
- Once upon a Committee Meeting
Committee on Transportation and Tourism meeting was held in Brussels, on Monday, June 8, 2020 and the Committee discussed transport aspects of the EU Recovery Plan and revised the long-term EU budget for 2021-2027. The meeting had several remote participants and was recorded. Both the live web streaming and the recording were made publicly available. In the meeting live interpretation was provided when the speaker was visible meaning that either the speaker was physically in the room or remote with video on.
Let us first observe the quality of the recording. We can see the following:-
Visual blur on many of remote participants video such as around minute 65 (Vind Marianne), around minute 72 (Paulus Jutta), and around minute 89 (Vitanov Petar).
-
Visual of non-face (i.e. devices like cable) around minute 57 (Rovana Plumb).
-
Shaking on visual and not full visual around minute 79 (Lundgren Peter).
-
No visual around minute 78 due to connection problem (Ertug Ismail).
-
Fail connection and being skipped around minute 80 and returned around minute 82 (Rookmaker Dorien).
-
Voice echo in around minute 21 (Marinescu Marian).
-
From this observation of only one component (video recording) we can already see that several technical standards for videoconferencing were not followed such as “videoconferencing equipment, … all equipment components should as far as possible be standardised on the basis of the same types of equipment and the same configuration.” (p18).
Another case is “Cameras ... The cameras should preferably be fixed, and they should have several pre-set positions for panning, tilting and zooming; one of the possible positions should be pre-set as a preference.” (p19).
All in all, we can conclude that the video recording itself does not really conform to “True-to-life principle” (p17) where “The objective is to make the videoconferencing session as close as possible to the usual practice in any court where evidence is taken in open court.”
- Bringing the Users and Organizers Together
Learning from our use case, we will discuss the security and privacy issues involved in hybrid meetings of parliament platform with components such as videoconferencing, web streaming (live and recording), and online voting, with the following two sides:-
User side:
-
Awareness of cybersecurity
-
Technical assets for remote access
-
-
Organizer side[1]
-
Trusted computing based on trusted hardware
-
Verifiable software
-
Secure cloud and networking technologies
-
- User side
- Awareness of cybersecurity
The remote participants who use the platform for virtual sitting must have security awareness and if not must be trained for such. The goal is to avoid issues such as:- Installing platform software from unofficial site which can be a malware[2]
- Phishing scams asking for joining a video conference which steals credentials[3]
- An overprivileged video conferencing application by using web version which sits in a sandbox in the browser when possible instead of installing an application suggested by information-security company Kaspersky[4]
- Technical assets for remote access
The remote participants who use the platform for virtual sitting must have satisfactory assets for remote access and if not must be provided for such. The goal is to avoid issues such as:- Hardware shutdown during connection due to power outage which can be considered as availability issue[5]
- Slow connection and breaking during the meeting which can be considered as availability and integrity issues[6]
- Vulnerable webcams which are accessible to unauthorized users which can be considered as confidentiality and privacy issue[7]
- Awareness of cybersecurity
- Organizer side
- Trusted computing based on trusted hardware
Considering the integration of various components such as videoconferencing, web streaming (live and recording), and online voting, it is known that a system is as secure as its weakest link. It is common to take hardware for granted as a secure system which may be an incorrect assumption. This is because computing hardware has its own security issues such as branch direction prediction attacked by Spectre Variant 1 (CVE-2017-5753 (Spectre, Variant 1, Bounds Check Bypass). Therefore, it raises the need to use trusted hardware such as Trusted Platform Module (TPM, also known as ISO/IEC 11889) which is a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. - Verifiable software
The software integrated to the virtual chamber must be verified or if not, it must be open sourced[9] such as Helios for online elections system or openly reviewed such as Zoom proposal for end-to-end encryption[10] for video conferencing. The goal is to avoid software vulnerabilities such as:- Zoom client application chat Giphy arbitrary file write[11]
- Zoom client application chat Code Snippet Remote Code Execution vulnerability[12]
- Zoombombing when an unauthorized person joins a Zoom meeting
- Secure cloud and networking technologies
The network integrated to the virtual chamber must be private or if not, it must be secured. This is aligned with practical consideration suggested by the European Union for videoconferencing in cross-border court proceedings namely “Attention should also be drawn to both the reliability and the security of transmissions which should be ensured ” (p12). The goal is to avoid cloud and network vulnerabilities such as:- Security risks related with streaming video[13] such as stream grabbing and uploading[14]
- Security risks related with data routing such as route manipulation or route hijacking[15] which requires that the platform integrated must offer the ability to choose through which region of the world their data would be routed[16]
- Trusted computing based on trusted hardware
-
- Conclusion
We have seen the various components of hybrid meetings of parliament such as videoconferencing, web streaming (live and recording), and online voting. We have also discussed some of their quality requirements and technical issues including security and privacy issues. Hence, we have learned that we may not be able to always solve all the issues technically and additional measures must be taken. An example of such measure is “During Plenary, those present will take the floor, according to the speakers’ list” to avoid issues related with videoconferencing. Another measure is during online voting, i.e. in addition to online voting “Members are still required to print, sign and send back the ballot paper, and only this signed ballot paper makes their vote valid and therefore recorded in the minutes of the sitting”. In the end, we may say that today’s hybrid meetings of parliament are not yet ideal, but considering the current situation, it is good enough for us to keep our democratic rights and legislative duties going in the time of COVID-19.
