A breakaway group of JCRs, composed of Trinity, King’s, Jesus, Queens’, Robinson and Lucy Cavendish, are “seriously concerned” by recent reports concerning a data “breach” at Cambridge Student Union, which led to students being “outed without even knowing”.

The JCRs have formed the Cambridge Online Voting Consortium to set up an open-source election system as an alternative to the SU’s ‘outsourced’ election system, electing Jesus College JCR as chair of the consortium last week.

Jesus College JCR President Nicole Ling Yan Lee and other representatives from the consortium told Varsity that they were “shocked to discover that a list of LGBTQ+ students and similar existed on the platform at all”, following Varsity’s report on data issues on the SU’s voting system. The SU is now conducting a student-led inquiry into the data breaches to determine why “the incident occured and was not resolved for over nine months after first being raised”.

Representatives from the consortium told Varsity that the data breaches had been a “foreseeable outcome”, as the SU chose to outsource the development of a “clunky, closed source, obscure piece of voting software”.

The SU had originally used a secure 'basic online ballot' system (BOB) to cast over 300,000 votes in university elections since 2005, where votes were not stored with CSRids and students could transparently verify election results. However, there were problems with the old voting system, as the presence of a list of students who voted in an LGBT+ campaign election could still potentially out LGBTQ+ students.

Varsity understands that when this secure system was retired by the SU in September 2021, concerns were raised that the new system “could not provide the anonymity and verifiability” of the old system. Representatives from the concerned JCRs have said that despite raising these security concerns “the SU decided to proceed with the system switch”.

Earlier this year Varsity reported that chair of the SU student council Fergus Kirman and Sam Carling also claimed to have faced obstacles from the SU when they raised the issue with the data breach.

In response to the difficulty of using this new system, the consortium developed CamVote last year - an open source voting system which promised “verifiability, anonymity and instant-counts”. They have promised that this system, unlike the SU system, would never store data about student self identities. Representatives from the consortium told Varsity that “data which doesn’t exist can’t be breached”.

They argue that CamVote offers “self-governance by and for JCRs and MCRs, without alternative missions or goals which might crop up in a larger organisation”.

“Rather than trusting the SU and their contractors to correctly count an election and have a secure system, the goal of CamVote is to make it so that you don’t have to trust anyone - if you suspect election tampering, you can check for yourself (and we are happy to show people how to do this).”

The election software is also publicly available for scrutiny.

The spokesperson for the consortium continued: “If we want our representatives to be taken seriously, by students and by the University and colleges, there needs to be trust in the way they were elected. Delays to results, not being able to audit results, and confusing voting and election administration all degrade the quality of democracy.”

Last year, members of the Student Council raised concerns about the voting system and proposed to return to the BOB system. The trustees decided not to ditch the new voting system despite concerns over its usability and transparency, citing time constraints before the Lent elections and a desire to reform the existing system.