Sunday, March 07, 2010
urban renewal, greenwashing, technoyouth, and Internet voting utopianism
This is in reaction to the Elections Canada Internet voting event, some of the followup to it, and the ongoing trend for Canadian municipalities to adopt Internet voting (as well as the announcement that the province of Alberta will investigate it as well).
Our society loves the new. This is sometimes good, and sometimes appallingly, disastrously bad.
We had decades of "urban renewal", starting in the 50s and gaining momentum in the 60s, that with traffic planning as an essential element, very nearly destroyed the downtown cores of many cities in Canada, and actually succeeded in destroying the cores of many US cities. New is not always better. We are now, with enormous effort and expense, slowly attempting to undo some of the worse excesses of urban renewal, rebuilding and reinhabiting city cores, restricting the previously unlimited role of the fast-moving car in urban planning.
The people at the time had legitimate concerns. They found their cities old and tired, the trolleys familiar and worn. They literally could not imagine that their dense urban neighbourhoods would, rather than being improved by sweeping expressways and demolishing "urban blight", instead be turned into a dead landscape of poverty and neglect. Good intentions can have terrible consequences. We almost always cannot predict the future.
But Internet voting is an area where we actually have a tremendous asset, a community of computer security experts. UPDATE: As well, we can look the the experiences of other countries and jurisdictions. And we can look at other types of online activities. We can make some good guesses about the future. The experts tell us that computer networks are very hard to secure. Other countries show us that the complexity of a good technology implementation can lead to high expenditures with private companies, unsatisfactory results, and law suits. The ongoing, continuous security compromises of existing systems, with credit card numbers and other high-value information repeatedly stolen, tells us we are far from a world of high security on the public Internet. ENDUPDATE
We also have a recent trend of greenwashing - corporations that want to make money, but cloak it in some new language of social responsibility or environmentalism. Less paper is not always good. What consumes more resources, a single piece of paper you use once, or a computer in a data centre that is on 24 hours a day, 7 days a week, 365 days a year, requiring round-the-clock high physical and network security? In any case, since when is the foundation of democracy about how "green" your election is? Elections hinge on trustworthy results. You want a green election? How about we just all hold up our hands and someone writes the result down on a chalkboard? No paper wasted! No electricity burned! Making some vague green claims about reduced paper consumption is a diversion from critical, core process and security issues associated with Internet voting.
This is not to mention the fact that a good chunk of the supposed "savings" from Internet voting comes from eliminating polling places, from eliminating polling place workers. Do you seriously want a voting system that is less human, that involves fewer people, that has fewer eyes to identify and report problems?
In the most egregious example of Internet voting mythmaking, the myth of the technoyouth. The argument, almost always made by someone who is not young, almost always made without any supporting evidence whatsoever, goes as follows: young people "naturally" use technology, enjoy technology, interact with technology. If you can just "technologize" something, young people will use it.
This is utter nonsense. Young people like doing young people things. They do them with whatever tools are at hand. They don't think about the technology, it's background noise. They think about the activity. Making an activity that people aren't interested in available on a platform that they use, will not make them interested. The examples for this are trivial. It's a signature of the myth of the new that we are able to actually believe that somehow "the old rules" don't apply once you put a blinking light on something. You want an easy example: I watch TV. I watch shows I like on TV. I am not interested in sports. There are acres of sports on TV. You know what, this does not make me interested in sports. No one cares about technology channel for technology's sake except actual technologists. If you put boring middle-aged leaders talking about boring policies for senior citizens in a little video windows on a 20-year-old's iPhone, this is not going to make them interested in politics. It's nonsensical.
The overwhelming majority of the evidence from the few large scale examples we had at the Elections Canada Internet Voting discussion is that putting voting on the Internet doesn't magically translate into everyone who uses the Internet suddenly voting. It's just makes it easier for the people who already vote.
If you want turnout, then have a TURNOUT STRATEGY. A button on a web page is not a turnout strategy. Real turnout strategies might include:
* online and offline engagement with voters on issues they actually care about
- This is not easy. Real citizens have inconvenient interests. If you want to see how inconvenient true engagement can be, watch supposed super-Internet-connector Obama immediately dismiss even the possibility of a rational discussion about drug (specifically marijuana) policy, every single time it inevitably rises to the top of an Internet engagement attempt.
* Make election day a holiday
* Hold elections on Saturdays
* Put polling places everywhere - in workplaces, in grocery stores, wherever people actually go in their actual modern lives, not some theoretical church and community centre life that hasn't existed for decades
* Making voting mandatory, as it is in Australia
Notice how little of this involves technology.
Lastly, I want to address Internet voting utopianism. I would have thought the dotcom boom would have killed this, but it didn't. Life is not an endless progress towards a better and better world. Just because something is new, doesn't mean it is either inevitable or beneficial. The French Revolution loved their clean, modern new technology: the guillotine. There are lots of things that make no sense to do over the Internet. Just because it's there, doesn't mean you have to use it, IF IT ISN'T THE BEST SOLUTION.
Internet voting solves no problems, and introduces huge new ones, including:
* massive security issues at every step of the very long chain
* massive chain of custody issues
* massive privacy issues
* massive coercion issues
* handing over the core infrastructure of democracy to private companies and/or invisible government technologists
* creating a voting system that no one without a degree in computer science can actually understand
It will not save money except in some narrow sense. You can work numbers so that it looks like you're saving - oh look how much we save if we don't provide some education or some healthcare, as long as we ignore the huge future costs of impoverished people who are in and out of prison and huge numbers of expensive emergency room visits.
Oh look how much we save if we don't provide paper ballots - as long as we ignore the ongoing costs of data centres, legal challenges, and fundamentally undermining trust in our democracy.
Here's a simple thought experiment: would you hand a stranger $10 and ask them to deliver it to City Hall? A $100 bill? A million dollar bill? How much is your vote worth, how much is a national election worth? This is not banking, where you know the bank, they know you, and every single step along the way is auditable and reversable. This is a one-time handover of a treasure, your vote, to layer after layer of systems programmed by strangers, that you cannot inspect the internal workings of, where even the administrators of the systems can never truly know what is going on internally (a computer can always pretend to be executing one program, while actually executing another), in a system where you CANNOT VERIFY THE RESULT (because any system that lets you check how you voted, must inevitably provide the capacity for someone malicious to determine how you voted).
Internet voting is a lose-lose situation. The easier you make it to vote online, the more convenient, the less complicated, the less encumbered by multiple steps and complexity, the easier you make it for a hacker to steal the election. Worse than that, it is quite likely it is actually impossible to secure the election to the multi-billion-dollar risk level that would be appropriate, you simply cannot provide that level of assurance using the public Internet. The best you can do is involve every possible computer security expert at every step of the process, and then have a very highly informed acceptance of an extremely high level of risk. I don't see anything even close to this happening, other than in the Estonian system, which requires a unique national ID certificate for every single citizen and even then doesn't address issues like coercion.
In brief, this is really hard, maybe impossible to do well, and just as with the half-assed Windows-based electronic voting machines visited upon the American people by Diebold (now part of ES&S, an elections vendor that provides technology to Canadian elections), I don't see anyone taking even close to the level of necessary care in the current Canadian Internet voting situations.
Which brings me to my concluding point: to do this well requires an extraordinary level of computer expertise, testing, auditing, risk assessment, and 24/7/365 datacentre security, and a huge set-aside for potential legal challenges in case of fraud accusations. This inconvenient truth exposes the lie of Internet voting as being an easy, cost-saving citizen convenience, and so in most cases what I see is Internet voting advocates who are either ignorant of these issues, ignoring these issues, or deliberately trying to spin them.
Our society loves the new. This is sometimes good, and sometimes appallingly, disastrously bad.
We had decades of "urban renewal", starting in the 50s and gaining momentum in the 60s, that with traffic planning as an essential element, very nearly destroyed the downtown cores of many cities in Canada, and actually succeeded in destroying the cores of many US cities. New is not always better. We are now, with enormous effort and expense, slowly attempting to undo some of the worse excesses of urban renewal, rebuilding and reinhabiting city cores, restricting the previously unlimited role of the fast-moving car in urban planning.
The people at the time had legitimate concerns. They found their cities old and tired, the trolleys familiar and worn. They literally could not imagine that their dense urban neighbourhoods would, rather than being improved by sweeping expressways and demolishing "urban blight", instead be turned into a dead landscape of poverty and neglect. Good intentions can have terrible consequences. We almost always cannot predict the future.
But Internet voting is an area where we actually have a tremendous asset, a community of computer security experts. UPDATE: As well, we can look the the experiences of other countries and jurisdictions. And we can look at other types of online activities. We can make some good guesses about the future. The experts tell us that computer networks are very hard to secure. Other countries show us that the complexity of a good technology implementation can lead to high expenditures with private companies, unsatisfactory results, and law suits. The ongoing, continuous security compromises of existing systems, with credit card numbers and other high-value information repeatedly stolen, tells us we are far from a world of high security on the public Internet. ENDUPDATE
We also have a recent trend of greenwashing - corporations that want to make money, but cloak it in some new language of social responsibility or environmentalism. Less paper is not always good. What consumes more resources, a single piece of paper you use once, or a computer in a data centre that is on 24 hours a day, 7 days a week, 365 days a year, requiring round-the-clock high physical and network security? In any case, since when is the foundation of democracy about how "green" your election is? Elections hinge on trustworthy results. You want a green election? How about we just all hold up our hands and someone writes the result down on a chalkboard? No paper wasted! No electricity burned! Making some vague green claims about reduced paper consumption is a diversion from critical, core process and security issues associated with Internet voting.
This is not to mention the fact that a good chunk of the supposed "savings" from Internet voting comes from eliminating polling places, from eliminating polling place workers. Do you seriously want a voting system that is less human, that involves fewer people, that has fewer eyes to identify and report problems?
In the most egregious example of Internet voting mythmaking, the myth of the technoyouth. The argument, almost always made by someone who is not young, almost always made without any supporting evidence whatsoever, goes as follows: young people "naturally" use technology, enjoy technology, interact with technology. If you can just "technologize" something, young people will use it.
This is utter nonsense. Young people like doing young people things. They do them with whatever tools are at hand. They don't think about the technology, it's background noise. They think about the activity. Making an activity that people aren't interested in available on a platform that they use, will not make them interested. The examples for this are trivial. It's a signature of the myth of the new that we are able to actually believe that somehow "the old rules" don't apply once you put a blinking light on something. You want an easy example: I watch TV. I watch shows I like on TV. I am not interested in sports. There are acres of sports on TV. You know what, this does not make me interested in sports. No one cares about technology channel for technology's sake except actual technologists. If you put boring middle-aged leaders talking about boring policies for senior citizens in a little video windows on a 20-year-old's iPhone, this is not going to make them interested in politics. It's nonsensical.
The overwhelming majority of the evidence from the few large scale examples we had at the Elections Canada Internet Voting discussion is that putting voting on the Internet doesn't magically translate into everyone who uses the Internet suddenly voting. It's just makes it easier for the people who already vote.
If you want turnout, then have a TURNOUT STRATEGY. A button on a web page is not a turnout strategy. Real turnout strategies might include:
* online and offline engagement with voters on issues they actually care about
- This is not easy. Real citizens have inconvenient interests. If you want to see how inconvenient true engagement can be, watch supposed super-Internet-connector Obama immediately dismiss even the possibility of a rational discussion about drug (specifically marijuana) policy, every single time it inevitably rises to the top of an Internet engagement attempt.
* Make election day a holiday
* Hold elections on Saturdays
* Put polling places everywhere - in workplaces, in grocery stores, wherever people actually go in their actual modern lives, not some theoretical church and community centre life that hasn't existed for decades
* Making voting mandatory, as it is in Australia
Notice how little of this involves technology.
Lastly, I want to address Internet voting utopianism. I would have thought the dotcom boom would have killed this, but it didn't. Life is not an endless progress towards a better and better world. Just because something is new, doesn't mean it is either inevitable or beneficial. The French Revolution loved their clean, modern new technology: the guillotine. There are lots of things that make no sense to do over the Internet. Just because it's there, doesn't mean you have to use it, IF IT ISN'T THE BEST SOLUTION.
Internet voting solves no problems, and introduces huge new ones, including:
* massive security issues at every step of the very long chain
* massive chain of custody issues
* massive privacy issues
* massive coercion issues
* handing over the core infrastructure of democracy to private companies and/or invisible government technologists
* creating a voting system that no one without a degree in computer science can actually understand
It will not save money except in some narrow sense. You can work numbers so that it looks like you're saving - oh look how much we save if we don't provide some education or some healthcare, as long as we ignore the huge future costs of impoverished people who are in and out of prison and huge numbers of expensive emergency room visits.
Oh look how much we save if we don't provide paper ballots - as long as we ignore the ongoing costs of data centres, legal challenges, and fundamentally undermining trust in our democracy.
Here's a simple thought experiment: would you hand a stranger $10 and ask them to deliver it to City Hall? A $100 bill? A million dollar bill? How much is your vote worth, how much is a national election worth? This is not banking, where you know the bank, they know you, and every single step along the way is auditable and reversable. This is a one-time handover of a treasure, your vote, to layer after layer of systems programmed by strangers, that you cannot inspect the internal workings of, where even the administrators of the systems can never truly know what is going on internally (a computer can always pretend to be executing one program, while actually executing another), in a system where you CANNOT VERIFY THE RESULT (because any system that lets you check how you voted, must inevitably provide the capacity for someone malicious to determine how you voted).
Internet voting is a lose-lose situation. The easier you make it to vote online, the more convenient, the less complicated, the less encumbered by multiple steps and complexity, the easier you make it for a hacker to steal the election. Worse than that, it is quite likely it is actually impossible to secure the election to the multi-billion-dollar risk level that would be appropriate, you simply cannot provide that level of assurance using the public Internet. The best you can do is involve every possible computer security expert at every step of the process, and then have a very highly informed acceptance of an extremely high level of risk. I don't see anything even close to this happening, other than in the Estonian system, which requires a unique national ID certificate for every single citizen and even then doesn't address issues like coercion.
In brief, this is really hard, maybe impossible to do well, and just as with the half-assed Windows-based electronic voting machines visited upon the American people by Diebold (now part of ES&S, an elections vendor that provides technology to Canadian elections), I don't see anyone taking even close to the level of necessary care in the current Canadian Internet voting situations.
Which brings me to my concluding point: to do this well requires an extraordinary level of computer expertise, testing, auditing, risk assessment, and 24/7/365 datacentre security, and a huge set-aside for potential legal challenges in case of fraud accusations. This inconvenient truth exposes the lie of Internet voting as being an easy, cost-saving citizen convenience, and so in most cases what I see is Internet voting advocates who are either ignorant of these issues, ignoring these issues, or deliberately trying to spin them.
Labels: canada, internet voting
Comments:
Thanks much for your post. You have elegantly expressed the major points against voting by computer.
I'd like to add some hard data to the cautions that you raise. Here is the short version of a letter I sent tonight to the editor London Free Press. I'll post the long version as a subsquent comment.
----------------------------------------------------------------------
Is Internet voting an idea whose time has come?
No, it's a recipe for disaster.
* In 2004, the U. S. Pentagon dumped plans for Internet voting when a panel of security experts expressed horror at the idea: "Because the danger of successful, large-scale attacks is so great, we reluctantly recommend shutting down the development of SERVE immediately and not attempting anything like it in the future until both the Internet and the world's home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear...." Some attacks, they caution, "would be extremely difficult to detect, even in cases when they change the outcome of a major election."
* In 2009, an Internet flaw was discovered that would allow hackers to secretly divert users onto imposter websites. Such a site could alter ballots before resending them to their true destination.
* In April 2009, the New York Times reported that the U. S. military is constantly battling attempted intrusions from the Internet.
Why isn't this common knowledge? Perhaps public officials should use the Internet more...to research their proposals.
Roy Lipscomb, Directory for Technology
Illinois Ballot Integrity Project
ballot-integrity.org
I'd like to add some hard data to the cautions that you raise. Here is the short version of a letter I sent tonight to the editor London Free Press. I'll post the long version as a subsquent comment.
----------------------------------------------------------------------
Is Internet voting an idea whose time has come?
No, it's a recipe for disaster.
* In 2004, the U. S. Pentagon dumped plans for Internet voting when a panel of security experts expressed horror at the idea: "Because the danger of successful, large-scale attacks is so great, we reluctantly recommend shutting down the development of SERVE immediately and not attempting anything like it in the future until both the Internet and the world's home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear...." Some attacks, they caution, "would be extremely difficult to detect, even in cases when they change the outcome of a major election."
* In 2009, an Internet flaw was discovered that would allow hackers to secretly divert users onto imposter websites. Such a site could alter ballots before resending them to their true destination.
* In April 2009, the New York Times reported that the U. S. military is constantly battling attempted intrusions from the Internet.
Why isn't this common knowledge? Perhaps public officials should use the Internet more...to research their proposals.
Roy Lipscomb, Directory for Technology
Illinois Ballot Integrity Project
ballot-integrity.org
Is Internet voting an idea whose time has come?
No, it's a recipe for disaster.
* In 2004, the U. S. Pentagon dumped plans for Internet voting when a panel of security experts expressed horror at the idea: "Because the danger of successful, large-scale attacks is so great, we reluctantly recommend shutting down the development of SERVE immediately and not attempting anything like it in the future until both the Internet and the world's home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear...." Some attacks, they caution, "would be extremely difficult to detect, even in cases when they change the outcome of a major election."
[A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE), http://www.servesecurityreport.org/ ]
* In 2007, the authors of the above report felt the need to reiterate their conclusions [ http://www.servesecurityreport.org/SERVE_Jr_v5.3.pdf ]
* In 2009, an Internet flaw was discovered that would allow hackers to secretly divert users onto imposter websites. Such a site could alter ballots before resending them to their true destination. [Google "DNS poisoning." Also see http://www.informationweek.com/news/internet/security/showArticle.jhtml?articleID=208808229 ]
* In April of 2009, the New York Times reported that the Internet is becoming a cyber battlefield. [ "U.S. Steps Up Effort on Digital Defenses," http://www.nytimes.com/2009/04/28/us/28cyber.html?_r=2&hp ] Some excerpts:
"Thousands of daily attacks on federal and private computer systems in the United States- many from China and Russia, some malicious and some testing chinks in the patchwork of American firewalls - have prompted the Obama administration to review American strategy."
"'We have seen Chinese network operations inside certain of our electricity grids,' said Joel F. Brenner, who oversees counterintelligence operations for Dennis Blair, Mr. McConnell's successor as national intelligence director, speaking at the University of Texas at Austin this month. 'Do I worry about those grids, and about air traffic control systems, water supply systems, and so on? You bet I do.'"
"Just before Mr. Obama was elected, the Center for Strategic and International Studies, a policy research group in Washington, warned in a report that 'America's failure to protect cyberspace is one of the most urgent national security problems facing the new administration.'"
"What alarmed the panel was not the capabilities of individual hackers but of nations- China and Russia among them- that experts believe are putting huge resources into the development of cyberweapons. A research company called Team Cymru recently examined 'scans' that came across the Internet seeking ways to get inside industrial control systems, and discovered more than 90 percent of them came from computers in China."
"Air Force officials confirm that a large network of computers at Maxwell Air Force Base in Alabama was temporarily taken off-line within the past eight months when it was put at risk of widespread infection from computer viruses."
"Today, when Pentagon computers are subjected to a barrage, the origin is often a mystery. "
Why isn't this common knowledge? Perhaps public officials should use the Internet more...to research their proposals.
Roy Lipscomb, Directory for Technology
lipscomb@ballot-integrity.org
Illinois Ballot Integrity Project
http://ballot-integrity.org
Post a Comment
No, it's a recipe for disaster.
* In 2004, the U. S. Pentagon dumped plans for Internet voting when a panel of security experts expressed horror at the idea: "Because the danger of successful, large-scale attacks is so great, we reluctantly recommend shutting down the development of SERVE immediately and not attempting anything like it in the future until both the Internet and the world's home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear...." Some attacks, they caution, "would be extremely difficult to detect, even in cases when they change the outcome of a major election."
[A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE), http://www.servesecurityreport.org/ ]
* In 2007, the authors of the above report felt the need to reiterate their conclusions [ http://www.servesecurityreport.org/SERVE_Jr_v5.3.pdf ]
* In 2009, an Internet flaw was discovered that would allow hackers to secretly divert users onto imposter websites. Such a site could alter ballots before resending them to their true destination. [Google "DNS poisoning." Also see http://www.informationweek.com/news/internet/security/showArticle.jhtml?articleID=208808229 ]
* In April of 2009, the New York Times reported that the Internet is becoming a cyber battlefield. [ "U.S. Steps Up Effort on Digital Defenses," http://www.nytimes.com/2009/04/28/us/28cyber.html?_r=2&hp ] Some excerpts:
"Thousands of daily attacks on federal and private computer systems in the United States- many from China and Russia, some malicious and some testing chinks in the patchwork of American firewalls - have prompted the Obama administration to review American strategy."
"'We have seen Chinese network operations inside certain of our electricity grids,' said Joel F. Brenner, who oversees counterintelligence operations for Dennis Blair, Mr. McConnell's successor as national intelligence director, speaking at the University of Texas at Austin this month. 'Do I worry about those grids, and about air traffic control systems, water supply systems, and so on? You bet I do.'"
"Just before Mr. Obama was elected, the Center for Strategic and International Studies, a policy research group in Washington, warned in a report that 'America's failure to protect cyberspace is one of the most urgent national security problems facing the new administration.'"
"What alarmed the panel was not the capabilities of individual hackers but of nations- China and Russia among them- that experts believe are putting huge resources into the development of cyberweapons. A research company called Team Cymru recently examined 'scans' that came across the Internet seeking ways to get inside industrial control systems, and discovered more than 90 percent of them came from computers in China."
"Air Force officials confirm that a large network of computers at Maxwell Air Force Base in Alabama was temporarily taken off-line within the past eight months when it was put at risk of widespread infection from computer viruses."
"Today, when Pentagon computers are subjected to a barrage, the origin is often a mystery. "
Why isn't this common knowledge? Perhaps public officials should use the Internet more...to research their proposals.
Roy Lipscomb, Directory for Technology
lipscomb@ballot-integrity.org
Illinois Ballot Integrity Project
http://ballot-integrity.org