July 26, 2017

Archives for December 2007

The "…and Technology" Debate

When an invitation to the facebook group came along, I was happy to sign up as an advocate of ScienceDebate 2008, a grassroots effort to get the Presidential candidates together for a group grilling on, as the web site puts it, “what may be the most important social issue of our time: Science and Technology.”

Which issues, exactly, would the debate cover? The web site lists seventeen, ranging from pharmaceutical patents to renewable energy to stem cells to space exploration. Each of the issues mentioned is both important and interesting, but the list is missing something big: It doesn’t so much as touch on digital information technologies. Nothing about software patents, the future of copyright, net neutrality, voting technology, cybersecurity, broadband penetration, or other infotech policy questions. The web site’s list of prominent supporters for the proposal – rich with Nobel laureates and university presidents, our own President Tilghman among them – shares this strange gap. It only includes one computer-focused expert, Peter Norvig of Google.

Reading the site reminded me of John McCain’s recent remark, (captured in a Washington Post piece by Garrett Graff) that the minor issues he might delegate to a vice-president include “information technology, which is the future of this nation’s economy.” If information technology really is so important, then why doesn’t it register as a larger blip on the national political radar?

One theory would be that, despite their protestations to the contrary, political leaders do not understand how important digital technology is. If they did understand, the argument might run, then they’d feel more motivated to take positions. But I think the answer lies elsewhere.

Politicians, in their perennial struggle to attract voters, have to take into account not only how important an issue actually is, but also how likely it is to motivate voting decisions. That’s why issues that make a concrete difference to a relatively small fraction of the population, such as flag burning, can still emerge as important election themes if the level of voter emotion they stir up is high enough. Tech policy may, in some ways, be a kind of opposite of flag burning: An issue that is of very high actual importance, but relatively low voting-decision salience.

One reason tech policy might tend to punch below its weight, politically, is that many of the most important tech policy questions turn on factual, rather than normative, grounds. There is surprisingly wide and surprisingly persistent reluctance to acknowledge, for example, how insecure voting machines actually are, but few would argue with the claim that extremely insecure voting machines ought not to be used in elections.

On net neutrality, to take another case, those who favor intervention tend to think that a bad outcome (with network balkanization and a drag on innovators) will occur under a laissez-faire regime. Those who oppose intervention see a different but similarly negative set of consequences occurring if regulators do intervene. The debate at its most basic level isn’t about the goodness or badness of various possible outcomes, but is instead about the relative probabilities that those outcomes will happen. And assessing those probabilities is, at least arguably, a task best entrusted to experts rather than to the citizenry at large.

The reason infotech policy questions tend to recede in political contexts like the science debate, in other words, is not that their answers matter less. It’s that their answers depend, to an unusual degree, on technical fact rather than on value judgment.

Computing in the Cloud, January 14-15 in Princeton

The agenda for our workshop on the social and policy implications of “Computing in the Cloud” is now available, along with information about how to register (for free). We have a great lineup of speakers, with panels on “Possession and ownership of data“, “Security and risk in the cloud“, “Civics in the cloud“, and “What’s next“. The workshop is organized by the Center for InfoTech Policy at Princeton, and sponsored by Microsoft.

Don’t miss it!

Ohio Study: Scariest E-Voting Security Report Yet

The State of Ohio released the report of a team of computer scientists it commissioned to study the state’s e-voting systems. Though it’s a stiff competition, this may qualify as the scariest e-voting study report yet.

This was the most detailed study yet of the ES&S iVotronic system, and it confirmss the results of the earlier Florida State study. The study found many ways to subvert ES&S systems.

The ES&S system, like its competitors, is subject to viral attacks that can spread from one voting machine to others, and to the central vote tabulation systems.

Anyone with access to a machine can re-calibrate the touchscreen to affect how the machine records votes (page 50):

A terminal can be maliciously re-calibrated (by a voter or poll worker) to prevent voting for certain candidates or to cause voter input for one candidate to be recorded for another.

Worse yet, the system’s access control can be defeated by a poll worker or an ordinary voter, using only a small magnet and a PDA or cell phone (page 50).

Some administrative functions require entry of a password, but there is an undocumented backdoor function that lets a poll worker or voter with a magnet and PDA bypass the password requirements (page 51).

The list of problems goes on and on. It’s inconceivable that the iVotronic could have undergone any kind of serious security review before being put on the market. It’s also unclear how the machine managed to get certified.

Even if you don’t think anyone would try to steal an election, this should still scare you. A machine with so many design errors must also be susceptible to misrecording or miscounting votes due to the ordinary glitches and errors that always plague computer systems. Even if all poll workers and voters were angels, this machine would be too risky to use.

This is yet more evidence that today’s paperless e-voting machines can’t be trusted.

[Correction (December 18): I originally wrote that this was the first independent study of the iVotronic. In fact, the Florida State team studied the iVotronic first and reported many problems. The new report confirms the Florida State report, and provides some new details. My apologies to the Florida State team for omitting their work.]