June 24, 2017

Lessons of 2016 for U.S. Election Security

The 2016 election was one of the most eventful in U.S. history. We will be debating its consequences for a long time. For those of us who pay attention to the security and reliability of elections, the 2016 election teaches some important lessons. I’ll review some of them in this post.

First, though, let’s review what has not changed. The level of election security varies considerably from place to place in the United States, depending on management, procedures, and of course technology choices. Places that rely on paperless voting systems, such as touchscreen voting machines that record votes directly in computer memories (so-called DREs), are at higher risk, because of the malleability of computer memory and the lack of an auditable record of the vote that was seen directly by the voter. Much better are systems such as precinct-count optical scan, in which the voter marks a paper ballot and feeds the ballot through an electronic scanner, and the ballot is collected in a ballot box as a record of the vote. The advantage of such a system is that a post-election audit that compares a random sample of paper ballots to the corresponding electronic records can verify with high confidence that the election results are consistent with what voters saw. Of course, you have to make the audit a routine post-election procedure.

Now, on to the lessons of 2016.

The first lesson is that nation-state adversaries may be more aggressive than we had thought. Russia took aggressive action in advance of the 2016 U.S. election, and showed signs of preparing for an attack that would disrupt or steal the election. Fortunately they did not carry out such an attack–although they did take other actions to influence the election. In the future, we will have to assume the presence of aggressive, highly capable nation-state adversaries, which we knew to be possible in principle before, but now seem more likely.

The second lesson is that we should be paying more attention to attacks that aim to undermine the legitimacy of an election rather than changing the election’s result. Election-stealing attacks have gotten most of the attention up to now–and we are still vulnerable to them in some places–but it appears that external threat actors may be more interested in attacking legitimacy.

Attacks on legitimacy could take several forms. An attacker could disrupt the operation of the election, for example, by corrupting voter registration databases so there is uncertainty about whether the correct people were allowed to vote. They could interfere with post-election tallying processes, so that incorrect results were reported–an attack that might have the intended effect even if the results were eventually corrected. Or the attacker might fabricate evidence of an attack, and release the false evidence after the election.

Legitimacy attacks could be easier to carry out than election-stealing attacks, as well. For one thing, a legitimacy attacker will typically want the attack to be discovered, although they might want to avoid having the culprit identified. By contrast, an election-stealing attack must avoid detection in order to succeed. (If detected, it might function as a legitimacy attack.)

The good news is that steps like adopting auditable paper ballots and conducting routine post-election audits are useful against both election-stealing and legitimacy attacks. If we have strong evidence of voter intent, this will make election-stealing harder, and it will make falsified evidence of election-stealing less plausible. But attacks that aim to disrupt the election process may require different types of defenses.

One thing is certain: election workers have a very difficult job, and they need all of the help they can get, from the best technology to the best procedures, if we are going to reach the level of security we need.

What does it mean to ask for an “explainable” algorithm?

One of the standard critiques of using algorithms for decision-making about people, and especially for consequential decisions about access to housing, credit, education, and so on, is that the algorithms don’t provide an “explanation” for their results or the results aren’t “interpretable.”  This is a serious issue, but discussions of it are often frustrating. The reason, I think, is that different people mean different things when they ask for an explanation of an algorithm’s results.

Before unpacking the different flavors of explainability, let’s stop for a moment to consider that the alternative to algorithmic decisionmaking is human decisionmaking. And let’s consider the drawbacks of relying on the human brain, a mechanism that is notoriously complex, difficult to understand, and prone to bias. Surely an algorithm is more knowable than a brain. After all, with an algorithm it is possible to examine exactly which inputs factored in to a decision, and every detailed step of how these inputs were used to get to a final result. Brains are inherently less transparent, and no less biased. So why might we still complain that the algorithm does not provide an explanation?

We should also dispense with cases where the algorithm is just inaccurate–where a well-informed analyst can understand the algorithm but will see it as producing answers that are wrong. That is a problem, but it is not a problem of explainability.

So what are people asking for when they say they want an explanation? I can think of at least four types of explainability problems.

The first type of explainability problem is a claim of confidentiality. Somebody knows relevant information about how a decision was made, but they choose to withhold it because they claim it is a trade secret, or that disclosing it would undermine security somehow, or that they simply prefer not to reveal it. This is not a problem with the algorithm, it’s an institutional/legal problem.

The second type of explainability problem is complexity. Here everything about the algorithm is known, but somebody feels that the algorithm is so complex that they cannot understand it. It will always be possible to answer what-if questions, such as how the algorithm’s result would have been different had the person been one year older, or had an extra $1000 of annual income, or had one fewer prior misdemeanor conviction, or whatever. So complexity can only be a barrier to big-picture understanding, not to understanding which factors might have changed a particular person’s outcome.

The third type of explainability problem is unreasonableness. Here the workings of the algorithm are clear, and are justified by statistical evidence, but the result doesn’t seem to make sense. For example, imagine that an algorithm for making credit decisions considers the color of a person’s socks, and this is supported by unimpeachable scientific studies showing that sock color correlates with defaulting on credit, even when controlling for other factors. So the decision to factor in sock color may be justified on a rational basis, but many would find it unreasonable, even if it is not discriminatory in any way. Perhaps this is not a complaint about the algorithm but a complaint about the world–the algorithm is using a fact about the world, but nobody understands why the world is that way. What is difficult to explain in this case is not the algorithm, but the world that it is predicting.

The fourth type of explainability problem is injustice. Here the workings of the algorithm are understood but we think they are unfair, unjust, or morally wrong. In this case, when we say we have not received an explanation, what we really mean is that we have not received an adequate justification for the algorithm’s design.  The problem is not that nobody has explained how the algorithm works or how it arrived at the result it did. Instead, the problem is that it seems impossible to explain how the algorithm is consistent with law or ethics.

It seems useful, when discussing the explanation problem for algorithms, to distinguish these four cases–and any others that people might come up with–so that we can zero in on what the problem is. In the long run, all of these types of complaints are addressable–so that perhaps explainability is not a unique problem for algorithms but rather a set of commonsense principles that any system, algorithmic or not, must attend to.

Job Opening: Associate Director at Princeton CITP

Princeton’s Center for Information Technology Policy (CITP), which, among other things, hosts Freedom to Tinker, is looking for a new Associate Director. Please come and work with us!

CITP is an interdisciplinary nexus of expertise in technology, engineering, public policy, and the social sciences. In keeping with the strong University tradition of service, the Center’s researchteaching, and events address digital technologies as they interact with society.

The Associate Director is the primary public face of CITP and plays a vital role in the management and direction of the Center, as the principal administrator for our core research, education and outreach both on campus and beyond. The position involves a combination of academic and administrative tasks.

This individual develops, plans and executes the Center’s lecture series, workshops and policy briefings; recruits visiting researchers and policy experts, coordinating the selection and appointment process; contributes to the Center’s research initiatives; promotes and supports the Center’s undergraduate certificate offerings and other student programs; develops the Center budget in collaboration with the Director and is responsible for the careful and appropriate management of Center funds; edits the Center’s research blog; performs day-to-day Center operations; cultivates high profile research collaborations and joint public events with other institutions; manages public communications through the website and print materials; coordinates grant writing and development initiatives as appropriate; and supervises two administrative staff members.

This is a 3 year term position with the possibility of renewal.

All applicants must apply on the Princeton’s job website, requisition number: 2017-7403: