December 23, 2024

Archives for 2004

California Decertifies Touch-Screen Voting

Looks like I missed the significance of this story last week (by Kim Zetter at Wired News). California Secretary of State Kevin Shelley decertified all touch-screen voting machines, not just the Diebold systems whose decertification had been recommended by the state’s voting-systems panel.

Some counties may be able to get their machines recertified if they can meet a set of security requirements: the machines must be certified by the Federal government, provide a voter-verified paper trail, have a security plan that meets certain criteria, have source code disclosed to the Secretary of State and his designees (subject to reasonable confidentiality provisions), have a documented development process, no be modified at the last minute, have no network connections (including Internet, wireless, or phone connections), and a few other requirements.

Shelley condemned Diebold’s actions in California, calling them “despicable” and “deceitful tactics”. He referred evidence of possible fraud by Diebold to the state Attorney General’s office.

In a related story, Ireland recently decided not to use e-voting in their next election, due to security concerns.

Dare To Be Naive

Ernest Miller at CopyFight has an interesting response to my discussion yesterday of the Broadcast Flag. I wrote that the Flag is bad regulation, being poorly targeted at the goal of protecting TV broadcasts from Internet redistribution. Ernie replies that the Flag is actually well-targeted regulation, but for a different purpose:

[Y]ou’d have to be an idiot to think that the broadcast flag would prevent HDTV content from making it onto the internet. Since I don’t believe that the commissioners are that stupid, I can only conclude that the FCC is acting quite cynically in support of an important constituency of theirs, the broadcasters *cough*regulatorycapture*cough*.

In other words, the purported purpose of the broadcast flag (to prevent HDTV from getting onto the internet) is not the real purpose of the broadcast flag, which appears to be to give content providers more control over the average citizen’s ability to make use of media.

Ernie’s theory, that the movie industry and the FCC are using “content protection” as a smokescreen to further a secret agenda of controlling media technology, fits the facts pretty well. And quite a few experienced lobbyists seem to believe it. Still, I don’t think it’s right to argue against the Broadcast Flag on that basis.

First, even if you believe the theory, it’s often a useful debating tactic to pretend that the other side actually believes what they say they believe. It’s hard to prove that someone is lying about their own beliefs and motivations; it can be much easier to prove that their asserted beliefs don’t justify their conclusions. And proving that the official rationale for the Flag is wrong would do some good.

Second, if Ernie’s theory is right, the fix is in and there’s not much we can do about future Broadcast Flag type regulation. If we want to change things, we might as well act on the assumption that it matters whether the official rationale for the Flag is right.

And finally, I am convinced that at least some people in the movie industry, and at least some people at the FCC, actually believe the official rationale. I think this because of what these people say in private, after a few (literal or metaphorical) beers, and because of how they react when the official rationale for the Flag is challenged. Even in private, industry or FCC people often react to criticism of the official rationale with real passion and not just with platitudes. Either these (non-PR) people are extraordinarily good at staying on-message, or they really believe (as individuals) what they are saying.

So although Ernie’s theory is very plausible, I will dare to be na

Where Does Your Government Stand on the WIPO Broadcasting Treaty?

The Union for the Public Domain is asking for help in surveying national governments about their (the governments’) positions on the WIPO Broadcast Treaty. The UPD is looking for volunteers who are willing to contact the appropriate representatives of their national government, ask the representatives a series of questions provided by the UPD, record the answers, and submit them to the UPD. The UPD will collate the results and create a handy summary of where each government stands on the Treaty.

Regulating Stopgap Security

I wrote previously about stopgap security, a scenario in which there is no feasible long-term defense against a security threat, but instead one resorts to a sequence of measures that have only short-term efficacy. Today I want to close the loop on that topic, by discussing how government might regulate fields that rely on stopgap security. I’ll assume throughout that government has some reason (which may be wise or unwise) to regulate, and that the regulation is intended to support those deploying stopgap measures to defend their systems.

The first thing to note is that stopgap areas are inherently difficult to regulate, as stopgap security causes the technological landscape to change even faster than usual. The security strategy is to switch rapidly between short-term measures; and, because adversaries tend to defeat whole families of measures at once, the measures adopted tend to vary widely over time. It is very difficult for any regulatory scheme to keep up. In stopgap areas, regulation should be viewed with even more skepticism than usual.

If we must regulate stopgap areas, the regulation must strive to be technology-neutral. Regulation that mandates one technical approach, or even one family of approaches, is likely to block necessary adaptation. Even if no technology is mandated, regulations tend to encode technological assumptions, in their basic structure or in how they define terms; and these assumptions are likely to become invalid before long, making the regulatory scheme fit the defensive technology poorly.

One of the rules for stopgap security technology is to avoid approaches that impose a long-term cost in order to get a short-term benefit. The same is true for regulation. A regulatory approach should not impose long-term costs (such as compliance costs) in order to bolster a technical approach that offers only short-term benefits. Any regulation that requires all devices to do something, for the indefinite future, would therefore be suspect. Equally so, any regulation that creates compatibility barriers between compliant devices and non-compliant devices would be suspect, since the incompatibility would frustrate attempts to stop using the compliant technology once it becomes ineffective.

Finally, it is important not to shift the costs of a security strategy away from the people who decide whether to adopt that strategy. Stopgap measures carry an unusually high risk of having a disastrous cost-benefit ratio; in the worst case they impose significant long-term costs in exchange for limited, short-term benefit. If the party choosing which stopgap to use is also the party who has to absorb any long-term cost, then that party will be suitably cautious. But if regulation shifts the potential long-term cost onto somebody else, then the risk of disastrous technical choices gets much larger.

By this point, alert readers will be thinking “This sounds like an argument against the broadcast flag.” Indeed, the FCC’s broadcast flag violates most of these rules: it mandates one technical approach (providing flexibility only within that approach), it creates compatibility barriers between compliant and non-compliant devices, and it shifts the long-term cost of compliance onto technology makers. How can the FCC have made this mistake? My guess is that they didn’t, and still don’t, realize that the broadcast flag is only a short-term stopgap.

Off-the-record Conferences

In writing about the Harvard Speedbump conference, I noted that its organizers declared it to be off the record, so that statements made or positions expressed at the conference would not be attributed publicly to any particular person or organization. JD Lasica asks, quite reasonably, why this was done: “Can someone explain to me why a conference needs to be ‘off the record’ in order for people to exchange ideas freely? What kind of society are we living in?”

This is the second off-the-record conference I have been to in my twenty years as a researcher. The first was a long-ago conference on parallel computing. Why that one was off the record was a mystery to me then, and it still is now. Nobody there had anything controversial to say, and no participant was important enough that anyone outside a small research community would even care what was said.

As to the recent Speedbump conference, I can at least understand the motivation for putting it off the record. Some of the participants, like Cary Sherman from RIAA and Fritz Attaway from MPAA, would be understood as speaking for their organizations; and the hope was that such people might depart from their talking points and speak more freely if they knew their statements wouldn’t leave that room.

Overall, there was less posturing at this meeting than one usually sees at similar meetings. My guess is that this wasn’t because of the off-the-record rule, but just because some time has passed in the copyright wars and cooler heads are starting to prevail. Nobody at the meeting took a position that really surprised me.

As far as I could tell, there were only two or three brief exchanges that would not have happened in an on-the-record meeting. These were discussions of various deals that either might be made between different entities, or that one entity had quietly offered to another in the past. For me, these discussions were less interesting than the rest of the meeting: clearly no deal could be made in a room with thirty bystanders, and the deals that were discussed were of the sort that savvy observers of the situation might have predicted anyway.

In retrospect, it looks to me like the conference needn’t have been off the record. We could just as easily have followed the rule used in at least one other meeting I have attended, with everything on the record by default, but speakers allowed to place specific statements off the record.

To some extent, the off-the-record rule at the conference was a consequence of blogging. In pre-blog days, this issue could have been handled by not inviting any reporters to the meeting. Nowadays, at any decent-sized meeting, odds are good that several of the participants have blogs; and odds are also good that somebody will blog the meeting in real time. On the whole this is a wonderful thing; nobody has the time or money to go to every interesting conference.

I have learned a lot from bloggers’ conference reports. It would be a shame to lose them because people are afraid of being quoted.

[My plan still calls for one more post on the substance of the conference, as promised yessterday.]