May 21, 2018

Archives for February 2009

Final version of Government Data and the Invisible Hand

Thanks to the hard work of our patient editors at the Yale Journal of Law and Technology, my coauthors and I can now share the final version of our paper about online transparency, Government Data and the Invisible Hand.

If you have read the first version, you know that our paper is informed by a deep disappointment with the current state of the federal government’s Internet presence. A naive viewer, like we once were, might look at the chaos of clunky sites in .gov and entertain doubts about the webmasters who run those sites. But that would be—was, on our part—a mistake. We’re happy to set the record straight today.

Barack Obama’s web team is certainly one of the best that has ever been assembled. His staff did a fantastic job on the campaign site, and produced an also excellent, if slightly less dynamic, transition site at Change.gov. On its way to the White House, however, a team comprised of many of the same people seemed to lose its mojo. The complaints about the new Whitehouse.gov site—slow to be updated, lacking in interactivity—are familiar to observers of other .gov sites throughout the government.

What happened? It’s not plausible to suppose that Obama’s staffers have somehow gotten worse as they have moved from campaign to transition to governance. Instead, they have faced an increasingly stringent and burdensome array of regulations as they have become progressively more official. The transition was a sort of intermediate phase in this respect, and the new team now faces the Presidential Records Act, the Paperwork Reduction Act, and a number of other pre-Internet statutory obligations. This experience teaches that the limitations of the federal web reflect the thicket of rules to which such sites are subject—not the hardworking people who labor under those rules.

One of the most exciting things about the new administration’s approach to online media is the way it seeks to enable federal webmasters to move beyond some of the limitations of dated policies, using their expertise to leverage government data online.

My coauthors and I look forward to continuing to work on these issues. We are humbled to recognize the remarkable reservoir of talent and energy that is being brought to bear on the problem, from both within and beyond government.

The Future of News: We're Lucky They Haven't Tried Macropayments

Regular readers will know that the newspaper industry is in dire shape: revenues off by 20% in just the last year, with more than 15,000 jobs lost in that period. This map tells the story better than any writing could. The market capitalizations of newspaper firms, which reflect investor expectations about future performance, have fallen even more precipitously. In short, it’s hard to exaggerate how dire the situation facing the industry is. If you were in charge of a newspaper, survival in any form possible would rationally be your all-consuming focus.

Walter Isaacson, the former editor of TIME magazine and current President of the Aspen Institute, wrote a column last week arguing that newspapers should squeeze revenue out of their web sites through “micropayments.” It’s an idea with a long, but not very successful, history: Isaacson himself points out that Ted Nelson, the inventor of hypertext, imagined micropayments for written content back in the early 1960s.

Small payments, on the order of a dollar, work well for some kinds of highly valued, contextualized content, like a book to your Kindle or a song to your iPod. But “micro” payments on the order of a nickel—the figure Isaacson mentions for a hypothetical news story—have never taken off. Transaction costs, caused by things like credit card processing, are usually cited as the reason, but I’ve never found that view persuasive: It’s not hard to set up a system in which micro transactions are aggregated into parcels of at least a few dollars before being channeled through our existing credit card infrastructure.

The Occam’s razor explanation for the persistent failure of micropayments is much simpler: People hate them. The niggling feeling of being charged a marginal amount for each little thing you do exacts a psychological cost that often suffices to undermine the pleasure of the good or service you receive on an a la carte basis. That’s why monthly gym memberships, pay-one-price amusement parks, and subscription services like Netflix or, come to think of it, regular cable are popular, even when a la carte options would be (financially) cheaper for consumers.

Michael Kinsley, the former editor of Slate, responded to Isaacson in a piece headlined You Can’t Sell News by the Slice. His basic message: We tried getting users to pay for content online—in Slate’s case, as an inexpensive annual subscription—and it didn’t work. One problem noted by both Isaacson and Kinsley is that readers have come to expect content to be free, and when individual papers have tried to start charging, they’ve failed.

What can the papers do? Isaacson is on to something when he says:

Another group that benefits from free journalism is Internet service providers. They get to charge customers $20 to $30 a month for access to the Web’s trove of free content and services. As a result, it is not in their interest to facilitate easy ways for media creators to charge for their content. Thus we have a world in which phone companies have accustomed kids to paying up to 20 cents when they send a text message but it seems technologically and psychologically impossible to get people to pay 10 cents for a magazine, newspaper or newscast.

If struggling news outlets were really bold—and grimly realistic about how little they have to lose, from a business point of view—they might decide to seek revenue at the ISP level. The plan: Begin segmenting site visitors by ISP, and charge ISPs for content. Under this plan, if your ISP has paid the news syndicate, you get to see the news. If you try to visit one of the participating sites and your ISP has not paid the syndicate, then you see a different page, possibly a page that urges you to call your ISP and demand access to the syndicated content. It’s the same model controversially adopted by ESPN360.com (go ahead, check and see if you have access or not). I imagine a hypothetical where a handful of top papers, such as the New York Times, Washington Post, and LA Times, jointly with TIME and Newsweek, form a syndicate that charges ISPs a fixed rate per user-month of access. ISPs, in other words, would make a small number of large (“macro”) payments to content providers, and these would be a primary source of revenue for these outlets, along with advertising.

I am, as Paul Ohm might urge me to say, NAL (Not a Lawyer), but I suspect that such a syndicate might well pass antitrust scrutiny. The syndicate would certainly not make it hard to find news on the web: it would simply make it hard to find certain high quality sources. Participating publications might elect to offer free access to certain population segments, who cannot pay or would experience a concentrated public interest harm, such as users from developing countries. ESPN360, for example, reportedly gives free access to anyone who surfs in from a .edu domain. (No doubt this is also a marketing tactic.)

For some definitions of the term “net neutrality,” such a move by news providers would be a violation of net neutrality. Other definitions of the term would place this behavior outside of its scope. But no matter how you look at it, the substance of such a move would be troubling: it would amount to removing these great sources of journalism from the Internet proper, and placing them instead in a kind of walled garden. If that trend took off and became very widespread, it could amount to a return to the bad old days of walled garden services like AOL and Prodigy.

A second good argument that this situation would be undesirable is that it would force all users of a particular ISP to pay for content that only some users want to access. There’s a sense in which such cross-subsidies are already the norm: those who use their ISP subscriptions for email and web browsing subsidize the heavier network usage of video aficionados and other leading-edge consumers who are way out on the tail and use the lion’s share of the bandwidth. But this, in its deliberateness, would be a new and different level.

A third good argument against this idea is that it would introduce awkward relationships between news outlets and ISPs, in a manner that would impair news coverage of the Internet and telecommunications industries.

Fourthly, there’s the possibility that people will pirate the blocked content systematically by using systems like TOR to access the news content via approved endpoints. (My own thought is that this probably isn’t the strongest argument, since many users are uninterested in this sort of maneuver or even the easy Firefox plugin that would likely arise to enable it. Plus, the content syndicate would pool its resources toward aggressive litigation to stem this trend. Plus, the payments would be extracted from law abiding ISPs, not individual users.)

I can imagine a potentially compelling case being made that such behavior by content providers should be regulated or outlawed. But today I think it is neither. And given the news industry’s desperation, the fact that such a move would be unpopular could turn out to be moot if they can persuade ISPs to pay. If someone capable and hardworking set out to sell the idea to a group of newspaper and newsmagazine publishers, I fear they might prove quite persuasive.

Rethinking the voting system certification process

Lawsuits! Everybody’s filing lawsuits. Premier Election Systems (formerly Diebold) is suing SysTest, one of the EAC’s testing authorities (or, more properly, former testing authorities, now that the EAC is planning to suspend their accreditation). There’s also a lawsuit between the State of Ohio and Premier over whether or not Premier’s voting systems satisfy Ohio’s requirements. Likewise, ES&S is being sued by San Francisco, the State of California, and the state of Oregon. A Pennsylvania county won a judgment against Advanced Voting Systems, after AVS’s systems were decertified (and AVS never even bothered showing up in court to defend themselves). And that’s just scratching the surface.

What’s the real problem here? Electronic voting systems were “certified”, sold, deployed, and then turned out to have a variety of defects, ranging from “simple” bugs to a variety of significant security flaws. Needless to say, it takes time, effort, and money to build better voting machines, much less to push them through the certification process. And nobody really understands what the certification process even is anymore. In the bad old days, a “federally certified voting system” was tested by one of a handful of “independent testing authorities” (ITAs), accredited by the National Association of State Election Directors, against the government’s “voluntary voting system guidelines” (the 2002 edition, for the most part). This original process demonstrably failed to yield well-engineered, secure, or even particularly usable voting systems. So how have things improved?

Now, NASED has been pushed aside by the EAC, and the process has been glacial. So far as I can tell, no electronic voting system used in the November 2008 election had code that was in any way different from what was used in the November 2006 election.

Regardless of whether we jettison the DREs and move to optical scan, plenty of places will continue using DREs. And there will be demand for new features in both DREs and optical scanners. And bug fixes. The certification pipeline must be vigilant, yet it needs to get rolling again. In a hurry, but with great caution and care. (Doesn’t sound very feasible, I know.)

Okay, then let’s coerce vendors to build better products! Require the latest standards! While brilliant, in theory, such a process is doomed to continue the practical failures (and lawsuits) that we’re seeing today. The present standards are voluminous. They are also quite vague where it matters because there is no way to write a standard that’s both general-enough to apply to every possible voting system and specific-enough to adequately require good development practices. The present standards err, arguably correctly, on the vague side, which then requires the testing authorities to do some interpretation. Doing that properly requires competent testing labs and competent developers, working together.

Unfortunately, they don’t work together at all (never mind issues of competence). The current business model is that developers toil away, perhaps talking to their customers, but not interacting with the certification process at all until they’re “done,” after which they pitch the system over the wall, write a big check, and cross their fingers that everything goes smoothly. If the testing authority shoots it down, they need to sort out why and try again. Meanwhile, you’ve got the Great States of California and Ohio doing their own studies, with testers like yours truly who don’t particularly care what the standards say and are instead focused on whether the machines are robust in the face of a reasonable threat model. Were the problems we found outside of the standards’ requirements? We don’t care because they’re serious problems! Unfortunately, from the vendor’s perspective, they now need to address everything we found, and they have no idea whether or not they’ll get it right before they may or may not face another team of crack security ninjas.

What I want to see is a grand bargain. The voting system vendors open up their development processes to external scrutiny and regulation. In return, they get feedback from the certifying authorities that their designs are sound before they begin prototyping. Then they get feedback that their prototypes are sound before they flesh out all the details. This necessarily entails the vendors letting the analysts in on their bugs lists (one of the California Secretary of State’s recommendations to the EAC), further increasing transparency. Trusted auditors could even look at the long-term development roadmap and make judgments that incremental changes, available in the short term, are part of a coherent long-term plan to engineer a better system. Alternately, the auditors could declare the future plans to be a shambles and refuse to endorse even incremental improvements. Invasive auditing would give election authorities the ability to see each vendor’s future, and thus reach informed decisions about whether to support incremental updates or to dump a vendor entirely.

Where can we look for a a role model for this process? I initially thought I’d write something here about how the military procures weapon systems, but there are too many counter-examples where that process has gone wrong. Instead, let’s look at how houses are built (or, at least, how they should be built). You don’t just go out, buy the lumber and nails, hire people off the street, and get banging. Oh no! You start with blueprints. Those are checked off by the city zoning authorities, the neighborhood beauty and integrity committee, and so forth. Then you start getting permits. Demolition permits. Building permits. Electrical permits. At each stage of construction, city inspectors, the prospective owners, and even the holders of the construction loan, may want to come out and check it out. If, for example, there’s an electrical problem, it’s an order of magnitude easier to address it before you put up the interior walls.

For voting systems, then, who should do the scrutiny? Who should scrutinize the scrutineers? Where’s the money going to come from to pay for all this scrutiny? It’s unclear that any of the testing authorities have the deep skills necessary to do the job. It’s similarly unclear that you can continually recruit “dream teams” of the best security ninjas. Nonetheless, this is absolutely the right way to go. There are only a handful of major vendors in the e-voting space, so recruiting good talent to audit them, on a recurring part-time basis, is eminently feasible. Meta-scrutiny comes from public disclosure of the audit reports. To save some money, there are economies of scale to be gained from doing this at the Federal level, although it only takes a few large states to band together to achieve similar economies of scale.

At the end of the day, we want our voting systems to be the best they can be, regardless of what technology they happen to be using. I will argue that this ultimately means that we need vendors working more closely with auditors, whether we’re considering primitive optical scanners or sophisticated end-to-end cryptographic voting schemes. By pushing the adversarial review process deeper into the development pipeline, and increasing our transparency into how the development is proceeding, we can ensure that future products will be genuine improvements over present ones, and hopefully avoid all these messy lawsuits.

[Sidebar: what about protecting the vendors’ intellectual property? As I’ve argued before, this is what copyrights and patents are about. I offer no objection to vendors owning copyright on their code. Patents are a bit trickier. If the auditors decide that some particular feature should be mandatory and one vendor patents it, then every other vendor could potentially infringe the patent. This problem conceivably happens today, even without the presence of invasive auditors. Short of forbidding voting machine patents as a prerequisite for voting system certification, this issue will never go away entirely. The main thing that I want to do away with, in their entirety, are trade secrets. If you want to sell a voting machine, then you should completely waive any trade secret protection, ultimately yielding a radical improvement in election transparency.]