November 22, 2024

On the future of voting technologies: simplicity vs. sophistication

Yesterday, I testified before a hearing of Colorado’s Election Reform Commission. I made a small plug, at the end of my testimony, for a future generation of electronic voting machines that would use crypto machinery for end-to-end / software independent verification. Normally, the politicos tend to ignore this and focus on the immediately actionable stuff (e.g., current-generation DREs are unacceptably insecure; optical-scan is the best thing presently on the market). Not this time. I got a bunch of questions asking me to explain how a crypto voting system can be verifiable, how you can prove that the machine is behaving properly, and so forth. Pretty amazing. What I realized, however, is that it’s really hard to explain crypto machinery to non-CS people. I did my best, but it was clear from conversations afterward that a few minutes of Q&A did little to give them any confidence that crypto voting machinery really works.

Another of the speakers, Neil McBurnett, was talking about doing variable sampling-rate audits (as a function of how close the tally is). Afterward, he lamented to me, privately, how hard it is to explain basic concepts like what it means for something to be “statistically significant.”

There’s a clear common theme here. How do we explain to the public the basic scientific theories that underly the problems that voting systems face? My written testimony (reused from an earlier hearing in Texas) includes links to papers, and some people will follow up. Others won’t. My big question is whether we have a research challenge to invent progressively simpler systems that still have the right security properties, or whether we have an education challenge to explain that a certain amount of complexity is worthwhile for the good properties that can be achieved. (Uglier question: is it a desirable goal to weaken the security properties in return for greater simplicity? What security properties would you sacrifice?)

Certainly, with our own VoteBox system, which uses a variation on Benaloh‘s voter-initiated ballot challenge mechanism, one of the big open questions is whether real voters, who just want to cast their votes and don’t care about the security mechanisms, will be tripped up by the extra question at the end that’s fundamental to the mechanism. We’re going to need to run human subject tests against these aspects of the machine design, and if they fail in practice, it’s going to be a trip back to the drawing board.

[Sidebar: I’m co-teaching a class on elections with Bob Stein (a political scientist) and Mike Byrne (a psychologist). The students are a mix of Rice undergrads, most of whom aren’t computer scientists. I experimentally built a lecture that began by teaching just enough number theory to explain how El Gamal cryptography works and how it allows for homomorphic vote tallying. Then I described how VoteBox uses this mechanism, and wrapped up with an explanation of how to do Benaloh-style challenges. I left out a lot of details, like how you generate large prime numbers, or how you construct NIZK proofs, but I seemed to have the class along with me for the lecture. If I can sell the idea of end-to-end cryptographic mechanisms to undergraduate non-science students, then there may yet be some hope.]

The future of photography

Several interesting things are happening in the wild world of digital photography as it’s colliding with digital video. Most notably, the new Canon 5D Mark II (roughly $2700) can record 1080p video and the new Nikon D90 (roughly $1000) can record 720p video. At the higher end, Red just announced some cameras that will ship next year that will be able to record full video (as fast as 120 frames per second in some cases) at far greater than HD resolutions (for $12K, you can record video at a staggering 6000×4000 pixels). You can configure a Red camera as a still camera or as a video camera.

Recently, well-known photographer Vincent Laforet (perhaps best known for his aerial photographs, such as “Me and My Human“) got his hands on a pre-production Canon 5D Mark II and filmed a “mock commercial” called “Reverie”, which shows off what the camera can do, particularly its see-in-the-dark low-light abilities. If you read Laforet’s blog, you’ll see that he’s quite excited, not just about the technical aspects of the camera, but about what this means to him as a professional photographer. Suddenly, he can leverage all of the expensive lenses that he already owns and capture professional-quality video “for free.” This has all kinds of ramifications for what it means to cover an event.

For example, at professional sporting events, video rights are entirely separate from the “normal” still photography rights given to the press. It’s now the case that every pro photographer is every bit as capable of capturing full resolution video as the TV crew covering the event. Will still photographers be contractually banned from using the video features of their cameras? Laforet investigated while he was shooting the Beijing Olympics:

Given that all of these rumours were going around quite a bit in Beijing [prior to the announcement of the Nikon D90 or Canon 5D Mark II] – I sat down with two very influential people who will each be involved at the next two Olympic Games. Given that NBC paid more than $900 million to acquire the U.S. Broadcasting rights to this past summer games, how would they feel about a still photographer showing up with a camera that can shoot HD video?

I got the following answer from the person who will be involved with Vancouver which I’ll paraphrase: Still photographers will be allowed in the venues with whatever camera they chose, and shoot whatever they want – shooting video in it of itself, is not a problem. HOWEVER – if the video is EVER published – the lawsuits will inevitably be filed, and credentials revoked etc.

This to me seems like the reasonable thing to do – and the correct approach. But the person I spoke with who will be involved in the London 2012 Olympic Games had a different view, again I paraphrase: “Those cameras will have to be banned. Period. They will never be allowed into any Olympic venue” because the broadcasters would have a COW if they did. And while I think this is not the best approach – I think it might unfortunately be the most realistic. Do you really think that the TV producers and rights-owners will “trust” photographers not to broadcast anything they’ve paid so much for. Unlikely.

Let’s do a thought experiment. Red’s forthcoming “Scarlet FF35 Mysterium Monstro” will happily capture 6000×4000 pixels at 30 frames per second. If you multiply that out, assuming 8 bits per pixel (after modest compression), you’re left with the somewhat staggering data rate of 720MB/s (i.e., 2.6TB/hour). Assuming you’re recording that to the latest 1.5TB hard drives, that means you’re swapping media every 30 minutes (or you’re tethered to a RAID box of some sort). Sure, your camera now weighs more and you’re carrying around a bunch of hard drives (still lost in the noise relative to the weight that a sports photographer hauls around in those long telephoto lenses), but you manage to completely eliminate the “oops, I missed the shot” issue that dogs any photographer. Instead, the “shoot” button evolves into more of a bookmarking function. “Yeah, I think something interesting happened around here.” It’s easy to see photo editors getting excited by this. Assuming you’ve got access to multiple photographers operating from different angles, you can now capture multiple views of the same event at the same time. With all of that data, synchronized and registered, you could even do 3D reconstructions (made famous/infamous by the “bullet time” videos used in the Matrix films or the Gap’s Khaki Swing commercial). Does the local newspaper have the rights to do that to an NFL game or not?

Of course, this sort of technology is going to trickle down to gear that mere mortals can afford. Rather than capturing every frame, maybe you now only keep a buffer of the last ten seconds or so, and when you press the “shoot” button, you get to capture the immediate past as well as the present. Assuming you’ve got a sensor that let’s you change the exposure on the fly, you can also now imagine a camera capturing a rapid succession of images at different exposures. That means no more worries about whether you over or under-exposed your image. In fact, the camera could just glue all the images together into a high-dynamic-range (HDR) image, which yields sometimes fantastic results.

One would expect, in the cutthroat world of consumer electronics, that competition would bring features like this to market as fast as possible, although that’s far from a given. If you install third-party firmware on a Canon point-and-shoot, you get all kinds of functionality that the hardware can support but which Canon has chosen not to implement. Maybe Canon would rather you spend more money for more features, even if the cheaper hardware is perfectly capable. Maybe they just want to make common feature easy to use and not overly clutter the UI. (Not that any camera vendors are doing particularly well on ease of use, but that’s a topic for another day.)

Freedom to Tinker readers will recognize some common themes here. Do I have the right to hack my own gear? How will new technology impact old business models? In the end, when industries collide, who wins? My fear is that the creative freelance photographer, like Laforet, is likely to get pushed out by the big corporate sponsor. Why allow individual freelancers to shoot a sports event when you can just spread professional video cameras all over the place and let newspapers buy stills from those video feeds? Laforet discussed these issues at length; his view is that “traditional” professional photography, as a career, is on its way out and the future is going to be very, very different. There will still be demand for the kind of creativity and skills that a good photographer can bring to the game, but the new rules of the game have yet to be written.

Vote flipping on the Hart InterCivic eSlate

There have been numerous press reports about “vote flipping.” I did an analysis of the eSlate, my local voting machine, including mocked up screen shots, to attempt to explain the issue.

Targeted political spam

I’ve complained about spammers before, but this one is new. I recently received a spam that supports the case of Michael Skelly for Congress, saying negative things about incumbent John Culberson. What’s interesting: this is my home precinct. These people are actually competing for my vote. This leads to the question: how on earth did the Skelly people manage to map my work email address to my home mailing address? Is there a database out there that they used? Maybe they just spammed everybody at my employer, since this particular Congressional district includes our campus; all of our students, in our dorms, who are registered locally will be voting in this particular race.

Part of me wants to bias my voting decision against the idiot candidate who thought that email marketing was a good way to efficiently reach voters. Sadly, that decision will have to be based on more substantial issues, like which candidate I think will perform better in Congress. Instead, I’m going to direct my fire at VerticalResponse, the service provider who the Skelly campaign used to send me the spam. According to their anti-spam policy,

VerticalResponse has no tolerance for the sending of spam and unsolicited mail, and we prohibit the use of third-party, purchased, rented, or harvested mailing lists. Any customer found using VerticalResponse to send such mail is banned from the use of our service.

VerticalResponse takes several steps to keep abuse to a minimum. Among other things, we:

– Interview new clients about both the origins of their mailing lists and their marketing practices. Clients who do not meet our standards are not allowed to use the VerticalResponse service.

– Read most emails before they can go out the door. Email sent through our system goes to a staging area where it is looked over by a member of the VerticalResponse staff. If we have any concerns, the mailing is stopped and we contact the client.

Really? I find that impossible to believe. In what way could any reasonable human have decided that a blob of partisan political attack messaging being delivered to what we can only presume is a non-trivial mailing list is, in any way, anything other than gratuitous spam? For the record, I have never supported either the Democratic or Republican parties financially. I am not a member of either party. The only possible way my email address could have been used is that it was either harvested in bulk, along with other Rice email addresses, or perhaps more charitably, if somebody thought “ahh, that Prof. Wallach seems like he’d be interested political propaganda from our party and/or candidate.” Neither one would appear to be compatible with VerticalResponse’s stated anti-spam policies.

I’ll also note that, while VerticalResponse provides a one-click way for me to opt out of this particular spam source, they provide no way for me to opt out of any other future source or otherwise specify any sort of policy from my end. There’s no way, short of training my spam filter, for me to say “I never want to receive email from VerticalResponse, ever again.” Surely, I figured, I can’t be the first person to complain about them, yet a Google search on any of the usual terms didn’t find anybody else complaining like this.

Instead, I started digging through my historical email. It appears that there have been a handful of VerticalResponse “campaigns” that I considered to be non-spam and have kept. One series of non-spam messages were from a house builder who I thought I might want to use at one point. Another was an update notice for a web service that I use. Historically, I’ve reported one other spam to them, via their abuse email address. They stated, in response, that they removed me from that particular mailing list and would investigate the infraction. I received no subsequent email about the resolution of that case.

Of course, that’s far from everything. Generally, when I get these things, I generally just click the “unsubscribe” link, retrain my spam filter, and move on with life. I haven’t kept count of how many such spams I’ve treated this way.

I did a similar search through my old mail for ConstantContact, one of VerticalResponse’s competitors. I found not a single email, from them to me, that I had kept, although several were forwarded to mailing lists that I archive, so those I kept. I have no records of having ever contacted their abuse department.

Does this mean that one vendor is more spammy than the other, does it mean that one vendor just has more market share than the other, or does it mean that my spam filter is removing more of this stuff before I have to look at it? It’s hard to say without more data.

Okay, big policy question: given that political campaigns and everybody else on the marketing side of the equation deeply loves the idea of targeted email marketing campaigns, how should we accommodate them? Should they be required to provide better proof to to firms like VerticalResponse or ConstantContact that their email addresses were harvested in some proper fashion? How on earth could they actually do such a thing? Short of having users opt-in directly at the email distribution service, everything else boils down to the email service taking the marketer at their word, which seems about as likely to be true as those “no documentation required” mortgages.

Maybe the answer is for “ethical” email distributors to pay fees, per message, perhaps as a government tax. Call it “spam postage”, and tweak the fee structure so the sender ends up paying more money when the recipient hit the “unsubscribe” or “abuse” button. First off, by adding a real monetary expense to the process, senders might be incentivized to reduce their mailing lists. The penalties incentivize them to cull their lists down to their true supporters. The only problem with a structure like this is that it tends to push email marketers away from “ethical” email distribution services and toward either do-it-yourself solutions or toward shady vendors who don’t charge the postage fees. (And, we all know that the real-money postage costs of physical mail do seemingly little to deter all the paper spam that we receive.)

For better or for worse, we’ll never get rid of email spam. Maybe we can filter out recurring messages from Nigerian dictators or overseas pharmacies, but no training-based spam filter is going to be able to learn every new thing to come down the block when it’s still new. The only thing that will ever truly work is if and when people just stop paying attention.

[Sidebar: so how should a political campaign effectively reach people like me to convey their message? I tend to go out and surf their web sites, read their policy papers, and I pay attention to the endorsements of newspapers, bloggers, and others who I trust. For the “down-ballot” races, I tend to spend some quality time with the non-partisan League of Women Voters guide. The LWV asks candidates to respond to a variety of relevant questions, but space constraints limit the answers. An online version could presumably give the candidates space to really explain their positions (and/or firmly demonstrate their lack of clue). At the end of all that, I make a cheat sheet with my favorite candidates and bring it with me to the polls.]

Hurricane Ike status report: electrical power is cool

Today, we checked out the house, again, and lo and behold, it finally has power again!  Huzzah!

All in all, it hasn’t been that bad for us.  We crashed with friends, ate out all the time, and (thankfully) had daycare for our daughter as of Thursday last week.  Indeed, I’m seeing fewer people’s kids around the office this week and more people seem to be getting back into the groove.

Even though Rice wanted classes to restart on Tuesday of last week, the unstated unofficial everybody-get-back-to-work day was really yesterday, Monday, just over a week after the hurricane.  What’s the status of the city?

Many people are still without power, and the power crews are now dealing with harder cases, individually damaged lines, and so forth.  Getting the rest of the city online may well take a good long time.  Another interesting effect is that the rush-hour traffic is beyond insane.  Luckily, our daily commute is short enough that we’re largely immute to this, but traffic lights which reset to blinking red are slowing down everything, to the point that remote freeway exits are backing up into the freeways due to the malfunctioning traffic lights at the intersections below.  The Chron estimates it could be until November until all the traffic lights are repaired.  Ouch.

Naturally, one of the tempting purchases for us is some kind of natural gas powered, permanently installed generator.  I’m sure if I shop around for one now, I’d pay a mint to get it.  Maybe in the off season… Needless to say, I don’t see the city investing to bury all the power lines that run above ground.  They have legitimately higher priorities.  As to me, I sure would have been happy to have had power all the way through this thing, brought to us by the one utility that never had any downtime: our natural gas line.

[Sidebar: it takes a major power outage for you to really appreciate how people got by in the days before electrical power.  Pickling, preserving, and other techniques suddenly seem awfully clever.  Some candles put out an awful lot more light than others.  You can also see why it was a standard architectural feature of old Southern homes to have big outdoor porches — so you’d have somewhere slightly cooler to sleep than indoors.]