April 18, 2014

avatar

Information Facilitating Participation in Elections Must Be Readily Available – Principle #10 for Fostering Civic Engagement Through Digital Technologies

For the final installment of my series of blog posts outlining ten principles that governments and local communities should consider when evaluating whether they are using digital technology effectively to facilitate civic engagement, I will discuss the issue that goes to the core of democracy in our country – the public having access to information about elections. The information that facilitates participation in elections comes from a variety of sources, including local governments ensuring that people are easily able to register to vote, politicians using technology for conversations with the public during campaigns, and members of the public using e-mail, blogs and social media to discuss the candidates’ promises.

Technology as a tool for civic engagement has become an increasingly critical aspect of politics, particularly in urban areas. That’s because one of the factors that has affected political discourse, especially in urban areas – race – is diminishing in salience with the public. In a recent NY Times Op-ed, Thomas Edsall asked the question, “What if Race No Longer Matters in City Politics?” He noted the absence of race as a divisive factor in recent elections in Boston, New York, and Los Angeles. Instead, he argued that income and class shaped the mayoral contests in Boston and New York.

As cities move away from racial politics, the vacuum is being filled, at least in part, by both citizens and politicians focusing on lifestyle issues. Right now, arguably there is nothing that reflects people’s lifestyles more than the wireless devices they carry and the content they choose to consume and share through those devices. And some of that content relates to civic engagement. For example, according to a 2013 Pew study, 67% of all 18-24 year olds engaged in some social network-related political activity in the 12 months preceding the survey. Overall, 39% of adults use social media sites for political or civic activities.

Given that citizens are moving their political activities on-line, it is important that state governments make it easier for people to participate in the political process by making on-line voter registration available. Approximately 15 states currently allow on-line voter registration, while approximately 5 more have passed legislation permitting on-line registration. In addition to added convenience, according to the state of Arizona, paper registration costs 83 cents per registration while each on-line registration costs only 3 cents. To be beneficial for the public though, on-line registration must be secure. CITP Fellow J. Alex Halderman, in an interview with the National Conference of State Legislatures earlier in 2013 recommended, “ensuring that security experts are consulted during design [of an on-line registration system], adequate security testing is undertaken before the system goes live, and ongoing monitoring for threat detection efforts [takes place] while the system is being operated.”

In a recent article in Politico, Columbia University Law School professor Tim Wu suggests that voter participation in Congressional primary elections is so low because of the “convenience gap” between voting and many other modern tasks and proposes increasing participation by moving voting on-line. I disagree with Mr. Wu’s solution partially because I think technology can close the “convenience gap” that makes voting seem burdensome by keeping people connected regularly to the civic and political decision-making process. Since people have the ability through digital technology to be extremely selective about the information they choose to consume, governments and political candidates need to use more targeted methods to reach each constituent with information that’s uniquely important to that person. For example, a person who is registered for Capital Bikeshare – the bike sharing service in the Washington, DC metro area – could register to receive text message alerts about community meetings on bike lanes and transportation policy generally. If a particular series of issues is closely tied to a person’s lifestyle and interests, I think that will drive participation. There will be no need to move to on-line voting now, before the security concerns can be addressed.

People who are invested in their local communities need to continue to experiment with ways to boost civic engagement. In advance of a special election for the City Council in Washington, DC this Spring, three popular local bloggers partnered on the “Let’s Choose DC” website, which posed one question per week to all of the eligible candidates. Candidates provided longer than a sound bite answers to questions about topics such as education, crime, and affordable housing. Readers had the opportunity to vote on the responses. While turnout in the special election was disappointingly low – only 11.32% – participation still improved compared to a 2011 special election that came in at 10.30%. The more that journalists, local businesses, civic activists and government officials recognize the economic and social value of assisting citizens in using technology as a tool for building communities that reflect their members’ needs and aspirations, the stronger local communities will become.

avatar

Top Tech Policy Stories of 2013

As the year draws to a close, it’s time to review the top tech policy stories of 2013.

(1) NSA Surveillance. The most important story by far was the revelations about the scope and scale of surveillance by the U.S. National Security Agency and allied services. It took a major leak of documents by Edward Snowden to enable this conversation. Those of us in the independent security community were not suprised that the NSA had these capabilities in the abstract, but we were surprised at the scale and aggressiveness with which the agency has been eavesdropping on people all around the world, and even on Americans on U.S. soil. Snowden’s documents allowed us to push past the superficial denials, quasi-denials, and occasional lies that had shielded the agency’s practices for years. The implications of this story will take years to unfold.

(2) Aaron Swartz. Aaron’s death at the beginning of the year was a kick in the gut to many of us. We lost a thoughtful and talented activist who saw the best that technology could enable, due to an overzealous prosecutor wielding overly harsh laws, enabled by Aaron’s own bad judgement. If any good came from this tragedy, it was in the soul-searching at MIT and elsewhere about how to reconcile technical creativity with the desires of an increasingly powerful state.

(3) Bitcoin. The cryptocurrency hit the mainstream this year, with governments, investors, and academics all trying to understand its dynamics and implications. This story too will take years to unfold. Whether or not Bitcoin survives in the long run, it has opened the door to a new era of technically enabled currencies.

(4) Drones and robots. From drones to self-driving cars, this is an issue that began to hit the mainstream in 2013. Expect it to move higher on the list in upcoming years.

(5) 3-D printing. A bit farther from the mainstream policy discussion, but also likely to rise on the list as the technology continues to mature.

(6) Commercial privacy. Although it was pushed down the list by the attention lavished on government intrusions on privacy, the issues around commercial data collection continued a slow boil this year.

(7) Fairness and algorithms. Concern increased about the effect of complex data-driven algorithms on people, especially around fairness issues such as the thin line between personalization and redlining, and questions of digital due process.

(8) Cell phone unlocking. Consumers insisted on the ability to unlock their phones, and the policy community listened. The big question going forward is whether this is the beginning of a trend away from regulating consumers’ use of the technologies they have purchased.

(9) The TPP process and trade negotiations generally. Pressure mounted on the U.S. government to provide some transparency into the Trans Pacific Partnership negotiations, and more generally to be more open about trade negotiations and to refrain from using trade agreements as a backdoor path to creating new restrictive intellectual property laws.

avatar

RSA doesn’t quite deny undermining customers’ crypto

Reuters reported on Saturday that the NSA had secretly paid RSA Data Security $10 million to make a certain flawed algorithm the default in RSA’s BSAFE crypto toolkit, which many companies relied on. RSA issued a vehement but artfully worded quasi-denial. Let’s look at the story, and RSA’s denial.
[Read more...]

avatar

Software backdoors and the White House NSA panel report

Yesterday the five-member panel appointed by the President to review “Intelligence and Communications Technologies” issued its report. The report is serious and substantial, and makes 46 specific recommendations for change. I expect to have a lot to say about the report and its aftermath, but for today I want to focus on one small aspect: what the report says about the possibility that the NSA inserted backdoors into software products.
[Read more...]

avatar

Judge Leon explains why the NSA uses everyone’s metadata

There are many interesting things to discuss in Judge Leon’s opinion from yesterday, finding the NSA’s phone metadata program likely unconstitutional. In this post, I’ll focus on an interesting bit of computer science in the judge’s ruling, and I’ll explain why the judge’s computer science argument is actually more powerful than he realized.
[Read more...]

avatar

How to protect yourself against NSA tracking

Jonathan Mayer and I have a new piece in Slate about how the NSA piggybacks on the web tracking activities of advertisers and other services. Essentially, the trackers tag computers and smartphones with unique tracking IDs that are attached to web requests, and the NSA uses those tracking IDs to follow users. I wrote last week about how tracking companies can protect their users by switching to HTTPS, the standard encrypted web protocol.

Unless and until the trackers turn on HTTPS, it’s down to us as users to protect ourselves from NSA tracking. The one and only way to do this is to prevent the sending of tracking IDs by your browser or phone. Let’s talk about how to do that.
[Read more...]

avatar

The Politics of the EU Court Data Retention Opinion: End to Mass Surveillance?

The Wall Street Journal headlines: “EU Court Opinion: Data Retention Directive Incompatible With Fundamental Rights”. The Opinion is strong, but in fact not yet an outright victory to privacy and civil liberties. The jury is out: the Opinion is a non-binding, but influential advice to the E.U. Court, that will deliver its final judgment come next spring. Now is a perfect moment to analyze the Opinion, as well as the institutional politics of the E.U. Court — critical in understanding the two-tier approach to surveillance and fundamental rights in Europe. The two-tier approach converges, after 60 years, when the E.U. accedes to the European Convention of Human Rights anytime soon. Amidst the Snowden revelations, these are the fundamental legal developments that will ultimately answer the question whether European law can end mass surveillance.

[Read more...]

avatar

Privacy and Cloud Computing in Public Schools

As reported today by the New York Times here, we are releasing our research study this morning on “Privacy and Cloud Computing in Public Schools.”    Districts across the country are widely and rapidly adopting cloud services to fulfill educational objectives and take advantage of opportunities for cost savings and 24/7 services.  Disturbingly, privacy protection for the children’s data is essentially lost in the cloud.

Our study looked at all the cloud computing contracts, district policies and parent notices from a national sample of school districts.  We focused on K-12 public schools and examined how school districts addressed privacy when they transferred student information to cloud computing service providers.

The key findings are: [Read more...]

avatar

How to stop spies from piggybacking on commercial Web tracking

Tonight the Washington Post published a story about the NSA’s eavesdropping on the unique tracking cookies used by advertisers and analytics companies to identify their users. By capturing these unique identifiers the NSA was able to re-identify users whom it had seen earlier. In short, the NSA could piggyback on commercial tracking to track users itself.

The standard tracking methods used by companies today are vulnerable to this kind of surveillance—tracking causes your browser to transmit unique identifiers that can be used by an eavesdropper to identify and track you.

The easiest way to protect users against this threat is to refrain from tracking. But if sites are going to track users, this can be done in ways that avoid surveillance. In this post I’ll talk about how to do surveillance-proof tracking.
[Read more...]

avatar

Princeton CS research on secure communications

Continuing our series on security research here at Princeton Computer Science, I’d like to talk about how new information about government surveillance is driving research on how to secure communications.

For a long time, users and companies have been slow to adopt secure, encrypted communication technologies. The new surveillance environment changes that, with companies racing to deploy security technologies. Mostly, they’re deploying known security measures rather than inventing new ones. At the same time, researchers are working on developing new security measures.

Our work in this area falls into three main areas: understanding what is vulnerable to surveillance; making security practical for users; and reconciling appropriate surveillance with oversight. [Read more...]