October 11, 2024

Posts Comments

Internet Voting in Union Elections?

March 16, 2011 by

The U.S. Department of Labor (DOL) recently asked for public comment on a fascinating issue: what kind of guidelines should they give unions that want to use “electronic voting” to elect their officers? (Curiously, they defined electronic voting broadly to include computerized (DRE) voting systems, vote-by-phone systems and internet voting systems.)

As a technology policy researcher with the NSF ACCURATE e-voting center, I figured we should have good advice for DOL.

(If you need a quick primer on security issues in e-voting, GMU’s Jerry Brito has just posted an episode of his Surprisingly Free podcast where he and I work through a number of basic issues in e-voting and security. I’d suggest you check out Jerry’s podcast regularly as he gets great guests (like a podcast with CITP’s own Tim Lee) and really digs deep into the issues while keeping it at an understandable level.)

The DOL issued a Request for Information (PDF) that asked a series of questions, beginning with the very basic, “Should we issue e-voting guidelines at all?” The questions go on to ask about the necessity of voter-verified paper audit trails (VVPATs), observability, meaningful recounts, ballot secrecy, preventing flawed and/or malicious software, logging, insider threats, voter intimidation, phishing, spoofing, denial-of-service and recovering from malfunctions.

Whew. The DOL clearly wanted a “brain dump” from computer security and the voting technology communities!

It turns out that labor elections and government elections aren’t as different as I originally thought. The controlling statute for union elections (the LMRDA) and caselaw* that has developed over the years require strict ballot secrecy–such that any technology that could link a voter and their ballot is not allowed–both during voting and in any post-election process. The one major difference is that there isn’t a body of election law and regulation on top of which unions and the DOL can run their elections; for example, election laws frequently disallow campaigning or photography within a certain distance of an official polling place while that would be hard to prohibit in union elections.

After a considerable amount of wrangling and writing, ACCURATE submitted a comment, find it here in PDF. The essential points we make are pretty straightforward: 1) don’t allow internet voting from unsupervised, uncontrolled computing devices for any election that requires high integrity; and, 2) only elections that use voter-verified paper records (VVPRs) subject to an audit process that uses those records to audit the reported election outcome can avoid the various types of threats that DOL is concerned with. The idea is simple: VVPRs are independent of the software and hardware of the voting system, so it doesn’t matter how bad those aspects are as long as there is a robust parallel process that can check the result. Of course, VVPRs are no panacea: they must be carefully stored, secured and transported and ACCURATE’s HCI researchers have shown that it’s very hard to get voters to consistently check them for accuracy. However, those problems are much more tractable than, say, removing all the malware and spyware from hundreds of thousands of voter PCs and mobile devices.

I must say I was a bit surprised to see the other sets of comments submitted, mostly by voting system vendors and union organizations, but also the Electronic Privacy Information Center (EPIC). ACCURATE and EPIC seem to be lone voices in this process “porting” what we’ve learned about the difficulties of running secure civic elections to the labor sphere. Many of the unions talked about how they must have forms of electronic, phone and internet voting as their constituencies are spread far and wide, can’t make it to polling places and are concerned with environmental impacts of paper and more traditional voting methods. Of course, we would counter that accommodations can be made for most of these concerns and still not fundamentally undermine the integrity of union elections.

Both unions and vendors used an unfortunate rhetorical tactic when talking about security properties of these systems: “We’ve run x hundreds of elections using this kind of technology and have never had a problem/no one has ever complained about fraud.” Unfortunately, that’s not how security works. Akin to adversarial processes like financial audits, security isn’t something that you can base predictions of future performance on past results. That is, the SEC doesn’t say to companies that their past 10 years of financials have been in order, so take a few years off. No, security requires careful design, affirmative effort and active auditing to assure that a system doe not violate the properties it claims.

There’s a lot more in our comment, and I’d be more than happy to respond to comments if you have questions.

* Check out the “Court Cases” section of the Federal Register notice linked to above.

Filed Under: Other Topics Tagged With:

A Legacy at Risk: How the new Ministry of Culture in Brazil reversed its digital agenda

March 14, 2011 by

Former Brazilian president Luiz Inacio Lula da Silva has become a prominent figure in the political world. When he completed his second and last term last December, 87% of Brazilians approved his government, an unprecedented high rate. So it is not surprising that his successor Dilma Roussef, the first woman elected president in Brazil, took office with his strong support and the promise of continuity.

However, disappointment about that promise is growing, at least in regard to one of Lula’s landmark policies: his support to the so-called “digital culture” policies. “Digital Culture” is the expression Brazilians use to refer to a broad agenda. It derives from the principle that technology is a crucial tool for cultural policies, especially because it allows the democratization of access, and the production and dissemination of cultural artifacts. It includes also the reform of copyright, especially because the Brazilian copyright has become notoriously restrictive, preventing consumers from uploading their CD´s into an iPod, a library from digitizing an old book for preservation, or a professor from using excerpts of a film in classroom. Finally, the digital culture agenda also includes the support to open licensing models, such as free software or Creative Commons.

These policies were successfully deployed by Gilberto Gil, a popular musician appointed Minister of Culture in 2003. He was profiled as early as 2004 by Wired Magazine as a champion of free culture and free software. Mr. Gil became such a popular politician in the country that some started calling him “the Lula of Lula”, in reference to his high popularity and progressive policies, within an already popular and progressive government.

Mr. Gil’s policies were continued by his successor (and former chief of staff) Juca Ferreira, who was appointed Minister of Culture in 2008 after Gil resigned to devote more time to his music career. One of the most successful policies implemented by Gil/Juca was the creation of the so-called “cultural hotspots”. The program provides resources to grassroots cultural initiatives and organizations to acquire multimedia production equipment and broadband Internet. More than 4,000 hotspots were created, spread over more than 1,000 cities in the country. Many of them in poor areas, rural communities, or favelas (shanty towns).

Mr. Gil described the idea of the hotspots as an “anthropological tao-in”, in reference to the Chinese therapeutic massage that when applied to the right spots of the body, awakens its internal energy. According to his view, with the right incentives, it was possible to energize and foster cultural practices in places often neglected. His view was that every citizen should be considered a producer, and not only a consumer of culture. The hotspots should provide the tools necessary for access, production, and dissemination of local culture, especially for those coming from poor or peripheral areas.

Information technology and the hacker ethic was an integral part of that vision, including incentives for the adoption of free software and Creative Commons, what eventually led to a national discussion about the impact of copyright over cultural production, spurring the the ongoing copyright reform process.

As Mr. Gil put it in his own words in 2005, at a speech he delivered at NYU:

I, Gilberto Gil, Brazilian citizen and citizen of the World, Minister of Culture of Brazil, work with music, at the Ministry, and in all dimensions of my life under the inspiration of the hacker ethic – and concerned with the issues of my world and my time present me, such as the issue of digital inclusion, the issue of free software and the issue of regulation and development of the production and dissemination of audiovisual content by any means, for any purpose.

I want indeed for the Ministry of Culture of Brazil to be a laboratory for new ideas, capable of inventing new procedures for the world’s creative industries, and capable of proposing suggestions aimed at overcoming the present dead ends – I did indeed think that my country should dare and not wait for solutions to come from outside, from societies that would tell us Brazilians which path should be followed for our development, as if our future could only be our becoming a nation such as the ones that exist here or in Europe.

Gil´s speech seems now almost lost in a distant time. The reason is that the newly appointed Ministry of Culture, Mrs. Ana de Hollanda, has taken advantage of her first weeks in office to reverse much of what was built in the past 8 years. By way of example, one of her first actions was to remove the Creative Commons license from the Ministry’s website, without any prior note. The license had been used for the past 6 years, and the Ministry of Culture was actually the pioneer in its adoption at the government level. It is worth noting that the CC licenses continue to be used at other government branches, including the official weblog of president Dilma Roussef. Ironically, at the same day the licenses were taken down by the Ministry of Culture, the Ministry of Planning issued a normative instruction fostering the adoption of open licenses, and expressly mentioning Creative Commons.

This contradiction led prominent politicians in Brazil, including Congress member Paulo Teixeira, to claim that the Ministry of Culture has engaged in policies that conflict with the overall direction of the Federal Government. Mr. Teixeira reminds that during the presidential campaign, president Dilma Roussef met with Lawrence Lessig, founder of Creative Commons, during an important campaign act. She also publicly committed to go ahead with the copyright reform and the digital culture agenda. Before that, in 2009, both president Lula and Dilma (then his Secretary of State) attended together the International Free Software Forum (FISL 10), one of the largest free software global events, which takes place in the city of Porto Alegre. There, Lula’s speech focused on his support to digital culture, Internet freedom and free software.

Other source of criticism is the proximity of the new Minister of Culture with the copyright collecting societies. By way of example, in her first weeks in office, the Minister agreed to meet with Hildebrando Pontes, a lawyer that works for the collecting societies who has become notorious for arguing that copyright should last forever. At the same time, the Ministry declined to meet with representatives of civil society, including those from the “cultural hotspots” program. She then fired the chief copyright officer who led the reform process for the past 6 years, and appointed Mrs. Marcia Regina Barbosa, a lawyer who worked with Hildebrando Pontes.

Collecting societies are a controversial institution in Brazil. They face strong discontentment from rights holders, who claim they are not paid properly. They also face discontentment from their paying “customers”, who claim their criteria for setting royalty prices are simply obscure. They have also been declared by congress inquiry committees as lacking transparency and clear accounting. One of the goals of the copyright reform initiated by Mr. Gilberto Gil was precisely to implement a minimum set of regulation over the collecting societies. By law they have the monopoly over their business, but unlike other countries, no regulation applies to their activities, which remain excused from any sort of independent assessment. Regulation is also supported by many prominent Brazilian musicians, who have recently become vocal about the issue.

The Ministry of Culture change of policy has drawn the attention of both national and international organizations. Even before the Minister´s inauguration, an open letter subscribed by more that 1,500 representatives of civil society organizations in Brazil was posted online expressing concern with the possible change of direction. Folha de São Paulo, the largest newspaper in the country, wrote a piece about the letter. The Minister, however, declined to provide any comments to the journalist. To this date, the letter has not been replied or even acknowledged by the Minister or her staff.

The Minister´s actions, together with the absence of clear statements justifying her decisions, have generated considerable uproar. A public campaign called Sou MinCC (“I am MinCC”) emerged (MinC is the acronym for Ministry of Culture – MinCC is the result of MinC + CC, in reference to the Creative Commons licenses). Besides that, the Commons Strategies Group, an international NGO, prepared an open letter (led by Silke Helfrich at the World Social Forum in Dakar) to President Dilma, also expressing concern about the new policies. The letter was released on February, 21st, and gathered the support of organizations such as Creative Commons, the Free Knowledge Institute (Netherlands), La Quadrature du Net (France), among others.

This is an important moment for the history of cultural policies in Brazil. There is a shared feeling that much of what was built in the past 8 years is at risk. A heated debate took over the Brazilian public sphere, with articles being published by all the major newspapers. The collecting societies and their members have taken the stand to argue in favor of the Minister, claiming that the decisions taken so far are a “sovereign act”, and that the collecting societies should indeed be exempt of any external supervision, and the copyright reform should be halted for good.

But the place where the debate is really developing on a daily basis is the Internet. Bloggers, twittterers and social network members have engaged fiercely in the discussion of the current situation. Many of them were too young to even acknowledge the appointment of Gilberto when he took office. It is a new generation that has risen for the first time to debate the future of culture and technology policies in Brazil. Inadvertently, the new Minister Ana de Hollanda is contributing to the emergence of new generation of voices online. One now can only hope that she will eventually listen to them.

Filed Under: Uncategorized

Seals on NJ voting machines, March 2009

March 7, 2011 by

During the NJ voting-machines trial, both Roger Johnston and I showed different ways of removing all the seals from voting machines and putting them back without evidence of tampering. The significance of this is that one can then install fraudulent vote-stealing software in the computer.

The State responded by switching seals yet again, right in the middle of the trial! They replaced the white vinyl adhesive-tape seal with a red tape seal that has an extremely soft and sticky adhesive. In addition, they proposed something really wacky: they would squirt superglue into the blue padlock seal and into the security screw cap.

Nothing better illustrates the State’s “band-aid approach, where serious security vulnerabilities can be covered over with ad hoc fixes” (as Roger characterizes it) than this. The superglue will interfere with the ability for election workers to (legitimately) remove the seal to maintain the machine. The superglue will make it more difficult to detect tampering, because it goes on in such a variable way that the inspector doesn’t know what’s supposed to be “normal.” And the extremely soft adhesive on the tape seal is extremely difficult to clean up, when the election worker (legitimately) removes it to maintain the machine. Of course, one must clean up all the old adhesive before resealing the voting machine.

Furthermore, Roger demonstrated for the Court that all these seals can still be defeated, with or without the superglue. Here’s the judge’s summary of his testimony about all these seals:


New Jersey is proposing to add six different kinds of seals in nine different locations to the voting machines. Johnston testified he has never witnessed this many seals applied to a system. At most, Johnston has seen three seals applied to high-level security applications such as nuclear safeguards. According to Johnston, there is recognition among security professionals that the effective use of a seal requires an extensive use protocol. Thus, it becomes impractical to have a large number of seals installed and inspected. He testified that the use of a large number of seals substantially decreases security, because attention cannot be focused for a very long time on any one of the seals, and it requires a great deal more complexity for these seal-use protocols and for training.

For more details and pictures of these seals, see “Seal Regime #4” in this paper.

Filed Under: Other Topics, Privacy & Security Tagged With: ,

Do corporations have a "personal privacy" right?

March 1, 2011 by

Today, the Supreme Court released its unanimous opinion in Federal Communications Commission v. AT&T Inc., No. 09-1279 (U.S. Mar. 1, 2011)

At issue was the question, “Does a corporation have a “personal privacy” right under the Freedom of Information Act?” In this decision, the United States Supreme Court said “no.” The decision was 8-0 with Associate Justice Kagan not participating in the decision.

What was the case about? A trade association sought disclosure of documents that AT&T had submitted to the FCC during an investigation. AT&T argued that the documents were exempt under FOIA Exemption 7(C), which prohibited disclosure of law enforcement records if the disclosure “could reasonably be expected to constitute an unwarranted invasion of personal privacy.” The United States Court of Appeals for the Third Circuit accepted AT&T’s argument, and held that a corporation could have a “personal privacy” right because a corporation was a “person” under FOIA.

The Supreme Court disagreed. Looking at the express text of FOIA as well as the common meaning of words, Chief Justice Roberts, writing for the Court, held that, absent an express definition of “personal” in FOIA, that word refers to individuals and not corporate entities.

It should be noted that corporations are, for various purposes, considered “persons” under constitutional and common law. However, at issue was a question of statutory interpretation.

The Court even got in a good zinger at the end, noting that, “We trust that AT&T will not take it personally.”

Filed Under: Privacy & Security Tagged With:

What are the Constitutional Limits on Online Tracking Regulations?

March 1, 2011 by

As the conceptual contours of Do Not Track are being worked out, an interesting question to consider is whether such a regulation—if promulgated—would survive a First Amendment challenge. Could Do Not Track be an unconstitutional restriction on the commercial speech of online tracking entities? The answer would of course depend on what restrictions a potential regulation would specify. However, it may also depend heavily on the outcome of a case currently in front of the Supreme Court—Sorrell v. IMS Health Inc.—that challenges the constitutionality of a Vermont medical privacy law.

The privacy law at issue would restrict pharmacies from selling prescription drug records to data mining companies for marketing purposes without the prescribing doctor’s consent. These drug records each contain extensive details about the doctor-patient relationship, including “the prescriber’s name and address, the name, dosage and quantity of the drug, the date and place the prescription is filled and the patient’s age and gender.” A doctor’s prescription record can be tracked very accurately over time, and while patient names are redacted, each patient is assigned a unique identifier so their prescription histories may also be tracked. Pharmacies have been selling these records to commercial data miners, who in turn aggregate the data and sell compilations to pharmaceutical companies, who then engage in direct marketing back to individual doctors using a practice known as “detailing.” Sound familiar yet? It’s essentially brick-and-mortar behavioral advertising, and a Do Not Track choice mechanism, for prescription drugs.

The Second Circuit recently struck down the Vermont law on First Amendment grounds, ruling first that the law is a regulation of commercial speech and second that the law’s restrictions fall on the wrong side of the Central Hudson test—the four-step analysis used to determine the constitutionality of commercial speech restrictions. This ruling clashes explicitly with two previous decisions in the First Circuit, in Ayotte and Mills, which deemed that similar medical privacy laws in Maine and New Hampshire were constitutional. As such, the Supreme Court decided in January to take the case and resolve the disagreement, and the oral argument is set for April 26th.

I’m not a lawyer, but it seems like the outcome of Sorrell could have a wide-ranging impact on current and future information privacy laws, including possible Do Not Track regulations. Indeed, the petitioners recognize the potentially broad implications of their case. From the petition:

“Information technology has created new and unprecedented opportunities for data mining companies to obtain, monitor, transfer, and use personal information. Indeed, one of the defining traits of the so-called “Information Age” is this ability to amass information about individuals. Computers have made the flow of data concerning everything from personal purchasing habits to real estate records easier to collect than ever before.”

One central question in the case is whether a restriction on access to these data for marketing purposes is a restriction on legitimate commercial speech. The Second Circuit believes it is, reasoning that even “dry information” sold for profit—and already in the hands of a private actor—is entitled to First Amendment protection. In contrast, the First Circuit in Ayotte posited that the information being exchanged has “itself become a commodity,” not unlike beef jerky, so such restrictions are only a limitation on commercial conduct—not speech—and therefore do not implicate any First Amendment concerns.

A major factual difference here, as compared to online privacy and tracking, is that pharmacies are required by many state and federal laws to collect and maintain prescription drug records, so there may be more compelling reasons for the state to restrict access to this information.

In the case of online privacy, it could be argued that Internet users are voluntarily supplying information to the tracking servers, even though many users probably don’t intend to do this, nor do they expect that this is occurring. Judge Livingston, in her circuit dissent in Sorrell, notes that different considerations apply where the government is “prohibiting a speaker from conveying information that the speaker already possesses,” distinguishing that from situations where the government restricts access to the information itself. In applying this to online communications, at what point does the server “possess” the user’s data—when the packets are received and are sitting in a buffer or when the packets are re-assembled and the data permanently stored? Is there a constitutional difference between restrictions on collection versus restrictions on use? The Supreme Court in 1965 in Zemel v. Rusk stated that “the right to speak and publish does not carry with it the unrestrained right to gather information.” To what extent does this apply to government restrictions of online tracking?

The constitutionality of state and federal information privacy laws have historically and consistently been called into question, and things would be no different if—and it’s a big if— Congress grants the FTC authority over online tracking. When considering technical standards and what “tracking” means, it’s worth keeping in mind the possible constitutional challenges insofar as state action may be involved, as some desirable options to curb online tracking may only be possible within a voluntary or self-regulatory framework. Where that line is drawn will depend on how the Supreme Court comes down in Sorrell and how broadly they decide the case.

Filed Under: Uncategorized Tagged With: , ,