October 14, 2024

Posts Comments

Future of News Workshop, May 14-15 in Princeton

April 29, 2008 by

We’ve got a great lineup of speakers for our upcoming “Future of News” workshop. It’s May 14-15 in Princeton. It’s free, and if you register we’ll feed you lunch.

Agenda

Wednesday, May 14, 2008

9:30 – 10:45 Registration
10:45 – 11:00 Welcoming Remarks
11:00 – 12:00 Keynote talk by Paul Starr
12:00 – 1:30 Lunch, Convocation Room
1:30 – 3:00 Panel 1: The People Formerly Known as the Audience
3:00 – 3:30 Break
3:30 – 5:00 Panel 2: Economics of News
5:00 – 6:00 Reception

Thursday, May 15, 2008

8:15 – 9:30 Continental Breakfast
9:30 – 10:30 Featured talk by David Robinson
10:30 – 11:00 Break
11:00 – 12:30 Panel 3: Data Mining, Interactivity and Visualization
12:30 – 1:30 Lunch, Convocation Room
1:30 – 3:00 Panel 4: The Medium’s New Message
3:00 – 3:15 Closing Remarks

Panels

Panel 1: The People Formerly Known as the Audience:

How effectively can users collectively create and filter the stream of news information? How much of journalism can or will be “devolved” from professionals to networks of amateurs? What new challenges do these collective modes of news production create? Could informal flows of information in online social networks challenge the idea of “news” as we know it?

Panel 2: Economics of News:

How will technology-driven changes in advertising markets reshape the news media landscape? Can traditional, high-cost methods of newsgathering support themselves through other means? To what extent will action-guiding business intelligence and other “private journalism”, designed to create information asymmetries among news consumers, supplant or merge with globally accessible news?

  • Gordon Crovitz, former publisher, The Wall Street Journal
  • Mark Davis, Vice President for Strategy, San Diego Union Tribune
  • Eric Alterman, Distinguished Professor of English, Brooklyn College, City University of New York, and Professor of Journalism at the CUNY Graduate School of Journalism

Panel 3: Data Mining, Visualization, and Interactivity:

To what extent will new tools for visualizing and artfully presenting large data sets reduce the need for human intermediaries between facts and news consumers? How can news be presented via simulation and interactive tools? What new kinds of questions can professional journalists ask and answer using digital technologies?

Panel 4: The Medium’s New Message:

What are the effects of changing news consumption on political behavior? What does a public life populated by social media “producers” look like? How will people cope with the new information glut?

  • Clay Shirky, Adjunct Professor at NYU and author of Here Comes Everybody: The Power of Organizing Without Organizations.
  • Markus Prior, Assistant Professor of Politics and Public Affairs in the Woodrow Wilson School and the Department of Politics at Princeton University.
  • JD Lasica, writer and consultant, co-founder and editorial director of Ourmedia.com, president of the Social Media Group.

Panelists’ bios.

For more information, including (free) registration, see the main workshop page.

Filed Under: Uncategorized Tagged With: , , ,

Voluntary Collective Licensing and Extortion

April 25, 2008 by

Reihan Salam has a new piece at Slate about voluntary collective licensing of music (which was also the topic of an online symposium organized by our center at Princeton). I’m generally a fan of Reihan’s work, but this time I think he got it wrong. His piece starts like this:

What would you do if a bully—let’s call him “Joey Giggles”—kept snatching your ice-cream cone? OK, now what if Joey Giggles then told you, “If you pay me five bucks a month, I’ll stop snatching your ice cream.” Depending on how much you hate getting beaten up, and how much you love ice-cream cones, you might decide that caving in is the way to go. This is what’s called a protection racket. It’s also potentially the new model for how we’ll buy and listen to music.

[…]

Now Big Music is mulling the Joey Giggles approach. Warner Music Group is trying to rally the rest of the industry behind a plan to charge Internet service providers $5 per customer per month, an amount that would be added to your Internet bill. In exchange, music lovers would get all the online tunes they want, meaning that anyone who spends more than $60 a year on music will come out way ahead. Download whatever you want and pay nothing! No more DRM! Swap files to your heart’s content—we promise, we won’t sue you (or snatch your ice-cream cone)!

This idea, that collective licenses amount to extortion – pay us or we’ll sue you – is often heard, but I don’t think it’s a valid criticism of collective licenses. The reason is pretty simple: if this is extortion, then all of copyright is extortion. The basic mechanism of copyright is that the creator of a work gets certain exclusive rights in the work. Exclusive rights means that there are certain things that nobody else can do with the work, without the creator’s permission. “Nobody else can do X” is another way of saying that if somebody else does X, the creator can sue them. When you buy a licensed copy of a work instead of downloading it illegally, what you’re buying is an enforceable promise that you won’t be sued (plus the knowledge that you’re playing by the rules, but that is intimately connected to the lawsuit protection). So the basic mechanism of copyright involves people paying a copyright owner for a promise not to sue them.

To put it another way, if you accept our current copyright system at all – even if you accept only a streamlined, improved version of it – then you’ve already accepted the kind of “extortion” that would be used to sell voluntary collective licenses. The only alternative is a complete redesign of the system, more complete even than a voluntary collective license.

Reihan does recommend a redesign. He endorses Terry Fisher’s suggestion of a government tax on broadband access, with the revenue used to pay musicians based on the popularity of their songs. This system has its benefits (though on balance I don’t think it’s good policy). But if you start out worried about strong-arm extraction of money from citizens, a mandatory tax scheme is an odd place to end up.

This is the fundamental problem of copyright policy in the digital age. It’s easy for people to get copyrighted works without paying. So either you forgo payment entirely, or you give somebody the mandate to collect payment. Who would you prefer: record companies or the government?

Filed Under: Uncategorized Tagged With: ,

NJ Voting Machine Tape Shows Phantom Obama Vote

April 23, 2008 by

I’ve written before (1, 2, 3) about discrepancies in the election results from New Jersey’s February 5 presidential primary. Yesterday we received yet another set of voting machine result tapes. They show a new kind of discrepancy which we haven’t seen before – and which contradicts the story told by Sequoia (the vendor) and the NJ Secretary of State about what went wrong in the election.

The new records are from three voting machines in Pennsauken, District 6. We have the result tapes printed out by all three voting machines in that district (1, 2, 3). As usual, each result tape has a “Candidate Totals” section giving the vote count for each candidate, and a separate “Option Switch Totals” section giving the voter turnout in each party. We also have the Democratic vote totals reported by the county clerk for that district (and some others), which were apparently calculated from the memory cartridges used in the three machines.

The county clerk’s totals show 279 votes in Pennsauken District 6. The per-candidate counts are Clinton 181, Obama 94, Richardson 2, Edwards 1, Kucinich 0, Biden 1, which adds up correctly to 279. The turnout sections of the three result tapes also show a total Democratic turnout of 279 (133+126+20).

But the Candidate Totals sections of the tapes tell a different story. Adding up the three tapes, the totals are Clinton 181, Obama 95, Richardson 2, Edwards 1, Kucinich 0, Biden 1, which adds up to 280. The Candidate Totals on the tapes show an extra Obama vote that doesn’t appear anywhere else.

(Everything seems to add up on the Republican side.)

The State claimed, in response to some (but not all) of the discrepancies I pointed out previously, that I had misread the tapes. This time the tapes are absolutely clear. Here are the Democratic candidate totals from the three tapes:

Here are the turnout sections of the three tapes:

(These images are all scans – the original documents Camden County sent me are even clearer.)

This is wrong. It is inconsistent with Sequoia’s explanation for the previously-noticed discrepancies. It is inconsistent with the State’s theory of what went wrong in the election.

It’s time for an independent investigation.

Filed Under: Other Topics, Privacy & Security Tagged With: , ,

Shamos on paper trails

April 21, 2008 by

In an interview today with CNet, Michael Shamos talks about paper trails.  Shamos is a professor at CMU who has served as a voting system analyst for the Pennsylvania Secretary of State. In this article, a transcript of an interview conducted by Declan McCullagh, he spends a fair bit of time trashing paper trails, and by that, he’s referring to the “toilet paper roll” thermal printer attachments that are sold by the major U.S. voting system vendors.

He’s correct, to a limited extent.  He discusses a “20%” failure rate, which he probably gets from some problems in Ohio.  It’s certainly the case that these things are poorly engineered.  The ostensible reason for the continuous paper roll, as opposed to cutting the sheets individually, is that you’d have better reliability.  However, having the votes recorded in the order they were cast is a clear violation of voter privacy.  A more serious concern with paper trails is that it’s unclear whether voters will bother to double-check them at all.  I’ve pointed Freedom to Tinker readers at Sarah Everett’s PhD thesis before and it’s worth doing it again.  The punchline is that roughly two thirds of the test subjects didn’t notice when our homebrew DRE system was lying on its summary screen.  In fact, they gave our machine exceptionally high marks.  They loved it.

Shamos criticizes the EFF, VerifiedVoting, the League of Women voters, and anybody else he can think of because they advocate for paper trails.  The preferred solution that they generally advocate is hand-marked optical scan ballots.  These appear to have better accuracy, and paper ballots are, inherently, paper trails that give us an unfiltered window into the voters’ original intent.  Don’t interpret Shamos’s criticism of toilet-paper rolls as a criticism of hand-marked paper ballots.

Shamos goes on to make a flip comparison between “ATM technology” and voting systems, saying we could have reliable paper trails if we only spent 10x the cost.  This is a very strange argument.  ATMs are expensive because they have a safe full of cash inside.  It’s important that you can’t steal the cash, even if you’ve got time and tools at your disposal.  Voting systems (at least anywhere I’ll ever be likely to vote) don’t dispense money.  Building a reliable printer doesn’t need to be expensive.

Then Shamos gets into the meat of the argument for paper trails.

I’m not advocating that we blindly trust machines. We have to have a way to make sure the (record is correct). If anything happens to that piece of paper, if it gets substituted or lost, there’s absolutely no way to reconstruct the election. that’s unlike an electronic system, which is if one memory fails you have the other.

The security on ballot boxes is much lower than the security on voting machines themselves. In order to do anything with those pieces of paper, they have to be handled by people. What do you think happens?

If I want to screw up an election, all I have to do is modify five votes. Then we have to do a manual recount (which is vulnerable to tampering and ballot-stuffing).

This is completely false.  Paper records are redundant with the electronic records, and that’s a huge feature.  That means that you can compare them, either statistically in aggregate, or even one-to-one (assuming there are serial numbers, which could cause some privacy concerns, but maybe you can obscure those in barcodes).  It’s certainly the case that missing paper votes can be reconstructed from electronic records.  When you have both, you reconcile.  If there’s ambiguity, then you need to resolve that ambiguity.  You then have a forensic problem.  If all the tamper-evident stickers and locks on the paper ballot box were disturbed, maybe you’re more likely to trust the electronic parts.  If the totals are radically divergent, you can’t tell which is more authentic, and the election is tight, then maybe the proper answer (from a scientific perspective) is to throw your hands up and say that you cannot legitimately state who won the election as a result of fraud.  This is defensible, scientifically, but it could lead to a political crisis.  Nobody ever said election administration was easy.

Doing away with the paper only does away evidence that might help you discover fraud.  Even if you cannot come up with the proper answer, it’s better to at least know you were under attack.

The fundamental difficulty with paper trails is that they’re ridiculously kludgey. The problem is that once you mandate paper trails, it cuts off research. There would be no reason to use anything else because it would be illegal.

Speaking as somebody who does research in electronic voting, I don’t feel that laws mandating paper trails would stop me from studying alternatives.  The 2007 VVSG standards process includes an “innovation class” for how vendors can get funky fresh technologies certified for use.  The trick is to make sure that the innovation class isn’t a loophole that vendors can use for the current crop of insecure equipment.

Does that mean you’re suggesting that we should be voting from insecure home computers even if they’re running Windows 98?
Shamos: I can point you to a mechanism (in a paper by Avi Rubin and Dan Wallach) that would allow secure voting on insecure terminals. The notion that the Internet is just not secure enough to do anything important is just wrong. It’s not insurmountable. The right people aren’t thinking about it because you gotta have a paper trail.

Really?  A recent paper that I just submitted to a workshop talked about how Internet voting might work, by virtue of having remote precincts set up in places like embassies and consulates, and using dedicated voting machines.  You could send the results home over the Internet.  Voting on dedicated voting machines with an Internet connection might be workable.  Voting on Windows 98 PCs would be an unmitigated disaster.  Botnets control literally millions of computers out there.  What if you’re voting from a botnet-infested computer?  Could the botnet modify your vote?  Why not?  For these sorts of reasons, the authors of the SERVE Report, including Avi Rubin, recommended strongly against voting on generic PCs.  Shamos says that Avi and I would support secure voting on insecure terminals?  Sure.  We’ll probably be beaten by the bioengineers working on flying pigs.

Update: in private email, Shamos states that he was citing our 2003 workshop paper, “Authentication for Remote Voting“.  That paper discusses how to do bidirectional remote authentication, which would certainly be applicable to an Internet-based remote voting system.  That paper, however, offers no technique that could allow for secure voting on insecure home computers.

I say, and the advocates are forced to admit it, that there’s never been any evidence that a DRE machine has been tampered with in an election. They say that doesn’t mean it never happened. I agree with that. But I believe deeply that if people were out there trying to hack elections we would see evidence of failed attempts.

Indeed, there’s no evidence to support a lack of tampering, but that’s meaningless.  A better way to look at this is that the incredibly poor security of modern paperless electronic voting systems makes it cheaper than it ever has been before to manipulate votes.  The cost per vote for electronic manipulation is almost nill, particularly if you allow for viral attacks, where one corrupt DRE can take out the entire tabulation system (a vulnerably shown to apply to Hart InterCivic and Diebold as part of the California Top to Bottom reports from last summer).  Regardless of whether somebody has attempted an attack like this, it’s dirt cheap – cheaper than with paper, because manipulating paper takes more time and more labor.  The economic incentives are clearly in play for electronic election fraud.  The big question is whether it’s more cost effective to manipulate voters through other means (e.g., dubious television advertising, robotic phone calls, etc.).

When a bridge collapses, do we outlaw bridges or do we inspect bridges of similar design? If the design itself is fundamentally flawed, then those bridges are going to have to be taken out of service and rebuilt. If there’s a fix, however, you can add a bracing member.

Excellent point.  DRE systems from all the major vendors have been conclusively shown to be fundamentally flawed in their design.  Even if and when the vendors patch their software, the time delay to push those patches through the certification process guarantees they won’t be ready for November.  Optically scanned paper ballots are available today and they work quite well (despite known security vulnerabilities in the tabulators).  Likewise, junky toilet-paper roll printers are available today, despite known problems with their ability to print and with voter’s ability to catch mistakes.

One last point:

Please don’t use the term “paperless.” It’s a construction of the advocates and it’s false and misleading. They’re not paperless. They just don’t produce a contemporaneous paper that the voter can view.

The word “paperless” is really insidious. The word “less” is meant to imply that they’re thereby missing something. Whoever decided to come up with the term “paperless” deserves a left-handed prize for their imagination. It’s wonderful for them. Paperless.

Yes, “paperless.”  It’s a fine word.  I’ve been using it for years.  It concisely captures the lack of redundancy, the reliance on poorly engineered software, and the risky nature of using paperless DRE voting systems for something as important as a national election.

Paperless electronic voting systems can be made better, using tricks like Benaloh’s challenge mechanism, which can catch a machine, in the act, while it might otherwise be trying to corrupt the vote.  We used a variant on his mechanism in our research prototype (paper to appear this summer at Usenix Security).  Nonetheless, I really like the term “paperless” when hooked to “electronic voting machine” because it creates a burden of proof for the system designer.  You want to go paperless?  Fine.  Prove to us that your system is secure.  Without paper, we’ll assume it’s insecure until proven otherwise.

Filed Under: Other Topics Tagged With:

How can we require ID for voters?

April 17, 2008 by

Recently, HR 5036 was shot down in Congress.  That bill was to provide “emergency” money to help election administrators who wished to replace paperless voting systems with optically scanned paper ballots (or to add paper-printing attachments to existing electronic voting systems).  While the bill initially received strong bipartisan support, it was opposed at the last minute by the White House.  To the extent that I understand the political subtext of this, the Republicans wanted to attach a Voter ID requirement to the bill, and that gummed up the works.  (HR 5036 isn’t strictly dead, since it still has strong support, but it was originally fast tracked as a “non-controversial” bill, and it is now unlikely to gain the necessary 2/3 majority.)

I’ve been thinking for a while about this whole voter ID problem, and I have to say that I don’t really see a big problem with requiring that voters present ID so they can vote.  This kind of requirement is used in other countries like Mexico and it seems to work just fine.  The real issue is making sure that all people who might want to vote actually have IDs, which is a real problem for the apparently non-trivial number of current voters who lack normal ID cards (and, who we are led to believe, tend to vote in favor of Democrats).

The question then becomes how to get IDs for everybody.  One answer is to put election authorities in charge of issuing special voting ID cards.  This works in other countries, but nobody would ever support such a thing in the U.S. because it would be fantastically expensive and the last thing we need is yet another ID card.  The “obvious” solution is to use driver’s licenses or official state IDs (for non-drivers).  But, what if you’ve never had a driver’s license?

As an example, here are Texas’s list of requirements to get a driver’s license.  Notice how they also require you have proof of a social security number?  If you’ve somehow managed to make it through life without getting one, and I imagine many poor people could live without one, then that becomes a significant prerequisite for getting a driver’s license.  And it’s pretty difficult to get a SSN if you’re unemployed and don’t have a driver’s license (see the Social Security Administration’s rules).

One way or another, you’re going to need your birth certificate.  Here’s how you get a copy of one in Texas.  If you don’t have any other form of ID, it’s pretty difficult to get your birth certificate as well.  You’ll either need an immediate relative with an ID to request your birth certificate on your behalf, or you’ll need utility bills in your name.  And if you’re older than 75, the state agency may not be able to help you, and who knows if the county where you were born has kept its older records properly.

It’s easy to see that somebody in this situation is going to find it difficult to navigate the bureaucratic maze.  If the only benefit they get, at the end of the day, is being allowed to vote, it’s pretty hard to justify the time and expense ($25 for the birth certificate, the social security card is free, and $15 plus hours waiting in line for the state ID card).  For potential voters who don’t have a permanent home address, this process seems even less reasonable.

The only way I could imagine a voter ID requirement being workable (i.e., having a neutral effect on partisan elections) is if there was a serious amount of money budgeted to help people without IDs to get them.  That boils down to an army of social workers digging around for historical birth records and whatever else, and that’s not going to be cheap.  However, I’m perfectly willing to accept a mandatory voter ID, as long as enough money is there to get one, for free, for anybody who wants one.  The government is willing to give you a $40 coupon to receive digital signals for an analog TV, as part of next year’s phase-out of analog broadcasts.  Why not help out with getting identification papers as part of phasing in an ID requirement?

[Sidebar: if you’re really concerned about people voting multiple times, the most effective solution has nothing to do with voter ID.  The simple, low-tech answer is to mark voters’ fingers with indelible ink.  It wears off after a while, it’s widely used throughout the world, and there’s no mistaking it for anything else.  I can’t wait for the day when I tune into my nightly newscast and see the anchor giving grief to the sportscaster because his thumb isn’t painted purple.]

Filed Under: Uncategorized Tagged With: