November 27, 2024

Posts Comments

Florida Voting Machines Mis-recorded Votes

May 14, 2004 by

In Miami-Dade County, Florida, an internal county memo has come to light, documenting misrecording of votes by ES&S e-voting machines in a May 2003 election, according to a Matthew Haggman story in the Miami Daily Business Review.

The memo, written by Orlando Suarez, head of the county’s Enterprise Technology Services Department, describes Mr. Suarez’s examination of the electronic record of the May 2003 election in one precinct. The ES&S machines in question provide two reports at the end of an election. One report, the “vote image report”, gives the vote tabulation (i.e., number of votes cast for each candidate) for each voting machine, and the other gives an audit log of significant events, such as initialization of the machine and the casting of a vote (but not who the vote was cast for), for each machine.

Mr. Suarez’s examination found that the two records were inconsistent with each other, and that both were inconsistent with reality.

In his memo, Suarez analyzed a precinct where just nine electronic voting machines were used. He first examined the audit logs for all nine machines, which was compiled onto one combined audit log. He found that the audit log made no mention of two of the machines used in the precinct.

In addition, he found that the audit log reported the serial number of a machine that was not used in that precinct. The phantom machine that appeared on the audit showed a count of ballots cast that equaled the count of the two missing machines.

Then he looked at the vote image report that was an aggregate of all nine voting machines. He discovered that three of the machines were not reported in the vote image report. But a serial number for a machine not used in the precinct appeared on the vote image report. That phantom machine showed a vote count equal to the vote count on the two missing machines. The other missing machine showed no activity.

Further examination revealed 38 votes that appeared in the vote image report but not in the audit log.

There is some evidence that the software used in this election was uncertified.

County officials don’t see much of a problem here:

Nevertheless, [county elections supervisor Constance] Kaplan insisted that Suarez’s analysis did not demonstrate any basic problems with the accuracy of the vote counts produced by the county’s iVotronic system. “The Suarez memo has nothing to do with the tabulation process,” she said. “It is very annoying that the coalition keeps equating the tabulation function with the audit function.”

Maybe I’m being overly picky here, but isn’t the vote tabulation supposed to match the audit trail? And isn’t the vote tabulation report supposed to match reality?

Very annoying, indeed.

Filed Under: Uncategorized Tagged With:

Microsoft: No Security Updates for Infringers

May 13, 2004 by

Microsoft, reversing a previous decision, says it will not provide security updates to unlicensed users of Windows XP. Microsoft is obviously entitled to do this if it wants, since it has no obligation to provide product support to people who didn’t buy the product in the first place. A more interesting question is whether this was the best decision from the standpoint of Microsoft and its existing customers. The answer is far from obvious.

Before I go further, let me make two assumptions clear. First, I’m assuming Microsoft has a reliable way to tell which copies of Windows are legitimate, so that they never deny updates mistakenly to legitimate customers. Second, I’m assuming Microsoft doesn’t care about the welfare of infringers and feels no obligation at all to help them.

Helping infringers could easily hurt Microsoft’s business, if doing so makes infringement a more attractive option. If patches are one of the benefits of buying the product, then people are more likely to buy; but if they can get patches even without buying, some will choose to infringe, thereby costing Microsoft sales.

On the other hand, if there is a sizable population of unpatched infringing copies out there, this hurts Microsoft’s legitimate customers, because an infringing customer might infect a legitimate customer. A large reservoir of unpatched (infringing) machines will aggravate an already serious malware problem, by making Windows an even more attractive target to malware authors, and by speeding the spread of new malware.

But wait, it gets even more complicated. If infringing copies are susceptible to existing malware, then some of the bad guys will be satisfied to reuse old malware, since there is still a population of (infringing) machines it can attack. But if infringing copies are patched, then the bad guys may create more new malware which is not stopped by patches; and this new malware will affect legitimate and infringing copies alike. So refusing to update infringing copies may leave the infringers as decoys who draw fire away from legitimate customers.

There are even more factors in play, but I’ve probably written too much about this already. The effect of all this on Microsoft’s reputation is particularly interesting. Ultimately, I have no idea whether Microsoft made the right choice. And I doubt that Microsoft knows either.

Filed Under: Uncategorized Tagged With:

Valenti Quotes Me

May 12, 2004 by

In his testimony at the House DMCA-reform hearing today, Jack Valenti quoted me, in support of a point he wanted to make. The quote comes from last year’s Berkeley DRM Conference, from my response to a question asked by Prof. Pam Samuelson. Here’s the relevant section from Mr. Valenti’s testimony (emphasis in original):

Keep in mind that, once copy protection is circumvented, there is no known technology that can limit the number of copies that can be produced from the original. In a recent symposium on the DMCA, Professor Samuelson of UC Berkeley posed the question: “whether it was possible to develop technologies that would allow…circumvention for fair uses without opening up the Pandora’s Box so that allowing these technologies means that you’re essentially repealing the anti-circumvention laws.”

The question was answered by the prominent computer scientist and outspoken opponent of the DMCA, Professor Ed Felton [sic] of Princeton: “I think this is one of the most important technical questions surrounding DRM – whether we know, whether we can figure out how to accommodate fair use and other lawful use without opening up a big loophole. The answer, I think, right now, is that we don’t know how to do that. Not effectively.

Moreover, there is no known device that can distinguish between a “fair use” circumvention and an infringing one. Allowing copy protection measures to be circumvented will inevitably result in allowing anyone to make hundreds of copies – thousands – thereby devastating the home video market for movies. Some 40 percent of all revenues to the movie studios come from home video. If this marketplace decays, it will cripple the ability of copyright owners to retrieve their investment, and result in fewer and less interesting choices at the movie theater.

Here’s the full excerpt from the DRM Conference transcript:

Question from Prof. Pam Samuelson:

So yesterday when I was doing the tutorial, Alex Alben asked me a question which, because I’m not a technologist, I was not in a very good position to try to answer, but since there are several technologists on this panel who are interested in information flows. The question that was put to me was a question about whether it was possible to develop technologies that would allow circumvention for fair use or other non-infringing purposes. Is it possible to sort of think creatively about anti-circumvention laws that might allow some room for circumvention for fair uses without opening up the Pandora’s box so that allowing these technology means that you’ve essentially repealed the anti-circumvention laws.

[Other panelists’ answers omitted.]

Answer by Ed Felten:

I think this is one of the most important technical questions around DRM, whether we know, whether we can figure out how to accommodate fair use and other lawful use without opening up a big loophole. And the answer is, I think, right now, is that we don’t know how to do that. Not effectively. A lot of people would like to know whether we can do that or how we go about doing it, but it’s a big open question right now.

Let’s leave aside for now the flaws in Mr. Valenti’s argument, and focus just on his use of the quote. Note that he artfully excerpts segments from Prof. Samuelson’s question, to make it appear that she asked a different question than she really did. Also note that he removes an important part of my answer: the last sentence, where I talk about the technological relation between DRM and fair use as being a “big open question”.

Which brings us back to the bill being discussed today. If we want to answer the “big open question” I mentioned, we need to do more research. But the DMCA severely limits some of the key research that we would need to do. The Boucher-Doolittle bill would open the door to this research, by creating a research exemption to the DMCA. But that issue is apparently not up for discussion today.

[Note: This post is based on Mr. Valenti’s written testimony, of which I have a copy. I did not hear his live testimony. Seth Finkelstein reports that Mr. Valenti did use the quote in his oral testimony.]

Filed Under: Uncategorized Tagged With:

House DMCA Reform Hearing Today

May 12, 2004 by

Today a congressional committee will hold a hearing on the Boucher-Doolittle bill (H.R. 107), known as the DMCRA, that would reform the DMCA. The hearing will be webcast, starting at about 10:00 AM Eastern. Look here for a witness list and link to the webcast.

The DMCRA would do four main things: require labeling of copy-protected CDs; allow circumvention of DRM for non-infringing purposes; allow the distribution of DRM-circumvention tools that enable fair use; and create an exemption to the DMCA for legitimate research.

Based on the witness list and other hints I have gotten, it appears that the hearing will focus on the consumer provisions of the bill. There probably won’t be much discussion of the much-needed research exemption.

Filed Under: Uncategorized Tagged With:

DRM as Folding Chair

May 11, 2004 by

Frank Field offers an interesting analogy:

DRM is a folding chair – specifically, it’s one of those folding chairs that people use after shoveling out the snow from a parking space that they use to claim it after they drive away.

For those of you who don’t have to cope with snow, I know that sounds incredible (it was to me when I moved here from South Carolina), but this is a real problem in cities with limited parking and poor snow removal. People who shovel out their cars will have a ratty old folding chair or an old street cone or, if they’re feeling really aggressive, an old kid’s toy that they will plant squarely in the middle of the shoveled-out parking space. This object “marks” the spot, and everyone knows what it means – this is my spot: park here and you will suffer the consequences.

This struck me, in part, because it echoes an example I like to use. When teaching about the theory of property, I start with a class discussion about whether there should be a property right in shoveled-out parking spaces. It’s a helpful example because everybody understands it, few people have a predisposition one way or the other, and it exposes most of the tradeoffs involved in creating a new form of property.

As Frank describes it, “ownership” of a Cambridge parking space is effected not by any legal right but by the threat that noncompliant cars will be vandalized. This is a key distinction. Typically, some of my students end up endorsing a limited property right in shoveled-out parking spaces, but my guess is that they would feel differently about a system created by private decree and “enforced” by vandalism.

This is where the analogy to DRM gets complicated. DRM systems don’t trash the computers of noncompliant users, so they don’t rely on the same kind of intimidation that Frank’s folding-chair owners use.

But Frank’s analogy does work very nicely in one dimension. DRM developers, like Cambridge folding-chair owners, are trying to establish a social norm that people should keep out of the territory they claim. Such claims should be evaluated on their merits, and not just taken for granted.

Filed Under: Uncategorized Tagged With: