May 13, 2024

Posts Comments

Search Results for: voting

Googlocracy in Action

February 3, 2004 by

The conventional wisdom these days is that Google is becoming less useful, because people are manipulating its rankings. The storyline goes like this: Once upon a time, back in the Golden Age, nobody knew about Google, so its rankings reflected Truth. But now that Google is famous and web authors think about the Google-implications of the links they create, Google is subject to constant manipulation and its rankings are tainted.

It’s a compelling story, but I think it’s wrong, because it ignores the most important fact about how Google works: Google is a voting scheme. Google is not a mysterious Oracle of Truth but a numerical scheme for aggregating the preferences expressed by web authors. It’s a form of democracy – call it Googlocracy. Web authors vote by creating hyperlinks, and Google counts the votes. If we want to understand Google we need to see democracy as Google’s very nature, and not as an aberration.

Consider the practice of “Google-bombing” in which web authors create links designed to associate two phrases in Google’s output, for instance to link a derogatory phrase to the name of a politician they dislike. Some may call this an unfair manipulation, designed to trick Google into getting a biased result. I call it Googlocracy in action. The web authors have a certain number of Google-votes, and they are casting those votes as they think best. Who are we to complain? They may be foolish to spend their votes that way, but they are entitled to do so. And the fact that many people with frequently-referenced sites choose to cast their Google-votes in a particular way is useful information in itself.

Googlocracy has been a spectacular success, as anyone who used pre-Google search engines can attest. It has succeeded precisely because it has faithfully gathered and aggregated the votes of web authors. If those authors cast their votes for the things they think are important, so much the better.

Like democracy, Googlocracy won’t always get the very best answer. Perfection is far too much to ask. Realistically, all we can hope for is that Googlocracy gets a pretty good answer, almost always. By that standard, it succeeds. Googlocracy is the worst form of page ranking, except for all of the others that have been tried.

Filed Under: Uncategorized Tagged With:

Diebold Fails Yet Another Security Evaluation

January 30, 2004 by

A group of ex-NSA security experts, hired by the state of Maryland to evaluate the state’s Diebold electronic voting systems, found the systems riddled with basic security flaws. This confirmed two previous studies, one led by Johns Hopkins researchers and one by SAIC. Here are some excerpts from John Schwartz’s New York Times story:

Electronic voting machines made by Diebold Inc. that are widely used in several states have such poor computer security and physical security that an election could be disrupted or even stolen by corrupt insiders or determined outsiders, according to a new report presented today to Maryland state legislators.

The authors of the report said that they had expected a higher degree of security in the design of the machines. “We were genuinely surprised at the basic level of the exploits” that allowed tampering, said Mr. Wertheimer, a former security expert for the National Security Agency.

William A. Arbaugh, an assistant professor of computer science at the University of Maryland and a member of the Red Team exercise, said, “I can say with confidence that nobody looked at the system with an eye to security who understands security.”

Read the second (on-line) page of the NYT story for a litany of problems the team found. In short, they could easily corrupt individual voting machines so that they counted votes for the wrong candidate or not at all; they could introduce false vote counts for whole precincts into the central vote-tallying server; or they could use well-known hostile exploits to seize control of the servers remotely.

Diebold’s response?

In a statement released today, Bob Urosevich, president of Diebold Election Systems, said this report and another by the Science Applications International Corporation “confirm the accuracy and security of Maryland’s voting procedures and our voting systems as they exist today.”

Mr. Urosevich added: “With that said, in our continued spirit of innovation and industry leadership, there will always be room for improvement and refinement. This is especially true in assuring the utmost security in elections.”

University of Maryland professor Bill Arbaugh, one of the study participants and a genuine security expert, gets the last word: “It seemed everywhere we scratched, there was something that’s pretty troubling.”

Filed Under: Uncategorized Tagged With:

Predictions for 2004

January 2, 2004 by

Happy New Year! This time of year, journalistic convention requires even micro-pundits like me to make predictions for the upcoming year. This goes for the rest of you bloggers too – let’s see your predictions!

Like everybody else’s predictions, some of my predictions are obvious, some will be hilariously wrong, and all of them will be conveniently forgotten later. Also like everyone else, I’ll look back at the end of 2004 and wonder how I left out the year’s biggest story. But here goes anyway.

(1) Some public figure will be severely embarrassed by an image taken by somebody else’s picture-phone or an audio stream captured by somebody else’s pocket audio recorder. This will trigger a public debate about the privacy implications of personal surveillance devices.

(2) The credibility of e-voting technologies will continue to leak away as more irregularities come to light. The Holt e-voting bill will get traction in Congress, posing a minor political dilemma for the president who will be caught between the bill’s supporters on one side and campaign contributors with e-voting ties on the other.

(3) A new generation of P2P tools that resist the recording industry’s technical countermeasures will grow in popularity. The recording industry will respond by devising new tactics to monitor and unmask P2P infringers.

(4) Before the ink is dry on the FCC’s broadcast flag order, the studios will declare it insufficient and ask for a further mandate requiring watermark detectors in all analog-to-digital converters. The FCC will balk at the obvious technical and economic flaws in this proposal.

(5) DRM technology will still be ineffective and inflexible. A few people in the movie industry will wake up to the hopelessness of DRM, and will push the industry to try another approach. But they won’t be able to overcome the industry’s inertia – at least not in 2004.

(6) Increasingly, WiFi will be provided as a free amenity rather than a paid service. This will catch on first in hotels and cafes, but by the end of the year free WiFi will be available in at least one major U.S. airport.

(7) Voice over IP (VoIP) companies like Vonage will be the darlings of the business press, but the most talked-about VoIP-related media stories will be contrarian pieces raising doubt about the security and reliability implications of relying on the Internet for phone service.

Filed Under: Uncategorized Tagged With:

Taming EULAs

November 25, 2003 by

Most software programs, and some websites, are subject to End User License Agreements (EULAs). EULAs are long and detailed and apparently written by lawyer-bots. Almost everybody agrees to them without even reading them. A EULA is a contract, but it’s not the result of a negotiation between the vendor and the user. The vendor writes the EULA, and the user can take it or leave it. Most users just accept EULAs without thinking.

This has led to any number of problems. For example, some EULAs give the software vendors permission to install spyware – and most users never realize they have granted that permission.

Why don’t users pay more attention to EULAs? Rational ignorance is one possibility – it may be that the cost of accepting a bad EULA every now and then is lower than the cost of actually reading EULAs and making careful decisions. If so, then a rational cost-minimizing user won’t read EULAs.

And there are a few oddballs who read EULAs. When these people find a particularly egregious provision, they spread the word. Occasionally the press will report on an extreme EULA. So rationally ignorant consumers get a little information about popular EULAs, and there is some pressure on vendors to keep their EULAs reasonable.

In domains where rational ignorance is common, tools often spring up to help people make decisions that are more rational and less ignorant. If it’s not worth your time to research your senator’s voting record, you can look at how he is rated by the Environmental Defense Fund or the NRA, or you can see who has endorsed him for reelection. None of these sources captures the nuances of an individual voting record. But if you’re not going to spend the time to examine that record, these crude tools can be valuable.

When it comes to EULAs, we don’t have these tools. So let’s create them. Let me suggest two useful tools.

The first tool is a service, provided via a website, that rates EULAs in the same way that political advocacy groups rate legislators. I’m not talking about a detailed explanation – which rationally ignorant users wouldn’t bother to read – but a simple one-dimensional rating, such as a grade on an A-to-F scale. Products whose EULAs get good scores might be allowed to display a trademarked “Our EULA got an A-” logo.

Naturally, reducing a complex EULA to a single rating is an oversimplification. But that’s exactly the point. Rationally ignorant users demand simplification, and if they don’t get it they’ll decide based on no information at all. The site could offer more details for users who want them. But let’s face it: most users don’t.

The second tool is a standardized template for writing EULAs, akin to the structure of Creative Commons licenses. You’d have some core EULA language, along with a set of modules that could be added at the vendor’s discretion. Standardized EULAs can be displayed concisely to the user, by listing the modules that are included. They could be expressed easily in machine-readable form, so various automated tools could be created.

The main benefit of standardization is that users could re-use what they had learned about past licenses, so that the cost of learning about a license could be amortized over more decisions. Standardization would also seem to benefit those companies who have more likable EULAs, since it would help users notice the substantive differences between the EULAs they see.

Will either of these things happen? I don’t know. But I would like to see somebody try them.

Filed Under: Uncategorized Tagged With:

Election Day

November 4, 2003 by

It’s Election Day, and residents here in Mercer County may have cast our last votes on the big old battleship-gray lever voting machines. Next election, we’re supposed to be using a new all-electronic system, without any of the necessary safeguards such as a voter-verifiable paper trail or public inspection of software code.

Filed Under: Uncategorized Tagged With: