Thursday, November 17, 2011

Cyber Bullying in Connecticut: A Lesson in Empathy

Cyber bullying is the mean and unfair treatment of a person on the Internet. They had a feeding frenzy of it recently in Connecticut.[1] Before I report what happened there, please keep this set of questions in mind. That is, suppose a woman is the only one wearing a red dress at a party. During the event, the guy with the loudest mouth blurts out “of all the styles of dresses, the red dress is the bottom of the barrel!” How would the lone red dress wearer feel? Happy? Complimented? Attacked? Angry? Embarrassed? How would you feel? Here's what happened.

An anti-Internet voting political science department in a Connecticut university, and their allies, organized a lop-sided panel to “discuss” the pros and cons of the Northern state taking up Internet voting for their overseas military personnel. Three avidly anti-Internet voting computer science professors, and a rich lady who owns an anti-Internet voting website, were on one side of the panel. Completely alone on the other side was Natalie Tennant, Secretary of State for West Virginia.[2]

This wasn’t an actual “discussion;” instead, it was an online propaganda festival of anti-Internet voting negativity interspersed with just a few positive statements from Secretary Tennant. Ron Rivest, one of the biased computer scientists, provided some telling examples of the lack of scientific sophistication his side displayed. Early in the proceeding Professor Rivest wittily declared that the term “Internet voting” is an oxymoron, like “safe cigarettes.” Cute, but where’s the science? At no point in the day did he, or any of the opposition, present any facts about actual breaches of security in an Internet voting trial (except, of course, the DC hack, which was not an actual election [3]).

When the moderator suggested that there are several different types of voting technology, Prof Rivest blurted out that Internet voting is “the bottom of the barrel!”

Despite those comments, Secretary Tennant encouraged Connecticut to use Internet voting for its overseas military voters. She stated that the West Virginia legislature had long been concerned that members of the overseas military were unable to vote because the method of voting by mail was too inconvenient and prone to errors. After the 2009 MOVE Act required the states to set up systems for electronically sending ballots to overseas military, the state legislature began considering legislation to allow her office to set up a system of Internet voting. The resulting legislation passed unanimously.

The new law required an initial trial involving just a few counties. The first test was the primary vote in 2010. It went so well that Secretary Tennant asked the legislature to expand the number of counties involved for the general election vote, which they promptly did.

Professor Halderman interrupted Ms. Tennant and demanded to know how her office vetted the companies that provided the Internet voting service. She replied that the vendors had to agree to several conditions. One of these was that third party experts had to be allowed to inspect the equipment and operating codes the vendors used. She said the companies not only agreed to these conditions, but offered to do the whole job for free, as a demonstration project. Given that situation, the Secretary’s office decided not to exercise its right to bring in a third party inspector. She said she trusted the companies.

At one point, Prof Rivest, who had never had any personal interaction with the company representatives, declared that the vendors could be corrupt and she wouldn’t know it. Isn’t that possible, he demanded.

She said that besides trusting the vendor you have to trust every kind of vote counting machine, not just Internet voting servers. CT, for example, uses optical scanning machines to count its votes. The voter fills in a bubble with a pencil on a paper card. But suppose one of the employees feeding the cards to the scanning machine in the election office is an unscrupulous partisan. He can hide a piece of pencil lead under his finger nail, and put an extra mark on cards with votes he doesn’t like. Then the machine would reject the card as a double vote, and nobody would know that a vote had been sabotaged.

Her point, of course, is that every complex vote counting system requires some degree of trust. Election officials have to exercise their professional judgment as to when such trust is reasonable. In reply to a question from the moderator, Ms. Tennant stated that she trusted the workers in her department because it was like a small community. She trusted the system because it used military grade encryption, had an intrusion detection function, and other security checks. She also pointed out that it was a serious felony to tamper with elections, and this law is a part of the security system.

Professor Halderman pressed the matter by demanding to know if West Virginia would allow hackers a chance to try to hack into the system, like the officials did in Washington DC. She said that the system actually belonged to the companies, and that the state lacked the authority to invite hackers to freely test the system.

He: What’s so secret that venders won’t open it up?
She: I can’t answer for them, professor.
He: Why didn’t you require a public test?
She: (With a smile,) we did do some testing, and caught an inverted number.
He: In the future would you run a public trial, like DC?
She: I can’t say right now.

The website owner, Ms. Dzieduszycka-Suinat, suggested that West Virginia was using its overseas military voters as “guinea pigs.” Later Prof Rivest blurted out, with all the science he could muster, that Internet voting is “like skating on thin ice.”

Undaunted, Ms. Tennant stated in her concluding remarks that she still feels that she made the right judgment by trusting the companies. She felt that she was doing the right thing for West Virginia’s military voters. Her husband is stationed in Afghanistan, and he saw first hand how difficult voting is for many of the service members there. She has recieved letters of gratitude from military personnel. The lone defender of Internet voting on this panel, she said that if she must, for the sake of her military voters, (and I quote) “I’ll continue to sit up here and take the attacks, take the arrows ... and things like that!”

As the panelists rose from their seats to leave the stage, Ron Rivest was heard to exclaim, “Internet voting is like drunk driving,” and he burst into triumphant laughter.



[1] See video at http://www.ctvoterscount.org/secretary-of-the-states-online-voting-symposium/[2] See Natalie Tennant: Internet Voting Profile in Courage http://t.co/aRd9W3o
[3] RE: DC see http://tinyurl.com/DCin2010

Email Denise Merrill Connecticut Secretary of State and ask that she follow West Virginia’s lead to serve CT’s military voters:
denise.merrill@ct.gov
William J. Kelleher, Ph.D.
Blog: http://tinyurl.com/IV4All
Twitter: wjkno1
Email: Internetvoting@gmail.com
Author of Internet Voting Now!
Kindle edition: http://tinyurl.com/IntV-Now
In paper: http://tinyurl.com/IVNow2011

PS
Cyberulling, of course, is not limited to supporters of Internet voting. See this informative article --  Cyberbullying: How Bullies Have Moved From the Playground to the Web


NEW!
For more on Alex Halderman see, in this blog,

Alex Halderman Debates Internet Voting Security w/ Me




Wednesday, November 2, 2011

Rebuttal to David Jefferson’s Brief against Internet Voting

As Professor Hasen shows in his forthcoming book, Voting Wars, conflict over the way we conduct elections in the US is increasing. One of the areas of disagreement is whether or not the US should employ Internet voting as a means of conducting elections. Professor Hasen offers a statement against that move by the highly respected computer scientist Dr. David Jefferson. With all due respect, I offer another view.

Voting, of course, is a very serious matter. It is an essential, albeit not sufficient, requirement for democracy. Voting is one of the principle ways by which the people of a nation are empowered to have a voice in their own destinies. The process of voting, that is, the means by which a vote is conducted, must be one that commands the trust of the voters, or the results will not be legitimate. Illegitimate governments can only cause political unhappiness, and possibly political unrest and turmoil. Hence, the right to cast a vote is meaningless unless the means by which the vote is counted is trustworthy.

Dr. Jefferson alleges that Internet voting is untrustworthy, and therefore should not be used in US elections. Yet, we live in a time when the cultural and economic momentum around the world is pushing towards ever greater use of electronic technology. This is not just for social or entertainment uses. Professor of e-business and computer science at the Carnegie Mellon University, Dr. Michael Shamos, who has both a Ph.D. in computer science and a law degree, observers that electronic information is replacing paper-based information throughout international law. [1]

Electronic signatures are regarded in law as just as valid and binding as hand written signatures on paper. In fact, he says, electronic records are now preferred as evidence in courts all over the world. If there is a contract dispute, emails may be used as evidence to show how a party understood the paper contract. In cases where a bank customer offers an ATM paper receipt as proof of a transaction, courts routinely rely instead on the bank’s electronic records as the definitive source of proof. Even claims to have a winning lottery ticket can be disproven by the lottery administrator’s electronic records of both where and when the ticket was sold, and the winning number. In all these cases, where electronic records are shown to have been well-maintained, they are given preference over paper, which is regarded as far easier to modify or fake.

Dr. Jefferson’s position is that despite all the movement towards a 21st Century e-world, the means by which we conduct our elections must stay rooted in the tried and true tradition of the 18th Century. That is, trek to the polling place, mark a piece of paper, deposit it in a box, and return home hoping your piece of paper will be counted as cast.

One fact that Dr. Jefferson over-looks is the long history of voting fraud committed within our paper-based system of voting over the past 200 years. Another fact he conveniently over-looks is that all over the world, where Internet voting trials have been conducted, there have been no proven instances of voting fraud. Allegations or suspicions may exist, but no charges of fraud, or even of significant error, have been accredited in any Internet voting trial conducted in this century. (RE the DC fiasco, see below.)[2]

The first trials of Internet voting were conducted in the year 2000. The Republican Party conducted a straw poll in Alaska. The Democratic Party held a primary vote in Arizona. And, the Department of Defense conducted a small online vote for overseas military personnel, who were enabled to vote in their state, local, and federal elections on their own PCs. Other nations were inspired by these pioneering US trials. Now, Elections Canada, the agency that manages national elections in that country, has requested the House of Commons to allow Internet voting for all its national elections. Numerous municipal elections have been conducted online in Canada, without any security or technical problems. A recent EAC report notes that the Swiss have held at least 36 online elections over the past several years. Internet voting trials have been done in India, France, Spain, Norway, New South Wales, and other countries. No instances of voter fraud have been shown. Tarvi Martens, who designed the Estonia Internet voting system, says it’s “more secure than Internet banking” http://t.co/Jh6Onyd

Here, then, are numerous FACTS about actual instances of successful Internet voting trials. There are many more such facts. For example, West Virginia allowed its overseas military personnel, from a few select counties, to vote online in the 2010 election. Secretary of State Natalie Tennant was so pleased with the initial trial that she asked the state legislature to expand the number of participating counties, which it promptly did.

Take a second look at Dr. Jefferson’s brief against Internet voting. See any facts in support of his claims of incurable insecurity? Does he cite even one instance of an Internet election gone wrong? How about one time when voter privacy was violated? Answer: no, not one.

Instead, he recites a litany of scary stories about what he says COULD happen. For example, “Zeus [botnets] exemplifies what could just as easily happen if online voting becomes widespread.” Or, “Anyone from a disaffected misfit individual to a national intelligence agency can remotely attack an online election …” “Anyone,” really?

Here’s a frightening thought: “Eventually someone, perhaps a partisan political operative or a foreign intelligence agency, will deploy a similar botnet to infect thousands of voters’ computers and modify their votes invisibly as they are being transmitted.”

That’s a really scary story, but has it been done in any actual Internet voting trials? Well, no – but Dr. Jefferson is certain that it COULD be done. How can he be so sure? Answer, “computer and network security experts are virtually unanimous in pointing out that online voting is an exceedingly dangerous threat to the integrity of U.S. elections.” But wait, if there is such unanimity, then why are Internet voting trials increasing world wide? Have all those systems been set up without first consulting “computer and network security experts”? Or have all those election officials gone against this unanimity, just foolishly hoping for the best? Has Natalie Tennant, her staff and advisors, and the West Virginia legislature, and its staff and advisors, all proclaimed “to heck with the experts! Let’s just do it!” Have all the responsible Swiss and Canadian officials been just as reckless?

Dr. Jefferson declares that an attacking bad guy “can probably automate that attack to allow thousands of phony votes to be recorded.” Upon what experiments, trials, or other experience does Dr. Jefferson base his probability statement? Does he have any facts, or is it just a fearful “feeling”?

The issue here is whether the United States should use electronic technology in all areas of life, but the one upon which we take the most national pride – our democracy. Moving to Internet voting is a big step, and it should not be taken without a thorough national debate. But such a debate ought to be conducted on the basis of fact and counter-fact. It should not be conducted on the basis of unsubstantiated scary stories, which conjure up such terrifying prospects that the mind shutters, and shuts itself off to all the contrary facts.

1. Dr. Shamos’s Ph.D. in computer science is from Yale University. He also teaches classes on electronic voting technology security. An elections law and patent law expert, he is licensed to practice law before the United States Supreme Court, as well as numerous federal and state courts. For 20 years, from 1980-2000, he was Pennsylvania‘s official examiner of electronic voting systems. See Shamos’s resume at,
http://euro.ecom.cmu.edu/people/faculty/mshamos/resshort.htm His arguments are in a paper presented to the National Institute of Standards and Technology at,
http://vote.nist.gov/threats/papers/paper_v_electronic_records.pdf

2. The DC hacking occurred in a practice run, not an actual vote. The hacking revealed that the system had been incompetently set up by amateur technicians. For more on this see http://tinyurl.com/DCin2010


William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
Author of Internet Voting Now!
Twitter: wjkno1