Computers Public Policy and You Rebecca Mercuri, Ph.D.

ComputersPublic Policy and You

Rebecca Mercuri, Ph.D.

Computers, Public Policy and You

Copyright © 2004 Rebecca Mercuri

Computers and Public PolicyThe ubiquity of computer technology in our daily lives

has resulted in an increase in public policy initiatives related to their use.

Such initiatives often tend to be “reactive” rather than “proactive” in nature.

Reactive policies are often met with resistance, from vendors as well as users, who want to continue doing things as they were.



EXAMPLES



Encryption The widespread use of strong encryption is

fundamental to the protection of critical infrastructures and should not be impaired by the establishment of a mandatory key-escrow system or imposition of "backdoors" in the algorithms.

There are technical reasons to believe that such restrictions are both unworkable and unenforceable.

Some researchers believe that attempts to restrict encryption could hurt legitimate U.S. security needs and damage the U.S. economy.



Pretty Good Privacy (PGP)

Philip Zimmerman created PGP, a freely distributed software download, based on the public-key encryption method.

The U.S. Government sued Zimmerman for making it available to foreign enemies.

Use or possession is illegal in some countries (including Russia, China, France, Iraq, and Iran).



Digital Millennium Copyright Act

(DMCA) The DMCA was enacted by the U.S. Congress in 1998 to

protect copyright content. Prohibits circumventing any technology that controls

copying, and publishing or distributing any technology, product, or tool that circumvents copy-control technology.

These prohibitions are having repercussive effects on scientific analysis, research, and publication.

Scientists and technologists conducting research in forensics or other computer security areas face risks of legal liability simply for reverse engineering security measures and for reporting the results of their efforts.

USACM recommends that the anti-circumvention provisions of the legislation be revised to restrict only circumvention directly involved in infringement.



Freedom to Tinker

Ed Felten (Princeton U.) and colleagues:

Withdrew a paper from a conference that would have contained a recipe for breaking the Secure Digital Music Initiative digital watermark technology, following legal pressure from the entertainment industry.

Dmitry Skylarov, Russian programmer:

Arrested by the FBI during his presentation at the DefCon hacker show for violation of DMCA in cracking Adobe System’s eBook format.



Spam and Do-Not-Call Nuisance messages and phone calls have

been facilitated by computer technology. These can be annoying as well as obstructive. Issues include:

Opt-out vs. Opt-in Definition of unwanted communications Identification of originator Penalties



Total/Terrorism Information Awareness (TIA) Involves the creation of a computing system

under the auspices of the Defense Advanced Research Projects Agency (DARPA) that can search public and private databases for information on individuals.

Issues include: Privacy violations Targeting (US vs. foreign citizens) Misuse of information False positives



RIAA Lawsuits

Brianna LaHara, 12-year-old, sued for downloading music, $2,000 settlement fine.



Uniform Computer Information Transactions Act (UCITA) Proposed uniform state law that would cover

online transactions involving computer software, multimedia products, data, etc.

May permit vendors to ban users from: Comparing software Publicizing information about insecure products Reverse engineering Prevent remote disabling of software



Electronic Voting

A case study....

you can fight City Hall....

maybe....



Lobbying

The art of influencing legislators or other public officials to support or oppose a particular cause.

May involve drafting of legislation (bills) and amendments along with committee work to refine wording.



Inside Lobbying

Meetings with lawmakers and legislative staff Providing analysis and information to

committees and legislative offices Testifying in committee Negotiating with policymakers and other

lobby groups



Outside Lobbying Changing public opinion and creating awareness Media activity, including news conferences,

editorial board visits, and assisting reporters with stories

Visits by constituents to their legislators Letter writing campaigns to legislators Building broad and diverse coalitions Conducting grassroots activities such as rallies,

town meetings, etc. Lawsuits to establish case precedents



Categories of Legislators

Champions Allies Fence Sitters Mellow Opponents Hard Core Opponents



Computer Public Policy Groups USACM http://www.acm.org/usacm

Public Policy Committee of the Association for Computing Machinery. Assists policymakers and the public in understanding information technology issues and to advance a policy framework that supports innovations in computing and related disciplines.

IEEEUSA http://www.ieeeusa.orgOrganizational unit of the Institute of Electrical and Electronics Engineers, Inc. Recommends policies and implements programs intended to serve and benefit the members, the profession, and the public in the United States in appropriate professional areas of economic, ethical, legislative, social and technology policy concern.

FIPR http://www.fipr.orgThe foundation for Information Policy Research is an independent body that studies the interaction between information technology and society. Its goal is to identify technical developments with significant social impact, commission and undertake research into public policy alternatives, and promote public understanding and dialogue between technologists and policy-makers in the UK and Europe.



Computer Policy Organizations EPIC http://www.epic.org

The Electronic Privacy Information Center is a Washington D.C. based research group. It was established to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values.

EFF http://www.eff.orgThe Electronic Frontier Foundation is a donor-supported membership organization working to protect fundamental rights regardless of technology by opposing misguided legislation, initiating and defending court cases preserving individuals' rights, launching global public campaigns, introducing leading edge proposals and papers, hosting frequent educational events, engaging the press, and publishing a comprehensive archive of digital civil liberties information.



Resources

Lobbying - The Basics

http://www.democracyctr.org/resources/lobbying.html

Ed Felten

http://www.freedom-to-tinker.com

Pretty Good Privacy

http://www.pgp.com



For More Information...

Rebecca Mercuri

[email protected]

www.notablesoftware.com/evote.html















Election 2000 – What Voters Wanted

Knowledge that their votes were cast and counted as they intended.

Indisputable way to perform a recount from the cast ballots.



Election 2004 – What Voters Received

No way to know if their ballots are cast and counted as intended.

No way to perform an independent recount.



Vendors have been allowed to hide behind

Trade secrecy Inadequate or non-existent standards Meaningless certification Techno-hype Blame-shifting



Accuracy Every vote does NOT count!

Lost vote rate of 3 - 5% far exceeds manufacturer’s stated “error rates”

Testing is performed on pristine data sets under controlled conditions and does not reflect real voting environment

Races falling within margin of error should be declared a tie and a runoff scheduled



California Recall Data Analysis

Machine Type Recall Recall Rank Candidates

Cand. Rank Average Rank

Punchcard 6.24 3 8.3 3 7.27 3 Datavote 1.95 3 5.25 2 3.6 2 Votomatic 8.17 10 9.46 9 8.815 10 Pollstar 6.03 9 9.01 6 7.52 9 Optical Scan 2.68 2 7.46 2 5.07 2 Diebold Accu-Vote-OS 2.37 5 5.91 4 4.14 3 ES&S 550 and 650 2.51 6 9.06 7 5.785 7 ES&S Eagle 1.87 2 10.89 10 6.38 8 Mark-A-Vote 3.04 7 7.57 5 5.305 6 Sequoia 4.35 8 5.54 3 4.945 4 Touchscreen 1.5 1 6.77 1 4.135 1 Diebold Accu-Vote-TS 0.73 1 9.23 8 4.98 5 Sequoia Edge 2.01 4 4.37 1 3.19 1



The State-of-the-Art in Computerized Election Equipment

Trust Us



Voting in Europe

"Let's see how my vote is counted" © Automatisering Gids 2003



Vulnerabilities Inherent in the nature of all computers (including those used

for ballot preparation and vote tallying) are aspects that can be intentionally or accidentally used to subvert the systems.

Elections are large-stakes, adversarial processes that occur in a short, identifiable time frame, hence they are high-risk targets.

The anonymity requirement for voting prevents the use of traditional forms of auditing.

Earlier forms of election fraud typically required collusion, computers provide opportunity for a lone insider to affect outcomes on a broad scale.

Such corruption is nearly impossible to prevent or detect.



A Solution –Voter Verified Paper

Ballots



The Mercuri Method DRE systems at authorized voting sites can be used to

produce printed ballots.

Voters confirm their selections before their ballot is deposited.

The DRE may also record the votes cast as a check on the ballot box.

The physical record is the official vote.

Ballots may be scanned or hand-counted.



Paper* remains the most common voting method

Voting Systems by U.S. County

Type % 1980 % 1992 % 2000

*Paper Ballots 40.4 21.2 12.5

Lever Machines 36.4 25.4 14.7

*Punch-card 19.1 23.5 19.2

*Mark-sense 0.8 20.1 40.2

Electronic 0.2 3.7 8.9

Mixed 3.0 6.1 4.4



The NEW State-of-the-Art in Computerized Election Equipment



The Moral of this Story

Be careful what you ask for

... you just might get it!



The Voter Should Be Able To ... perform the mechanics of voting properly access all permitted information be prevented from or warned about

possible mistakes correct or change mistakes use the voting system without any externally

imposed bias

-- Clifford Nass



K.I.S.S.



Usability Testing

Validation of usability design is typically performed in an ad-hoc fashion, if done at all

A study by Robert Bailey calculated that for the Palm Beach County butterfly ballot, nearly 300 participants should have been surveyed in order to detect 95% of potential problems, and over 400 for 99% assurance

Testing costs could run as much as $20,000 per election per county, or more, since displays are customized for each municipality



Usability Criteria

Font Size Typeface

Text vs. Background Color Light Level at Polling Station Display Height Ballot Layout Overvote and Undervote Accessibility

Advancement between ballot pages

Position feedback and navigation

Input mechanismsRecount capabilityMalfunction alerts



A Better Ballot Box?

Thomas Nast, Harper's Weekly, December 23, 1876.



Open Source

…can NOT provide sufficient verification and validation assurances.

“You can’t trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code.”

-- Ken Thompson, 1984



David Chaum’s Crypto Solution



Cryptographic Solutions

Could be used to assist in securing paper

Modules must be subjected to formal correctness proofs

Independent auditing (from paper ballots) is still necessary, since elections need to be transparent to all



Internet Voting

…is inherently flawed because the transport medium is insecure (spoofing, monitoring, denial of service, etc., are difficult to prevent) and it is not necessarily subject to local or regional laws.

“A secure Internet voting system is theoretically possible, but it would be the first secure networked application ever created in the history of computers.”

-- Bruce Schneier



Paper Has Advantages Many DRE’s are already outfitted with printers

to provide vote totals.

Bank ATM’s and state lottery machines use paper effectively and inexpensively.

Encourages independent recounts by the press and other agencies.

Checks and balances allow the citizens to monitor the election process.



Election Lotto



In Conclusion Voting is a complex problem

The entire election management process must be considered, not just ballot casting and tabulation

Simple solutions and quick fixes are inherently wrong

Traditional technologies should not be discarded until new ones have been proven to be better

The election community needs to be receptive to “out of the box” solutions

Date post:	30-Dec-2015
Category:	Documents
Upload:	george-gordon
View:	216 times
Download:	1 times

Computers Public Policy and You Rebecca Mercuri, Ph.D.

Documents