Wednesday, March 31, 2004
Internet voting dumped in US
The Washington Post reports that the Pentagon has finally dediced to dump its Internet voting scheme, SERVE. No programme, no experiments. (Free registration required).
The Post report quotes Robert Del Picchio, an upbeat French government technophile. He clearly needs to talk to the people from the French Internet Rights Forum, who came out with a firmly 'anti' stance last autumn, as reported on this blog.
8:48 PM|
link to this item
Sunday, March 28, 2004
Voting workshop, Minneapolis
People signed up for the Minneapolis workshop on voting and usability now include Sharon Laskowski (National Institute for Stanards and Technology, Washington DC), Dori Tunstall (Research Director, Design for Democracy, Chicago) and two of the team from the National Science Foundation research programme into voting: Richard Niemi (University of Rochester) and Michael Traugott (University of Michigan).
Workshop website
9:50 PM|
link to this item
Magic
Just back from a few days at Dust or Magic, held at Wadham College Oxford, and expertly organised by Bob Hughes of Oxford Brookes. Yes, it was magic. Now trying to catch up with mail etc., so if you're waiting for something, bear with me. If time permits, I'll post some stuff about the sessions, but I hear some of the Oxford Brookes students are preparing material about their experience, and I hope they convince Bob to make it all available at a central DorM online location.
7:30 PM|
link to this item
Tuesday, March 23, 2004
Main points from talk by Barbara Simons (Cambridge)
Here follow the main points Barbara Simons made at the Cambridge talk last Thursday on Internet voting and the SERVE project:
This should only be a technical issue, not a political one [said BS]. However, there is a willingness on the part of policy-makers to believe what vendors tell them, perhaps owing to policy-makers having little or no understanding of technology. There have been verbal attacks on computer scientists voicing concerns in the US. The issue of voter confidence is going to be a problem.
E-voting is hard
- the question from the public is: "if I can buy a book from Amazon.com, why can't I vote?
- but e-voting is harder than e-commerce: the stakes are exceedingly high, democracy depends on voter confidence, more challenging
- Denial of Service attacks on e-commerce may prevent some sales - with voting, does not invalidate those that do succeed
- interference may be difficult to detect e.g. no bank statement; with e-commerce, failure can be detected
- anonymity of voting (in US) makes it impossible to determine if votes correctly counted
- how to detect failure? - airplanes crash (less of an incentive to make airplanes crash), books are not delivered
- there are more incentives to fix an election than to fix some other types of system
Some solutions sound fine from a comp.sci. perspective, but in the real world, politics intervenes - can't count on provisions for holding election again.
SERVE project
- in US, voting is regulated at state and then county level - a small number signed up for SERVE
- USD22m Department of Defense project for 2004 elections and primaries
- would allow voting by: any military, civilians outside country
- despite declarations, website still up and nothing about it being cancelled on the site
- academics invited to come in, including Barbara's team; also included social scientists who "didn't want to see it killed"
- policy makers wanted to go ahead because of concern over military votes in 2004 election
SERVE - conclusions
- SERVE contains all security vulnerabilities of paperless touchscreen voting machines
- Internet and PC-based systems are vulnerable to many potentially catastrophic well-known cyber attacks
- attacks could be large-scale, launched by anyone from anywhere
- impossible to estimate the probability of successful cyberattack on one election
- major elections are tempting targets
- the people who are running SERVE are well meaning but working with flawed set of premises
- are going ahead with SERVE but on the basis of "votes don't count" they say (so what's the incentive to attack?)
- could appear to work flawlessly but lack of detected attacks does not mean there are none
SERVE system requires voters to have
- Win95 or above, MS Explorer 5.5 or above/Netscape Navigator etc.
- the users are responsible for maintaining security of their computers
- voting allowed from public computers with Internet access
Major security problems with SERVE
- software bugs: election software is supposed to be certified whenever mods made; but there is a disincentive to fix bugs as have to get sys certified, which takes 2 weeks at least (all systems), so won't be done just before the election; hard deadline of election, so not a lot of time (also, they don't do a code review)
- insider attacks - can't address; can be very cleverly hidden, could be v hard to detect (see for eg MS Excel 97, which had hidden flight simulator)
- security vulnerabilities on client side: own computer may be insecure - people are not very good about security on their own machine; security risks of computers not owned by voter; especially an issue for minorities and disadvantaged; employer-owned computers may be monitored
- remote attacks on voter's computer (Denial of Service in many possible varieties)
- viruses and worms: virus checking software only works against previously known viruses; small-scale worm can selectively target small sectors e.g. people who visit a certain candidate's site; could lead to selective disenfranchisement; once a computer is infected, all bets are off
Automated buying and selling
- provide credentials (password etc) to purchaser, who could then vote
Recent Internet election - Michigan Democratic Party's Primary
- Internet voting an option
- took place after SERVE report
- their report focus is all on main server, not on client side because they can't know anything about that
- they say there are no attacks (naive)
Election officials
- tend to like the machines, as get immediate results and can go home
- have an unhealthily close relationship with vendors
- well meaning, but often don't understand tech
The big question
- what will this do to the fabric of American democracy, if the same thing happens again? [as in 2000]
- what is the agenda here? - to replace punch card machines? - Simons is not an advocate of PCMs but often, and especially in poorer areas, they are not properly maintained
Recent Spanish elections
- would the unexpected result have been so easily accepted had the voting system been electronic? Probably not
Forthcoming Indian elections
- equipment manufactured by defence industry/department of defence (?)
- what happens in India will be interesting
Anonymity
Anonymity (in the US have, in UK not) is a good idea - civil rights struggles in the South - many blacks not allowed to vote - concern that local councils could see how they voted. US has a recent history of people killed for trying to vote.
The right way to do e-voting
- use optical scan machines in the polling place; this gives feedback
- with earphones attached (for the blind)
- ideally, scanner and voting machine should be made by separate companies
- in whatever case, there should be a percentage manual recount...but what they do generally is print out what's on the machine!
11:55 AM|
link to this item
Sunday, March 21, 2004
Barbara Simons in Cambridge
This week saw a gathering of the e-voting clans in Cambridge. Barbara spoke about the background to the so-called minority report on the Pentagon's Internet voting SERVE project, previously discussed on this blog.
While not everyone was able to make it, the turnout was good, and included Dr Ben Fairweather (De Montfort), and Margaret McGaley and her husband from Ireland, as well as many staff and students from Cambridge. Well done to the Foundation for Information Policy Research for putting this together.
7:11 PM|
link to this item
Saturday, March 20, 2004
Innovative ICT projects get government funding
The My Society civic software project led by Tom Steinberg has just heard it's been awarded £250,000 by the Office of the Deputy Prime Minister, in response to a bid made in partnership with West Sussex County Council. The money comes from the e-innovations fund, a pot of government cash set aside to stimulate useful online projects.
The mainstream public sector will be the main beneficary of the initial £14m fund: 34 councils have been awarded money in a first round of bids. Public Finance magazine reports that funded projects include "a virtual tour of vacant council houses, text messaging to improve access to services for rural residents and measures to help elderly people use electronic services". Westminster Council has come away with the largest amount, £500,000.
A further round of funding will be available in the autumn.
Government press release: http://www.odpm.gov.uk/pns/DisplayPN.cgi?pn_id=2004_0060
List of awards (DOC file): http://www.odpm.gov.uk/pns//pnattach/20040060/1.doc
12:49 PM|
link to this item
Saturday, March 13, 2004
Unintended consequences and the Madrid bombings
Back in 2002, Cory Docterow wrote a piece for O'Reilly entitled The Street Finds its Own Use for the Law of Unintended Consequences: Jewish grandmothers terrorising the Motion Picture Association of America with their rampant use of VCRs and so on.
"The fact of the matter is that no group of engineers in a boardroom can ever anticipate what normal people will do with their inventions," Docterow wrote..."Indeed, the measure of a product's success is how far it diverges from its creator's intentions."
The VCR became a tool of the amateur porn industry - I came across a fireman who developed a whole second career for himself copying porn films and selling them to punters in his considerable off-duty hours - as well as of the corner shop owner with a need for a low-fi security system.
This week has highlighted some consequences of the mobile phone. A mountaineer recounted on BBC radio how she had been rescued from a Swiss mountain top thanks to her trusty mobile. This is the kind of predictable consequence that we could expect mobile operators to proclaim as exemplary benefits.
Yesterday morning, I was asked to speak on various BBC radio stations about the bombings in Madrid. So I made sure I was completely up to date by reading Spanish newspaper reports about ETA over the last few months, and then talking to people in Madrid and elsewhere in Spain.
I found that Thursday's bombing was not the first time that terrorists in Spain planned to use multiple rucksacks containing bombs to be set off siultaneously by mobile phones; it was just the first such plan that had succeeded. To take a recent example, last Saturday two individuals were picked up near Madrid with more than 500kg of explosives. They told the police of a plan to plant some twelve rucksacks in the Spanish ski resort of Baquiera Beret last December, each to be equipped with mobile phone timing devices that would result in a synchronised bombing across the resort (where the Spanish royal family often skis). This was the same strategy to that deployed in Madrid this week, though the December attack was called off for various reasons.
Mobile phones are great, but just like anything else they can be used for bad: as a quick means of taking pornographic pictures of children in swimming clubs, or as timing devices for bombs. As William Gibson wrote, "the street finds its own use for things".
The law of unintended consequences is often referred to in favourable terms, with ordinary people finding exciting uses for new technologies. The deaths provoked by the unintended consequences of the mobile phone in Madrid this week demonstrate that technological advance, even involving seemingly harmless artifacts, can also have a dark side.
Security companies have developed devices that can jam phone signals within a given area, a tactic that is often used to protect individuals passing through high-risk areas. These work by broadcasting white noise to counteract the mobile phone signals, so stopping the receiving phone from getting the detonation signal. But how can we protect public transport? This would involve blocking all mobile phones all of the time, so defeating the very purpose of mobile phones themselves.
5:23 PM|
link to this item
Fred Brooks and the difficulty and importance of design
A couple of weeks ago, I gave a talk that William Hudson came to see (it turned out he was preparing a piece on ethnography in design).
One of the quotes I used was from an obscure article in the computing periodicals by a certain FP Brooks, from the first chapter of Andy Crabtree's Designing Collaborative Systems:
"The hardest single part of building a software system is deciding
what to build...No other part of the work so cripples the resulting
system if done wrong. No other part is more difficult to rectify later."
Somehow - perhaps because it was not from Brook's classic book, The Mythical Man Month - I failed to connect that this was the same Fred Brooks that wrote the classic text. William pointed this out to me. It's a great quote and a key idea in how we approach systems design.
5:11 PM|
link to this item
Friday, March 12, 2004
Vanity Fair covers e-voting
Doug Simpson's blog picks up on 'Hack the Vote', Vanity Fair's April 2004 coverage of "partisan politics, murky accountability and lurking felons inside the e-voting systems industry and the government procurement decisions regarding it."
"As author Michael Shnayerson prefaces it, 'this is a story of good
intentions gone awry, of Congress bamboozled into thinking the
machines were ready when they weren't, of county and state election
officials softened over lavish dinners into endorsing one kind of
machine over another, with some later induced to take jobs at voting
machine companies. And like most American stories its about money
-- big money, $3.9 billion, showered on the states to buy the
machines, and buy them fast.' "
Vanity Fair content is not online, so you'll have to buy the hard copy to get the story.
9:52 AM|
link to this item
Wednesday, March 10, 2004
Applied anthropology
The UK Association of Social Anthropologists is starting up a new network for applied anthropologists. I'm really glad to hear this: applied anthropologists - that is, those working outside academia - have for too long been considered the poor relation, regarded as 'no longer anthropologists' in the memorable words of one long-time, real-world practitioner.
This development coincides with, first, last year's applied anthropology conference at Loughborough University, organised by Sarah Pink, and second, the resurgence of an ethnography network focussed on design in London, as of last autumn.
These are all good developments.
Anyway, this is also an excuse for me to mention how much I've enjoyed reading Creating Breakthrough Ideas: The collaboration of anthropologists and designers in the product development industry, by Susan Squires and Bryan Byrne (Bergin & Garvey, 2002). This is a collection of 'tales from the field', written by people who've been there and done it. There's a lot of stuff about collaboration, and about clients, and the texts provide some good background to understanding how this particular corner of the universe has got to where it is.
8:21 PM|
link to this item
Categories, good and bad
I'm always interested in how people classify things, and more so since having read Sorting Things Out: Classifications and its Consequences by Geoffrey Bowker and Susan Leigh Star.
Since Ocado let me know that they were now delivering to my area, I haven't got around to signing up (the day their email arrived, last summer, there was a blackout across south London, and then, well...). So I only started using the Ocado site yesterday.
Mostly this went well, but one thing was curious: I tried hunting for peanuts in the dried fruit and nuts section (along with walnuts, macademia nuts, almonds, hazel nuts, cashews, pistachio nuts and every other kind of nut), but no go. They could only be found by doing a database search, when lo and behold, peanuts in their many varieties popped up in section 'confectionery and crisps', subsection 'cozy night in', sub-subsection 'peanuts', together with 'dips', 'indulgence chocolate', 'breadsticks' and 'bags of chocolate'.
Now what is this saying about who, I wonder. That the information architects think that people who eat a lot of junk food would not consider peanuts a nut? Or would not think their junk food clients would eat other kinds of nut? Or that typical nut eaters don't eat peanuts, but only the more exalted nut varieties? Or that they think this client of theirs is a saddo, 'cozy-night-in' person who is really eating junk food, if only she knew it?
Ocado successfully cross-classifies quite a number of items in parallel categories, which makes me wonder whether this particular case was overlooked (it's a large category and seemingly obvious, so seems unlikely) or whether there is some underlying nut agenda out there....
And can any food - and I'm talking nuts here, not some manufacturer's nightmare high-margin, strange-coloured invention - truly be classified only is a category labelled 'cozy night in'?
6:21 PM|
link to this item
Tuesday, March 09, 2004
Reports on e-voting in US primaries
The Guardian seems to have recently caught on to e-voting issues in reports on the US primaries. Better late than never.
Over in the US, "Poll workers struggling with a new electronic voting system in last week's election gave thousands of Orange County voters the wrong ballots" according to a Yahoo report of an LA Times story concerning California counties. The Miami Herald has also been carrying reports on west coast e-voting developments, while CBSNews looked at some of the security measures being impelemented. Wired News reported 'Snafus aplenty' in e-voting.
12:36 PM|
link to this item
Monday, March 08, 2004
UPA workshop and panel on voting
We're running a panel and a workshop on voting at the Usability Professionals' Association conference in Minneapolis this summer.
Anyone interested in taking part in the workshop should take a look at the UPA workshop page, where there are full details and instructions about submitting a position paper. Deadlines are fast approaching....
1:42 PM|
link to this item
Wednesday, March 03, 2004
E-voting in India
Here's an article on the BBC site about India's current status with e-voting. The piece includes a diagram of the equipment.
9:50 PM|
link to this item
Monday, March 01, 2004
Wanda and Barbara
Some good US speakers are turning in the UK over the next few weeks.
First off is Barbara Simons, who'll be talking at Cambridge and at Oxford Internet Institute in March.
In April there's a visit from Wanda Orlikowski, author of a seminal ethnographic study of the adoption of Lotus Notes in a consultancy organisation, and still going strong in the field of technology at work and organisational behaviour.
See the Events page for full details.
9:48 AM|
link to this item
|
