This post is not about politics

This post is not about politics. 

But it is about the election, and it’s important. Let me state it bluntly: the increasing computerization of our electoral process is putting our democracy at risk. The process as it exists now is broken and we need to bring back a foolproof paper balloting system that everyone can understand and trust.

Look at two of the many story lines of this year’s election. On the one hand, we have a candidate who has repeatedly claimed that the political system and the election is “rigged”. He’s already predicting that if he loses it will be because the other side cheated. Put aside your opinion of the validity of this claim: the fact is that he may, and probably will, seek to delegitimize the likely result of the election, an idea that will undoubtedly resonate with many of his supporters. An election mistrusted by a large portion of an angry electorate does not bode well for good and peaceful governance of our nation after election day.

Now consider the second story line: the very disturbing extent to which many of our government systems have been penetrated by America’s adversaries. Whether it was the Russians, or WikiLeaks, or another intermediary, the fact is that some very important systems that were (or should have been) well-guarded were compromised and hacked. This includes the most protected servers of the NSA. These stories do nothing to instill confidence in America’s systems amongst the general public. Anyone paying attention would conclude that no system is hack-proof to a determined, skilled and well-funded adversary. I agree that this is true, don’t you?

Now look at the way elections are conducted across America. It’s a vast patchwork of locally-managed, often shoestring operations incorporating various degrees of computer and software tools. Some touchscreens here, some Windows 2000 operating systems there, you name it, it’s out there. Security? Maybe. World-class IT security? Don’t bet on it. The men in black at the NSA (who can’t even guarantee the security of their own systems) are not managing the security at the local polling place. The systems out there are vulnerable and we don’t even know how bad it is.

We have been waiting many years for the election process to mature into a secure, stable, uniform process that takes advantage of computerized tools; one that would be secure, easy to use, fast and auditable. And above all, trustworthy.

It has not happened. It has only gotten worse. I have followed this subject for a long time as part of my course in IT Ethics at Immaculata University. The systems continue to age, break down and expose their flaws, while vendors and local electoral officials fight a losing rearguard action to keep up. The systems have proven to be hackable and failure prone over and over. In many cases, the lack of auditable paper trails have resulted in votes being lost again and again. This is not speculation, but reported fact. And now we face the prospect of foreign adversaries with an interest in meddling in our election, coupled with an angry faction ready to believe that the whole process is crooked.

A recent op-ed piece in the New York Times by Zeynep Tufekci, called Bring Back Paper Ballots, makes a strong case against our broken system and urges us to return to a paper balloting system that is impossible to hack, fully capable of being audited and re-verified, baby-simple to use and worthy of our trust. Among the quotes in the piece is this one from Matthew Green, a specialist in cryptology and cybersecurity at Johns Hopkins University (no Luddite he): “There is only one way to protect the voting systems from a nation-state funded cyberattack: Use paper.”

I have been convinced by Tufekci’s argument and I agree that our electoral process is one place where computerization will work not to our benefit but to our detriment. As an IT guy it’s hard for me to admit that, but as a citizen, it’s a no-brainer.

Paper based systems need not be primitive or cumbersome. My county (Chester County, PA) uses an Optical Mark Recognition (OMR) system, often called “fill in the bubble”. It’s simple and scanable, results are computable quickly, it’s hard to tamper with and, best of all, the paper can be saved and recounted if there’s a dispute. I think this should become the electoral standard everywhere.

We cannot allow the results of our next election, and many after that, to be put at risk and tainted by doubt and denial. We must have a process that every citizen can trust and no one can tamper with. Let’s go back to a good paper balloting process.

Anonymous: online freedom fighters, or the gang that couldn’t hack straight?

The FBI and affiliated law enforcement agencies are now rolling up the Anonymous and LulzSec hacker networks. Over a dozen arrests have been made so far, and countless numbers of computers and peripherals have been seized. Prosecutions will undoubtedly follow.

It doesn’t look like the Feds had to break a sweat to get these guys. Many of the hackers had not done even a fair job of covering their tracks online and a few did not even seem to try (or know how). Some, astonishingly (or perhaps incredulously), claim they did not think what they were doing was criminal. The DDOS attack against PayPal last December, prompted by PayPal’s refusal to accept contributions for WikiLeaks, has emerged as the test case for the arrests. The Anonymous mob used a program with the typically juvenile name Low Orbit Ion Cannon to flood PayPal’s servers with packets.


You can take off the masks now, boys.


As many of these NOT-Anonymous perps now make their defenses, the choices range from (1) I was just fooling around, (2) what Low Orbit Ion Cannon, officer? (3) I didn’t know it was illegal and (4) what I did was a form of political protest that has an honored history, like the civil rights movement.

I’ll brush aside defenses like one and two. We should talk about three and four, the ignorance defense and the political protest defense.

Ignorance of the law is never acceptable in court, and whether it will hold up in the court of public opinion is, I think, very doubtful. The actions of Anonymous, in their on-line taunts and tweets, clearly had the edge of lawlessness to them. To claim the hacking skills they touted, yet to remain ignorant of the rules of the road of the web (not to mention the Computer Fraud and Abuse Act of 1986) is facetious at best and laughable at worst. I think we can dismiss this one.

The attacks against government and other establishment sites, most in support of a POV tied to causes like WikiLeaks and Immigration Law, clearly showed a political agenda that Anonymous placed front and center. Can their actions be justified by the claim that they were fighting for a cause? Hacktivism, or White Hat Hacking, does indeed have a history of its own and we would be wrong to dismiss this without a hearing.

However I think it’s very wrong to put malicious, online vandalism on a plane with a civil rights sit-in (a claim specifically made by Keith Downey, one of the men arrested). Two key distinctions have to be made: one, civil rights protestors did not act anonymously. They took a courageous stand in full view and in full risk of the consequences. And two, the civil rights activists were ready to accept arrest and punishment as part of the protest; they did not seek to escape or hide behind subterfuge. Rather, they exposed injustice by submitting to it. No one in the Anonymous gang can claim this kind of courage or self-sacrifice.

I think both of these distinctions refute the excuses made by white hat hackers over the years. I applaud those who have resisted injustice by following the examples of Gandhi and King, and I refuse to taint their legacy by equating them with internet vandals who hide their identities and seek to evade the consequences of their actions.

(Downey's comparison to the civil rights movement was reported in the NY Times.)

Your next computer will have a car attached

By now you’ve all heard that computers are coming to cars in a big way. It seems that all the automakers are rushing to put some kind of personal computer-like experience into the car. Web browsers, MP3 players, video, internet radio, restaurant lookups, and of course texting, Twitter, Facebook and social networking of all stripes – it’s all coming to a dashboard near you. Our cars will be online at all times.

This week it was Volkswagen’s turn to announce their version of the “car of the future.” In a story reported in Computerworld and elsewhere, VW CIO Warren Ritchie described a high-touch environment of connectivity, touch-screens, autosensing technology and so on. To make the point, Computerworld said “the car of the future will be both a product and a service.” The vehicle would access data in the cloud and integrate with the customer’s own electronics, like a smartphone or tablet.

I think most of us have either embraced ubiquitous computing or given up trying to fight it. Either way, the integration of computing with the car is not hard to imagine. Computer chips have been under the hood for years, and in-dash GPS and dashboard diagnostics have become common enough. But now we’re about to see the whole PC-like, perhaps Windows-like environment inside the vehicle. I think this leads to two concerns we should all be thinking about.

One: distraction. Two: security.

Driver distraction is a major issue. No one can resist the eye and brain candy of the web, games, social networks and the rest. If this is within sight and reach of the driver, all but the most basic functions must be disabled while the car is in motion. (Good GPS units do this now.) Incredibly, not all automakers have pledged to do this. The response from some car makers (Ford is one example) is that the system will be voice-activated, so as not to take drivers eyes off the road or hands from the wheel. I’m not convinced this is good enough. We’ll have to see if safety trumps marketing or the other way around. I wouldn’t be surprised to see regulation prevail, if common sense doesn’t.

Security is the second big risk here. Consumer software – in which ease of use is priority one – is always going to carry a risk of intrusion. Combine that with wireless connectivity and you’ve got a honeypot for hackers. Think it can’t happen? Check ABC News’ coverage of this last August. In a story called “Scientists Hack Into Cars’ Computers: Control Brakes, Engine” they describe how researchers were able to fake out a car’s onboard diagnostics systems to control the car in motion. The implication is that once the system is even more open (read “Windows based”) and wirelessly online, the hackers will have a field day. Frankly, I think this is more realistic than it is alarmist.

We can’t deny that more and more of our everyday devices are going to be running software and connecting to the network. For example, all the major appliance manufacturers now offer refrigerators with touchscreens that can access email, the web, MP3 players, and so on. Yes, I said refrigerators. Why? Because they can, of course. I once joked about being able to pull up stock quotes on your microwave. It sounded funny years ago, but now we’re there. Cars – where we spend so much of our time already – are not going to be exempt from this trend.

We have to preserve a balance and weigh all the priorities. I’m first in line when it comes to adding technology that will enhance my life and serve me better. But let’s remember that we share the road with a million other drivers. I want them to be secure and distraction-free for my own safety as much as their own.