Not Quite a Blog 2.0

While I'll be finishing the editing of my thesis, please have a fun, safe and memorably 4th of July (or belated 1st of July if you're from up North).

Taking a suggestion from John Gideon, I'll take a break and read a bit about our Declaration of Independence and read the text itself.

"At this point, the scientific evidence is in, it’s overwhelming, and it’s indisputable. The current generation of DRE voting systems have a wide variety of dangerous security flaws. There’s simply no justification for the vendors to be making excuses or otherwise downplaying the clear scientific consensus on the quality of their products." -- Dan Wallach (Rice/ACCURATE) at Freedom to Tinker, "Vendor misinformation in the e-voting world"

I've finished the camera-ready version of the last chapter of my thesis (essentially) to appear at the USENIX/ACCURATE Electronic Voting Technology Workshop (EVT'08). It's entitled, Improving the Security, Transparency and Efficiency of California's 1% Manual Tally Procedures and is now available on my site in PDF.

EVT'08 is shaping up to be an amazing event; check the program out. The other papers should appear linked from the schedule in coming weeks.

Jon Krosnick (Stanford) will deliver the keynote entitled, "Designing Ballots to Prevent Bias: How the Order of Candidate Names Determined Who Was Elected President". Krosnick is the leading researcher in terms of survey instrument questionnaire design and has some very interesting insight into ballot positioning.

We've added two panels to the agenda that will be dynamite. I'm chairing a panel entitled "How Can Researchers and Election Officials Better Work Together?" including Jeremy Epstein, Elaine Ginnold, Greg Luke, David Wagner and Steve Weir. The godfather of California e-voting, David Jefferson, will chair a second panel on day 2 entitled, "Technical Monitoring and Other Post-TTBR Interim Strategies" and includes panelists Matt Bishop, Debra Bowen, Candice Hoke and Tom Stanionis.

I’m here this morning to warn that, whatever gloss might be put on it, the so-called “compromise” on immunity for phone companies that broke the law is anything but a compromise, and that Congress appears poised to needlessly toss the rule of law out the window and deprive these millions of ordinary Americans of their day in court. My one simple message is that no matter how they spin it, this is still immunity, period.

Indeed, there’s an easy litmus test that everyone can use when evaluating this proposal or any other: does it allow the court to rule on the legality of the surveillance? That is, does it allow the plaintiffs to obtain a public decision on whether the companies broke the law, and if they did, to get an injunction to stop them from breaking the law again? If the answer is “no”, then it’s still immunity, plain and simple.

The EFF's Kevin Bankston in a prepared statement. (emphasis mine)

(Press Release: EFF Speaks Out Against Telecom Immunity Deal)

ACLU of New Jersey has submitted an amicus brief (1.5MB PDF) in the Gusciora case, being litigated by Penny Venetis and her team at Rutgers' Constitutional Law Clinic. The brief challenges a gag order issued by the Judge based on the implications of the Judge's order with respect to 1) the first amendment rights of the experts in the case and the public; and 2) the lack of showing of good cause in restricting dissemination of results from the experts' testing.

I haven't seen the full protective order, but the two paragraphs at issue here are troubling. I can't imagine any expert that could agree to those terms that also hopes to be available for such work during the next few years (while the case makes its way through the courts). For academics that work in this field, the order is even worse in the sense that one couldn't discuss any aspect of their findings and could even be chilled in discussing findings from other studies.

One thing that gets me is the continual use (in all areas of voting technology) of the terms "proprietary information" and "confidential information". Let's be clear here: the only types of information that could be compromised by disclosure are trade secrets and confidential personal information. Any other term is just not acceptable: the other forms of intellectual property---copyright, trademark and patent rights---would not be implicated by disclosure of the information; that is, the vendor would still be able to enforce those rights. And any confidential information that is not personal information is a trade secret.

Vendors in voting systems have been getting a "pass" on the issue of trade secrecy for too long. In other contexts, trade secrets are things that one can point to and identify (e.g., the recipe for Coca-Cola). Vendors of voting technology have been able to point vaguely at their hardware, software and documentation and say, "There's trade secrets there." Undoubtedly there are. However, we need a mechanism by which vendors can positively identify trade secrets... or reviewers should be able to ask, "Is there a trade secret in this sentence from your documentation?" Narrowing what is a possible trade secret would allow reviewers (or anyone) to produce public and private reports more easily where the private reports contained trade secrets.

Usually, we "know it when we see it" with trade secrets but in the realm of voting technology, we currently do not. That's going to need to change.

NB: Obviously, there is a third type of information that could be problematic if disclosed: actionable security exploits. That is, details about security vulnerabilities sufficient to allow compromise of a voting system in a manner such that elections are placed in danger of exploit.

...many of us don't want to read your blog posts on Obama and Clinton. Get bent.

The 2008 USENIX/ACCURATE Workshop on Electronic Voting Technology is open for registration with the full technical program posted here:

http://www.usenix.org/events/evt08/tech/

It's been quite popular to the extent that the organizers and PC chairs this year, David Dill and Tadayoshi Kohno, worked to expand it to two days! I'll be moderating a panel and presenting the last chapter of my thesis, so be sure to come early if you plan on attending USENIX Security or if you're a die-hard elections geek!

Doug Chapin and Chris Backert pointed me to the new Voting Information Project (Chris entitled his post, “Just About The Coolest Thing”). My initial reaction was much like the title of Chris’ post: it did seem very cool. Not only that, but it’s funded/coordinated by Google, Inc., Pew’s Center on the States and the JEHT Foundation. This will be a wonderful resource when finished and will start to regularize structured data publication by local election jurisdictions. Many thanks and my gratitude to those behind VIP for their efforts and investment.

However, after looking a bit more deeply into the current content of the VIP site, I’m left with some serious questions. I hope we can work through some of these comments to best position VIP to fulfill its goals.

What’s the vision?

It’s hard to find a coherent vision for the project. They have a FAQ and a longer description of the project, but no mission, vision or roadmap and no indication of who (as in people, individuals) are participating (other than the developers listed on their Google Code page).

Right now the VIP appears to be a data standard (a markup language specification), a funding program for states to collect data in this format and a method of uploading such data to the VIP site. (In the longer description of the project, they say they’ll soon provide data feeds.)

It would be nice to know what else they have planned. One concern during an election year is a data collection overload; the VIP shouldn’t develop in a vacuum, which it appears to have over the past eight months. That is, much of this information is regularly made available by NGOs. Ballot information can be had at the state and local level via LWV’s smartvoter, for example. The Verified Voting Foundation has invested quite a bit of time and effort in producing a mapping of the types of voting technologies used at the local level (check out their Verifier tool). I can understand how this is a “push” effort rather than a “pull” effort---that is, the idea is for government entities to start providing this data instead of NGOs to have to collect it---but a more likely outcome for this project is that a few states provide feeds in 2008 and then stop maintaining this information when the attention dissipates.

(NB: The specification doesn’t have a name other than the “Voting Information Project’s open format” (or, in various places, “EVP XML” or “EIP XML”). I’ll call it the “VIP XML format”.)

Where’s the EML?

The VIP XML format specification document (via this very ugly URL), doesn’t mention the OASIS’ Election Markup Language (EML). EML is an international standard markup language for election data that is currently in the process of becoming an ISO standard. It would be good if the VIP folks could say why they decided to make their own standard instead of reusing pieces of the EML standard. I suspect this is because the EML standard is general to more than just US elections and that it might not include elements that they need for their goals. However, it would make sense to see how EML could be changed to accommodate these needs rather than eschewing it altogether.

This is an important point: There is no mention on the VIP site that they’re working with voting system vendors. Vendors are planning on supporting data interchange in EML format and a number of us have made the case that the new US VVSG standard should require vendors to produce data in EML (see the text of ACCURATE’s VVSG comments). The VIP project would be much more useful if they also invested time in XSL transforms that would allow EML interoperability with the VIP XML format.

Where are the data entry tools, etc.?

Related to this last point, if the idea is to provide regularly-updated “feeds” of elections-related information, there needs to be mechanisms for getting this information out of the tools that jurisdictions currently use, or providing data-entry “wizards” that will walk local election officials---where most of this information will reside---through the process of creating a data feed.

Obviously, data “feeds” are best and most useful when automatically created rather than manually updated. There isn’t any attention on the VIP site to the integration needed with existing elections information management tools and election management systems to best support data publication and dissemination such that the end-to-end connection is made from tools that contain this information to publication of the information via the VIP feeds mechanism.

What will encourage jurisdictions to enter/provide data?

In all seriousness, why would a jurisdiction want to provide this information? Unless election officials see a clear benefit from providing the data and that the process for doing so is easy (and hard to provide incorrect, incomplete, etc. data), I can’t imagine many jurisdictions will take the time to do this.

The VIP project seems to think that this is a problem of initial costs. To remedy this, they’re offering $20,000 per state to help with these fixed costs. I’m not convinced that’s adequate. It might make more sense if there was some sort of incentive offered for providing data, similar to a non-profit equivalent to Dan Tokaji and Thad Hall’s proposal for providing federal funding contingent upon completing a detailed election data survey instrument.

I don’t think financial incentives are absolutely necessary to get comprehensive, high-quality data. Instead, election officials need to see there is some sort of network effect that compels them to provide data. For example, if there was a social network-component or if, through using it, they got access to some tools that made their jobs easier (such as voter-oriented elections information portals).

What’s with the draconian terms?

Being not-quite-a-lawyer, I was really interested to see the VIP project’s Terms of Service. There are a few interesting, and possibly troubling, features of this ToS:

• CC licensed specification: The specification document is licensed under a Creative Commons Attribution-ShareAlike 2.5 license. It appears that the text of recent Google and Microsoft specifications are so licensed but, I’d feel more comfortable with a license that recognizes that a specification is more than just text (see Creative Common’s Mike Linksvayer’s post “What good is a CC licensed specification?”).
• Changes could be arbitrary: For a site that aims to provide data feeds, it’s a bit troubling that the ToS says anything can happen at any time without any notice. Some notion of a commitment to provide data that people are relying on would be a good thing.
• It’s a contract: Unlike most ToSs, it explicitly says that the ToS is a “contract” that we, as visitors, enter into by using the website. In the world of terms of use, terms of service, etc., it’s rare to see the word “contract” used; usually ToS writers prefer less-specific language. I’m not sure if this is necessarily a problem and would be interested if any legal minds out there have an opinion on such adhesion contracts on the internet. (I just might not be aware of recent developments that advise using the more specific “contract” language.)

My point here is that these terms seem somewhat draconian and reflect the desire of the backers to avoid legal messes and liability. But will these terms serve their goals of creating a interactive data community? I’m doubtful. The question of what terms should apply to “open services” will have to wait for a future article.

What kind of standard is their spec?

Finally, the big kicker for me: This doesn’t appear to be an open standard. I would call it a disclosed standard or a limited open standard (after my paper on source code disclosure in voting systems... that I’m currently updating for my thesis publication): Only a few possible constituencies are able to provide input into the VIP XML standard and it can change arbitrarily at any point in time. If one of the goals is to support data publication in an end-to-end manner, it would be best to include users of the data as well as election management system developers (vendors) in development of the standard. As it stands now, it appears to be an effort entirely contained within Google and a set of unidentified state-level election officials.

I don’t want to sound too harsh; I think this is exactly the kind of endeavor we need more of. However, the overall feeling I get from the VIP is not as promising as it could be.

UPDATE [2008-05-28T12:26:47PDT]: Added some sugar to my criticism.

Here are some pics taken at our commencement... a superb pic taken by Andrew Fiore (catch his album on Facebook):

A picture taken by Jens of me messin' around (link is to my flickr set):

A picture taken by me with Yuri's camera... this is Yuri, Fredrik, danah and Jens (the other four PhD graduates):