In 2007, California Secretary of State Debra Bowen commissioned a review of California's voting systems by a team of technical experts, of which I was one.
She released many of the technical reports on the night of 27 July 2007 and then spent a week studying the results before issuing her decisions at a late night press conference on Friday 3 August 2007.
I recently had occasion to try and find the record of that statement, but it didn't seem anywhere to be found. Then, I remembered that I had captured the audio of the announcement:
It's a visceral, thoughtful piece of voting systems history that particularly highlights how careful, conservative and scientific Debra Bowen thinks and adjudicates. Below, I include the full transcript from the event... (I've posted those in HTML and TXT, as transcribed by the wonderful CastingWords.com).
CA SoS Bowen TTBR Decision Announcement
3 August 2007
Debra Bowen: I don't want to wait any longer. It's been a long evening as it is. So, good afternoon or evening or whatever it is. It reminds me a little bit of our old budget negotiation days. Apologies for the delay. Believe me, it was not by design.
Before I announce the actions that I have taken this evening, I want to talk briefly about the decisions and something about the rationale behind them.
The systems that we use to cast and tally votes in this state are the most fundamental tools of our democracy. And if, in this great nation, we do not have confidence, our citizens do not have confidence that elections have been correctly decided because they do not have faith in the integrity of the tools used in the conduct of elections, then elections officials have a duty to investigate the source of citizens concerns and a duty to take remedial action.
A democracy cannot long remain a democracy if a substantial number of its citizens have lost faith in the electoral process itself. I take my responsibilities as this state's chief elections officer very seriously. I am mindful of the impacts that my decisions will have on voters, on county and local elections officials, poll workers, voting system vendors, and on others in California and across the nation.
Every county's election results have consequences for the citizens of every other county. Every state's election results have consequences for the citizens of every other state. And every nation's election results have consequences for all of the people of the world. That's the nature of our independent world in the twenty-first millennium.
Today, the Kentucky Supreme Court handed down an opinion in the saga of Kentucky vs. 141 Domain Names (described a while back here on this blog). Here's the opinion.
This case is fascinating. A quick recap: Kentucky attempted a property seizure of 141 domain names allegedly involved in gambling on the theory that the domain names themselves constituted "gambling devices" under Kentucky law and were therefore illegal. The state held a forfeiture hearing where anyone with an interest in the "property" could show up to defend their interest in the property; otherwise, the State would order the registrars to transfer "ownership" of the domain names to Kentucky. No individual claiming that they own one of the domain names showed up. Litigation began when two industry associations (iMEGA and IGC) claimed to represent unnamed persons who owned these domain names (and another lawyer showed up during litigation claiming representation of one specific domain name).
The subsequent litigation gets a bit complicated; suffice it to say that the issue of standing was what got to the KY Supreme Court: could an association that claimed it represented an owner of a domain name affected in this action properly represent this owner in court without identifying that owner and that the owner was indeed the owner of an affected domain name?
The Kentucky Supreme Court said no, that there needs to be at least one identified individual owner that will suffer harm before the association can stand in stead, ruling,
Due to the incapacity of domain names to contest their own seizure and the inability of iMEGA and IGC to litigate on behalf of anonymous registrants, the Court of Appeals is reversed and its writ is vacated.
And on the issue of whether a piece of property can represent itself:
"An Internet domain name does not have an interest in itself any more than a piece of land is interested in its own use."
Anyway, it would seem that the options for next steps include, 1) identifying at least one owner that would suffer harm, then motion back up to the Supreme Court (given that merits had been argued at the Appeals level), or 2) decide that the anonymity of domain name ownership in this case is more important than the fight over this very weird seizure of domain names.
As a non-lawyer, I wonder if it's possible to represent an owner as a John Doe with an affidavit of ownership of an affected domain name submitted.
Here at Princeton's CITP, we have a healthy interest in issues of open government and government transparency. With the release last week of the Open Government Directive by the Obama Administration, our normally gloomy winter may prove to be considerably brighter.
In addition to creating crazy-cool tools like Recap and FedThread, we’ve also been thinking deeply about the nature of open and transparent government, how system designers and architects can better create transparent systems and how to achieve sustainability in open government. Related to these questions are those of the law.gov effort—providing open access to primary legal materials—and how to best facilitate the tinkerers who work on projects of open government.
These are deep issues, so we thought it best to organize a workshop and gather people from a variety of perspectives to dig in.
If you’re interested, come to our workshop next month! While we didn’t consciously plan it this way, the last day of this workshop corresponds to the first 45-day deadline under the OGD.
Open Government: Defining, Designing, and Sustaining Transparency
Despite increasing interest in issues of open government and governmental transparency, the values of “openness” and “transparency” have been undertheorized. This workshop will bring together academics, government, advocates and tinkerers to examine a few critical issues in open and transparent government. How can we better conceptualize openness and transparency for government? Are there specific design and architectural needs and requirements placed upon systems by openness and transparency? How can openness and transparency best be sustained? How should we change the provision and access of primary legal materials? Finally, how do we best coordinate the supply of open government projects with the demand from tinkerers?
Anil Dash, Director of the AAAS’ new Expert Labs, will deliver the keynote. The list of speakers is impressive and practically guaranteed to catalyze deep thinking.
The workshop is free and open to the public, although we ask that you RSVP to citp@princeton.edu so that we be sure to have a name tag and lunch for you.
Sequoia refers to this move in it's release as "the first public disclosure of source code from a voting systems manufacturer". Carefully parsed, that's probably correct: there have been unintentional disclosures of source code (e.g., Diebold in 2003) and I know of two other voting industry companies that have disclosed source code (VoteHere, now out of business, and Everyone Counts), but these were either not "voting systems manufacturers" or the disclosures were not available publicly. Of course, almost all of the research systems (like VoteBox and Helios) have been truly open source. Groups like OSDV and OVC have released or will soon release voting system source code under open source licenses.
I wrote a paper ages ago (2006) on the use of open and disclosed source code for voting systems and I'm surprised at how well that analysis and set of recommendations has held up (the original paper is here, an updated version is in pages 11–41 of my PhD thesis).
The purpose of my post here is to highlight one point of that paper in a bit of detail: disclosed source software licenses need to have a few specific features to be useful to potential voting system evaluators. I'll start by describing three examples of disclosed source software licenses and then talk about what I'd like to see, as a tinkerer, in these agreements.
Warning: This is a rap music blog post! It also contains frank discussion of sex, drugs and rap, hopefully from a somewhat academic perspective, so it's NSFW. If you come here for other stuff, usually, you might want to skip this post.
What is Jerkin'? I'm not exactly sure, and I hope by blogging a bit about it, I can get some input for the record from people involved in the scene. Here's what I know now, in abbreviated form. Probably the most mainstream Jerkin' song is the New Boyz' "You're a Jerk"; check their video out here. Clearly, Jerkin' is a style of music, a series of dance steps and some seriously flashy attire including bright colors, skinny jeans and skating and shit.
Anyway, on to the subject of this post: one thing that's fascinated me is the prevalence of female MCs in Jerkin'. There are a lot of them and these girls can spit furious. They easily hold their own, and then some, against the dudes. I react with enthusiasm to this just as I did with the Riot Grrrl genre (whether guys were invited to that party or not!); there's nothing like women blowing up a sausage fest scene, like hip-hop.
For the rest of this post, I'm going to throw up some samples of particularly good female Jerkin' tunes, verses and such. All of the full songs can be had over at Digital Dripped.
(Incidentally, I get the same visceral "Holy Shit!" reaction with Digital Dripped that many of us had with the original Napster. It seems just too good to be true. And it's encouraging to see tweets from Mikey where he says most of the contacts he gets from record labels are about putting tracks up and not taking them down. Anyway, on to the MCs...)
(I use a flash audio player below... so it might not show up on iPhone or Linux.)
Each of these MCs are smokin' hot. They spit over the fattest beats... definitely turn your speakers up! They do lyrical gymnastics of the highest quality. Be warned: Jerkin' lyrics talk quite frankly about sex... so, deal.
New Era -- Do It Now
This is a remarkable track by New Era. The beat is luscious; the hook is addictively clever and danceable and the verses are top-notch. The subject is pretty novel: she's talking about how much head she gets. She even goes as far as to shout out a list of guys that have done the deed for her. This is flipping the sexual energy around from typical hip-hop; Jerkin' itself can be highly sexual, but this is a woman boasting about her conquests. Superb.
"I get more mouth than a red letter"
New Era -- Dumb Bitch
It's hard for me to tell (living in Jersey and all, and being old and shit) but this appears to be a diss response track to a diss of New Era for boasting about liking to give head in the last track (or some other track). She makes the case that she's not ashamed of her oral sex skills and does so in a scathing manner.
"Cuz, um, if you ain't suckin' dick,
he got a side bitch
And, I can bet money on that one
me and my hubby get it poppin' like a cap gun"
Lala ft. Giddy -- Nymphomaniac
This track is almost too dirty to write about! It's a fast-paced romp using a lot of electric sounds and deep tonal bass. LaLa kills the first verse and Giddy ends it will an equally accomplished lyrical flourish. This is a simple but impressive and sonically large track.
"I'm a nymphomaniac, looking for a brainiac
to teach me a lesson, yup, simple as that.
I'm a nymphomaniac, looking for a brainiac
to show me how to work it, then run it back."
Yummy S Dot -- Get Buck (Remix)
Girls can be aggressive too, yo. This song is about not stepping down at the club when another girl is straight tripping out. Yummy S Dot is not adverse to throwing down... and her verses on this track emphasize her toughness over a heavy bass and electronic synth background.
"Bitch back that, before that ass gets slapped
'cause you hear 'pop! pop!' when the burner 'clap claps'!
Ho, I'm serious, you are delirious
If you think your man ain't know me, are you furious?"
Mz. E Baby -- So Fresh (ft. C-Coop)
This songs is purely copacetic... Mz. E Baby is a lyricist unparalleled in Jerkin', and Jay Star and New Era are about as close to her skills as it comes. This is a heavy hitting, musically minimal and lyrically insane track. E Baby shreds and shreds and just when you think she's killed it enough, the beat drops out and she's coming back 10 times harder.
"What I do, it gotta be right
When I do it, it gotta be tight
More icy than Gucci Mane
???
So Fresh, So Clean
From my head to my toes, I'm covered with bling
I'm hot, you not
now everybody run with me."
Fe Raw -- Fill It Up Snip
Then there's Fe Raw, another remarkable jerkin' female. Very laid-back flow that isn't the best in the verses but bad ass hooks. She has a bunch of other great tracks including "Boy, You Nasty" which is really a fun track.
"'Cuz I'm a bad bitch, badder than you'll ever fuck with
(juice?) in my cup, got me really fucked up
married to the mob, so I'm like, so what
(meet?) in the flow, fill it up"
Jayy Starr -- Raw Bitch
Jayy Star, like New Era and Mz. E Baby is one of my favorites. She is in the stratosphere in terms of lyrical quality. She claims she is a "raw bitch": She raps about how bad ass she is at rapping, how much money she makes and all the guys she can get. And she does this with one superb verse after another.
"Lil' daddy in my ear tryin' to holla
but I only speak money, an he ain't talkin' dollars"
"I swear I'm the realist
Starr spits sick more ill than the illest
dope like crack dealahs,
I'm not the best, what you talking 'bout, Wilis?"
"Stacks on deck, jewels on my neck
(bury?) incorrect, I get respect
cook them checks, goons on deck,
I'm so sex, jerkin', yes
I'm a raw bitch, raw bitch"
Asia Lynn -- Tip Toe
Finally, Asia Lynn throws down this track... and it sounds like the first verse is actually someone else rapping, but I can't figure out who. This is a minimal track and highlights Asia's lyrical style. She is obviously having a good time... in the club, smoking blunts, shaking her ass, making the other girls jealous.
"Tip Toe, when I step in the club
I'm a bad bitch, so these niggas show me love
These bitches steady hating, they some pigeons, I'm a dove
When they see Asia Lynn, it's alright, they know what's up"
We've made available a pre-print version of our forthcoming EVT/WOTE 2009 paper. We'd appreciate any feedback, especially before next week, if at all possible.
Joseph Lorenzo Hall, Luke W. Miratrix, Philip B. Stark, Melvin Briones, Elaine Ginnold, Freddie Oakley, Martin Peaden, Gail Pellerin, Tom Stanionis, Tricia Webber
Abstract: Risk-limiting post-election audits limit the chance of certifying an electoral outcome if the outcome is not what a full hand count would show. Building on previous work, we report on pilot risk-limiting audits in four elections during 2008 in three California counties: one during the February 2008 Primary Election in Marin County and three during the November 2008 General Elections in Marin, Santa Cruz and Yolo Counties. We explain what makes an audit risk-limiting and how existing and proposed laws fall short. We discuss the differences among our four pilot audits. We identify challenges to practical, efficient risk-limiting audits and conclude that current approaches are too complex to be used routinely on a large scale. One important logistical bottleneck is the difficulty of exporting data from commercial election management systems in a format amenable to audit calculations. Finally, we propose a bare-bones risk-limiting audit that is less efficient than these pilot audits, but avoids many practical problems.
I'm delighted to announce that the Program for the Electronic Voting
Technology Workshop/Workshop on Trustworthy Elections 2009 (EVT/WOTE
'09) is now available:
The workshop will be in Montreal, Canada from 10-11 August co-located
with USENIX Security. As one of three co-chairs---David Jefferson of
Lawrence Livermore National Laboratory and Tal Moran of Harvard being
the other two---I am very excited about this year's line-up.
Our keynote address will be delivered by the Brennan Center's Larry Norden. Papers include submissions on usability, forensics, security,
cryptography, end-to-end systems and auditing. We will also have a
"rump" session (more from Eric) for
informal presentations (works in progress, humor, etc.) and a demo
session where developers and vendors can bounce their systems off of a
technical crowd.
(Note for those unfamiliar: All major publishing in computer science
and related fields is done at conferences... that is, if you want to
get tenure or a promotion as an academic in these fields, you'd better
be publishing in these venues, journals be damned. :) USENIX Security
is one of three of the most prestigious venues for computer security.
We've "co-located" EVT with USENIX Security for the past four years...
which makes it a bit difficult to attract people from other
disciplines that don't value this particular venue. Anyway, we've
worked hard to make EVT and now EVT/WOTE (we combined with another
workshop) a multidisciplinary venue that is rigorously
peer-reviewed.)
Here are the paper titles, for your browsing:
Now Do Voters Notice Review Screen Anomalies? A Look at Voting
System Usability
Style guide for voting system documentation: Why user-centered
documentation matters to voting security
E-Voting and Forensics: Complement or Contradiction?
Detecting Voter Fraud in an Electronic Voting Context: An Analysis
of the Unlimited Reelection Vote in Venezuela
The New Jersey Voting-machine Lawsuit and the AVC Advantage DRE Voting
Can DREs Provide Everlasting Security? The Case of Return-Oriented
Programming and the AVC Advantage
Understanding the Security Properties of Ballot-Based Verification Techniques
VoteBox Nano: A Smaller, Stronger FPGA-based Voting Machine
Some Consequences of Paper Fingerprinting for Elections
Electing a University President using Open-Audit Voting: Analysis of
real-world use of Helios
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
On Subliminal Channels in Encrypt-on-Cast Voting Systems
Permutations in Pret a Voter with Paillier Encryption
Weight, Weight, Don't Tell Me: Using Scales to Select Ballots for Auditing
Automating Voting Terminal Event Log Analysis
On the Security of Election Audits with Low Entropy Randomness
Interstate Voter Registration Database Matching: The
Oregon-Washington 2008 Pilot Project
Software Support for Software-Independent Auditing
Long version: Before the Election Assistance Commission (EAC) took over the testing and certification of voting systems under the Help America Vote Act (HAVA), this critical function was performed by volunteers. The National Association of State Election Directors (NASED) recognized a need for voting system testing and partnered with the Federal Election Commission (FEC) to establish a qualification program that would test systems as having met or exceeded the requirements of the 1990 and 2002 Voting System Standards.*
However, as I've lamented many, many times over the years, the input, output and intermediate work product of the NASED testing regime were completely secret, due to proprietary concerns on behalf of the manufacturers. Once a system completed testing, members of the public could see that an entry was made in a publicly-available spreadsheet listing the tested components and a NASED qualification number for the system. But the public was permitted no other insight into the NASED qualification regime.
Researchers were convinced from what evidence was available that the quality of the testing was highly inadequate and that the expertise didn't exist within either the testing laboratories to perform adequate testing or the NASED technical committee to competently review the ultimate test reports submitted by the laboratories (called Independent Testing Authorities (ITA)). Naturally, when reports of problems started to crop-up, like the various Hursti vulnerabilities with Diebold memory cards, the NASED system scrambled to figure out what went wrong.
I know have more moderate views with respect to the NASED regime: sure, it was pretty bad and a lot of serious vulnerabilities slipped through the cracks, but I'm not yet convinced that just having the right people or a different process in place would have resulted in fewer problems in the field. To have fixed the NASED system would have required improvements on all fronts: the technology, the testing paradigms, the people involved and the testing and certification process.
The EAC has since taken over testing and certification. Their process is notable in its much higher level of openness and accountability; the test plans are published (previously claimed as proprietary by the testing labs), the test reports are published (previously claimed as proprietary by the vendors) and the process is specified in detail with a program manual, a laboratory manual, notices of clarification, etc.
This is all great and it helps to increase the transparency of the EAC certification program. But, what about the past? What about the testing that NASED did? Well, we don't know much about it for a number of reasons, chief among them that we never saw any of the materials mentioned above that are now available in the new EAC system.
Through a fortunate FOIA request made of the EAC on behalf of election sleuth Susan Greenhalgh, we now have available a slew of ITA reports from one of the ITAs, Ciber.
The reports are available at the following location (hosted by our NSF ACCURATE e-voting center):
These reports cover the Software ITA testing performed by the ITA Ciber for the following voting systems:
Automark AIMS 1.0.9
Diebold GEMS 1.18.19
Diebold GEMS 1.18.22
Diebold GEMS 1.18.24
Diebold AccuVote-TSx Model D
Diebold AccuVote-TSx Model D w/ AccuView Printer
Diebold Assure 1.0
Diebold Assure 1.1
Diebold Election Media Processor 4.6.2
Diebold Optical Scan Accumulator Adapter
Hart System 4.0
Hart System 4.1
Hart System 6.0
Hart System 6.2
Hart System 6.2.1
I'll be looking at these in my leisure over coming weeks and pointing out interesting features of these reports and the associated correspondence included in the FOIA production.
*The distinction between certification and qualification, although vague, appears to be that under the NASED system, states did the ultimate certification of a voting system for fitness in future elections.
Last Summer, I wanted to slap a Creative Commons license on my dissertation. A good friend, Ping, had used another license (GFDL) by simply changing the copyright page and including the legal terms of the license in an appendix. So, I slapped a note on my copyright page and then included the full terms of CC's Attribution-NonCommercial-NoDerivs License in Appendix F.
Then I forgot about it... as the last bits of my thesis fell into place and some other things fell out of place.
About a week before I wanted to file, I was contacted by staff at Berkeley and told that my copyright page wasn't up to snuff. I figured that they had me nailed as some sort of rabble-rouser and that this could quickly blow up into a legal licensing mess. I was concerned that I didn't want to delay filing my thesis, but I also knew that I was probably the best person to fight this particular fight. Sigh. However, when I talked to the Berkeley staffer, it was clear that they simply expected the copyright page to look a specific way. Mine didn't look right. The rub was this: I couldn't make my copyright page "conform" without using the phrase "All Rights Reserved". Sigh.
We settled, via a formal appeal to the Graduate Division Dean, on a simple solution that you can see in my thesis: the copyright page says "Some Rights Reserved" and there is a reference to the full legal license in Appendix F. Hurray!
However, it became clear that other students might want to do this too. When danah went to file her dissertation, even though she followed the same scheme as me, the staff hadn't heard of the above exception. With a few mad text messages back and forth, I was able to give danah the name of the staffer I had worked with. This blessed staffer cleared everything up for danah. After that, hers was (probably) the second Berkeley PhD dissertation filed under a CC license. (I'd love to know of others!)
I decided to write a letter to the Graduate Division Dean asking his help to ensure that in the future using CC licenses wasn't difficult.
Two recent Berkeley students to file their dissertations using a Creative Commons license are Joseph Lorenzo Hall and danah boyd. Hall navigated through much bureaucratic red tape, but found that most of his difficulty came from simple formatting issues, not any ideological disagreement by the univerisyt [sic]. Another School of Information graduate, danah boyd, also filed her dissertation under Creative Commons shortly thereafter.
On Jan. 28, the Dean of the Graduate Division committed to make Creative Commons licensing available to future students. All students interested in contributing to the effort to make education more affordable and accessible should consider using Creative Commons instead of traditional copyright.
A couple quibbles: Dean Szeri didn't "commit" to making CC licenses available. In essence the exception I sought to use a CC license was the key event that will allow others to do this in the future. In his response to my letter, Dean Szeri said that my letter was timely because his staff was reviewing this and other options. As I outlined in my letter, what I would like to see happen is that students know that CC licensing is an option and know how to apply this kind of license in an informed way that doesn't run afoul of any formatting rules, let alone legal restrictions.
Also, CC uses copyright to do what it does... so maybe that last sentence would have been better as "...should consider using Creative Commons licenses instead of blindly reserving all rights."
Via Mikey of 
Then there's 
XML Feeds
