A Preview of New Congress's Tech Policy Agenda

Here is what Cameron Wilson, the USACM Public Policy Director says about what the new Democratic-led Congress will be doing with respect to technology policy. He focuses on six big areas that have been in focus by recent administrations: innovation, offshoring, privacy, copyright, e-voting, and Internet regulation.

Here's what's not on that list. First, biometrics and national IDs. Even with conservatives in the minority, this probably won't go away. It's scary because those things don't actually give us greater security although we might think they will. But my guess is this will continue to be something that's discussed in the name of security. As to Homeland security, I think Democrats will step it up a notch as they're able. (I think a Democratic president or Guiliani or McCain would also do this after '08 though.) I also think that the Dems will put a stop to all of this wiretapping and over-the-top surveillance that's borderline unconstitutional.

As to the six main categories, I can only hope the VVPAT bill goes national so we can make sure that when (not if) e-voting machines fail we have some way of verifying the votes cast. In the globalization arena, yes - we must deal with these visa issues. All of the talk about immigration problems is always about illegals but what about the workers who are skilled who come to this country to take jobs and then can't get them because of visa problems on our end? That's just silly. And yes, education's a factor here - we need to be training more skilled tech workers here, but that's another issue. As to IP, I can only hope the DMCA is reduced to rubble but that may be a pipe dream since so many Hollywood are tied to the Democratic party.

...
Originally posted at sairy.com, the personal blog of FutureCampaigns founder, Sarah Granger.

Fixing E-Voting

Thursday, two esteemed colleagues from the USACM Public Policy Committee, Barbara Simons and Ed Felten, two experts on computers and voting machines, testified in a Congressional hearing on electronic voting. More specifically, they stressed that we need a voter verifiable paper audit trail (VVPAT) or a or voter verified paper ballot (VVPB) for these machines. This isn't anything new; unfortunately, it just takes this long for Congress to start listening to this type of concern when it's already been a serious problem for a few years.

Two weeks ago, Dr. Felten and his staff at Princeton, released a report based on a study they conducted on the Diebold AccuVote-TS, a Direct Recording Electronic (DRE) device, that proved that this particular machine could be hacked in under a minute with "little if any risk of detection."

So yes, when the Diebold people (a company run by active, known Republicans) told Bush they would "deliver Ohio", they could have meant they would make sure he won there. Felten noted that "injecting a virus into a single computerized voting machine can affect an entire election." In other words, the people who were out there on the fringe saying Bush stole two elections could be right. (I'm not saying they are; I'm only saying it's now been scientifically and technically proven that it was a possibility.)

Here's a simple scenario on how it would work (so easy a dog could be trained to do it):

1) E-Voting machine is delivered to polling place and/or poll worker the week of the election.
2) Machines are initially tested to make sure they work. Someone is given one physical key. Then they leave.
3) Any time over the next few days, that person or another person (most likely a poll worker - they are unsupervised but would have easiest access) with the same key (there are only a few versions for over ten thousand machines, like hotel minibars) comes in, unlocks the back of one machine.
4) That person inserts a memory card and the card automatically uploads a virus. The person (or dog) then removes the card, locks the machine and leaves. Boom - done. Election won. The whole process takes under one minute.
5) The machine is given its pre-election test the day before or day of the election with no detection of the virus.
6) As the votes are processed, the virus changes them.
7) The virus then deletes itself in order to remove the evidence that it was there. The program is simple enough to write that even I could do it (and that's saying something).

So in order to prevent this sort of thing from happening (again?), here is what needs to be done in order to create machines and process that are truly secure and can provide a system that we can be reasonably sure produces accurate results:

- Collaboration of technical and election communities
- Increased use of independent technical security experts
- Further research to improve the voting systems
- More accessibility to companies designing these products
- More secure physical and crypto keys
- More robust hardware and software design
- Rigorous testing by third party experts
- Removed/reduced and/or encrypted access for random memory cards
- Stricter certification process
- Deployed with safeguards against failure
- Heightened security training and processes for poll workers
- Routine random manual audits
- Policies and procedures that guarantee the integrity of the paper and the quality of the printers used for printed paper trails
- Mandatory manual recounts
- Increased accountability

This may still seem like a complex problem and it is, but the best way to circumvent continued issues is with a verifiable paper trail, regardless of the system used. That's all we can hope for with one month until election day.

See also: RFK Jr's article in Rolling Stone.

...
Originally posted at sairy.com, the personal blog of FutureCampaigns founder, Sarah Granger.

Listen to Ed Felten Re: Voting Technology

Ed Felten, Princeton Professor of Computer Science and Public Affairs, also known for Felton v. RIAA and Freedom-To-Tinker, spoke with Scott Simon on NPR about an voter verifiable paper trail for electronic voting systems today.

A lot is happening right now with respect to e-voting with recent and upcoming elections, particularly with recent problems in Maryland. Check out the recording. He also spoke on "Science Friday" on voting technology yesterday.

Aside: I just found out that Ed Felten and Barbara Simons both been invited to testify at a Congressional hearing on voting technology Thursday at 10am (in room 1310 LHOB if you are in DC) and will be webcast. See also: USACM weblog.

...
Originally posted at sairy.com, the personal blog of FutureCampaigns founder, Sarah Granger.