" /> net.wars: January 2007 Archives

« December 2006 | Main | February 2007 »

January 26, 2007

Vote early, vote often...

It is a truth that ought to be universally acknowledged that the more you know about computer security the less you are in favor of electronic voting. We thought – optimists that we are – that the UK had abandoned the idea after all the reports of glitches from the US and the rather indeterminate results of a couple of small pilots a few years ago. But no: there are plans for further trials for the local elections in May.

It's good news, therefore, that London is to play host to two upcoming events to point out all the reasons why we should be cautious. The first, February 6, is a screening of the HBO movie Hacking Democracy, a sort of documentary thriller. The second, February 8, is a conference bringing together experts from several countries, most prominently Rebecca Mercuri, who was practically the first person to get seriously interested in the security problems surrounding electronic voting. Both events are being sponsored by the Open Rights Group and the Foundation for Information Policy Research, and will be held at University College London. Here is further information and links to reserve seats. Go, if you can. It's free.

Hacking Democracy (a popular download) tells the story of ,a href="http://www.blackboxvoting.org">Bev Harris and Andy Stephenson. Harris was minding her own business in Seattle in 2000 when the hanging chad hit the Supreme Court. She began to get interested in researching voting troubles, and then one day found online a copy of the software that runs the voting machines provided by Diebold, one of the two leading manufacturers of such things. (And, by the way, the company whose CEO vowed to deliver Ohio to Bush.) The movie follows this story and beyond, as Harris and Stephenson dumpster-dive, query election officials, and document a steady stream of glitches that all add up to the same point: electronic voting is not secure enough to protect democracy against fraud.

Harris and Stephenson are not, of course, the only people working in this area. Among computer experts such as Mercuri, David Chaum, David Dill, Deirdre Mulligan, Avi Rubin, and Peter Neumann, there's never been any question that there is a giant issue here. Much argument has been spilled over the question of how votes are recorded; less so around the technology used by the voter to choose preferences. One faction – primarily but not solely vendors of electronic voting equipment – sees nothing wrong with Direct Recording Electronic, machines that accept voter input all day and then just spit out tallies. The other group argues that you can't trust a computer to keep accurate counts, and that you have to have some way for voters to check that the vote they thought they cast is the vote that was actually recorded. A number of different schemes have been proposed for this, but the idea that's catching on across the US (and was originally promoted by Mercuri) is adding a printer that spits out a printed ballot the voter can see for verification. That way, if an audit is necessary there is a way to actually conduct one. Otherwise all you get is the machine telling you the same number over again, like a kid who has the correct answer to his math homework but mysteriously can't show you how he worked the problem.

This is where it's difficult to understand the appeal of such systems in the UK. Americans may be incredulous – I was – but a British voter goes to the polls and votes on a small square of paper with a stubby, little pencil. Everything is counted by hand. The UK can do this because all elections are very, very simple. There is only one election – local council, Parliament – at a time, and you vote for one of only a few candidates. In the US, where a lemon is the size of an orange, an orange is the size of a grapefruit, and a grapefruit is the size of a soccer ball, elections are complicated and on any given polling day there are a lot of them. The famous California governor's recall that elected Arnold Schwarzeneger, for example, had hundreds of candidates; even a more average election in a less referendum-happy state than California may have a dozen races, each with six to ten candidates. And you know Americans: they want results NOW. Like staying up for two or three days watching the election returns is a bad thing.

It is of course true that election fraud has existed in all eras; you can "lose" a box of marked paper ballots off the back of a truck, or redraw districts according to political allegiance, or "clean" people off the electoral rolls. But those types of fraud are harder to cover up entirely. A flawed count in an electronic machine run by software the vendor allows no one to inspect just vanishes down George Orwell's memory hole.

What I still can't figure out is why politicians are so enthusiastic about all this. Yes, secure machines with well-designer user interfaces might get rid of the problem of "spoiled" and therefore often uncounted ballots. But they can't really believe – can they? – that fancy voting technology will mean we're more likely to elect them? Can it?

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

January 19, 2007

Spineless

A friend went to India recently and got sick. Unsurprising, you might think, except that the reason she got sick was that her doctor in Pennsylvania didn't know that the anti-malaria medication he prescribed would interact badly with the anti-acid reflux drug he had also prescribed. The Indian doctor (who, ironically, had trained in Pennsylvania) knew all about it. Geography.

Preventing this kind of situation, at least on a national level, is part of the theory behind the NHS data spine; for Americans, it's a giant database onto which patient information from all parts of Britain's National Health Service is going to be put. It's also presumably part of the reason that pharmacists think they should be allowed to edit and add to patient records; American pharmacies have for years marketed the notion that if you fill all your prescriptions at the same place they'll be able to tell you if you're prescribed something stupid.

Personally, I can see a lot of merit in this idea. Also in the idea that medical personnel would have access to my records, that my allergies would be known to all and sundry (it would be a help, in a medical crisis, if someone didn't try to revive me by feeding me peanut butter).

The problem is that this is a fantasy. It seems appealing to me, I suppose, only because a) I have hardly any medical records – all my doctors either died, refused to give me my records, or destroyed them after they hadn't heard from me for too long – and b) I can't imagine anything bad happening to me if any of my medical history were disclosed. This is not true for most people, and it ignores the most important thing we know about all databases: they contain errors. This is how the campaign to opt out of the database was born: its organiser, Helen Wilkinson, discovered that her medical records had erroneously labeled her an alcoholic. (Not that there's anything wrong with that.) Getting that corrected took years and questions in Parliament.

The problem with all these systems is that they seek to replace knowledge with information. Your GP may know you; the database merely holds information about you and can make no intelligent judgments about what's relevant to a particular situation or distinguish true from false.

Last year, the World Privacy Forum released a report on medical identity theft. Identity fraud, they concluded, happens at all levels in the US medical system. Medical personnel or clinics seeking to pad their income may add treatments they have never delivered to patient records and present them to insurers for payment. Thieves may use doctors' information to forge prescriptions. Patients without insurance or who do not want particular types of treatment to appear on their own records may steal another's identity. In the US, where most treatment is funded by private medical insurance, the consequences can be far-reaching for the victims of such fraud: their credit ratings, employment prospects, and ability to get medical insurance can all be hit hard. A lot of the complaints, therefore, about the Health Insurance Portability and Accountability Act are that it opens medical records to far too many people and, like the NHS Data Spine, does not provide a way for individuals to correct their own records.

In the UK, things are a bit different. Here, GPs are gatekeepers to all care. According to Fleur Fisher, a consultant on ethics and health care practice, and probably the leading expert on medical privacy in the UK, there have, however, been serious frauds in dentistry in the UK, where dentists may claim for big treatments they haven't actually performed.

The problem in the UK, she says, "is not that people will assume your medical identity so they can get treatment. It's much more that it will open people's health records."

A key part of the NHS plan seems to be to provide data to researchers to help determine public policy. Again, in a lot of ways this makes sense; but there is an old and recurring conflict between the desire for privacy of patients with, say, AIDS, and the legitimate interest of society at large to halt the disease's spread. One thing you should not rely on is that the data will be unidentifiable, even if the NHS confirms that it will be "anonymized". Years ago, Latanya Sweeney showed just how unreliable this is by analyzing supposedly anonymized data from the health system in the state of Massachusetts by matching it against publicly available motor vehicle rolls. With only a few database fields she was able to identify almost all of the individuals in the medical data.

Opting out has turned out not to be so simple, despite the fact that according to Ross Anderson, who has been working on medical privacy for well over a decade, most GPs are unhappy about the forced uploading of patient data to a centralised database. That being the case, as Phil Booth notes in the No2ID forum on the topic, if you want to opt out treat your GP as your ally unless he proves otherwise.

Meantime, if you really want emergency personnel to know the important stuff about you, wear an alert bracelet or some other identifier.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

January 12, 2007

iPhone, schmiPhone

It's pretty. It's very pretty. But it isn't going to change the world, and worse, it has an ugly parent. Not Apple, *Cingular*.

Long-time readers of this column may remember the worst customer experience of my life as a prepaid customer of AT&T Wireless. That company was, sometime last year, subsumed into Cingular, which a few weeks ago announced we had to move to new Cingular accounts. And get new phones.

You could ask why: the old phones worked on GSM. Anyway, the good news was that the company was willing to transfer any outstanding account balance, which in my case was two refill cards I'd bought ("They'll always be good") on the advice of AT&T Wireless itself as a backup in case of refill troubles. I called them in. Balance never showed up. Phoned Cingular: "Those expired." She seemed surprised it didn't occur to me they would. The "special deal": $40 for the new phone and get some of it back as a rebate. If you want any other phone, you can pay "full retail".

"Can you see any reason why I shouldn't change supplier?" I asked the customer-we-don't-give-a-fuck representative. She told me to visit a corporate store and "maybe they can do something for you."
Cingular's parents, Bellsouth and AT&T, are getting married now – pieces of the pre-1984 AT&T are melting and running together like the frozen, shattered shards of the liquid metal man in Terminator 2. This time next year, Cingular will have been renamed…AT&T Wireless.

This is the company that Americans desiring to own an Apple iPhone (if it's called that, by then, given that within 24 hours Cisco had sued over the trademark) will have to sign up with for two years at a probable minimum of $80 a month. Ick. The US has gotten the consumer protection angle of the cell phone business half right by making phone numbers portable. It needs to do the other half to really open up the market: stop this silly business of locking customers and their phones to one service provider. (It's unknown how the iPhone will be marketed in Europe, where customers have more choice about which phone they want to use with which operator.)

So many mobile phones are sold every week that you don't need much of a percentage to sell a lot of units. But watching Jobs and the other demonstrators show off the new device makes you wonder about what demographic the idesigners were aiming at. At $599 for 8Gb with that two-year contract (more expensive than some widescreen laptops), it's expensive for anybody. Scrolling through contacts is likely to be too unwieldy for power users – it's quicker to type in a couple of letters once you get above a few hundred contacts. As Jack Schofield points out, many people prefer to operate their phones one-handed, which the iPhone doesn't seem designed for.

And what about text messaging? As bad as it is typing on a number pad, doing it on a soft keyboard on a touch screen with no tactile feedback has to be worse. The phone also looks useless without a headset and insufficiently protected against the abuse most phones go through. I also really wonder how the iPhone will hold up to the stickiness and mess that gets on people's fingers – it's one thing not to have to use a stylus, another not to have the option. CNet's Declan McCullough asked this same question and was told the screen is designed to be easy to clean and relatively resistant to smudges.

But these usability questions are essentially personal quibbles. People talk about the fashion consciousness that has Europeans changing phones every 18 months to get the latest, whizziest models (a market created, incidentally, by the fact that you can move your SIM to any unlocked phone at will). But they forget: underpinning that is the fact that the underlying technology has been changing so fast, in the last ten years going from analog to digital, adding GPRS, 3G, Bluetooth, audio, colour screens, memory, storage, cameras of increasing resolution, and wi-fi. People haven't been buying new phones just because this year's color is chartreuse. If there's a part of the market that's underserved, it's the people who want their phones to be just phones with buttons big enough for their fingers to push. The iPhone is too expensive to use for only 18 months; and yet it reportedly won't allow expansion to respond to new trends such as VoIP (perhaps a consequence of partnering with Cingular).

The bigger issue is the behind-the-scenes stuff that's much harder to demonstrate dramatically. Smartphones live and die by their ability to synchronize data; one of the most appealing factors about the Palm, even now, is that you can hook a blank device to your computer and five minutes later have all the data you had on your previous device. Similarly, the real innovation in the iPod was iTunes, the biggest differentiator between the iPod and the many perfectly adequate MP3 players that preceded it. From the sounds of it, the iPhone only rethinks the gadget, not the infrastructure. It isn't going to change the world. It isn't even, sadly, going to change AT&T-Cingular-AT&T.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

January 5, 2007

Stonewalling

"We made you," one or more fans once reputedly told Katharine Hepburn, chastising her for refusing to give them an autograph.

"Like hell you did," she is supposed to have replied.

On Tuesday, LA Times columnist Joel Stein wrote a column entitled, Have something to say? I don't care. From the number of people saying heatedly on blogs that in the face of such monumental arrogance they don't care, either, you have to figure Stein is totally doing the job the newspaper is paying him for: getting read and talked about. Which is why, folks, his column doesn't mean all of print media is doomed. If you really think he's an asshole, your best response is to stop writing about him.

Of course, we should also remember that this is the same newspaper that panicked and took down its (badly conceived) wikitorial as soon as people predictably started posting obscene photographs to it. But given that Stein says in the actual column that he personally spends four or five hours a week answering reader email, it might be logical to think that maybe he's just kidding.

That said, if you don't want to be accused of arrogance as a columnist you probably shouldn't compare yourself to Martin Luther. Especially if, as Brad de Long points out, that comparison is inaccurate. Luther probably didn't, as popular mythology has it, publish his 95 Theses by nailing them to the church wall. But he did send them out to scholars, friends, and even the Pope for comment, and encouraged general debate and asked people to send him their comments. The same Internet that is enabling Stein to "don't care" about his readers followed exactly the same process. Internet pioneers published Requests for Comments and incorporated the best suggestions into their work, which itself was adopted on merit, not because someone talked "at" everyone else to insist it was a good idea. Collaboration is as old as human culture.

But that's the significant difference between what Luther and the Internet pioneers were doing and what Joel Stein is doing: they were trying to build something. Not at all the same thing.

I don't know Stein, but if he's anything like me he's just showing off in public. There is some evidence to suggest that this is true: "Joel Stein is desperate for attention". Adding a comments page to the LA Times site kind of supports this thesis. The big frustration about emailed comments isn't that they're there demanding to be answered, but that they're private. A comments page, even one that is filled with entries calling you an asshole, is a public display of how important and interesting you are: look how many people had something to say about it! Much more satisfying if you're a publicity hound.

Any reader determined enough to send a letter or, more recently, make a phone call has always been able to send a journalist feedback on stories. Often this is welcomed because the feedback includes leads for new stories. Duh. Even so, it isn't always easy to face that feedback. Few journalists have hides thick enough not to panic slightly every time a reader communication arrives: this could be the one that shows us definitively that we are idiots who should not be allowed to think in public.

Aside from the silliness, there is a real point here: how much interactivity do we want, and what form should it take? When we talk about citizen journalism, is this what we mean? Chicago Tribune columnist Eric Zorn seized the opportunity to ask his readers exactly that.

One problem for anyone working these days is that adding reader interactivity in which you are expected to participate may add to your workload without adding to your overall pay. That doesn't always matter; if you're a staff writer and have a load of interesting research material that won't fit in the limited print space being able to publish the rest of it on the Web may be satisfying.

If you're freelance, not participating in the new world makes you more marginal; but the realities of making a living can make the time drain prohibitive. George Bernard Shaw estimated that he could have written another play if he had gotten less mail; he actually had a system of printed, coloured postcards he could sent as standard replies to frequently asked questions to save himself time. (The volumes of Shaw's collected letters attest to the fact that he wasn't rigorous about using them without additional comment.)

Most writers, not being Shaw, have to find the time. Because what makes it possible to earn a living as a creative person over a long period of time is the community of readers and fans you build around your work. The sign that you are really successful is that your particular fan community thinks it owns part of your success and has an emotional investment in your work. If they didn't, they wouldn't be fans. Hepburn was right, but she was also wrong.

She still didn't have to give the autographs, though – and she didn't. She told those fans to "Go sit on a tack."

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).