" /> net.wars: June 2020 Archives

« May 2020 | Main | July 2020 »

June 26, 2020

Mysticism: curmudgeon

Carole_Cadwalladr_2019.jpg"Not voting, or not for us?" the energetic doorstep canvasser asked when I started closing the door as soon as I saw her last November. "Neither," I said. "I just don't want to have the conversation." She nodded and moved on. That's the only canvasser I've seen in years. Either they have me written down as a pointless curmudgeon or they (like so many others) don't notice my very small street.

One of the open questions of the three years since Carole Cadwalladr broke the Cambridge Analytica story is how much impact data profiling had on the 2016 EU referendum vote and US presidential election. We know that thousands of ads were viewed millions of times and aimed at promoting division and that they were precisely targeted. But did they make the crucial difference?

We'll never really know. For its new report, Who Do They Think We Are?, the Open Rights Group set out to explore a piece of this question by establishing what data the British political parties hold on UK voters and where they get it. This week, Pascal Crowe, who leads the data and democracy project, presented the results to date.

You can still participate via tools to facilitate subject access requests and analyze the results. The report is based on the results of SARs submitted by 496 self-selected people, 344 of whom opted into sharing their results with ORG. The ability to do this derives from changes brought in by the General Data Protection Regulation, which eliminated the fees, shrank the response time to 30 days, removed the "in writing" requirement, and widened the range of information organizations were required to supply.

ORG's main findings from the three parties from which it received significant results:

- Labour has compiled up to 100 pages of data per individual, broken down into over 80 categories from sources including commercial suppliers, the electoral register, data calculated in-house, and the subjects themselves. The data included estimates of how long someone had lived at their address, their income, number of children, and scores on issues such as staying in the EU, supporting the Scottish National Party, and switching to vote for another party. Even though participants submitted identification along with their request, they all were asked again for further documentation. None received a response within the statutory time limit.

- The Lib Dems referred ORG to their privacy policy for details of their sources; the data was predominantly from the electoral rolls and includes fields indicating the estimated number of different families in a home, the likelihood that they favored remaining I the EU, or were a "soft Tory". The LibDems outsource some of their processing to CACI.

- The Conservatives also use the electoral rolls and buy data from Experian, but outsource a lot of profiling to the political consultancy Hanbury Strategy. Their profiles include estimates of how long someone has lived at their current address, number of children, age, employment status, income, educational level, preferred newspaper, and first language. Plus "mysticism", an attempt to guess the individual's religion.

There are three separate issues here. The first is whether the political parties have the legal right to engage in this extensive political profiling. The second is whether voters find the practice acceptable or disquieting. The third is the one we began with: does it work to deliver election results?

Regarding the first, there's no question that these profiles contain personal and sensitive data. ORG is doubtful about the parties' claim that "democratic engagement" provides a legal basis, and recommends three remedies: the Information Commissioner's Office should provide guidance and enforcement; the UK should implement the collective redress provision in GDPR that would allow groups like ORG to represent the interests of an ill-informed public; and the political parties should move to a consent-based opt-in model.

More interesting, ORG found that people simply did not recognize themselves in the profiles the parties collected, which were full of errors - even information as basic as gender and age. Under data protection law, correcting such errors is a fundamental right, but the bigger question is how all this data is helping the parties if it's so badly wrong (and whether we should be more scared if it were accurate). For this reason, Crowe suggested the parties would be better served by returning to the traditional method of knocking on every door, not just the doors of those the parties think already agree with them. The data they collected in such an exercise would be right - and consent would be unambiguous. My canvasser, even after five seconds, knows more about me than a pile of data does.

For the third question, this future was predicted: in 2011, Jeff Chester worried greatly about the potential of profiling to enable political manipulation. Even before that, it was the long-running theme inside the TV series Mad Men that pits advertising as persuasion and emotional engagement (the Don Draper or knocking-on-doors approach) or as a numbers game in you just need media space targeted at exactly the right selection of buyers (the Harry Crane and Facebook/Google approach). Draper, who ruled the TV show's 1960s, has lost ground to the numbers guys ever since, culminating in Facebook, which allows the most precise audience targeting we've ever known. Today, he'd be 94 and struggling to convince 20-somethings addicted to data-wrangling that he still knows how to sell things.

Illustrations: Carole Cadwalladr (via MollyMEP at Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

June 19, 2020

The science

paddington-2020-06-13.jpgWhat I - and I suspect a lot of other people - would love to have right now is an online calculator into which you could put where you were going, the time of day, the length of time you expect to spend there, and the type of activity and get back out a risk estimate of acquiring coronavirus infection given various mitigations. I write this as the UK government announces that the "threat level" is dropping from "4" to "3", which tells me more or less precisely nothing useful.

Throughout the pandemic, the British government has explained every decision by saying it's led by the science. I'm all for following the advice of scientists - particularly, in our present situation, public health experts, virologists, and epidemiologists - but "the science" implies there's a single received monolithic truth even while failing to identify any particular source for it. Which science? Whose research? Based on what evidence? Funded by whom? How does it fit in with what we were told before?

Boris Johnson's government spent much of the early months avoiding answering those questions, which has led, as the biologist Ian Boyd complains to the characterization of the Scientific Advisory Group for Emergencies (SAGE) as "secretive". As the public trusts this government less and less, showing their work has become increasingly important, especially when those results represent a change of plan.

The last four months have seen two major U-turns in "the science" that's governing our current lives, and a third may be in progress: masks, contact tracing apps, and the two-meter rule. Meanwhile, the pieces that are supposed to be in place for reopening - a robust contact tracing system, for example - aren't.

We'll start with masks. Before this thing started, the received wisdom was that masks protected other people from you, but not you from them. This appears to still be the generally accepted case. But tied in with that was the attitude that wearing masks while ill was something only Asians did; Westerners...well, what? Knew better? Were less considerate? Were made of tougher stuff and didn't care if they got sick? In mid-March, Zeynep Tufecki got a certain amount of stick on Twitter for impassioned plea in the New York Times that public health authorities should promote wearing masks and teach people how to do it properly. "Of course masks work," she wrote, "maybe not perfectly, and not all to the same degree, but they provide some protection."

But we had to go on arguing about it back and forth. There is says Snopes, no real consensus on how effective they are. Nonetheless, it seems logical they ought to help, and both WHO and CDC now recommend them while mayors of crowded cities are increasingly requiring them. In this case, there's no obvious opportunity for profiteering and for most people the inconvenience is modest. The worst you can suspect is that the government is recommending them so we'll feel more confident about resuming normal activity.

Then, for the last four months we've been told to stay two meters from everyone else except fellow household members. During the closures, elves - that is, people who took on the risks of going to work - have been busy painting distancing indicators on underground platforms, sidewalks, and park benches and sticking decals to train windows. They've set up hand sanitizer stations in London's stations, and created new bike lanes and pedestrian areas. Now, the daily news includes a drumbeat of pressure on government to reduce that recommended distance to one meter. Is this science or economics? The BBC has found a study that says that standing one meter apart carries ten times the risk of two meters. But how significant is that?

I'm all for "the science", but there's so much visible vested interest that I want details. What are the tradeoffs? How does the drop in distance change R0, the reproduction number? The WHO recommends one meter - but it assumes that people are wearing masks - which, in London, on public transport they will be but in restaurants they can't be.

Finally, when last seen, the UK's contact tracing app was being trialed on the Isle of Wight and was built in-house using a centralized design despite the best efforts of privacy advocates and digital rights activists to convince NHSx it was a bad idea. Yesterday, this app was officially discarded.

The relevant scientific aspect, however, is how much apps matter. In April, an an Oxford study suggested that 60% of the population would have use the app for it to be effective.

We should have read the study, as MIT Technology Review did this week to find that it actually says contact tracing apps can be helpful at much lower levels of takeup. It is still clear that human tracers with local knowledge are more effective and there are many failings in the tracing system, as the kibitzing scientific group Independent SAGE says, but *some* help is better than no help.

"The science" unfortunately can't offer us what we really want: certainty. Instead, we have many imperfect but complementary tools and must hope they add up to something like enough. The science will only become fully clear much later.

Illustrations: London's Paddington station on June 13.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

June 12, 2020

Getting out the vote

Thumbnail image for bush-gore-hanging-chad-florida.jpg"If voting changed anything, they'd abolish it, the maverick British left-wing politician Ken Livingstone wrote in 1987.

In 2020, the strategy appears to be to lecture people about how they should vote if they want to change things, and then make sure they can't. After this week's denial-of-service attack on Georgia voters and widespread documentation of voter suppression tactics, there should be no more arguments about whether voter suppression is a problem.

Until a 2008 Computers, Freedom, and Privacy tutorial on "e-deceptive campaign practices", organized by Lillie Coney, I had no idea how much effort was put into disenfranchising eligible voters. The tutorial focused on the many ways new technology - the pre-social media Internet - was being adapted to do very old work to suppress the votes of those who might have undesired opinions. The images from the 2018 mid-term elections and from this week in Georgia tell their own story.

In a presentation last week, Rebecca Mercuri noted that there are two types of fraud surrounding elections. Voter fraud, which is efforts by individuals to vote when they are not entitled to do so and is the stuff proponents of voter ID requirements get upset about, is vanishingly rare. Election fraud, where one group or another try to game the election in their favor, is and has been common throughout history, and there are many techniques. Election fraud is the big thing to keep your eye on - and electronic voting is a perfect vector for it. Paper ballots can be reexamined, recounted, and can't easily be altered without trace. Yes, they can be stolen or spoiled, but it's hard to do at scale because the boxes of ballots are big, heavy, and not easily vanished. Scale is, however, what computers were designed for, and just about every computer security expert agrees that computers and general elections do not mix. Even in a small, digitally literate country like Estonia a study found enormous vulnerabilities.

Mercuri, along with longtime security expert Peter Neumann, was offering an update on the technical side of voting. Mercuri is a longstanding expert in this area; in 2000, she defended her PhD thesis, the first serious study of the security problems for online voting, 11 days before Bush v. Gore burst into the headlines. TL;DR: electronic voting can't be secured.

In the 20 years since, the vast preponderance of computer security experts have continued to agree with her. Naturally, people keep trying to find wiggle room, as if some new technology will change the math; besides election systems vendors there are well-meaning folks with worthwhile goals, such as improving access for visually impaired people, ensuring access for a widely scattered membership, such as unions, or motivating younger people.

Even apart from voter suppression tactics, US election systems continue to be a fragmented mess. People keep finding new ways to hack into them; in 2017, Bloomberg reported that Russia hacked into voting systems in 39 US states before the US presidential election and targeted election systems in all 50. Defcon has added a voting machine hacking village, where, in 2018, an 11-year-old hacked into a replica of the Florida state voting website in under ten minutes. In 2019, Defcon hackers were able to buy a bunch of voting machines and election systems on eBay - and cracked every single one for the Washington Post. The only sensible response: use paper.

Mercuri has long advocated for voter-verified paper ballots (including absentee and mail-in ballots) as the official votes that can be recounted or audited as needed. The complexity and size of US elections, however, means electronic counting.

In Congressional testimony, Matt Blaze, a professor at Georgetown University, has made three recommendations (PDF): immediately dump all remaining paperless direct recording electronic voting machines; provide resources, infrastructure, and training to local and state election officials to help them defend their systems against attacks; and conduct risk-limiting audits after every election to detect software failures and attacks. RLAs, which were proposed in a 2012 paper by Mark Lindeman and Philip B. Stark (PDF), involves counting a statistically significant random sampling of ballots and checking the results against the machine. The proposal has a fair amount of support, including from the Electronic Frontier Foundation.

Mercuri has doubts; she argues that election administrators don't understand the math that determines how many ballots to count in these audits, and thinks the method will fail to catch "dispersed fraud" - that is, a few votes changed across many precincts rather than large clumps of votes changed in a few places. She is undeniably right when she says that RLAs are intended to avoid counting the full set of ballots; proponents see that as a *good* thing - faster, cheaper, and just as good. As a result, some states - Michigan, Colorado (PDF) - are beginning to embrace it. My guess is there will be many mistakes in implementation and resulting legal contests until everyone either finds a standard for best practice or decides they're too complicated to make work.

Even more important, however, is whether RLAs can successfully underpin public confidence in election integrity. Without that, we've got nothing.

Illustrations: Hanging chad, during the 2000 Bush versus Gore vote.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

June 5, 2020

Centralized stupidity

private-eye-contact-tracing.jpegAs a friend with greater experience with lockdowns might have said, when you see one coming be careful not only who you get locked down with, but where. People with strong local neighborhoods and personal relationships with independent local shops have had a vastly easier time through the last couple of months than most others.

My lifetime has seen everything progressively centralize. In the 1970s, someone living in Ithaca, New York, population about 30,000, could visit the phone company and negotiate billing with the same woman they dealt with several months previously. The guy who came to read the electric meter this month was the same guy you saw every month. And when you called the telephone operator to check on a phone number, they would confirm the address and speculate with you how to get there because they knew your town. Forty years later, if you *can* make a call to a utility company you're probably dealing with someone to whom your town is a dot they can't find on a map...

...which all brings me to this week, when a Twitter account that seemed to be from the National Health Service posted a note to the effect that we might get a message or call from "NHS" and if we did we should follow the instructions. The tweet also published the number we could expect to hear from. Because the immediate follow-up was a few people saying they would immediately block the number, I commented that the smart thing to do seemed to me to be to put the number in a phone's contacts so the call would be recognized.

But, the security folks reminded: SIM spoofing. True. Hello, phishing attacks.

Does the NHS employ no security experts?

Here are the NHS's published instructions for what to do if you're contacted. Note what's missing: a way to verify the call is genuine. Sure, they tell you they won't ask for bank details or other accounts, payment, or ask you to call premium rate numbers or set up a password or PIN over the phone. But they still miss the main point; that is, like a celebrity they still assume that because any call they make will be genuine, any call you get will be genuine. This is Ravenous Bugblagger Beast of Traal reasoning. I recommend wrapping a towel around your head.

As others have pointed out, you could quite effectively mount a denial-of-livelihood attack on someone by reporting them as an exposed contact so they are required to self-isolate for 14 days. Even 30 years ago the world contained people highly skilled at the kind of social engineering that would enable someone to pose effectively as a contact tracer. The NHS needs to do the obvious: publish a number people can call back to verify.

The press appeared to understand the possibilities, and had this exchange with the deputy chief medical officer for England, Jenny Harris:

A question about how to know if a track and trace call is genuine, one person asks. Harries says there is a lot of confidentiality and it will be unlikely you will be contacted by someone with other motives. She says it will be clear that they are genuine - they are professionally trained individuals.

I don't know how to rate the ignorant stupidity of this comment. The satirical magazine Private Eye, however, managed (see above).

This gathering of power to the center was on display elsewhere this week, as Jacob Rees-Mogg, the leader of the House of Commons, pushed to end remote participation and voting in Parliamentary debates. No one is saying that remote participation is ideal, but it *does* permit MPs to represent their constituents who shouldn't be traveling and taking health risks. Even more ridiculous is Rees-Mogg's refusal to countenance electronic voting, with replacement arrangements so absurd and time-wasting that one can only assume he fears losing control otherwise.

Contact tracing is one area where staying local makes all the difference. Anyone who lives in my little area, for example, would know to ask a senior testing positive whether they've been to the local club that (normally) provides classes (dancing, Pilates, photography), social lunches, and entertainment to hundreds of people, chiefly seniors. They know the local independent shops are community hubs as well as sources of essential items and would ask which ones the infected person uses. And they know the spot where homeless people who might struggle to find testing are often to be found selling The Big Issue. The local council, which UK epidemiologists have repeatedly said has the necessary contact tracing expertise, knows all this. Serco certainly doesn't.

We've written before about the dangers of centralizing the Net. What we've previously failed to recognize is how dangerous it can be when combined with politically convenient stupidity.

The UK government, which has been gathering power to the center ever since Margaret Thatcher disbanded the Greater London Council, is outsourcing contact tracing to Serco, which has proved so inept as to be genuinely dangerous. The result is to treat contact tracin contact tracing as if it were calls to customer service at a phone company an to mistake efficiency for effectiveness. Centralization was bad for the Internet. It's even worse for real life.

Illustrations: Private Eye explains contact tracing.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.