Proprietary Software And Our Hackable Elections

Bloomberg reports that:

Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database….the Russian hackers hit systems in a total of 39 states

In Decoding Liberation: The Promise of Free and Open Source Software, Scott Dexter and I wrote:

Oversight of elections, considered by many to be the cornerstone of modern representational democracies, is a governmental function; election commissions are responsible for generating ballots; designing, implementing, and maintaining the voting infrastructure; coordinating the voting process; and generally insuring the integrity and transparency of the election. But modern voting technology, specifically that of the computerized electronic voting machine that utilizes closed software, is not inherently in accord with these norms. In elections supported by these machines, a great mystery takes place. A citizen walks into the booth and “casts a vote.” Later, the machine announces the results. The magical transformation from a sequence of votes to an electoral decision is a process obscure to all but the manufacturers of the software. The technical efficiency of the electronic voting process becomes part of a package that includes opacity and the partial relinquishing of citizens’ autonomy.

This “opacity” has always meant that the software used to, quite literally, keep our democracy running has its quality and operational reliability vetted, not by the people, or their chosen representatives, but only by the vendor selling the code to the government. There is no possibility of say, a fleet of ‘white-hat’ hackers–concerned citizens–putting the voting software through its paces, checking for security vulnerabilities and points of failure. The kinds that hostile ‘black-hat’ hackers, working for a foreign entity like, say, Russia, could exploit. These concerns are not new.

Dexter and I continue:

The plethora of problems attributed to the closed nature of electronic voting machines in the 2004 U.S. presidential election illustrates the ramifications of tolerating such an opaque process. For example, 30 percent of the total votes were cast on machines that lacked ballot-based audit trails, making accurate recounts impossible….these machines are vulnerable to security hacks, as they rely in part on obscurity….Analyses of code very similar to that found in these machines reported that the voting system should not be used in elections as it failed to meet even the most minimal of security standards.

There is a fundamental political problem here:

The opaqueness of these machines’ design is a secret compact between governments and manufacturers of electronic voting machines, who alone are privy to the details of the voting process.

The solution, unsurprisingly, is one that calls for greater transparency; the use of free and open source software–which can be copied, modified, shared, distributed by anyone–emerges as an essential requirement for electronic voting machines.

The voting process and its infrastructure should be a public enterprise, run by a non-partisan Electoral Commission with its operational procedures and functioning transparent to the citizenry. Citizens’ forums demand open code in electoral technology…that vendors “provide election officials with access to their source code.” Access to this source code provides the polity an explanation of how voting results are reached, just as publicly available transcripts of congressional sessions illustrate governmental decision-making. The use of FOSS would ensure that, at minimum, technology is held to the same standards of openness.

So long as our voting machines run secret, proprietary software, our electoral process remains hackable–not just by Russian hackers but also by anyone that wishes to subvert the process to help realize their own political ends.

The Fragility Of The Digital

A week or so ago, during my in-laws’ visit to New York City for the July 4th weekend, we all made a trip to the Metropolitan Museum. Wall to wall art all day; as much as you could handle. Several hours later, tired and spent, still thanking our lucky stars that our lovely toddler daughter had blessed us with a lengthy nap in her stroller in the middle of the afternoon, we headed home. As we did so, I cast my mind back to some of the wonderful pieces of art I had seen in the section devoted to Greek art from the fifth and sixth centuries BC. It seemed miraculous that over two thousand years later, those artifacts were still around, still being admired by the residents of one of the world’s greatest cities.  A wondrous confluence of actors had come together to make that possible. Included in them would have to be the materials of which the artworks were made: clay, stone, metal; the methods for storing them, and their interactions with the environment.

I must admit I feel little confidence when I consider the digital artifacts that so prop up our lives today. I cannot but be bemused by the fact that I am still in possession of many letters from days long gone by even as a great deal of my digital correspondence has vanished. And the less said about photographs the better; hundreds, if not thousands, of digital photographs have vanished from my collection: mistakenly deleted, destroyed in a hard drive crash, and sometimes, mysteriously, I just can’t find them. If you thought sticking photographs in old-fashioned paper albums was tedious, think again; little compares to the mind-numbing boredom of trying to organize a digital photo collection; losses and confusion are inevitable. (In part, of course, this is because we now take hundreds of photos in the course of a typical life event–as compared to the dozens of yesteryear.)

I say this as someone who considers himself a reasonably competent technology user: the fragility of the digital is frightening. Data is all too easily wiped out, too vulnerable to technical and human disasters. Yes, we have the opportunity to backup, but we also have occasion to forget (or not, in some cases, know how.) Those who imagine apocalyptic scenarios that bring about the end of civilization often dream of rampant disease and pestilence, nuclear war, climate change, and zombie outbreaks. To this list of imagined catastrophes I add my own: a freak cosmic event, perhaps The Solar Flare From Hell, which wipes out in an instant, all digital storage on this planet. Or perhaps some suitably disgruntled hacker will write a Trojan Horse that will combine patience and a hatred for data into a malevolent mix: it would insert itself into every single storage devices worldwide, and then, after confirming full occupancy had been attained, wipe the digital slate clean.

I would write more, but I’m afraid this already flaky network connection will start acting up again, so let me sign off for now.

Political Schooling Via The Usenet Newsgroup

As my post yesterday should have indicated, we are educated by a variety of modalities. A powerfully formative one for me was my exposure to Usenet newsgroups.

I discovered newsgroups in 1988, shortly after I began work as a research assistant with the Computerized Conferencing and Communications Center at the New Jersey Institute of Technology. I ‘worked’ long hours in our laboratory; email and newsgroups occupied much of that time (in between writing code, debugging code, and stepping out for coffee and cigarette breaks). I had arrived in the US from India in 1987,  a bachelor’s degree in hand; I considered myself well-read, but this inflated estimation of my edification was soon to be revised.

In the late eighties and the early nineties, Usenet newsgroups were largely populated by those with some form of university affiliation: faculty, students, staff, post-doctoral fellows. (Commercial affiliations were not unknown, but these were outnumbered by academic ones; the .edu address was most commonly visible.)  That demographic, unsurprisingly, voluble and prolific in its writing. (It is to the credit of the hacker community that so many of its members wrote often, and well, on newsgroups.)

The following hierarchy of newsgroups captures their eclectic and comprehensive nature:

  • comp.* — Discussion of computer-related topics
  • news.* — Discussion of Usenet itself
  • sci.* — Discussion of scientific subjects
  • rec.* — Discussion of recreational activities (e.g. games and hobbies)
  • soc.* — Socialising and discussion of social issues.
  • talk. * — Discussion of contentious issues such as religion and politics.
  • misc.* — Miscellaneous discussion—anything which does not fit in the other hierarchies.

I read a few of the .sci, .soc, .talk, and .rec groups on a daily basis. These were the time-sucks of their day; you could spend hours and hours, reading, responding, and engaging in flame wars. They were how you filled lunch and coffee breaks; they could make you stay up late at night, and log in frequently to see if new articles had shown up, to see if anyone had responded to your post.

It was here, in Usenet newsgroups, that I read many, many well-written, articulate, clearly argued and defended, points of view that I had never read before: free speech absolutism, the legalization of drugs, Palestinian self-determination, women’s reproductive rights, privacy rights, gay and lesbian rights, free software versus proprietary software, feminism, interpretations of the American constitution.  And many more. (I also spent a great deal of time reading and discussing cricket in the cricket newsgroup and the Grateful Dead in rec.music.gdead; ) When world-shaking events like the fall of Berlin Wall or Tiananmen  Square occurred on the world stage, they provoked corresponding discussions in the relevant groups. I read furious debates; refutations and counter-refutations; angry tirades; racist and xenophobic rants; calm, reasoned, erudite quasi-dissertations.

I had often entertained conventional views on or all some of these topics before I encountered newsgroups; very few of them survived their encounter with newsgroup discussions.  I read a great deal of revisionist history; I was offered many perspectives on world historical events that I had glibly thought I had understood  well. I had been complacent; I was no longer so. The sense of instability in my beliefs was alarming, but it was also exhilarating. I learned that seemingly air-tight arguments and refutations often contained fatal fallacies and weaknesses that could be exposed by close reading and careful attention to their logical and rhetorical form.

Some discussions were tedious, and many were repetitive, and later in the mid-nineties as the Internet bloomed and blossomed, I found the newsgroups less useful. I stopped reading them soon thereafter. But I never forgot those early readings–which produced in me a kind of ‘shock of the new.’

Many, many thanks are due to all those unnamed teachers of mine.

Diego Marani, Europanto, Blinkenlights, and Hacker Neologisms

In reviewing Diego Marani‘s Las Adventures Des Inspector Cabillot, Matthew Reynolds notes his invention of  Europanto, a ‘mock international auxiliary language‘:

Marani’s ability to see humour in his longing for a universal language has flowered in his creation of Europanto, a jovial pan-European language which began in his office [presumably, either the  the Directorate-General for Interpretation of the European Commission, where Marani is currently employed or his previous office at the EU’s Multilingualism Policy Unit] and spread to columns in Swiss and other newspapers, some of which have been collected in Las Adventures Des Inspector Cabillot. This book does not need to be translated: Europanto is ‘der jazz des linguas. Keine study necessite, just improviste, und du shal siempre fluent esse in diese most amusingamente lingua.’ Take a framework of English word order, varied with the occasional German inversion, and chuck in whatever vocabulary occurs to you French, German, Spanish, Italian, and occasionally Latin. Don’t worry too much about inflections. Europanto is more capacious than Miles Kingston’s Franglais, and less exacting than Esperanto.

As I read this passage in Reynold’s review, I was reminded of a sample of an older ‘international auxiliary language’, one rich with hacker’s neologisms, and one which produced many, many chuckles in me when I first encountered it in the machine room of the Computerized Conferencing and Communications Center in Newark, NJ, where I worked as a graduate research assistant from 1988 to 1990. I am referring, of course, to the famous ‘Blinkenlights‘:

If that ‘Gothic’ font is a little too hard to read, here is an easier version:

ACHTUNG! ALLES LOOKENSPEEPERS!

Das computermachine ist nicht fuer gefingerpoken und mitten grabben.  Ist easy schnappen der springen werk,  blowenfusen und poppencorken mit spitzensparken.  Ist nicht fuer gewerken bei das dumpkopfen.  Das rubbernecken sichtseeren keepen das cotten-pickenen hans in das pockets muss; relaxen und watchen das blinkenlichten.

What is it that makes such languages so pleasurable (and funny)?

Well, in the case of Europanto, as Reynolds points out, there is a sense of freedom, of release from syntactical structures and constraints, a chance to relish one’s knowledge–even if rudimentary–of more than language:

There’s a coltish pleasure in encountering worlds like ‘nightcauchemare,’ alsyoubitte’ and ‘smilingante’, and phrases like ‘under der heat des settingante sun’. You do feel momentarily released from the ‘grammaticale rigor’ that immures us, and ready to celebrate ‘der liberatione des lingua van alles rules’

In the case of the ‘Achtung’ sign (which went ‘viral’ in its own way after it first made its appearance), there is something else at play. Besides its straightforward nod to old WWII humor and war comics featuring caricatures of the German military, it’s an inside joke with all the distinct pleasures of that genre; it let the computer-literate enjoy a little dig at those that were on the ‘outside’ and that often, perversely, seemed to mock our literacy as a sign of general social incompetence (was it really such a bad thing to be a computer nerd?). But best of all, even as it made up a new ‘non-language’, those in the know knew that it pointed to a world where the distinct language of the hacker, the geek, the nerd, was spoken.