Proprietary Software And Our Hackable Elections

Bloomberg reports that:

Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database….the Russian hackers hit systems in a total of 39 states

In Decoding Liberation: The Promise of Free and Open Source Software, Scott Dexter and I wrote:

Oversight of elections, considered by many to be the cornerstone of modern representational democracies, is a governmental function; election commissions are responsible for generating ballots; designing, implementing, and maintaining the voting infrastructure; coordinating the voting process; and generally insuring the integrity and transparency of the election. But modern voting technology, specifically that of the computerized electronic voting machine that utilizes closed software, is not inherently in accord with these norms. In elections supported by these machines, a great mystery takes place. A citizen walks into the booth and “casts a vote.” Later, the machine announces the results. The magical transformation from a sequence of votes to an electoral decision is a process obscure to all but the manufacturers of the software. The technical efficiency of the electronic voting process becomes part of a package that includes opacity and the partial relinquishing of citizens’ autonomy.

This “opacity” has always meant that the software used to, quite literally, keep our democracy running has its quality and operational reliability vetted, not by the people, or their chosen representatives, but only by the vendor selling the code to the government. There is no possibility of say, a fleet of ‘white-hat’ hackers–concerned citizens–putting the voting software through its paces, checking for security vulnerabilities and points of failure. The kinds that hostile ‘black-hat’ hackers, working for a foreign entity like, say, Russia, could exploit. These concerns are not new.

Dexter and I continue:

The plethora of problems attributed to the closed nature of electronic voting machines in the 2004 U.S. presidential election illustrates the ramifications of tolerating such an opaque process. For example, 30 percent of the total votes were cast on machines that lacked ballot-based audit trails, making accurate recounts impossible….these machines are vulnerable to security hacks, as they rely in part on obscurity….Analyses of code very similar to that found in these machines reported that the voting system should not be used in elections as it failed to meet even the most minimal of security standards.

There is a fundamental political problem here:

The opaqueness of these machines’ design is a secret compact between governments and manufacturers of electronic voting machines, who alone are privy to the details of the voting process.

The solution, unsurprisingly, is one that calls for greater transparency; the use of free and open source software–which can be copied, modified, shared, distributed by anyone–emerges as an essential requirement for electronic voting machines.

The voting process and its infrastructure should be a public enterprise, run by a non-partisan Electoral Commission with its operational procedures and functioning transparent to the citizenry. Citizens’ forums demand open code in electoral technology…that vendors “provide election officials with access to their source code.” Access to this source code provides the polity an explanation of how voting results are reached, just as publicly available transcripts of congressional sessions illustrate governmental decision-making. The use of FOSS would ensure that, at minimum, technology is held to the same standards of openness.

So long as our voting machines run secret, proprietary software, our electoral process remains hackable–not just by Russian hackers but also by anyone that wishes to subvert the process to help realize their own political ends.

Apple’s ‘Code Is Speech’ Argument, The DeCSS Case, And Free Software

In its ongoing battle with federal law enforcement agencies over its refusal to unlock the iPhone, Apple has mounted a ‘Code is Speech’ defense arguing that “the First Amendment prohibits the government from compelling Apple to make code.” This has provoked some critical commentary, including an article by Neil Richards, which argues that Apple’s argument is “dangerous.”

Richards alludes to some previous legal wrangling over the legal status of computer code, but does not name names. Here is an excerpt from my book Decoding Liberation: The Promise of Free and Open Source Software (co-authored with Scott Dexter) that makes note of a relevant court decision and offers arguments for treating code as speech protected under the First Amendment. (To fully flesh out these arguments in their appropriate contexts, do read Chapters 4 and 5 of Decoding Liberation. I’d be happy to mail PDFs to anyone interested.) Continue reading

Should Free Software Go Into the Public Domain?

I’ve just finished an interesting Twitter conversation with Glyn Moody (author of Rebel Code: Linux and the Open Source Revolution, still one of the best books on the free and open source software phenomenon). Moody has written a very interesting article over at TechDirt, which wonders whether the time has come to put free and open source software into the public domain rather than releasing it under a variety of licenses which rely for their efficacy on copyright law. (Moody’s article finds its provenance in a paper by Clark Asay, who argues that FOSS could be released into the public domain and yet still thrive as a collaborative project.)

My initial response to Moody’s article was skeptical. (Full disclosure: I have not read Asay’s article but will soon do so.) Several years ago, in our book Decoding Liberation: The Promise of Free and Open Source Software, Scott Dexter and I had argued for the superiority of FOSS licenses like GPL over permissive licenses like the BSD because of the worry that the latter made free-riding possible. (Those arguments are still relevant though I will not repeat them here; please do check out the link.)

Moody addresses this worry by quoting Asay:

if a firm were to take and close a project, they almost certainly would not obtain the free labor that contributors around the world are willing to provide to open-licensed projects. Without that free labor, firms would lose the most significant advantages of an open model of innovation, and the free labor would likely remain loyal to the open version of the project. Firms thus already have incentives to open and contribute as much of their materials as possible, since doing so will attract free labor and trigger innovation in directions that better suit the firm and its strategic direction.

and then goes on to say:

The key point is that the code without the community that creates it is pretty much dead. A company may gain a short-term advantage in taking public domain code and enclosing it, but by refusing to give back its changes, it loses any chance of collaborating with the coders who are writing the future versions. It will have no influence, and no way of raising issues of particular concern that help it with its products. Instead, it will have to keep up the development of its own version of the code single-handed. That’s likely to be costly at best, and may even be impossible except for the very largest companies (Apple is an example of one that has succeeded, basing its Mac OS X operating system on the free BSD version of Unix.)

As I noted in my conversation with Moody, I’m considerably less sanguine than he is about these prospects. I do not doubt that FOSS has made great inroads in the world of software (Moody quotes figures like ‘94% of top supercomputers run Linux; 75% of smartphones run Android; tablets next…’). What I do doubt is whether the value of free software is understood at a more conceptual level so that the closing of a formerly open project would be viewed as a bad thing by the developer community (and by users). Moody thinks so, of course, hence our polite disagreement. (I also think new laws will be needed to protect developers from patent infringement claims.)

In any case, I think the argument is an interesting one especially as one might think that copyright protection was only required for FOSS because of the onerous copyright regimes that it exists in and that a move to the public domain would become easier in an environment that understands FOSS’ promise better and so would be less tolerant of the closing of a formerly open project (like Apple closed BSD). Again, this will only happen in a different legal regime.

Hopefully, I’ll get the time to read the Asay article and respond to it more thoughtfully sometime soon. In the meantime, comments welcome.

Free Software and ‘Appropriate Technology’

Last week, as part of a panel session organized at Queens College of the City University of New York, I spoke briefly on ‘Free Software and Appropriate Technology.’ I began by introducing the term ‘appropriate technology’ by setting it in the context of India’s attempts to achieve self-reliance in energy production, an effort that in the 1970s involved a serious interest in nuclear power. This effort had become the subject of a fierce critique by Professor Dhirendra Sharma of the Jawaharlal Nehru University, who suggested in his book, India’s Nuclear Estate that nuclear power was an ‘inappropriate technology’ for India: it encouraged centralization of political power, made energy into a national security issue with its concomitant secrecy, encouraged dependence on erstwhile colonial powers and the signing of treaties that were detrimental to national sovereignty, and more to the point, was expensive, unproven, and unlikely to meet India’s growing energy needs. (Sharma’s efforts did not meet with favor in the councils of power; he was ‘transferred’ to the School of Languages from the School of Sciences as a reprimand, a bizarre move that did nothing to silence Sharma and merely directed more attention to his writings.) Over the course of a few conversations with Sharma I grew to develop an understanding of the notion of ‘appropriate technology’, which might not have been in complete accordance with those who first coined the term, but which did a great deal to provide me with an evaluative framework for thinking about technology and its connection with politics.

I then moved on to making the case for free software as an appropriate technology for India. As Scott Dexter and I noted in our book, Decoding Liberation: The Promise of Free and Open Source Software:

FOSS provides a social good that proprietary software cannot; for example, FOSS may be the only viable source of software in developing nations, where programming talent is abundant but prices for proprietary-software  licenses are prohibitive. Countries such as China and India have seen in FOSS an opportunity to draw on their wealth of programming talent to provide the  technological infrastructure for their rapidly expanding economies. Microsoft’s substantial investments in Indian education initiatives may be prompted by worries that free software might fill indigenous needs instead. FOSS has been cited by Venezuelan President Hugo Chavez as a key element of achieving economic independence from the global North. At the 2005 World Social Forum in Porto Allegre, the Youth Camp focused largely on  FOSS issues. This enthusiasm for FOSS extends to the industrialized First World as well, as many members of the European Union adopt it for governmental administration. [citations removed]

To emphasize the point made in the first sentence above: FOSS prevents lock-in with a monopolistic vendor; it provides an educational laboratory for a country where education in advanced technology is necessary to sustain its economic growth; it encourages autonomous development of software applications and local skills; its price is right, especially if local talent can train themselves on it; it is the ideal software base for the educational system; and so on.

The case is compelling, I think.

Flying Solo, As Author, For a Change

Sometime this week or the next, my fourth book, Brave New Pitch: The Evolution of Modern Cricket (HarperCollins India 2012), will make its way to bookstores and online book-sellers. My fourth book differs in one crucial regard from those that have preceded it: I have not co-authored it with anyone; its jacket lists but one name, mine, as the author. (Summing up, the blurb says: ‘In Brave New Pitch, Samir Chopra takes a hard look at cricket’s tumultuous present, and considers what could and should lie ahead.’)

This is a novel feeling, a journey to a strange land. Flying solo?

I like collaborators. Not dastardly Vichy-types but the diverse set of co-authors that have brought my writing projects,  thus far, before Brave New Pitch, to fruition. While working on my doctorate I carefully managed my awe of my Putnam Prize-winning adviser while drawing upon his genius to help me navigate the complexities of mathematical logic. My dissertation–on new models of belief revision that accommodated inconsistent beliefs and relevance-sensitivity–bore my name on its spine but the stamp of his exacting attention to detail.

And then there was the military aviation historian whom I did not meet until after the publication of our book (a history, the first, of the India-Pakistan air war of 1965).  We talked on the phone and generated a blizzard of emails (he lived in India, I in the US and Australia); his presence was always palpable in constantly redefining my notion of good history. We used no sophisticated file sharing software; we simply maintained a repository of book chapters, and sent the other an email when we edited a file. It worked; somehow, at the end of it all, we had a book, a good one.

Later, while working on a book about the liberatory potential of that gigantic collaboration called the ‘free software phenomenon’,  I found a co-author four floors down from me; we went biking, drank beers, went on double-dates, and squabbled endlessly over writing. Every single sentence was negotiated, an exhausting experience essential to the form and content of the final work. We stored our files online, worked on them together. And I mean ‘together’; we put four hands on the keyboard, and miraculously, managed to write that way.

Later, while working on a book on how current legal theory could and should accommodate artificial agents, I negotiated with a collaborator who often preferred long periods of autonomous activity in isolation. For the first time, I used software for writing collaboration; it wasn’t perfect but it introduced some much-needed structure to the writing process. I became an expert at change-tracking software; I became used to repeated iterations and pass-throughs of chapters in response to close readings by my co-author.

I’ve negotiated many power relationships in these partnerships; from dissertation advisers to good friends (deleting either’s sentences requires sensitivity and tact). Each collaborator has enriched and complemented me, and, in becoming part of my cognitive resources, has been an essential agent in my self-realization. The muses only visit while we work; mine include my collaborators.

Nick Drake’s ‘At the Chime of a City Clock’ and Urban Melancholia

I discovered Nick Drake late, very late. Back in 2007, Scott Dexter and I were busy dealing with the release of our book Decoding Liberation: The Promise of Free and Open Source Software; mainly, this involved engaging in some spirited discussions online with other folks interested in free software, the creative commons, free culture, and all of the rest. One of our interlocutors was a young man from–I think–Reading, UK. His name was–I think–Tom Chance. As is an internet voyeur’s wont, I moseyed on over to his webpage and spent some time poking around through his various links. One link led to a playlist. One track on that playlist was Nick Drake’s At the Chime of a City Clock.

I’m not sure why I played the track. But once I did,  and as the opening picks on the strings of Drake’s guitar floated out, accompanied by ‘A city freeze/Get on your knees/Pray for warmth and green paper/A city drought/You’re down and out/,’ I was hooked. Not as in ‘I played that track incessantly.’ ATCOACC isn’t really the kind of song that can be played again and again, at least, not at the same sitting. Rather I was hooked as in ‘it got under my skin,’ ‘spooked me out,’ ‘induced melancholia,’ ‘conjured up a rich panoply of images,’ ‘stirred up long-forgotten memories,’ ‘was strangely calming,’ ‘intrigued me with its orchestration,’ ‘haunted me,’ and so on. It was, and is, that kind of song, simultaneously simple and complex, one that almost immediately provokes in its listeners a curiosity about its provenance and meaning.

ATCOACC’s lyrics are alternately straightforward and cryptic, but they never stop being suggestive, leaving themselves open to the varied interpretations that its listeners might bring to it. (It has been suggested  that Drake’s lyrics in general show the influence of William BlakeWilliam Butler Yeats and Henry Vaughan, poets that he studied, and expressed an affinity for, during his days at Cambridge.) When I first listened to ATCOACC, New York was in the grip of a unseasonably cool summer day, gray and overcast, with faint leftover smatterings of the morning’s rain beating against my apartment windows; I felt I had discovered the perfect soundtrack to a day that is all-too familiar on the East Coast. And strangely enough, even though none of the lines in the song are explicitly about urban blight, I somehow felt that images of torn-down city blocks, sidewalks with grass poking up through them, deserted parking lots, and old grimy theaters were easily evoked by it. That was because of my particular history on the US East Coast and it spoke volumes of ATCOACC’s ability to reach into me.

If there is a miniscule weakness in ATCOACC’s lyrics it is that Drake mentions London in one line (Saddle up/Kick your feet/Ride the range of a London street/); they might have worked better without explicit mention of any particular city. And that is precisely because Drake’s melancholia should be familiar to anyone that has ever found themselves confronted with that particular irony of the modern life: to be frighteningly, devastatingly alone, in the middle of humanity’s most crowded spaces.