City

Is democracy ready for the Internet age?

Lancaster-County-Sample-Ballot-November-6-2012-Page-1IT technology is infiltrating almost every area in our society, but there is one front where the progress is notably slow. Democracy. Why?

We still use representative democracy and elect politicians for several years at a time. This is largely done using pen and paper and the votes are counted manually. Processing the votes seems like a task well suited for computers. And why do we even need to elect representatives when we could vote directly over the net in the big and important questions? Representative democracy was after all invented thousands of years ago when people had to gather physically to hold a meeting. Then it made sense to send someone to represent a group of people, but now we could involve a whole nation directly using the net. So what’s stopping us from doing that?

Let’s first look at IT as an aid in representative democracy. First, voting machines have already been used for a long time in some countries, including the US. But there have been many controversies and elections have even been declared invalid by court (link in Finnish) due to problems in electronic handling of votes.

Handling an election seems like a straightforward IT problem, but it really isn’t. Let’s keep in mind the fundamental requirements for an election: 1. The identity of voters and their right to vote must be verified. 2. It must be ensured that no one votes more than once. 3. It shall not be possible to determine how a person has voted. 4. The integrity of the result must be verifiable. The big problem is that these requirements conflicts with each other. You must know the person who votes but still store the data in a way that makes it possible to verify the result but not identify the voter. This leads to complex designs involving cryptography. It’s no doubt possible to develop systems that fulfill these needs. The hard part is to verify the systems thoroughly enough to make sure they really work.

And here psychology enters the scene. We all know pens and paper well and we have learned to trust the traditional election system. There is a fairly large number of unclear votes in every election and we have accepted that as a fact. But people are a lot more suspicious against computerized systems. Most of us lack the ability to understand how electronic voting works. And the requirements described above causes complexity that makes it hard even for many professionals. Only crypto experts have the true ability to audit it. This makes it hard to build a chain of trust between ordinary people and the voting system.

Is our suspicious attitude justified? Yes and no. We should be suspicious against complex electronic systems and put them through thorough scrutiny before using them in elections. We must demand that their design is open and audited by independent experts. But we are at the same time forgetting the fact that traditional security measures are far from perfect. Written signatures is a very weak method to prove identity and a photo ID is not much better. A nice example is a friend of mine who keeps using an expired ID card just to test the system. The card is his own and he still looks like the picture. The only problem is that the card expired 11 years ago. During these years the card has only been rejected once! It has been used several times when voting in elections. Needless to say, an electronic signature would not pass even once. Despite this, people typically trust written signatures and ID cards a lot more than computerized security measures. The same attitude is visible when discussing electronic voting.

Another real reason to be suspicious against electronic voting is the computers’ ability to process massive amounts of data very quickly. There are always minor errors in the traditional voting systems, but massive manipulation of the result is hard. In a computerized system, on the other hand, even a fairly small glitch may enable someone to make a big impact on the result.

The other side of the coin is the question if we need representative democracy at all anymore. Should we have net polls about the important questions instead? Well, representative democracy has an important benefit, continuity. The same people are given at least some time to achieve results before people can decide if they should continue. But a four to six year term is really too short to change the big things and our politicians tend to focus on smaller and easier issues. Imagine how it would be if the people had a more direct say in decision making? That could lead to an even bigger lack of focus and strategic direction. Probably not a good idea after all.

But representative democracy can be complemented instead of replaced. Crowd sourcing is one area that is taking off. A lot of things can be crowd sourced and legislative proposals is one of them. Many countries already have a Constitution that allows ordinary citizens to prepare proposals and force the parliament to vote on them, if enough people support the proposal. Here in Finland a crowd sourced copyright act proposal made headlines globally when it recently passed the 50 000 supporter threshold (1,2 % of the voting population). This is an excellent example of how modern Internet-based schemes can complement the representative democracy. Finland’s current copyright legislation is almost 10 years old and is heavily influenced by entertainment industry lobbyists. It was written during a time when most ordinary people had no clue about copyright issues, and the politicians knew even less. For example, most ordinary people probably thinks that downloading a song illegally from the net is less severe than selling a truckload of false CDs. Our current copyright law disagrees.

Issues like this can easily become a politically hot potato that no one want to touch. Here the crowd sourced initiatives comes in really handy. Other examples of popular initiatives in Finland are a demand for equal rights for same-sex couples and making a minority language optional in the schools. Even Edward Snowden has inspired a proposal: It should be possible to apply for political asylum remotely, without visiting the target country. Another issue is however that these initiatives need to pass the parliament to become laws. The representative democracy will still get the final word. Even popular crowd sourced initiatives may be dismissed, but they are still not in vain. Every method to bring in more feedback to the decision makers during their term in office is good and helps mitigate the problems with indirect democracy.

So what will our democracy look like in ten or twenty years? Here’s my guess. We still have representative democracy. Electronic voting machines takes care of most of the load, but we may still have traditional voting on paper available as an alternative. Well, some countries rely heavily on voting machines already today. The electronic machines are accepted as the norm even if some failures do occur. Voting over Internet will certainly be available in many countries, and is actually already in use in Estonia. Direct ways to affect the political system, like legislative proposals, will be developed and play a more important role. And last but not least. Internet has already become a very powerful tool for improving the transparency of our legislative institutions and to provide feedback from voters. This trend will continue and actually make the representative democracy blend into some kind of hybrid democracy. The representatives do in theory have carte blance to rule, but they also need to constantly mind their public reputation. This means that you get some extra power to affect the legislative institutions if you participate in the monitoring and express your opinion constantly, rather than just cast a vote every 4th year.

Safe surfing,
Micke

More posts from this topic

graveyard, RIP Flash, Is Flash dead

RIP Flash? Has Chrome signed Flash’s death warrant?

The first day of September may go down in internet security history -- and not just because it's the day when F-Secure Labs announced that its blog, which was the first antivirus industry blog ever, has moved to a new home. It's also the day that Google's Chrome began blocking flash ads from immediately loading, with the goal of moving advertisers to develop their creative in HTML5. Google is joining Amazon, whose complete rejection of Flash ads also begins on September 1. "This is a very good move on Amazon’s part and hopefully other companies will follow suit sooner than later," F-Secure Security Advisor Sean Sullivan wrote in August when Amazon made its announcement. "Flash-based ads are now an all-too-common security risk. Everybody will be better off without them." Last month, Adobe issued its 12th update in 2015 for the software addressing security and stability concerns. An estimated 90 percent of rich media ads are delivered through Flash. Having the world's largest online retailer reject your ad format is a significant nudge away from the plugin. But it would be difficult to overstate the impact of Chrome actively encouraging developers to drop Flash. About 1 out of every 2 people, 51.74 percent, who access the internet through a desktop browser do it via Chrome, according to StatCounter. This makes it the world's most popular web interface by far.   Facebook's Chief Security Officer has also recently called for the end of Flash and YouTube moved away from the format by default in January. “Newer technologies are available and becoming more popular anyway, so it would really be worth the effort to just speed up the adoption of newer, more secure technologies, and stop using Flash completely," F-Secure Senior Researcher Timo Hirvonen told our Business Insider blog. So what's keeping Flash alive? Massive adoption and advertisers. “Everyone in every agency’s creative department grew up using Adobe’s creative suite, so agencies still have deep benches of people who specialize in this,”Media Kitchen managing partner Josh Engroff told Digiday. “Moving away from it means new training and calibration.” And Flash does have some advantages over the format that seems fated to replace it. "HTML5 ads may be more beautiful, and are perceived to be more secure, but the files can be a lot larger than Flash," Business Insider's Laura O'Reilly wrote. In markets, stability can breed instability and it seems that our familiarity and reliance on Flash has resulted in unnecessary insecurity for our data. Has Flash hit its moment when its dominance rapidly evaporates? We can have hope. "I sincerely hope this is the end of Flash," Timo told us. Cheers, Sandra [Image by Sean MacEntee | Flickr]    

September 1, 2015
5825408292_11759e3304_o

Only 10% protected – Interesting study on travelers’ security habits

Kaisu who is working for us is also studying tourism. Her paper on knowledge of and behavior related to information security amongst young travelers was released in May, and is very interesting reading. The world is getting smaller. We travel more and more, and now we can stay online even when travelling. Using IT-services in unknown environments does however introduce new security risks. Kaisu wanted to find out how aware young travelers are of those risks, and what they do to mitigate them. The study contains many interesting facts. Practically all, 95,7%, are carrying a smartphone when travelling. One third is carrying a laptop and one in four a tablet. The most commonly used apps and services are taking pictures, using social networks, communication apps and e-mail, which all are used by about 90% of the travelers. Surfing the web follows close behind at 72%. But I’m not going to repeat it all here. The full story is in the paper. What I find most interesting is however what the report doesn’t state. Everybody is carrying a smartphone and snapping pictures, using social media, surfing the web and communicating. Doesn’t sound too exotic, right? That’s what we do in our everyday life too, not just when travelling. The study does unfortunately not examine the participants’ behavior at home. But I dare to assume that it is quite similar. And I find that to be one of the most valuable findings. Traveling is no longer preventing us from using IT pretty much as we do in our everyday life. I remember when I was a kid long, long ago. This was even before invention of the cellphone. There used to be announcements on the radio in the summer: “Mr. and Mrs. Müller from Germany traveling by car in Lapland. Please contact your son Hans urgently.” Sounds really weird for us who have Messenger, WhatsApp, Facebook, Twitter, Snapchat and Skype installed on our smartphones. There was a time when travelling meant taking a break in your social life. Not anymore. Our social life is today to an increasing extent handled through electronic services. And those services goes with us when travelling, as Kaisu’s study shows. So you have access to the same messaging channels no matter where you are on this small planet. But they all require a data connection, and this is often the main challenge. There are basically two ways to get the data flowing when abroad. You can use data roaming through the cellphone’s ordinary data connection. But that is often too expensive to be feasible, so WiFi offers a good and cheap alternative. Hunting for free WiFi has probably taken the top place on the list of travelers’ concerns, leaving pickpockets and getting burnt in the sun behind. Another conclusion from Kaisu’s study is that travelers have overcome this obstacle, either with data roaming or WiFi. The high usage rates for common services is a clear indication of that. But how do they protect themselves when connecting to exotic networks? About 10% are using a VPN and about 20% say they avoid public WiFi. That leaves us with over 70% who are doing something else, or doing nothing. Some of them are using data roaming, but I’m afraid most of them just use whatever WiFi is available, either ignoring the risks or being totally unaware. That’s not too smart. Connecting to a malicious WiFi network can expose you to eavesdropping, malware attacks, phishing and a handful other nasty tricks. It’s amazing that only 10% of the respondents have found the simple and obvious solution, a VPN. It stands for Virtual Private Network and creates a protected “tunnel” for your data through the potentially harmful free networks. Sounds too nerdy? No, it’s really easy. Just check out Freedome. It’s the super-simple way to be among the smart 10%.   Safe surfing, Micke   PS. I recently let go of my old beloved Nokia Lumia. Why? Mainly because I couldn’t use Freedome on it, and I really want the freedom it gives me while abroad.   Image by Moyan Brenn  

August 24, 2015
BY 
suicide

Forget the personality tests – Ask Facebook instead (Poll)

It’s amazing how advertising can power huge companies. Google has over 57 000 employees and some 66 billion US dollars in revenue. And Facebook with 12 billion and 10 000 employees. These two giants are the best know providers of ad-financed services on the net. And modern advertising is targeted, which means that they must know what the users want to see. Which means that they must know you. Let’s take a closer look at Facebook. We have already written about their advertising preferences and I have been following my data for some time. Part of the data used to target ads is input by yourself, age, gender, hometown, movies you seen etc. But Facebook also analyzes what you do, both in Facebook and on other sites, to find out what you like. It’s obvious how the tracking works inside Facebook itself. Their servers just simply record what links you click. Tracking in the rest of the net is more sinister, it’s described in this earlier post. Your activity record is analyzed and you are assigned to classes of interest, called “Your Ad Preferences” by Facebook. Advertisers can then select classes they want to target, and the ad may be shown to you based on these classes. You can view and manage the list using a page that is fairly well hidden deep in Facebook’s menus. Let’s check your preferences in moment, but first some thoughts about this. Advertising may be annoying, but it is the engine that drives so many “free” services nowadays. So I’m not going to blame Facebook for being ad-financed. I’m not going to blame them for doing targeted ads either. That can in theory be a good thing, you see more relevant ads that potentially can be of value to you. But any targeted ad scheme must be based on data collection, and this is the tricky part. Can we trust Facebook et al. to handle these quite extensive personal profiles and not misuse them for other purposes? It’s also nice that Facebook is somewhat open about this and let you view “Your Ad Preferences” (Note. Not available in all countries.). But that name is really misleading. The name should be “Facebook’s Ad Preferences for You”. Yes, you can view and delete classes, but that gives you a false sense of control. Facebook keeps analyzing what you do and deleted classes will reappear shortly. I made a full clean-up a couple of months ago, but now I have no less than 210 classes of interest again! This is really amazing if you take into account that I block tracking outside of Facebook, so those activities are not contributing. And I have a principle of not clicking ads in any on-line media, including Facebook. And liking commercial pages in a very restrictive manner. But the thing is that Facebook has realized that people dislike ads. “Suggested posts” or “Sponsored posts” are in fact masqueraded ads and any interaction with them will record your interest in the classes they represent. I have to admit that I do click this kind of content regularly. And where did that suicide thing come from? No, I’m fine. I’m not going to jump off a bridge and I’m not worried about any of my dearests’ mental health. I have not interacted with any kind of Facebook content related to suicide. Except that I can’t know that for sure. Facebook tries to give an open and honest image of itself when presenting its Ad Preferences settings and the possibilities to manage them. But this rosy picture is not the full truth. The inner workings of Facebook advertising is in reality a very complex secret system. When you interact with something on Facebook, you have no way of knowing how it affects your profile. Something I have clicked was apparently associated with suicides even if I had no clue about it. Ok, time to take the Facebook personality test. Let’s see what kind of person they think you are. Follow these instructions: Go to Facebook and locate an ad, a “sponsored post” or a “suggested post”. These items should have a cross or a down-arrow in the upper right corner. Click it. Select “Why am I seeing this?” from the pop-up menu. This screen contains some interesting info but proceed to “Manage your ad preferences”. Review the list and come back here to tell us what you think of it. Delete the inappropriate classes. Deleting all may reduce the number of ads you see.   So let’s see what people think about this test’s accuracy:   [polldaddy poll=9023953]   So using Facebook’s Ad Preferences as a personality test may be entertaining, but not very accurate after all. You should probably look elsewhere for a real test. The catch is that you can select what test to take, but not how others collect data about you. Someone else may rely on this test when evaluating you. You have actually granted Facebook the right to share this data with basically anyone. Remember this clause in the agreement that you read and approved before signing up? “We transfer information to vendors, service providers, and other partners who globally support our business, such as providing technical infrastructure services, analyzing how our Services are used, measuring the effectiveness of ads and services, providing customer service, facilitating payments, or conducting academic research and surveys.” You did read it before signing, didn’t you?   Safe surfing, Micke   Image: Screenshot from facebook.com  

August 13, 2015
BY