City

Is democracy ready for the Internet age?

Lancaster-County-Sample-Ballot-November-6-2012-Page-1IT technology is infiltrating almost every area in our society, but there is one front where the progress is notably slow. Democracy. Why?

We still use representative democracy and elect politicians for several years at a time. This is largely done using pen and paper and the votes are counted manually. Processing the votes seems like a task well suited for computers. And why do we even need to elect representatives when we could vote directly over the net in the big and important questions? Representative democracy was after all invented thousands of years ago when people had to gather physically to hold a meeting. Then it made sense to send someone to represent a group of people, but now we could involve a whole nation directly using the net. So what’s stopping us from doing that?

Let’s first look at IT as an aid in representative democracy. First, voting machines have already been used for a long time in some countries, including the US. But there have been many controversies and elections have even been declared invalid by court (link in Finnish) due to problems in electronic handling of votes.

Handling an election seems like a straightforward IT problem, but it really isn’t. Let’s keep in mind the fundamental requirements for an election: 1. The identity of voters and their right to vote must be verified. 2. It must be ensured that no one votes more than once. 3. It shall not be possible to determine how a person has voted. 4. The integrity of the result must be verifiable. The big problem is that these requirements conflicts with each other. You must know the person who votes but still store the data in a way that makes it possible to verify the result but not identify the voter. This leads to complex designs involving cryptography. It’s no doubt possible to develop systems that fulfill these needs. The hard part is to verify the systems thoroughly enough to make sure they really work.

And here psychology enters the scene. We all know pens and paper well and we have learned to trust the traditional election system. There is a fairly large number of unclear votes in every election and we have accepted that as a fact. But people are a lot more suspicious against computerized systems. Most of us lack the ability to understand how electronic voting works. And the requirements described above causes complexity that makes it hard even for many professionals. Only crypto experts have the true ability to audit it. This makes it hard to build a chain of trust between ordinary people and the voting system.

Is our suspicious attitude justified? Yes and no. We should be suspicious against complex electronic systems and put them through thorough scrutiny before using them in elections. We must demand that their design is open and audited by independent experts. But we are at the same time forgetting the fact that traditional security measures are far from perfect. Written signatures is a very weak method to prove identity and a photo ID is not much better. A nice example is a friend of mine who keeps using an expired ID card just to test the system. The card is his own and he still looks like the picture. The only problem is that the card expired 11 years ago. During these years the card has only been rejected once! It has been used several times when voting in elections. Needless to say, an electronic signature would not pass even once. Despite this, people typically trust written signatures and ID cards a lot more than computerized security measures. The same attitude is visible when discussing electronic voting.

Another real reason to be suspicious against electronic voting is the computers’ ability to process massive amounts of data very quickly. There are always minor errors in the traditional voting systems, but massive manipulation of the result is hard. In a computerized system, on the other hand, even a fairly small glitch may enable someone to make a big impact on the result.

The other side of the coin is the question if we need representative democracy at all anymore. Should we have net polls about the important questions instead? Well, representative democracy has an important benefit, continuity. The same people are given at least some time to achieve results before people can decide if they should continue. But a four to six year term is really too short to change the big things and our politicians tend to focus on smaller and easier issues. Imagine how it would be if the people had a more direct say in decision making? That could lead to an even bigger lack of focus and strategic direction. Probably not a good idea after all.

But representative democracy can be complemented instead of replaced. Crowd sourcing is one area that is taking off. A lot of things can be crowd sourced and legislative proposals is one of them. Many countries already have a Constitution that allows ordinary citizens to prepare proposals and force the parliament to vote on them, if enough people support the proposal. Here in Finland a crowd sourced copyright act proposal made headlines globally when it recently passed the 50 000 supporter threshold (1,2 % of the voting population). This is an excellent example of how modern Internet-based schemes can complement the representative democracy. Finland’s current copyright legislation is almost 10 years old and is heavily influenced by entertainment industry lobbyists. It was written during a time when most ordinary people had no clue about copyright issues, and the politicians knew even less. For example, most ordinary people probably thinks that downloading a song illegally from the net is less severe than selling a truckload of false CDs. Our current copyright law disagrees.

Issues like this can easily become a politically hot potato that no one want to touch. Here the crowd sourced initiatives comes in really handy. Other examples of popular initiatives in Finland are a demand for equal rights for same-sex couples and making a minority language optional in the schools. Even Edward Snowden has inspired a proposal: It should be possible to apply for political asylum remotely, without visiting the target country. Another issue is however that these initiatives need to pass the parliament to become laws. The representative democracy will still get the final word. Even popular crowd sourced initiatives may be dismissed, but they are still not in vain. Every method to bring in more feedback to the decision makers during their term in office is good and helps mitigate the problems with indirect democracy.

So what will our democracy look like in ten or twenty years? Here’s my guess. We still have representative democracy. Electronic voting machines takes care of most of the load, but we may still have traditional voting on paper available as an alternative. Well, some countries rely heavily on voting machines already today. The electronic machines are accepted as the norm even if some failures do occur. Voting over Internet will certainly be available in many countries, and is actually already in use in Estonia. Direct ways to affect the political system, like legislative proposals, will be developed and play a more important role. And last but not least. Internet has already become a very powerful tool for improving the transparency of our legislative institutions and to provide feedback from voters. This trend will continue and actually make the representative democracy blend into some kind of hybrid democracy. The representatives do in theory have carte blance to rule, but they also need to constantly mind their public reputation. This means that you get some extra power to affect the legislative institutions if you participate in the monitoring and express your opinion constantly, rather than just cast a vote every 4th year.

Safe surfing,
Micke

More posts from this topic

Charlie

I really miss Benjamin Franklin!

January 7th was a sad day. The Charlie Hebdo shooting in Paris was both an attack on free speech and fuel for more aggression against Muslims. And controversially also fuel for even more attacks against free speech. The western society’s relation to free speech is very complicated nowadays. Officially it is still valued as a fundamental right. But it is also seen as a threat, even if politicians are very keen to masquerade free speech reductions as necessary security improvements. British PM Cameron’s recent debacle is an excellent example. In his opinion, there must not be any form of communication that the authorities can’t listen in to, which would mean restrictions on encryption. Non-digital metaphors are usually a good way to explain things like this. This is as smart as banning helmets because they make it harder to recognize criminals riding motorcycles. French president Francois Hollande wanted to join the party and proposed a law making internet providers responsible for users' content in their services. The idea was to make companies like Facebook and Twitter monitor all communication and call Paris as soon as someone talks terrorism. This goes even further than Cameron as it actually would force companies to do the police’s work. But should the phone company also be held responsible if it turns out that a terrorist has been allowed to place calls? And maybe even send mail delivered by the postal service? Hollande did of course not include those as they would help people understand how crazy the idea is. Anything can be misused for criminal purposes. But trying to make providers of things responsible is just madness and hurts the whole society and economy. The important point here is naturally that freedom of speech is a much broader concept than what Charlie Hebdo utilizes. The caricatures express our freedom to communicate publicly without censorship. But there is also another dimension of free speech. Everybody has the right to choose whom they communicate with and whom a message is intended for. This is not just about secrecy and privacy, it is really about being free to exchange opinions without worrying about them being used against you later by some third party. This dimension of free speech would of course not exist in Cameron’s ideal society. So no Cameron and Hollande, you are definitively not Charlie! It’s sad that the great “Je Suis Charlie” -movement has become a symbol for both freedom of speech and hypocrisy. Didn’t you really see anything wrong in first marching in support of Charlie Hebdo in Paris, and then immediately attack freedom of speech yourself? It takes courage to be a leader and balance between security and freedom. Today we really need leaders like Benjamin Franklin, who had guts and said things like “Freedom of speech is a principal pillar of a free government; when this support is taken away, the constitution of a free society is dissolved, and tyranny is erected on its ruins.” and “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”   Safe surfing, Micke   Image by Markus Winkler @ Flickr under CC BY-SA 2.0 via Wikimedia Commons Benjamin Franklin quotes from wikiquote.org

Jan 29, 2015
BY 
F-Secure shares tips to protect your data on Data Privacy Day

It’s Data Privacy Day, and Companies Know More About You Than Ever

Nowadays companies know more about you than ever. But do you know what they’re doing with all your data? Today's Data Privacy Day, and at F-Secure we usually talk a lot about defending your personal data from online criminals: the likes of hackers, scammers and WiFi snoops. But today we'd like to talk a little about how your privacy can be invaded completely legally - by private businesses who collect your data, and how you can protect yourself. We give companies unprecedented access to our personal info and shopping habits. We give knowingly, such as when we fill out a website form. We also give in ways we may not be aware of, in the case of online advertisers who track our clicks around the web and gain insight into our interests and preferences. These advertisers are building up detailed, extensive profiles about us so they can target us with online ads we'll be more likely to click on. The apps we install garner even more of our information. Not to mention what we give to social networks and our email providers. The result: a mass of digital data is spread around about each of us that's super difficult to control. An Adroit Digital study found that 58% of respondents aren't comfortable with the amount of information they have to give to get special offers or services from retailers, and 82% are uncomfortable with the amount of information online advertisers have about them. And according to a survey by SAS, more than 69% of respondents agree that recent news events have increased their concerns about their data in the hands of businesses. News events like all-too-common data breaches, no doubt. But there's also a skepticism of what businesses and organizations may do with the data they are entrusted with. Last week, for example, Americans were shocked to learn that their government’s healthcare website had been quietly funneling consumers’ personal details along to advertising and analytics companies. At F-Secure, we've always been extremely conscious about the responsibility we have to respect the privacy of our customers' data and content. We recently put our core privacy principles into a structured form and shared them with the world - and Micke delved into them in a recent 3-part series. We also are passionate about helping you protect your own privacy - which is why we've created privacy-centered products like Freedome, which keeps online advertisers out of your business by blocking tracking. At the very least, we hope to inspire you to be, if not already, a little more aware of your data trail. So in celebration of Data Privacy Day, here are a few tips for helping you keep from spreading your data too far: 6 Tips for Defending Your Personal Data Check before committing. If your relationship with a business means you’ll be giving up a lot of data to them, check for a privacy policy or principles that outline how they use customer data Choose privacy. Turn on Private or Incognito mode in your web browser so that websites can’t use cookies to identify you Check your settings. Use this handy list to check your privacy settings on all the most popular sites, from ecommerce to social media and more. Provided by the folks behind Data Privacy Day. Search carefree. Use F-Secure Search, our free search engine that makes sure your search history is not stored anywhere or linked to you Get informed. Use F-Secure App Permissions, our free app that lets you know what information you’re giving up to the apps you’ve installed on your phone Keep advertisers at arms' length. Use F-Secure Freedome, our privacy app that blocks third-party online advertisers from following you around the Web. Freedome is available for a free 14-day trial here.   Happy Data Privacy Day!   Image courtesy Philippe Teuwen, flickr.com  

Jan 28, 2015
BY