Is democracy ready for the Internet age?

Lancaster-County-Sample-Ballot-November-6-2012-Page-1IT technology is infiltrating almost every area in our society, but there is one front where the progress is notably slow. Democracy. Why?

We still use representative democracy and elect politicians for several years at a time. This is largely done using pen and paper and the votes are counted manually. Processing the votes seems like a task well suited for computers. And why do we even need to elect representatives when we could vote directly over the net in the big and important questions? Representative democracy was after all invented thousands of years ago when people had to gather physically to hold a meeting. Then it made sense to send someone to represent a group of people, but now we could involve a whole nation directly using the net. So what’s stopping us from doing that?

Let’s first look at IT as an aid in representative democracy. First, voting machines have already been used for a long time in some countries, including the US. But there have been many controversies and elections have even been declared invalid by court (link in Finnish) due to problems in electronic handling of votes.

Handling an election seems like a straightforward IT problem, but it really isn’t. Let’s keep in mind the fundamental requirements for an election: 1. The identity of voters and their right to vote must be verified. 2. It must be ensured that no one votes more than once. 3. It shall not be possible to determine how a person has voted. 4. The integrity of the result must be verifiable. The big problem is that these requirements conflicts with each other. You must know the person who votes but still store the data in a way that makes it possible to verify the result but not identify the voter. This leads to complex designs involving cryptography. It’s no doubt possible to develop systems that fulfill these needs. The hard part is to verify the systems thoroughly enough to make sure they really work.

And here psychology enters the scene. We all know pens and paper well and we have learned to trust the traditional election system. There is a fairly large number of unclear votes in every election and we have accepted that as a fact. But people are a lot more suspicious against computerized systems. Most of us lack the ability to understand how electronic voting works. And the requirements described above causes complexity that makes it hard even for many professionals. Only crypto experts have the true ability to audit it. This makes it hard to build a chain of trust between ordinary people and the voting system.

Is our suspicious attitude justified? Yes and no. We should be suspicious against complex electronic systems and put them through thorough scrutiny before using them in elections. We must demand that their design is open and audited by independent experts. But we are at the same time forgetting the fact that traditional security measures are far from perfect. Written signatures is a very weak method to prove identity and a photo ID is not much better. A nice example is a friend of mine who keeps using an expired ID card just to test the system. The card is his own and he still looks like the picture. The only problem is that the card expired 11 years ago. During these years the card has only been rejected once! It has been used several times when voting in elections. Needless to say, an electronic signature would not pass even once. Despite this, people typically trust written signatures and ID cards a lot more than computerized security measures. The same attitude is visible when discussing electronic voting.

Another real reason to be suspicious against electronic voting is the computers’ ability to process massive amounts of data very quickly. There are always minor errors in the traditional voting systems, but massive manipulation of the result is hard. In a computerized system, on the other hand, even a fairly small glitch may enable someone to make a big impact on the result.

The other side of the coin is the question if we need representative democracy at all anymore. Should we have net polls about the important questions instead? Well, representative democracy has an important benefit, continuity. The same people are given at least some time to achieve results before people can decide if they should continue. But a four to six year term is really too short to change the big things and our politicians tend to focus on smaller and easier issues. Imagine how it would be if the people had a more direct say in decision making? That could lead to an even bigger lack of focus and strategic direction. Probably not a good idea after all.

But representative democracy can be complemented instead of replaced. Crowd sourcing is one area that is taking off. A lot of things can be crowd sourced and legislative proposals is one of them. Many countries already have a Constitution that allows ordinary citizens to prepare proposals and force the parliament to vote on them, if enough people support the proposal. Here in Finland a crowd sourced copyright act proposal made headlines globally when it recently passed the 50 000 supporter threshold (1,2 % of the voting population). This is an excellent example of how modern Internet-based schemes can complement the representative democracy. Finland’s current copyright legislation is almost 10 years old and is heavily influenced by entertainment industry lobbyists. It was written during a time when most ordinary people had no clue about copyright issues, and the politicians knew even less. For example, most ordinary people probably thinks that downloading a song illegally from the net is less severe than selling a truckload of false CDs. Our current copyright law disagrees.

Issues like this can easily become a politically hot potato that no one want to touch. Here the crowd sourced initiatives comes in really handy. Other examples of popular initiatives in Finland are a demand for equal rights for same-sex couples and making a minority language optional in the schools. Even Edward Snowden has inspired a proposal: It should be possible to apply for political asylum remotely, without visiting the target country. Another issue is however that these initiatives need to pass the parliament to become laws. The representative democracy will still get the final word. Even popular crowd sourced initiatives may be dismissed, but they are still not in vain. Every method to bring in more feedback to the decision makers during their term in office is good and helps mitigate the problems with indirect democracy.

So what will our democracy look like in ten or twenty years? Here’s my guess. We still have representative democracy. Electronic voting machines takes care of most of the load, but we may still have traditional voting on paper available as an alternative. Well, some countries rely heavily on voting machines already today. The electronic machines are accepted as the norm even if some failures do occur. Voting over Internet will certainly be available in many countries, and is actually already in use in Estonia. Direct ways to affect the political system, like legislative proposals, will be developed and play a more important role. And last but not least. Internet has already become a very powerful tool for improving the transparency of our legislative institutions and to provide feedback from voters. This trend will continue and actually make the representative democracy blend into some kind of hybrid democracy. The representatives do in theory have carte blance to rule, but they also need to constantly mind their public reputation. This means that you get some extra power to affect the legislative institutions if you participate in the monitoring and express your opinion constantly, rather than just cast a vote every 4th year.

Safe surfing,

More posts from this topic


Why Cameron hates WhatsApp so much

It’s a well-known fact that UK’s Prime Minister David Cameron doesn’t care much about peoples’ privacy. Recently he has been driving the so called Snooper’s Charter that would give authorities expanded surveillance powers, which got additional fuel from the Paris attacks. It is said that terrorists want to tear down the Western society and lifestyle. And Cameron definitively puts himself in the same camp with statements like this: “In our country, do we want to allow a means of communication between people which we cannot read? No, we must not.” David Cameron Note that he didn’t say terrorists, he said people. Kudos for the honesty. It’s a fact that terrorist blend in with the rest of the population and any attempt to weaken their security affects all of us. And it should be a no-brainer that a nation where the government can listen in on everybody is bad, at least if you have read Orwell’s Nineteen Eighty-Four. But why does WhatsApp occur over and over as an example of something that gives the snoops grey hair? It’s a mainstream instant messenger app that wasn’t built for security. There are also similar apps that focus on security and privacy, like Telegram, Signal and Wickr. Why isn’t Cameron raging about them? The answer is both simple and very significant. But it may not be obvious at fist. Internet was by default insecure and you had to use tools to fix that. The pre-Snowden era was the golden age for agencies tapping into the Internet backbone. Everything was open and unencrypted, except the really interesting stuff. Encryption itself became a signal that someone was of interest, and the authorities could use other means to find out what that person was up to. More and more encryption is being built in by default now when we, thanks to Snowden, know the real state of things. A secured connection between client and server is becoming the norm for communication services. And many services are deploying end-to-end encryption. That means that messages are secured and opened by the communicating devices, not by the servers. Stuff stored on the servers are thus also safe from snoops. So yes, people with Cameron’s mindset have a real problem here. Correctly implemented end-to-end encryption can be next to impossible to break. But there’s still one important thing that tapping the wire can reveal. That’s what communication tool you are using, and this is the important point. WhatsApp is a mainstream messenger with security. Telegram, Signal and Wickr are security messengers used by only a small group people with special needs. Traffic from both WhatsApp and Signal, for example, are encrypted. But the fact that you are using Signal is the important point. You stick out, just like encryption-users before. WhatsApp is the prime target of Cameron’s wrath mainly because it is showing us how security will be implemented in the future. We are quickly moving towards a net where security is built in. Everyone will get decent security by default and minding your security will not make you a suspect anymore. And that’s great! We all need protection in a world with escalating cyber criminality. WhatsApp is by no means a perfect security solution. The implementation of end-to-end encryption started in late 2014 and is still far from complete. The handling of metadata about users and communication is not very secure. And there are tricks the wire-snoops can use to map peoples’ network of contacts. So check it out thoroughly before you start using it for really hot stuff. But they seem to be on the path to become something unique. Among the first communication solutions that are easy to use, popular and secure by default. Apple's iMessage is another example. So easy that many are using it without knowing it, when they think they are sending SMS-messages. But iMessage’s security is unfortunately not flawless either.   Safe surfing, Micke   PS. Yes, weakening security IS a bad idea. An excellent example is the TSA luggage locks, that have a master key that *used to be* secret.   Image by Sam Azgor

November 26, 2015
Secure Wordpress site, mobile blogging, tablet by the bay

This is why you need to protect your WordPress username and password

If you run a Wordpress site, you know that criminals around the world would love to use it to spread malware. Last month, F-Secure Labs spike in "Flash redirectors" that automatically redirect the visitor to a site with the goal of infecting them with malware, in this case the Angler exploit kit. The source was compromised websites -- specifically Wordpress sites. This isn't a new find for the Labs but what is unique is one of the tactics of the attack -- seeking out Wordpress usernames. Why? "After obtaining the username, the only thing that the attacker would need to figure out is the password," Patricia from The Labs explains. "The tool used by the attacker attempted around 1200 passwords before it was able to successfully login." If you happen to have one of those passwords, bam. You site is serving up malware, which is not only harmful to your visitors, it can cost you tons of traffic as Google delists you. Keeping your server and plugins up to date is essential for avoiding most attacks. Beyond that, this attack points to the need to both protect your Wordpress username AND always use a unique, strong password. "Furthermore, in order to defend against this kind of WordPress attack, you should not use a WordPress admin account for publishing anything," Patricia notes. You can also protect your server from enumeration attacks that discover the usernames of your bloggers. To see how to do that, visit our News from the Labs blog. It's pretty amazing what people can figure out about you with just your login and password. But when you're running a website, which can be part or all of your livelihood, the only way to keep from handing criminals the key to your front door is to make sure your password can't be figured out by anyone but you. And turn on two-step authentication if you haven't already. Cheers, Jason

November 26, 2015

POLL – Is it OK for security products to collect data from your device?

We have a dilemma, and maybe you want to help us. I have written a lot about privacy and the trust relationship between users and software vendors. Users must trust the vendor to not misuse data that the software handles, but they have very poor abilities to base that trust on any facts. The vendor’s reputation is usually the most tangible thing available. Vendors can be split into two camps based on their business model. The providers of “free” services, like Facebook and Google, must collect comprehensive data about the users to be able to run targeted marketing. The other camp, where we at F-Secure are, sells products that you pay money for. This camp does not have the need to profile users, so the privacy-threats should be smaller. But is that the whole picture? No, not really. Vendors of paid products do not have the need to profile users for marketing. But there is still a lot of data on customers’ devices that may be relevant. The devices’ technical configuration is of course relevant when prioritizing maintenance. And knowing what features actually are used helps plan future releases. And we in the security field have additional interests. The prevalence of both clean and malicious files is important, as well as patterns related to malicious attacks. Just to name a few things. One of our primary goals is to guard your privacy. But we could on the other hand benefit from data on your device. Or to be precise, you could benefit from letting us use that data as it contributes to better protection overall. So that’s our dilemma. How to utilize this data in a way that won’t put your privacy in jeopardy? And how to maintain trust? How to convince you that data we collect really is used to improve your protection? Our policy for this is outlined here, and the anti-malware product’s data transfer is documented in detail in this document. In short, we only upload data necessary to produce the service, we focus on technical data and won’t take personal data, we use hashing of the data when feasible and we anonymize data so we can’t tell whom it came from. The trend is clearly towards lighter devices that rely more on cloud services. Our answer to that is Security Cloud. It enables devices to off-load tasks to the cloud and benefit from data collected from the whole community. But to keep up with the threats we must develop Security Cloud constantly. And that also means that we will need more info about what happens on your device. That’s why I would like to check what your opinion about data upload is. How do you feel about Security Cloud using data from your device to improve the overall security for all users? Do you trust us when we say that we apply strict rules to the data upload to guard your privacy?   [polldaddy poll=9196371]   Safe surfing, Micke   Image by  

November 24, 2015