City

Is democracy ready for the Internet age?

Lancaster-County-Sample-Ballot-November-6-2012-Page-1IT technology is infiltrating almost every area in our society, but there is one front where the progress is notably slow. Democracy. Why?

We still use representative democracy and elect politicians for several years at a time. This is largely done using pen and paper and the votes are counted manually. Processing the votes seems like a task well suited for computers. And why do we even need to elect representatives when we could vote directly over the net in the big and important questions? Representative democracy was after all invented thousands of years ago when people had to gather physically to hold a meeting. Then it made sense to send someone to represent a group of people, but now we could involve a whole nation directly using the net. So what’s stopping us from doing that?

Let’s first look at IT as an aid in representative democracy. First, voting machines have already been used for a long time in some countries, including the US. But there have been many controversies and elections have even been declared invalid by court (link in Finnish) due to problems in electronic handling of votes.

Handling an election seems like a straightforward IT problem, but it really isn’t. Let’s keep in mind the fundamental requirements for an election: 1. The identity of voters and their right to vote must be verified. 2. It must be ensured that no one votes more than once. 3. It shall not be possible to determine how a person has voted. 4. The integrity of the result must be verifiable. The big problem is that these requirements conflicts with each other. You must know the person who votes but still store the data in a way that makes it possible to verify the result but not identify the voter. This leads to complex designs involving cryptography. It’s no doubt possible to develop systems that fulfill these needs. The hard part is to verify the systems thoroughly enough to make sure they really work.

And here psychology enters the scene. We all know pens and paper well and we have learned to trust the traditional election system. There is a fairly large number of unclear votes in every election and we have accepted that as a fact. But people are a lot more suspicious against computerized systems. Most of us lack the ability to understand how electronic voting works. And the requirements described above causes complexity that makes it hard even for many professionals. Only crypto experts have the true ability to audit it. This makes it hard to build a chain of trust between ordinary people and the voting system.

Is our suspicious attitude justified? Yes and no. We should be suspicious against complex electronic systems and put them through thorough scrutiny before using them in elections. We must demand that their design is open and audited by independent experts. But we are at the same time forgetting the fact that traditional security measures are far from perfect. Written signatures is a very weak method to prove identity and a photo ID is not much better. A nice example is a friend of mine who keeps using an expired ID card just to test the system. The card is his own and he still looks like the picture. The only problem is that the card expired 11 years ago. During these years the card has only been rejected once! It has been used several times when voting in elections. Needless to say, an electronic signature would not pass even once. Despite this, people typically trust written signatures and ID cards a lot more than computerized security measures. The same attitude is visible when discussing electronic voting.

Another real reason to be suspicious against electronic voting is the computers’ ability to process massive amounts of data very quickly. There are always minor errors in the traditional voting systems, but massive manipulation of the result is hard. In a computerized system, on the other hand, even a fairly small glitch may enable someone to make a big impact on the result.

The other side of the coin is the question if we need representative democracy at all anymore. Should we have net polls about the important questions instead? Well, representative democracy has an important benefit, continuity. The same people are given at least some time to achieve results before people can decide if they should continue. But a four to six year term is really too short to change the big things and our politicians tend to focus on smaller and easier issues. Imagine how it would be if the people had a more direct say in decision making? That could lead to an even bigger lack of focus and strategic direction. Probably not a good idea after all.

But representative democracy can be complemented instead of replaced. Crowd sourcing is one area that is taking off. A lot of things can be crowd sourced and legislative proposals is one of them. Many countries already have a Constitution that allows ordinary citizens to prepare proposals and force the parliament to vote on them, if enough people support the proposal. Here in Finland a crowd sourced copyright act proposal made headlines globally when it recently passed the 50 000 supporter threshold (1,2 % of the voting population). This is an excellent example of how modern Internet-based schemes can complement the representative democracy. Finland’s current copyright legislation is almost 10 years old and is heavily influenced by entertainment industry lobbyists. It was written during a time when most ordinary people had no clue about copyright issues, and the politicians knew even less. For example, most ordinary people probably thinks that downloading a song illegally from the net is less severe than selling a truckload of false CDs. Our current copyright law disagrees.

Issues like this can easily become a politically hot potato that no one want to touch. Here the crowd sourced initiatives comes in really handy. Other examples of popular initiatives in Finland are a demand for equal rights for same-sex couples and making a minority language optional in the schools. Even Edward Snowden has inspired a proposal: It should be possible to apply for political asylum remotely, without visiting the target country. Another issue is however that these initiatives need to pass the parliament to become laws. The representative democracy will still get the final word. Even popular crowd sourced initiatives may be dismissed, but they are still not in vain. Every method to bring in more feedback to the decision makers during their term in office is good and helps mitigate the problems with indirect democracy.

So what will our democracy look like in ten or twenty years? Here’s my guess. We still have representative democracy. Electronic voting machines takes care of most of the load, but we may still have traditional voting on paper available as an alternative. Well, some countries rely heavily on voting machines already today. The electronic machines are accepted as the norm even if some failures do occur. Voting over Internet will certainly be available in many countries, and is actually already in use in Estonia. Direct ways to affect the political system, like legislative proposals, will be developed and play a more important role. And last but not least. Internet has already become a very powerful tool for improving the transparency of our legislative institutions and to provide feedback from voters. This trend will continue and actually make the representative democracy blend into some kind of hybrid democracy. The representatives do in theory have carte blance to rule, but they also need to constantly mind their public reputation. This means that you get some extra power to affect the legislative institutions if you participate in the monitoring and express your opinion constantly, rather than just cast a vote every 4th year.

Safe surfing,
Micke

More posts from this topic

Freedome

#AskFreedomeVPN: Why pay for a VPN when you can use a free one?

We recently invited  our active Twitter community to ask us anything that came into their minds about privacy, VPNs and all manner of related topics. The Twittersphere didn’t pull any punches, and among the great questions was one asking us to make our case for own existence: What are the reasons to pay for Freedome and not use some free privacy solution? Well, here’s a few we think you'll be interested in. 1. Connection speed / bandwidth Everyone wants security and privacy, but NOBODY wants it at the expense of a sluggish connection. Running a VPN takes a surprising amount of servers and bandwidth, and these resources have to come from somewhere. So if you don’t want your internet connection bottlenecked by a VPN server coughing out modem-speed traffic like an asthmatic robot, you might want to consider a paid option. Next to connection speed, bandwidth size is the biggest prequisite people tend to have. Maybe it's the fact that we're based in Finland where the concept of data caps is very uncommon, but putting any sort of bandwidth limit even into the free trial version of Freedome was never truly considered. Unlimited bandwidth for all! 2. Our business model is giving you privacy, not taking it away When any online service claims to be free to its users, there is often a catch. There are exceptions (like Troy Hunt’s awesome Haveibeenpwned to see if your passwords have leaked), but most will ultimately take payment…. in one form or another. This can come in the form of tracking you for advertising purposes, or even selling your bandwidth to hackers.  Be careful of free services and make sure you understand what you're giving in return. For instance, our iOS developers created the free F-Secure AdBlocker, and we were quite open about the fact that we were using the app to raise awareness of Freedome. Sometimes the trade-off is worth it for the customer, sometimes it is not. 3. Publicly listed company One of the threats facing consumers looking for a VPN are shady companies that operate in the privacy market. Freedome was conceived by a startup team within F-Secure, a company with a 25+ year spotless reputation among consumers. Without even considering ethical implications, making sure we keep the trust of our stakeholders is vital to our continued existence as a company. When you use a service to encrypt your traffic and handle your data, there is no choice but to place trust in that service. We try to be as open about our ways of operating as possible, but ultimately, the choice of where you place your trust is yours and yours alone. 4. Based in a country where the law is on privacy’s side If suspect business practices present one threat to consumers looking for privacy, so do the over intrusive governments in countries where VPN providers are based in. The U.K is working on the Investigatory Powers Bill (more often referred to as the "Snoopers Charter"), the U.S has an extremely spotty history in keeping their hands off people's Internet traffic, and Russia is increasingly tightening their control over what people say online.  Thankfully, Finland is considered a pioneer when it comes to consumer-friendly online privacy laws. It is a great benefit both for us as a company and our customers that we have the law on our side when it comes to putting digital rights of consumers first. 5. It's just a better and prettier app Being part of an established online security company like F-Secure gives us access to a lot of resources. When you pool this together with the startup mentality of the Freedome team, you get a new kind of security app that packs features unavailable in other similar products. Freedome uses F-Secure's own security cloud to access a constantly updated list of online tracking servers and malicious sites to block them from your protection. And finally, what Anni already touched upon in her video answer: It's light, intuitive and very easy on the eyes. Words like "VPN" and "encryption" might bring into mind a clunky & unfriendly interface, but we wanted to challenge that. Everything from setup to turning it on is done with a single button. [youtube https://www.youtube.com/watch?v=rX3FFNAl4hI?list=PLkMjG1Mo4pKL0JFjRTd4vCvK4An5QTp5D]

September 30, 2016
BY 
erka iAmA

Ask Erka Koivunen anything for #CyberSecMonth

European Cyber Security Month (or National Cyber Security Awareness Month as it’s known in the US) is just around the corner. And considering the recent disclosure of Yahoo’s massive data breach, it seems like a good time for companies to give some consideration to their cyber security policies. One person glad to see it arrive is F-Secure Cyber Security Advisor Erka Koivunen. Erka, who’s advised people, companies, and even governments on how to protect themselves from online threats for years, wants to let people know that security is more than relying on the latest technologies or devices for protection. It’s just as much about processes and practices as it is about technology. That’s why Erka is participating in an “Ask me Anything” session on Reddit called “How to Create a Culture of Security.” Erka will answer your questions about what you, your colleagues, and your boss need to know about being hacked. Plus, Erka will be joined by Cosmin Ciobanu from the European Union Agency for Network and Information Security (better known as ENISA, the organized of European Cyber Security Month) to provide some additional insights on how to improve security in workplaces around Europe. This will be Erka’s second AMA, having previously fielded a range of questions about online privacy in an AMA conducted last Data Privacy Day. The AMA session will kick-off at 8 AM EST/3 PM EET on October 4th. We’ll update this blog post with the link as soon as it’s available, so check back here so you don’t miss out.

September 30, 2016
BY 
Connected

Wherever You’re Connected, You Should Be Protected

Protecting yourself on the internet used to be a lot simpler -- mostly because you weren't always on the internet. Now we can be online from when we wake up until when we go to sleep. We seamlessly shift from chatting to shopping to banking -- rarely sticking to one device or platform for too long. Most of us aren't just a Mac or PC or an Android anymore -- we're all of the above. “I, and I think most people, have a cross-platform household – I use several different devices with different operating systems on a daily basis," F-Secure security advisor Sean Sullivan explains. The old paradigm of just protecting your PC or your phone can leave your devices exposed to threats. And even the best security software in the world won't protect your public Wi-Fi connection from being snooped on, possibly exposing your most private details, including passwords. That's why we've launched F-Secure total security and privacy, which combines F-Secure SAFE and F-Secure Freedome. F-Secure SAFE is a multi-device internet security suite that protects all your devices. Freedome is a VPN offers a simple way to encrypt your communications over public Wi-Fi and change your virtual location to access geo-blocked sites and services while blocking malicious websites and online tracking. You can still purchase F-Secure SAFE and Freedome separately. And there have been recent improvements to both, including: Silent upgrades that ensure SAFE is automatically updated Parental controls now available on all supported SAFE platforms Ability to create Freedome Wi-Fi hotspots with Android devices while VPN is turned on "Buying separate products to protect iOS, Windows, Macs and whatever else isn’t just expensive, but it means you have to get used to different pieces of software designed to do the same thing," Sean explains. F-Secure total security and privacy is now available for a free trial here. If you're a current SAFE customer, you can't upgrade to total security and privacy but you should receive a discount offer for Freedome. "Bundling protective measures into packages to run on different devices is more economical and more user friendly, both of which are good for security.” Cheers, Sandra [Image by Hans Kylberg | Flickr]  

September 27, 2016