October 2006

Where Do They Find These People?

by Tim Lee on October 25, 2006 · 0 comments

It seems that the United States isn’t the only country having problems with e-voting. They’re having problems up in Canada too. Mike at Techdirt is on the case:

Following a report by Quebec’s electoral chief that runs through all of the problems Quebec had with e-voting machines last year, the government has extended an injunction against e-voting machines that had been put in place after the problems in the election became clear. The elections official admits that there’s no way to tell if last year’s election results were accurate or fair–but that there’s nothing that can be done now. Some opposition politicians, however, are thinking of trying to force the election to be wiped out and held again, claiming that the results clearly were incorrect. To make it even more fun, the firm that supplied the e-voting machines, PG Elections, is apparently upset that Quebec hasn’t paid their bill in full for the machines that didn’t work properly. Even worse, they seem to shrug off the problems: “We have to admit that we did have a few problems,” but he then suggests you have to give them some leeway because “It was the first time all Quebec municipal elections were held on the same day and that so many used electronic voting.” I’m sorry, but if the one thing your machines are supposed to do is handle the election and count people’s votes, it really needs to do that–and trying to brush it aside because it was the first time so many of your machines were being used isn’t just a bad excuse, it’s a reason no one should use your machines again.

Damn straight. I mean, seriously, when’s the last time you heard Ford say “Yeah, our cars tend to break a lot. But give us a break! We’ve never produced this many cars in a single year before.” Vendors need to demonstrate their products are secure before they’re used in real elections.

0 comments

Show, Don’t Tell

by Tim Lee on October 25, 2006 · 32 comments

A coalition including the Consumer Electronics Association, Public Knowledge, and EFF have launched a digital freedom campaign. These are good groups and I’m always happy to see them highlighting an important set of issues, but frankly, if I weren’t already well versed on this controversy, I think I’d find their website a little bit confusing.

The campaign talks about innovators, artists, and consumers all having their freedom threatened. And it’s true: all of them can be harmed by aggressive expansions of copyright law. But the only concrete example the digital freedom campaign mentions is recording satellite broadcasts. As important as that issue is, that’s not likely to spark a nationwide backlash.

Oh, now that I’ve looked at the home page again, I see that clicking on the people causes them to tell their story. That’s pretty cool. They ought to make it more obvious that you’re supposed to click on the people, as it took me a good 10 minutes to figure that out, and most people visiting the site aren’t going to spend 10 minutes poking around.

Anyway, my point is that advocates for digital freedom (myself definitely included) need to do a better job of getting down to specifics in a way that’s accessible to ordinary people. I think EFF’s endangered gizmos and DRM guide sites are good examples. When you tell people that Hollywood almost got the VCR outlawed, that immediately gets peoples’ attention. There are now thousands of consumers who’ve discovered that their “plays for sure” music doesn’t play on their iPods. If we can tie those controversies back to the current debates over the PERFORM Act, the broadcast flag, the Boucher bill, etc, we can help voters clearly understand what’s at stake and why they should care.

But without those ties to specific examples, all the rhetoric about freedom and consumer rights in the world won’t get peoples’ attention. Voters have heard all the freedom rhetoric before, and it’s usually hogwash. I thought the middle guy–the aspiring filmmaker with the tape over his mouth–did a good job of offering a specific example of what’s at stake. But the other two, and most of the copy on the rest of the website, is just too vague to get anybody other than me fired up.

32 comments

Does Online Vigilantism Make Sense?

by Jim Harper on October 25, 2006

Clyde Wayne Crews of the Competitive Enterprise Institute has a new piece out on cybersecurity, online vigilantism, and white hat hacking. It explores the many avenues for countering bad actors in the online environment, and draws a line between reaching out to aggress against them and using deception and guile to confound and frustrate them.

The piece is apparently motivated by the the “Peer-to-Peer Piracy Prevention Act,” introduced a couple of years ago, which would have given the music industry immunity from liability for accessing peer-to-peer networks and attempting to prevent trade in their copyrighted material. Crews says “the industry is bound to try again.” His conclusion: “Explicit liability protection for particular classes of white hat hacking is ill advised. . . . A green light for hacking can work against broader cybersecurity and intellectual property goals, and there are alternatives.”

Freedom of Speech

by Tim Lee on October 24, 2006

I’ve re-enabled comments. Thanks for your patience.

Should Government Identity Documents Use RFID?

by Jim Harper on October 24, 2006

Interesting question – and perhaps simpler than many people think.

Back in June, the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee (on which I serve) published a draft report on the use of RFID for human tracking. The report poured cold water on using RFID in government-mandated identity cards and documents. This met with some consternation among the DHS bureaus that plan to use RFID this way, and among the businesses eager to sell the technology to the government.

Despite diligent work to put the report in final form, the Committee took a pass on it at its most recent meeting in September – nominally because new members of the Committee had not had time to consider it. The Committee is expected to finish this work and finalize the report in December.

But skeptics of the report continue to come out of the woodwork. Most recently, the Center for Democracy and Technology wrote a letter to the Privacy Committee encouraging more study of the issue, implicitly discouraging the Committee from finding against RFID-embedded government documents. CDT invited “a deeper factual inquiry and analysis [that] would foster more thoughtful and constructive public dialog.”

If the correct answer is “no” do you have to say “yes” to be constructive? RFID offers no anti-forgery or anti-tampering benefit over other digital technologies that can be used in identification cards – indeed it has greater security weaknesses than alternatives. And RFID has only negligible benefits in terms of speed and convenience because it does not assist with the comparison between the identifiers on a card and the bearer of the card. This is what takes up all the time in the process of identifying someone. (If that’s too much jargon, you need to read my book Identity Crisis: How Identification is Overused and Misunderstood.)

I shared my impression of CDT’s comments in an e-mail back to Jim Dempsey. Jim and CDT do valuable work, but I think they are late to this discussion and are unwittingly undermining the Privacy Committee’s work to protect Americans’ privacy and civil liberties. My missive helps illustrate the thinking and the urgency of this problem, so after the jump, the contents of that e-mail:

Continue reading →

Economist on Libertarians

by Solveig Singleton on October 24, 2006 · 4 comments

The Economist recently had an article about the Cato study “The Libertarian Vote.”

In a new study from the Cato Institute, a libertarian think-tank, David Boaz and David Kirby argue that libertarians form perhaps the largest block of swing voters. Counting them is hard, since few Americans are familiar with the term “libertarian”. Mr Boaz and Mr Kirby count those who agree that “government is trying to do too many things that should be left to individuals and businesses”, that government, rather than promoting traditional values, “should not favour any particular set of values”, and that “the federal government has too much power”. Using data from Gallup polls, they found that, in 2005, 13% of the voting-age population shared all three views, up from 9% in 2002.

And a book review of Steve Slivinski’s book on the demise of fiscal conservatism…

4 comments

Kulash on DRM

by Tim Lee on October 24, 2006 · 12 comments

I’m embarrassed to admit I didn’t see this New York Times op-ed until today. It’s written by Damian Kulash, the lead singer of OK Go, one of my favorite bands. And it’s on one of my pet topics:

The truth is that the more a record gets listened to, the more successful it is. This is not our megalomania, it’s Marketing 101: The more times a song gets played, the more of a chance it has to catch the ear of someone new. It doesn’t do us much good if people buy our records and promptly shelve them. We need people to fall in love with our songs and listen to them over and over. A record that you can’t transfer to your iPod is a record that you’re less likely to listen to, less likely to get obsessed with and less likely to tell your friends about.

Luckily my band’s recently released album, “Oh No,” escaped copy control, but only narrowly. When our album came out, our label’s parent company, EMI, was testing protective software and thought that we were a good candidate for it. Record executives reasoned that, because we appeal to college students who have the high-bandwidth connections necessary for accessing peer-to-peer networks, we’re the kind of band that gets traded instead of bought.

That may be true, but we are also the sort of band that hasn’t yet gotten the full attention of MTV and major commercial radio stations, so those college students are our only window onto the world. They are our best chance for success, and we desperately need them to be listening to us, talking about us, coming to our shows and, yes, trading us.

To be clear, I certainly don’t encourage people to pirate our music. I have poured my life into my band and, after two major-label records, our accountants can tell you that we’re not real rock stars yet. But before a million people can buy our record, a million people have to hear our music and like it enough to go looking for it. That won’t happen without lots of people playing us for their friends, which in turn won’t happen without a fair amount of file sharing.

As it happened, for a variety of reasons, our label didn’t put copy-protection software on our album. What a shame, though, that so many bands aren’t as fortunate.

Don’t listen to me. Listen to the up-and-coming rock star.

12 comments

The Entrepreneurial Imperative Should be a Categorical U.S. Policy Imperative

by Braden Cox on October 24, 2006 · 2 comments

The U.S. has the reputation of being entrepreneurial relative to other countries. The AEI event I attended yesterday was a book forum for Carl Schramm’s new book, “The Entrepreneurial Imperative.” The event focused on why entrepreneurs are important (they spur innovation) and how Washington policy helps and hurts entrepreneurial activity (despite our country’s relative success).

U.S. bankruptcy law is a reflection of our culture that accepts failure. In other countries, if you start a company and it goes under, you are a failure. In the U.S., however, entrepreneurs go on to start another business, and if that fails, then another one. The process is a learning–not losing–experience.

Yet other laws often have unintended deleterious effects on entrepreneurial activity. Schramm mentioned that the market for medical devices is dominated entirely by large companies because of the over-application of product liability laws. He also mentioned tax rules that prevent acquiring companies from fully writing off the R&D expenses of the acquired firm, which reduces the ability of large firms to incorporate small firm innovation and hurts small firms with an exit strategy of based on monetizing their hard work and selling the company.

International trade policies affect innovation. Schramm said that U.S. policy based on protecting dying, inconsequential industries like steel, sugar and textiles hurt our negotiations when trying to prevent piracy and protect our growing intellectual property industries. IP is the future (if not the present) yet our protection of older industries hurts our leverage when advocating free trade and IP protection.

According to Schramm, of the Fortune 100 companies that existed in 1980, only 25 rank among the 100 today. This, he said, is due to the dynamism of the marketplace–thanks mostly to the direct and indirect influence of entrepreneurs.

Indeed, the entrepreneurial imperative should be a categorical imperative for U.S. policy.

2 comments

Brave New Ballot

by Tim Lee on October 24, 2006 · 2 comments

I’ve finished reading Brave New Ballot, Avi Rubin‘s new book on the hazards of e-voting. Brave New Ballot is something of an oddity; it’s virtually a tech policy tell-all. It provides a personal, in-depth look at his crusade against paperless, unverifyable voting from July 2003, when he and his grad students started work on their famous report detailing the flaws in Diebold’s source code, to November 2004, the first presidential election since the widespread adoption of e-voting. We get to meet his allies in the e-voting fight, his opponents in the computer security community and among state officials, and a variety of other figures who shaped the e-voting debate during 2003 and 2004.

The most depressing thing I learned from the book is that Diebold’s response to the Felten paper was part of a pattern. When Rubin described security vulnerabilities in their products, Diebold could have taken the opportunity deployed smoke and mirrors to discredit the study, just as they did with Felten’s study last month.

Even more disturbing was that many state election officials, especially those in Georgia and Maryland, reacted the same way. They could easily have taken the paper’s criticisms back to Diebold and demanded immediate actions to address the flaws Rubin identified. Instead, at least as Rubin tells it, they were some of Rubin’s most dogged critics.

Rubin’s book is delightfully readable. I read it cover to cover over the weekend. It’s structured as a personal narrative, but Rubin does a good job of weaving in the technical and theoretical arguments against paperless voting along the way.

In addition to being a good introduction to the e-voting issue, I think it’s also worthwhile reading for aspiring geek activists in general: Rubin describes himself as relatively apolitical prior to his involvement in the e-voting issue, and he offers some insights on striking a balance between being an activist and being an independent, objective expert. He discusses the mini-scandal that erupted when it was revealed that he was on the advisory board of one of Diebold’s “competitors.” Rubin says (and I believe him) that the connection was tangential and the company wasn’t really a Diebold competitor. But that didn’t stop his critics from bringing the issue up any time they needed a convenient way to discredit him.

All in all, it’s well worth the read. I encourage you to grab a copy.

2 comments

Ch-ch-ch-changes (for Software Patents)

by Tim Lee on October 23, 2006

James Bessen writes to point out next month’s conference in Boston titled “Software Patents: A Time for Change?” It looks like a great program with a lot of interesting speakers, including co-blogger Solveig Singleton. If you’re in the Boston area or otherwise interested in software patents, you should sign up. If I had more vacation days and money I’d go in a heartbeat.

← Previous Entries

Next Entries →