Site Meter

Category: Architecture

1

When Joining Forces Spells Trouble: Proposed Merger of E-Voting Companies

450px-Issy_IVotronic_img_3426Last month, Diebold announced that ES&S would purchase its e-voting business for $5 million plus some outstanding revenue.  Diebold’s shareholders no doubt rejoiced: while the company’s ATM machines have a strong reputation, its e-voting machines brought the company only grief.  Diebold even changed its e-voting unit’s name to Premier to protect the company’s otherwise strong brand name.

This merger, however, is bad news for voters.  It would entrust 3/4s of e-voting machines into the hands of a company whose machines rival Diebold’s for inaccuracy and insecurity.  Consider this recent example.  In 2008, ES&S machines allocated votes cast in one race to a different race that was not even on the ballot.  As a result, the wrong candidate won a state House nomination race.  Given the consolidation of the e-voting market, we can have little hope that future machines will be more secure.  Ed Felten explains that  “[t]he odds of one major e-voting company breaking from the pack and embracing up-to-date security engineering are now even slimmer than before.”  Because breaking into the e-voting business is expensive due to high accreditation costs, ES&S may face limp competition in bids for upcoming contracts.  Voting administrators thus may be unable to obtain important terms crucial to transparency and accountability, such as the placement of source code in escrow.

Although voters should lament this development, all isn’t lost.  As Joe Hall notes,  California Secretary of State Debra Bowen has provided wise advice to the Election Assistance Commission with regard to the integrity of e-voting systems.  Bowen urges that the EAC require greater disclosure of vulnerabilities, the adoption of procedures that jurisdictions can follow to collect and report data about incidents they experience with their voting systems, and the systematic collection of data from election officials about how voting systems perform during general elections.  This recalls the important work of Heather Gerken in her book The Democracy Index: Why Our Election System is Failing and How to Fix It.  The EAC would be wise to adopt these proposals, especially in light of the upcoming merger.

4

Fire — Good or Bad?

Today is the 175th anniversary of the Great Fire of 1834, which destroyed most of the British Parliament buildings. A vivid audio description, by the Parliament’s current Clerk of the Records, can be found here

The hazardous state of the Parliament buildings, which were made of plaster-covered timber, was noted in the eighteenth century.  In 1789, a report signed by fourteen architechts complained of the danger of great damage in case of fire.  But few precautions were taken.

In October, 1834, the Clerk of the Works had to dispose of two cartloads of wooden “tally sticks” — remnants of an obsolete accounting system used by the Exchequer, a government finance department.  On October 16, 1834, the Clerk had a couple of workmen burn the tally sticks in furnaces that were part of the heating system of the House of Lords.  About 4 pm that afternoon, the deputy Housekeeper, Mrs. Wright, was conducting some visitors through the  Lords chamber, and the visitors noticed that the floor was hot and had smoke seeping through it so thickly that they couldn’t see their hands in front of them.  But she did nothing. 

By 6 pm, the House of Lords was on fire.  Through the night, the fire spread to the House of Commons chamber, the Commons Library, and other Parliament buildings.  Heroic firefighting action by fireman, soldiers, and private citizens saved Westminster Hall.

Obviously the fire was a terrible, devastating event.  But it did have consequences that some might regard as beneficial.  Even as the fire occurred, Augustus Charles Pugin, an architecht, rejoiced that later additions to the Parliament buildings, which he regarded as ruining the original medieval structure,  were finally gone.

And there is something else too.  I became familiar with the 1834 fire when researching my forthcoming article, Law and Longitude.  The article is a legal analysis of the controversy occasioned by the Longitude Act of 1714, which established a public prize for the discovery of a method of finding longitude at sea.  (If you’ve read Dava Sobel’s delightful book, Longitude, you know all about it.)

Much of the controversy concerned the proper interpretation of the Longitude Act, and, in accordance with modern interpretive practices, I wanted to research the Act’s legislative history.  But I couldn’t!  The history was destroyed in the fire, except for such small portions as were preserved in the official Journals of the House of Commons.

Today there is, of course, a lively controversy about the use of legislative history in statutory interpretation.  But one thing is certain:  courts couldn’t use legislative history if the history were destroyed.  Then we would be compelled to live in the textualists’ ideal world, in which we could only look at the text of the statute and try to determine what it means.

If you had the choice, would you put all legislative history to the fire?

2

Making the Internet Safer, the NSA Way

113px-NSA_Great_Seal_bugSecuring our networked environment is both crucial and difficult.  Six months ago, President Obama declared his Administration’s commitment to protect cyberspace from sabotage of all stripes.  For the President, the rise of online theft, electronic espionage, and military-related cyber assaults necessitated the appointment of a cyber czar to protect our cyber “national assets.”  The President has tried to fill that spot: Shane Harris of National Journal explains that “more candidates had declined the job than were still in the running for it.”  And despite our failed efforts at CoOp to recruit Orin Kerr for the job, the cyber czar position remains empty.

This state of affairs may be due to the difficult nature of the task at hand.  Former NSA head General Michael Hayden recently said: “There is no regime for us to work within to respond to cyberattack.  We are in a place where technology has long outstripped policy–let alone law–in term of what’s available.  We are going to have to rely on heroism instead of a plan.”  If Hayden has it right, it is no wonder that no one wants the job.

Nonetheless, the Administration may have already charted its path, one that entrusts the National Security Agency with protecting cyberspace.  According to the National Journal, Lt. General Keith B. Alexander, the NSA’s director, has been “setting up the central nervous system in the government’s campaign to defend cyberspace.”  The NSA will now, unlike the past, help oversee the networks of civilian government and privately-owned, criticial infrastructure (dams, railroads, hospitals, banks, food industry, hotels, telecommunications, postal, shipping, retail, transportation, and well everything else).  This is true even though DHS is charged with defending civilian networks and coordinating private sector protection.  Homeland Security Security Secretary Janet Napolitano said that NSA will provide DHS “technical assistance” on this issue.  In short, DHS will rely on the NSA for the tools, expertise, and resources to protect cyberspace.

So the NSA apparently will be overseeing and securing private networks, the same NSA that engaged in wholesale warrantless surveillance of Americans after 9/11 (and the agency that monitored telegrams coming in and out of the United States to detect individuals with communist ties in the 1950s and 1960s)?  Congress has, of course, limited the NSA’s warrantless wiretapping and the President has promised us greater transparency in government decision-making.  Nonetheless, NSA’s oversight over privately-owned systems and wholesale access to their contents raises serious concerns.  And because the NSA will direct these efforts in the name of national security and intelligence, little transparency will be forthcoming.  On another note, the question remains whether it was agency turf-war antics that led to Melissa Hathaway’s decision to leave government–she was the DHS official and most senior cyber expert in the White House who had been a leading candidate for the cyber czar post.  At the time of her resignation, Hathaway told the Washington Post that she “wasn’t willing to continue to wait any longer,” and she wasn’t “empowered” to make any changes.

0

Laughter and Forgetting, Misery and Memory?

1154980_old_photoA recurrent theme in Dan Solove’s  important work is the privacy risks attendant to the ever-faster and powerful ability to collect, use and distribute information about us.  Digital dossiers trace and analyze our every move; millions of digital bits help tailor online and offline advertisements, educate employers and insurance companies, and otherwise impact countless decisions about us everyday.  

At the same time, we erect our own digital dossiers about ourselves.  Our iPods teem with favorite songs; hard drives (and handy flash drives) store pictures and videos of loved ones.   This prompts a question about our ability to move past painful episodes, both socially and legally.  Mixed-tapes, love letters, and photos once got lost in the shuffle: tapes melted in glove compartments, letters got tossed in various moves, and photos were torn up.  Yet today digital natives may be more likely to collect, keep, and ruminate over stored music, emails, videos, and photos than past generations.  And even if the young delete those reminders, online sellers and advertisers have long memories–their data-mining programs remember your former (and now painful) love of Led Zeppelin, Chaplin movies, and other shared (and now discarded) passions.  

Will this generation and their successors have a more difficult time moving on from difficult experiences?  Will they remain anchored, and held back, by them?  Aside from the psychological effect of sticky digital memories, will the inability to forget impact law?  Will persistent reminders of painful episodes make us more likely to seek legal action where we otherwise might have moved on?  Or will rapidly-changing technologies render software obsolete, thus having the same effect as the heat in one’s car or a move ensured the discarding of once treasured items?

Stock Xchange Image

2

Surveillance Facebook-Style: It’s Your Party and You Can Cry If You Want To

668925_birthday_cakeThe U.K.’s Register reports that British police stormed a man’s birthday barbeque party because his invite to 15 Facebook friends advertised an “all night party.”  Before the party could really begin, police showed up in four cars, a riot van, and a helicopter, ordering the birthday boy to shut the party down or face arrest.  With an appropriate amount of humor, Andrew Poole, the birthday trouble-maker, explained: “What the police did was come in and stop 15 people eating hamburgers.”  What would possess the Facebook Precinct to bother here?  Section 63 of the Criminal Justice and Public Order Act 1994 grants police powers to remove individuals attending or preparing for a “rave,” defined as playing amplified music “wholly or predominantly characterised by the emission of a succession of repetitive beats.”

This incident demonstrates the perils of a society that monitors and mines Facebook communications.  The costs to liberty include blows to free expression and association.  Brits will surely think twice about wall messages and “what I am doing now” missives that include talk of parties and other activities subject to misinterpretation.  The costs to society: the misdirection of police from real threats to society and wasted resources spent breaking up a birthday bash (the helicopter time apparently cost 200 pounds and tack on the police efforts, including any investigation they conducted and time at the party, and gas for the four cars and van).  So with Facebook surveillance the British may get less liberty and less security.

Commentators on the Register story noted their relief at living in the United States.  They suggested that law enforcement and security officials would never be so foolish as to monitor Facebook traffic.  Think again.  The NSA’s Advanced Research Development Activity (ARDA) has funded research on the “Semantic Analytics on Social Networks: Experiences in Addressing the Problem of Conflict of Interest Detection,” which discusses how  intelligence about people can be extracted from social networks.  ARDA’s role is to spend NSA money on research that can “solve some of the most critical problems facing the U.S. intelligence community.”  ARDA’s function is to make sense of the massive amount of data that the NSA collects.

Should Americans be worried about intelligence profiling a la Facebook?  Many might think that the use of privacy settings on social networking sites would obviate the problem.  First, studies suggest that most social networking site users use the default privacy settings, which are often the least privacy protecting and may reveal much of a user’s musings.  Second, this assumption presumes that third party sites will not turn over social networking data, which they own, to the government, either for a pretty price or in the face of a subpoena or warrant.  This assumption may be faulty.  So what is all of the fuss?  Automated intelligence profiling has obvious costs, such as the ones posed by the birthday party bust.  It also has less apparent ones, such as mining misleading social networking data with other not-so reliable private and public database date and, poof, people end up on government watchlists.

Stock Xchange Photo

1

Zuckerberg’s Law on Data Sharing, Not Puffery

As I noted in a blog post late last year, Mark Zuckerberg, chief executive of Facebook, has predicted that “next year, people will share twice as much information as they share this year, and that next year, they will be sharing twice as much as they did the year before.”  He explained that “people are ever more willing to tell others what they are doing, who their friends are and even what they look like as they crawl home from a college party.  Recent statistics support his optimism (and then some).  Yesterday, Zuckerberg announced that his social networking site now has 250 million active users, up from 200 million users just three months ago and 150 million in January.

This development has much significance.  It tells us that social networking is no passing fad — it is deeply embedded in our daily lives and will likely remain so despite many parents’ dismay.  It suggests that we are more connected personally (and perhaps more distracted professionally).  And it 120px-facebook_svgmeans that we entrust Facebook with an exponentially increasing amount of data.  Facebook’s information security practices and privacy policies are thus worth watching carefully.  No doubt, this development will have other far-reaching impacts so your comments are most welcome.

Wikimedia Commons Image

17

E-Health: Ushering Doctors Into the Twenty-First Century

161091_the_files_parted.jpgThe stimulus package will devote $20 billion to build the infrastructure of an e-health system, replacing paper records with digital ones that could be cheaply and easily stored and shared. As the New York Times aptly noted on Sunday, protecting the privacy of e-health records is both pressing and daunting. Although upcoming posts will tackle the privacy issue, a threshold discussion concerns the extent to which this proposal will change current practices and health care professionals’ readiness to digitize their work. Health care providers, on the main, are firmly rooted in twentieth-century practices. A recent New England Journal of Medicine survey of 2,700 U.S. doctors revealed that only 4% used “fully functional” e-health records systems and the remaining 96% stored their patient information in paper files. CNN Monday.com reports that only 8% of the nation’s 5,000 hospitals and 17% of its 800,000 physicians use the kind of computerized record-keeping systems that President Obama envisions for the nation. Computerworld offers more optimistic numbers, suggesting that 25% to 35% of the nation’s hospitals use, or are in the process of implementing, computerized order entry and medical record systems capable of sharing patient data among hospitals, doctors, insurance companies, and pharmacies.

Of course, getting doctors computers for their desks won’t do the job. Systems must facilitate safe information sharing. For instance, physicians and hospitals require record-keeping technology and point-of-service technologies, such as notebook tablets for data entry into e-health record systems. Thirty states have made some strides in this direction, introducing or passing legislation that calls for statewide adoption of standardized health IT systems. Massachusetts wants 14,000 private physicians’ offices to adopt e-health records systems by 2012 and its 63 hospitals by 2014. According to the Vice Chairperson of the Massachusetts e-Health Collaborative, the plan will take two to three years and cost $100,000 per physician. Private hospitals have been innovating as well: Duke has created an online medical record site accessible by patients who can share the data with whomever they chose. The CIO for Duke University Health System explains that its portal is akin to “online banking or Expedia account, which pulls information from various sources and displays it to you. You can pay your bills online, schedule appointments online.” Duke uses Google Health and Microsoft Healthvault to permit information sharing beyond its campus.

All of this suggests that health care providers have much work to do, and much money to spend, in transitioning into the e-Health Information Age. Although strong evidence suggests that the downpayment on a digitized health records system is worthwhile, potentially saving the health industry $200 billion to $300 billion a year, we need to spend the money wisely. It would be shameful if we rushed into the project, in much the same way that states acted too quickly to spend the Help America Vote Act funds and ended up buying inaccurate and unsafe electronic voting machines. Let’s be sure not to do the same here.

2

The Clear and Present Danger of Cyber Warfare

Malicious hacking and denial of service attacks are potent weapons of twenty-first century warfare. Recently, Russian and Georgian hackers attacked vital websites in each other’s countries as troops fought on the ground. They shut down government portals. Hackers defaced government websites (e.g., routing visitors to the Georgian President’s website to a site that portrayed him as a modern-day Hitler). Although cyber attackers have not yet significantly disrupted or destroyed government systems in the United States, they have stolen sensitive information about weapon systems from the U.S. government and its defense contractors. Cyber attackers invaded the State Department’s highly sensitive Bureau of Intelligence and Research, posing a risk to CIA operatives in embassies around the world. Online espionage is a serious problem—attacks on military networks were up 55% last year. U.S. officials reportedly believe the attacks come from the Chinese government.

The United States seems to appreciate the dangers of cyber warfare. According to Business Week, the U.S. is engaged in a classified operation to detect, track, and disarm intrusions on the government’s most critical networks. President Bush signed an order known as the Cyber Initiative to overhaul the government’s cyber defenses at a cost in the tens of billions. However, in testimony before the Senate Armed Services Committee, National Intelligence Director McConnell asserted that the “federal government is not well protected.” He warned that attackers can enter information systems and destroy data and systems related to the “money supply, electric-power distribution, and transportation sequencing.”

Despite attention to the matter in the U.S., the better part of the world does not take cyber warfare seriously, leaving their networks increasingly vulnerable to attack. This is not unusual—few appreciated the importance and potency of propaganda campaigns at the beginning of World War II until the power of such propaganda became readily apparent and deeply rooted. Broad attention should be paid to cyber attacks. Online sabotage compounds the dangers inherent in national conflicts. Nations may be unable to decelerate tensions through online communications. Cyber attacks convey inaccurate information that can inflame public option, limiting leaders’ political room to defuse tensions. The dangers of cyber warfare thus should not under-estimated.

0

Controversy at MLK Memorial

The process of building a new memorial in Washington, DC always creates controversy. The forthcoming Martin Luther King Jr., National Memorial is no exception. The U.S. Commission of Fine Arts, which has veto power over the design, recently announced its objections to a model of the mammoth statue planned as a centerpiece of the site. The statue, at 28 feet intended to be significantly taller than Lincoln’s at his memorial, depicts Dr. King standing with his arms folded and a very serious expression on his face (see the model here). In a breathtakingly terrible choice of words, the Commission worried that the statute so envisioned is too “confrontational in character.”

This objection comes on top of earlier protests at the choice of a Chinese sculptor, Lei Yixin — some saying that a black person or at least an American should design the statue; others criticizing the use of Chinese granite instead of the good ol’ American kind, and others objecting that some of Lei’s earlier work celebrates Mao Zedong.

The new criticism claims to be aesthetic rather than political, but the two are so fundamentally intertwined in this setting that art cannot distinguish itself from politics. Take, for instance, the following from a Washington Post blogger:

Read More