Inevitable, Unethical, Technological Incompetence By Our Governments

Hey, what could go wrong?

Hey, what could go wrong?

The legal profession is in the midst of an ethics crisis not of its own making. New technologies, including social media, have created opportunities for vastly improved legal services, to such an extent that the American Bar Association has decreed that an ethical, competent lawyer, must use them. It has also made it clear that using them carelessly to the detriment of clients is unethical as well. It all sounds reasonable, except for this: few lawyers are equipped by education, training or nature to be adept at technology. Worse, technology is now changing so fast that few lawyers can keep up with it.

Thus they make mistakes. Costly mistakes, disastrous mistakes, stupid mistakes, and there is no learning curve, because by the time lawyers understand and master a new technology, it is no longer new, and it has taken on a different form that requires them to start all over again. The ABA and other bar associations have acknowledged this through inaction. After numerous instances where their ethical guidelines regarding the use of technology were obsolete or wrong from the moment they were issued, these bodies have resorted to general edicts only, essentially saying, “You must master available legal practice technology, and you must not screw it up. Don’t ask us how, we’re as confused as you are.”

Gee, thanks.

Unfortunately, it is not just the legal profession that is in peril from technological overload, unrealistic expectations and the speed of innovation. Our various levels of governments are, if anything, in even worse peril from the same phenomenon.

One week ago, the Virginia State Board of Elections frantically voted to  decertify use of the AVS WinVote touch-screen Direct Recording Electronic voting machine, meaning that the machines, which were used by dozens of cities and towns in Virginia, are effectively banned. Virginia is holding primaries  just two months from now, so this has thrown those local governments into a panic. The decision was unavoidable, however, after a shocking a report that demonstrated that the machines could be hacked, and elections rigged, by a 12-year-old…that is, anyone with more technological expertise than local government officials.

 As explained by Jeremy Epstein in Slate,

“If an election was held using the AVS WinVote, and it wasn’t hacked, it was only because no one tried. The vulnerabilities were so severe, and so trivial to exploit, that anyone with even a modicum of training could have succeeded. A hacker wouldn’t have needed to be in the polling place—he could have been within a few hundred feet (say, in the parking lot) or within a half-mile if he used a rudimentary antenna built using a Pringles can. Further, there are no logs or other records that would indicate if such a thing ever happened, so if an election was hacked any time in the past, we will never know.”

The WinVote system had been certified as meeting the Voting Systems Standards,  and was approved for use in Virginia, Pennsylvania, and Mississippi. Pennsylvania and Mississippi both stopped using it a few years ago, but my home state used WinVote as recently as the November 2014 election. After a series of problems on election day, the State Board of Elections directed the Virginia Information Technologies Agency, which is charged with providing IT services to the Virginia government, to investigate and file a report.

VITA’s report was jaw-droppingly alarming:

  • The encryption key for the wireless connection is “abcde,” ……and that key is unchangeable!
  • The system hasn’t been updated in eleven years.
  • The administrator password is  hardwired to the fiendishly clever password “admin.” It is ridiculously easy for someone to guess that and break into the system.
  • There are no controls on changing the database. Thus someone could copy the voting database to a separate machine, change vote totals,  put it back, and there would be no way to detect the changes. 
  • The machines are constructed so that it would take only a few minutes for someone to replace the software and change the votes.

Concluded the Slate article, “In other words, anyone within a half-mile could have modified every vote, undetected.” The article also explains how this could be done, noting that for all we know, it might have happened.

That’s just voting–you know, the integrity of the democratic process. With the demonstrable and undeniable systemic incompetence at all levels of government, it is inconceivable that this is an exceptional fiasco, or even the most perilous. It’s just one we happen to know about. Such incidents should temper the public’s instinct to let bureaucracies take over more and more of our lives, but I doubt that they will. The Washington Post had a revealing interview with Richard Herrington, the secretary of the Fairfax City Electoral Board, who nicely illustrated the degree of comprehension our officials bring to the challenges of technology. Speaking of the embarrassing voting machine mess, he shrugged, “No matter how much time, money and effort we could put into a device or a system to make it as secure as possible, there is always the possibility that someone else would put in the time, money and effort to exploit that system.”

Wrong, says Epstein, correctly. It would be criminally negligent to continue to use a system that vulnerable to hacking.

And it is unethically negligent for our governments to rely on any technology it isn’t capable of using competently and securely. You and I both know they have, they are, and they will, however. The only question is how catastrophic the results will be.

Buckle those seat belts.


Pointer: Fred

Facts: Slate

37 thoughts on “Inevitable, Unethical, Technological Incompetence By Our Governments

  1. Paper voting… an idea whose time has come again.

    I am really glad that Montana still uses human readable “fill in the circle” ballots.

    • As does Connecticut…

      Though “still” is a bit misleading – we previously had these mechanical contraptions until about a decade ago. These were amazing; you flicked a mechanical switch for your candidate, and pulled a giant level that turned a counter and reset the ballot switches. It made a very satisfying “click” that made you proud to be part of the Democratic process.

      I had the good fortune of using these for a local budget referendum just after I turned 18, and then they replaced them with fill in the bubble paper ballots that could be electronically counted and manually recounted. The old machines had the sad defect there was no possible means of “recounting”, because the mechanical counter was the only record. If the machine jammed and missed a vote, there was no way of knowing. Still, I grew up standing my my mothers knees while she stepped into the booth, pulled the level that closed the curtain, voted, and pull the reset level that logged the vote and reopened the curtain.

      Pen and paper do not recreate the experience.

      • I had the same experience for years here in Indiana before we switched to the scan-tron style machines that used to read our answer sheets in school.

  2. Jack,

    I completely agree with your point here, but I’d like to urge you to push your thinking further.

    When you say, “it is unethically negligent for our governments to rely on any technology it isn’t capable of using competently and securely,” you need to say what your solution is.

    Here’s the problem: this from the recent Bloomberg BusinessWeek article on working at the IRS.

    “Then, in 2011, Republicans settled into the House, and the cutbacks started. According to the U.S. Government Accountability Office, the IRS reduced technology spending that year by $165 million. Schickel says it became almost impossible to get people from tech support to help with a computer problem. This was when the agency was finally going through a difficult upgrade from Windows XP to Windows 7. “A lot of people in the office had laptops. Every time they loaded Windows 7, it completely crashed,” he says. “They didn’t have enough memory. It’s like Congress is against you, the computer system is against you, and you are just fighting to get your job done.”

    So what’s the solution? Go back to XP?

    My concern is that lots of folks like you decry (quite rightly) the use of bad technology; but too often the non-thinking solution is to go backwards technologically, because of aversion to giving those “stupid bureaucrats” even more money to play with.

    This creates a vicious circle. There’s one obvious way out of it: invest in technology and in tech support. And if that’s not a happy solution, then I think it’s incumbent on critics to propose a different one.

    • To be honest, Charlie, I don’t have a solution, except the obvious one: no system should exceed the ability of those dependent on it to control and oversee it. I’m sure Heinlein and Asimov left us a lot of cautionary tales on that score.

      • It would be eaiser to watch the ‘Terminator” movies. Heinlein not so much. The one story I remember with sencient computer was “The Moon is a Harsh Mistress” and the computer allied it self with the reveloutionarys rather then attempting to protect itself from humanity.

        The story that I liked (can’t rember the name) was a short story in which the main character recieves a libaray notice that he has a copy of “Kidnaped” by Robert Lewis Stevenson that is over due. Bt the end of the story he is facing execution for Kidnapping Robert Lewis Stevenson. When the Govenor trys to save him the computer system rejects the Govenors attempt because it was filed on the wrong form.

    • So what’s the solution? Go back to XP?

      Congress is part of the mess. They have an ethical obligation to adequately fund the government, including technology.

    • If the technology wasn’t ready, we never should have moved forward. Most computer-literate people I know were against computerized voting in the first place. It is entirely appropriate to move “backward” technologically, if it means preserving the integrity of the process. Yes, that may mean moving all the way back to paper.

      • Moving back to paper is really not necessary, Null. Apparently, most of the computer-literate people you know are not6 literate in computer security. For instance, a stand-alone computer, no network, no wifi, CANNOT be hacked, except by an on-site operator. And if you’re going to use that to disqualify computers, then you also have to disqualify paper ballots.

        • The computer-literate people I know at least understand that humans themselves are the weakest link.

          1) You have to trust that your elected officials understand the problem and the associated risks.
          2) You have to trust that your elected officials will contract out the work to competent, trustworthy experts.
          3) You have to trust that the dialog between those elected officials and experts does not resemble a Dilbert comic in any way.
          4) You have to trust a slew of third parties, including hardware manufacturers, software vendors, consultants, and contractors.
          5) You have to trust that they will succeed with no roadblocks, and that early failures are not eagerly adopted as solutions.
          6) You have to trust that, by the time the first prototypes are ready, that a different set of elected officials understand what the heck has been going on enough to adopt the system as intended.
          7) You have to trust that the system is safe against incompetent end users before, during, and after voting.
          8) You have to trust that I haven’t missed something in this list.
          9) You will, at some point, have to be able to prove that all of the above are trustworthy, to a computer-illiterate public.

          Yes, if everything were implemented and handled perfectly at every computerized voting booth, with trustworthy people at every step, there would be no problem. Yes, paper ballots also rely on some level of trust, but physical voting systems require significantly more effort to invisibly tamper with, while requiring less technical expertise.

          • You mean like finding 600+ votes in an un-reported ballot box in an election officials back seat, with the vast majority of those votes being for one party? Or possibly having over 400 voter registration cards showing the same address…the Election Commission’s? And, as far as trust goes, the public only has to do one thing…trust the people they elected to DO THEIR JOBS. Once elected, they had best not TRUST anyone. They need to do their homework, find out something about the issues they are working on, and, for once, quit running for re-election. Seriously, ‘abcde’ as a password? Especially a wifi network password?

            • So my statements about relative difficulty and detectability still hold, yes? Corrupt individuals will always have a motive to hack the system, so let’s not make their efforts any easier.

              Elected officials in general won’t understand technology. That’s the reality we have to live with for now. We could try trusting them to consult with people who do understand the issues, but no, there seems to be little evidence we can trust them to do that in any area.

              And seriously, ‘abcde’ hasn’t surprised me for years. It’s sad.

              • “So my statements about relative difficulty and detectability still hold, yes? ”
                Apparently, I wasn’t clear enough. No. A properly protected computer, with wifi is a lot harder to break into than a ballot box. A stand-alone computer can only be broken into by someone physically present, and with reasonable safeguards is virtually impossible to break into surreptitiously.

  3. This isn’t just voting, it is everything. Everyone wants everything to be convenient, but at what cost? How do you make sure no one is cheating in an online course? How do you know those people who always vote absentee even exist? The only solution to these is to have them show up in person, verify who they are and then vote or take the exam. Yes, it is an inconvenience. Yes, it is not perfect, but, is it too big an inconvenience to maintain our democratic system of government? It may be too late. We have pretty much lost the concept of citizenship. It is lost in the government doctrine that “the responsible must be punished, the irresponsible must be protected from any and all irresponsibility”.

    I have joked that I should travel to California and get one of those illegal alien CA driver’s licenses under a fake name (they have to take my word for it, these licenses are for ‘undocumented’ people). I could then get an additional SSN, extra EIC, and if I am ever pulled over by the police, I can pin it on my semi-legal alter ego. I could probably vote under my alter-ego as well. I have pointed out that the curious problem with this is, “Is this illegal?”. I mean, I would be creating a fake identity with official government documents, but these program have been set up specifically to do that. If the government makes it legal to do things it says are illegal, is it still illegal?

    • Just to answer your question “How do you make sure no one is cheating in an online course?” The answer is simple: essays, timed tests, and discussion. The same things that are used in in-person courses. Yes, a student could plagiarize a paper online, but they can do it just as easily for an in-person course. Always assume all multiple-choice and short-answer tests are open-book and make the questions harder to compensate (comprehension more than rote memorization). And forum-type discussions online force students to show that they really understand the material and can talk about it and use it the same way they would in a discussion in a brick-and-mortar classroom.

      • “The answer is simple: essays, timed tests, and discussion. The same things that are used in in-person courses.”

        You are being very naive. Do you really believe everyone is who they say they are online? Nothing you have said would prevent me from doing all my wife’s online coursework for her or anyone else’s coursework for them. It would be obvious if I showed up in-person for class and tried to do the same thing. The only way to have a reasonable assurance of integrity is to have the person show up, in person, for the majority of the work. Look at actual tests that matter like NCLEX, EMT licensure, Phelbotomy licensure, etc. They aren’t going to let you take them online because they know that is a farce. You have to make an appointment at a testing center, show ID, leave your belongings in a secure area, go into the testing room with only what is permitted, and take the test while being monitored and recorded.

  4. Since I am reasonably competent, technologically, I know what the specific voting machine problem is, and I know how to fix it. That will not, unfortunately, fix the problem of politicians, young and old, that understand neither the limits of the technology nor the proper safeguards to take with using it. Teaching them to read would help, yes, but how are you going to explain terms like ‘bit’, ‘byte’, ‘WiFi’, and really complicated terms like ‘secure password’ to somebody that is more interested in convenience than security? My belief is that this is a losing battle, and possibly one that we are wasting our time trying to fight. Most politicians are interested solely in getting re-elected, and, just a wild guess, most of them would like to have these relatively easy-to-hack systems in place so that they themselves can make sure they win.

  5. Technology and the law are my specialty. Send me your preferred email address and I’ll get you on the list for the million free CLEs my company does every year.

  6. This reminds me of a quote that I have seen attributed to both Boss Tweed and Joe Stalin to wit “Who votes means nothing, who counts means everything.” I think we are to far down the wrong path following the pied pipers of the 1% to stand a chance,

    • You mean like Detroit, where the incumbent mayor gets to appoint the person who counts the votes? The ballot data only has to be kept for 30 days after the election. If the mayor can duck the subpoena for a few weeks, the ballot data can be destroyed and there is no way to contest the results!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.