Kind of slow-playing her 8yrs at the Googster with this description, aren't we?
I also think U-dub is nothing to scoff at for CS schools, if you value that sort of thing.
All this being said, her experience doesn't exactly scream "Lead architect and only senior engineer on project building critical democracy-infrastructure software to enable the base mechanisms of our entire nation."
Iowa wasn't the only state that planned on using this app. The DNC should have a process in place to validate whatever system is used to elect their candidate.
Unfortunately, you can often point out failures in software leadership by pointing out collective attributes of the team being led. In a void, I don't think "inexperienced" is describing a fault of an engineer, it's an attribute that describes the fault of their leadership. It's a messy situation, I don't think it's black and white as to who's "fault" any of this is.
... they can't just deflect blame either. I'm sure they'd be happy to take credit for any success. Anyone who had direct control over the product is at fault.
I would not blame an engineer whose experience and training was inadequate to the task unless they participated in the misrepresentation of the app as ready for prime time. The blame lies with the leadership.
There’s so many things wrong with digital voting. The biggest being that it’s so easy to hack compared to analog (paper) voting. You want to change an election, just hack the machine. With paper, you need a grand conspiracy.
More than that, you need a grand conspiracy that is so obscure third party observers can't see it happening. Relatively easy with software, because software is obscure almost by definition. Difficult with something tactile like paper ballots.
(Or you need a country where those third party observers are already powerless, but that's beside the point).
Sure with gerrymandering. I’ve been involved in two major elections in the last 12 months in the uk, one as a candidate. I couldn’t think of any way of significantly changing the votes without another party finding out. Can’t register fake people in bulk, can’t registrr normally non voting people for postal votes without them finding out, can’t vote as multiple people without a lot of co conspirators and without at least some finding out they’d already voted, can’t introduce fake ballots without many conspirators, can’t change ballots or lose ballots
If you're the secretary of state for a given state of the union, and you're in charge of the voter rolls, and you're running for office, then you are fully empowered to just remove anyone from the voter rolls who has a name you don't like, or who has a race you don't like, or who has a political affiliation you don't like.
And you can stymie all attempts to uncover your malfeasance by just shoving all those requests in the drawer, where they get mysteriously lost.
No, it isn't. You can't be "in on" a properly constructed election system, because all relevant steps are open to the public for any interested party to watch. Which is exactly the problem with digital voting: They can not be transparent while also preserving secrecy of the ballot.
Perhaps, but why bother? Counting ballots is not that hard, and the time saved by using software (if it is really saved...see Iowa) is inconsequential to the outcome of the election, or the installation of the candidate into office. Perhaps TV on election night would be less exciting, but I'm willing to sacrifice that for more secure elections.
In the uk we count by hand, and election night is exciting as different districts race against each other. We have a good idea of the results after 4 hours, usually a concession speech by 6 hours
There are a few issues that make voting different:
1) Large scale elections come around every 2 years. It's hard to test things at scale in the interim.
2) Security is good at banks because these are large wealthy companies and their life depends on it. A bank that gets hacked loses money and loses trust, so they pay top dollar for security (I have a friend in the software security space who says that 90%+ of his company's revenue comes from banks).
3) Spacecraft and cars don't need to authenticate who their users are. For voting, this is the critical--and hardest--issue to solve. Banks seem to do a pretty decent job at this, but again, they put a lot of money into it.
4) There's a perception that with more complex voting systems, someone can mess up the results intentionally at a large scale. Yes, with paper ballots this can and does happen, but a large scale conspiracy is pretty hard to pull off.
Point 4 is the really the most important one. If people don't trust the election system (regardless of whether their mistrust is well founded), then the whole system falls apart. People trust paper ballots. Let's stick with those.
Anyone who has done any security consulting at a bank knows that many of them operate almost exclusively in the "security through obscurity" model.
The rest seem to look only at regulations that were written ten or twenty years ago, come up with specific concrete solutions that are required to be blindly applied across the board in all cases, and then are totally incapable of dealing with the situation when trying to make the mandatory 8" floppy drive work with the latest and greatest iPad that doesn't have even a single hard wired connection at all.
They have all the money, so they can afford to buy off anyone who would expose their security weaknesses to the world.
This emperor definitely has no clothes, and pays people to poke out the eyeballs of anyone who might say differently.
I'm not sure this is fair. Elections are discrete events, typically dealing with (relatively) small amounts of data, at least compared to any of the above systems, which processing thousands of responses per second, and need close-to-real-time latency. Plus, there have been multiple instances in recent years of cars crashing because of software issues, planes crashing because of software issue, Mars rovers becoming unresponsive due to software issues, and banking systems getting hacked.
Granted, the rover failure was solved, but any of these issues occurring during an election of almost any size throws democratic systems into chaos. While I agree that putting more effort and expertise into voting software can make them more resilient to problems like the one in Iowa, I don't think it's obvious at first glance that deepening reliance on software is actually the best way to handle this problem, since it is actually possible to do them in a semi-analog manner (as opposed to flight-control systems or automated banking).
Even if you make your software open source and have the top security experts pour over the code and have a transparent process for how it gets deployed... laypeople won't trust it. In fact, quite the opposite, the more you focus on security, the less people are likely to trust it.
Our government's legitimacy is based on trust in our elections. I may not like who wins all the time, but I more or less feel that the wins are legitimate in the US. But if you erode this basic trust, then the government can't function.
No, we can't. The attack scenarios for all of the above are nothing like elections. Elections have to protect both against unauthorized voting (so every person has only one vote) and against determining how anyone voted, including by those running the election (so people can not sell votes/be pressured into voting a certain way).
And not only do these properties have to be guaranteed, it is also an absolute must that the vast majority of citizens can verify that that is the case, both because of the amount of power that is controlled by elections (the entire taxes of a country, control of the military, ...), so there is a significant risk that someone could be able to corrupt any group of experts that isn't a significant proportion of the population, but also for rasons of political stability: Even if the election system is in fact counting correctly, it's a major political risk if people suspect that things are rigged and have no way to really find out.
Agreed. It's a little frustrating to watch, like people trying to fit a square peg in a round hole. Especially when you know how pegs are built, and that most of them are filled with cracks that make them fragile under good circumstances, and extremely vulnerable in worse ones. And when round pegs are totally fine for the situation, and have been around for a long time, and can be used intuitively by anyone that wants to double check the geometry of the hole.
My analogy is breaking down. But certainly agreed.
Tangentially related fun fact: square pegs fitted in round holes is a traditional way of doing things when building log cabins/houses. They actually fit pretty well and are faster to make than perfectly fitting round ones with simple tools.
It could be done well. After all, for decades we've been using software for safety-critical applications like flight computers, medical devices, industrial machines, etc.
There's no reason you couldn't write extremely reliable election software by applying that level of extreme rigor, but it seems like the vendors aren't doing so.
The article mentions the paper trail backup. Good luck with that. Given our experience with Florida in the 2000 presidential election, who would be willing to bet that the paper ballot results would agree with the head count results? I was at one of the caucuses - there were two paper ballot rounds and three head counts (done by people counting themselves, supervised by staffers for the various candidates). 626 people attended my caucus. I'm sure none of them were in the bathroom during one of the three head counts over the course of a couple hours; that just couldn't happen.
The paper ballots required attendees to fill in the full name of their preferred candidate (plus a second choice), as well as their own name and address. Considering the fact that people cannot be counted on to fill in a circle or punch a hole in a piece of paper with 100% accuracy, how likely is it that multiple lines of text can be written on a card correctly and legibly?. If they actually fall back on the paper ballots, I predict all hope of a clear result will be lost.
Why on earth did they make an app which they didn't even have time to get approved? This could have been done easily with a website. Honestly, they could have used Google Forms. A secure, off the shelf, and much cheaper option would have be to setup a G Suite workplace, mail security tokens to the caucus leaders, have them make accounts on a computer, and submit the results through a form.
Why do you need anything beyond a stack of Excel spreadsheets? The polling locations call in the tally to the town, the town calls in results to the county, and the county forwards the results to the state, to be certified. Like this you get the final result two hours after polls close. Everything else is needless complexity.
Iowa's caucus has been more or less working fine since it started in 1972.
What was the value add of introducing an app? Knowing results sooner? Certainly not simplicity or reliability.
I'm reminded of an xkcd comic (I think) where the fight to eradicate some disease is essentially making stead,y predictable progress, and a room full of developers is ready to chuck the whole process in favor of app-ification. This is that.
58 comments
[ 2.6 ms ] story [ 147 ms ] threadEDIT: the CTO actually has a lot of experience, I didn't see her first two positions at SRI and Google because linkedin folded it.
Kind of slow-playing her 8yrs at the Googster with this description, aren't we?
I also think U-dub is nothing to scoff at for CS schools, if you value that sort of thing.
All this being said, her experience doesn't exactly scream "Lead architect and only senior engineer on project building critical democracy-infrastructure software to enable the base mechanisms of our entire nation."
1. https://www.latimes.com/business/technology/story/2020-02-04...
(Or you need a country where those third party observers are already powerless, but that's beside the point).
If you're the secretary of state for a given state of the union, and you're in charge of the voter rolls, and you're running for office, then you are fully empowered to just remove anyone from the voter rolls who has a name you don't like, or who has a race you don't like, or who has a political affiliation you don't like.
And you can stymie all attempts to uncover your malfeasance by just shoving all those requests in the drawer, where they get mysteriously lost.
1) Large scale elections come around every 2 years. It's hard to test things at scale in the interim.
2) Security is good at banks because these are large wealthy companies and their life depends on it. A bank that gets hacked loses money and loses trust, so they pay top dollar for security (I have a friend in the software security space who says that 90%+ of his company's revenue comes from banks).
3) Spacecraft and cars don't need to authenticate who their users are. For voting, this is the critical--and hardest--issue to solve. Banks seem to do a pretty decent job at this, but again, they put a lot of money into it.
4) There's a perception that with more complex voting systems, someone can mess up the results intentionally at a large scale. Yes, with paper ballots this can and does happen, but a large scale conspiracy is pretty hard to pull off.
Point 4 is the really the most important one. If people don't trust the election system (regardless of whether their mistrust is well founded), then the whole system falls apart. People trust paper ballots. Let's stick with those.
The rest seem to look only at regulations that were written ten or twenty years ago, come up with specific concrete solutions that are required to be blindly applied across the board in all cases, and then are totally incapable of dealing with the situation when trying to make the mandatory 8" floppy drive work with the latest and greatest iPad that doesn't have even a single hard wired connection at all.
They have all the money, so they can afford to buy off anyone who would expose their security weaknesses to the world.
This emperor definitely has no clothes, and pays people to poke out the eyeballs of anyone who might say differently.
Granted, the rover failure was solved, but any of these issues occurring during an election of almost any size throws democratic systems into chaos. While I agree that putting more effort and expertise into voting software can make them more resilient to problems like the one in Iowa, I don't think it's obvious at first glance that deepening reliance on software is actually the best way to handle this problem, since it is actually possible to do them in a semi-analog manner (as opposed to flight-control systems or automated banking).
[1] https://finance.yahoo.com/news/u-regulators-review-2018-fata...
[2] https://www.washingtonpost.com/world/asia_pacific/investigat...
[3] https://www.extremetech.com/extreme/305205-mars-rover-is-fro...
[4] https://arstechnica.com/tech-policy/2019/09/russian-national...
Our government's legitimacy is based on trust in our elections. I may not like who wins all the time, but I more or less feel that the wins are legitimate in the US. But if you erode this basic trust, then the government can't function.
And not only do these properties have to be guaranteed, it is also an absolute must that the vast majority of citizens can verify that that is the case, both because of the amount of power that is controlled by elections (the entire taxes of a country, control of the military, ...), so there is a significant risk that someone could be able to corrupt any group of experts that isn't a significant proportion of the population, but also for rasons of political stability: Even if the election system is in fact counting correctly, it's a major political risk if people suspect that things are rigged and have no way to really find out.
My analogy is breaking down. But certainly agreed.
There's no reason you couldn't write extremely reliable election software by applying that level of extreme rigor, but it seems like the vendors aren't doing so.
https://www.wired.com/story/boeing-787-code-leak-security-fl...
The paper ballots required attendees to fill in the full name of their preferred candidate (plus a second choice), as well as their own name and address. Considering the fact that people cannot be counted on to fill in a circle or punch a hole in a piece of paper with 100% accuracy, how likely is it that multiple lines of text can be written on a card correctly and legibly?. If they actually fall back on the paper ballots, I predict all hope of a clear result will be lost.
"IT Services and Support"
The real issue with that approach would probably be a requirement to have a computer on site.
Every state should have a primary on the same day instead of giving states like Iowa and New Hampshire outsized influence on the media narrative.
What was the value add of introducing an app? Knowing results sooner? Certainly not simplicity or reliability.
I'm reminded of an xkcd comic (I think) where the fight to eradicate some disease is essentially making stead,y predictable progress, and a room full of developers is ready to chuck the whole process in favor of app-ification. This is that.