Dogcatchers, Russians and Elections

In all the discussion of election hacking, foreign powers, critical infrastructure and the need to more effectively secure elections, there are several facts that need to be considered:
1) The Russians (or the Chinese for that matter) are only interested in affecting the outcomes of federal contests—President, Senator and Congress.
2) Foreign hackers don’t care about dogcatcher, school board member, city clerk, city council or county treasurer.
3) Elections for dogcatcher, et al, and President occur on the same day and on the same ballot using the same rules, laws and technology.
4) Elections for dogcatcher, et al, are conducted using 51+ different sets of rules and laws enacted by states, each of which has its own partisan composition, political history, and traditions.
5) Elections for President, Senators and Representatives are also conducted using 51+ different sets of rules and laws enacted by states, each of which has its own partisan composition, political history, and traditions.
6) Elections for dogcatcher, et al, are not vulnerable or at risk from foreign hackers.
7) Elections for President apparently are vulnerable.
8) Counties pay the cost of elections for President and Dogcatcher and make all the decisions on voting technology and how the election is conducted.
9) The federal government does not pay the cost of elections for President or Dogcatcher but still wants to make the decisions on voting technology and how the election is conducted.

wringinghands2Given these facts, there are several obvious and not so obvious courses of action to secure US elections:

Course of Action A: Wring hands. Americans have a long history of hand-wringing and inaction while contemplating solutions to difficult issues.

Course of Action B: Secure the dogcatcher vote from Russian hacking. If the threat of hacking is eliminated for America’s dogcatchers, we can be assured that the vote for President is just as secure and safe from hacking by Russians. The only trick is to get all 51 states to do everything as mandated by the feds while still picking up the cost of the election and dealing with the political and public blow-back which would result from the changes and the violation of long-standing and closely held history and traditions.

Course of Action C: Bifurcate the election of dogcatchers from the election of Presidents. Let the states and counties elect the dogcatchers, et al, in whatever manner they want since they make the rules and pay the bills. Move the election for President, Senator and Representative to another day to be securely conducted at federal expense under a single uniform set of laws, technology and procedures administered by a federal agency. Maybe the ballots could even be hand-counted on Election Night like our friends in Canada in this scenario.

Of these three options, only one is rational but that assures that it won’t be the one seriously considered and pursued.

The conversation has already focused on strategies for securing the vote of dogcatchers with little recognition of its futility and impracticality. The fiscal, legal, constitutional, technological and logistical challenges of securing our highly decentralized election system are monumental. And we haven’t even mentioned the fact that none of the self-anointed election experts agree on how it could be done., whether they be academic, activist, technologist, journalists, politicians, intelligence and security

The most likely outcome will be continued hand-wringing in the current fear-mongering, doubt-creating, hyper-partisan frenzy.

Advertisements

The Opposite of Courage is Conformity

“The opposite of courage in our society is not cowardice, it is conformity.” ~Rollo May

Almost every definition of courage recognizes that courage is not the absence of fear.  Without over-emphasizing or being over-dramatic, we all have fears.  Some of them are deeply personal and private- self doubt, failure, change, acceptance, self worth, control, etc.  These private fears derive from our own experiences and insecurities and we inevitably take them to work with us.  These fears might be either exacerbated or soothed by our workplace environment and interactions.  t, in any case, they are always present and we act in response to them in one way or another.

Rather than responding to fears, the challenge as a leader is to act courageously and to foster courage in others.

               Act.  Courage is action in spite of fear.   Fear paralyzes.  Fear prevents thinking and reasoning.  Fear stifles our voice.  Fear is embodied in the silent, empty-eyed and frozen appearance of the proverbial “deer in the headlights.”  Just as fear and inaction seal the fate of the deer as a car barrels towards its unwitting target; fear, inaction, and conformity seal the fate of individuals and organizations (although not as suddenly or dramatically.)

               Risk making a mistake.  Inaction because of the fear of making a mistake is the greatest single cause of mediocrity in the work place.  The drive for perfection, when it delays or prevents action out of fear of erring or misjudging, robs a person or team of success rather than ensuring it.  When we fail to act in order to avoid embarrassment and the judgment of others if we make a mistake, we reveal fear and weakness.  We are saying that we prefer to be passive and mediocre rather than risk success.

Courage recognizes that mistakes and mis-steps are not failures; they represent the opportunity to learn and grow for ourselves and others. Michael Eisner, Disney CEO, is reported to have said “To punish failure is yet another way to encourage mediocrity.”  When we recognize that mistakes are an essential part of achieving success and withhold harsh judgments, we empower ourselves and others.

Privilege Principle over Expediency. In the public sector administrators and managers operate by a different set of incentives and motivations than our counterparts in the private sector.  Rather than being motivated and incentivized by profits, losses and bonuses, public administrators and elected officials are often motivated by pleasing others and by not causing any waves.  Elected officials place great value on the views and desires of their constituents which they weigh heavily when setting policy and making decisions.  Administrators tend to be risk averse and generally seek to please as many people as possible- the public, peers, and subordinates.

Perhaps more often than we think, pleasing others and doing the right thing come in conflict, creating a situation in which a choice must be made between expediency (pleasing others) and principle (doing the right thing). Expediency considers each decision in a vacuum with the criterion being the optimal outcome for that specific situation. The criteria for decisions based on expediency are expressed in terms of “Who will benefit?”; “Who will get hurt?”; “Who will be angry?”; “Who will know?”; “How will this affect me?”, etc.  The aggregation of decisions based upon expediency result in inequities, inconsistencies, inefficiency, unpredictability, and chaos while maximizing the benefit to the decision maker personally.

On the other hand, decisions based upon principle place self interest in a subordinate position to “doing the right thing.” “Doing the right thing” is another way of describing decisions that treat everyone equally; that enforce or apply rules, policies, ordinances, and laws rather than ignore them. Doing the right thing is consistent over time and across similar cases.  Doing the right thing does not always win friends or bring personal rewards.  It takes courage to make decisions on principle over expediency when the two are in conflict.  It takes a certain courage to even acknowledge that the two are often in conflict.

Have the Courage to Let Go. There is a paradox that the more an administrator wants to touch everything, the more limited and less effective the administrator becomes.  There are things that are so important to us, things that are so threatening, and things that are such a source of insecurity that we will not yield control even over them even when clinging to them is counter-productive.  For example, when we are jealous of our power and authority we insist on being the final word on everything under our control in order to protect our egos and reputations.  We fail to see that this insistence on control actually limits us and increases the probability of some kind of damage to our reputation and standing.

How is that the case? First, it is an inefficient use of an administrator’s time.  The administrator can easily become overwhelmed by minutiae and delay important actions and decisions.  Insisting on having everything one’s way cuts off the introduction of new ideas and approaches from subordinates.  Such control communicates a lack of trust in the judgment and abilities of others and leads to discouragement and the stifling of initiative in the organization.  At best, this level of control maintains the status quo.  At worst it produces untimely and less than optimal decisions.  It leads to staff morale issues and turnover.

Expressing this paradox in terms of its positive rather than negative outcomes, consider the results of giving up some of the things we cling to:

  • More authority and control given to subordinates increases the span of control of the administrator.
  • More trust in the judgment of subordinates increases the timeliness, quality and quantity of decisions.
  • More credit for success given to others reflects more credibility upon the administrator.
  • Fewer secrets and proactive, top-down sharing of information results in more timely, accurate and complete information being reported to the administrator.
  • Greater transparency in decision making leads to greater confidence and trust in the administrator.
  • More kindness and consideration expressed and demonstrated for others leads to more respect being shown to the administrator.

Reward Courage in Others. Our society is quick and willing to recognize and reward heroism but workplace courage is personal and exhibited without fanfare.  It is seldom heroic and it is often non-conforming in character.  Our culture and bureaucratic environment values and rewards conformity and it is uncomfortable with and often punishes non-conformity.  As administrators, one of our obligations as courageous leaders is to foster an environment where the exercise of personal courage by members of our organization is positively recognized and rewarded.  This might mean having the courage oneself to intervene and re-characterize the organization’s view of the behavior from disruptive and “boat rocking” to admirable and positive.

The value and need for courageous words, ideas, and actions in the workplace has been unrecognized and undervalued. It appears certain to me than courage begets courage.  As leaders, we can foster courage in our organizations by developing and exhibiting greater personal courage to act, to risk, to be principled, to “let go” and to reward courage in others.  We can encourage and inspire others to be courageous.  We can choose courage to be great or we can choose mediocrity, conformity and expediency.

Stay Tuned

(Author’s Note: A version of this article was written and published to an audience of public administrators almost exactly four years ago while ramping up for the 2012 Presidential Election. The observations that triggered the article were drawn primarily from the field of election administration but are also representative of conditions in the public sector generally. As election administrators gear up for another, and potentially raucous, presidential election, the moral and practical value of courageous leadership is even more important.)

Inside or Outside the Box?

Several times during the election conference I am attending, I have heard the expression “outside the box.” To no one’s surprise, many (but not all) of these comments were directed at me and many of the ideas I have expressed in this blog. Like much jargon, overuse has changed the original meaning of the term. Originally, the term was positive and conveyed innovation. The tone and meaning of this week ‘s comments ranged from “I never thought of it that way before” and “Dude, you are waaay out there.” The latter implying that being “outside the box” is a negative and unsafe place to be. These polar opposite normative takes on the expression appear to echo the attitudes the speakers hold on change (see my previous post “Faster Horses and Election Administration“.)

It occurs to me that those who see being outside the box as dangerous may be drawing the box too small. There is a perception that external constraints, i.e. legislation, regulations, traditions, past practices and fear, compress the size of the “box.” The smaller box is drawn by segments of a wide and varied cast- administrators, legislators, vendors, academics, advocacy groups, and of the political class.

Yesterday a direct question about these kinds of constraints was posed to me and here is my response:

“Election Administration is always performed in the context of statutory and regulatory constraints. Effective administration is able to manage and succeed within any framework. In CA at the moment the statutory and regulatory framework is difficult and arguably overly complicates administration generally and HAVA implementation specifically. Having said that, my position is that these constraints should not be used as an excuse. My past and present experience confirms generous areas in which administrators can and should be using their knowledge, expertise, judgement and discretion to reform or create more effective practices to manage within safely within existing laws and limits. Certainly, administrators acting collectively and collaboratively can influence the changes and reforms to these constraints more effectively than actions by single counties/voices. Unfortunately, administrators tend to be focused on preserving the status quo rather than creating and embracing a vision of what could/should be in a set of future laws and regulations.”

As I penned this response it occurred to me that there is often more room in the “box” than what we see and use. In fact, thinking is seldom truly “outside the box.” The “boxes” we operate in as we administer elections is really a very large “box.” When we realize this and draw the “box” larger, it is much safer to consider new, unconventional and innovative ideas.

To improve the practices and administration of elections, to find solutions to complex issues, to successfully collaborate, share and innovate, we should recognize that our “box” is large and that the constraints of a “box” are largely self-imposed.

Thinking Like Its 1999

imageEach January election officials from across the country as well as many others from government and industry gather in what is called the “Joint Election Official Legislative Committee.” As the name implies, the focus is legislation and developments at the federal level that impact election practices at the local level. Of all the professional meetings held throughout the year by the election profession, this is the most substantive and useful. The networking which occurs among officials from across the country and with others with election related interests is one of the great benefits of the meetings. Despite differing structures, laws, terminologies and sensitivities, the issues and challenges faced by election officials are very similar if not identical.

Typically the topics discussed are voting systems, money and resources, technology, postal regulations, civil rights enforcement, census as well as any proposed legislation. During the first session, attendees are asked what issues are of particular interests for discussion during the multi-day conference. In this morning’s meeting, the issues were not solely the typical reiteration of the usual topics but no clear theme emerged until, Alysoun McLaughlin, the Deputy Director of Elections in Montgomery County, MD, articulated one.
She proposed that we discuss internal processes for effectively managing technology and election processes instead of merely its acquisition. That theme was picked up and added to as others cited her recent piece which was reposted by Doug Chapin and spoke to the need of using language and terminology that is meaningful for those observing the elections process.

This theme echoes much of what I have been proposing in this blog- there is a need for the profession to focus on management skills and professional practices -themes which appeal to some but not to many in the profession. Technical subjects- voting machines, pollworkers, lawsuits, budgets, registration- dominate our discussions while “soft” subjects- leadership, management, performance management, staff development, etc are seldom addressed.

What is the discussion to address the issues Alysoun has raised? Individual voices calling for the introduction of “soft” practices such as Lean quality management practices and administrative reforms are like voices in the wilderness. How can the profession embrace a culture of continuous improvement? How can we leave behind the critical issues of 1999 and more effectively address the issues of 2013?

I am increasingly beginning to believe that those of us who have been in the profession for years and the institutions we have created (and lead) are not best situated or equipped to address 21st century election administration issues. It is promising to see the post-boomer generation move into leadership roles, create new institutions and ask the questions that haven’t been asked nearly enough.

Stay tuned.

“Managership” or Leadership– The State of Election Administration

Public property keep outA review of the literature on public administration from any university textbook, academic anthology or assigned reading list does not reveal a treatment of leadership in a practical or theoretical context.  Organizational theory and decision-making models and management approaches are the bread and butter of the study of public administration.  Ironically, leadership texts are not found in public administration or political science literature; rather, they are found on business reading lists and in business publications. 

When leadership is addressed in the literature, it is treated as a heroic, charismatic personal attribute – a noun.  A person has it or does not, which largely explains why study and research in leadership has been ignored.  I have a different understanding of leadership- as a verb.  Leadership acts on “what might be” instead of limiting itself to “what was.”  Leadership is forward looking- it seeks solutions to tomorrow’s challenges instead of solving yesterday’s problems.  Leadership maximizes and optimizes its existing resources instead of seeking more.  Leadership sees constraints and setbacks as temporary and transient and seeks success in spite of them.  Leadership does not seek silver-bullet solutions nor does it place all its hopes in technology at the expense of processes.  Leadership looks outward and seeks answers from the knowledge and experience of others.  Leadership lifts, values and develops the people surrounding the leader.  Leadership recognizes its stewardship as a system instead of a collection of singular components and, as a result, can see the relationships contained within the whole.   Leadership calculates both long-term and short-term risk and return and has the courage to act decisively.  Leadership seeks excellence and rejects that which is merely adequate.

“Managership” is inward-looking, centered on the present moment and is satisfied with doing what has already been safely and successfully done by themselves or others.  “Managership” muddles through projects and operations seeking outcomes that suffice, or in other words, that which is “good enough for government work.”   “Managership” seeks solutions in increased or new resources- more people, more money and more technology.  “Managership” deals with issues and makes decisions as they occur- chronology is its prioritizing and organizing principle.  “Managership” analyzes and deliberates on single issues as discrete decisions.  “Managership” sees people as tools and expendable commodities to be consumed in the course of business.  “Managership” settles for local efficiencies at the expense of the efficiency and effectiveness of the whole system.  “Managership” celebrates and adopts “best practices” because someone else has already taken the risk of innovating.

The decentralized and sometimes politicized nature of election administration in the US make it difficult to recruit and prepare administrators who are more than bureaucrats, caretakers and guardians of the status quo.  To be sure, the field would be much improved with a more universal application of the principles of “managership” which comprise the core of the best training currently available to election administrators.   While an improvement, “managership” promises only limited benefits.

Leadership, as I am defining it, , is manifest by those fortunate enough to have been mentored and developed by those who are leaders and also by those who bring experience outside of public administration to election administration.  Leadership calls for a more consistent and proactive development of the next generation of leaders.  As a profession, it is incumbent on those who claim leadership to combine their collective knowledge and wisdom to move away from “managership” and to train and prepare tomorrow’s (and today’s) leaders in election administration. 

Who is in?

 

Internet Voting, 4 D’s, and WMD

wmd

In 1998, as one of a handful of people who thought the future of elections was internet voting, I was a co-founder of eBallot.net, a short-lived internet start-up.  The demise of eBallot.net and other internet voting companies was, and continues to be, the report issued by the California Task Force on Internet Voting in January 2000.  A close reading of the report appears to definitively kill internet voting well into the future, if not forever.  Interestingly, the report called into question (directly and indirectly) many of the characteristics and security practices of all paper based voting systems in use at that time.  David Jefferson, the Technology Co-Chair of the Task Force, was responsible for many of the findings in the report.  Mr Jefferson has since continued to be involved in issues regarding voting systems and maintains his strong rejection of internet voting.

Anyone who has followed the post 2000 and post HAVA voting equipment debates knows that there has been a large polarization between election administrators and voting system advocates (of all stripes).  There has not been a lot of common ground or common understanding and there has been, at times, a lack of civility on all sides in the discourse (of which I am probably also guilty).

I recently had an exchange with Mr Jefferson in a discussion forum considering the impact of a student hacking a university on-line voting application and attempting to change the results of the election.  The exchange was notable inasmuch as old rivals (me and Jefferson) began to identify some common understanding and respect for the position of the other.  At his suggestion I am re-publishing parts of our exchange.  It is my hope that more frequent constructive discussions will build bridges of understanding and that this discussion may be seen as the type of exchange that fosters increasing and meaningful dialogue between the election administrator community and those in the watchdog community (for lack of a better term to encompass the scientific, academic, advocacy and political aspects of the critics).

This post is rather long.  Rather than edit it for length and remove something which might resonate with readers, I have kept the thread virtually intact.

The original question, “Is the San Marcos hacking incident  a Bad Omen for Internet Voting?”, was posed by Bill Kelleher, a known writer and advocate of internet voting.  In response to the question, David’s conclusion was:

Jefferson:  “Strong, practical, remote authentication of the users of online systems, especially online voting systems, is a very difficult and unsolved security problem. And it just one of many on the list of profound security that have to be solved before online voting can be made secure. That list also includes; client side malware, fake voting clients, server penetration attacks, distributed denial of service, insider attacks, automated vote buying, and numerous others.

Mr Weaver’s attack was not like those that will occur if Internet voting is used in public elections. He was thwarted because (1) he was voting from a machine controlled by university IT personnel so that they were both able to notice unusual activity in real time; (2) they were actually able to spy on him remotely in real time as he was casting phony votes; and (3) he was physically local, so a police officer could immediately be dispatched to arrest him red handed while he was still casting phony votes, in the commission of a felony, with therefore no need for a warrant to find additional evidence in his pocket that was full of key loggers! None of these fortunate facts will apply in a real attack on an online public election.”

To Jefferson’s response, I chimed in:

Konopasek:  “I believe there are some lessons to be learned from the hack which people on both sides of the electronic voting security issue should consider. First I must say that my position over the years on the topic has evolved to a neutral stance as I have been willing to learn, observe, analyze and discuss based upon a decade long experiment with the technology. I am not so quick to dismiss Mr Jefferson’s concerns as I was 10 years ago nor do I believe that electronic voting is without security risks which means I am not as satisfied or optimistic as Mr Kelleher. I would hope that others might demonstrate a similar capacity to learn and a willingness to evolve.

As a military security expert for nearly two decades I learned and practiced a philosophy of security which I call the four D’s– Deter, Delay, Detect, and Deny. These four principles are fairly self explanatory and represent a progression in degrees of security, cost and operational effectiveness. Too often when we have discussions of voting security there is an unspoken assumption that the level and standard of security being considered is Denial- the costliest and most difficult level of security to achieve. Denial means that every type of attempted fraud or penetration must be defeated immediately and completely. The gold stored at Fort Knox is the classic example of something protected with this level of security- even so, it is doubtful that Fort Knox is invulnerable. It merely uses a highly complex and hardened set of deterrent, delay and detection methodologies. The only way to completely secure Fort Knox would be to never store gold or anything of value in it.

“Deterrence, delay and detection effective, and cheaper and more efficient techniques for the security of almost everything we secure– bank accounts, facilities, computer passwords, encrypted communication, our homes, our cars and our paper ballots. It is not impossible for theft or fraud to be attempted but with the right combination of measures, threats can be deterred from action by the probability of being caught and harsh sanctions when discovered. The history of cryptography and intelligence teaches that with enough time every code and encryption algorithm can be cracked. Encryption delays compromise. It cannot prevent or deny it.”

“Detection, the security principle at play in the “Student Hack Caper,” serves a double role in security designs. First it complements deterrence and gives deterrence credibility. If a thief knows that the odds of detection are high, the likelihood of success is low. The whole reason thieves and burglars wear dark clothing, sneakers, hoods and masks is to avoid detection (and identification). The second principle is that theft or fraud detected is fraud which can be prevented or mitigated. This is precisely what happened in this caper.“

“To assert that if this was a “real” attack on a “real” election that the fraudster would have been smarter, luckier and more stealthy and therefore, by definition, would have succeeded is to assume that “real” election security is ineffective, “real” elections IT personnel are not competent, “real” election fraud could not be identified, isolated and mitigated as was the case in this caper. Any “real” election is and always has been the target of potential, attempted and sometimes actual fraud–and always will be regardless of the voting platform. That threat however does not cause us to stop having elections. Similarly if we insisted on denial as the only acceptable level of security for elections whether hand counted paper ballots, machine counted ballots, electronic ballots or pottery shards are used- democracy would cease to exist. “

“We must cease the insistence that denial is the only acceptable level of security for electronic voting systems. Deterrence, delay and detection are the tools we use everyday to secure our most precious and valuable possessions– and that should include our votes.”

“postscript: Modern science is empirical and based upon observation and evidence. Assertions of what “is” or “might be” absent any theory, evidence, observation or proof might be opinion, politics, superstition or religion but it is not positivist science.”

Jefferson:  “Scott — Using your 4D framework (Deter, Delay, Detect, and Deny) you point out that Denial represents the highest degree of security, cost, and operational effectiveness. You then add that Denial means that ‘every type of fraud or penetration must be defeated immediately and completely’”.

“The criterion I have always used is that not ALL attacks on elections have to be Denied. But LARGE SCALE, AUTOMATED (i.e programmed) REMOTE ATTACKS do have to be absolutely denied. I have never tried to invent mechanisms that prevent small attacks in which only a handful of votes only are at stake, so I have never gotten involved in the VoterID issue, for example, which denies at best a handful of impersonation votes per year. Nor have I spent much time worrying about postal workers opening and modifying ballots transmitted by mail, because such attacks are not automated. I do worry greatly about frauds committed by my kind of people, programmers, both those who write the voting system software and those who are motivated to attack an election remotely.”

“Remote, programmed attacks on Internet voting are the weapons of mass destruction in the elections world. Thank goodness we have had very few so far. (But I do know of handful of cases that have been detected.) Just as with physical WMD, we have to do everything we can in a democracy to deny that possibility of electoral WMD at all costs. It is just not good enough to say that because it has never happened before in this country we can consider the risk to be low. Those of us in the security community know how to attack any current Internet voting architecture and can completely disrupt any of them or worse, rig the results undetectably. If we know how to do it, we can be sure that criminals, foreign intelligence agencies, and our own political partisans know it also, or can pay for people who do.”

“Because we know that no one can build an Internet voting system today that is invulnerable to remote automated attacks that we know how to perpetrate, we are forced to conclude that it is just too dangerous to field Internet voting systems yet. We also know that there are a large number of profoundly difficult Internet security problems that have to be solved before anyone will be able to build a secure enough Internet voting system suitable for public elections, and we are not within a decade of solving any of them. So for the foreseeable future it is best to live without Internet voting and continue to improving the systems we have, particularly absentee balloting systems and procedures.”

Konopasek:  Hi David- I want to make sure you understand that I agree with you that internet voting is best left to the future. My concern is that our attitudes and assumptions about security will delay or inhibit legitimate development of robust internet voting systems while garage engineers, like the ones that built certain models of the current DRE systems, will design, build and lobby for their use. The ubiquity of the internet in our lives and our dependence on it will eventually erode the credibility of security concerns and we will be left with poorly designed systems that will be approved for use in public elections.”

“Interesting that you used WMD as an example. Our tremendous fear of the proliferation of WMD by certain regimes (undoubtedly a real threat to all of us) led us in 2003 to greatly and deceitfully (as it turns out) exaggerate claims that Iraq had nuclear weapons. On that pretext, our nation launched a security operation to eradicate (deny) an imagined threat that COULD have existed but which DID NOT. The fear of what COULD BE cost hundreds of thousands of innocent lives and a decade of warfare and insecurity. The single minded pursuit of a potential security threat changed the world forever, and not for the better.”

“A more reasoned approach, which was not based upon complete and immediate denial of WMD, may have sought to detect indications of WMD, to delay their development with continued embargoes or to deter the Iraqis with threats of escalating coercive means. The president’s arguments and decisions to invade, overthrow the regime, destroy the infrastructure and inflict “shock and awe” represent the classic type of bad policy decisions based upon absolutes, non-negotiable and an insistence on denial.”

“I see many parallels in the decade old arguments against electronic voting in general and internet voting specifically. As long as absolutism is the rule the stage is set for legitimate science to sit on the sidelines while techie entrepreneurs develop the next generation of voting technology. The debate is likely to be overcome by events and popular will- Bill’s evangelism and that of others is already taking hold. Soon “hell no” to internet voting will give way to the demands of the public, the self interest of politicians and the profit motive of business.”

“In 2003 I urged my colleagues at the state and national level to abandon their absolute rejection and to embrace paper audit trails. By doing so, we could influence the design, development, quality and procedures involving what became know as the VVPAT. I warned them that advocates had better sound bites and slogans with mass appeal than their opposition. You know how that turned out. The country has voting systems in which the greatest point of failure mechanically, electronically and procedurally is the VVPAT while there is no evidence that they have enhanced the security or legitimacy of any election. “

“I am urging the community that categorically rejects internet voting to beware of the lessons learned by election administrators– the other side is developing better sound bites and the demographics of decision makers is changing. You would be surprised how many elected officials no longer know what a chad is. Their concerns of late involve finding out sooner if they won or lost the election.”

Jefferson:  “Scott, thanks for your thoughtful comments. I will respond to a few key sentences. “

“SK: “My concern is that our attitudes and assumptions about security will delay or inhibit legitimate development of robust internet voting systems while garage engineers, like the ones that built certain models of the current DRE systems, will design, build and lobby for their use. The ubiquity of the internet in our lives and our dependence on it will eventually erode the credibility of security concerns and we will be left with poorly designed systems that will be approved for use in public elections.” ‘

“DJ: I would say that we must delay the development of “legitimate and robust” IV systems until such time as several fundamental security problems are solved, including: client side malware, fake clients, server side penetration attacks, strong remote voter authentication, distributed denial of service attacks of all kinds, various network attacks, and insider attacks. And we need a mechanism for strong end-to-end auditability that does not depend on paper. “

“I would say that we are already living with the problem you point out: that vendors will design and build dangerous Internet voting systems and lobby for their use, and unfortunately many legislators and election officials who are untrained in security will buy them. All I can do is help educate on the dangers. “

“SK: “A more reasoned approach, which was not based upon complete and immediate denial of WMD, may have sought to detect indications of WMD, to delay their development with continued embargoes or to deter the Iraqis with threats of escalating coercive means. ” “

“DJ: In discussing Internet voting as the WMD of elections, I don’t think it is necessary to compare too closely to the history of the Iraq war. There the WMD did not in fact exist, so the whole basis for policy and war was false. But regarding Internet voting there is no doubt whatsoever that undetectable, programmed remote attacks are possible, and many of us know how to do them. If you want a demonstration, just insist that the vendors place their systems up for open public tests as was done in D.C. in 2010, and we will demonstrate how they can be destroyed.”

“In any case the issue is, I think, simpler. I hope we can agree that if we could wave a magic wand and free us of the danger of real WMD, so that no one can ever detonate a nuclear, radiological, chemical or biological weapon in the U.S. (or anywhere else, for that matter) then we should hurry and wave that wand. Well, with electoral WMD, we do have such a magic wand. We do not have to permit insecure Internet voting in this country. When and if Internet voting can be implemented without the risk of remote programmed attacks, then the risk of WMD will be eliminated and we can go ahead and vote online.”

“SK: “The debate is likely to be overcome by events and popular will- Bill’s evangelism and that of others is already taking hold. Soon “hell no” to internet voting will give way to the demands of the public, the self interest of politicians and the profit motive of business.” “

“DJ: Just to be clear, my position is not “Hell no”. It is “not now, and not for the foreseeable future, until such time as the profound Internet security problems will be solved.” In the mean time all I can do is work as hard as I can to educate the public and officials to the very real danger of cyber attack on online public elections.”

“SK: “In 2003 I urged my colleagues at the state and national level to abandon their absolute rejection and to embrace paper audit trails. By doing so, we could influence the design, development, quality and procedures involving what became know as the VVPAT. I warned them that advocates had better sound bites and slogans with mass appeal than their opposition. You know how that turned out.”

“DJ: Yes, you are right. The VVPATs as they were implemented were absolute mechanical crap, and still are. I actually had the opportunity to cast a formal vote against the certification in CA of Sequoia’s lousy VVPAT despite the fact that I was one of the most prominent advocates of VVPAT. I learned from that experience that the vendors cannot be trusted. They just did not care about the fact that paperless DREs were and still are completely unauditable, and instead invented completely bogus arguments for DRE security which too many election official believed (and many still do). When forced to add a paper trail to DREs the vendors did the crappiest, cheapest, junkiest job imaginable, and then screamed “I told you so” when they turned out to be unreliable. Paper handling mechanics cannot be perfect, but it can be 1000 times more reliable than those systems are. Under the circumstances, states would have been better off dropping DREs entirely and switching to optical scan rather than certifying the junky VVPATs the Diebold, Sequoia, and ES&S produced.”

“SK: “I am urging the community that categorically rejects internet voting to beware of the lessons learned by election administrators– the other side is developing better sound bites and the demographics of decision makers is changing. You would be surprised how many elected officials no longer know what a chad is. Their concerns of late involve finding out sooner if they won or lost the election.””

“DJ: If you have any ideas as to how to better present the dangers of cyber attacks on online elections I would be glad to hear them. If you could address the issue, and critically assess those sound bites in your blog, that would help greatly. Maybe even put in a good word for Verified Voting.”

Constructive responses are welcome.

Stay tuned.

Reflections of a Prodigal Election Administrator

prodigal sonAfter nearly two months back in California and back in the society of Election Officials, I have made many observations about the art and profession of administering elections.  Most of these observations are not new but I am seeing them anew and from a slightly different perspective of a scholar and a returning “prodigal”.  I know that after a few more months, I will probably re-assimilate and will lose the perspectives I presently enjoy.

I am always struck and am somewhat in awe of the dedication and hard work of election staffs which are repeatedly demonstrated and which have become central features of a powerful professional culture.  The ability, and even the willingness, to do more of the impossible with even less is the hallmark of dedicated election officials.  Hard work, long hours and working weekends never discourage election officials; in fact, they are a badge of honor of sorts.  As a result of the enormity of the work, the intense public scrutiny and the under-appreciation of their efforts, election officials celebrate their underdog status.  It is understandable if, during this celebration of their resilience and ability to perform the impossible, a sense of fatalism, victimhood and martyrdom creep into the way the business of elections is conceived, planned and conducted.

As an election consultant and itinerant election official, I have spent time with nearly 60 county level election offices and have repeatedly observed that complexity, redundancy, bureaucracy and degrees of difficulty are relished and typify election administration.  Suggestions which reduce the level of difficulty of the work an office performs are often perceived as shortcuts which promote laziness and lack the proper work ethic.  Proposals to simplify and streamline election operations are seen as dangerous and irresponsible. Those who are captured by the predominant professional culture find safety and security in complexity and obfuscation.  Needless to say, those making such suggestions and proposals are sometimes looked upon with suspicion and mistrust for their willingness to deconstruct bureaucratic rules and to interpret statutes permissively.

The danger of the culture of the profession is, if there is any, the propensity to be content with merely working hard at the expense of working smart.  The danger is committing time and resources to activities for which there is no purpose other than to be busy.  The rigid commitment to the “means” without a clear understanding of the ”ends” to be achieved can lead, perversely, to opposite and negative outcomes.  When all rules, processes and operations are granted equal importance and status (i.e. got to do it all, everything is top priority), critical operations and processes are compromised . When everything is “top priority”, everything is also, by definition, the “last priority.”

Sports coaches demand 110% effort of their players and athletes claim to give a 110% level of performance despite the logical fallacy and physical impossibility represented by the expression.  The culture of the election profession seems to cling to similar and equally faulty maxims such as, “If some is good,  then more is better” and “Problems are best solved by throwing resources at them.”   In practice, these maxims (and the 110% effort cliché) are played out by substituting effort, overtime and long hours for planning and effective management.  Besides the added monetary costs this approach represents, it introduces increased human costs: fatigue, exhaustion and reduced alertness and stamina.  These human costs inevitably take a toll on accuracy and efficiency- error rates go up and productivity goes down.  This results, predictably, in more overtime and longer hours…ad infinitum.  While, the toll on physical and mental health is difficult to measure,  election officials incredibly take pride in adapting to and enduring sustained periods of stress.  Bodies and minds succumb eventually which explains why so many election officials routinely become sick and finally need to take time off immediately after an election.

This prodigal thinks that metrics of success and accomplishment in the culture of the elections profession need to change from enduring endless and thankless toil, from successfully coping with mind-numbing complexity (or at least waiting until after the election to breakdown), from  illusion of the effectiveness of multi-tasking while delusional from fatigue, and from juggling as a priority setting strategy.  Success and accomplishments should be measured instead by the absence of crises, the notable reduction of stress and the freedom to enjoy friends, family and college football on Saturday afternoons in October and November.

Stay tuned.