Categories
C-BIZ Magazines

Paper pushing: What happened to voting machines in Virginia?

Over the course of the 2016 presidential election, then-candidate Donald Trump asserted the election was going to be “rigged” by unspecified actors. No evidence was ever offered to support that claim, and his concerns about election integrity curiously seem to have evaporated on November 9. But the uncertainty and doubt generated by those statements, and the repeated and ongoing attempts by the Russian government to interfere in U.S. elections, have made some folks take a closer look at how we secure our vote.

In Virginia, the ground game for election security is run by a dizzying array of more than 100 local registrars across the state, one for each city and county. Rosanna Bencoach, the general registrar for Charlottesville, brings more than a decade of experience with election policy and administration to bear, and describes her job as “ensuring that everyone who wants to vote can do so.”

That might be something of an understatement. Bencoach is responsible at the local level for ensuring free and fair elections, every single time. In practice, that means that for each election, hundreds of officials, staff and volunteers need to be carefully choreographed and mobilized to the right places so that voters can participate. The anonymous ballots used in the election are printed and shipped to secure locations, and afterwards they’re sealed and stored for at least one year to preserve a paper record in case there’s any dispute about the vote.

But as experienced as local registrars might be, they ultimately rely on state and federal government agencies to certify which machines are meeting security standards. How secure are the machines that manufacturers are making?

The answer: not very. The software the manufacturers use to power the digital systems that record votes is closed-source; it can’t be inspected for problems by experts among the general public. Without this check, it’s difficult or impossible to detect certain categories of vulnerabilities in the software. Even the physical mechanisms used to prevent direct access to the machines can frequently be bypassed or otherwise disabled without detection.

Despite assurances to the contrary, manufacturers have repeatedly failed in real-world tests when experts take a run at the machines. Last year at DEF CON, an international security and hacking conference, every single voting machine on display was hacked in less than two hours. Even security professionals who had never worked with voting machine technology before were able breach them. Some of these breaches were done wirelessly, on machines that were never supposed to have wireless access turned on.

Luckily, state electoral boards understood the threat. Citing the DEF CON demonstrations, Virginia decertified the worst offenders in 2017. Today, every voting precinct in Virginia uses paper ballots. Sometimes, the best technologies are the most reliable ones.

Of course, voting machines might not even need to be hacked at all to sway an election. Malicious foreign actors don’t have any need to tamper with an election when they can influence the minds of voters directly with an insidious patchwork of false advertising, misinformation and conspiracy theories carefully targeted to prey on the fears of citizens.

And there are certainly differing views about how zealous we should be in pursuing election security. In July, the GOP attempted to defund the Election Assistance Commission, the federal body that certifies voting machines and advises state agencies about how to conduct elections securely. But securing technology is always a moving target, and the work is never done. If citizens want security to be a legislative priority, there’s much more work to do.

John Feminella is the co-founder of analytics startup UpHex and an adviser at Pivotal. He lives in Charlottesville and enjoys solving difficult technology problems.

Categories
C-BIZ Magazines

Ask a technologist: Should I invest in cryptocurrency?

Late in the evening of Halloween 2008, the pseudonymous Satoshi Nakomoto published a white paper to an obscure email list. The paper described a new system of exchanging value, named “Bitcoin,” which wouldn’t require the involvement or intervention of a third party. At the time, the paper was largely ignored. But nearly 10 years later, Bitcoin is worth $150 billion, and a nascent ecosystem of cryptocurrencies and supporting applications has sprung up around it. What happened?

Modern currency fundamentally requires trust in central banks and governments. No one would accept dollars, euros or rubles in exchange for their labor unless they trusted they could spend that money on rent, groceries and gas. But for some people, the idea that a third party can indirectly control the value of their labor this way is irksome. At least for Nakomoto, that motivation seems to have been enough to invent an alternative.

But if currencies require trust, where does Bitcoin’s come from? The paper’s key innovation was to create trust with mathematics and data structures rather than institutional hegemony. Collectively these structures are called a blockchain, so named because transactions are organized into digitally signed groups called blocks, which are then linked together in ways that make it difficult to forge or alter the transactions in them.

In the decade since Bitcoin’s introduction, thousands of cryptocurrencies have been created—and most have languished—each with their own ideas about blockchains. Some have staying power and legitimacy, such as Bitcoin’s more sophisticated sibling, Ethereum. But countless others have proven to be nothing more than meretricious Ponzi schemes that bilked investors of billions.

In such a volatile and unregulated environment, how can one separate the wheat from the chaff? Several entrepreneurs in Charlottesville are coming up with their own answers to this question.

Ryan Adams. Photo: Andrew Shurtleff

Ryan Adams, a longtime technologist and Charlottesville business leader, and part-time blogger for Bitcoin Up Erfahrung, started Mythos Capital to research and explore the cryptocurrency ecosystem. Adams describes Mythos as a “crypto-asset investment company,” whose goal is to determine which visions of blockchain’s future will ultimately survive the test of time and invest in them.

Adams believes that “the playing field is simply too crowded” right now. Eventually, he thinks, “different cryptocurrencies may each take different roles for the distinct responsibilities of money,” in the same way that people use gold bars, credit cards and dollar bills differently.

Others in Charlottesville are coming up with novel ideas for how blockchains could be useful. Seth Baxter and Worth Becker, co-founders of consulting company Neuralux, are working on a new venture called EconomyX to explore how the transparency of blockchains could be used to help investors in private equity markets conduct due diligence. And Moonlighting, a freelance jobs marketplace headquartered in Charlottesville, is promoting its own Moonbit cryptocurrency as a way to help its freelancers get paid.

Blockchain has use potential far greater than just exchanging money; it can be used to preserve historical records, pay parking tickets, even vote. But blockchain technology comes with many trade-offs and regulatory challenges, and there’s a long way to go for any of these ideas to be usable at scale. At one point last year, if you wanted to buy a $5 slice of pizza using Bitcoin, you would pay $50 in transaction fees, wait about an hour for your transaction to clear and consume as much energy as your house uses in a week. That’s a very expensive inconvenience for a cryptocurrency that wants to supplant cash. It’s also a long time to wait for your pizza.

It’s difficult to predict where we’ll be in another 10 years, or if the current blockchain ideas will even be around. Perhaps, much like the internet, it will take many iterations on the core technologies before any of them can achieve ubiquity. But one thing is certain: Lots of people are paying very close attention.

John Feminella is the co-founder of analytics startup UpHex and an adviser at Pivotal. He lives in Charlottesville and enjoys solving difficult technology problems.

Categories
C-BIZ Magazines

Ask a technologist: Will losing net neutrality protections affect me?

In December, the Republican-led Federal Communications Commission voted to repeal its own 2015 ruling about how Internet service providers should be regulated, saying it was eliminating “heavy-handed micromanagement” of the Internet. Many users saw it differently, and lamented what they saw as a loss of important safeguards.

At the heart of the FCC’s ruling is an important question for the future of the web: Should Internet service providers (ISPs) be classified as common carriers? This might seem like an obscure legal debate, but it has profound implications for what you get to see on your laptop or smartphone, and perhaps more importantly, how much you’ll pay for the privilege.

Giving Internet service providers common carrier status means the agency can regulate how ISPs deliver content to users, and what kinds of business practices they’re permitted to engage in. Net neutrality advocates see this as important for ensuring the Internet remains a level playing field for everyone, and to ensure that ISPs don’t engage in practices they believe are abusive for consumers and businesses.

With the current gridlock in the Republican-controlled Congress making any improvement to these protections improbable, consumers and businesses will ultimately have to vote with their dollars to see the Internet they want, and support providers that want to preserve a level playing field. Fortunately, most of Charlottesville enjoys the comparatively rare case of having more than one Internet service provider. But the rest of America doesn’t; only 24 percent of communities in the United States have more than one high-speed broadband option. Everyone else is either under the yoke of a monopoly or doesn’t have access to broadband at all.

One local provider, Ting, says net neutrality is important to them. “We know our customers want this, and we want to double down on our commitment to a fair and open Internet even in the face of changing regulations,” says Monica Webb, Ting’s director of government affairs. Ting lobbied against the FCC changes and has pledged to operate as if the protections were still in place.

For its part, Comcast, the largest provider for Charlottesville, says that going forward it won’t “block, throttle or discriminate against lawful content.” And that may well be true. But without the FCC’s net neutrality protections, many of those promises are no longer enforceable by law.

Still, this all seems pretty hypothetical. After all, most people don’t think we live in a dystopia. Is this much ado about nothing?

Absolutely not, says Barbara Cherry, a legal expert on net neutrality and a professor at Indiana University. “The loss of these protections opens the door to a wide range of serious abuses,” she says. Cherry argues that larger telecoms prefer the regulatory restrictions removed, because it would enable them to pursue new kinds of business models, and potentially capture more revenue.

The problem for consumers and small businesses, Cherry says, is that these business models are often counter to how we might want to access the Internet. For example, an Internet service provider could adopt a policy of charging customers extra if they want to watch videos on streaming video sites, instead of treating all data as equal.

That might be better for the provider’s bottom line, but it’s probably not something consumers or businesses will want.

John Feminella is the co-founder of analytics startup UpHex and an adviser at Pivotal. He lives in Charlottesville and enjoys solving difficult technology problems.