Slashdot Mirror

Google announced new policies Friday that will require advertisers to prove they are a U.S. citizen or permanent resident when buying election ads. "Under the new guidelines, Google will ask advertisers -- be they individuals, organizations, or political action committees -- to prove they are who they claim to be," reports Gizmodo. "It will also require the ads to include a clear disclosure of who is paying for it." From the report: The change comes after Google and other social media companies revealed their advertising platforms were abused by foreign actors, including the Russian government-backed troll farm Internet Research Agency, during the 2016 U.S. presidential election. It also places Google's policies in line with U.S. laws for traditional media that restrict foreign entities from running election ads. Where Google's effort falls short, at least in its current iteration, is the new policies only cover ads featuring candidates running for office. So-called "issue ads" that advocate a certain point of view on hot-button topics are not covered in Google's policies.

According to Bloomberg, Facebook has for years fought to avoid being transparent about who's behind election-related ads online. "Since 2011, Facebook has asked the Federal Election Commission for blanket exemptions from political advertising disclosure rules -- transparency that could have helped it avoid the current crisis over Russia ad spending ahead of the 2016 U.S. election," reports Bloomberg. From the report: Communications law requires traditional media like TV and radio to track and disclose political ad buyers. The rule doesn't apply online, an exemption that's helped Facebook's self-serve advertising business generate hundreds of millions of dollars in political campaign spots. When the company was smaller, the issue was debated in some policy corners of Washington. Now that the social network is such a powerful political tool, with more than 2 billion users, the topic is at the center of a debate about the future of American democracy. Back in 2011, Facebook argued for the exemption for the same reasons as internet search giant Google: its ads are too small and have a character limit, leaving no room for language saying who paid for a campaign, according to documents on the FEC's website. Some FEC commissioners agreed, while others argued that Facebook could provide a clickable web link to get more information about the ad.

Facebook wouldn't budge. It warned that FEC proposals for more political ad disclosure could hinder free speech in a 2011 opinion written by Marc Elias, a high-powered Democratic lawyer who later became general counsel for Hillary Clinton's 2016 campaign. Colin Stretch, a top Facebook lawyer, said the agency "should not stand in the way of innovation," and warned that such rules would quickly become obsolete. When it came time for the FEC to decide in June 2011, the agency's six commissioners split on a 3-3 vote. Facebook didn't get its exemption, so an advertiser using its platform was still subject to a 2006 ruling by the FEC requiring disclosure. But the company allowed ads to run without those disclaimers, leaving it up to ad buyers to comply.

According to Bloomberg, Facebook has for years fought to avoid being transparent about who's behind election-related ads online. "Since 2011, Facebook has asked the Federal Election Commission for blanket exemptions from political advertising disclosure rules -- transparency that could have helped it avoid the current crisis over Russia ad spending ahead of the 2016 U.S. election," reports Bloomberg. From the report: Communications law requires traditional media like TV and radio to track and disclose political ad buyers. The rule doesn't apply online, an exemption that's helped Facebook's self-serve advertising business generate hundreds of millions of dollars in political campaign spots. When the company was smaller, the issue was debated in some policy corners of Washington. Now that the social network is such a powerful political tool, with more than 2 billion users, the topic is at the center of a debate about the future of American democracy. Back in 2011, Facebook argued for the exemption for the same reasons as internet search giant Google: its ads are too small and have a character limit, leaving no room for language saying who paid for a campaign, according to documents on the FEC's website. Some FEC commissioners agreed, while others argued that Facebook could provide a clickable web link to get more information about the ad.

Facebook wouldn't budge. It warned that FEC proposals for more political ad disclosure could hinder free speech in a 2011 opinion written by Marc Elias, a high-powered Democratic lawyer who later became general counsel for Hillary Clinton's 2016 campaign. Colin Stretch, a top Facebook lawyer, said the agency "should not stand in the way of innovation," and warned that such rules would quickly become obsolete. When it came time for the FEC to decide in June 2011, the agency's six commissioners split on a 3-3 vote. Facebook didn't get its exemption, so an advertiser using its platform was still subject to a 2006 ruling by the FEC requiring disclosure. But the company allowed ads to run without those disclaimers, leaving it up to ad buyers to comply.

Velcroman1 writes: Our government is in a dysfunctional state. It is also illiterate when it comes to technology. Technology is not a tool that should be used for a government to invade our privacy. Technology should not be the scapegoat when we fail to protect our digital assets and tools of commerce. These are matters of priorities." So says John McAfee, offering up a brief explanation into why he's running for president. As noted earlier on slashdot, McAfee has filed paperwork already (PDF) to found a new party.

An anonymous reader writes: Since this U.S. presidential election cycle clearly isn't chaotic enough already, it seems John McAfee is now considering a campaign as well. Wired reports that McAfee hasn't decided for sure yet, and he's hoping to persuade somebody more charismatic to run with his backing. He said his advisors are pressing him to run, adding, "I have many thousands of emails saying please run for President. It's not something I would just choose to do on my own." What would his platform be? It actually sounds pretty simple: "It's clear that the leadership of our country is illiterate on the fundamental technology that supports everything in life for us now, that is cyber science, our smartphones, our military hardware, our communications." He'd be a strong proponent for privacy and autonomy. We should know in a few days whether McAfee is in or out — Wired says he "seems far more concerned with having his voice heard on one particular issue than with taking a seat in the Oval Office." Something seems to have changed his mind about politics: in a 2014 interview here, McAfee said. "I would never run for office, neither would I want to be in office, of any kind. I would rather drive a nail through my foot." According to the paperwork McAfee has filed, he is founding a new party (PDF).

CompaniaHill writes "Hastily passed in the wake of the 2000 election mess, the Help America Vote Act (HAVA) supposedly offered funding to help states update their voting systems. In reality, the short deadlines have been used to push the sale of untested and uncertified new e-voting systems. Many states continue to demonstrate that the new e-voting machines are not reliable. The New York State Board of Elections (NYSBOE) took the time to pass their own voting legislation with additional testing and certification standards which far exceed the HAVA standards. As a result, they missed the HAVA deadlines. In March 2006, the Department of Justice (DOJ) sued New York to comply with HAVA. Now, the DOJ is serving a motion to try to take away New York's right to select and acquire their own voting machine systems — in effect, to force e-voting machines on New York anyway. At the moment it's too soon to say how the NYSBOE will respond."

eldavojohn writes "Despite complaints that political bloggers should be subject to campaign finance laws since they are donating huge amounts of money in the form of advertising and media services to candidates, the FEC will not regulate political blogging. From the FEC statement: 'While the complaint asserts that DailyKos advocates for the election of Democrats for federal office, the commission has repeatedly stated that an entity that would otherwise qualify for the media exemption does not lose its eligibility because it features news or commentary lacking objectivity or expressly advocates in its editorial the election or defeat of a federal candidate.'"

You posted your questions for Herbert H. Thompson, PhD, on November 3rd and 4th. He decided to wait to answer until after the election in case there was a flagrant voting machine problem he could include in his answers -- and there has been at least one, but it is probably not a "security" problem per se, and is a long way from being resolved in any case. So here we go. Good food for thought here.

1) paper trail?
by ummit

This is a really basic question and it seems I should know an answer, but it never seems to be discussed: Why are the electronic voting machine companies generally so dead-set against emitting verifiable and auditable paper records? It can't just be cost, because they could and would just pass that on to their customers.

Hugh: In some states the debate has already been settled in that there is legislation in place requiring a voter-verified paper trail. Verifiedvoting.org has a good tracker of this here.

There are a few points often cited by groups resistant to a voter-verified paper trail. A first argument is that printers can fail. In touch-screen - Direct Record Electronic or DRE machines - printers are often the only components with moving parts (although some systems do have hard drives) which increases the risk of mechanical failure. Printers also bring issues like running out of paper, jams, misprints, etc. Another reason (cited less frequently) is the cost of paper/printing, but as you pointed out, this is a cost that can be passed on to counties.

Some election officials have also made the argument that they've already bought machines that don't have a paper trail and retrofitting existing machines would be costly and painful. I've also heard the argument that having a paper receipt doesn't matter because in most cases they won't be referenced.

I don't think that the sum of these arguments against a paper trail come any where near countering the necessity of having some sort of redundant recording mechanism. A critical system should always failover securely and a voter verified paper trail, if implemented properly, can meet that need for DRE machines.

2) Re:paper trail?
by Thansal

Sort of a follow up, how do the states/districts decide what machine to go with? Is it a standard "go with the lowest bidder", is this why we see such shoddy machines going into action? Do the decision making organizations tend to have specific features they look for? Anything else you would like to share about the decision making processes that you have seen?

Hugh: There are a couple of key things to keep in mind. First, there are only a few main machine suppliers. Second, the Help America Vote act (see http://www.fec.gov/hava/law_ext.txt) provided a ton of money to invest in electronic voting machines within a short (debatably unrealistic) timeframe. Given these two factors, the sales that I've seen have boiled down to readily visible machine elements like purchase price, how many other places have used the machines successfully, deployment cost, maintainability, ongoing service/maintenance cost, personal relationships, etc.

Generally, buyers of this technology aren't factoring in security: the machines pass certification lab tests but the testing doesn't cover security well (or at all). The National Institute of Standards (NIST) is working on certification procedures to address this very problem and the hope is that security will factor prominently into buying decisions made in the future. Hopefully existing machines will be retrofitted to meet those new standards too.

3) Largest Inherent Flaw?
by eldavojohn

In your opinion, what is the largest inherent flaw within electronic voting systems today? Diebold's been in the news for having many potential problems ranging from securing the physical hardware to the ability to hack the software or firmware. I'm sure you're quite prepared to pose a case against implementations but can you think of a more intuitive scheme (encryption, network layout, verification scheme) to protect against "hacking our democracy?"

Hugh: The biggest problem with e-voting isn't technical; it's procedural. Ignoring the perennial social voting issues (voter suppression, dead people voting, etc.) there's no real guidance given to elections administrators on how to safely and effectively use electronic voting equipment. If one has no idea what a memory card is, why would you bother trying to secure it?

One glaring example of bad procedure is 'sleepovers', a practice where voting machines are sent home with poll workers before an election to make the process of transporting them to polling places on election day easier (see http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002204 for some info on this). If one were dealing with a box to hold ballots, 'sleepovers' wouldn't be a problem because the morning of the election a group of poll workers could inspect the box and verify that it was empty (including the old false bottom trick; see 'Stuffer's ballot box' at http://americanhistory.si.edu/vote/paperballots.html). If election officials knew the risks of tampering with some of these electronic voting machines (just search Slashdot for 'e-voting' for examples) then a voting machine sleepover suddenly seems like a pretty bad idea.

Right now we're at a point where election supervisors and poll workers are given a technology that they don't understand with little or no guidance on how to use that technology safely and securely. That's a recipe for serious risk, for voting or anything else.

4) Here is my question...
by Noryungi

Let's assume for a moment the 2006 US House/Senate election goes this way: Republicans keep control of both through a series of smallish victories, Democrats gain a few seats, and the results are explained away in the mainstream media as "fluke results", "margin of error", etc...

How do you prove that foul play (hacking) has been involved?

Do you even have a plan in place to check the results?

Please note that this is a very serious question. There was a saying, a few years back, that said a novice hacker is someone known in a small circle, a confirmed hacker is someone who is known all over the Internet, and a great hacker is someone who is totally invisible.

What if the election was subtly hacked, in a way that left lingering doubts (51%-vs-48% kind of results and all that), but no solid proof?

Hugh: First it's important to define e-voting security as a technology issue and not a partisan politics issue; what we've seen so far has been bad software and bad procedures to administer that software. Given the types of vulnerabilities that have been found, proving (and sometimes even detecting) foul play can be very difficult if the malicious person is skilled and the effect is minor (meaning a small percentage of the actual votes cast). For the types of vulnerabilities uncovered in some of the touch screens, optical scan readers, and backend tabulation systems, exploits can be written for some of them that are 'self erasing.' This means that the last executed bits of code can change things so that it looks like the original which could make slight tampering difficult to detect or prove in purely electronic systems. I think this argument speaks to the need for a voter-verified paper receipt so that there will be at least a good answer to the recount question.

5) OSS?
by Xzzy

Does the HBO show spend any time discussing the three "sides" to the debate? E-Voting, open sourced e-voting software, and paper voting? The last Slashdot article on this topic, when Diebold's complaint was announced, spent some time on this. The worry being, the debate is nothing more than "e-voting good" or "e-voting bad", ignoring the possibility that "open source e-voting" might be a viable middle ground.

How do you think open source could fit into this issue? Or should it?

Hugh: When it comes to voting, I'm not sure if it's a matter of open vs. closed source but instead a matter of standards and inspection by people who understand security. I'd be a fan of any solution, open or closed source, that allows trusted, knowledgeable, and independent software and hardware security practitioners the ability to inspect the systems and the code that runs them.

For example, I believe that there should be some sort of standards organization that is chartered with inspecting the system AND has proven security expertise to act as a representative of the people. For airplanes we put faith in FAA and airline carrier safety and security inspections. This kind of process has worked pretty well for a long time for machines that we place our trust in like airplanes, elevators, etc. but we're still a long way away from it in voting unfortunately. If the voting systems were open source, this may come automatically as a function of the 'citizen inspector' and might get us to where things should be faster but I think its still possible in a closed-source environment.

6) Pen-and-paper voting
by NetDanzr

What, exactly, is the argument against pen-and-paper voting? It seems to me that everybody wants to migrate to voting machines - electronic or mechanical - but so far nobody has explained to me what's wrong with good old-fashioned "put an X next to your candidate's name" voting.

Hugh: There are some pretty interesting (and legitimate) drivers behind e-voting and I'll go through the biggest.

The first is a push for disabled voters to be able cast their ballot using the same mechanism as able-bodied voters in a non-assisted way. Many states have mandated that machines must be able to service blind and illiterate voters and section 301 of the Help America Vote Act (HAVA)requires that such facilities at least be available (see HAVA section 301 from http://www.fec.gov/hava/law_ext.txt). Most touch screen machines do this through audio output to a headphone jack.

Another driver is the desire to capture voter intent unambiguously. Every year thousands of votes aren't counted because there's some ambiguity in how the voter intended to vote. In pen and paper voting, someone can put Xs (or shaded-in ovals) next to two candidate names instead of one or make a stray mark on a paper ballot which may lead to some late night debates involving lawyers and magnifying glasses. One of the hopes for e-voting was to drastically reduce voter intent ambiguity by guaranteeing that someone couldn't vote for multiple candidates in the same race simultaneously.

Efficiency (theoretically) has been another driver, more so in counting than in the actual voting process itself.

The sum of these present a good case to at least rethink pen-and-paper as the answer but, as with any new system, care has to be taken that the solution fixes more problems than it creates.

7) Why is it so hard?
by gorbachev

As a software engineer I'm constantly amazed at how incompetent Diebold and other companies making e-voting applications appear to be. This stuff is not rocket science at all, but fairly uncomplicated, basic software engineering.

Why do you think it's so hard for Diebold and other companies to come up with solutions that work well? Is it a stubborn unwillingness to listen and learn from critics, sheer incompetence, or something else?

Hugh: We've certainly seen some pretty glaring security problems in voting machines that span touch screens, tabulators, and optical scan devices. We've really seen problems across vendors too. The biggest problem I think is that there's no real economic driver to make the systems more secure. The people that buy voting machines typically haven't discriminated based on the security quality of the machines because they have no visibility into it. It's like buying a car without something like consumer reports crash test ratings. Unless someone actually starts looking at machine security and comparing it then we're left to making buying decisions based on qualities we can see like purchase price, market share, and whatever unsubstantiated thing the vendor wants to tell us about features and quality. Even given some of the vulnerabilities that have been found, and supposedly fixed, we're still no better off. If you determine that company X has vulnerability Y in one of their voting systems who's to say if the competition's voting system is any better or worse? We are at the point now where we know the systems that have been looked at are sub-par with respect to security and hopefully that's enough to spur consumers (counties that buy the machines) to start asking some tough questions to vendors about security and get us to a place where they can factor security quality into their buying decisions.

8) On Open vs. Closed Networks
by the-banker

It has always seemed to me that the real Achilles heel of e-voting is the networked approach that most vendors have taken. With a networked approach, fraud can be perpetrated on a mass scale if entry is gained at one weakness.

As a former election judge, I have enough experience to know that rigging a paper election is a daunting, nearly impossible task, as there are literally thousands of ballot boxes that would have to be compromised for any sort of advantage (on a state or national scale).

Are these concerns balanced (or even discussed) when officials are purchasing equipment? Do local Board of Elections have not only the expertise, but the concern to ask the right questions? And how do BoE directors react when they hear about your concerns and research?

Hugh: I agree that networking machines together is a serious risk certainly from a scale-of-attack perspective and unfortunately some counties continue to modem in results from polling places using procedures that are insecure.

I think the bigger issue is visibility and awareness; election officials just aren't given procedural guidance on how to administer the systems securely. The result is risk and I think many of these risks aren't weighed with the proper magnitude by election officials because it's unfamiliar territory. I think that most Board of Elections officials are good people who want to do the right thing but just don't know what questions to ask vendors about security and don't know how to interpret their answers. This isn't just a problem in voting, it's a problem with software security in general and I think it's important that if you're investing heavily in a software-based solution that you ask hard questions about security. I think a good starter set of questions to throw at software vendors (voting or otherwise) is:

• What process improvements have you made as a result of vulnerabilities reported in your software?
• What is your patch release (or update) strategy?
• Have you had an external (and reputable) security auditing or penetration testing firm evaluate your system? Can we see a summary of their report?
• Can we have our own security auditing firm evaluate your system?
• Do you have a dedicated team to assess and respond to security vulnerability reports in your products?
• What is your vulnerability response process?
• What training do your development and testing groups receive on security?
• What percentage of your test team is focused on security?
• What are the terms and period of your security support agreement?
• Do you offer security training, documentation or guidance to people that will be operating your system?

This list is by no means comprehensive but the answers will likely be illuminating. Some of the questions rely on vendor forthrightness while others use external validation. With someone technical and software security savvy on the team that's evaluating vendors though, you can get a good feel for how vendor answers compare with each other. The long term hope is that we'll have decent security standards for voting systems that are enforced. The National Institute of Standards (NIST) is making progress here and I look forward to the results.

9) The greatest threat to e-voting?
by sharkb8

Do you think the greatest threat of an e-voting system being hijacked is during the voting itself, with one or more people influencing things at the polling place, during the processing, with untrained, nonaccountable poll workers and supervisors, or do you think a greater threat would be someone maliciously attacking an electronic vote counting repository/database?

Hugh: In terms of attack, the greatest risk is still probably a people risk; and that has existed for a long time. The concern with e-voting is that some of the vulnerabilities found make it so that the number of folks that would have to be involved to tamper with results is fewer than before and that their efforts may scale. From that perspective I think there's risk at each stage of the process from how voter registration databases are stored and secured, to how they are cast on election day, to when they get aggregated at the central tabulator. The 'riskiest' piece of the process actually varies from state to state and county to county based on the procedures they have around security. In some places the biggest threat may exist in registration databases that are stored on unprotected servers. In other counties risk may come from poll workers that election officials know very little about who are allowed to take voting machines home the night before elections to make the setup process easier the next day. In others, the biggest risk might lay in the central tabulator which is housed in an unlocked room, where many people enter and exit throughout the day.

Many of these risks could be reduced by poll worker training and procedural change on how machines are operated and secured.

10) Is the Harm Really that Great?
by logicnazi

I am saddened and dismayed by the poor engineering and ignorance of basic security practices that our electronic voting machines show. However, is this really something we should panic about or even the biggest problem in our election system?

All voting systems are vulnerable to fraud. What makes these electronic systems different is that one or a very small number of individuals can engineer a fraud. However, their ability to execute a fraud is limited by the media polls (we will suspect something if the results are inexplicably different than polled) and knowledge of precinct history. Thus the danger from individuals changing the vote seems to really be that they will shift a close race (say 10% apart) one way or another.

However, this sort of shifting close races doesn't greatly degrade the structural force of voting. All candidates will still try to enact policies to garner support whether they need 50% of the votes or only 45%. Much of voting is random, affected by things like personal charisma rather than policy questions so clearly the system doesn't work because we always have the person who 50% want but rather it works because of the structural pressure not to stray too far from what the people want. Or to put it in political science terms, what does all the work is the tendency of all candidates to shift to the middle so in the long run who actually wins each race isn't so important.

But now comparing the potential for electronic vote fraud to things like machine politics (with conventional ballot stuffing), safe districts, voter disenfranchisement efforts, felon lists etc.. etc.. it doesn't seem like it is such a big deal. Making sure the polling places in the inner city don't have enough machines has a much bigger structural effect, by making sure one group's votes don't count at all, than just giving one candidate a random 10% of the vote. Creating a safe district removes virtually all of the structural pressure of voters on government and it seems far more effective and less dangerous to accidentally strike the wrong people from the rolls or put too few voting machines in some precincts.

In short are we letting our concern over the technology of voting blind us to the bigger issues? Shouldn't we be paying more attention to who gets to vote, how districts are drawn and other conventional aspects of voting than to the potential for individuals to electronically cheat?

Hugh: I think that the flaws we've seen with electronic voting are only a piece of the problem and that the largest issues we have in voting are people ones. The technical flaws, though, may amplify some of the classic people threats. As you pointed out, some of the vulnerabilities may allow a malicious person's actions to scale or may mean that a smaller number of people to have a bigger influence. Even just within the space of e-voting security I'd argue that many of the risks that come from machine vulnerabilities can be greatly reduced if we had some sound broad procedures/education around using and administering the machines securely.

The voting process has always posed some significant challenges. E-voting security is a small piece of the larger problem. It is a piece that we know we can do something about, though, by establishing some basic security assessment standards for the machines themselves and some procedural and education standards for those that administer elections. The biggest sin would be that e-voting vulnerabilities merit a prominent place on the laundry list of voting problems in years to come. I think we're at a point where some simple things can be done to move it off that list and I hope that some of the standards efforts that have begun now in earnest get rolled out so attention can be focused on other ongoing voting challenges.

You posted your questions for Herbert H. Thompson, PhD, on November 3rd and 4th. He decided to wait to answer until after the election in case there was a flagrant voting machine problem he could include in his answers -- and there has been at least one, but it is probably not a "security" problem per se, and is a long way from being resolved in any case. So here we go. Good food for thought here.

1) paper trail?
by ummit

This is a really basic question and it seems I should know an answer, but it never seems to be discussed: Why are the electronic voting machine companies generally so dead-set against emitting verifiable and auditable paper records? It can't just be cost, because they could and would just pass that on to their customers.

Hugh: In some states the debate has already been settled in that there is legislation in place requiring a voter-verified paper trail. Verifiedvoting.org has a good tracker of this here.

There are a few points often cited by groups resistant to a voter-verified paper trail. A first argument is that printers can fail. In touch-screen - Direct Record Electronic or DRE machines - printers are often the only components with moving parts (although some systems do have hard drives) which increases the risk of mechanical failure. Printers also bring issues like running out of paper, jams, misprints, etc. Another reason (cited less frequently) is the cost of paper/printing, but as you pointed out, this is a cost that can be passed on to counties.

Some election officials have also made the argument that they've already bought machines that don't have a paper trail and retrofitting existing machines would be costly and painful. I've also heard the argument that having a paper receipt doesn't matter because in most cases they won't be referenced.

I don't think that the sum of these arguments against a paper trail come any where near countering the necessity of having some sort of redundant recording mechanism. A critical system should always failover securely and a voter verified paper trail, if implemented properly, can meet that need for DRE machines.

2) Re:paper trail?
by Thansal

Sort of a follow up, how do the states/districts decide what machine to go with? Is it a standard "go with the lowest bidder", is this why we see such shoddy machines going into action? Do the decision making organizations tend to have specific features they look for? Anything else you would like to share about the decision making processes that you have seen?

Hugh: There are a couple of key things to keep in mind. First, there are only a few main machine suppliers. Second, the Help America Vote act (see http://www.fec.gov/hava/law_ext.txt) provided a ton of money to invest in electronic voting machines within a short (debatably unrealistic) timeframe. Given these two factors, the sales that I've seen have boiled down to readily visible machine elements like purchase price, how many other places have used the machines successfully, deployment cost, maintainability, ongoing service/maintenance cost, personal relationships, etc.

Generally, buyers of this technology aren't factoring in security: the machines pass certification lab tests but the testing doesn't cover security well (or at all). The National Institute of Standards (NIST) is working on certification procedures to address this very problem and the hope is that security will factor prominently into buying decisions made in the future. Hopefully existing machines will be retrofitted to meet those new standards too.

3) Largest Inherent Flaw?
by eldavojohn

In your opinion, what is the largest inherent flaw within electronic voting systems today? Diebold's been in the news for having many potential problems ranging from securing the physical hardware to the ability to hack the software or firmware. I'm sure you're quite prepared to pose a case against implementations but can you think of a more intuitive scheme (encryption, network layout, verification scheme) to protect against "hacking our democracy?"

Hugh: The biggest problem with e-voting isn't technical; it's procedural. Ignoring the perennial social voting issues (voter suppression, dead people voting, etc.) there's no real guidance given to elections administrators on how to safely and effectively use electronic voting equipment. If one has no idea what a memory card is, why would you bother trying to secure it?

One glaring example of bad procedure is 'sleepovers', a practice where voting machines are sent home with poll workers before an election to make the process of transporting them to polling places on election day easier (see http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002204 for some info on this). If one were dealing with a box to hold ballots, 'sleepovers' wouldn't be a problem because the morning of the election a group of poll workers could inspect the box and verify that it was empty (including the old false bottom trick; see 'Stuffer's ballot box' at http://americanhistory.si.edu/vote/paperballots.html). If election officials knew the risks of tampering with some of these electronic voting machines (just search Slashdot for 'e-voting' for examples) then a voting machine sleepover suddenly seems like a pretty bad idea.

Right now we're at a point where election supervisors and poll workers are given a technology that they don't understand with little or no guidance on how to use that technology safely and securely. That's a recipe for serious risk, for voting or anything else.

4) Here is my question...
by Noryungi

Let's assume for a moment the 2006 US House/Senate election goes this way: Republicans keep control of both through a series of smallish victories, Democrats gain a few seats, and the results are explained away in the mainstream media as "fluke results", "margin of error", etc...

How do you prove that foul play (hacking) has been involved?

Do you even have a plan in place to check the results?

Please note that this is a very serious question. There was a saying, a few years back, that said a novice hacker is someone known in a small circle, a confirmed hacker is someone who is known all over the Internet, and a great hacker is someone who is totally invisible.

What if the election was subtly hacked, in a way that left lingering doubts (51%-vs-48% kind of results and all that), but no solid proof?

Hugh: First it's important to define e-voting security as a technology issue and not a partisan politics issue; what we've seen so far has been bad software and bad procedures to administer that software. Given the types of vulnerabilities that have been found, proving (and sometimes even detecting) foul play can be very difficult if the malicious person is skilled and the effect is minor (meaning a small percentage of the actual votes cast). For the types of vulnerabilities uncovered in some of the touch screens, optical scan readers, and backend tabulation systems, exploits can be written for some of them that are 'self erasing.' This means that the last executed bits of code can change things so that it looks like the original which could make slight tampering difficult to detect or prove in purely electronic systems. I think this argument speaks to the need for a voter-verified paper receipt so that there will be at least a good answer to the recount question.

5) OSS?
by Xzzy

Does the HBO show spend any time discussing the three "sides" to the debate? E-Voting, open sourced e-voting software, and paper voting? The last Slashdot article on this topic, when Diebold's complaint was announced, spent some time on this. The worry being, the debate is nothing more than "e-voting good" or "e-voting bad", ignoring the possibility that "open source e-voting" might be a viable middle ground.

How do you think open source could fit into this issue? Or should it?

Hugh: When it comes to voting, I'm not sure if it's a matter of open vs. closed source but instead a matter of standards and inspection by people who understand security. I'd be a fan of any solution, open or closed source, that allows trusted, knowledgeable, and independent software and hardware security practitioners the ability to inspect the systems and the code that runs them.

For example, I believe that there should be some sort of standards organization that is chartered with inspecting the system AND has proven security expertise to act as a representative of the people. For airplanes we put faith in FAA and airline carrier safety and security inspections. This kind of process has worked pretty well for a long time for machines that we place our trust in like airplanes, elevators, etc. but we're still a long way away from it in voting unfortunately. If the voting systems were open source, this may come automatically as a function of the 'citizen inspector' and might get us to where things should be faster but I think its still possible in a closed-source environment.

6) Pen-and-paper voting
by NetDanzr

What, exactly, is the argument against pen-and-paper voting? It seems to me that everybody wants to migrate to voting machines - electronic or mechanical - but so far nobody has explained to me what's wrong with good old-fashioned "put an X next to your candidate's name" voting.

Hugh: There are some pretty interesting (and legitimate) drivers behind e-voting and I'll go through the biggest.

The first is a push for disabled voters to be able cast their ballot using the same mechanism as able-bodied voters in a non-assisted way. Many states have mandated that machines must be able to service blind and illiterate voters and section 301 of the Help America Vote Act (HAVA)requires that such facilities at least be available (see HAVA section 301 from http://www.fec.gov/hava/law_ext.txt). Most touch screen machines do this through audio output to a headphone jack.

Another driver is the desire to capture voter intent unambiguously. Every year thousands of votes aren't counted because there's some ambiguity in how the voter intended to vote. In pen and paper voting, someone can put Xs (or shaded-in ovals) next to two candidate names instead of one or make a stray mark on a paper ballot which may lead to some late night debates involving lawyers and magnifying glasses. One of the hopes for e-voting was to drastically reduce voter intent ambiguity by guaranteeing that someone couldn't vote for multiple candidates in the same race simultaneously.

Efficiency (theoretically) has been another driver, more so in counting than in the actual voting process itself.

The sum of these present a good case to at least rethink pen-and-paper as the answer but, as with any new system, care has to be taken that the solution fixes more problems than it creates.

7) Why is it so hard?
by gorbachev

As a software engineer I'm constantly amazed at how incompetent Diebold and other companies making e-voting applications appear to be. This stuff is not rocket science at all, but fairly uncomplicated, basic software engineering.

Why do you think it's so hard for Diebold and other companies to come up with solutions that work well? Is it a stubborn unwillingness to listen and learn from critics, sheer incompetence, or something else?

Hugh: We've certainly seen some pretty glaring security problems in voting machines that span touch screens, tabulators, and optical scan devices. We've really seen problems across vendors too. The biggest problem I think is that there's no real economic driver to make the systems more secure. The people that buy voting machines typically haven't discriminated based on the security quality of the machines because they have no visibility into it. It's like buying a car without something like consumer reports crash test ratings. Unless someone actually starts looking at machine security and comparing it then we're left to making buying decisions based on qualities we can see like purchase price, market share, and whatever unsubstantiated thing the vendor wants to tell us about features and quality. Even given some of the vulnerabilities that have been found, and supposedly fixed, we're still no better off. If you determine that company X has vulnerability Y in one of their voting systems who's to say if the competition's voting system is any better or worse? We are at the point now where we know the systems that have been looked at are sub-par with respect to security and hopefully that's enough to spur consumers (counties that buy the machines) to start asking some tough questions to vendors about security and get us to a place where they can factor security quality into their buying decisions.

8) On Open vs. Closed Networks
by the-banker

It has always seemed to me that the real Achilles heel of e-voting is the networked approach that most vendors have taken. With a networked approach, fraud can be perpetrated on a mass scale if entry is gained at one weakness.

As a former election judge, I have enough experience to know that rigging a paper election is a daunting, nearly impossible task, as there are literally thousands of ballot boxes that would have to be compromised for any sort of advantage (on a state or national scale).

Are these concerns balanced (or even discussed) when officials are purchasing equipment? Do local Board of Elections have not only the expertise, but the concern to ask the right questions? And how do BoE directors react when they hear about your concerns and research?

Hugh: I agree that networking machines together is a serious risk certainly from a scale-of-attack perspective and unfortunately some counties continue to modem in results from polling places using procedures that are insecure.

I think the bigger issue is visibility and awareness; election officials just aren't given procedural guidance on how to administer the systems securely. The result is risk and I think many of these risks aren't weighed with the proper magnitude by election officials because it's unfamiliar territory. I think that most Board of Elections officials are good people who want to do the right thing but just don't know what questions to ask vendors about security and don't know how to interpret their answers. This isn't just a problem in voting, it's a problem with software security in general and I think it's important that if you're investing heavily in a software-based solution that you ask hard questions about security. I think a good starter set of questions to throw at software vendors (voting or otherwise) is:

• What process improvements have you made as a result of vulnerabilities reported in your software?
• What is your patch release (or update) strategy?
• Have you had an external (and reputable) security auditing or penetration testing firm evaluate your system? Can we see a summary of their report?
• Can we have our own security auditing firm evaluate your system?
• Do you have a dedicated team to assess and respond to security vulnerability reports in your products?
• What is your vulnerability response process?
• What training do your development and testing groups receive on security?
• What percentage of your test team is focused on security?
• What are the terms and period of your security support agreement?
• Do you offer security training, documentation or guidance to people that will be operating your system?

This list is by no means comprehensive but the answers will likely be illuminating. Some of the questions rely on vendor forthrightness while others use external validation. With someone technical and software security savvy on the team that's evaluating vendors though, you can get a good feel for how vendor answers compare with each other. The long term hope is that we'll have decent security standards for voting systems that are enforced. The National Institute of Standards (NIST) is making progress here and I look forward to the results.

9) The greatest threat to e-voting?
by sharkb8

Do you think the greatest threat of an e-voting system being hijacked is during the voting itself, with one or more people influencing things at the polling place, during the processing, with untrained, nonaccountable poll workers and supervisors, or do you think a greater threat would be someone maliciously attacking an electronic vote counting repository/database?

Hugh: In terms of attack, the greatest risk is still probably a people risk; and that has existed for a long time. The concern with e-voting is that some of the vulnerabilities found make it so that the number of folks that would have to be involved to tamper with results is fewer than before and that their efforts may scale. From that perspective I think there's risk at each stage of the process from how voter registration databases are stored and secured, to how they are cast on election day, to when they get aggregated at the central tabulator. The 'riskiest' piece of the process actually varies from state to state and county to county based on the procedures they have around security. In some places the biggest threat may exist in registration databases that are stored on unprotected servers. In other counties risk may come from poll workers that election officials know very little about who are allowed to take voting machines home the night before elections to make the setup process easier the next day. In others, the biggest risk might lay in the central tabulator which is housed in an unlocked room, where many people enter and exit throughout the day.

Many of these risks could be reduced by poll worker training and procedural change on how machines are operated and secured.

10) Is the Harm Really that Great?
by logicnazi

I am saddened and dismayed by the poor engineering and ignorance of basic security practices that our electronic voting machines show. However, is this really something we should panic about or even the biggest problem in our election system?

All voting systems are vulnerable to fraud. What makes these electronic systems different is that one or a very small number of individuals can engineer a fraud. However, their ability to execute a fraud is limited by the media polls (we will suspect something if the results are inexplicably different than polled) and knowledge of precinct history. Thus the danger from individuals changing the vote seems to really be that they will shift a close race (say 10% apart) one way or another.

However, this sort of shifting close races doesn't greatly degrade the structural force of voting. All candidates will still try to enact policies to garner support whether they need 50% of the votes or only 45%. Much of voting is random, affected by things like personal charisma rather than policy questions so clearly the system doesn't work because we always have the person who 50% want but rather it works because of the structural pressure not to stray too far from what the people want. Or to put it in political science terms, what does all the work is the tendency of all candidates to shift to the middle so in the long run who actually wins each race isn't so important.

But now comparing the potential for electronic vote fraud to things like machine politics (with conventional ballot stuffing), safe districts, voter disenfranchisement efforts, felon lists etc.. etc.. it doesn't seem like it is such a big deal. Making sure the polling places in the inner city don't have enough machines has a much bigger structural effect, by making sure one group's votes don't count at all, than just giving one candidate a random 10% of the vote. Creating a safe district removes virtually all of the structural pressure of voters on government and it seems far more effective and less dangerous to accidentally strike the wrong people from the rolls or put too few voting machines in some precincts.

In short are we letting our concern over the technology of voting blind us to the bigger issues? Shouldn't we be paying more attention to who gets to vote, how districts are drawn and other conventional aspects of voting than to the potential for individuals to electronically cheat?

Hugh: I think that the flaws we've seen with electronic voting are only a piece of the problem and that the largest issues we have in voting are people ones. The technical flaws, though, may amplify some of the classic people threats. As you pointed out, some of the vulnerabilities may allow a malicious person's actions to scale or may mean that a smaller number of people to have a bigger influence. Even just within the space of e-voting security I'd argue that many of the risks that come from machine vulnerabilities can be greatly reduced if we had some sound broad procedures/education around using and administering the machines securely.

The voting process has always posed some significant challenges. E-voting security is a small piece of the larger problem. It is a piece that we know we can do something about, though, by establishing some basic security assessment standards for the machines themselves and some procedural and education standards for those that administer elections. The biggest sin would be that e-voting vulnerabilities merit a prominent place on the laundry list of voting problems in years to come. I think we're at a point where some simple things can be done to move it off that list and I hope that some of the standards efforts that have begun now in earnest get rolled out so attention can be focused on other ongoing voting challenges.

Dotnaught writes "The Federal Election Commission today issued an advisory opinion that finds the Fired Up network of blogs qualifies for the 'press exemption' to federal campaign finance laws. The press exemption, as defined by Congress, is meant to assure 'the unfettered right of the newspapers, TV networks, and other media to cover and comment on political campaigns.' The full ruling is available at the FEC site. A noteworthy passage: '...an entity otherwise eligible for the press exception would not lose its eligibility merely because of a lack of objectivity...'"

An anonymous reader writes "Electoral-vote.com (and mirrors electoral-vote2.com through electoral-vote8.com) seem to be very slow at the moment. Votemaster ( A. Tanenbaum) just posted 'All the servers appear to be under attack now, also DNS. I added another large multiprocessor but it doesn't seem to help much. I don't this is going to work. Sorry.' Massive attack or just a large flash crowd? Anybody up for some mirroring so votemaster can concentrate on the polls?" Reader fishwack writes with word that as of 3:46GMT (10:46 PM Eastern time in the U.S.) "the Federal Electoral Commission's Web site is down."

An anonymous reader writes "This phone-enabled, java-app, Red | Blue, allows the user to identify the political leanings of their current location. "By taking your current location, and finding the nearest individual donors of campaign funds from the publicly available data from the Federal Elections Commission, red | blue is able to provide you an accurate reading of the political leanings of your surroundings -- red for Republican or blue for Democrat.""

finelinebob writes "Now we know why Bush wants broadband for everyone: The Republican National Committee plans on bringing the campaign to Internet pop-up ads. From the article: 'Internet experts said that Republicans have entered a new realm of campaigning. Pop-up and pop-under ads of any variety haven't been around long, and little data exist to suggest how voters might respond to uninvited interruptions.' Okay, folks -- get your pop-up blocking browsers now!" While you're waiting for your first pop-up, pop on over to a website that tracks campaign contributions: vVF4N writes "Fundrace 2004 lets you enter any street address and see what people at or near that location have contributed to a presidential candidate, along with their addresses and occupations. The data is based on reports that campaigns regularly file with the Federal Election Commission. You can also look up a name and get the same information. The Washington Post (registration required) has more. Find out who your friends and neighbors are contributing to."

crm114 writes "The Washington Post is running a story about the Federal Election Commission's decision today to waive the requirement that SMS broadcast messages indicate their origin..." And it'll only cost you ten cents to read each one. For what it's worth, you can read the agenda item which describes the issue before the FEC. It's rather interesting because it includes drafts of two possible responses by the FEC, depending on which way the commissioners actually voted at today's meeting. Although the company seeking the opinion suggested alternatives like providing a toll-free phone number in the message (preserving the spirit of the campaign finance disclosure rules), the FEC doesn't appear to have taken them up on it.

Ben Green says, "First of all, I want to thank Robin Miller, Hemos, and CmdrTaco for giving me the opportunity to participate in this discussion. Slashdot has been a great resource for me both professionally and recreationally, since I started at Gore 2000."

1) Internet Policy
by Uruk (#6)

Something that I've seen missing from all of the candidate's Web sites is their policy on the Internet. How can you campaign on the Internet and not discuss the issues pertaining to the very media you're putting your ideas out on?

Ben:

This is a great question and one I obviously cannot speak for other candidates on. As for Al Gore's policies on Internet and Tech issues, there is quite a bit of content on our site regarding those issues.

Making all our content easy to find is a challenge for sure. We recently added a search feature that returns 139 pages when queried for the word "Internet", and 164 pages when queried for the words "Internet Policy". Without going in to painstaking detail, some of the topics covered in relation to Internet policy at algore2000.com, are a comprehensive Tech policy paper, and answers to four questions posted by visitors to the Town Hall portion of the Web site.

Incidentally, video of Gore's speech from Baltimore on Monday, which addressed the issue of the "Digital Divide" is posted on the site, as well as a text version.

You can search the Gore 2000 Web site from the main index page, as well as all 50 state pages, Town Hall, The Agenda, and The Briefing Room.

2) Why Linux?
by VP (#8)

According to netcraft, algore2000 is running Linux and Apache. What were the reasons for choosing that platform, and were they mainly technical, or political? Was this your initial choice, or did you change the platform at some point?

Ben:

Originally, algore2000.com ran on an NT box using the IIS Web server. The move to Linux came about for a number of reasons, and coincided with the campaign's move from K Street in Washington, DC to a new location on Charlotte Avenue in Nashville.

Our primary reasons for moving to Linux:

i) Performance ii) Reliability iii) Security iv) Cost-effectiveness

The move to Nashville and the subsequent reinvigoration of the campaign is in many ways analogous to our site's move to the Linux platform and what it has allowed us to do on the Internet.

Throughout most of last year, the campaign was overspending on many things and Web hosting was one of them. When Al Gore announced that he was moving us all to Nashville, we took a look at all our expenses to see where we could cut costs. When we determined that changing hosts would save us money, it allowed me an opportunity to fully explore the possibility of moving the site to a Linux environment.

Our long-term plans called for a lot of dynamic page generation and up until that point we had been using asps for our interactive forms. We also assumed that our site would start getting a lot more traffic as we moved into the primary season, so server performance was definitely an issue as well. Expanding the functionality of the site with asps and would have been expensive.

It became clear to me at that point that Linux was our best option, and given the chance to switch over it was an easy decision to make.

Since we moved to Nashville, this campaign has really turned around and our web site has improved a great deal. By using a tool called asp2php, we were able to convert our existing asps to a format compatible with Linux, and add a ton of functionality such a publishing system, state by state pages, and other stuff that you can see by visiting our site. Michael Kohn, (naken@i1.net) the author of asp2php, deserves much of the credit for making this happen. Our site wouldn't be what it is now without his help. There are other people who deserve credit for this as well Jeff Barger (maczilla-at-look-dot-net), who helps me administer our listservs, provided great advice and ideas.

The real heavy lifting was done by Eric Loeb, (frontaloeb@yahoo.com) who is one of the real pioneers of the field of politics and the Internet having worked on Clinton-Gore '92's e-mail distribution system, and the first - ever campaign Web site for Ted Kennedy's 1994 re-election. Eric is the chief software engineer at Gore 2000. During the month of January, he worked around the clock for three weeks to build algore2000.com's customized publishing system with php and mysql.

3) Marketing
by TheTomcat (#10)

What marketing and advertising methods have you found most successful for promoting the Web site? We all know that banners are dying, and the creators have to become more creative to get people to even NOTICE the banners. Is old media (television, print -- newspapers, magazines, billboards etc., radio.) the backend to the Web site's marketing campaign, or have you found innovative ways to make online promotion work?

Ben:

Probably the coolest promotion we have done so far has been our use of RealFlash. Back when Al Gore announced his candidacy last June, we bought 500,000 "pre-roll" impressions on the Real Broadcast Network to promote the live Web cast of the announcement speech. The click-through rate was very good, far better than we expected. If you aren't familiar with RealFlash, it is basically a flash presentation that is viewed in a RealPlayer, and is served to folks who are using the "presets" in the RealPlayer. Eileen Quigley and Sam Tucker at RealImpact helped us put that together, and it was the first-ever paid Internet advertising by a presidential campaign.

Other than paid promotion, we have seen traffic on our site affected by news events. Obviously the Iowa Caucus and the New Hampshire Primary generated a lot of traffic to our site, which has tripled since the first of the year. We are now averaging slightly less than 20,000 user sessions per day.

Whenever Al Gore is out on the campaign trail he mentions the Web site, the news media picks it up, and the site gets hit. One day last fall when Gore was on the "This Week With Sam & Cokie" he mentioned the site address - we signed up 1000 volunteers in less than two hours.

4) Bad Press
by Signal 11 (#11)

In an increasingly wired society rumors and myths propagate at incredible speeds - how do you diffuse rumors and myths. For example, if I start a rumor that Mr. Gore said he "fathered Linus Torvalds" - how do you diffuse that? Rumors and myths often come about as a minor distortion of the truth which then goes through the "telephone game". How do you keep the public informed about what a candidate /really/ thinks, as opposed to what other people think the candidate thinks?

Ben:

This type of thing is dealt with on case by case basis. Most of the time these things don't even warrant a response. If you respond it only lends credibility to the charge.

5) External links?
by Pseudonymus Bosch (#20)

Linking to another sites is an essential feature of the Web.

Would you recommend linking to another sites from your boss' site? If yes, what kind of sites (supporters, other candidates, ~independent~ media, Slashdot :), supported campaigns)?

Would you object to being linked from another sites, even from opponents?

Ben:

Our links are mostly to voter registration information sites, such as Motor Voter registration forms and the like. As a general rule linking to other sites from a campaign page should be done selectively, because it can potentially detract from the purpose of having a campaign Web site in the first place.

Of course, we have links to download tools like the Adobe Acrobat Reader, RealPlayer, and QuickTime as well.

To the extent which an external link helps Gore supporters in having a better experience on our site we will add them.

This is an evolving area of campaign finance law, and as I understand it, other sites can link into ours, but FEC regulations are very clear in prohibiting links from corporate sites.

6) What's the true measure of success?
by A Big Gnu Thrush (#29)

This Wired article talks about the flood of donations received through McCain's Web site after a win in NH. Increasingly, the most effective form of political activism appears to be cash. While a strong Web presence could promote a dialogue of issues, this does not seem to be taking place.

If a Web site brought in little or no money, could a candidate still view it as successful, or is income the final measure of success?

Ben:

Excellent question. Every campaign has different sets of priorities. Obviously, raising money is a challenge for every campaign and we are no different in that respect. For Gore 2000, using the Internet to expand participation in the political process is more of a priority than using the Internet to raise money. Although we have been very successful in that regard, having raised over 1.1 million online since the site launched last April.

In my humble opinion, the degree to which the Internet is integrated into every aspect of a campaign is the degree to which that campaign will succeed on the Internet. At Gore 2000, it is ubiquitous - almost everything we do has an Internet component - including fundraising. This article, which ran on the New York Times Web site last Saturday, sheds some light onto how the various campaigns are raising money on the Internet.

Over 100,000 people have joined our online community, by volunteering, signing up for Gore Mail, or joining our voter outreach programs. This has allowed many people to get to know Al Gore, ask him questions, and become connected to the process. By that measure, our site and our Internet campaign have been a tremendous success thus far.

7) Interactivity in sites?
by Saige (#47)

The current political candidate sites seem to be little more than political rhetoric and volunteer information. Are there any plans to treat the Web site differently than a broadcast medium? I mean, including interactivity, such as message areas for open discussions, polling booths to get a feel for what people are really interested in. And also perhaps for offering large amounts of data about a candidate's past actions in government, such as voting records (and perhaps reasons for the vote).

Ben:

Our site offers users two-way communication and a vast amount of information on all things Gore. Of course there is a lot more we can do, and as the campaign progresses you will see the addition of more features that facilitate greater interactivity. We are also getting a steady flow of great ideas and insight from those that know the Internet best.

8)How long will the site be up?
by Pseudonymus Bosch

Disk space is cheap.

Will somebody maintain the site up after the election, even as a frozen site? It will be valuable for historians (and electors who would check the promises).

Ben:

One of my colleagues here has the greatest (and largest) collection of political memorabilia I have ever seen. In fact, it is so large that he recently added a 2000 sq. foot addition to his house to accommodate it. Our plan is to archive the site at this facility, which is not far from Nashville and is complete with a DSL connection. If anyone has any ideas about this, please feel free to e-mail me (ben@min.net) about them.

9) How does the Web site affect the candidate?
by Silas (#62)

Many of the questions posted so far ask you to discuss how the Web site and its upkeep influence the voters and the campaign. I'd like to you to discuss how having a Web site affects the candidate, his views, his methods, his public personality.

That's my main question, here are some points to ponder:

It seems that having a Web site as large and significant to the campaign as Gore's or most of the others would tend to force them to be more responsible, to be held more accountable for each and every utterance. In a world where disinformation and twisting of facts is commonplace in the popular media, how does a Web site like yours influence the candidate's` ability to take advantage of this?

Are Gore or any of the others more or less likely to refer back to their campaign managers and Web site before making statements about policy and moral issues? Or is it just as easy to perform an "about face" because the Web site can be updated just as quickly? Can campaigners now say "please see the FOO section of my Web site" instead of answering questions about specific issues?

Ben:

Al Gore visits algore2000.com every day, and I get regular feedback from him - and ideas for what we can do with the site. He frequently mentions the url at campaign appearances, and is so familiar with the content that he can direct people to its various sections when asked about specific issues. His detailed knowledge of policy and issues allows him to interact with voters AND refer them to the Web site at any time.

10) Lowest common denominator
by BOredAtWork (#195)

I'm a 20 year old male; this will be the first time I can vote in a presidential election. I am one of your target demographics. I'm a student; so my time to research the candidates is limited. One of my major sources of information is the Web - cnn.com and the various candidate sites in particular. At this point, my vote is up for grabs.

Algore2000 is a good site. I'm sure there was countless hours of thought put into each and every detail, especially the "agenda" page. That page in particular is a work of persuasive art, right down to the picture of Al with a pair of cops (tough on crime), and the (over)use of red, white and blue. The list of catch phrases is an especially nice touch; who could possibly NOT support "Saving Our Schools," "Fighting for America's Seniors" and "Improving Health Care," right?

My question for you, sir, has to be this: Why does algore2000.com seem to think I'm a fool? Am I supposed to be genuinely impressed by the load of press releases and speeches? I hate to break the news to you, but I want to see real content, NOT glazed over executive summaries. Take for instance something VERY relevant to me as a college student - the link from the front page about Al's Plan to Make College More Affordable. It leads here. The extent of the "details" stated is this:

"Gore announced new details of his National Tuition Savings Program, which is designed to help families save for college. The plan allows families to invest funds in an account where their money will be protected from inflation and can be withdrawn to pay for higher education expenses tax-free. The plan will also guarantee the cost of college tuition at any participating college or university in the country."

The rest of the press release is all fluff. No mention of whether this is limited to public or private universities, 2 or 4 year degrees, graduate school, part or full time study, etc. And this is the *basic* stuff. I'm also interested in why this would be a better option than, say, investing in short-term CD's.

That's just ONE example from the many I could have chosen. Nearly all the "content" of algore2000.com is fluff. And shots at Bill Bradley. The simple fact is this does not impress me. Actually, since this site represents Al Gore, I'm inclined to believe Al relatively clueless - if he wasn't, surely he'd tell us HOW he plans to fund his proposed programs, tax cuts, etc. Any politician can CLAIM to support any number of things. Algore2000 picks popular issues, and loads the wording of them such that ANYONE would be nearly forced to agree. Come on, who on earth DOESN'T support "A better educational system?"

What I could like to see from algore2000.com, as well as EVERY OTHER CANDIDATE is DETAILS. I want to know HOW you plan to provide a tax cut - will this come at the expense of the defense budget? Money always comes from somewhere; I want to know what has to be CUT to lower taxes. And don't tell me "unnecessary pork" or some trite answer. I want to see numbers.

And I want a big ass chart, with a column for every candidate, and a row for every issue. "Do you support abortion as it currently stands? y/n" "Do you support the abolition of legal abortion under all circumstances? y/n" "Do you support abortion under limited circumstances? If so, when?" Things like that. REAL questions. Some more: "Do you support the reverse engineering of software for porting and compatibility purposes?" "Do you support CDA in its current form?" And more of the like. I don't want to read "Al Gore supports technology and innovation" - I want to read HOW he supports them.

Simply put, algore2000.com seems to play to the lowest common denominator - the average american, who sadly enough has little interest in politics, and little technical knowledge. I think this is a mistake; this audience doesn't read political advocacy Web sites on a wide basis. You'd do better to use the Web site to provide details and elaborate on Al's statements and ideas rather than just rehash them.

One more side note: I followed Jesse Ventura's campaign slightly - I don't know his stance on most of the issues. I dont live in Minnesota, so I didn't take the time to research him. What I DO know is that I was very impressed when a reporter asked him if he supported some obscure bill I'd never heard of. Ventura replied something like "Well, to be honest, I'm not familiar with that at all. I'm not gonna lie to you; I don't know everything, or have all the answers you wanna hear. But I learn fast; I'll read up on it." When can we expect Al Gore to say something like THAT?

Ben:

Ø Algore2000 is a good site.

Well, that's a good start. I like this guy already.

Ø Why does algore2000.com seem to think I'm a fool?

Hmmmmm. Sounds like he changed his mind. Uh-oh.

>Nearly all the "content" of algore2000.com is fluff.

I disagree.

> Simply put, algore2000.com seems to play to the lowest common denominator - the average american, who sadly enough has little interest in politics, and little technical knowledge.

To answer this question in all candor, I would remind everyone that the average American is our target audience! However - I for one take exception to your assertion that "average Americans" have little interest in politics or technology. Working on this and other campaigns has shown me that average Americans are driving the demand for technology and therefore are driving the technology industry in this country. The large number of volunteers we have recruited through the site is also and clear indication that we are connecting with people interested in helping the campaign. algore2000.com is for all everyone - not just geeks like you and me. Our site has the most content, the most detailed content, more interactive features of ANY of the presidential campaign sites - AND it runs on Linux and PHP!

Hey - don't get me wrong - you and I know that we can always do better with our Web sites - so your point is well taken.

Thanks, and now I'm going back to my duties as Al Gore's Webmaster.

The New York Times (free reg. req.) is reporting that the Federal Election Commission has heard a clear message from the internet community regarding regulation of political websites. That message: Don't! It seems likely that no new regulations will be passed at least before this year's election. Some thoughtful material urging the hands-off approach is at the Center for Democracy and Technology.

SkrewBawl, among others, notes that Shays-Meehan, aka the campaign finance reform bill, passed the House recently. The New York Times ran an interesting story on it, discussing the possible effects on web sites. The problem is, existing campaign finance laws already cover the internet.

Shays-Meehan isn't likely to pass this year. Though the House passed it, the Senate Republicans have the ability to filibuster and prevent it from passing as they did last year. So you probably need not worry about that bill passing or about any meaningful reforms in our election system; Dubya¹ will win the election with millions upon millions of dollars of "soft money" funneled through his party and not subject to campaign finance laws.

But let's look at existing campaign finance laws. They require, among many other things, that anyone who spends more than $250 promoting a candidate, even totally independently of that candidate's campagin committee or political apparatus, must register with the FEC. Spend over $1000 and you have to register as a political action committee. The problem is, when looking at websites, the FEC counts the cost of the domain name, the hardware used to run the site, bandwidth and other costs, as well as the actual time and/or money spent to develop the site - so essentially every website which promotes a specific candidate is in violation of the law unless they file with the FEC. Furthermore, the proprietor of the website must include his full name along with his political message - it is illegal to anonymously endorse or oppose a candidate for office.

There is doubt about the constitutionality of that statute. An Ohio law which also outlawed anonymity was overturned by the Supreme Court in 1995, in a case called Mcintyre vs. Ohio elections Commission. Nevertheless, the federal statute has never been directly challenged and the FEC does not consider it to have been affected by the Mcintyre decision.

So what problems will occur as the next set of major elections draws near? If anonymity is outlawed, individuals cannot freely express their opinions without fear of retaliation.

If anonymity is permitted, Internet electioneering is likely to turn into a horde of fake astro-turf sites which are allegedly independent supporters of candidate X, but were actually created and paid for by the candidate. We've already seen this in movie promotion and other forums; for even higher stakes such as the Presidency, you can expect correspondingly more fakery.

As for myself, I'm undecided. This country's election system desperately needs an overhaul. But it seems like most of the proposed changes wouldn't do much to improve the system, and lead to draconian restrictions on political speech on the Internet and elsewhere. What's the solution?

1. George W. Bush, Jr.