Emergent Chaos endorses Wim Remes for ISC(2) Board

Today, we are sticking our noses in a place about which we know fairly little: the ISC(2) elections. We’re endorsing a guy we don’t know, Wim Remes, to shake stuff up. Because, really, we ought to care about the biggest and oldest certification in security, but hey, we don’t. And really, that’s a bit of a problem. And it seems that Wim wants to make things better. And so we’re encouraging all four of our CISSP-holding readers to go vote for him, because we think that a whole lotta shaking going on would be, at worst, a not-bad thing.

How’s that for a heartfelt endorsement?

Ok, more seriously. ISC(2) offers up a certification in information security. There’s a big infosec community that doesn’t take that certification very seriously. That’s a problem that I’ve never had a motivation to try to solve, but Wim does, and I wish him the very best of luck. I think that that CISSP could do substantially better, and the first phase of that is to elect some outsiders to communicate a message that change is needed. What’s more, Wim is not a joke candidate, and he’s campaigned effectively for the role, getting lots of endorsements from people who are both worth listening to and who take this seriously enough that they wouldn’t open with a jokey lead.

And so Emergent Chaos is endorsing Wim, and hoping that some chaos and other worthwhile things start to emerge. You can read his statement on Jimmy Blake’s blog, and vote here.

Chaos in Iran

iran2009elections.jpgMillions of people in Iran are in the streets, protesting a stolen election. Nate Silver, who did a great job on US election statistics has this:

However, given the absolutely bizarre figures that have been given for several provinces, given qualitative knowledge – for example, that Mahdi Karroubi earned almost negligible vote totals in his native Lorestan and neighboring Khuzestan, which he won in 2005 with 55.5% and 36.7% respectively – there is room for a much closer look.

Nate is a big fan of data, and posted the official election results.

What’s most interesting to me is the role of power and chaos in the midst of this. The first use of power, Ahmadinejad’s theft of the election, was a classical use of power by the leviathan to exert control. The responses of the world’s hyper-power is deeply constrained by history. In 1953, the CIA overthrew the elected Prime Minister, Mohammed Mossadeq, a fact well known to Iranians. If the US acts improperly or throws power around, it will de-legitimitize whatever result comes. The sheer extent of power that the US has makes it hard to use without looking like a bully.

In the meantime, in the chaotic world of everyone a publisher, opposition is forming, organizing, and changing the face of Iran. It’s hard to know how it will all turn out.

Twitter is being used to cover the election and protests and the rate of posts is staggering. It’s worth a few minutes just to see the pace of use of the #iranelection tag. (Compare the pace to whatever happens to be in second place by looking at how many seconds of posts are between the first and last on the page.) Iranians on Twitter during the june clashes. A moving Flickr slideshow is here. There’s also a tremendous amount TehranLive.org. In the more traditional media, Andrew Sullivan is doing as good a job as the New York Times capturing the English language end of it. Both add some context and history, as does Wikipedia’s Iran presidential elections 2009 article. Neither capture the sheer energy and pace of on the ground reporting.

Photo: TehranLive.org

Facebook: Conform or else

Robert Scoble, discussing Facebook founder Mark Zuckerberg:

He also said that his system looks for “outlying” behavior. He said if you behave like an average user you should never trigger the algorithms that will get you kicked off.

Let’s be specific here: if you behave like the system’s Harvard undergraduate founders and primarily-male engineering staff have programmed the software to think like “an average user” behaves you should never trigger the algorithms that will get you kicked off. Except in reality, most people don’t behave that way. Robert is surprisingly sympathetic to arbitrary undocumented limits on speech:

Of course, that irks me a bit because my usage of social media sites is totally outlier behavior. But, I can see his point. One thing that’s nice about Facebook is that I see very little spam or other nasty behavior.

That’s Jon Pincus discussing “Zuckerberg: Facebook to ratchet up exploitation, only bans “outliers”.”

I think this is a real concern. Facebook exists as a means of connecting with others. As I discuss in “ Identities are Created Through Relationships,” we create and evolve our identities through such interaction. If Facebook imposes conformity through secret rules whose violation results in suspension, then it acts as a censor on our social interaction and our willingness to explore and excel.

It’s unsurprising that Scoble sees little spam or other nasty behavior, but free communities have some level of that, or they have a constant level of looking over one’s shoulder for the camera or the plainclothesman. Scoble shouldn’t be ok with that, and neither should we.

They’re trying to dress up giving users the ability to up/down vote on their rules as “democracy,” and giving users a voice but as Michael Zimmer documents, it’s a vote. They haven’t (say) Wikified their Terms of Service and given users real input. They certainly aren’t offering minorities any protection against the wishes of the majority.

What if the entire userbase votes to make everything from a member of the Screen Actors Guild fully public?

It is fascinating to watch the autocracy of Facebook forced to take tentative steps towards democracy. Here’s hoping that their community also pushes for liberty.

“Get FISA Right” Pointer

[Update: This got to #5 on change.org’s list, and they’re now working to draw attention to the issue on change.gov.]

Jon Pincus has asked me for help in drawing attention to his “Get FISA Right” campaign to get votes on change.org. When I’ve tried to look at this, it’s crashed my browser. YMMV–I use a number of security plugins which may be at fault The crash happens when the browser reports getting data from (I think) ytimg.com, so if you can watch YouTube video, you’re likely ok. I think that getting the rule of law restored in the intelligence community is incredibly important. At the same time, we face a large number of crises right now, and which to address first is a hard problem. I don’t want to endorse this over other things which I can’t see, but Jon asked for help drawing attention to it. So go take a look.

Note change.org is not the same as change.gov, the new President’s transition team’s site, operated and surveilled by Google.

In closely related news, the NYTimes reports that “Intelligence Court Rules Wiretapping Program Legal:”

A federal intelligence court, in a rare public opinion, is expected to issue a major ruling validating the power of the president and Congress to wiretap international phone calls and intercept e-mail messages without a court order, even when Americans’ private communications may be involved, according to a person with knowledge of the opinion.

The court ruling grew out of a previously undisclosed challenge from a telecommunications provider, which questioned the constitutional authority of the executive branch in ordering it to capture and turn over international communications without court authority, according to the person with knowledge of the opinion.

It’s clear that we can not operate a system of secret courts issuing secret rulings, and then critique the same behavior by despotic regimes. We need to sharply curtail the system of secret laws and secret lawsuits in secret courts which issue secret opinions, and have a real debate about the limits of power.

Back in 1996, the National Research Council had a set of retired generals, admirals and heads of intelligence agencies study the cryptography question. In their “Cryptography’s Role in Securing the Information Society,” they clearly state that we can have this debate in public. The shape of the facts are all known. The details which must be kept secret are not needed for the full debate that a democratic society must engage in. Their wisdom is applicable here.

Two Buck Barack

So the New York Times is breathless that “Obama Hauls in Record $750 Million for Campaign.” A lot of people are astounded at the scale of the money, and I am too. In a long, hard campaign, he raised roughly $2.50 per American, and spent slightly less than that.

Unusually, he ended his campaign not in debt, but with a small surplus. Everyone and their brother is now grubbing after that, according to the Times article. If we had a campaign finance system with transparency and accountability for donations, we would likely see spending levels like this more often, and we might well see a broader range of interesting candidate emerge and get voters engaged again.

The reality is while $750 million is a lot of money, it’s also a surprisingly small amount of money. For comparison, the 2008 Federal budget was 2.9 trillion dollars, or roughly 3900 times larger than the budget Obama just oversaw. It’s also only 1/20th of the amount we’re spending to keep Rick Wagoner in a job.

Previously: “Obama vs McDonalds,” “Already Donated the limit,” and way back in 2004, “Shut down these shadowy groups?

Elections Are Done For Me

I Think I Voted

Forty Percent of California voters are “permanent absentee” voters. Oregon runs entirely by mail-in votes. Other US states have some sort of mail-in or absentee status that people can assign themselves to.

For those people, including me, elections are a slice of time that ends on election day. This isn’t new, until relatively recently, it all worked that way. You couldn’t expect everyone to all be in town on that one day. It is only urbanization that allows us to have elections be an event rather than a process. I sat down last night and waded through the whole mass of offices, measures, and initiatives. I have now completed my civic duty.

This is probably a good idea, as many of the issues with voting and counting votes and securing them have in their model that it has to be done on one day, and as quickly as possible after the polls close. It improves security and accountability to allow and encourage people to vote over an interval of a few weeks.

44 Years

Fannie Lou Hamer.jpg

Mary Dudziak posted the testimony of Fannie Lou Hamer before the credentials committee of the 1964 Democratic convention. It’s worth reading in full:

Mr. Chairman, and to the Credentials Committee, my name is Mrs. Fannie Lou Hamer, and I live at 626 East Lafayette Street, Ruleville, Mississippi, Sunflower County, the home of Senator James O. Eastland, and Senator Stennis.

It was the 31st of August in 1962 that eighteen of us traveled twenty-six miles to the county courthouse in Indianola to try to register to become first-class citizens.

We was met in Indianola by policemen, Highway Patrolmen, and they only allowed two of us in to take the literacy test at the time. After we had taken this test and started back to Ruleville, we was held up by the City Police and the State Highway Patrolmen and carried back to Indianola where the bus driver was charged that day with driving a bus the wrong color.

After we paid the fine among us, we continued on to Ruleville, and Reverend Jeff Sunny carried me four miles in the rural area where I had worked as a timekeeper and sharecropper for eighteen years. I was met there by my children, who told me that the plantation owner was angry because I had gone down to try to register.

After they told me, my husband came, and said the plantation owner was raising Cain because I had tried to register. Before he quit talking the plantation owner came and said, “Fannie Lou, do you know – did Pap tell you what I said?”

And I said, “Yes, sir.”

He said, “Well I mean that.” He said, “If you don’t go down and withdraw your registration, you will have to leave.” Said, “Then if you go down and withdraw,” said, “you still might have to go because we are not ready for that in Mississippi.”

And I addressed him and told him and said, “I didn’t try to register for you. I tried to register for myself.”

I had to leave that same night.

On the 10th of September 1962, sixteen bullets was fired into the home of Mr. and Mrs. Robert Tucker for me. That same night two girls were shot in Ruleville, Mississippi. Also Mr. Joe McDonald’s house was shot in.

And June the 9th, 1963, I had attended a voter registration workshop; was returning back to Mississippi. Ten of us was traveling by the Continental Trailway bus. When we got to Winona, Mississippi, which is Montgomery County, four of the people got off to use the washroom, and two of the people – to use the restaurant – two of the people wanted to use the washroom.

The four people that had gone in to use the restaurant was ordered out. During this time I was on the bus. But when I looked through the window and saw they had rushed out I got off of the bus to see what had happened. And one of the ladies said, “It was a State Highway Patrolman and a Chief of Police ordered us out.”…

I was carried to the county jail and put in the booking room. They left some of the people in the booking room and began to place us in cells. I was placed in a cell with a young woman called Miss Ivesta Simpson. After I was placed in the cell I began to hear sounds of licks and screams, I could hear the sounds of licks and horrible screams. And I could hear somebody say, “Can you say, ‘yes, sir,’ nigger? Can you say ‘yes, sir’?”

And they would say other horrible names.

She would say, “Yes, I can say ‘yes, sir.'”

“So, well, say it.”

She said, “I don’t know you well enough.”

They beat her, I don’t know how long. And after a while she began to pray, and asked God to have mercy on those people.

And it wasn’t too long before three white men came to my cell. One of these men was a State Highway Patrolman and he asked me where I was from. I told him Ruleville and he said, “We are going to check this.”

They left my cell and it wasn’t too long before they came back. He said, “You are from Ruleville all right,” and he used a curse word. And he said, “We are going to make you wish you was dead.”

I was carried out of that cell into another cell where they had two Negro prisoners. The State Highway Patrolmen ordered the first Negro to take the blackjack.

The first Negro prisoner ordered me, by orders from the State Highway Patrolman, for me to lay down on a bunk bed on my face.

I laid on my face and the first Negro began to beat. I was beat by the first Negro until he was exhausted. I was holding my hands behind me at that time on my left side, because I suffered from polio when I was six years old.

After the first Negro had beat until he was exhausted, the State Highway Patrolman ordered the second Negro to take the blackjack.

The second Negro began to beat and I began to work my feet, and the State Highway Patrolman ordered the first Negro who had beat me to sit on my feet – to keep me from working my feet. I began to scream and one white man got up and began to beat me in my head and tell me to hush.

One white man – my dress had worked up high – he walked over and pulled my dress – I pulled my dress down and he pulled my dress back up.

I was in jail when Medgar Evers was murdered.

All of this is on account of we want to register, to become first-class citizens. And if the Freedom Democratic Party is not seated now, I question America. Is this America, the land of the free and the home of the brave, where we have to sleep with our telephones off the hooks because our lives be threatened daily, because we want to live as decent human beings, in America?

Thank you.

Diebold/Premier vote dropping

A voting system used in 34 states contains a critical programming error that can cause votes to be dropped while being electronically transferred from memory cards to a central tallying point, the manufacturer acknowledges.

The problem was identified after complaints from Ohio elections officials following the March primary there, but the logic error that is the root of the problem has been part of the software for 10 years, said Chris Riggall, a spokesman for Premier Election Solutions, formerly known as Diebold.

So reports the Washington Post. Wow.

When Congress acts in haste, a la the HAVA fiasco, we all repent at leisure.

The Emergent Chaos of the Elections

First, congratulations to Barack Obama. His organization and victory were impressive. Competing with a former President and First Lady who was the shoo-in candidate is an impressive feat.

I’d like to talk about the Obama strategies and a long chaotic campaign in two ways. First in fund-raising and second, on the effects of a long campaign.

In fund-raising, everything I’ve read says that the Clintons were much better at getting the “big” donations allowed under McCain-Fiengold. (Which I’ve commented on here and here.) What I now want to say is that the “chaos” strategy of enabling lots and lots of small donations seems to have worked spectacularly. Letting your supporters self-select, emerge, and then working them over and over. In fact, Dissent commented that her name was added to their list when she made a media inquiry. Highly chaotic, no big one-night rubber chicken totals, and highly effective.

As an aside, I know that oftentimes in startups, we’ve ended up quixotically pursuing big deals, because big deals can be given attention. The strategy of using channels and having lots of little sales can be harder to advocate for.

Secondly, voter engagement is at a high everywhere in the country. Pundits often complain about low voter turnout, low engagement with the process, and people not caring. It seems that a little chaos, diverse candidates, and having a winner emerge from the contest are healthier for democracy than having the pundits select a winner.

We’d like to thank everyone who paid attention to our primary endorsements.

Ohio Voters May Demand Paper Ballots

Ohio Secretary or State Jennifer Brunner announced yesterday that paper ballots must be provided on request.

Poll workers won’t be told to offer the option to voters but must provide a ballot if requested to help “avoid any loss of confidence by voters that their ballot has been accurately cast or recorded,” a directive from Secretary of State Jennifer Brunner said. The paper ballots would be counted by optical scanners at county elections boards.

The Ohio ACLU is against having paper ballots available in the primary, claiming that not having scanners at the local polling locations is against state and federal laws mandating that voters have to know if they made a mistake such as casting too many or too few votes when filling out the ballot.

But Brunner said after consulting with the attorney general’s office, she thinks the ACLU is “flat wrong” and that voters will be adequately educated to avoid unintended over-votes and under-votes — problems that plagued the punch-card voting system that the electronic machines replaced.
Even so, Brunner told The Dispatch that said she is re- thinking her previous recommendation that no ballots be counted in the precincts, after activists argued that would eliminate a way to verify whether the final results are accurate.

The option for having paper ballots is in response to feedback in response the report issued last month by Brunner’s office revealing several critical vulnerabilities in currently available electronic voting systems. Brunner has also recommended that Ohio move to all paper ballots for the November election and has asked that the state legislature Gov. Strickland approve and fund the change.
The executive report is long but very educational and well worth reading, especially the recommendations. The full details are also online as well. California also recently released their own extensive reviews some of which were leveraged for the Ohio study. I’ve only skimmed portions of it so far, but by all reports, it is also very enlightening.
Speaking of California, the Secretary of State Bowen, has announced some very impressive new requirements for the use of electronic voting. This is great stuff, that helps deal with the issues of existing machines while still allowing the democratic process to move forward. Hopefully other states will follow suit.

Vote Positively With Your Pocketbook

Adam Frucci at Gizmodo is calling for action, “Putting Our Money Where Our Mouths Are: Boycott the RIAA in March.”

I don’t disagree with him on the basics. I believe that consumer revolt is a misunderstood power. If you don’t believe me, I can prove it with one TLA: DAT. If your response to that is, “Huh?” then you’ve proved me right. The details of that are another essay, however.

However, there’s more to it than that. Boycotts are not as effective as purchase-shifting. If you just don’t buy any CDs, then one line in an accountant’s ledger will go down. The conclusion they’re going draw is that this means they have to hold tighter to what they have. There are no atheists in foxholes, but there are clinchpoops, and they clinch their poop tighter.

Subscribing to eMusic is good idea. If you haven’t, do so. If you regularly buy music, you will find enough things on eMusic that the monthly fee will save you a penny.

Better, go to CDBaby, Yep Roc, Compadre, and others. Even better, many,many small artists sell their music from their own web sites, often through a small label. As nice as eMusic is, relatively little of the money you give them will get in the hands of the musicians, and buying CDs as close as possible to the musicians themselves is the best way to get them what they deserve. Don’t wait for Friday, do it now.

A telling remark

In the “inconvenient coincidences” category, it seems that Al Sharpton’s great-grandfather was a slave owned by relatives of the late segregationist US senator Strom Thurmond.
Thurmond’s niece, Ellen Senter (via an AP report) provides an interesting perspective:

I doubt you can find many native South Carolinians today whose family, if you traced them back far enough, didn’t own slaves,” said Senter, 61, of Columbia, South Carolina.

Except, that is, for the ones who were slaves, Mrs. Senter.

NIST and Voting Machines

Ed Felten points out that “NIST Recommends Decertifying Paperless Voting Machines:”

In an important development in e-voting policy, NIST has issued a report recommending that the next-generation federal voting-machine standards be written to prevent (re-)certification of today’s paperless e-voting systems. … The new report is notable for its direct tone and unequivocal recommendation against unverifiable paperless voting systems, and for being a recommendation of NIST itself and not just of the report’s individual authors.

Years from now, when we look back on the recent DRE fad with what-were-we-thinking hindsight, we’ll see this NIST report as a turning point.

Photo: suffragettes, of course. At anther turning point.