By Lambert Strether of Corrente.
The well-regarded (and by me, too) public-interest technologist Bruce Schneier has written an interesting piece, “Defending Democracies Against Information Attacks“, part of a larger project, “that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist.” This fits naturally into today’s moral panic about defending “our democracy” at the cyber level from adversaries, in particular Russia. But that’s not my topic today. Rather, I want look briefly at the ballot, at institutional power, and then at whether Schneier’s “model,” as he describes it in the linked piece, can provide any more than partial insight into “democracy” as practiced today in the United States (spoiler alert: no). To be fair, Schneier’s interesting article, since it covers information systems as such, also treats the Census and public commenting (as at the FCC on net neutrality). It also treats a variety of attacks, so the scope of his piece is much larger than this post.
First, to the ballot. Readers know that my litmus test for good-faith writing on election security is at least a mention of paper ballots. Here is what Schneier has to say:
Policy makers need a better understanding of the relationship between political institutions and social beliefs: specifically, the importance of the social aggregation institutions that allow democracies to understand themselves.
There are some low-hanging fruit. Very often, hardening these institutions against attacks on their confidence will go hand in hand with hardening them against attacks more generally. Thus, for example, reforms to voting that require would not only better secure voting against manipulation, but would have moderately beneficial consequences for public beliefs too.
Needless to say, hand-marked paper ballots, hand-counted in public are the international gold standard for balloting, and most definitely not “permanent paper ballots and random auditing.” Schneier’s “reform” would permit “ballot marking devices,” which, since they involve digital, are hackable by definition. Even Politico understands this:
The dispute over the ballot-marking devices centers on the fact that they use barcodes, which can be read by scanners but not by humans. Though the paper records also display a voter’s choices in plain text, which the voter can double-check, the barcode is the part that gets tallied.
The danger: Hackers who infiltrate a ballot-marking device could modify the barcode so its vote data differs from what’s in the printed text. If this happened, a voter would have no way of spotting it.
it said. “Additional research on ballots produced by BMDs will be necessary to understand the effectiveness of such ballots.”
(See here at NC for much more on this.) It’s almost as if Schneir — perhaps as a result of deformation professionelle — believes that there must be a digital intermediary in the process. But that’s just not so, as international experience shows. In fact, in this case, the digital should be eliminated from the equation entirely. So that’s a little unnerving, especially coming from a technologist.
Second, institutional power. Schneir writes:
[W]e need far better developed intellectual tools if we are to properly understand the trade-offs, instead of proposing clearly beneficial policies, and avoiding straightforward mistakes. Forging such tools will require computer security specialists to start thinking systematically about public beliefs as an integral part of the systems that they seek to defend. It will mean that . Finally, specialists in the workings of democracy have to learn how to think about democracy and its trade-offs in specifically informational terms.
This sounds relatively innocuous, until you realize that the intelligence community is already deeply embedded in “election security” (“DHS says teamwork is improving election security,” Federal Computer Week) even though, as we show above, the primary target of their mission — electronic voting systems — shouldn’t even exist. Presumably, however, DHS and other organs of state security are already “thinking deeply about the functioning of democracy.” It’s a classic Quis custodiet ipsos custodes question: Do we really want to hand the social function of legitimating election results over to the intelligence community? Especially
if when any of the “trade-offs” aren’t visible to the public?
Third, to Schneier’s project itself:
Our initial account is necessarily limited. Building a truly comprehensive understanding of democracy as an information system will be a Herculean labor, involving the collective endeavors of political scientists and theorists, computer scientists, scholars of complexity, and others.
Another way of saying this — and it’s not Schneir’s fault — is that “election security” is also a Jobs Guarantee for every sort of lanyard and credentialist (especially the sort with a clearance), even though, again, the electronic voting systems whose protection is central to mission shouldn’t even exist. But then, it’s the rare consultant who recommends that the system they were hired to fix should be abolished. And further down:
In modern democracies, the most important such mechanism is voting, which aggregates citizens’ choices over competing parties and politicians to determine who is to control executive power for a limited period. Another important mechanism is the census process, which play an important role in the US and in other democracies, in providing broad information about the population, in shaping the electoral system (through the allocation of seats in the House of Representatives), and in policy making (through the allocation of government spending and resources). Of lesser import are public commenting processes, through which individuals and interest groups can comment on significant public policy and regulatory decisions.
All of these systems are vulnerable to attack. Elections are vulnerable to a variety of illegal manipulations, including vote rigging. However, many kinds of manipulation are currently legal in the US, including many forms of gerrymandering, gimmicking voting time, allocating polling booths and resources so as to advantage or disadvantage particular populations, imposing onerous registration and identity requirements, and so on.
Holy moly, what kind of “account” of “modern” democracies can you give, if you don’t include money? Thomas Ferguson, Paul Jorgensen, and Jie Chen write in their magisterial “Party Competition and Industrial Structure in the 2012 Elections” (International Journal of Political economy, vol. 42, no. 2, Summer 2013, pp. 3–41):
Estimates of who qualifies as a member of the now-famous 1 percent of top income earners vary, not least because of the staggering inequalities at the top of the pyramid. Citing a Congressional Budget Office study, The economist (2012) suggested on the basis of figures for 2007 that the cutoff might be as low as $347,000; other, perhaps less careful estimates put the threshold higher—at somewhat over $500,000 (e.g., Bell 2011). In any case, we think it is reasonable to treat contributions over $500 as coming largely from the 1 percent. This leads to a significant conclusion that —fully 59 percent of the president’s campaign funding came from that quarter (56 percent if one applies the higher threshold of $1,000) while 79 percent of the funds mobilized by Romney’s campaign originated there.
If one reckons, as we suspect many politicians and campaign fundraisers do in practice, simply in terms of the itemized contributions (because those are so much easier and cheaper to chase quickly in campaigns), the major party candidates’ dependence on the 1 percent becomes breathtaking: Almost two-thirds of the itemized financing for the president’s campaign came from donors contributing more than $10,000, while more than 70 percent of the Romney campaign’s financing came from donors of that scale (not shown in Table 1). By that metric, both major party presidential hopefuls relied on donors giving $1,000 or more for about 90 percent of their funding.
This is what has been hidden by the inability to frame true totals embracing both corporate and individual money. . The relatively thin stream of small contributions simply does not suffice to float (conventionally managed) national campaigns, and all insiders know it.
And isn’t it remarkable that in Schneier’s listing of “many kinds of manipulation are currently legal in the US,” he doesn’t list, well, the purchase of political campaigns as a kind of manipulation? Isn’t that the biggest “information attack” of all?
 Scheier writes: “… the ‘Guccifer 2.0’ hacking identity, which has been attributed to Russian military intelligence….” where “attributed to” is not only accurate, but, in today’s political environment, courageous.
 Presumably not citizens?
 As of 2012. In 2016, the Sanders campaign was different and unique.