The Electronic Privacy Information Center (EPIC)’s Technology and Democracy 2.0 report on “e-Deceptive campaign practices” is getting released on Monday, along with a parallel report from Common Cause and Lawyers Committee for Civil Rights covering the legal and policy issues. Contributors include computer security legends like Peter Neumann (of Bell Labs, SRI and comp.risks fame) and Bruce Schneier, Erik Nilsson of Computing Professionals for Social Responsibility, Poorvi Vora of George Washington University, Juan Gilbert of the Human Centered Computing Lab of Auburn University, Lillie Coney of EPIC … and me. Pretty illustrious company. Mom will be proud 🙂
“Deceptive campaign practices” has a very specific meaning in election protection work. From EPIC’s announcement:
Deceptive campaigns are attempts to misdirect targeted voters regarding the voting process for public elections. Election activity that would be considered deceptive could include false statements about polling times, date of the election, voter identification rules, or the eligibility requirements for voters who wish to cast a ballot. Historically, disinformation and misinformation efforts intended to suppress voter participation have been systemic attempts to reduce voter participation among low-income, minority, young, disabled, and elderly voters. In 2008, millions of new voters are engaging the political process through Internet communication, which presents an opportunity to review the technology and the incident of e-deceptive campaign practices.
This report is in many ways a followup to a workshop that Lillie organized in May at the Computers, Freedom, and Privacy conference, where I spoke along with panelists from Common Cause, Aristotle, and the NAACP.  One of the things that leapt out at us was that the technology landscape was changing so quickly that people really weren’t prepared for the new kinds of deceptive attacks — and voting rights organizations in general needed technologists’ help as we move to a Web 2.0 world. While the election’s only a couple of weeks away, there still is enough time to respond to some of these threats.
The report looks at several categories of attacks, including spoofing, phishing, rumor-mongering, social engineering, and denial of service. It also considers several different technologies, for example search engine results: could Google-bombing be used to trick people into going to a fake web site, set up to look like the Secretary of State’s, but giving incorrect information?
Other technologies we consider include email, instant messaging, web advertising, blogs, VOIP (internet telephony, increasingly used for robocalls) and social network sites. Each of the sections has specific recommendations as well, for voters, election administrators, and technology providers. By coming at things from a computer security focus, I think the report brings something new and valuable to the table.
In the May workshop, I mentioned that considering things solely in terms of threats and responses risks overlooking opportunities, and we should also be on the alert for ways that these newer forms of communications could be used to combat deceptive campaign practices both online and off. The recent case of deceptive flyers in Philadelphia is an excellent example: the DrexelDems quickly posted the information on their web site, and over a 10-day period this led to significant coverage debunking the myths.* The report talks about social network sites’ potential for countering deceptive practices by surfacing and exposing deceptions, and then using viral mechanisms can be used to spread the facts instead of the falsehoods.
It also briefly touches on this theme of a networked election protection movement, something that both Brad Friedman and I touched on in our Meet the Bloggers appearance last Friday. The Twitter Vote Report project’s Partners page and the somewhat-overlapping list of grassroots election protection initatives on the Voter Suppression Wiki give an overview of some of the groups in this loosely-linked movement. We haven’t spent a lot of time yet thinking about countering e-deceptive practices yet but as the personal connections and information networks deepen, it’s a natural next step.
How significant will e-deceptive campaign practices be for the 2008 election? It’s hard to know. The successes of online smear and misinformation campaigns implies that at least 5-10% of online users can be deceived; on the other hand, voting information is easier to verify — and there’s been so much attention to election fraud that users may be especially attuned to this. An added complication is that relatively few members of communities traditional targeted by campaign practices are online; a flyer physically tacked up on a phone pole is a lot more likely to reach and intimidate a voter who doesn’t have a computer than even the best-designed spoof web site. Still, there are a lot of different threats here, and it’s easy enough to see these adding up to enough votes to make a difference in a close race in 2008. So even though we won’t know the exact impact, it’s important to consider.
And in the longer term, these threats will only increase. The hacking of Sarah Palin’s email account puts a spotlight on the role of computer security in political campaigns, and so I hope that one of the side effects of this report also helps get more computer security professionals and software engineers engaged with election protection beyond voting machines.** E-deceptive practices that are prototyped in this election will be refined in 2010 and 2012; now’s a great time to be thinking about the responses.
jon
* my How to do better at getting the word out? has the details
** Voting machine fraud is incredibly important, of course, but it’s far from the only threat out there … as well as deceptive practices, there’s database error rates, insufficient machines, confusing ballot design, and many others.  The computer security and software engineering community has made a huge difference in turning the tide on electronic voting; it’d be great to see as much impact in other areas as well.
Leave a Reply