You are viewing a read-only archive of the Blogs.Harvard network. Learn more.


crypto and public policy

Benlog is moving….

Filed under: General — February 11, 2006 @ 2:41 pm

Benlog is moving to its now-permanent URL:

More details there….

Freedom of Speech

Filed under: Policy — February 5, 2006 @ 11:50 pm

Just when I thought I was going to be in complete agreement with George Bush on at least one issue, he manages to surprise me, yet again. I am truly confused.

The Danish cartoon story is baffling to me in so many ways. It is, without any shadow of a doubt, a clear case of free speech vs. religious dogma. Were the cartoons distasteful? Probably so. Although probably no more so than the dozens of antisemitic cartoons that appear daily in the Arab press. But that’s not the point. The point is that it’s speech, and we cannot, we should not, we MUST not accept this attempt by fundamentalists to endanger our right to free speech. I strongly support Denmark and the newspapers who chose to run those cartoons and even re-run them. I am truly ashamed of the attitude of the French, British, and American governments, who chose this time to play the appeasement card.

So I’m baffled. Baffled because I think this is a tremendously poor move on behalf of people like the Palestinians, who have long yearned to have a democratic state of their own. Baffled, because I really thought Bush believed in this freedom thing (although his methods have always left me dissatisfied). Baffled, because this really should not be controversial for people who believe in freedom, which makes me wonder how many actually believe in freedom.

And so I’m afraid of what this means for the future. It’s almost as if the rapid availability of information combined with globalization gives rise to a new and serious threat to our freedoms: one newspaper says something offensive, which leads some undemocratic regime to go berzerk, which leads to boycotts, threats of violence, and effectively censorship. Because, let’s be realistic: from now on, who’s going to have the courage to publish a cartoon critical of Islam?

Pedalling in the Mud

Filed under: Policy — January 31, 2006 @ 10:10 pm

Last night, I attended, in Boston’s Faneuil Hall, an ACLU “Emergency Townhall Meeting” regarding Bush’s domestic spying program. The participants were top notch, particularly Marc Rotenberg of EPIC and Representative Ed Markey. The arguments were calm, composed, and focused, only rarely straying into the anti-Bush diatribe one might expect from an ACLU meeting.

But from the moment I stepped into the room through tonight, I’ve felt extremely sad and powerless. I feel like we, liberals, are pedalling in the mud. We’re preaching to the choir, and, frankly, we’re not getting any traction outside of those who already agree. After all, if I disagree with Bush, it’s not exactly news. Even if Congressman Ed Markey disagrees with Bush, it’s not news.

Is it okay for the President to spy on Americans without a warrant? Of course it isn’t. Did Bush notify the proper people in Congress? The evidence clearly shows he didn’t. Does this program help in the fight against terrorism? Well, who knows, but then again, putting every Muslim in jail would probably help in the fight against terrorism, too, but it would hardly be legal, so that’s hardly a valid argument.

This is a big deal. This is a President going for a power grab, placing justices on the Supreme Court who will support his power grab, and rewriting laws he doesn’t like. This is how democracy is threatened, bit by bit, one infraction after another, until it’s too late to turn back.

But the thing is, there’s nothing I can do. The only people who can do something are those who are closest to Bush. The reasonable Republicans who realize that this is bad news for everyone. As I’ve said before, it behooves members of any group to denounce the extremists closest to them.

Let’s be more precise. It behooves me to denounce Cindy Sheehan right now. I fully support her right to protest, and I agree with her on Iraq. But I cannot accept her visit to Venezuela, her participation in anti-globalization protests, her (supposed) blind support of Palestinian causes without any balance or understanding of the Israeli position, and her recent claim that Democrats and Republicans are “just the same” in her prelude to running against Dianne Feinstein. Those are the positions of extremists. And, most importantly, my statement on THIS issue has a certain value, because it obviously isn’t blindly partisan.

But I can’t do anything about Bush’s spying program. Because even if my position is justified, it will always be seen as partisan. So it behooves the Republicans to put an end to this insanity. You can support Bush, but ask for oversight. You can support Bush on 90% of the issues, but oppose him when he threatens the very constitutional principles he is supposed to defend.

If you don’t speak up, if you stick to the brainless partisan line, then you are responsible for what will happen as this power grab continues.

Voting: The Beginning of a Revolution

Filed under: Security & Crypto — December 11, 2005 @ 6:05 pm

I spent this past Thursday and Friday meeting with Andy Neff of VoteHere. We discussed the details of his latest ideas for verifiable voting, and he asked me to help him with the write-up and framing of the issues. These will all be published in the near future, just like the rest of Andy’s protocols and code.

Over the next few weeks and months, I’m going to dedicate this blog to explaining why this is a big deal. The short story is this: for a few years now, cryptographic voting has theoretically promised a radically new type of election. An election where you, the individual voter, can verify that your vote has been counted correctly. Not just recorded correctly. Counted correctly. All the way from filling out your ballot to generating a tally. The problem is, this level of verifiability has been, historically, prohibitively inefficient and simply too difficult to use. Andy’s earlier work (2001) addressed the efficiency issues. Andy’s latest ideas address the usability issues. Truly verifiable elections are now a very real possibility.

More on this in the next few weeks. For now, what’s needed is complete disclosure, because I suspect my writing will ruffle some feathers. I have no financial interest in VoteHere. I have never been offered financial interest in VoteHere, and, if it were to be offered, I would refuse it. I welcome any challenge to these ideas. I encourage readers to keep an open mind and ask questions, either via comments or private email.

As a final note for now, here’s the email I sent yesterday to Andy and Jim (VoteHere’s President):

From:    ben
Subject: Thoughts on my visit and what comes next
Date:    December 10, 2005 1:04:55 PM EST
To:      Andy, Jim

Andy, Jim,

Thanks for having me over these past 2 days, it’s been a fantastically interesting time. I want to restate that I find Andy’s latest stream of enhancements fascinating and impressive. Each is independently impressive, but taken together, they amount to a real revolution in voting. I’m excited about what you’ve accomplished, and I would like to help get the word out about my most important conclusion: as of Andy’s latest improvements, I believe cryptographic voting is now truly usable and, thus, inherently superior, in every respect, to other voting techniques. What is needed now is significant work in explaining this to the research and election communities.

I think it’s going to be very difficult. It has been, and it will continue to be. This is an enormous education project, one that entails explaining to many truly well-intentioned people that their intuition about technology and information is wrong. The only way to accomplish this is through extensive education at all levels, a great deal of patience, and an extreme amount of openness. The critics must be answered carefully and patiently. There’s nothing to fear about this public debate, because the facts are on the side of cryptographic voting.

In the spirit of openness, I’m going to begin blogging my thoughts publicly at I will be fully upfront about the facts and my motivations: I believe cryptographic voting is the best way, by far, to give voters confidence in the system. The facts are that you guys paid for the bare essentials of my trip out to Seattle (

Also important is that, if I believe you guys are in the wrong at some point, I will state so without restraint. Alternatively, if another company or research group comes up with similarly powerful technology, I will endorse them as much as I endorse you. Of course, none of this should come to you as a surprise, because I will always be upfront with you, too.

There is an opportunity here to revolutionize the verifiability of our voting systems and the confidence of the electorate in their democratic process. This opportunity requires careful and open collaboration, because the critics will be harsh, numerous, and unfair. At the same time, the potential benefit of this technology is too fantastic to pass up.

It behooves us to teach others and to get the word out. This is simply too darn important.


PS: feel free to forward this letter to fellow employees. I will also post it on my blog.

UPDATE: I edited the email addresses in the email above so that they wouldn’t be available to spam crawlers.

Sick of Fundamentalism

Filed under: General — December 2, 2005 @ 7:12 pm

A professor who was going to teach a course debunking the “sicence” of Creationism (aka Intelligent Design) has cancelled his plans. No doubt, his words (“fundies”) were poorly chosen. But how does the University President get away with such strong condemnation of this professor’s words, without any condemnation of the repeated insanity preached by Fundamentalists?

I take serious issue with this idea that fundamentalism is just another acceptable point of view. It’s not. Fundamentalism demeans every other point of view. It demands the conversion or the extermination of those who do not agree. Fundamentalism in every form, whether Muslim, Christian, or Jewish, should be fought, for if it isn’t, it will attempt to overwhelm and destroy those who do not agree.

So I am very happy to see that some are starting to fight this. Moderate and Progressive Jewish leaders are speaking out against Christian fundamentalism. It’s also very good news that Europe is offering an alternative to the US’s ridiculous abstinence-only sex education program. It is nothing less than criminal for the US President to declare, on AIDS day, that abstinence will help alleviate the AIDS crisis. The facts are clearly in contradiction with such an approach. Promoting such insanity is pure fundamentalism: blind religion before basic logic.

We cannot be tolerant of blind intolerance. We must fight fundamentalism. Every single one of us, in every way we can. Most importantly, it is the job of those closest to the fundamentalists to fight them. As a French/American mostly-Democrat Jew, I have a responsibility to fight Jewish extremism, far-left nutty theories, and stupid anti-Americanism in France. Moderate Republicans should take it upon themselves to fight the radical right. After all, my words don’t carry much weight with Republicans, but if moderate Republicans actually stood up for their principles of moderation, progress towards reasonable middle-ground positions would be far more likely.

If we all took it upon ourselves to fight the fringe elements of the groups we belong to, the world would be a far better place. More on this point sometime in the next few weeks.

Voting: Accountability and Secrecy

Filed under: General — November 22, 2005 @ 2:36 pm

Just a quick thought I just had about voting, inspired by a recent brainstorm within our research group.

In an election, your ballot remains secret, so that you cannot be unduly influenced by others. When elected representatives vote on laws, however, their voting record is supposed to be public (let’s discount those sleazy hand votes Congress holds every now and then). The idea behind the public voting record is to inform the people of their representative’s work. In this case, voters *do* influence their representative, and that’s a good thing.

But of course, there are other types of influence. Public voting records inform lobbyists on how their effort (ahem, money) is affecting politics. If elected representatives were to cast truly secret ballots, lobbying would be far less effective. But then, of course, representatives would be accountable to no one, not even the people they represent. So the “fix” here is to control the lobbyist influence. It would be impossible (and seriously problematic from a privacy standpoint) to scrutinize a voter’s cash flow to detect undue influence, but it is certainly doable to scrutinize political campaigns and ethics laws to ensure that politicians are not unduly influenced.

So what’s my point? Just that extracting an honest vote from a human being is a difficult thing, and the dynamics of secret ballot, public voting records, and campaign finance are intricately linked. Which shows, yet again, the importance of the current debate on campaign finance reform. We’re talking about nothing less than the very basis of our democracy.

France: the Wingnut Litmus Test Continues

Filed under: General — November 18, 2005 @ 8:52 pm

A couple of days ago, Mitt Romney, our Massachusetts Governor, joined the Bash-France club. Meanwhile, the right-wing movement RightMarch has just released a song called “Bush Was Right,” whose lyrics include (PDF), out of nowhere, the line “France was wrong.”

My Litmus Test continues. If you bash France for no particular reason, as a diversion, as an off-the-cuff remark, there’s a really good chance that you’re a crazy right-winger. No cauasl relationship, I don’t think, but this test is proving to be surprisingly accurate.

The Two Laws of DRM

Filed under: Security & Crypto — November 11, 2005 @ 9:27 am

People are in shock that Sony is effectively installing spyware to help them in their DRM effort. How dare Sony surreptitiously install a program on your computer that effectively overrides the operating system’s default behavior when reading CDs? Haven’t they gone too far?

Yes, of course they went too far. But the line was crossed years ago, when the entire concept of DRM for personal computers was broached. After all, DRM is about control. More specifically, DRM is about taking control away from *you*, the user. Using spyware/malware/unintended-ware to implement DRM is just a slightly different tactic in the grand scheme to enforce the entertainment industry’s wishes. The Two Laws of DRM, if you will:

First Law of DRM: A computer will not violate its manufacturer’s orders, or, through inaction, allow its manufacturer’s orders to be violated.

Second Law of DRM: A computer will follow its user’s orders, except where those conflict with the First Law.

Is there room in the world for this “trusted computing” (where “trusted” means the manufacturer trusts the machine)? Of course there is. Hospital computers should keep medical records safe and disallow sharing of such records with computers that are not DRM-enabled. Voting machines should boot only voting software. ATMs should authenticate as official ATMs when connecting to the banking network.

But in all of these cases, there’s one salient fact: the machine does not belong to the user. The machine is there to serve a higher purpose. It’s the hospital’s data vault. It’s the enforcer of democracy. It’s the bank’s teller. It’s never the user’s machine.

So why are we surprised by Sony’s actions? DRM is about making your computer a tool of the entertainment industry. It no longer serves you, it serves the content distributors.

And the question we must ask is simple. Who should control your home computer? You, or the manufacturer? You, or the entertainment industry?

Voting is Hard

Filed under: Security & Crypto — November 9, 2005 @ 9:31 am

Voting is terribly hard to administer.

I voted yesterday in Boston. I was handed voting lists by partisans about 50 feet outside the voting location, which is technically illegal. Once I came into the voting location, the overeager voting administrator confiscated my “voting paraphernalia,” even though it’s technically perfectly okay for me to come in with a voting list of candidates I’d like to select. Meanwhile, as I voted, the TV was on in the polling station, so poll workers could watch the talk shows. And of course, my name was checked off both lists at the same time, rather than once at the entrance, and once at the exit.

Meanwhile, Arnold Schwartzenegger almost had to vote provisional. Why? Because someone had used his name during the testing phase, and had forgotten to “cancel the transaction.” How many other voters had the same problem? How many of them had the courage to stand up and say this was a mistake?

This is difficult stuff. It probably always will be.


Filed under: Free Software — November 8, 2005 @ 12:45 am

Jason Matusow, Director of Microsoft’s Shared Source Initiative, is a smart guy. I’ve heard him speak in person. He’s managed to keep his job for a few years while weathering unfriendly crowds and debates with the likes of Larry Lessig. So, clearly, when he says the following, I can only imagine it’s planned FUD:

But if a customer modifies the source code, [Red Hat] can’t help you [without charging you extra]. They have to lock things down to provide value. As open source becomes commercialized, it becomes less open.

Come on, Jason, you can do better than that. This is a classic point-of-view confusion argument.

Open-source and free software give the customer the option of modifying the source code at any time. Does that mean that it’s a good idea to change source code on a mission-critical application that you’re paying RedHat to support? Of course not. Of course RedHat is going to support only the official RedHat version of Linux.

But if RedHat starts to do stupid things, open-source lets another vendor fork the code and provide support. Or if said other vendor figures out how to add a fantastic feature to RedHat Linux which they will then happily support, then open-source lets them do just that.

Open-source is not about modifying mission-critical code willy-nilly. It’s about freeing the software vendor market. It’s about allowing the customer to disentangle his choice of software and his choice of vendor. It’s about letting a thousand flowers bloom, creating a market that lets software evolve until it truly fits a need. And when it does, companies like RedHat will support that software version, while other versions of the software continue to evolve for other purposes.

Jason was focusing the crowd on the micro level: the relationship between one support vendor and one customer. Yet the forces of Open-source and Free Software operate at the macro level, influencing the general trend of software development. Macrosoft, if you will.