Tag: dr. stephen castell

Computer SecurityExpert WitnessInformation & Communication TechnologySecurity

Is New Hampshire the Next Iowa Voting Disaster? Information Technology Expert Analysis

A hastily-developed app and combined with a lack of user testing caused a ruckus in Iowa Caucus voting this week. What’s in store for New Hampshire, Super Tuesday, and beyond?

It has been an exciting week in US politics. We had a State of the Union address and an impeachment vote. A whirlwind week by any standard! Before we could even get to those two events, we started the week with an outrageous technology failure in the Iowa Democratic Caucus. For purposes of this blog post, I’m not going into the differences between a caucus and a primary. Let’s just assume they accomplish the same result: selecting a candidate for political office.

For the Iowa Democratic Party, Monday night was a disaster and then it continued into Tuesday, Wednesday… you get the idea. As I write this blog post on Friday morning, I’m not even sure if they have an official determination of who won. The news stories seem to be conflicting.

So here is what we know about the app (IowaRecorder) failure based on available reports. The Iowa Democratic Party hired a marketing technology company to build an app which would be used, statewide, to report results of local caucus votes (I’m simplifying for purposes of brevity). The app was going to be used to submit voting results. Nobody was actually voting through the app.

This first really good article I read that outlined the technology implementation failure, came from Slate. Here was a good summary from a couple of days ago:

“It’s still unclear what exactly went wrong with the app, but all of these issues appear to have something in common: The Iowa Democratic Party clearly wasn’t prepared for any possible issues with the app and a more involved method of vote reporting introduced this year—and sure enough, it reportedly turns out that the app was never tested on a statewide scale. Shadow, which is run by alumni of the Barack Obama and Hillary Clinton campaigns as well as Google, was paid $60,000 to develop the app, but it had just two months after party officials decided to abandon plans to report results over the phone.”

There’s some updated information on the failure from Motherboard, which was released yesterday (along with the app code). Below, you’ll see that they released an app that was still in beta format:

“And Instead of going through proper app store review processes conducted by Apple and Google, Shadow used beta testing platforms like Apple’s TestFlight to distribute the software so it could meet the Monday deadline. So when it came time for the app to do its most critical role — letting Democratic precinct leaders report results from Iowa on Monday — it failed in every way imaginable.”

Expert Analysis:

As I do when these major stories break, I turn to Experts.com members to get insights. You may recall Dr. Stephen Castell. Dr. Castell, Chartered Information Systems Practitioner and Member of the Expert Witness Institute, is Chairman of CASTELL Consulting. He is an internationally acknowledged Independent Computer Expert who has been involved in a wide range of computer litigation over many years.

Dr. Castell and I wrote a blog post back in 2018, regarding West Virginia’s Blockchain voting program. They are actually expanding this plan, which may necessitate a separate blog post.

Below, please find my questions and Dr. Castell’s answers (Disclaimer: these questions and answers provided on February 5th, 2020):

Nick: From available reporting, it appears the Iowa Democratic Party failed to do a statewide testing of this vote reporting application. What type of tests would have been necessary to identify errors in the system before statewide roll-out?

Dr. Castell: As other ICT professionals comment in the reports, there should be thorough systems testing and QA procedures, including User Acceptance Testing and Pilot Trials, plus scaled-up ‘soak testing’, before contemplating any real-world launch, such as this statewide roll-out. You expect to get errors in systems testing – its main purpose is to identify faults and fix them. Sadly, software systems and Apps these days do seem often to be launched publicly without adequate systems testing, let alone with adequate prior User Testing and Pilot Trials. If such standard professional QA processes were omitted, or truncated, for something as high-profile and important as an App to collect and relay voter data in the Iowa Caucus, that does appear rather astonishing.

Nick: It doesn’t appear that all of the fault lies with the app developer. It seems the Iowa Democratic Party only gave the app developer 2 months to develop and deploy this application. What sort of time-frame would you anticipate to develop, test, and implement a software of this scale?

Dr. Castell: That is difficult to estimate without more knowledge of the actual detailed Customer Requirements Specification that the developer’s App was contracted to meet. On the face of it, an App simply to in-gather voting data, aggregate and transfer it, sounds in principle like fairly straightforward functionality to code, test (at scale) and implement, and 2 months may not have been an unrealistic timescale for development, testing and deployment.

Nick: Would you expect there to be a certain level of user sophistication for those using the app on this scale? Should there have been company representatives available at caucus sites?

Dr. Castell: Reports suggest that there was little prior familiarity, let alone ‘training’, or ‘user sophistication’, with the App on the part of those expected to employ it for real, in the high-pressure, real-time Iowa Caucus conditions. Whatever the state of compliance of the App with its contractual specification – perhaps reasonably well delivered to time, budget, specification, and of suitable quality, ‘fit for purpose’ – if there was no program for adequate user familiarity and training, plus some sort of support and trouble-shooting team from the developer company at caucus sites, that alone could account for the problems encountered in statewide roll-out operation.

Nick: From what I’ve read, it looks like the company was paid $60,000 to build this application. Is there any way to gauge whether this is too little or too much for this type of application development?

Dr. Castell: Again, that is difficult to gauge without more knowledge of the actual detailed Customer Requirements Specification, and thus the likely complexity of the functionality needed, and its associated software design and coding; also, there may have been a tight budget to which the developer company was obliged to work. It is not unusual for software developers to invest in a ‘plum’ assignment such as this high-profile Iowa Caucus project, for the promotional and marketing impact that gives them in securing hopefully more lucrative and profitable development jobs later. In this case, the $60,000 could have been much less than the true cost to the developer company of the analyst, designer, coder, tester, deployer and trainer man-days expended in building and launching the App with a statewide roll-out, against a tough deadline.

Nick: What sort of testing, trials, and quality assurance requirements would you have employed prior to such an implementation?

Dr. Castell: There should ideally have been thorough systems testing and QA procedures, including User Acceptance Testing and Pilot Trials, plus scaled-up ‘soak testing’, well understood by ICT professionals, before the real-world launch of this statewide roll-out. Relevantly, I teach a Course Avoiding IT Disasters – the Expert Way, the principles of which are also covered in my seminal paper “Forensic Systems Analysis: A Methodology for Assessment and Avoidance of IT Disasters and Disputes”, issued as a Cutter Consortium Executive Report, Enterprise Risk Management & Governance Advisory Service series (Vol. 3, No. 2, March 8, 2006).


 

We cannot say that New Hampshire is next. All available information tells us that New Hampshire is not using the same company/app used in the Iowa Caucuses. Furthermore, there was talk of Nevada using the app, but they have claimed they will not move forward with the application.

That’s the end of this particular blog post. Though, we’re already in talks about another post related to voting systems.

BlockchainComputer SecurityExpert Witnesslegaltech

Blockchain Voting Election 2018: Expert Analysis of West Virginia’s Plan

This November, West Virginians deployed overseas will have the opportunity to vote via smart phone through a Blockchain-based application. Given the existing concerns of election integrity, I couldn’t help but reach out for expert analysis.

Hey, did you know that election integrity is kind of big deal? Have you been watching any number of news stations in the last few years? Our country has not stopped talking about election meddling, voter fraud, electronic voting, and wide variety of related topics, for two or more years, give or take.

If you are not aware of these concerns, you must be living under a rock. Please make room under the rock as I’d like to join you. I do my best to ignore the talking heads because I’ve found they add no value to my life (anyone else feel that way about the twenty-four hour television news cycle?).

Before I digress entirely, my point is election integrity and vote verification are legitimate concerns and imperative for the success of our democracy. As such, broadcast news covers the subject extensively.

Rarely, however, do these broadcasters address the micro-issues. This is why I choose to get my news from a variety of different publications, most of which I read online. That’s how I found this article: Experts Criticize West Virginia’s Plan for Smartphone Voting, from Ars Technica. Many of my regular readers know I appreciate the legal and policy analysis from Ars Technica. Routinely, I use it as a jumping off point for further research. The publication often acts as a catalyst for blog posts. In this case, I’d been waiting for the opportunity to discuss the Blockchain topic and get insights from expert witnesses on the subject.

The issue of a Blockchain-based application being used, to allow soldiers stationed abroad, the opportunity to vote through their smart phone was the perfect topic. Bitcoin (a Blockchain-based crytocurrency) is already being written and discussed extensively. Voting, through a Blockchain application, is getting less coverage and is therefore more interesting to me.

Much of what I’ve read about the Blockchain is hyperbolic. I’ve read on more than one occasion that “the Blockchain cannot be hacked.” On its face, that statement appears illegitimate. There is no such thing as 100% secure. So, how do we plan on safely using a smart phone app to conduct one of our country’s most sensitive civic processes?

According to the Ars Technica article, West Virginia did a limited run of the system (Voatz is the name of the app) for the primary election in May. The article further provided, “West Virginia’s secretary of state told CNN that the pilot worked well and that the system passed four audits of various parts of the system. So this November, the state is planning to offer the system more broadly to West Virginians deployed overseas.”

Naturally, I have a lot of questions about the security and reliability of the voting application offered by Voatz. So I reached out to one of our computer science experts who has studied the Blockchain and recently published articles on the topic.

Computer Science and Systems Expert Witness – Dr. Stephen Castell

Dr. Stephen Castell is a computer science and systems expert witness with over 30 years of experience. As an expert witness, Dr. Castell has acted in over 100 major cases including the largest and longest computer software actions to have come to trial in the English High Court. Most recently, Dr. Castell contributed to the 200th issue of Computer Law and Security Review (CLSR), with his paper titled, “The Future Decisions of RoboJudge HHJ Arthur Ian Blockchain: Dread, Delight or Derision?Find out more about Dr. Castell by visiting his website: www.castellconsulting.com.

I’ve been working with Dr. Castell for more than eight years. We always have delightful conversations and “geek out” together over emerging technologies. Our recent conversations have, of course, covered the rapidly changing legal technology space.

Here are the questions I posed and the answers provided by Dr. Castell:

Nick: Can you describe Blockchain technology for the lay reader?

Dr. Castell: In its elemental form, a Blockchain is simply a decentralized database system – digital ledgers that store transaction data, distributed across many nodes.  It has a linked list data structure, with each block (an aggregated set of data) containing a ‘hash’ of the previous block.  Each block is formed by a ‘proof-of-work algorithm’, through which consensus of this distributed system is obtained via the longest possible chain.  A ‘traded’ cryptocurrency Blockchain (e.g. Bitcoin) is a shared public chain: in principle everyone has access to the chain, not only to read the information on the chain, but also to append new blocks on the chain.  This is known as an unpermissioned chain.  The West Virginia voting application is likely to be a permissioned chain, where, through public key cryptography, access control can be implemented during setting up of the chain so that differentiated access can apply – both voters and those managing and controlling the voting process can differentially record, and/or interrogate, votes and voting data added to its Blockchain.

Nick: Is a Blockchain-based voting system secure?

Dr. Castell: The Blockchain in and of itself provides strong cryptographic security.  However, ICT expert professionals bear in mind that not only are there no finalised international standards for Blockchain (eight  standards are in development under ISO/TC 307), but also there is far more to specifying, designing, developing, testing, deploying and maintaining an appropriate complete QA’d application than just the Blockchain element.  The security of the complete system needs to be addressed and designed-in from the start, irrespective of the use case for the Blockchain.  And whether to use a Blockchain as a component at all for a given business requirement such as public elections is a critical initial feasibility exercise that the expert knows is essential, as much from a security perspective as any other.

Nick: We know that electronic voting systems are vulnerable to hacking. Can Blockchain-based voting systems also be hacked?

Dr. Castell: Anything can be hacked, and electronic voting systems are no different.  Back in the late 1980s, I carried out a major definitive study, commissioned by the British H M Treasury, on the admissibility of computer evidence in court and the legal reliability/security of IT systems (The APPEAL Report, 1990, May, Eclipse Publications, ISBN 1-870771-03-6).  This concluded with what became known as my ‘First Dictum’:  “You cannot secure an ontologically unreliable technology by use of an ontologically unreliable technology”.  Nothing has changed.  Commercial computer hardware and operating systems, including smartphones, remain essentially ‘open’, and ontologically unreliable.

Nick: Is it the Blockchain that could be compromised or is it more likely a voter’s smartphone would be compromised by a hacker?

Dr. Castell: A well-engineered and implemented Blockchain distributed voting ledger should itself be as immune to compromise as its cryptography can provide.  But the voter’s smart phone security, and the overall voting application, are only as sound as whatever has been designed-in to the whole system – and we know that smartphones have for sure in the past been hacked.  It is not clear that the proposed West Virginia smartphone application would be any more (or less) hackable than anything else hitherto.

Nick: What sort of checks and balances would you expect for a Blockchain-based voting system before implementation?

Dr. Castell: It would seem an obvious (constitutional?) requirement that votes must always be manually-countable in any US election, in the event of suspected error or lack of trust in the reported result, whether through suspected deliberate tampering or compromise, accident or incident, random system malfunction, or whatever else, and particularly if the result is legally challenged in court.  Any smart phone app voting system must therefore always be designed so that its operation, and the voting data recorded, are auditable for integrity, accuracy and reliability ‘by hand’ – that is surely the most basic check and balance.

Lawyer Jonathan Bolls is a Magistrate, and Chief Election Officer, in Fairfax County, Virginia, who had personal experience of the consequences of unreliable computer systems, as a past victim of technical problems saving Bar Exam essays using suspect software provided by the Virginia Board of Bar Examiners (I provided expert opinion on his behalf – see http://jonathanbolls.blogspot.com/).  He notes that US citizens are passionate about the integrity of elections:  “For Blockchain technology, where someone is voting on their phone from overseas, they would want to consider that in doing so they potentially waive their rights to have their vote counted should a re-count be necessary.  We have actually gone the other way: removed our high-tech touchscreen voting systems and returned to the paper ballot.  If ever we need to check voting numbers we hand count”.

Aside from manual auditability, before implementation it is vital that ‘Proof of Concept’ projects be thoroughly executed, carefully trialing any proposed smartphone public voting system, prior to actual ‘go live’ for real.  Such Pilot Trials or Proving Systems are essential, with their scale, planning, operation, data and results, and assessment thereof, monitored and carried out by independent experts.

Nick: In your expert opinion, would you trust a Blockchain-based voting system to accurately register votes?

Dr. Castell: Deliberate hacking or compromise apart, there is no reason why a well-engineered and implemented Blockchain-based voting system, with careful professional expert involvement in its design and trialing before go-live, should not accurately register votes.  However, I do not consider that a so-called ‘trustless’ Blockchain-based voting system removes the need for a Trusted Third Party legally responsible for its operation and security.  ‘Who you gonna sue when it goes wrong?’ is still an essential consideration, and the Blockchain itself, nothing magical, ‘just another computer system’, cannot be sued.

See:

  • https://authors.elsevier.com/a/1XSpq_654J6Hkp  ‘The future decisions of RoboJudge HHJ Arthur Ian Blockchain: Dread, delight or derision?’, Stephen Castell, Computer Law & Security Review, Volume 34, Issue 4, August 2018, Pages 739-753.
  • Commission of the European Community. Green paper on the security of information systems, ver. 4.2.1, 1994.
  • S. Castell, Code of practice and management guidelines for trusted third party services, INFOSEC Project Report S2101/02, 1993.

Conclusion:

What are your thoughts? Would you trust a smart phone, Blockchain-based voting application? Please share your comments below!

UPDATE (08/16/2018):

Our friends over at the Robinette Legal Group, located in Morgantown, West Virginia, wrote a complementary piece to this blog. The author of the piece, Terri Robinette, did an exceptional job elaborating on prior “uses” of Blockchain in Sierra Leone and describing how West Virginia is legitimately the first to truly test this technology. She further described election security and fraud in West Virginia. Take a look at her article below:

Smartphone Voting App for Deployed West Virginia Military