Today, the Kentucky Supreme Court handed down an opinion in the saga of Kentucky vs. 141 Domain Names (described a while back here on this blog). Here's the opinion.

This case is fascinating. A quick recap: Kentucky attempted a property seizure of 141 domain names allegedly involved in gambling on the theory that the domain names themselves constituted "gambling devices" under Kentucky law and were therefore illegal. The state held a forfeiture hearing where anyone with an interest in the "property" could show up to defend their interest in the property; otherwise, the State would order the registrars to transfer "ownership" of the domain names to Kentucky. No individual claiming that they own one of the domain names showed up. Litigation began when two industry associations (iMEGA and IGC) claimed to represent unnamed persons who owned these domain names (and another lawyer showed up during litigation claiming representation of one specific domain name).

The subsequent litigation gets a bit complicated; suffice it to say that the issue of standing was what got to the KY Supreme Court: could an association that claimed it represented an owner of a domain name affected in this action properly represent this owner in court without identifying that owner and that the owner was indeed the owner of an affected domain name?

The Kentucky Supreme Court said no, that there needs to be at least one identified individual owner that will suffer harm before the association can stand in stead, ruling,

Due to the incapacity of domain names to contest their own seizure and the inability of iMEGA and IGC to litigate on behalf of anonymous registrants, the Court of Appeals is reversed and its writ is vacated.

And on the issue of whether a piece of property can represent itself:

"An Internet domain name does not have an interest in itself any more than a piece of land is interested in its own use."

Anyway, it would seem that the options for next steps include, 1) identifying at least one owner that would suffer harm, then motion back up to the Supreme Court (given that merits had been argued at the Appeals level), or 2) decide that the anonymity of domain name ownership in this case is more important than the fight over this very weird seizure of domain names.

As a non-lawyer, I wonder if it's possible to represent an owner as a John Doe with an affidavit of ownership of an affected domain name submitted.

UPDATE (2010-03-19T00:07:07 EDT): Check the comments for why a John Doe strategy won't work when the interest in anonymity is to avoid personal liability rather than free expression.

A weird bonus for people that have read this far: if I open the PDF of the opinion on my Mac in Preview.app or Skim.app (two PDF readers), the "SPORTSBOOK.COM" entry in the listing of the parties on the first page is hyperlinked. However, I don't see this in Adobe Acrobat Pro or Reader. Seems like the KY Supreme Court is, likely inadvertently, linking to one of the 141 domain names. Of course, Preview.app and Skim.app might be sharing the same library that causes this one URL to be linked... I'm not good-enough of a PDF sleuth to figure it out.

Here at Princeton's CITP, we have a healthy interest in issues of open government and government transparency. With the release last week of the Open Government Directive by the Obama Administration, our normally gloomy winter may prove to be considerably brighter.

In addition to creating tools like Recap and FedThread, we’ve also been thinking deeply about the nature of open and transparent government, how system designers and architects can better create transparent systems and how to achieve sustainability in open government. Related to these questions are those of the law.gov effort—providing open access to primary legal materials—and how to best facilitate the tinkerers who work on projects of open government.

These are deep issues, so we thought it best to organize a workshop and gather people from a variety of perspectives to dig in.

If you’re interested, come to our workshop next month! While we didn’t consciously plan it this way, the last day of this workshop corresponds to the first 45-day deadline under the OGD.

Open Government: Defining, Designing, and Sustaining Transparency

January 21–22, 2010

http://citp.princeton.edu/open-government-workshop/

Despite increasing interest in issues of open government and governmental transparency, the values of “openness” and “transparency” have been under-theorized. This workshop will bring together academics, government, advocates and tinkerers to examine a few critical issues in open and transparent government. How can we better conceptualize openness and transparency for government? Are there specific design and architectural needs and requirements placed upon systems by openness and transparency? How can openness and transparency best be sustained? How should we change the provision and access of primary legal materials? Finally, how do we best coordinate the supply of open government projects with the demand from tinkerers?

Anil Dash, Director of the AAAS’ new Expert Labs, will deliver the keynote. We are thrilled with the diverse list of speakers, and are looking forward to a robust conversation.

The workshop is free and open to the public, although we ask that you RSVP to citp@princeton.edu so that we be sure to have a name tag and lunch for you.

As Ed pointed out in October, Sequoia Voting Systems, Inc. ("Sequoia") announced then that it intended to publish the source code of their voting system software, called "Frontier", currently under development. (Also see EKR's post: "Contrarianism on Sequoia's Disclosed Source Voting System".)

Yesterday, Sequoia made good on this promise and you can now pull the source code they've made available from their Subversion repository here:
http://sequoiadev.svn.beanstalkapp.com/projects/

Sequoia refers to this move in it's release as "the first public disclosure of source code from a voting systems manufacturer". Carefully parsed, that's probably correct: there have been unintentional disclosures of source code (e.g., Diebold in 2003) and I know of two other voting industry companies that have disclosed source code (VoteHere, now out of business, and Everyone Counts), but these were either not "voting systems manufacturers" or the disclosures were not available publicly. Of course, almost all of the research systems (like VoteBox and Helios) have been truly open source. Groups like OSDV and OVC have released or will soon release voting system source code under open source licenses.

I wrote a paper ages ago (2006) on the use of open and disclosed source code for voting systems and I'm surprised at how well that analysis and set of recommendations has held up (the original paper is here, an updated version is in pages 11–41 of my PhD thesis).

The purpose of my post here is to highlight one point of that paper in a bit of detail: disclosed source software licenses need to have a few specific features to be useful to potential voting system evaluators. I'll start by describing three examples of disclosed source software licenses and then talk about what I'd like to see, as a tinkerer, in these agreements.

Short version: we now have gobs of voting system ITA reports, publicly available and hosted by the NSF ACCURATE e-voting center. As I explain below, ITA's were the Independent Testing Authority laboratories that tested voting systems for many years.

Long version: Before the Election Assistance Commission (EAC) took over the testing and certification of voting systems under the Help America Vote Act (HAVA), this critical function was performed by volunteers. The National Association of State Election Directors (NASED) recognized a need for voting system testing and partnered with the Federal Election Commission (FEC) to establish a qualification program that would test systems as having met or exceeded the requirements of the 1990 and 2002 Voting System Standards.^*

However, as I've lamented many, many times over the years, the input, output and intermediate work product of the NASED testing regime were completely secret, due to proprietary concerns on behalf of the manufacturers. Once a system completed testing, members of the public could see that an entry was made in a publicly-available spreadsheet listing the tested components and a NASED qualification number for the system. But the public was permitted no other insight into the NASED qualification regime.

Researchers were convinced from what evidence was available that the quality of the testing was highly inadequate and that the expertise didn't exist within either the testing laboratories to perform adequate testing or the NASED technical committee to competently review the ultimate test reports submitted by the laboratories (called Independent Testing Authorities (ITA)). Naturally, when reports of problems started to crop-up, like the various Hursti vulnerabilities with Diebold memory cards, the NASED system scrambled to figure out what went wrong.

I know have more moderate views with respect to the NASED regime: sure, it was pretty bad and a lot of serious vulnerabilities slipped through the cracks, but I'm not yet convinced that just having the right people or a different process in place would have resulted in fewer problems in the field. To have fixed the NASED system would have required improvements on all fronts: the technology, the testing paradigms, the people involved and the testing and certification process.

The EAC has since taken over testing and certification. Their process is notable in its much higher level of openness and accountability; the test plans are published (previously claimed as proprietary by the testing labs), the test reports are published (previously claimed as proprietary by the vendors) and the process is specified in detail with a program manual, a laboratory manual, notices of clarification, etc.

This is all great and it helps to increase the transparency of the EAC certification program. But, what about the past? What about the testing that NASED did? Well, we don't know much about it for a number of reasons, chief among them that we never saw any of the materials mentioned above that are now available in the new EAC system.

Through a fortunate FOIA request made of the EAC on behalf of election sleuth Susan Greenhalgh, we now have available a slew of ITA reports from one of the ITAs, Ciber.

The reports are available at the following location (hosted by our NSF ACCURATE e-voting center):

http://accurate-voting.org/docs/ita-reports/

These reports cover the Software ITA testing performed by the ITA Ciber for the following voting systems:

• Automark AIMS 1.0.9
• Diebold GEMS 1.18.19
• Diebold GEMS 1.18.22
• Diebold GEMS 1.18.24
• Diebold AccuVote-TSx Model D
• Diebold AccuVote-TSx Model D w/ AccuView Printer
• Diebold Assure 1.0
• Diebold Assure 1.1
• Diebold Election Media Processor 4.6.2
• Diebold Optical Scan Accumulator Adapter
• Hart System 4.0
• Hart System 4.1
• Hart System 6.0
• Hart System 6.2
• Hart System 6.2.1

I'll be looking at these in my leisure over coming weeks and pointing out interesting features of these reports and the associated correspondence included in the FOIA production.

^*The distinction between certification and qualification, although vague, appears to be that under the NASED system, states did the ultimate certification of a voting system for fitness in future elections.

Paul Blumenthal over at the Sunlight Foundation Blog points to a new report from the Congressional Research Service: “A Federal Chief Technology Officer in the Obama Administration: Option and Issues for Consideration”.

This report does a good job of analyzing both existing positions in federal government that have roles that overlap with some of the potential responsibilities of an “Obama CTO” and the questions that Congress would want to consider if such a position is established by statute rather than an executive order.

The crux of the current issue, for me, is summed up well by this quote from the CRS report’s conclusion:

Although the campaign position paper and transition website provide explicit information on at least some of the duties of a CTO, they do not provide information on a CTO’s organizational placement, structure, or relationship to existing offices. In addition, neither the paper nor website states whether the president intends to establish this position/office by executive order or whether he would seek legislation to create a statutory foundation for its duties and authorities.

The various issues in the mix here lead me to one conclusion: an “Obama CTO” position will be very different from the responsibilities of a traditional chief technology officer. There seem to be at least two positions involved: one visionary and one fixer. That is, one person to push the envelope in a grounded-but-futurist style in terms of what is possible and then one person to negotiate the myriad of agencies and bureaucratic parameters to get things done.

As for the first position, I’d like to say a futurist would be a good idea. However, futurists don’t like to be tethered so much to current reality. A better idea is, I think, a senior academic with broad connections and deep interest and understanding in emerging technologies. The culture of academia, when it works well, can produce individuals who make connections quickly, know how to evaluate complex ideas and are good at filling gaps between what is known and not known for a particular proposal. I’m thinking a Felten, Lessig, etc. here.

As for the fixer, this desperately needs to be someone with experience negotiating complex endeavors between conflicting government fiefdoms. Vivek Kundra, the CTO for the District of Columbia, struck me as exactly this kind of person when he came to visit last semester here at Princeton’s CITP. When Kundra’s name came up as one of two shortlisted candidates for “Obama CTO”, I was a bit skeptical as I wasn’t convinced he had the appropriate visionary qualities. However, as part of a team, I think he’d be invaluable.

It could be possible that the other shortlisted candidate, Cisco’s Padmasree Warrior, would have enough of the visionary element to make up the other side of the team; I doubt she has (what I consider to be) the requisite governmental fixer qualities.

So, why not two positions? Does anyone have both these qualities? Do people agree that these are the right qualities?

As to how it would be structured, it’s almost as if it should be a spider position -- a reference to a position in soccer that isn’t tethered by role. That is, they should be free from some of the encumbrances that make government information technology innovation so difficult.

California Secretary of State Debra Bowen has sent a letter to Chair Gineen Beach of the US Election Assistance Commission (EAC) outlining three proposals that she thinks will markedly improve the integrity of voting systems in the country.

I've put a copy of Bowen's letter here (87kB PDF).

Bowen's three proposals are:

• Vulnerability Reporting -- The EAC should require that vendors disclose vulnerabilities, flaws, problems, etc. to the EAC as the system certification authority and to all the state election directors that use the affected equipment.
• Uniform Incident Reporting -- The EAC should create and adopt procedures that jurisdictions can follow to collect and report data about incidents they experience with their voting systems.
• Voting System Performance Measurement -- As part of the Election Day Survey, the EAC should systematically collect data from election officials about how voting systems perform during general elections.

In my opinion, each of these would be a welcome move for the EAC.

These proposals would put into place a number of essential missing elements of administering computerized elections equipment. First, for the users of these systems, election officials, it can be extremely frustrating and debilitating if they suspect that some voting system flaw is responsible for problems they're experiencing. Often, when errors arise, contingency planning requires detailed knowledge about specific details of a voting system flaw. Without knowing as much as possible about the problem they're facing, election officials can exacerbate the problem. At best, not knowing about a potential flaw can do what Bowen describes: doom the election official, and others with the same equipment, to repeatedly encounter the flaw in subsequent elections. Of course, vendors are the most likely to have useful information on a given flaw, and they should be required to report this information to both the EAC and election officials.

Often the most information we have about voting system incidents come from reports from local journalists. These reporters don't tend to cover high technology too often; their reports are often incomplete and in many cases simply and obviously incorrect. Having a standardized set of elements that an election official can collect and report about voting system incidents will help to ensure that the data comes directly from those experiencing a given problem. The EAC should design such procedures and then a system for collecting and reporting these issues to other election officials and the public.

Finally, many of us were disappointed to learn that the 2008 Election Day survey would not include questions about voting system performance. Election Day is a unique and hard-to-replicate event where very little systematic data is collected about voting machine performance. The OurVoteLive and MyVote1 efforts go a long way towards actionable, qualitative data that can help to increase enfranchisement. However, self-reported data from the operators of the machinery of our democracy would be a gold mine in terms of identifying and examining trends in how this machinery performs, both good and bad.

I know a number of people, including Susannah Goodman at Common Cause as well as John Gideon and Ellen Theisen of VotersUnite!, who have been championing one or another of these proposals in their advocacy. The fact that Debra Bowen has penned this letter is a testament to the reason behind their efforts.

Ed recently made a number of predictions about election day ("Election 2008: What Might Go Wrong"). In terms of long lines and voting machine problems, his predictions were pretty spot on.

On election day, I was one of a number of volunteers for the Election Protection Coalition at one of 25 call centers around the nation. Kim Zetter describes the OurVoteLive project, involving 100 non-profit organizations, ten thousand volunteers that answered 86,000 calls with a 750 line call-center operation ("U.S. Elections -- It Takes a Village"):

The Election Protection Coalition, a network of more than 100 legal, voting rights and civil liberties groups was the force behind the 1-866-OUR-VOTE hotline, which provided legal experts to answer nearly 87,000 calls that came in over 750 phone lines on Election Day and dispatched experts to address problems in the field as they arose.

Pam Smith of the Verified Voting Foundation made sure each call center had a voting technologist responsible for responding to voting machine reports and advising mobile legal volunteers how to respond on the ground. It was simply a massive operation. Matt Zimmerman and Tim Jones of the Electronic Frontier Foundation and their team get serious props as developers and designers of the their Total Election Awareness (TEA) software behind OurVoteLive.

As Kim describes in the Wired article, the call data is all available in CSV, maps, tables, etc.: http://www.ourvotelive.org/. I just completed a preliminary qualitative analysis of the 1800 or so voting equipment incident reports: "A Preliminary Analysis of OVL Voting Equipment Reports". Quite a bit of data in there with which to inform future efforts.

Yes, that is a title of a real, current legal case and controversy.

(And, no, the links in this post are not spam... mostly gambling news sites seem to be reporting on this.)

The Governor of Kentucky, through his Justice and Public Safety Cabinet, has moved in court to have 141 gambling-related domain names transferred to the Kentucky state government, partially because other legal gambling operations in Kentucky, like horseracing, lose revenue to online gaming. Yes, you read that right: by allegedly violating KY law, the state can move to have property used in these unlawful acts transferred to the state. In this case, the "property" in question is the domain names themselves.

This case is definitely novel in the realm of cyberlaw, but also is a bit controversial for how it originally proceeded. At first, the state met with the judge in a unilateral hearing where the judge granted a seizure order directing the registrars of each domain name to transfer the domain name to the state of Kentucky (a few registrars transferred the domain names immediately upon receiving the order). The judge also then established a date for a forfeiture hearing (think of it as a last chance opportunity for affected parties to appear and dispute the seizure of their property). A phalanx of attorneys for various gambling outfits (presumably, see below) as well as industry and players associations showed up to this original hearing. The judge decided to accept briefing on the various issues presented; his order was due on Wednesday but was delayed until yesterday due to a computer glitch.

Judge Wingate's order was handed down on Thursday. There's so much interesting stuff in this case, perhaps it deserves a few more posts; I'd like to highlight a few things:

• Identifying parties -- For obvious reasons related to gambling being illegal in many parts of the United States, many of the 141 Domain Names defendants don't want to be identified. However, to have standing -- that is, to be able to present a legal argument as a direct party to a case -- one needs to have an attorney and be identified as one of the named defendants (or anyone could make the case).
• Domain names as property -- Are domain names more like an address or phone number or are they more like a piece of physical property? Here the judge relies on a case from the 9th Circuit in California, Kremen v. Cohen 337 F.3d 1024 (9th Cir. 2003), where Justice Kozinski had to decide if a domain name was property that could be stolen under California law. That case established an "attributes test" for intangible property that includes 1) is there an interest capable of precise definition? 2) can it be excluded from possession or otherwise controlled? and 3) can the purported owner establish a legitimate claim to exclusivity? Applying this test (and some additional muddled reasoning), Judge Wingate found that domain names are indeed intangible property.
• Devices and chance -- The state maintains, and presented expert testimony to the effect, that domain names are a "device or transport device allowing Kentuckians to engage in internet gambling." In my opinion, this is where Judge Wingate goes a bit off the deep end. The part of Kentucky law that defines a "gambling device" (KRS 528.010 (4)(a) and (b)) as a tangible device manufactured and designed specifically for gambling. Wingate compares domain names to "virtual keys" for "virtual casinos" and finds that reading the law literally is not appropriate here and, rather, Kentucky courts have to uphold the intent of the law. And how much virtual intent can we read into Kentucky law? I would further quibble with Wingate's assertion that these particular domain names have been designed to attract players; most of the successful gambling sites in the list of 141 seem to have more branding value in their domain names rather than cachet due to clever word choice.

  Also, under KY law, games of chance are explicitly illegal while games of skill are not. The Poker Player's Alliance, a group that represents players of poker and poker enthusiasts, argued in an amicus brief that the poker-related subset of the 141 Domain Names should not be subject to the forfeiture due to their not being illegal under KY law. Wingate seems on more solid ground with the chance element raised by the Poker Player's Alliance. The part of KY law relevant here (KRS 528.010(3)) in that it defines chance as only one element of what constitutes "gambling" with risking something of value and the opportunity of winning something of value as the other elements.

What's the upshot of all of this? To me, it's pretty scary: A state government moved to order seizure of domain names that it found were illegal "devices" and a judge issued an order demanding the transfer of these domain names before any hearing or opportunity to protest. The state has so far successfully argued that domain names are property and devices used for illegal gambling within Kentucky and that the 141 Domain Names defendants must identify themselves to have standing to contest the seizure and forfeiture. The last shoe to drop is that Judge Wingate, as part of his order from yesterday, ordered the state to rescind any forfeiture for gambling sites that block Kentucky gamers using geographical blocking methods (the wording was, essentially: Defendants who install a "software or device [...] which has the capability to block and deny access to [the defendant's] online gambling sites [...] from any users or consumers within the [...] Commonwealth [of Kentucky] and reasonably establishes to the [state] or this Court that such geographical blocks are operational, shall be relieved from the effects of the Seizure Order and from any further proceedings [in this action.]").

What is to stop other local governments from mandating blacklisting of geographical user bases (despite the plain futility of this protection measure)? What's to stop an authoritarian state from seizing the domain name of a dissident group? I don't see a good solution.

Finally, the only general amicus brief submitted was from the Internet Commerce Association representing domain name registrars. Where is the public interest voices in this? Where are my friends from the Electronic Frontier Foundation?

The Office of the California Secretary of State has issued a set of proposed emergency regulations for post-election manual tallying of paper election records. In this post, my first at FTT, I'll try to explain and contextualize this development.

Since her election to office, California Secretary of State (CA SoS) Debra Bowen has methodically studied the shortcomings in California's election equipment. She first initiated a Top-To-Bottom review (TTBR) of California's voting systems that found them to be of poor technical quality and vulnerable to a myriad of security vulnerabilities, accessibility flaws, reliability issues and inadequate documentation and testing (a number of FTT regulars participated in the TTBR). For this year's presidential primary in California, Bowen worked to mitigate these problems by decertifying this equipment and then recertifying it subject to a list of about 40 different conditions. One such condition is that the usual 1% manual tally under California law -- counties must randomly choose and hand tally ballots cast in 1% of precincts -- would be modified to include escalation that would mandate increased tallying for close races (where even small amounts of possible fraud and/or error could make a difference in the outcome of a contest).

Bowen issued these additional requirements (the "PEMT Requirements") under her authority as CA SoS to regulate election technologies (here are the original PEMT Requirements). Unfortunately, the Registrar in San Diego County sued Bowen arguing that she 1) didn't have such broad authority and 2) that, even if she did, she could only issue the PEMT Requirements through the California regulatory procedure (specified by the CA Administrative Procedure Act). A state Superior Court found in favor of the CA SoS but a Court of Appeal found that the PEMT Requirements did indeed betray characteristics of regulations and should therefore have gone through the regulatory procedure (for the legal eagles out there, see: County of San Diego v. Debra Bowen (2008) 166 Cal.App.4^th 501).

By the time the Court of Appeal had made its decision on August 29, there was no time to follow the normal regulatory process, which takes about four months. Instead, the CA SoS had to follow the process for adopting an emergency regulation which applies when a regulation "is necessary for the immediate preservation of the public peace, health and safety, or general welfare."

What is so special about these emergency manual tally provisions? First, it represents the increasing relevance and importance of adversarial considerations in the design of an election audit process. As we describe in the NYU Brennan Center / UC Berkeley Samuelson Clinic report on post-election audits ("Post-Election Audits: Restoring Trust In Elections"), fixed-percentage audits of election records are only particularly useful in detecting wide-ranging anomalies in vote counts. Methods that "tune" the amount of records audited depending on the margin in contests on the ballot do a much better job of ensuring that they'll find evidence of possible error or fraud. Per the emergency PEMT Regulations, any contest with a margin (difference between the winning and losing choice in a contest) of 0.5% or lower is subject to a 10% manual tally, an order of magnitude more scrutiny than the statutory default.

Second, the CA SoS' emergency PEMT Regulations reflect many best practices from audit theory and research: precincts to audit must be chosen randomly; the precincts to audit are only chosen after the semi-official vote tallies are arrived at; tally activities must be announced publicly and available for public observation; tallies must be conducted under "blind count" rules where the talliers do not know the totals in the precincts they're tallying; differences between machine and hand counts must be explained or investigated.

The elephant in the room is always Los Angeles County; LA is so amazingly enormous for an election jurisdiction that some things simply aren't possible. (For example, they frequently pick up ballot materials from precincts in helicopters; that is, traffic in LA is so bad and there are so many polling places (~5,000 or so) that the most reliable form of ballot transmission is via helicopter.) These rules are going to be exceedingly difficult for LA to comply with. I expect they will hire an army of tally managers and talliers to perform their tally and that it will be a race against the clock, counting 24 hours a day, seven days per week, to try and get it all done in the 28-calendar day canvass period.