DevOps2Democracy

This is a sequel!

http://slides.com/elemunjeli/devops-for-democracy

Why Me?

  • Bsc Computer Science, TESC, 2013 with Undergraduate Research in Sofware Engineering for Deliberative Systems
  • Member of National Coalition for Dialogue and Deliberation         ( http://ncdd.org )
  • Speaking, Publishing, and Engineering Democracy since 2012
  • devopracy - infrastructure code for virtual democracies
  • DevOps consultant, working mostly with clients subject to government regulation. 

Kinds of Deliberation

Electronic Democracy

Government is made of Citizens and Resources

Identity Architecture

Resource Management

Open Source Online Voting

Y?

Elections are not trusted

While state IT personnel have great integrity, most people don't trust government in general.

 

Modern politicians have exploited the lack of trust in the election system. This is a setup for disaster.

 

Elections are Participation

The infrastructure necessary to extend our republic into a model with greater participation needs rigorous authentication and effective tabulation.

 

Voting is too expensive and slow. If we want to leverage our citizenry for better government, we need better communication systems.
 

Systemic Problems

In a democracy, every problem is a problem of the citizen. We cannot rely on government insiders to reform a system when they are dependent upon it. 

 

Some of our systems are old, and possibly unscalable. 

Elections are the MVP

When people want to form or reform a government, the first thing they need is fair and free elections... 

 

OR

A safe space to assemble and write a constitution or manifesto. Then they hold elections. 

What is an Election System

 Anyway?

Parts of an Election System

Registration

The state voter database in Washington state is available to the public. You can download and see voter info.

 

The information can only be used for political purposes. 

 

A version of this DB is used for voter verification during an election. 

Broadcast

Washington state refers to this as the election information system, and like the registration database, it's up for modernization. 

 

Realtime results and friendlier open APIs would improve this system. In a deliberative architecture, we'd build this into more elaborate analytics.

Balloting

This includes ballot delivery and scanning. Here in Washington the counties have their own equipment, and it varies from place to place. 

 

Contrary to popular belief, the state or federal government doesn't make the hardware. It's all vendors.  

Tabulation

Someplace, somehow, the votes are all aggregated. In Washington state, I think this happens on Microsoft Azure. 

 

Hey, don't knock it! Azure has the highest rated cloud for federal compliance; it goes to level 5 FedRamp, which is suitable for DOD use. 

Storage

Cold storage of the votes is in a datacenter in Tukwila within five minutes of a police station. Only three people have access from the Secretary of State's elections IT team. 

 

You probably know the datacenter.

Regulation

County

Counties procure and buy their own hardware based on what's been certified. 

State

The Secretary of State Elections division handles the registration and voter information pieces. 

Federal

The Secretary of State Elections Division partners with DHS for the following services: 

  • Assess vulnerabilities and identify mitigation plans
  • Share information
  • Rely on DHS for local in person support
  • Report incidents or threats

Link to more...

Municipal elections may run differently.

Obstacles

What keeps us from better, more open voting technology?

Political

  • Voter Suppression: even motor voter laws were very controversial. Voter fraud is played by politicians.
  • Voter Trust: many voters want automation and transparency but are afraid of the Internet.
  • Transparency: some political interests just hate it across the board.
  • Partisan Interests: voting technology shouldn't be owned by political interests, but it is. 

Solutions

  • There is a new breed of politician emerging. They base their careers on direct feedback and data driven government.
  • Public pressure: we need to make voting technology an issue outside of the election season. 
  • Digital Literacy

Regulatory

  • Online voting is part of the general issue of government using cloud. Regulation is controlled by entrenched interests. 
  • Underlying cloud platforms need to be compliant, and all third party services.
  • Some regulation of voting technology is state by state, meaning there's no one size fits all. 

Solutions

  • Online voting is practiced internationally. We should study their systems and implement what works.
  • Cloud compliance is improving with more vendors moving into the space.
  • We need political allies to effect legislation for more modern elections. 

Funding

  • Adoption in the government space is slow, and therefore not attractive to many VCs or Angels.
  • The government procurement cycle can be a nightmare of bureaucracy.
  • Leadership changes can derail advances in voting technology and elections. 
  • Nonprofit? Not so much.

Solutions

  • It probably makes sense to have a nonprofit foundation for exploratory development, civic engagement, and pro bono support of emerging democracies.
  • This kind of project can attract mission driven investors.  

Technical

  • Open source development demands a deeper skill set from developers, and products may be less mature.
  • Exposing the security profile goes against current practices where the information about how you do security is obfuscated. 
  • Real transparency means the personnel and finances of the operation will be scrutinized as well. 

Solutions

This is not a project for the timid. From investors to developers everyone needs to have a level of commitment beyond the usual day job. 

 

Security through obfuscation isn't really a good security strategy, but there's going to be a lot of discussion around an open approach.

Usability

  • Online voting demands a higher level of digital literacy. Users have to understand about spoofing, phishing, and social engineering.
  • What kind of devices are we going to support, and how?
  • Misinformation strategies could derail trust, or otherwise compromise the system. 

Solutions

  • Trust issues are a problem with current systems too. Transparency is key. 
  • Even the older generation can understand the importance of information and citizenship. Loose lips sink ships. Digital literacy should be a national priority. 

btw, Russians

There's an interesting whitepaper on Russian misinformation strategy. 

The Menace of Unreality

 

Misinformation, and the weaponization of information has an interesting history in their part of the world. 

Zersetzung!

 

Engineering

a deeply personal statement of requirements

Maximum Automation

  • Read only for all human users after deployment of the environment
  • Write once for all machine users after deployment of the environment
  • Maintenance only via code and with a gated, public check-in

The system should be portable and scalable.

Build to extend into use cases beyond traditional elections.

Multiple authentication strategies: distributed and centralized auth

Applications

  • Portable to various deployment scenarios
  • Minimalist code for Balloting and Ballots
  • Data Standards built in
  • Written natively for a distributed architecture

Security

  • Build for prevention and detection, not just audit and forensics
  • Make the infrastructure iterable so that it can be quickly patched in an emergency
  • Make the infrastructure portable, and run drills to ensure you can port on the fly
  • Minimalist OS and code for a small attack surface, this could include a declarative Linux, like NixOS
  • Know the baseline, and have a very quiet baseline

Development

Nonprofit

I'll incorporate my org as a nonprofit for development purposes.

 

I want to be able to provide a writeoff for contributions, and take advantage of research grants.

 

 

Test through Schools

Universities and Colleges have internal political systems where we could test a new election system. 

 

Side benefits include user training and involvement with some of the schools already testing election systems. 

Containerized Applications

Developing in containers will be significantly cheaper, but we have to build so that the applications are portable when the need arises. 

 

A containerized version of the system will make civic engagement affordable to small municipalities. 

Time

I've moved to part-time, and am looking for opportunities to cross develop the code. 

 

I am trying to negotiate my jobs so that I can open source code related to election systems, and work with relevant technologies. 

 

I'll keep doing talks to keep you appraised of progress.

Democracy is the worst form of government,

except for all the others.

- Winston Churchill

Self Governance

Everything here is our problem.

Thank You!

Ele Munjeli on LinkedIn

@elemunjeli on Twitter

devopracy on Github

Reach out with any questions! I'm always glad to hang and discuss the latest news. I am available to do talks from basic roundtable discussions to large venues. I can do technical talks or more basic material around electronic democracy and digital citizenship. 

DevOps 2 Democracy

By Ele Munjeli

Made with Slides.com

DevOps 2 Democracy

  • 576

More from Ele Munjeli