Let’s Talk Privacy & Technology Episode 10: Election Security & Voter Privacy with Joseph Hall
As part of my fellowship with Santa Clara Law’s leading privacy law program, I’m curating the Let’s Talk Privacy & Technology video series. Each episode features a privacy expert, practitioner, academic, or innovator. We discuss the intersection of privacy and technology, covering topics ranging from privacy engineering, privacy enhancing technologies (PETs), and data ownership, to data ethics, privacy tech, cybersecurity, and more. I publish episode notes in this blog, including this post dedicated to episode 10. [Episode 1 is available here; 2, here; 3, here; 4, here. 5, here; 6, here; 7, here; 8, here; and 9, here.]
Episode Description
I sat down with Strong Internet SVP, Joseph Lorenzo Hall, to discuss voter privacy and election security ahead of the 2020 elections. We talked about his journey from astrophysicist to election security wonk and policy technologist. We also covered voting tech, including the exciting startups that are doing great work in this space (e.g. Ben Adida’s VotingWorks), and how Joe’s not a big fan of the blockchain solutions for voting.
Episode Takeaways
- On being a policy technologist: In prepping for the episode, I stumbled upon one of Joe’s tweets about his work as a policy technologist. I asked Joe to share what being a policy technologist means and entails. He describes it as the application of technical skills or inclinations in the public policy arena. Policy technologists help policymakers sort through the technical implications of the policies they’re making. In a nutshell, Joe describes his work as helping government get tech right; and tech, get government right.
- On hacking voting machines for his PhD: Joe wrote his dissertation on electronic voting, titled: “Policy Mechanisms for Increasing Transparency in Electronic Voting.” He describes the experience as figuring out the best way to keep honest the black box voting machines that are counting our votes. He cites examining the contractual relationships between governments and voting machine tech vendors as well as open sourcing voting tech as two ways to keep these third-party tools honest. [Note that we have similar vendor and third party management requirements in the private sector, as required by laws like GDPR and CCPA. Additionally, open source is widely accepted as a best practice for transparency and security.]
- On election security: With everyone’s eyes closely following the US elections, it’s hard to imagine that people’s attention to election security was once episodic, largely tracking the presidential election cycle. Joe observed how such attention has not abated since the 2016 US presidential elections. We see this attention reflected in the news cycles, voter engagement and turnout, and election security funding. Joe recalled how particularly upsetting it was that the intelligence community hadn’t shared with election officials that they had caught the Russians trying to spearfish an election vendor.
- On voting tech certification: There are various state and federal voting tech certification processes. There is no floor or standard. Joe brought up how particularly lengthy and expensive the federal certification process was 4–5 years ago, taking about 2 years and costing around $2 million USD. This is problematic given the speed of innovation. Joe recently observed how certification rules focused largely on testing processes. Joe called for the involvement of security technologists to become a part of the voting tech certification process. In addition to security, he also believes that usability and privacy should be key components for testing voting tech. Because of the lack of a standardized approach, California has emerged as a laboratory for voting tech certification. Joe shares two use cases in particular: the introduction of risk limiting audits — which Joe describes as similar to statistical recounts on subsamples — in the certification process; and LA’s creation of its own voting machines.
- On voter privacy: We of course talked about the Facebook-Cambridge Analytica privacy fiasco and the Deep Root Analytics data breach that exposed 200 million Americans’ personal information and political dispositions. Joe describes ad tech and political strategy as having the following common: microtargeting. Political targeting firms are being hired to analyze a ton of voter data to target voters with ads that are likely to resonate with them. The misuse and exposure of voter data has serious implications, including implications on democracy and individual privacy. We’ve seen sensitive groups like domestic violence victims, minority groups like the African-American community, government employees like police and judges, all put at risk for the exposure of their voting information and political disposition.
Episode Links
- This episode is available on Santa Clara Law’s YouTube page.
- Joe can be reached by email (hall @ isoc dot org) or on Twitter.
- For upcoming episodes, check out the Let’s Talk Privacy and Technology series page on the Santa Clara Law website.
