Category Archives: Sociotechnical

Just say “no” to mobile voting apps

Voting via mobile phone is yet another idea whose time has not come.

As xkcd says, it’s “terrifying”.

If you have learned anything from the last three decades, it’s not to trust the first, rushed versions of software.  And in the case of voting apps, they are all new, untested, and, frankly, untestable.   (I.e., it is very, very difficult to construct a realistic test for a real election.) Worse, many of them are closed systems, that aren’t available for independent evaluation. “Trust us” is the operating principle.

Terrifying, indeed.

Voatz is one such voting app that is trying to do it right.  They have opened their code to the world, and invited researchers to evaluate and test it.  In fact, they paid consultants to do a detailed audit of the system. Good for them.

This month the results of the audit were released [2].  It ain’t pretty.

The review covered “over 168,000 lines of pure source code across approximately 2,100 files”, and the nearly 200 pages of results identify 79 issues, including dozens of pretty serious flaws.  This is why we do audits before deploying software!

As the review is at pains to say, the overall quality is pretty good.  Indeed, 1 bug per 2000 some lines of code is really excellent.  Nevertheless, it’s software, therefore it has bugs.

So, no surprise, there.

I did want to point out that this software is touted as using blockchain technology (specifically, Hyperledger), as if that is important.   So how does blockchain help meet the needs for trusted transparent anonymous vote casting and counting?

As far as I can tell, the blockchain is used to store/publish the (presumably) validated voted ballots.  Once there, the record can’t be easily altered or deleted, and can be examined by anyone with access to the blockchain.  That sounds fine, although Hyperledger is a private blockchain, so this isn’t exactly open to anyone.  Still, it’s a pretty robust way of posting the recorded votes.

How secure is the blockchain?  Well, the blockchain, qua blockchain is pretty hard to mess with.  And I doubt there will be many problems with the data on the blockchain, assuming it is good data when it gets there and they don’t mess up getting it there (see below about cryptographic issues).

The problem is that the voting app has a lot more than the blockchain.  A lot more.

Think about it:  the voter is using their regular mobile device, which is, well out there in their pocket.  So, for starters, who knows how hackable any give mobile phone might be?

The app doesn’t actually talk to the blockchain, but in fact communicates with a cloud service which ultimately talks to the blockchain.  The app has conversations with the service to handle the identification of voters, hand out correct ballots, and accept and check voted ballots.  What could possibly go wrong?

Additional services manage the administration of the election, validating the voters and ballots, and tabulating results.  These administrative functions are not accessible to the public.  The system is designed to allow detailed audits of all ballots.

All of these service communicate via encrypted channels, and use cryptographic signatures to assure valid access, data integrity, and so on.  Everything needs to be cross-validated to make sure that voters are eligible and vote only once, and to make sure the ballots are correct and not lost, and so on.  It’s pretty complicated.

Note that even if this system works perfectly, it relies on voter registration processes, ballot design, and other non-digital processes.  For that matter, configuring the system, filling up the databases, and so on, depends on humans to do it right.

And, indeed, the security audit identified many potential problems that involved many aspects of these digital processes and also “governance” and other human dominated processes.

I’ll also note that the audit also reports cases of “improper use of cryptographic algorithms, as well as ad hoc cryptographic protocols,” which is pretty serious  [3].  This is like a delivery company operating by its own rules of the road.  What could possibly go wrong?

So, back to blockchain.  One of the big ideas of blockchain is that it is a “decentralized” system, so that you don’t have to “trust” a single server or entity.  You can’t “hack” a blockchain easily, because there isn’t any one service to hack. The Voatz system uses blockchain, but that doesn’t mean it is “decentralized” in this way.  In fact, everything relies on their cloud services, which must be trusted.

This is why an earlier review was titled, “What We Don’t Know About the Voatz “Blockchain” Internet Voting System” [1].  Quote, Blockchain, Unquote. The use of a blockchain is pretty much irrelevant to the overall security of the system, and to the goals of the voters and election authorities.

Voatz is actually a pretty good system.  But “pretty good” isn’t really good enough for the bedrock of popular sovereignty.

Voatz is also a great illustration of the role that blockchain technology plays in this use case:  nearly none.

And, by the way, the audit was a very good idea.  So good that they should do it again.  And again.  And again. It will be important to repeat the audit again and again as the problems are (allegedly) fixed.  Maybe it will pass, someday.

  1. David Jefferson, Duncan Buell, Kevin Skoglund, Joe Kiniry, and Joshua Greenbaum, What We Don’t Know About the Voatz “Blockchain” Internet Voting System,  2019.
  2. Trail of Bits, Our Full Report on the Voatz Mobile Voting Platform, in Trail of Bits, March 13, 2020.
  3. Andrew Westrope, Detailed Audit of Voatz’ Voting App Confirms Security Flaws, in GovTech Biz, March 18, 2020.


Cryptocurrency Thursday

MakerDAO makes a play for CryptoTulip of the Year

As financial markets crashed this month, the new cryptocurrency based “DeFi” platforms were stressed in the same ways as other, “legacy” platforms.  It was an awful mess everywhere, but MakerDAO stood out for some well documented, unique melt downs.

Cathy Barrera describes this as “a Textbook Case of Governance Failure” [1].  What she means is “is the set of mechanisms by which the stakeholders collectively make choices regarding changes or updates to a platform’s operational rules, and to make decisions regarding events that the operational rules do not address.

This is not about APIs or network protocols, or even “incentive” systems.  It’s about decision making, and it’s about humans in the loop.

Barrera gives a succinct summary of MakerDAO’s problems, which involve a lot of automated systems that, when forced to work far outside expected situations, had dramatically bad effects.  Users were called for more collateral, but the system was too loaded for them to respond, resulting in big losses. (Essentially, the robots confiscated their stuff because they couldn’t log in.)

Most interesting was the failure of their automated trading, which features agents (with the spooky name “Keepers”).  Under absurd levels of traffic, there weren’t enough Keepers to keep up, and in at least one case a Keeper encountering opportunities to be the sole bidder, bid “zero”, and sucked up zillions.  This has resulted in a huge “negative system surplus”, i.e., multi-millions of debt.


This was all a rare, catastrophic event, for sure.  But, in contrast to the “legacy” world, MakeDAO had no mechanisms to stop the disaster, or to decide what to do to fix the damage.  The MakerDAO community is discussing what to do—after the fact, and with no agreed framework.

With this adventure, MakerDAO certainly must be considered a strong competitor for the 2020 CryptoTulip of the Year!  The term “negative system surplus” alone, is a classic!

  1. Cathy Barrera (2020) MakerDAO’s Problems Are a Textbook Case of Governance Failure. Coindesk,


Cryptocurrency Thursday

Coworking in an Urban Forest [repost]

[This was poster earlier here.]

This spring Nicolas Carvajal reports on a new coworking space in LA “in an Urban Forest” [1].

A green village of offices creates a community for the working individual surrounded by a dense urban forest in the middle of busy Los Angeles.” [1]

OK, this sounds pretty cool.  Goodness knows, a bit of “forest” would be very welcome in LA.

In fact, it sounds too good to be real.

First, this doesn’t look much like a “forest” to me, urban or otherwise.

It’s more building than trees (sixty “rooms”), and the entire area between buildings appears to be paved.  So, this looks more like a garden than a forest.

Other than the extensive gardens, the workspace and facilities are pretty similar to a lot of rental office space.  Presumably there is more external light and air than a office tower (though that is not necessarily all that great in the LA basin), and it seems to all be on ground level, so that’s good for those of us not in love with high rise buildings.

In the end, there’s nothing wrong with a workspace in a garden, IMO. In fact it sounds nice.

As their web site suggests, this is a “post-WeWork” space.  Or at least a “different that WeWork” space.  So yeah, that’s good.  Though I’m not really looking for a “WeWork” of any kind, myself.

I don’t live anywhere near LA, so I can’t easily visit in person to check it out.  Maybe the next time I’m there, I’ll pop in to see what it is like.

  1. Nicolas Carvajal, Co-Working in an Urban Forest, in Pop Up City, March 11, 2020.


(For much more on the Future of Work, see the book “What is Coworking?”)

What is Coworking?

New IEEE Standard for Blockchain Terminology!

Flash!  Blockchain is important enough for the IEEE to float new standards activity.

The Institute of Electrical and Electronics Engineers (IEEE) is an international professional organization that, among other things, creates and promulgates standards for software, hardware, and anything else that needs or benefits from standardization. If you look at IEEE and other standards over the last century, you will find a fascinating history of what seemed important over time, how technology was imagined and designed, and some big winners and losers.

(Old computer programming joke:  Standards?  We love standards.  That’s why we have so many of them!)

The best standards capture key technical features that will work best if everybody hews to the same terminology, interfaces, and behaviors.  One challenge is to discern the right things to standardize.  You want to standardize the design of plugs, but not the gadget that uses the plug.  Network addresses but not the design of the network.  And so on.

And, as in most of life, timing is everything.  Standardizing too early may freeze in obsolete technology.  Waiting until there is a dominant technology is safe, but not especially useful.

Creating a standard can be very hard work, and there is no guarantee of success.  I strongly recommend participating in standards setting if you can.  Your career will never be the same!

This month I saw the announcement for a new IEEE standard, “P2145 – Standard for Framework and Definitions for Blockchain Governance” [1].  Yes, that means there are over 2000 IEEE standards.  (More than that, because they can accumulate decimal sub numbers, as in the ubiquitous IEEE network standard 802, which has two dozen sub-parts, IEEE 802.1, etc.)

One of the things standards bodies try to do is codify standard terminology.  Words, words, words.

This can be highly technical, or it can be almost philosophical in its abstraction.  In the computer biz, words tend to flow freely and may mean whatever the speaker wants them to mean.  All the more reason to try to agree on at least some definitions, however difficult that may be.

The new P2145 aims to standardize terminology about blockchains, specifically governance models.  Anyone who has followed the technology, knows that there are a lot of words out there, with a lot of quasi-religious semantics.  What does “trustless” even mean?

This standard provides a common nomenclature and framework for describing blockchain governance across all use cases and contexts, including public, private, permissioned, permissionless, and hybrid.

The specific standard aims to tackle the often confusing concepts of how a blockchain is “governed”.  This concept is an intriguing combination of technology (networks, computations, messages), economics (e.g., a variety of models for “incentives”), human behavior (consensus, decentralized voting, cheating), and business models (who “owns” the network, what do they “own”).

This standard will face sociological headwinds as well.  Much of the blockchain world operates on the “white paper” plus code model, with little care for peer review or any kind of academic discussion.  If I say my new setup is an orange—and the orangest orange ever seen—then who’s to tell me it’s not orange?

So we’ll have to see if there is much interest in this proposed standard, if they can actually produce anything substantial, and if they do, whether anyone pays the least attention to it.

  1. IEEE. P2145 – Standard for Framework and Definitions for Blockchain Governance. 2020,


Cryptocurrency Thursday Friday

Ethereum Vies For Repeat of CryptoTulip Recognition

Frankly, I’ve lost track of Ethererum’s “engineering” process, but it’s definitely “interesting”!

For a couple of years now we’ve been waiting for “Ethereum 2.0”, which includes a dramatic–and not really orthodox Nakamotoan–change to “Proof of Stake” consensus.  This massive and not backward compatible change is taking some time to get here, which is a good sign that the developers are being responsible.

But this month I read that another proposal, called ProgPOW is being pushed. <<link, cite>>  This is a different, dramatic, non orthodox Nakamotoan change to the consensus process. This proposal has been around for more than a year (i.e., code exists that could be folded in to the main code).  But it is extremely controversial.

Huh?  I thought this was dead last year.  But apparently not.

As William Foxley reports, the continuing discussions are not so much technical, but “political” [1].

Generally speaking, Ethereum 2.0 is the path advocated by Vitalik Buterin, first among equals in the Ethereum community, and the overall goal is to dramatically reduce the Carbon footprint of Ethereum consensus.

The ProgPOW proposal comes from mining companies, and aims to reduce the use of custom ASIC accelerators, which distort the Nakamotoan vision of a flat, “democratic” network.

So Ethereum is blessed with not one, but at least two possible hard forks.  (Note that neither of these would make any different to ordinary “retail” users, except in case of disastrous goof up.)

(See also this, this, this, this.)

Ethereum now has a recognized “hard fork coordinator”, and he confirms that ProgPOW is not on any schedule for future forks at this time.  It is difficult to stress how innovative this “coordinator” is, for the cryptocurrency community!

The meeting itself was the usual yackfest, with no strong conclusion. In other cryptocurrency communities, this could easily lead to different parties claiming victory, and possibly competing versions of the code.  But Ethereum has an official roadmap, for better or worse, and a shepherd keeping track of what is on that roadmap.

It’s hard to know what’s going to happen with Ethereum. The community has a culture unlike most cryptocurrencies, with a benevolent patriarch not interested in personal profit and a semi-professional software development organization apparently concerned with good engineering.

This is not you father’s cryptocurrency!   It also is less and less Nakamotoan, no matter what the rhetoric says.

Interesting, from so many angles.

  1. William Foxley (2020) Ethereum’s ProgPoW Call Features Frustration but Little Progress. Coindesk,


Cryptocurrency Thursday

Cryptocurrency Use Case: War Zones

One of the longstanding use cases for Nakamotoan cryptocurrencies is to rescue people from collapsed economies; in war, anarchy, and failed states.  The basic case is that when conventional finance vanishes, economic activity grinds to a halt for lack of even basic money. Nakamotoans imagine that Bitcoin or other similar cryptocurrencies are uniquely suitable to solve this problem.  I think the idea is that Nakamotoan cryptocurrency does not require a functioning state, or indeed, any institutions.

Furthermore, cryptocurrency is borderless, so it can tie people into the broader global economy, regardless or local circumstances. E.g., you can sell stuff and buy food, even if there is no functioning local market.  And, finally, of course, Nakamotoan cryptocurrencies are imagined to be “censorship resistant”, capable of functioning even in the face of war and oppression.

This use case has yet to be realized, and experience is beginning to make clear that it is based on faulty assumptions as dubious hopes.

This winter, Leigh Cuen discusses lessons from the long and disastrous war in Yemen [1]. Yemen has been devastated by war and has been blockcaded for years. It is considered the worlds biggest humanitarian crisis, as most of the population is besieged without access to basic sustenance or medical care.  And, of course, the financial system and economy are moribund.

Now, the first thing to note is that a totally collapsed state doesn’t have internet or phone service.  It may be trivial to use Bitcoin where you live, but it’s flat impossible when there is no network.

Second, such networks as exist are controlled by the warring parties.  The supposed privacy of Nakamotoan cryptocurrency is based on the assumption that network access is private. In a war zone, accessing a network for any purpose is monitored.  Worse, using cryptocurrency may make you a target.

There is another wrinkle in Yemen.  Some of the warring parties have booted up their own Nakamotoan style cryptocurrencies.  This is used to create an alternative financial system for the parties, undermining the other side’s control of the economy and to evade financial blockades.

Fundamentalist Nakamotoans generally favor the ability to create your own currency, and to evade “censorship” by governments.  That’s all fine in theory, but when it comes to real cases in a war zone it’s hard to be neutral.

In Yemen everyone may be creating and using cryptocurrency, and even booting up their own private cryptocurrency.  You may or may not have the choice whether to use one or another.   War isn’t about “choice”, its about survival.

Depending you which side you back, a particular cryptocurrency transaction may or may not be considered a good thing.  Worst of all, governments are certainly going to work hard—and lethally—to suppress activities contrary to their war aims.

As Cuen puts it, “Cryptocurrency has itself become a weapon in Yemen’s civil war.

So, even if cryptocurrency works in a war zone, which it mostly doesn’t, it can be a very dangerous thing to use.

This is not really what Nakamoto was thinking of.

  1. Leigh Cuen (2020) Yemen’s Civil War Shows the Dangers of Crypto. Coindesk,


Cryptocurrency Thursday

How Digital Technology Enables Freelancing [repost]

[This was posted earlier here.]

For the past twenty five years or so, many people point out how digital technology, especially digital networks, enable remote working, including freelancing, coworking, and general digital nomadism.

My own view is that the technology is necessary but not sufficient, it enables but does not really drive these trends in work.  (See the book!)

This winter Anna Medina reiterates this case, explainingwhat the cloud means for freelance workers” [2].  Writing in the Freelancers Union blog, she declares cloud technology to be “a game-changer”.

Cloud-based technology has been a significant game-changer responsible for propelling the growth of the freelance industry.” (From [2])

Now, to me, “cloud technology” is as much a business model as a technology.  The stuff in the cloud is pretty much what we had all along in large organizations (and which I helped pioneer).  The new thing is who owns it, and the fact that you basically rent your critical infrastructure rather than try to run it yourself.

I think Medina’s basic point is that this approach (renting form the cloud) is especially beneficial for freelancers.  I would say that it levels the playing field, making it possible for an independent worker to have the same high-quality infrastructure as a member of a large organization.

She lists the kinds of tools available, including Communication, Sharing, and Payments.

I think Medina is completely correct that a lot of contemporary freelancing and coworking would be infeasible without access to these cloud services.  Technologically, the array of services cited would be “the easy ones”, services well perfected long before “the cloud”.  She doesn’t even mention virtual machines specifically, which make possible a variety of “on demand” computing, including software development, simulation, large computations, and lots more.

From my point of view, cloud computing makes a kind of “average” infrastructure available at low cost to even an individual worker.  “Average” isn’t perfect or ideal, but it definitely places a solid floor on the quality of infrastructure, raising all boats.  Only the wealthiest organization could afford the quality that you or anyone can get in the cloud.  That’s good, for sure.

Now, the cloud does not provide everything you need.  For one thing, you need a physical place to work, and most people need other people.  That’s what coworking spaces are for.

But even technologically, cloud users have to “bring your own” stuff: computer and networks, and users have to take care to use the cloud well.

For example, earlier in February in the same blog, Samuel Bocetta discussedHow to secure client data when you work remotely” [1]. The essential point is that, no matter how great and how “secure” cloud services may be, you, the worker, must still take responsibility for protecting you clients and your own information.

Obviously, using well designed cloud services is a good foundation.  But, as Bocetta outlines, you still need to operate defensively and practice safe computing:  passwords, cryptography, and policies.   You’ve heard it before, and you’ll hear it again.

The good news is that the steps he outlines are little different from any Internet user.  The bad news is that they aren’t any more fool proof than general Internet security.  So watch out.

To me, one of the scary parts of freelancing is that, as an independent freelance worker, you are on your own, both responsible and liable for protecting you clients.  One of the great benefits of belonging to a large organization is when you are helped by and at least partly shielded by the larger group.  A big company or university has lawyers on retainer, and also has experts who work hard to defend your systems.  You are not alone.

Yes, cloud computing is certainly a good thing for freelancers.  My own view is that it is an enabler, but not exactly “responsible for propelling the growth of the freelance industry.”  It also is hardly the whole picture.  Freelancers are still “on their own” in many ways.  This is why coworking spaces and communities are so important and valuable for freelancers:  so you aren’t all alone.

  1. Samuel Bocetta, How to secure client data when you work remotely, in Freelancers Union Blog, February 18, 2020.
  2. Anna Medina, What the cloud means for freelance workers, in Freelancers Union Blog, February 28, 2020.

Samuel Bocetta, How to secure client data when you work remotely, Anna Medina, What the cloud means for freelance workers,

(For much more on the Future of Work, see the book “What is Coworking?”)

What is Coworking?

Continue reading How Digital Technology Enables Freelancing [repost]