Is IT abuse a threat to democracy?

You can dismiss the FBI's identity database effort as a short term threat to democracy first because they're on the side of the angels and second because they're committed to doing the wrong things wrong anyway - but what about simple data applications like Catalist? And if they're a threat to democracy, how responsible are we for making it possible?

Here's a bit from a Washington Post report dated Dec 22/07 and headlined "FBI Prepares Vast Database Of Biometrics":

CLARKSBURG, W. Va. -- The FBI is embarking on a $1 billion effort to build the world's largest computer database of peoples' physical characteristics, a project that would give the government unprecedented abilities to identify individuals in the United States and abroad.

Digital images of faces, fingerprints and palm patterns are already flowing into FBI systems in a climate-controlled, secure basement here. Next month, the FBI intends to award a 10-year contract that would significantly expand the amount and kinds of biometric information it receives. And in the coming years, law enforcement authorities around the world will be able to rely on iris patterns, face-shape data, scars and perhaps even the unique ways people walk and talk, to solve crimes and identify criminals and terrorists. The FBI will also retain, upon request by employers, the fingerprints of employees who have undergone criminal background checks so the employers can be notified if employees have brushes with the law.

"Bigger. Faster. Better. That's the bottom line," said Thomas E. Bush III, assistant director of the FBI's Criminal Justice Information Services Division, which operates the database from its headquarters in the Appalachian foothills.

I have mixed feelings about this. On the one hand the FBI is on our side - one of the organizational good guys. On the other, this kind of thing is heir to the political version of Murphy's law: "if it can be abused, it will be abused."

As bureaucracy will have it, however, there's very little reason for immediate concern because the bidding was limited to the usual suspects -companies with essentially 100% records of sub-par delivery - and finally went to the people running the current fingerprint system: Lockheed Martin's Transportation and Security Solutions branch.

As I've argued before the underlying thinking here reflects a hundred years of police and national government procedure - all of which evolved before information technology came along and all of which is hopelessly inappropriate to our world today. Unfortunately that won't stop anyone: instead this project will waste a billion or more taxpayer dollars gradually achieving mediocrity.

Thus the threat isn't immediate and doesn't come from this effort but from later development of the ideas that will be chewed up and thrown out as this thing progresses - meaning that the real threat to civil liberties here is probably about two presidents out.

Unfortunately it isn't the only threatening IT application around. Consider this bit from a much longer New York Times report by Leslie Wayne:

When Senator Hillary Rodham Clinton needed help rounding up superdelegates, she turned to Harold M. Ickes, the ultimate Democratic fixer, who is now working round-the-clock for her, drawing on his vast energy and decades of political connections.

But, at the same time, Mr. Ickes is also wearing another hat. He is president of Catalist, a for-profit databank that has sold its voter files to the Obama and the Clinton presidential campaigns for their get-out-the-vote efforts. With his equity stake in the firm, Mr. Ickes stands to benefit financially no matter which candidate becomes the Democratic nominee.

In creating Catalist, Mr. Ickes, who was deputy chief of staff in the Clinton White House, has formed a rare entity on the political scene, a for-profit limited-liability corporation that allows wealthy Democratic donors to help progressive organizations and candidates by investing in the company. And if Catalist, which has data on 230 million Americans, is successful as a business, these donors-turned-investors stand to reap financial returns from using their money to help elect Democrats.

But some campaign finance watchdogs say they wonder whether Catalist was established not so much to make money but to find a creative way to allow big-money liberal donors to influence the election without disclosing the degree of their involvement or being subjected to other rules that would govern spending by an explicitly political organization.

Catalist has raised over $11 million in venture capital, including more than $1 million from the billionaire financier George Soros, according to his aides. It also counts on such large unions as the Service Employees International Union and the A.F.L.-C.I.O., to buy its products and create revenues. And it plans to be the go-to source for voter data for a broad swath of groups often aligned with Democrats like the Sierra Club, Emily's List and Clean Water Action as they embark on ambitious get-out-the vote efforts this fall.

These liberal clients will buy lists of likely voters based on information that Catalist has gleaned from voter registration files and commercial data providers. For instance, Catalist computers will take voter registration information along with data from appliance warranties, hunting and fishing licenses, charitable memberships and other data points to draw models of potentially sympathetic voters that these clients can approach.

From a technology perspective this appears to be a fairly trivial application - the kind of list collation and management you could do on a SPARCstation circa 1994 and can now do on a Windows PC with nothing more compelling than SQL-server and .net.

What it's about is targeted marketing - and is different from the commercial version most obviously because companies like Walmart don't usually phone you to ask you to come to their Sunday housewares sale and most importantly because Walmart's biggest concern wouldn't be that they might accidently phone a Peavey Mart shopper and thus send business to the competition.

If I were operating this database application my idea of the jackpot card would be find a way to tie the voter's actual voting record to the other information we had about him. I don't know how hard that might be in most of the counties across the United States, but in Canada and much of Europe it would be a simple matter of gaining access to ballot data.

The voting process in the recent Alberta election, for example, went like this:

  1. the poll officials (mostly appointed by the party in power) had a sequentially numbered list of registered voters - name, address, sex - and checked identification against that list to see if the arriving voter should be given a ballot.
  2. if yes, they took out a ballot form, wrote the voter's number (from the list) on a tear-off strip at the top and gave the rest of the thing to the voter to go fill in behind some screens.
  3. the voter then put the completed lower part of the ballot in the ballot box, and the official put the numbered upper part in the audit/control box.

As a result, anyone with access to the ballots - and that includes the major political parties - can electronically match tear lines for almost all of the ballots to determine with very nearly 100% accuracy how each voter voted on each question.

As IT people we've developed the tools that make this kind of thing so easy an arts graduate can seize the potential -and now we have a problem because we can't put the genie back in the bottle.

So now what? in the short term we can count on the FBI to sabotage itself by hiring the wrong people to do the wrong things, but Catalist is both simple and a real threat to democracy: right here, right now. So what can we do - and, more importantly, what should we do?