I could not understand the speeches over the loud-speakers during the two hour presentation. I have few close Chinese friends, and I have never managed to have a candid conversation about what happened in 1989. Many of the people in Victoria park were not even born when the Chinese military opened fire on its own people. I know the history, from documentaries and books, but I don’t know why it should matter so much on a balmy Friday night, 21 years later.

But a hundred thousand people weeping over candles says it still means something.

I began to ask people why they were there.

“We came to learn about the history,”  three young girls told me in halting English. They were secondary school students, and their teacher had encouraged them to come.

That history is not taught in mainland schools, and all mention of what happened in June 1989 is elaborately censored online — including web pages, online forums, IM conversations, and personal emails. Last year a former Chinese solider was arrested and taken from his home in the middle of the night for publishing an open letter calling for a review of the incident.

Hong Kong operates under a different constitution, and you can talk about Tiananmen here — most of the time. Last week a group of activists tried to display a statue called the “Goddess of Democracy” in front of the Times Square mall, a sort of faux Statue of Liberty that mimics a famous paper-mache figure erected by the original protesters in Tiananman square in 1989. Thirteen people were arrested and the statue was confiscated.

“It wasn’t hurting anyone,” said a man in his late  20s, who would only identify himself as “a worker.” “It’s not right for them to take it away.”

He said this was his first June 4th vigil, as it was for many others I spoke to. In fact it’s estimated that this was the biggest turnout ever, exceeding even the very first vigil in 1990, when Hong Kong citizens openly feared what the 1997 handover to China might mean for their freedoms.

This demonstration would be impossible in Beijing. Officially, the students who were calling for “democracy” remain dishonored; the Communist Party of China insists to this day that the military violence was necessary to maintain stability of the country. That’s what they say when they can be forced to talk about it at all — for the “June fourth incident,” as it’s been blandly retitled, is taboo. The June fourth incident does not exist.

There was no coverage of the Hong Kong demonstration in the Chinese media; nothing on Xinhua, nothing in China Daily.

And I think that’s why people keep coming. Occasionally someone I talked to used  words like “freedom” and “democracy,” but when I pressed them it always came down to specifics. The statue was taken away. The Chinese government won’t talk about what happened. There was no grand ideology uniting the people in Victoria Park, no deep ideals other than this: we want to talk about it, and you will not let us.

When it comes down to it, the 1989 protestors didn’t know what they were doing. They wanted change, and they boldly called out the crimes and repression of their government during the horrors of the cultural revolution and after. But they also wanted to force students to attend demonstrations, according to later interviews. The protest movement was hardly democratic or even organized; it had no coherent philosophy and was riddled with internal power struggles. It’s easy to make the students and workers of 1989 into heroes or martyrs, but the truth is messier.

“I’m willing to keep an open mind,” one Hong Kong medical student told me. “Maybe there was no way to finish the affair without blood. But many mainland students don’t fully understand what happened that day. They need to know so they can make a careful judgement.”

Maybe that’s the sort of diplomatic language that will be necessary for reconciliation. But the history isn’t so bloodless. People died. Lots of them. People lost limbs and family and friends, and then lost friends again when everyone connected to the protests was quietly rounded up, silenced, or exiled. A series of laminated yellow posters recalled the victims, with the name, photograph and whatever is known of the story of each one. We know that some people were shot or crushed by tanks; others simply disappeared that night.

Does it help to imagine a woman sitting alone in her Beijing apartment, grieving silently for a long-lost lover? She can’t even write an email to a friend to say how she feels (try; it will bounce.) There will be no commiseration. It is not yet allowed.

And here, at last, I began to see what was denied to me as an outsider. I am not Chinese. I do not have family on the mainland — family who disappeared 21 years ago, and family who live still with the threat of a government that cannot talk about what it did. For me Tiananmen is abstract; I can make it about ideals like “freedom of speech” or “human rights” but I have no faces to attach to the violence. It was not my statue they took away.

“For me it’s a memorial,” said a middle aged man there with his wife. He wore glasses and a white polo shirt, with a camera slung around his neck. He had a slight pot belly. He said he had two children.  ”I have to keep coming every year until the Chinese government admits what they did, and that it was wrong,” he said.

“I may not live to see that day.”

]]> http://jonathanstray.com/they-remember-because-they-are-told-to-forget/feed 0 http://jonathanstray.com/from-electronic-to-cryptographic-voting http://jonathanstray.com/from-electronic-to-cryptographic-voting#comments Wed, 07 Jan 2009 12:52:16 +0000 Jonathan Stray http://jonathanstray.com/?p=170 Electronic voting machines were supposed to make elections cheaper, faster, and more secure, but so far they have failed. In the last decade there has been something of a rush to adopt  e-voting, followed by suspicion and controversy over the black-box, “just trust us” nature of the first generation of commercial systems, followed by a return to paper ballots in many jurisdictions. However, if we wish to improve election processes, cheap and fast is probably the wrong goal. It may be possible to use cryptographic techniques to implement end-to-end auditable elections, new in human history.

The e-voting fiasco has illustrated that paper ballots are a better system than they might at first seem. Paper preserves voter secrecy, it is auditable after the fact, and it is even reasonably transparent, if one also allows election observers. But paper ballots must be closely guarded and cannot be directly counted by members of the general public, who in the end have no choice but to trust election officials,  observers, counting equipment, and the entire chain of custody. Rather than simply duplicating paper ballots electronically, we should strive to improve upon them.

This seems to be possible. Modern cryptography suggests the possibility of a new kind of incredibly transparent and fair election, where ordinary citizens can verify the soundness of the election for themselves, without ever needing to trust blindly that a huge array of machines and people have acted correctly. This represents a fundamentally new ability: for the first time, it may be possible to hold truly “open” elections.

What are we trying to accomplish?

Ideally, a democratic voting system would satisfy the following criteria:

• Secrecy: to prevent coercion or vote-buying, each person’s vote must be secret in perpetuity.
• Transparency: all voting procedures must be public and understandable by everyone.
• Verifiability: it must be possible to independently audit or validate the election results.
• Usability: it must be easy to vote, and cheap to deploy the system for hundreds of millions of voters.

In this way, each person would vote freely, while the entire society could have confidence in the outcome. The difficultly with these criteria is that they conflict: it is hard to preserve both secrecy and verifiability in a simple, transparent way.

Paper ballots fall short of the these ideals in many ways. They are nicely secret, and the process is reasonably transparent as there are public laws describing exactly how the votes are to be tallied, regulations providing for election observers, etc. However, independent audits are not really possible, because they require access to a large quantity of fragile and politically sensitive paper. In principle, we would like it to be possible for any regular citizen with sufficient time on their hands to perform a complete audit of the election results.

Elections results could be openly verified by publishing copies of every ballot cast, but only if there was some way to ensure that these copies were accurate. This could be done by issuing to each citizen to some sort of receipt of their vote which could be checked against the public list, but then votes would not be secret: they could be coerced or bought by offering a clandestine cash reward for receipts.

While paper ballots leave much to be desired, current electronic voting systems are worse. All e-voting machines are essentially “black boxes” that transform the voter’s choice into a final tally by some complex and unknown process. This makes them completely non-transparent. In the worst case, paperless direct recording electronic (DRE) voting machines are not at all verifiable, which makes them subject to both invisible malfunction and deliberate hacking  (either in the voting booth or at the tally station.) There has never been a convincingly documented case of miscount or fraud with DRE machines, but that may only be because such machines leave absolutely no record of the election process!

Because of this, many American states now require a paper record even for otherwise electronic machines, but even paper audit trails are problematic: when is an audit performed? Will all ballots be routinely audited or just a sample? What is the right sample size for confidence in the results? What happens if a discrepancy is discovered? Meanwhile, other states have gone back to paper ballots entirely and a number of electronic voting machines have been de-certified.

Cryptographic Hope

Enter cryptography, the discipline that has brought us such miracles as secure communication between two parties who have never exchanged any information in secret (public-key cryptography), tamper-proof  electronic documents (digital signatures), and the ability to prove that one knows a secret without giving it away (zero-knowledge proofs.) In the wake of these achievements, there has been some hope that proper cryptographic protocols will simultaneously solve the secrecy, transparency, and verifiability issues.

Voting might still be electronic in a cryptographic system, but the security of an election would rest on open cryptographic protocols rather than on trusted system implementations, the physical security of ballot boxes, or the honesty of certain people. Even better, the election results would be auditable at any time from public information, and each voter could verify that their own ballot was correctly recorded yet their personal vote would remain secret and unprovable.

Such a system is said to be end-to-end auditable, and represents a fundamental shift: for the first time, it may be possible to hold completely “open” elections in the sense that governments and election officials would have no more authority or power than ordinary citizens. This is unprecedented in human history, and it is exciting.

It is also quite a trick, and has never been demonstrated in practice. Aside from secrecy, transparency, and verifiability, any proposed cryptographic voting system must guard against many different kinds of attacks. These include tampering and “denial of service” attacks against the election, such as the ability to spoil the election through some sort of interference (as might suit an opposition group) or to arbitrarily declare that it was spoiled in some non-disprovable way (as a dictator might wish to do.)

A Toy Example: ThreeBallot

Like much of modern cryptography, the simultaneous provision of both secrecy and verifiability seems counter-intuitive. To aid in the study and conceptualization of such systems, professor Ron Rivest of MIT (the “R” of RSA fame) invented a “toy” voting system in 2006 called ThreeBallot.

It works like this: each voter is given three identical ballots in the voting booth. To vote for a candidate, the voter writes a mark on two randomly chosen ballots; to vote against a candidate, only one randomly chosen ballot is marked.

A valid vote is one in which each candidate is marked on either one (against) or two (for) randomly selected ballots. This could be checked e.g. by an optical scanning machine, much as paper ballots are currently validated at polling stations.

Then the voter secretly chooses one of the ballots and makes a copy of it as a receipt; the others are dropped into the ballot box. Each of the three ballots has a unique serial number.

After the election, all ballots are published publicly, and anyone can tally the election results from these copies. Additionally, each voter can verify that their ballot was published accurately by looking up their receipt in the published list. Yet there is no way to use a receipt to determine who someone voted for, because the voter can arrange to have any particular set of markings on the receipt that they keep. The receipt also prevents tampering, because a would-be tamperer does not know which of the three ballots the voter has retained. Thus there is a 2-in-3 chance of getting away with tampering with (or deleting) any one vote, but only a (2/3)^N chance of getting away with tampering N votes — like tossing N heads in a row, these are very rapidly shrinking odds.

ThreeBallot was never meant to be a real election system, and in fact in a University class voting experiment ThreeBallot was found to have significant security and usability problems: a third of voters couldn’t produce a correct set of ballots the first time, and a student “attacker” was able to manipulate about 20% of the votes cast, enough to change the election result. He did this in part by clandestinely reading other people’s receipts, such as those left in voting booths or on desks. This reminds us once again that security is always about much, much more than good cryptography.

However, the basic ideas of ThreeBallot — randomness in the vote-casting process, voter receipts, published ballots, and probabilistic tampering detection — are found in virtually all cryptographic voting schemes.

Realistic Proposals

Serious proposals are somewhat more complex. Some are designed to be entirely electronic while others are additions to paper ballot systems. Major proposals include Punchscan (2006) by cryptographer David Chaum, Scantegrity (2007) by David Chaum and Ron Rivest, and Bingo Voting (2008) by a trio of German researchers. All of these systems are very cryptographically clever, but as always, security in the real world is about much more than cryptography. A 2005 paper considered how a real election system employing end-to-end auditable protocols might work, and proposed various non-cryptographic attacks including collection of receipts, social engineering of election workers, and denial-of-service attacks which could invalidate the entire election (such as hacking the voting machines to record spoiled ballots.)

Also, many problems just cannot be solved cryptographically. One major reason why we don’t have internet voting is that it is impossible to prevent coercion and vote buying if voters can mark their ballots at home. A physical polling booth can at least be secured against witnesses — though not against, say, someone who will pay for cell-phone camera pictures of a suitably marked ballot. A completely secure voting system is  probably completely impossible.

Nonetheless, there is hope for electronic voting systems, not because they would allow us to vote cheaper or faster or more conveniently, but because they hold the promise of more transparent elections. Would-be designers and implementers of voting systems must realize that the purpose of a voting system is not just to count votes, but to ensure that everyone believes that the process was fair, and to ensure that this fairness can be proved as easily and as widely as possible.