I'm back, as it were. I stopped posting when I started some contract work, as the type of posting I did just required too much time to write, and I just didn't have it. Or so I claimed to myself. After a while of working, I just fell into a slump. It wasn't too bad when I was employed, since I still felt productive on some level, but once the contract ended I fell completely into said slump. Now here I am, months later, and though my life has changed since then I still haven't gotten back into things. That changes now. I felt better about myself when I was making significant forward momentum, and I intend to reclaim that. Even just writing this helps some.
The problem, however, is that even when I was doing well, I still wasn't posting here much. I'm going to change that, and to that end I'm going to change the kind of posts I make. The heavily-researched and cited posts are not sustainable, as much as I enjoy writing them. Even cutting down on the citations isn't enough, so I'm going to add new types of posts, I think. I will never be the type to complain about my personal life on the internet, ever. What I may do is write shorter, well, ramblings on topics that just came to mind. By definition these will be less thought out than the pieces I've already posted, and as such probably even less reasoned and convincing than my longer stuff.
Another possibility that I've been toying with is posting fictional work. I am something of an amateur author, though I've not made any of my original works available to the public. That may change, and probably should change if I ever intend on being more than a rank amateur.
The third option is to post information on my personal projects. This is primarily programming work that I'm doing for a variety of reasons, primarily either to learn a new tool/language or to work towards some software I want to have for myself. Posting this could be particularly beneficial, since it would force me to think more about it and finish more of what I've started.
So what am I going to do? Probably some of all of these, and writing up some of my brain-crack so it no longer bothers me. We'll see. I'll do what I have to in order to post more often, as part of my greater attempt to forcibly pull myself out of this slump. I will make this work, I just have to figure out what it will take.
Sunday, September 18, 2011
Friday, March 25, 2011
Authenticating the Authenticators*
Or: Trust in Centralized Authority-Based Systems.
Just recently, Comodo (the Certificate Authority [CA] and creators of the popular Comodo Internet Security software) issued nine fraudulent certificates to as of yet unidentified hackers. The people responsible were traced to Iran, and the certificates were for mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org, login.live.com, and "global trustee". That last one makes no sense, granted, but the rest of them are significant sites with obvious potential for abuse, especially from someone based in Iran. With those certificates, those responsible could falsely claim to be those sites, and web browsers would gladly agree. And this isn't even the first time a false certificate was given by a legitimate CA. Now, Comodo has revoked those certificates, but that's pretty much useless. Mozilla and Google have quietly patched their browsers to blacklist the bad certs (which brings up other issues entirely), but that's really a band-aid and doesn't solve the core problem.
The core problem is trust. The way the system is currently set up, our computers trust those certificate authorities absolutely and mindlessly. This brings that trust into serious question. And this isn't the only questionable trust-based system that we depend on. DNS has had issues in the past, with special mention to ICE's recent "Operation: In Our Sites" and its legally questionable actions. The issues can even be extrapolated as far as the US's nuclear launch system.
So the first question is: should we trust them? The short answer is no. The long answer is "not as we do now". I'll get more into that later. The second question is then: what do we do about it? That's really the hard one.
There's a lot of talk these days about distributed systems, with a variety of levels of success. PGP and similar software use the concept of a "web of trust" instead of the absolute authority of CA's. This works fairly well for what it is, but has issues with scale. On the DNS front, there has been a lot of talk about a "decentralized DNS" based off of the peer to peer model because of ICE's actions. It's an interesting idea, but there's nothing really working yet.
So distributed models exist, and at least on some level work. But are they the way to go? I'm not sure. I think there's a lot of merit to the centralized authority systems, when they work. There's a lot of value in a trustworthy authority checking the veracity of a group's identity, distributing accepted names, and providing other services. It's efficient, and the authorities can put a lot of effort into ensuring correctness. The problem is that they're not perfect, and break down more often than we'd like. Some of them are built well, some of them have fundamental flaws. But either way, it's still people making the decisions and providing the authority, and people are susceptible to all sorts of failures. Honest mistakes, laziness, and corruption can all break what would otherwise be a good system. So how do we protect ourselves from those kinds of failures?
Well, my inner engineer's first answer is "redundancy". In the case of certificates, requiring one to be signed by multiple CA's would go a long way towards ensuring veracity. It may not be hard to fool one CA, but fooling three or four simultaneously about the same bit of information would be significantly harder (I can't really verify that because I don't know their specific methodology, but it should be true). An ISP can really only alter their own DNS records, so checking multiple root DNS servers could act as a sort of "sanity test" for the records. It wouldn't do much if an man-in-the-middle knew which servers you were going to check, but hopefully DNSSEC will be pushed out sometime this century.
The big problem that redundancy doesn't solve, however, are cases where the authorities are just wrong. "In Our Sites" changes pretty much all the "authoritative" DNS records for questionable reasons. Sometimes you want to trust (or not trust) groups regardless of what the CA's say. I think this is really where decentralized systems fit in, as a supplement and extension of the authoritative systems, not a full replacement. Falling back to such systems after testing the authoritative ones (or double-checking with decentralized) could go a long way towards weakening the power of the authorities without necessarily weakening their usefulness.
In other words, limit the trust. It would be useful, long-term, to be able to quantify an authority's trustworthiness based on a decentralized system. If ICANN repeatedly bowed to the ICE's request, then it would be good to know that they're not as trustworthy as we'd like, and it's more important to search other sources. If a CA's been issuing a bunch of fraudulent certificates, then certs from that authority should be taken with a grain of salt, and ideally double-checked.
I'm not sure where exactly the balance point is, nor how to implement the fuzzy logic that this would require. It's an interesting problem, and one that's becoming more and more relevant as the centralized systems continue to abuse or misuse their authority. It's important to remember that no one is absolutely trustworthy, and I think it's about time we taught our computers to understand that.
*title blatantly ripped from Bruce Schneier's blog
Just recently, Comodo (the Certificate Authority [CA] and creators of the popular Comodo Internet Security software) issued nine fraudulent certificates to as of yet unidentified hackers. The people responsible were traced to Iran, and the certificates were for mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org, login.live.com, and "global trustee". That last one makes no sense, granted, but the rest of them are significant sites with obvious potential for abuse, especially from someone based in Iran. With those certificates, those responsible could falsely claim to be those sites, and web browsers would gladly agree. And this isn't even the first time a false certificate was given by a legitimate CA. Now, Comodo has revoked those certificates, but that's pretty much useless. Mozilla and Google have quietly patched their browsers to blacklist the bad certs (which brings up other issues entirely), but that's really a band-aid and doesn't solve the core problem.
The core problem is trust. The way the system is currently set up, our computers trust those certificate authorities absolutely and mindlessly. This brings that trust into serious question. And this isn't the only questionable trust-based system that we depend on. DNS has had issues in the past, with special mention to ICE's recent "Operation: In Our Sites" and its legally questionable actions. The issues can even be extrapolated as far as the US's nuclear launch system.
So the first question is: should we trust them? The short answer is no. The long answer is "not as we do now". I'll get more into that later. The second question is then: what do we do about it? That's really the hard one.
There's a lot of talk these days about distributed systems, with a variety of levels of success. PGP and similar software use the concept of a "web of trust" instead of the absolute authority of CA's. This works fairly well for what it is, but has issues with scale. On the DNS front, there has been a lot of talk about a "decentralized DNS" based off of the peer to peer model because of ICE's actions. It's an interesting idea, but there's nothing really working yet.
So distributed models exist, and at least on some level work. But are they the way to go? I'm not sure. I think there's a lot of merit to the centralized authority systems, when they work. There's a lot of value in a trustworthy authority checking the veracity of a group's identity, distributing accepted names, and providing other services. It's efficient, and the authorities can put a lot of effort into ensuring correctness. The problem is that they're not perfect, and break down more often than we'd like. Some of them are built well, some of them have fundamental flaws. But either way, it's still people making the decisions and providing the authority, and people are susceptible to all sorts of failures. Honest mistakes, laziness, and corruption can all break what would otherwise be a good system. So how do we protect ourselves from those kinds of failures?
Well, my inner engineer's first answer is "redundancy". In the case of certificates, requiring one to be signed by multiple CA's would go a long way towards ensuring veracity. It may not be hard to fool one CA, but fooling three or four simultaneously about the same bit of information would be significantly harder (I can't really verify that because I don't know their specific methodology, but it should be true). An ISP can really only alter their own DNS records, so checking multiple root DNS servers could act as a sort of "sanity test" for the records. It wouldn't do much if an man-in-the-middle knew which servers you were going to check, but hopefully DNSSEC will be pushed out sometime this century.
The big problem that redundancy doesn't solve, however, are cases where the authorities are just wrong. "In Our Sites" changes pretty much all the "authoritative" DNS records for questionable reasons. Sometimes you want to trust (or not trust) groups regardless of what the CA's say. I think this is really where decentralized systems fit in, as a supplement and extension of the authoritative systems, not a full replacement. Falling back to such systems after testing the authoritative ones (or double-checking with decentralized) could go a long way towards weakening the power of the authorities without necessarily weakening their usefulness.
In other words, limit the trust. It would be useful, long-term, to be able to quantify an authority's trustworthiness based on a decentralized system. If ICANN repeatedly bowed to the ICE's request, then it would be good to know that they're not as trustworthy as we'd like, and it's more important to search other sources. If a CA's been issuing a bunch of fraudulent certificates, then certs from that authority should be taken with a grain of salt, and ideally double-checked.
I'm not sure where exactly the balance point is, nor how to implement the fuzzy logic that this would require. It's an interesting problem, and one that's becoming more and more relevant as the centralized systems continue to abuse or misuse their authority. It's important to remember that no one is absolutely trustworthy, and I think it's about time we taught our computers to understand that.
*title blatantly ripped from Bruce Schneier's blog
Wednesday, October 13, 2010
Network-Transparent Interfaces
I'm thinking of a system designed by a bunch of smart people for use over networks. It is intended to allow for a separation between clients and servers such that applications are written for and hosted on a server and can be accessed from a remote (or local) client. It allows for complex graphics, sophisticated interaction, and it is all (roughly) standardized by a public, non-profit group. The servers host sophisticated software and each user's data. The clients can communicate with and access the data and programs from anywhere in the world, regardless of the machine the client is actually running on, provided the client software follows the standards. Can you guess what I'm describing? That's right! It's the X Window System.
Oh, you guessed the World Wide Web? Huh. How'd you get that idea?
(I intentionally reversed which was client vs server in reference to X, but my point stands)
...
So I recently began noticing some disturbing similarities between X11 and the WWW. Unfortunately, this came about by thinking about the failings of each within a relatively short time span. The more I thought about it, the more I realized that the Web seems to be trending towards the same failure that X hit a long time ago. People seem to fall into a mode of thought where thin clients are all the rage and will solve all the world's problems. It was far more appropriate in the days when X was designed, since the majority of computers were dumb terminals attached to some mainframe and/or were too weak to do anything interesting. It's really not true today.
Some parts will always be true. Big servers will always be more powerful than desktop machines (barring some complete revolution in the way computers work, but we can't plan for that anyways, so I'm ignoring that possibility), and there is some merit to centralized data storage accessible anywhere. The advent and increasing ubiquity of MIDs (Mobile Internet Devices) and smartphones plays towards the "clients that are too weak to do anything interesting" angle, but they get continually stronger. History shows that thin clients have their own slew of difficult problems, and I'm not convinced the current trends in the progression of the Web are truly addressing that.
I could (and probably will, at some point) go into what I think the Web is doing wrong, but right now I want to consider first what both X and the Web are trying to address: network-transparent graphical programs.
The intent, as I see it, is to create a standard system to allow for network-transparent graphical programs in a heterogeneous environment. The division of labor between the two ends of the network connection changes based on the application, though as a general rule the communication between the two should be kept to the minimum required. I don't know that a client-server model is a good way of describing such a scenario, since both ends of the connection have elements of each. As such, I will refer to the user-facing end as the front end, and the computer-only side as the back end. In the case of the Web, the browser would be the front end, and the web server would be the back end; in the case of X, the X Server is the front and the individual applications are the back.
The front end primarily provides the tools and abstractions necessary to allow for the creation of sophisticated user interaction and graphics. This is the more sophisticated and difficult bit of engineering, as the tools it provides need to be general enough to allow for as many options as possible to developers while still providing a sophisticated tool set to make the simple cases easy. The Web largely succeeds at the latter, but fails at the former, largely due to incomplete standards and the lack of a reference implementation. X accomplishes the reverse. Anyone who has attempted to write for X will attest to its needless difficulty.
On the most basic level, any graphics system needs to provide means to draw to a screen or set of screens (or something else, but the most common case is a monitor/television) and the means for interaction with that screen. In the traditional case, the interaction comes from a keyboard and mouse. That was a safe assumption twenty years ago, but the advent and popularity of smartphones and other touch-oriented devices prove it to be a fallacy today (and that's ignoring the more creative input devices these days). Even the assumption of a single screen isn't safe, many people run multiple monitors and devices such as Wacom tablets attached to their PCs. In many cases, those screens are hooked together into a larger virtual screen, but that may not always be ideal. A modern front end would need to allow for all of that and make the system general enough to be as future-resistant as possible, since future-proof is largely impossible.
In order to generalize output as much as possible, the system needs to allow for arbitrary shapes and sizes of output screens, and make the system as extensible as possible to allow for things such as braille displays or holograms (if and when those are available) or any other interesting outputs that people can come up with. It's true that graphics won't always apply to this, but I would argue that a good system for user interaction should support as many modes of interaction as possible (don't even get me started on the state of sound in the existing systems).
Generalization applies just as much to the input system as the output. Some inputs need to be closely tied to the outputs, in such cases as touch screens. Others can and should be divorced from the graphics system, such as joysticks or control pads. Mice need to have a screen to make any sense (unless someone thinks of something really interesting to do with them), but keyboards are just as useful outside of a graphical environment as in one.
Oh, you guessed the World Wide Web? Huh. How'd you get that idea?
(I intentionally reversed which was client vs server in reference to X, but my point stands)
...
So I recently began noticing some disturbing similarities between X11 and the WWW. Unfortunately, this came about by thinking about the failings of each within a relatively short time span. The more I thought about it, the more I realized that the Web seems to be trending towards the same failure that X hit a long time ago. People seem to fall into a mode of thought where thin clients are all the rage and will solve all the world's problems. It was far more appropriate in the days when X was designed, since the majority of computers were dumb terminals attached to some mainframe and/or were too weak to do anything interesting. It's really not true today.
Some parts will always be true. Big servers will always be more powerful than desktop machines (barring some complete revolution in the way computers work, but we can't plan for that anyways, so I'm ignoring that possibility), and there is some merit to centralized data storage accessible anywhere. The advent and increasing ubiquity of MIDs (Mobile Internet Devices) and smartphones plays towards the "clients that are too weak to do anything interesting" angle, but they get continually stronger. History shows that thin clients have their own slew of difficult problems, and I'm not convinced the current trends in the progression of the Web are truly addressing that.
I could (and probably will, at some point) go into what I think the Web is doing wrong, but right now I want to consider first what both X and the Web are trying to address: network-transparent graphical programs.
The intent, as I see it, is to create a standard system to allow for network-transparent graphical programs in a heterogeneous environment. The division of labor between the two ends of the network connection changes based on the application, though as a general rule the communication between the two should be kept to the minimum required. I don't know that a client-server model is a good way of describing such a scenario, since both ends of the connection have elements of each. As such, I will refer to the user-facing end as the front end, and the computer-only side as the back end. In the case of the Web, the browser would be the front end, and the web server would be the back end; in the case of X, the X Server is the front and the individual applications are the back.
The front end primarily provides the tools and abstractions necessary to allow for the creation of sophisticated user interaction and graphics. This is the more sophisticated and difficult bit of engineering, as the tools it provides need to be general enough to allow for as many options as possible to developers while still providing a sophisticated tool set to make the simple cases easy. The Web largely succeeds at the latter, but fails at the former, largely due to incomplete standards and the lack of a reference implementation. X accomplishes the reverse. Anyone who has attempted to write for X will attest to its needless difficulty.
On the most basic level, any graphics system needs to provide means to draw to a screen or set of screens (or something else, but the most common case is a monitor/television) and the means for interaction with that screen. In the traditional case, the interaction comes from a keyboard and mouse. That was a safe assumption twenty years ago, but the advent and popularity of smartphones and other touch-oriented devices prove it to be a fallacy today (and that's ignoring the more creative input devices these days). Even the assumption of a single screen isn't safe, many people run multiple monitors and devices such as Wacom tablets attached to their PCs. In many cases, those screens are hooked together into a larger virtual screen, but that may not always be ideal. A modern front end would need to allow for all of that and make the system general enough to be as future-resistant as possible, since future-proof is largely impossible.
In order to generalize output as much as possible, the system needs to allow for arbitrary shapes and sizes of output screens, and make the system as extensible as possible to allow for things such as braille displays or holograms (if and when those are available) or any other interesting outputs that people can come up with. It's true that graphics won't always apply to this, but I would argue that a good system for user interaction should support as many modes of interaction as possible (don't even get me started on the state of sound in the existing systems).
Generalization applies just as much to the input system as the output. Some inputs need to be closely tied to the outputs, in such cases as touch screens. Others can and should be divorced from the graphics system, such as joysticks or control pads. Mice need to have a screen to make any sense (unless someone thinks of something really interesting to do with them), but keyboards are just as useful outside of a graphical environment as in one.
This is in-depth enough to warrant its own ramblings (or series thereof), so I'm going to stop with the front end for now. Human-computer interaction is a maddening problem, and I can see why all attempts so far have been less than perfect. This ties together all levels of computation, and I'm beginning to think that any monolithic system is doomed to failure. Unix philosophy strikes again. This is definitely worth more thought.
The back end itself is largely uninteresting for the purpose of this discussion. Though there are a lot of really interesting problems with efficient data storage and algorithms, it's really more general computer science than interface considerations in particular.
The other really interesting (and somewhat maddening) problem is the communication between the two. In keeping with my earlier thought, I'm going to go out on a limb and say that there is no "one true method" for communicating between the back and front ends. If it is across a network, then the set of necessary optimization criteria are completely different from those with communication within a local machine. The only real commonality is conservation of bandwidth, but the specific solution to that may very well differ between implementations. The only real statement I'm prepared to make on this is that the difference between the two should be completely invisible to any developers of apps for the system (and really, as much of the system itself as possible, look at KIO for inspiration).
Well, now that I've driven myself slightly (more) insane, I think I'm going to end this. I have a lot of food for thought, and little more to actually say at the moment. I started out with plenty I wanted to go over, such as competitors to X such as Quartz and NeWS, and ideas to pull from those systems, but over the course of writing this I've gone in a very different direction. More to ponder, really.
Until next time, whenever that may be.
Thursday, July 15, 2010
Making Local Government Relevant Again
I've always agreed with the principles of the American founding fathers. Unfortunately, the United States was established over two hundred years ago, and much of their methodology is now obsolete. One piece that's been bugging me lately is local government. It seems that in this day and age there's really not a huge point. It has some relevance in cities, but even then individual ordinances really just don't matter much to the average American.
Now, perhaps there is merit to that. Government should just keep things in order and stay out of the way. The problem with that line of thought, in my mind, is that it simply does not work that way. Local governments are tasked with maintenance, policing, etc, and often have little to no money to actually do what they are supposed to. They wind up doing the minimum amount required and can't raise taxes to compensate because they're viewed as irrelevant. It's a bit of a catch-22.
But does it matter? I think so. Ideally, local governments should be representatives of the community, sticking up for the people in it and connecting them. Now, I could go into why community is important, but that is long, involved, and largely irrelevant for what I want to discuss. For now, I'll just write under the assumption that community is important.
The other major issue with local government is that it seems so divorced from the lives of most people. How many people have actually gone to a town meeting when not required to? I've personally never had any desire to. Not only is it an inconvenience, but I honestly do not believe that my attendance will give me any real impact. I have no reason to believe that these politicians (and I say that with the utmost venom) care at all about my opinion. They've never given me reason to.
I must admit, there's the possibility that I have my head up my metaphorical ass. I'm the first to admit that I could be simply wrong, and perhaps there are quite a few people who care a lot about their community and are civic minded enough to dutifully attend most town meetings. But I've simply seen no evidence to that accord. Sure, I don't doubt there are some, however I'm willing to bet that the majority of people agree with me.
Why is that? Why does nobody care enough to act? Well, I'd be willing to bet that it's the same issues that plague all forms of government. People don't think their voices matter, they think that the politicians are in it for themselves, and most are blinded by partisan thought.
How do we break out of that? I see two main goals: community building and transparency. Community building is a goal for obvious reasons, though perhaps transparency could use some explanation. As it stands now, people largely view government as an opaque blob that tries to mandate from on high. People don't see where these laws are coming from or the thought processes behind them. As such, accountability is virtually nonexistent and bad politicians are allowed to continue.
With those two goals in mind, how do we change local governments? I personally see a huge opportunity for growth by embracing the power of modern connectivity. Now, what I don't mean is the crap that passes for most local government webpages at the moment. The best case scenario is something like Boston's website. Informational, useful, but still largely the "dictate from on high" mentality. There's either no real concern for the principles above, or no creativity in addressing them. I'd like to lean towards the latter, if only because I'm somewhat naive and I want to believe that people are trying their best.
So what specifically should we do? I'd like to see several things. The first major goal is the community aspect. I want to cover that first because the transparency (and other goals) will build upon that. To build community, we need to make people feel more involved, give them the impression that their opinion will be heard. The easiest way I see to do that is with something akin to a forum.
Now, I very specifically don't say a forum because that's only a small portion of it. Ideally, I'd like every citizen to have a real, government-sponsored online identity. Now, before anyone freaks, hear me out. This ID would be unique and verifiable, it would be your key to your local community site, and would have a significant amount of personal information. On a basic level, I see it containing your name, address, some form of unique ID (perhaps SSN, but those are already overused), community information, and a government provided email address. Sounds scary, I know. To help mitigate that, the vast majority of it could be easily hidden (in fact, hidden by default), and I would want the option of using a pseudonym. This would protect you from people who didn't like your ideas, but not from your ever-benevolent big brother.
Protection from above would be much trickier, and technologically more difficult. In principle, I would like this to have near-perfect freedom of speech, limited only by sane moderation to keep things civil. Open discussion is critical, and as such anything said should be protected from persecution or prosecution. If someone wanted to admit they were attracted to little children and it was relevant and added to the discussion, I'd say they should be encouraged and protected. Free speech is critical in an open society. To encourage this, we need a combination of policy and technological protections that I'm not really sure of yet. It's food for thought.
Putting aside the potential security and privacy issues, there are a lot of potential gains to this system. Each person would have a verifiable identity, so informal votes could be trusted. Each policy and upcoming bill should be open to vote, which should have some level of influence on the outcome (I'm undecided how much at the moment, but I would like some formal significance behind it). I'd like a commentary system to encourage discussion on all topics. Community moderation and meta-moderation would further increase involvement while decreasing the maintenance time needed from the government itself.
The site could include a multitude of other facets to the community aspect. I envision general forums, a Craigslist-like system, perhaps even careers pages like some cities already do. It should have IRC or something similar, easily accessible through a web interface (ideally without the use of any plugins, or options for several plugins, to increase the viability to everyone). This would be of primary use to allow people to chime in during town meetings and the like, but it could theoretically have channels open constantly.
This is where it starts to tie into transparency. Posting of transcripts of all events and meetings would be mandatory. All vote counts, budget changes, hiring decisions, everything the government does would be readily available. On a local level there is no reason for this to not be available. There's no state secrets, no defense issues, nothing that would justify keeping this out of the public eye.
Perhaps one of the most game-changing possibilities for this would be a government bill wiki. All bills would be posted to and edited on a wiki. This wiki would only be editable by those with the business doing so, obviously, so direct community involvement would be limited to discussion pages. The real benefit from this would be access monitoring. All edits would have a name associated with them, a name that could be verified and that person held accountable. Now, it would be possible to game the system slightly by forcing someone else to edit it for you, but that would really only be viable in the short run. After a while the trends would become visible, and accountability would continue. Ideally, I'd like that implemented on a national level. In the short run, though, it is immediately viable to local governments. This would prove its viability and it could then be pushed up the ladder.
There are plenty of other possibilities that I haven't touched on, but this is long enough for the moment. Perhaps later I'll add more. Thanks for reading.
Now, perhaps there is merit to that. Government should just keep things in order and stay out of the way. The problem with that line of thought, in my mind, is that it simply does not work that way. Local governments are tasked with maintenance, policing, etc, and often have little to no money to actually do what they are supposed to. They wind up doing the minimum amount required and can't raise taxes to compensate because they're viewed as irrelevant. It's a bit of a catch-22.
But does it matter? I think so. Ideally, local governments should be representatives of the community, sticking up for the people in it and connecting them. Now, I could go into why community is important, but that is long, involved, and largely irrelevant for what I want to discuss. For now, I'll just write under the assumption that community is important.
The other major issue with local government is that it seems so divorced from the lives of most people. How many people have actually gone to a town meeting when not required to? I've personally never had any desire to. Not only is it an inconvenience, but I honestly do not believe that my attendance will give me any real impact. I have no reason to believe that these politicians (and I say that with the utmost venom) care at all about my opinion. They've never given me reason to.
I must admit, there's the possibility that I have my head up my metaphorical ass. I'm the first to admit that I could be simply wrong, and perhaps there are quite a few people who care a lot about their community and are civic minded enough to dutifully attend most town meetings. But I've simply seen no evidence to that accord. Sure, I don't doubt there are some, however I'm willing to bet that the majority of people agree with me.
Why is that? Why does nobody care enough to act? Well, I'd be willing to bet that it's the same issues that plague all forms of government. People don't think their voices matter, they think that the politicians are in it for themselves, and most are blinded by partisan thought.
How do we break out of that? I see two main goals: community building and transparency. Community building is a goal for obvious reasons, though perhaps transparency could use some explanation. As it stands now, people largely view government as an opaque blob that tries to mandate from on high. People don't see where these laws are coming from or the thought processes behind them. As such, accountability is virtually nonexistent and bad politicians are allowed to continue.
With those two goals in mind, how do we change local governments? I personally see a huge opportunity for growth by embracing the power of modern connectivity. Now, what I don't mean is the crap that passes for most local government webpages at the moment. The best case scenario is something like Boston's website. Informational, useful, but still largely the "dictate from on high" mentality. There's either no real concern for the principles above, or no creativity in addressing them. I'd like to lean towards the latter, if only because I'm somewhat naive and I want to believe that people are trying their best.
So what specifically should we do? I'd like to see several things. The first major goal is the community aspect. I want to cover that first because the transparency (and other goals) will build upon that. To build community, we need to make people feel more involved, give them the impression that their opinion will be heard. The easiest way I see to do that is with something akin to a forum.
Now, I very specifically don't say a forum because that's only a small portion of it. Ideally, I'd like every citizen to have a real, government-sponsored online identity. Now, before anyone freaks, hear me out. This ID would be unique and verifiable, it would be your key to your local community site, and would have a significant amount of personal information. On a basic level, I see it containing your name, address, some form of unique ID (perhaps SSN, but those are already overused), community information, and a government provided email address. Sounds scary, I know. To help mitigate that, the vast majority of it could be easily hidden (in fact, hidden by default), and I would want the option of using a pseudonym. This would protect you from people who didn't like your ideas, but not from your ever-benevolent big brother.
Protection from above would be much trickier, and technologically more difficult. In principle, I would like this to have near-perfect freedom of speech, limited only by sane moderation to keep things civil. Open discussion is critical, and as such anything said should be protected from persecution or prosecution. If someone wanted to admit they were attracted to little children and it was relevant and added to the discussion, I'd say they should be encouraged and protected. Free speech is critical in an open society. To encourage this, we need a combination of policy and technological protections that I'm not really sure of yet. It's food for thought.
Putting aside the potential security and privacy issues, there are a lot of potential gains to this system. Each person would have a verifiable identity, so informal votes could be trusted. Each policy and upcoming bill should be open to vote, which should have some level of influence on the outcome (I'm undecided how much at the moment, but I would like some formal significance behind it). I'd like a commentary system to encourage discussion on all topics. Community moderation and meta-moderation would further increase involvement while decreasing the maintenance time needed from the government itself.
The site could include a multitude of other facets to the community aspect. I envision general forums, a Craigslist-like system, perhaps even careers pages like some cities already do. It should have IRC or something similar, easily accessible through a web interface (ideally without the use of any plugins, or options for several plugins, to increase the viability to everyone). This would be of primary use to allow people to chime in during town meetings and the like, but it could theoretically have channels open constantly.
This is where it starts to tie into transparency. Posting of transcripts of all events and meetings would be mandatory. All vote counts, budget changes, hiring decisions, everything the government does would be readily available. On a local level there is no reason for this to not be available. There's no state secrets, no defense issues, nothing that would justify keeping this out of the public eye.
Perhaps one of the most game-changing possibilities for this would be a government bill wiki. All bills would be posted to and edited on a wiki. This wiki would only be editable by those with the business doing so, obviously, so direct community involvement would be limited to discussion pages. The real benefit from this would be access monitoring. All edits would have a name associated with them, a name that could be verified and that person held accountable. Now, it would be possible to game the system slightly by forcing someone else to edit it for you, but that would really only be viable in the short run. After a while the trends would become visible, and accountability would continue. Ideally, I'd like that implemented on a national level. In the short run, though, it is immediately viable to local governments. This would prove its viability and it could then be pushed up the ladder.
There are plenty of other possibilities that I haven't touched on, but this is long enough for the moment. Perhaps later I'll add more. Thanks for reading.
Monday, May 17, 2010
Hello World!
#include <stdio>
Hi! I'm Ben, and I'll be your blogger today... Hrm, that doesn't quite seem right. Moving on...
I guess I should finish introductions, at least. As I said, I'm Ben, and I'm a Computer Engineer by education (though not by trade, and given the current economy I have no idea how long that will take). I am a dabbler by nature, and I try a lot of different things, though I usually don't have the attentiveness to get truly good at anything. There's really nothing for me to say to distinguish myself from the horde of other recently graduated college students. I can't really think of much that I've done to make that kind of distinction. It's hard enough for me to sell myself to potential employers and I do so detest the practice, so I'm certainly not going to do it here. And now I'm rambling, hence the title.
...
So here I am. I'm not really sure where I got the idea to start a blog, and I'm honestly still not sure what I'll do with it. If anyone manages to actually find this, I'll be surprised. Even more so if anyone actually cares (well, aside from one specific person, and you know who you are). I tend to have a hard time putting myself out there and actually speaking up in the world, so here's hoping that this will help somewhat. Maybe I'll make use of this and get into it. Maybe not. I'm not even sure if I'll ever post anything else. I hope I will, but putting myself out there like this doesn't exactly come naturally.
I plan on posting something else soon, but I'm not sure what. Time will tell.
Subscribe to:
Posts (Atom)