Secondary thoughts on working yet another primary election

Tuesday had a lot in common with the four days I spent last year working as an election officer for Arlington County. Just as in March, June, July and then November, I staggered through a sleep-deprived day that started with a 5 a.m. arrival at the polling place and didn’t end until around 8:30 p.m. As in all of those elections except last March’s Democratic presidential primary, the day left me with a fair amount of downtime to fill with reading a book and chatting with my fellow poll workers. And once again, it felt deeply fulfilling to help my fellow citizens do their part to hire candidates for temporary, taxpayer-funded jobs.

Lillies bloom in the foreground, while the background shows election signs in front of a community center in Arlington, Va.

But since November 3, the subject of election security–a topic I’ve been covering on and off for most of the last two decades–has fallen prey to fever-dream conspiracy theories among Donald Trump followers who refuse to believe that the former president was fired by the largest electorate in American history.

I am tempted to give this post over to yet another rant denouncing those advocates of Trump’s Big Lie–as well as the sedition sympathizers in Congress who kept pandering to those dead-enders after the deadly riot at the Capitol January 6.

But instead, I will talk about my workday Tuesday. Here are some things you should know about how we did our part in Virginia’s primary elections, which I hope map with how elections are run wherever you may read this:

• Trust paper. Arlington uses hand-marked paper ballots that each voter feeds into a scanner that will read the ballot if it’s upside-down, right-side up, forwards or backwards. (We also have ballot-marking devices for voters with disabilities.) That paper trail then becomes part of the risk-limiting audit that Virginia now conducts after each election; the audit run after November’s election (but not reported out until March) confirmed that the votes as scanned accurately recorded how people marked their ballots. If your state is among the minority to still use “direct-recording” machines that leave no paper trail (hello, Texas), direct your ire at the elected officials who haven’t fixed that problem.

• Don’t confuse voter identification with TSA Pre. I checked in one voter who did not have a Virginia driver’s license but did appear in our poll-book app as a registered voter, and I saw other voters show up with the same scenario. That was understandable, as the Virginia DMV is struggling to catch up with a pandemic-inflicted backlog. It would be unconscionable to kick those people out of polling places when one government bureaucracy can’t issue ID cards fast enough while another has already confirmed their eligibility. I should note here that this voter brought their voter registration card; should you get stuck in this situation, bringing that other piece of paper will save a tired poll worker a little time.

• Expect software to fail; design for resilience. The most reassuring paper product I saw Tuesday was the printout of the entire pollbook for our precinct, which meant that we did not have to rely on our pollbook app to stay up all day. Fortunately, that software did work, by which I mean it functioned aside from the feature that was supposed to scan the bar code on the back of a Virginia driver’s license but instead failed at least nine out of 10 times in my experience.

• Check everything at least twice. My day started with opening packs of ballots and counting them, 10 at a time. Each shrink-wrapped pack should have held 100 ballots and did, but we checked that anyway–so that there would be no discrepancy between the number of ballots handed out and the number of voters checked in. We also verified each total at the end of every hour; each time, there was no surplus of voters or ballots. And then we made one last check after polls closed to confirm that we had handed out exactly one ballot per voter.

If the above sounds inefficient, you read this right. Election administration has to suffer some inefficiency to accommodate the conflicting demands of allowing voters secret ballots and yielding an auditable paper record. Deal with it.

Google’s useless-to-the-self-employed “External” label: another tiny bit of freelancer erasure

The Gmail app on my phone and in my browser looks a lot more yellow when I switch to my work account, and it’s all Google’s fault. Sometime in the last week or so, Google began slapping an “External” label in a shade of deep yellow on every message sent from somebody not in my organization.

Which, since I am self-employed, constitutes the rest of the population of Earth, plus every bot and script capable of sending me e-mail. Google describes the security measure it began enforcing in late April for Google Workspace accounts–the business accounts it once gave away for free as Google Apps, then turned into a paid service in 2012, then renamed to G Suite in 2016, and then renamed once again in 2020 to Workspace–as its way to help employees “avoid unintentionally sharing confidential information with recipients outside of their organization.”

Photo shows a spam message purporting to be from Comcast with Gmail's yellow "External" label, as seen on a Pixel 3a phone in front of graph paper.

But for solo practitioners who have no employees, it’s useless. It cannot teach me anything except that even when self-employed, I can still fall victim to IT department control-freakery–and that freelancers remain invisible to many business app and service developers.

(Fun fact about the obvious phishing message in the image here: Gmail’s spam filter did not catch it.)

A support note from Google indicates that Workspace users can turn off this warning. It does not explain why I don’t see that in my own admin console. But in a Reddit thread–once again, that site proved to be an underrated source of tech supportanother Workspace user said legacy free accounts don’t get that opt-out. A frequent Twitter correspondent with a grandfathered free account has since confirmed that he doesn’t have this setting either.

I suppose Google would like me to upgrade to a paid account, but I’m already paying: $19.99 a year for 100 GB of storage. The cheapest Workspace plan would only give me 30 GB and cost almost four times as much. Since Google apparently can’t be bothered to document this new limit to free accounts, the answer there is a hard nope.

All the time I’ve sunk into investigating this problem has not, however, been without benefits. Thanks to some hints from my fave avgeek blogger Seth Miller, I figured out how to disable the also-useless default warning about replying to external e-mails. To do that, sign into your admin console’s apps list page, click Calendar, click its “Sharing Settings” heading, click the pencil icon that will appear to the right of “External Invitations,” click to clear that checkbox, and click “Save.”

Although Calendar is clearly not Gmail, this settings change seems to apply in the mail app too. At some point while I was futzing around with Workspace settings, I also found an off switch for the comparable warning about sharing Google Docs with outsiders–but now I can’t find it, so maybe that opt-out is now yet another feature reserved for paying users but not documented accordingly.

Smartphone spring cleaning: delete some apps, pay for others

By keeping me at home for so much of the past year, the pandemic has prolonged the life of my 2019-vintage Pixel 3a phone to an unnatural degree. But the cushy, stay-home lifestyle this Android device has enjoyed has not prevented one sign of smartphone age: a dwindling amount of available storage.

The easiest way to free up a bunch of space is to get rid of apps you haven’t been using. In any version of Android, the Play Store should let you sort your list of installed apps by when they were last used, but the current Android 11 provides a more direct reminder: If you don’t use an app for long enough, the system will automatically reset its permissions to zero.

Screenshot of Android's list of apps with automatically-removed permissions

The resulting lists of apps with removed permissions reminded me of how long I’d used a bunch of travel apps, but they’ve also spotlighted apps that I had lost interest in using even before the pandemic.

But as I’ve been removing various apps from smartphone, I’m also not only adding some but paying for them.

That’s not a matter of storage space but privacy. As I’ve realized in covering privacy fears over phone apps–as in, the evidence-starved assertion that TikTok is uniquely dangerous–ad-supported apps can allow for the collection and subsequent resale of more data than you might imagine.

The simplest way to solve that concern is to pay for the app–either by upgrading to an ad-free version with in an-app payment (as I did last year with Flightradar24), or by switching to a competing app if the title in question doesn’t allow that option.

And that’s why I finally have a new weather app: After years of relying on Yahoo Weather and then starting to get grumpy over the space devoted in its interface to ads, I finally deleted it. In its place, I installed Today Weather, the pick of multiple reviewers, and then paid the $6.99 lifetime fee for ad-free operation with premium features enabled. Now I have a better set of forecasting tools without any ads and the tracking that goes on behind them.

And yes, this app takes up about a third of the space than Yahoo Weather did. On an aging device like my Pixel 3a, every little byte counts.

My next Mac desktop needs one more thing…

It’s early days, as they say in tech, but Apple’s switch from Intel processors to chips built to its own designs on the ARM architecture seems to be working far better than I expected in June.

Reviews of the opening round of “Apple silicon” Macs have consistently applauded how amazingly fast they are–even when running Intel-coded software on Apple’s Rosetta 2 emulation layer. Witness, for example, Samuel Axon’s glowing writeup of the reborn Mac mini at Ars Technica.

Have I mentioned that I’m typing this post on a 2009-vintage iMac?

Having Apple finally update the desktop Mac that would best fit my circumstances–I don’t want to buy another all-in-one iMac, because a separate monitor would be far more useful over the long run–gets my interest. Knowing that this updated Mac mini would run dramatically faster than the previous model intrigues me even more.

But am I ready to pay $1,099 for a Mac mini ($699 plus $400 to upgrade from an inadequate 256 gigabytes of storage to 1 terabyte)? Not yet. Not because of any hangups over buying the 1.0 version of anything, and not because Apple still charges too much for a realistic amount of storage. Instead, I want this thing to include one more thing: a Touch ID button.

The fingerprint-recognition feature that Apple added to its laptops years ago would not only spare me from typing the system password every time I woke the computer from sleep, it would also relieve me from typing the much longer password that secures my 1Password password-manager software. I’ve gotten used to that combination of security and convenience on my HP laptop, where the Windows Hello fingerprint sensor reliably unlocks 1Password. The idea of buying a new Mac without that feature is maddening.

(I know I could get an Apple Watch and use that to unlock the computer. But then I’d also need an iPhone, and switching smartphones and incurring at least $800 in hardware costs to address Apple’s lack of imagination strikes me as idiotic.)

I would like to think that Apple will remedy this oversight with the next update to the Mac mini. But I also thought adding Touch ID would be an obvious addition to desktop Macs two years ago. Unfortunately, large tech companies have a way of ignoring what can seem unimpeachable feature requests–see, for instance, how Microsoft still won’t add full-disk encryption to Windows 10 Home or simply add time-zone support to Win 10’s Calendar app.

So I might be waiting a while. I do know I’ll be waiting until at least January even if Apple ships a Touch ID-enhanced Mac mini tomorrow–so I don’t get dinged for my county’s business tangible property tax on the purchase until 2022.

Is it iPadOS 14 or iPadOS 13.8?

It’s been almost a month since I installed iPadOS 14 on my iPad mini 5, and not much about my tablet-computing experience since has reminded me of that.

Why? Compare Apple’s list of new iPadOS 14 features with its brag list for iOS 14: Apple tablets don’t get home-screen widgets or the App Library, even though their larger displays might better fit those interface changes. Apple’s new Translate app, a privacy-optimizing alternative to Google’s? iPhone only for now. Even emoji search in the keyboard is confined to Apple’s smaller-screen devices.

Like earlier iPad releases, iPadOS 14 omits the basics of weather and calculator apps. I guess Apple still couldn’t find a way “to do something really distinctly great,” as its software senior vice president Craig Federighi told tech journalist Marques Brownlee in the least-persuasive moments of a June interview.

There’s also still no kid’s mode that would let a parent hand over their iPad to a child and have it locked to open only designated apps. The continued absence of this fundamental feature–even the Apple TV supports multiple user accounts!–is especially aggravating after so many American parents have spent the last eight months mostly cooped up at home with their offspring.

Apple did add a bunch of fascinating new features in iPadOS 14 for Apple Pencil users–but my iPad mini 5 and my wife’s iPad mini 4 don’t work with that peripheral.

This new release has brought lesser benefits that I do appreciate. Incoming calls in FaceTime, Google Voice, and other Internet-calling apps now politely announce themselves with a notification at the edge of the screen instead of indulging in the interface misanthropy of a full-screen dialog, and Siri shares this restraint with screen real estate. Safari catches up to Chrome by offering automated translation of their text and surpasses Google’s browser with a privacy-report summary, both available with a tap of the font-size button. I can finally set default mail and browser apps–but not navigation, the area in which Apple remains farthest behind Google. And a set of new privacy defenses include the welcome option of denying an app access to my precise location.

But as nice as those things are, they don’t feel like the stuff of a major annual release–more like the pleasant surprises of an overperforming iPadOS 13.8 update. And they certainly don’t square with what you might reasonably expect from a company that reported $33.4 billion in cash and cash equivalents on hand in its most recent quarter.

My fellow Virginians, please install the COVIDWISE app. Now, thank you.

As the United States continues to flail away at the novel-coronavirus pandemic, my part of it has done one thing right. Wednesday morning, Virginia’s Department of Health launched COVIDWISE–the first digital contact-tracing app shipped in the U.S. on the privacy-optimized Exposure Notifications framework that Apple and Google co-developed this spring.

What that means is that COVIDWISE, available for iPhones running 13.5 or newer and most Android phones running Android 6.0 or newer, requires none of your data–not your name, not your number, not your e-mail, not even your phone’s electronic identifiers–to have it warn that you spent a sustained period of time close to somebody who has tested positive for COVID-19.

COVIDWISE and other apps built on the Apple/Google system instead send out randomized Bluetooth beacons every few minutes, store those sent by nearby phones running these apps, and flag those that indicate sufficiently extended proximity to allow for COVID-19 transmission as doctors understand it. That’s the important but often misunderstood point: All of the actual contact matching is done on individual phones by these apps–not by Apple, Google or any health authorities.

If a user of COVIDWISE tests positive and alerts this system by entering the code given them by a doctor or test lab into this app, that will trigger their copy of the app to upload its record of the last 14 days of those flagged close contacts–again, anonymized beyond even Apple or Google’s knowledge–to a VDH-run server. The health authority’s server will then send a get-tested alert to phones that had originally broadcast the beacons behind those detected contacts–once the apps on those devices do their daily check-ins online for any such warnings.

The U.S. is late to this game–Latvia shipped the first such app based on Apple and Google’s framework, Apturi Covid, in late May. In that time, the single biggest complaint about the Apple/Google project from healthcare professionals has been that it’s too private and doesn’t provide the names or locations that would ease traditional contact-tracing efforts.

I’m not writing this just off reading Apple and Google’s documentation; I’ve spent a lot of time over the last two months talking to outside experts for a long report on digital-contact-tracing apps. Please trust me on this; you should install COVIDWISE.

Plus, there’s nothing to it. The pictures above show almost the entire process on my Android phone: download, open, tap through a few dialogs, that’s it. At no point did I have to enter any data, and the Settings app confirms that COVIDWISE has requested zero permissions for my data. It uses the Bluetooth radio and the network connection; that’s it, as I’ve confirmed on two other Android phones.

If I’m curious about how this app’s working, I can pop into Android’s Settings app (search “COVID” or “exposure”) to see when my phone last performed an exposure check. But I don’t expect to get any other sign of this app’s presence on my phone–unless it warns me that I stood too close to somebody who tested positive, in which case I may not enjoy that notification but will certainly need it.

Updated 8/6/2020 with further details about the app’s setup and operation.

Warning: Election work may be habit-forming

For the third time this year–and the second time in three weeks–I woke up at 4 a.m. to start a workday that wouldn’t end until after 8 p.m.

I had thought at the time that the almost 16 hours I spent March 3 staffing the Democratic presidential primary would be my one-and-done immersion in the field. I’d learned firsthand about voter identification rules, the importance of a simple paper-ballot user experience, and the intense care taken to verifying the process and the results, and a second round didn’t seem that it could teach me much more.

But then the novel-coronavirus pandemic led many older poll workers to opt out, while my freelance work has yet to fill up my schedule in the way it did a year ago. After reading enough stories about electoral debacles in other states, I had to re-up when my precinct chief e-mailed to ask if I could work the June 23 Republican primary and the July 7 special election to fill an Arlington County Board seat.

I also figured that I wouldn’t see much of a crowd on either day. That was especially true for the GOP primary, when only 41 voters showed up (all of whom I appreciated for doing so) for the election that determined Daniel Gade would run against Sen. Mark Warner. I was glad that I’d brought a book to read, and that my colleagues for the day proved to be good company.

Tuesday saw 114 voters cast ballots to help put Takis Karantonis on the County Board. It also featured better protective gear for poll workers, in the form of comfortable cloth face masks with nicely-official-looking “Election Officer” labels as well as acrylic shields for the poll-book workers checking in voters.

Tuesday was also the last election to feature the photo-ID requirements that the General Assembly repealed this spring. This time, with voters consistently wearing their own masks, looking at tiny black-and-white thumbnail portraits on driver’s licenses was even more of a formality compared to the older and simpler method of asking each voter to state their name and address and then matching that to their entry in the poll book.

One of the other people working this election made a point of saying “see you in November!” to each voter. The resulting enthusiastic responses ranged from “You bet!” to “hell yes” to “I’ll be here at 4 a.m.”

That’s going to be a big deal and a lot of work. Friday morning, the precinct chief e-mailed Tuesday’s crew to thank us for the work and express his hope that we’d be on to help with the general election in November… and, yes, I think I see where this is going for me.

Things I learned from working a primary election

After more than 15 years of writing about voting-machine security, I finally got some hands-on experience in the field–by waking up at 4 a.m. and working a 16-hour day.

I’d had the idea in my head for a while, thanks to frequent reminders from such election-security experts as Georgetown Law’s Matt Blaze that the best way to learn how elections work is to work one yourself. And I finally realized in January that I’d be in town for the March 3 Democratic primary and, as a self-employed type, could take the whole day off.

I applied at Arlington’s site by filling out a short form, and about two hours later got a confirmation of my appointment as an election officer. (My wife works for Arlington’s Department of Technology Services but has no role in election administration.) A training class Feb. 11 outlined the basics of the work and sent me home with a thick binder of documentation–yes, I actually read it–and on March 3, I woke up two minutes before my 4 a.m. alarm.

After packing myself a lunch and snacks, as if I were going to grade school, and powering through some cereal, I arrived at my assigned polling place just before the instructed start time of 5 a.m. I left a little before 9 p.m. Here are the big things I learned over those 16 hours:

  • Yes, having people fill out paper ballots and scan them in works. I saw 500-plus voters do that while I tended the scanner in the morning, and none had the machine reject their ballot. There was confusion over which way to insert that ballot, but the scanner accommodated that by reading them whether they were inserted upside down, right-side up, forwards or backwards. (I wish more machines were that tolerant of human variances in input.) And at the end of the day, we had a box full of ballots that will be kept for a year.
  • The technology overall appeared to be of higher quality than the grotesquely insecure, Windows-based Winvote touchscreen machines on which I voted for too many years. This scanner was an offline model running a build of Linux, while the poll-book apps ran on a set of iPads.
  • The “vote fraud” rationale for imposing photo ID requirements is not only fraudulent, but photo IDs themselves are overrated. The state allows a really broad selection of public- and private-sector IDs—unavoidable unless you want to make it obvious that you’re restricting the franchise to older and wealthier voters—and our instructions required us to be liberal in accepting those. I didn’t see or hear of anybody getting rejected for an ID mismatch. (The one surprise was how many people showed up with passports; I quickly grew to appreciate their larger color photos over the tiny black-and-white thumbnails on drivers’ licenses.)
  • Asking people to state their name and address, then matching that against voter-registration records, does work. That also happens to be how voter check-in used to work in Virginia before Republicans in the General Assembly shoved through the photo-ID requirement that’s now been reversed by the new Democratic majority in Richmond.
  • You know who really loves high turnout? Election officers who otherwise have some pretty dull hours in mid-morning and then mid-afternoon. At one point, the person in charge of the ballot scanner busied himself by arranging stickers into a bitmapped outline of Virginia, then added a layer of stickers on top of that to represent I-95 and I-66. Fortunately, precinct 44 blew away past primary-turnout records with a total of 1,046 in-person votes.
  • The attention to detail I saw was almost liturgical. Every hour, the precinct chief did a count of voters checked in and votes cast to ensure the numbers matched; every record was done in at least duplicate; every piece of paper was signed by at least two election officers, and the overall SOR (statement of results) bore the signatures of all eight of us. We closed out the night by putting documents and records in specified, numbered envelopes, each locked with a numbered zip-tie lock; each number was recorded on a piece of paper on the outside of each envelope that was itself signed by two election officers.
  • Serving as an election officer isn’t physically demanding work, but it does make for a long day. We did have coffee delivered, but it didn’t arrive until 9 a.m., and nobody had time for dinner during the rush to close out things after the polls closed.
  • It’s also not the most lucrative work ever. My paycheck arrived Friday: $175, amounting to an hourly wage of $10.94. The value of seeing the attention paid to make democracy work and then watching more than a thousand people show up to exercise their rights: priceless.

Updated 3/23/2020 to fix some formatting glitches.

Android 10 first impressions: location, location, no you can’t have my location

A dozen days after installing Android 10 on my Pixel 3a, this operating-system update’s major accomplishment has been helping me to chain down a bunch of my apps.

That’s good! The location-privacy improvements in Android 10–starting with the ability to deny an application access to your location when it’s not running in the foreground–more than justify the roughly seven minutes I spent installing this release.

I expected that after seeing Google’s introduction of Android 10, then named Android Q, at Google I/O this May.

But I didn’t know then that Android would actively warn me when individual apps checked my whereabouts when I wasn’t running them, in the form of “[App name] got your location in the background” notifications inviting me to take the background-location keys from that app.

I was already planning on limiting most of the apps on my phone to foreground location access only, but these reminders have sped up that process and helped spotlight the more obvious offenders. (Facebook Messenger, go sit in the corner.) This is an excellent case of Google borrowing from Apple.

There’s much more that’s new in Android 10–if you’re curious and have an hour or so free, Ron Amadeo’s novella-length review at Ars Technica exceeds 2,000 words on the first of nine pages–but its other changes have made less of a difference in my daily use.

• The battery, WiFi and signal-strength icons are now simple outlines, and when swiped down the notifications area shows your remaining battery life in human language instead of a percentage: “1 day, 2 hr.” Less attractive: The text of notifications doesn’t appear in Android’s usual Roboto font, which bugs me to no end.

• The array of icons in the share sheet no longer painstakingly paint their way onto the screen. And the one I employ most often–the copy-to-clipboard icon–always appears first and at the top right of this list.

• The switch to gesture navigation (for instance, swiping up to see all open apps) hasn’t been as confusing as I’d feared… because Android 10 didn’t touch my previous “2-button navigation” system setting, which keeps the back and home buttons one swipe away. I guess I should try the new routine now.

• I still think dark mode is an overrated concept, having had that as my everyday screen environment on too many DOS PCs, but I get that it can be less distracting at night. And on phones with OLED screens, dark modes also extend battery life. So now that dark theme is a supported Android feature–hint, edit your Quick Settings sheet to add a “Dark theme” tile–I would like to see more apps support it. Starting with Google’s own Gmail.

Finally, I have to note that my phone has yet to crash or experience any impaired battery life since updating it to Android 10. I hope I didn’t just jinx this update by writing the preceding sentence.

 

This is the most interesting conference badge I’ve worn

LAS VEGAS–I’ve spent the last two days wearing a circular circuit board topped with a slab of quartz, which is not just normal but required behavior to attend the DEF CON security conference here.

DEF CON 27 badgeI had heard upfront that DEF CON badges–available only for $300 in cash, no comped press admission available–were not like other conference badges. But I didn’t realize how much they differed until I popped the provided watch battery into my badge (of course, I put it in wrong side up on the first try), threaded the lanyard through the badge, and soon had other attendees asking if they could tap their badges against mine.

These badges designed by veteran hacker Joe Grand include their own wireless circuitry and embedded software that causes them to light up when held next to or close to other badges. As you do this with other attendees of various classes–from what I gathered, regular attendees have badges with white quartz, press with green, vendors with purple, and speakers with red–you will unlock other functions of the badge.

What other functions, I don’t know and won’t find out, as I’m now headed back from the event. That’s one way in which I’m a DEF CON n00b, the other being that I didn’t wear any other badges soldered together from circuit boards, LEDs and other electronic innards.

(Update: Saturday evening, Grand, aka “Kingpin,” posted detailed specifics about his creation, including source code and slides from a talk I’d missed.)

You might expect me to critique the unlabeled DEF CON badge for flunking at the core task of announcing your name to others, but forced disclosure is not what this event is about–hence the restriction to cash-only registration. And since I have mini business cards, this badge met another key conference-credential task quite well: The gap between the circuit board and the lanyard was just the right size to hold a stash of my own cards.