Sunday, May 22, 2005

funding the future

Mark Kleiman writes
the government could fund Social Security by paying down enough of its publicly-held debt now, while the OASDI surpluses are rolling in, to be in a good position to borrow later, when OASDI is running deficits. That's not technically "funding," but it's the functional equivalent, just as a family can save by paying down its mortgage.
I don't think future retirement funding can be analyzed in purely financial terms, and I don't think the family analogy applies.

The problem with analyzing the future economy in purely financial terms is that money is only a call on future goods and services. The root cause of the Social Security "crisis" is that we will have more retirees per capita in the future than we have today. There will be fewer people producing goods and services, and more people consuming them. Saving money won't help that, it only means that there will be more money chasing that production, a good recipe for inflation.

Contrast this with the family mortgage. When a family pays down a mortgage, enabling future borrowing against their house, they're preparing to call on resources outside the family. If they later take out a loan, the money they obtain can be used to draw on production outside the family. By saving (whether by reducing debt or increasing assets), they increase their access to production. When we all (as embodied by the government) create or retire debt to ourselves, it doesn't change our ability to call on the resources of others.

Not all of the government's debt is owed to ourselves, of course. A lot of it is held by foreign investors and foreign governments. If we were to pay that down, we might indeed be able to cash in our advantageous financial position to ease the demographic burden. The problem there, however, is not the government budget, but the trade deficit. When we run trade deficits (as we've done for decades), those who sell to us goods reinvest the money we send them in our economy. If we refused to sell them government bonds (by running budget surpluses, for example), they'd be forced to buy stocks, real estate, etc. Either way, the more we sell today, the less we'll have to sell tomorrow. The national equivalent of paying down the mortgage would be running trade surpluses: accepting fewer goods from abroad today so that we'll have the resources to get the goods we need tomorrow. I don't see any sign of that happening.

What other alternatives are there?

We could invest today in the things we'll need tomorrow. That's a nice thought, but private investment today would chase today's returns, meeting the needs of today's society rather than the need's of tomorrow's aging society. Retirement housing seems like a fairly safe long-term bet, for example, but consider the difficulty of building retirement housing today, intending it to sit idle until it's needed. Medical systems would be even more difficult to pre-build because of the strong likelihood that they'll be obsolete by the time they're needed. It's difficult even to pre-train medical staff with an aging focus without patients to pay their salaries or provide them with experience. In a market economy, demand creates supply and supply nearly always trails demand. Why would the infrastructure to meet the needs of an aging society be any different?

We could try to reduce the trend towards inequality in income distribution. I wrote about this in detail months ago. The loss in productivity (and the implied loss in consumable goods and services) are roughly equal to the income shifted to the wealthiest of society over the last 20-30 years, and occurs over the same time period. Perhaps we can address tomorrow's problems by reversing the trend.

We could try to eliminate the demographic bubble by importing workers, skilled ones if we can't educate enough of our own to fill the skilled positions. This probably isn't practical due to the sheer scale of the problem. Even if it were, some of the trends in this area are worrisome. The easiest way to import skilled workers, after all, is to bring them here for graduate school and get them to stay. Over the last few years, foreign enrollment in grad schools has fallen.

Modest increases in the retirement age would eliminate the problem at a fiscal level, but would create inequities in fields where sixty-five is already old. Social Security isn't free of such problems today, but that's not a reason to make the problem worse.

Any others come to mind?

Monday, May 16, 2005

tribalism and democracy, red and blue

Elections don't seem to have solved everything in Iraq. As a sign of how bad things are, consider that officials are trying to reassure people by downplaying "the possibility of outright sectarian war — characterizing some of the recent violence as tribal feuds..." It's not (yet) a sectarian civil war, merely violent anarchy. Quite reassuring.

Long-time readers of this blog will remember my befuddlement when the world celebrated the Iraqi elections as the dawn of a new nation, and my bemusement at the silence of the blogs. I won't claim to have foreseen today's problems, but I couldn't figure out how an election without Sunni participation would strengthen the country. The possibility that it would leave the Sunnis more isolated and alienated than before seemed equally likely.

But of course, I didn't see any evidence that Saddam was about to engage in undeterrable nuclear blackmail. I didn't even see compelling evidence of WMDs.

Meanwhile, back in the homeland, Newsweek prints some old news and gets blamed for starting riots. "Newsweek Lied, People Died" rings out across the blogosphere. August Pollack notes that, "This isn't even not caring. It's beyond not caring. It's taking pride in not caring."

He's right, of course. It's important to take pride in your team/tribe. That which makes our team strong is good. That which makes our team weak is evil. These days, however, the team isn't the country, it's a color. Are you red or blue?

Tuesday, May 10, 2005

secure elections, electronically

At eschaton, avedon writes
I join with tech-savvy supporters of democracy everywhere in saying that there is only one appropriate means of making elections secure: Paper ballots, hand-counted on the night, in public.

I hope it doesn't disqualify me as tech-savvy, but I think there are ways to make e-voting more secure, reliable, and open than paper voting. The problem with today's e-voting systems is not that they're electronic, but that they're black boxes. The vote enters the box and disappears. It doesn't have to be that way.

To avoid fraud, a voting system needs to be auditable. Ballots, once cast, must be retrievable. Their content must be tamperproof. Ideally, any voter should be able to check whether their ballot has been counted and counted correctly. Paper ballots achieve the first of these, but as the Florida chads showed, they don't achieve the last two.

Non-secret ballots achieve all three. Voters cast ballots, and since the association between voter and ballot remains, voters can themselves audit the results of elections. They can see their ballots as well as everyone else's. Tampering with votes is nearly impossible (no one ever worries about voter fraud in Congressional votes). Intimidation and retribution, unfortunately, are not.

Suppose, however, that a voting system could be designed that assured privacy, while making ballots themselves public and allowing individuals to audit their votes. Such a system would be strongly resistant to tampering, even if electronic. An electronic system would, in fact, make tampering more difficult by making it easier for more voters to verify their votes. If half the population did so, tampering with a single vote would lead to detection half the time.

What might such a system look like? Let's start with the ballot itself. A ballot is a series of boxes, some checked, some not. A ballot with 100 candidates and 50 propositions (I live in california) has 200 boxes, each with a potential value of 1 or 0. A 200-digit binary number. 25 bytes. In the 2004 presidential election, about 120 million votes were cast. That's 3GB without compression, or about one DVD's worth. Most ballots would be significantly smaller. Any state election would fit on a CD-ROM. Any county's results could be downloaded quickly over the net.

Those are, of course, only the ballots themselves, not the identifiers that would allow voters to verify their results. How would those come to be? Here, things start to get a bit technical.

How would voters verify that their ballot is in the public record? Give each voter a secret key. When they vote, combine that key with the ballot and pass the resulting string of digits through a cryptographic hash function. One key property of such functions is that it is extremely difficult to generate a given hash result without knowing the hash inputs, making it infeasible to generate a pair for a particular voter without access to the key. Append the result of that hash function (not the key) to the ballot. Hash values used for such verification purposes are commonly referred to as digital signatures. Voters wishing to verify that ballots with their choices and their key are in the database can do so by locating ballots with their signature. They can also verify that their key has not been used only once.

Since every ballot can be (at least potentially) verified and the total number of ballots must match the voter rolls (the same mechanism we use today) attempts to change results run a high risk of detection. In a 10,000 voter election where only 1% of voters verify their ballots, an attempt to move results by 1% would be detected about two-thirds of the time, and the detection rate rises dramatically with increases in either the rate of ballot checking or the number of voters in the election.

So, what would be the problems with an approach like this? The main ones appear to be false attacks on the integrity of the system, and the initial verification and distribution of completed ballots. When any voter can challenge the accuracy of an election by claiming that a valid ballot hasn't been counted, it is important to ensure that their claims can be verified, that they did in fact cast the ballots they claim are missing. Ballot verification and distribution is important because the "ballot" the voter will take home is merely a long number. Voters will not be able to look at the number and determine whether it accurately reflects their votes, nor will they be able to remember the number for later verification.

The same technique used to verify that a ballot exists can be used to prevent false attacks on election results. Voters add signatures to their ballots so that they can verify that ballots they created are in fact recorded properly. The voting system can add signatures to ballots to ensure that ballots voters present for verification do in fact represent votes cast. In this case, since the key used to mark ballots valid must remain private, but it should be possible for anyone to verify a ballot, the signature should be based on a public key system.

Completed ballots can be distributed to voters using any printer and verified using digital scanners, the same techniques used today when people print movie tickets or airline boarding passes at home. Such systems encode a number in machine readable form, then validate that number when the ticket or pass is presented. In the voting case, the printed ballot could be verified by a scanner and the results checked by the voter, before the voter left the polling place.

One objection to a system of this type is that the anonymity of voting might be degraded. While the system itself keeps ballots anonymous, voters can reveal votes themselves, raising the prospect of vote selling or intimidation. While this is a legitimate concern, it should be recognized that this prospect exists in any system where monitors do not verify the secrecy of the voting process. Any system that allows people to vote from their homes, for example, allows people to reveal their votes to third parties. Even systems where people cast ballots in carrels then carry them to vote readers allow some amount of vote sharing.

Nowhere in this discussion have I described the security of the voting machines themselves. Instead, the goal has been to make the integrity of the overall system as independent as possible from the integrity of the voting machines. Instead of attempting to verify that a voting machine correctly records a voter's intent, for example, verification occurs externally, using an independent system. Verifiers could, for example, be provided by independent election monitors rather than those in charge of the election.

Is this a complete solution? No. Distribution of secret keys to voting machines for the purposes of signatures is a potential problem. Are there holes? Almost certainly. I've never seen a communication protocol that achieved security without extensive review. A system based on open protocols and public records, however, can get that review. The closed, secretive systems being deployed today cannot.

Wednesday, May 04, 2005

the FEC vs the internet

Atrios writes, wrt FEC blogging regulation:
It's ridiculous that some people desire that a medium which requires no money in which to participate - for which there are no real gatekeepers - be effectively more regulated than radio/tv/print/etc.

but it seems to me that adding gatekeepers is precisely the point. In traditional media, the first gatekeeper is cost of access. That keeps out the riff-raff. Once the riff-raff have been excluded, regulators try to maintain some order among those that remain, as much for their benefit as anyone else's. When you remove the initial barrier, the entire system breaks down. The biggest losers are the ones who dominate traditional channels, and since regulations exist for their benefit...