Dartmouth College is run by computers. No matter how many times I was told this as a prospective just about a year ago, I never fathomed the role technology plays on this campus until I became a part of it. Now that I am here I pretty much take it for granted. I order breadsticks through Netscape; browse the library on DCIS; plan my week based on Bulletins; and perhaps most notably, use BlitzMail as my primary mode of communication.
For the most part, BlitzMail has been pretty good to me. However, a funny thing happened to me yesterday that served to shatter my faith in the wisdom of electronic communication.
I returned to my room around 5 p.m. on Wednesday and experienced every Dartmouth student's worst nightmare: I could not sign on. The caps lock was not on, I was spelling it right, yet DND insisted that "that password is incorrect."
Now, I just happen to already have a little built-in paranoia when it comes to my BlitzMail account. No one knows my password and I change it so often that sometimes I can't even remember what the latest version is. However, this one was "quinn," the middle name of a good friend, easy for me to remember but unlikely to be guessed by any potential malicious BlitzMail infiltrators.
I tried to sign on at Collis, to no avail. Obviously it was truly an issue with my password and not my particular Performa 636. After dinner I interrogated several of my friends at Homeplate whom I suspected might have had the opportunity to observe my password and play a joke on me -- it has happened before -- though they all denied it. I didn't really suspect my friends but I wasn't sure what else to do.
As I left Thayer, I stopped by to check blitz, and lo and behold, I was able to sign on! Relieved, I changed my password and went on my merry way. Though there were definitely "new" messages in my inbox that had been read but not by me, I remembered that I had had a lot of trouble earlier in the afternoon with BlitzMail mysteriously and repeatedly asking me if I wanted to terminate because I was signed on somewhere else. I was quite ready to chalk up the whole ordeal to the mysterious ways of the Kiewit gods.
But then, at 12:35 a.m. I received what essentially amounted to a confession in a series of blitzes, beginning with the following: "Hehe. God these computers, got to love 'em. Change your password or die. How is quinn doing?" A death threat from a crazed computer nerd? No, actually, this guy, whom I'll call John, is a pretty nice guy, if a bit strange. A clever prank with frightening implications, if you excuse the melodrama? Quite possibly.
He then went on to explain that he was able to discover my password using a program that he had placed on one of the computers at Thayer. The program is essentially a control panel, meant to be harmless, that records every key stroke that a user enters. He got it off the Internet and had tried it out as a joke that he was already regretting. I've heard rumors about such a program, but I had never witnessed it in use.
The catch? He swears that though he was able to find out my password, he did not use it. That is, he did not change my password, or read my messages, or alter my account in any way. I am inclined to believe him actually, which is why I have decided to honor his request to stay anonymous. However, this still means that I don't know who managed to change my password for that time span.
This week, I recorded my votes for various Student Assembly positions on Netscape. Which brings me to other and perhaps more interesting part of John's messages to me which is the following suggestion that he made repeatedly in a series of blitzes: "I just wanted to, in a dramatic manner, bring light to the fact that this whole internet election spiel is a joke."
And I see his point, if this program he has really works, and I myself am a witness to its success. While Kiewit officials insist that the "double-blind" security system used for voting ensures that submitted votes cannot be tampered with and individuals cannot vote twice -- and I believe them -- who's to say that someone with the know how and motivation couldn't place illegal votes using the names and passwords of people they judged unlikely to vote themselves. Dangerous, yes, but certainly possible.
With all this political intrigue going on in my inbox, I have to start to wonder. The Internet itself currently does not make secure connections. Perhaps an inherent insecurity of BlitzMail is not so dangerous. It wasn't designed to be top secret, or for communicating anything devastatingly personal. But when we start relying on the DND system for venues such as voting, security becomes a little more crucial.
Voting as a social institution is one where the prime concern is privacy. In a nod towards technology, we have abandoned the traditional way of voting by paper ballot, a system, however archaic it may seem, that served us well through decades of elections. We are already aware of one detected problem in the program used for electing Student Assembly Vice President, and though this problem was not related to security, it has resulted in the need for a revote next week--resulting possibly in less voter turnout and certainly more stress for the candidates.
In deciding what social functions computers that are appropriate to relegate to computers, we must realize that we may not be fully aware of the limitations of such technology. We may be sacrificing security for efficiency.
