Minor Thoughts from me to you

Jason Koebler, Joseph Cox, and Emanuel Maiberg, writing for Vice, provide a look at the app that was supposed to make it easy for volunteers to report the results of the Iowa caucuses.

Motherboard asked six cybersecurity and app development experts we trust to analyze the app. The app was built on top of React Native, an open-source app development package released by Facebook that can be used for both Android and iOS apps, according to Kasra Rahjerdi, who has been an Android developer since the original Android project was launched, and Robert Baptise, a white-hat hacker who has exposed security flaws in many popular apps and reviewed the code. Rahjerdi said that the app contains default React Native metadata and that it comes off as a "very very off the shelf skeleton project plus add your own code kind of thing."

"Honestly, the biggest thing is—I don’t want to throw it under the bus—but the app was clearly done by someone following a tutorial. It’s similar to projects I do with my mentees who are learning how to code," Rahjerdi said. "They started with a starter package and they just added things on top of it. I get deja vu from my classes because the code looks like someone Googled things like 'how to add authentication to React Native App' and followed the instructions," Rahjerdi said.

"The mobile app looks hastily thrown together," Dan Guido, CEO of cybersecurity consulting firm Trail of Bits, told Motherboard.

So the app has the look of something that was written by someone who's a newcomer to programming, rather than someone experienced.​

To properly login and submit results, caucus chairs had to enter a precinct ID number, a PIN code, and a two-factor identification code, each of which were six-digits long. "We saw a lot of people entering their precinct ID instead of their PIN in the PIN spot. There were some issues with not knowing where to put what credential, which is a difficult thing to design around,” Niemira said. “Having to sign in with three different six-digit numbers is confusing on the best day, but it was a call that was made in order to help keep this process as secure as possible.”

The app required users to keep track of 3 different 6-digit codes and enter them in the correct fields, during a confusing, high-pressure event. And those users are all volunteers, from a demographic that's not known for its fluency with technology. That's a complete failure of user-experience design.

According to state records, the app was built in several months at a cost of $63,182.

"We started our engagement with the IDP in August and began requirement gatherings and beginning to develop the app at that point, so we basically had the month of August, September, October, November, and December to do it, though requirements gathering takes a long time, so we didn’t have a final production version of this until pretty close to caucus time," Niemira said.

​The app was done in a rush, with no time to think through the requirements and create a design that would be usable, secure, and fault tolerant. Let alone to create code that was well-tested and robust. Or time to adequately train users and ensure that they had the app installed and working several weeks before the caucuses.

Election security experts have been saying for years that we should not put election systems online, and that we shouldn't be using apps to transmit results. And, if U.S. election officials are going to use apps like this, that they should be open to scrutiny and independent security audits.

“We were really concerned about the fact there was so much opacity. I said over and over again trust is the product of transparency times communication. The DNC steadfastly refused to offer any transparency. It was hard to know what to expect except the worst,” Greg Miller, cofounder of the Open Source Election Technology Institute, which publicly warned the IDP against using the app weeks ago, told Motherboard.

Stamos echoed that sentiment. "Our message is that apps like this should be developed in the sunlight,” he said, “and part of an open bug bounty."

Politicians seems to be allergic to doing things out in the open, with the full scrutiny and criticism that comes with transparency. This debacle is the inevitable result of secrecy, penny-pinching, tight timelines, and hubris.

∞

Disclaimer: I am a 15-year employee of Epic, love my job, and love that we have a CEO who cares deeply about patient privacy as well as patient care. I'm not writing as a company spokesperson, but as a private individual who's frustrated by fake news and misinformation.

Recently, many, many news organizations have written about Epic's opposition to a new regulation from the Department of Health and Human Services that would make it easier to share medical records data with patients and apps. These organizations are saying that Epic opposes the new regulation because Epic opposes data sharing and wants to keep patient information locked up, in the pursuit of outrageous profits. Nothing could be further from the truth.

Epic loves data sharing. Patients are healthier and safer when every doctor, nurse, medical assistant, lab tech, pharmacist, etc. can see their full medical records. We developed:

• Care Everywhere and Care Anywhere—data sharing between Epic organizations and standards-compliant data sharing between Epic and non-Epic organizations
• MyChart—allowing enable patients to access their own data
• Lucy—allowing patients to easily consolidate their charts from multiple healthcare systems
• Share Everywhere—allowing patients to directly share their records with anyone in the world, even clinicians who are still using paper charts

Our concern about the new rule comes down to one reason: worries about patient privacy. Many, many Android and iOS apps earn revenue by selling user data. The majority of the time users are unaware that their apps are tracking them, unaware of how much their apps are tracking them, and unaware of how many different companies their apps are selling their data to. There is a real risk that giving apps access to your healthcare information could mean that those apps are reselling your healthcare records to anyone and everyone, without your knowledge or consent.

We published an open letter stating these concerns.

• Family member data may inadvertently be shared. The data sent to the apps might include family member data, without the patient realizing it and without the family members’ knowledge or permission. Almost all medical records contain family history, which may be threaded throughout the record.

After surgery, Jim’s doctor wants to prescribe an opioid for Jim during his recovery. Jim prefers not to take an opioid because his brother Ken struggles with addiction. The doctor makes a note about that in Jim’s medical record. When Jim’s health data is sent to an app, and that data is used, shared, or sold, Ken’s addiction status may become public without Ken’s knowledge or permission.

Jim and Ken’s story is similar to what happened to Facebook friends who did not give their approval for their information to be harvested by Cambridge Analytica.

• Apps may take much more of the patient’s data than the patient intended. There are no transparency requirements to make it very clear to the patient what data the app is taking and what the app will do with that data.

A wellness app offers Liz a cholesterol study and asks her to approve sending the app her lab results. Liz does not realize that the app has gathered all of her lab results, including sensitive information such as her pregnancy status and STD testing results. She does not know that the app will sell that data. Once her health information is out, she cannot pull it back.

We have always, and will always, support patients’ right to use their data as they see fit. However, it is the role of government to ensure that patients have the information they need to make those decisions knowledgeably, like they have for nutrition and food or labels in the clothes they buy. Patients must be fully informed about how apps will use their data, and apps and other companies must be held accountable to honor the promises they made to patients.

For patients to benefit from the ONC rule without these serious risks to their privacy, we recommend that transparency requirements and privacy protections are established for apps gathering patient data before the ONC rule is finalized.

Epic does not typically comment publicly on national policy issues. However, our goal is to keep the patients at the heart of everything we do, and we must speak out to avoid a situation like Cambridge Analytica. The solution has a clear precedent in HIPAA protections, and creating similar protections that apply to apps would make a difference in the privacy and well-being of millions of patients and their families.

Please. Before you jump on the bandwagon of people attacking Epic, take a moment to think about the privacy implications of your health records being used as an income stream for app developers.

Buckle in.

The most sophisticated software in history was written by a team of people whose names we do not know.

It’s a computer worm. The worm was written, probably, between 2005 and 2010.

Because the worm is so complex and sophisticated, I can only give the most superficial outline of what it does.

If you've heard this story before, you already know what this worm is and the effect that it had. If you haven't, then you should ready this story. It's incredible. All the more so for being true.

∞

Dear Smile Software,

I've been a customer of yours for 5 years. I bought TextExpander for iOS (version 1.1) in 2011 and TextExpander for Mac (version 3.4) in 2012. I've purchased each successive version of the application. TextExpander 6 is the first version that I won't upgrade to.

I won't be upgrading because you've priced me out of your customer base. In the time that I've been a customer, I purchased the Mac app and two upgrades for it (one was a family pack upgrade). I've purchased two versions of the iOS app. I've spent a total of $90 on TextExpander, over the past 5 years.

With the release of TextExpander 6, you've moved TextExpander from a purchased application to a subscription application. With the existing customer discount, I can expect to pay about $24 for my first year of using TextExpander and about $50 for each subsequent year. That comes to a total five year cost of about $224. For me, TextExpander just became almost 3x more expensive.

I agree with what TJ Luoma wrote.

I don’t see anything that I really need in TextExpander version 6. I’m not using it with a “team” and my family members probably have no interest in sharing a group of text snippets with me. Yes, I realize that Smile made their own syncing service, but I have used iCloud, Dropbox, and BitTorrent Sync, and they work fine for TextExpander. Creating their own syncing service was solving a problem that I didn’t have.

I also agree with what Jordan Merrick wrote.

When it comes to TextExpander, however, the reason for a subscription isn't compelling, nor does it make sense for individuals. Even in the follow-up, Smile were awkwardly attempting to explain how their own syncing service could be of benefit to individuals:

Everyone can benefit from sharing. People who work alone have peers, or belong to civic, volunteer, hobbyist, or church groups. Before now, none of them could share snippets with each other. Now, they can. And we’re doing our best to ensure they will.

Either Smile are going for the hard sell or they don't know the majority of their individual users at all.

​For me, that's definitely true. I'm a casual user of TextExpander. I maintain snippets mostly to simplify writing names, addresses, email addresses, and basic journal entry templates. I don't use it to earn an income. I don't need to share anything with any churches, civic groups, gaming groups, or other organizations. I don't anticipate subscribing to Markdown shortcuts from Brett Terpstra or snippets from anyone else.

I'm not opposed to software subscriptions. I currently subscribe to Instapaper Premium, I'm a patron for Overcast, I pay for Feedbin, and for Pinboard archiving. I also have a subscription to Club MacStories. My wife subscribes to Adobe's "Photography" plan for Photoshop. We jointly subscribe to Office 365 and we just signed up for a subscription to 1Password for Families. I like paying for things that I value, as long as the cost is in line with the value that I get.

I do get value out of TextExpander but it's in the $25 / year range not the $50 / year range. That goes triple for the fact that my TextExpander 5 license and my iOS apps are usable by anyone in my family, whereas TextExpander 6+ would cost me $50 / year for each person in my family. That's far too expensive for my modest needs. The fact is that TextExpander would be more expensive than Instapaper, Overcast, Feedbin, or Pinboard, the same price as 1Password for Families, and half the price of Photoshop or Office 365.

Try as I might, I can't convince myself that TextExpander is worth half of what Photoshop is worth or half of what the entire Microsoft Office suite is worth. And I know that I don't use it nearly as much as I use Instapaper, Overcast, and Feedbin, all of which cost me less than TextExpander 6 would.

Entice Me Back

I can see two ways that I'd be interested in being a customer again. The first is simple: lower the price. I have modest needs, give me a modestly priced option that matches my usage of the software. I'd be willing to pay $20–30 a year for the service, just not $60 a year.

I'd also come back if I felt I was getting more for my $60 a year. For instance, TextExpander for iOS used to have a way for every iOS application that embedded TextExpander to instantly update snippets without any user intervenion. Apple closed off your ability to do that and now I need to manually update my library of snippets in each application. That's a real pain.

I'd be happy to see you work it out so that the embedded version of TextExpander can use the new syncing service to keep all of my iOS applications constantly updated without any user intervenion. That would give me a concrete reason to upgrade to the latest version of TextExpander and to use your syncing service. It'd make me much more willing to pay a higher subscription fee, as the service would be more valuable to me. In all honesty, I'm still not sure that I'd spring for a $60 / year service, but it'd be a much more tempting proposition than the current service is.