MAC II Statement on Data Release for EPH Testing

The Sasquan and MidAmeriCon II committees responded to File 770’s query about the transfer of anonymized raw 2015 Hugo nominating ballot data for use in testing the proposed E Pluribus Hugo vote tallying method.

Linda Deneroff, Sasquan’s WSFS (World Science Fiction Society) Division Head, wrote:

Sasquan passed its nominating data to MidAmeriCon II for analysis in the EPH process. Neither Glenn [Glazer], John [Lorentz], Ruth [Lorentz] nor I were involved in the analysis.

Tammy Coxen. MidAmeriCon II WSFS Division Head, explained what was done with the data:

After EPH passed at Sasquan, the MidAmeriCon II Hugo Administration team publicly committed to testing the system so that real data about its efficacy could be made available to WSFS members before the business meeting where ratification would take place. As part of that testing, MidAmeriCon II was collaborating with two researchers (Bruce Schneier and Jameson Quinn) in evaluating the system. As previously announced, it was determined that the data was unable to be sufficiently anonymized for a general release, so the researchers were provided data under a non-disclosure agreement.

There was to have been a coordinated release of the research findings between MidAmeriCon II and the researchers, which would have made clear the circumstances under which the data had been shared. Planning was already underway regarding that release, but as noted, analysis is still occurring. Our intention is to jointly share the research findings when they are complete, which will be well in advance of the business meeting at MidAmeriCon II.

The previously announced concerns that Coxen refers to were discussed here in a September 2015 post, “Hitch in Sasquan Nominating Data Turnover”.

123 thoughts on “MAC II Statement on Data Release for EPH Testing

  1. @errhead

    I’m guessing that you wanted the data to test the software you link to in your name?

    They appear to be saying that they are only releasing the data for specific purposes that there is a need for, and they didn’t feel they needed your software. (I don’t say that as a slam against your work, just what seems to have been their approach).

    I don’t think that necessarily converts into a refusal to release data to check the upcoming paper, because that paper hasn’t yet been released to check. I’d like to hear what plans they do or don’t have in that regard, but I appreciate that may not happen very soon, perhaps not until the paper is released.

    It’s important to appreciate that they are doing the legal equivalent of playing with fire here, as a breach of privacy laws in any of the many countries that could claim jurisdiction could get very expensive very quickly. In those circumstances, high levels of caution should be quite understandable.

  2. “I wouldn’t call either Quinn or Schneier “the EPH proposers”. They are two outside experts who were consulted by the people who were proposing EPH. You can Google the credentials of both of them.”

    You can also use google to find the various Making Light threads like this one (http://nielsenhayden.com/makinglight/archives/016206.html) from 4/13/15, posted by Bruce where Jameson is intensely involved in the comments, prior to them even naming their eventual proposal EPH. These two were integral to the creation of EPH. To call them outside experts called in by the EPH proposers is a blatant lie.

  3. I wouldn’t call either Quinn or Schneier “the EPH proposers”. They are two outside experts who were consulted by the people who were proposing EPH.

    Incorrect.

    From the business meeting minutes:

    “Submitted by: Keith “Kilo” Watt, Jameson Quinn…”

    “Jameson Quinn, coauthor of E Pluribus Hugo…” “one of the makers of the original motion…”

    Mr. Quinn was also co-submitter of the Hugo nomination data request to Sasquan.

    Also, though Mr. Schneier was not listed as EPH co-author, he is not an outsider consultant. He has long been involved with Worldcon and fandom and it was Schneier that kicked off the drive to change the voting system with a series of guest posts on the blog Making Light.

    Quinn raised $1,500 to attend Sasquan to argue for the passage of EPH, writing:

    On the guest posts by Bruce Schneier on the Making Light blog, I helped design and simulate a proportional voting system especially for the Hugo process’s needs…

  4. @MC DuQuesne

    …And if you go even further back on Making Light you’ll find earlier threads in which Schneier is analysing solutions already proposed by others. EPH was named very late in the process; claiming that any involvement prior to it being named is a problem makes no sense.

    Quinn was an official proposer for EPH; Schneier was not.

    Seriously, if you want to do something involving data, systems, and security and you’ve got Bruce bloody Schneier available, you’d be a fool not to ask him in.

  5. @Mark

    I’m not sure I follow your theory of the problem. What ‘privacy laws of the world’ are threatened by a leak of the Hugo voting data? This is not personal medical or identification data that is restricted by a variety of laws. It’s data that as far as I can follow the Constitution of WSFS, is at the discretion of the Hugo subcommittee of a Worldcon to do with as it sees fit.

    I can concede that confidentiality, having been implicitly if not explicitly promised as part of the voting process, is worth protecting. The Hugo subcommittee has a moral obligation to protect the data within their judgement of the best way to do that. But where is their legal obligation to do so coming from?

  6. seekingferret:

    “I’m not sure I follow your theory of the problem. What ‘privacy laws of the world’ are threatened by a leak of the Hugo voting data?”

    Lets say that a person lives in a conservative religious home and nominates a book which displays homosexuality as something acceptable. Then the person is doxed together with that nomination. Do you think that would be something the person would be happy about?

  7. Okay, you’ve come up with a plausible edge case for the moral obligation. I would say that it’s much simpler to just say “Let’s say a person nominates a book under the promise of a secret ballot. Their nomination is revealed. Do you think they are likely to nominate again next year?”, but fine, you’ve come up with a less likely but still plausible scenario. Now explain to me which privacy law is violated. Is there a law against revealing that someone nominated a book with homosexual themes? In which countries? That is certainly not against US law as I understand it. Just because something isn’t nice doesn’t mean it’s illegal.

  8. seekingferret:

    “Now explain to me which privacy law is violated. Is there a law against revealing that someone nominated a book with homosexual themes? In which countries? That is certainly not against US law as I understand it. Just because something isn’t nice doesn’t mean it’s illegal.”

    Why the hell should I do that? Why should I get involved in your straw men when I never said anything about privacy laws? As you yourself said, it is a moral obligation. And for those, legal matters are totally irrelevant.

  9. @seekingferret

    Good question. We’ve been told that the data could not be sufficiently anonymised, which means it was theoretically possible to identify individuals from it. I’ll look at it from the jurisdiction I’m familiar with, which is the UK. Under the Data Protection Act the analysis is quite simple: is it data? yes. Is it personal? yes, because it relates to an individual. At which point the organisation processing it has all sorts of obligations, but the relevant one here is not to release it to anyone who wants it.

    (None if the above is specialised knowledge; anyone who works for an organization that handles data and doesn’t like getting fined gets stern training sessions in this sort of thing)

    Now, I can’t speak directly to other jurisdictions, but the rest of the EU is definitely very similar due to sharing overarching principles and I believe the US has equivalent laws. If releasing the data freely is actually fine under US laws (which I doubt, but let’s assume it for a sec) it might be that WSFS would feel they can avoid any non-US jurisdictions during US worldcon years, but if they’re processing the data of EU nationals I wouldn’t like to risk it.

    It’s the risk that’s really my point: it’s not necessary that it definitely be a breach of US data protection laws, there just needs there to be the risk of one country with a Hugo voter with laws that might apply that might claim jurisdiction and anyone familiar with the issue would know to treat the entire situation with extreme paranoia. Just the legal costs of dealing with a totally frivolous claim would be prohibitive.

    ETA – I see the conversation moved on a bit while I was typing. Does this help with “what privacy laws”?

  10. A lie requires deliberate dishonesty; it isn’t just providing information that turns out to be in error – and besides that, Bruce Schneier, at least, is not on the list of people who proposed EPH. Jameson Quinn is, and I’m sure JJ will acknowledge that.

    Most of the time, conversations flow considerably more smoothly when you grant benefit of the doubt. There are exceptions, but they aren’t all that common.

  11. Quick point of information: It has always been Bruce Schneier’s position that the most reasonable thing to do would be to do nothing. I know this from personal conversations with him, as well as the fact that he said exactly that in his first post to Making Light. I also know, from personal conversations, that he’s interested in the math. Sunday night at Minicon, after the Puppy Nom Sweep had been announced, he asked me if I knew anyone who could discuss the math with him, and said, quite vehemently, that he didn’t care at all about politics or feasibility. (I did point him at someone who was at least math-conversant. Because boy is that not me.) Note that while Bruce is working on an academic paper on EPH, he has had exactly nothing to do with the various political actions necessary to have it proposed and voted on by Worldcon. That’s not where his interest lies.

    It would be hugely incorrect to say that Bruce doesn’t care about fandom. But it would also be incorrect to say that he is a proposer, or even a political supporter, of EPH.

  12. “It’s the risk that’s really my point: it’s not necessary that it definitely be a breach of US data protection laws, there just needs there to be the risk of one country with a Hugo voter with laws that might apply that might claim jurisdiction and anyone familiar with the issue would know to treat the entire situation with extreme paranoia. Just the legal costs of dealing with a totally frivolous claim would be prohibitive.”

    So the risk that there exists a voter who:
    1 publicly announced their other 4 picks for a category
    2 has a fifth pick they want kept secret
    3 is the only person to have voted for the 4 announced picks
    4 will then frivolously sue

    is greater than the risk that any of the 11,000+ members of the convention will sue for failure to follow through with the business meeting vote to release the data?

  13. Lydy Nickerson: I was also typing a post pointing out that in fairness, although Scheier kicked off what became EPH, he had said at the start that doing nothing was the best option. So thanks.

    I also noted, however, that he appeared to accept without much introspection the problematic narrative of preventing outsiders from coming in to dishonestly wreak havoc (a la Entertainment Weekly), and that his second preference was apparently to solve the problem by keeping unwanted people out:

    1. I think the best choice would be to do nothing. It’s not at all obvious that this is anything other than a temporary aberration, and that any fixes won’t be subject to a different set of abuses and need to be fixed again. I think the worst situation would be a series of rule changes in a continuous effort to stave off different abuses. I don’t think highly of a bureaucracy that tinkers with election rules until it gets the results it wants.

    2. If we choose to ignore (1), the second-best choice is to modify the electorate. The problem isn’t the rules of the vote; the problem is that a voting bloc was able to recruit voters from outside the usual community. Trying to fix that problem by changing the voting rules is very difficult, and will have all sorts of unintended consequences.

    3. If we choose to ignore (1) and (2), this is the thread to discuss how to fix the voting rules.

  14. The business meeting voted to request the release of the data, if it could be sufficiently anonymized. If it can’t be adequately anonymized, the Hugo subcommittee is doing the right thing in not releasing it broadly.

    And data privacy laws in most EU countries are much tougher than US law. You can’t release identifiable data freely in the US, but in most of the EU, you can face heavy fines and possibly other penalties for actions related to personal data that would be legal in the US. Fannish organizations really can’t afford that.

  15. @Hampus Eckerman

    I was responding to Mark’s specific use of the term ‘privacy laws of the world’, and since you responded to me I assumed that your example was somehow connected to this claim. I see that essentially we agree.

    @Mark

    I’m not very familiar with UK law. Under US law this kind of data is fairly unregulated. Amazon is pretty much at will to sell data about what books you browsed or purchased to whoever it wishes, barring any contractual promises it made as part of a user license and its general common sense about what is not a good thing to do. There are a few ‘best practices’ sort of guidelines that industry groups claim to follow in lieu of legal regulation, but I don’t think they really touch much on this kind of data.

    Skimming a few websites about the UK law you mention, it seems like you’re right that these regulations are tighter in the UK than in the US, but I think your approach feels arbitrary and FUDy to me. If generically releasing voting data with insufficient anonymization that could hypothetically in edge cases reveal private information about a person’s political and personal beliefs were a violation of data protection laws, it’s not clear to me that releasing the data to third parties under NDA is less of a violation. Given that that’s the case, I don’t think a legal analysis of UK laws played into the decision to give this data out to Schneier and Quinn. That being said, I’m still skeptical that either would be a violation. Particularly since, as MC DuQuesne points out, the publicly ratified intention of the membership is for this data to be released, in a responsible way.

    It’s also unclear to me to what degree the laws of the world matter. Even supposing there were a serious violation of UK privacy law, which I don’t think there would be, Sasquan and MACII are both purely US entities- the UK’s ability to fine them for violating data privacy laws is limited to nonexistent.

  16. @MC DuQuesne

    That’s easy: yes.

    Because as Lis says above there’s nothing to sue about the release of the data because it was a non-binding request (this was made very clear during the business meeting). I believe someone on MGC went to the trouble of getting some legal advice to consider suing and reported back that it wasn’t do-able.

    Your 1-3 are not the only possibilities, but even so they are quite real. You’re not quite following my argument with (4) because (again as Lis points out) the problem isn’t really an individual suing (although that’s enough of a risk) but someone reporting it to an actual government agency who might take enforcement action that wouldn’t be at all frivolous. Even leaving aside any fine, the legal costs of dealing with the matter would still be prohibitive.

  17. “The business meeting voted to request the release of the data, if it could be sufficiently anonymized. If it can’t be adequately anonymized, the Hugo subcommittee is doing the right thing in not releasing it broadly.”

    http://sasquan.org/wp-content/uploads/2013/07/2015-WSFS-Minutes-Complete.pdf

    “Moved, that the WSFS Business Meeting requests that the Administrators of the 2015 and 2016 Hugo Awards make publicly available anonymized raw nominating data from the 2015 and 2016 Hugo Awards, including the works nominated on each ballot in each category, but not including any information that could be used to relate ballots to the members who cast them;

    and Resolved, that it is the opinion of the WSFS Business Meeting that releasing such anonymized raw nominating data after the announcement of the results of the 2015 or 2016 Hugo Awards is not a violation of the privacy of members’ ballots.

    With a majority vote needed to pass this resolution, it passed by a show of hands.”

    The business meeting ruled that the works nominated on each ballot in each category after removing PII is sufficiently anonymized to not violate member’s privacy.

  18. Oh, lords, Brian. The quote you provide, from Bruce, is arguing exactly and precisely what you have been mendaciously arguing for months and months, now. You have said, over and over again, that social pressure and social engineering should be brought to bear on the problem, rather than changing the rules. This is exactly and precisely what Bruce is saying. But now, all of a sudden, it becomes useful to you to pretend that Bruce is saying something completely different, and so you lie about it. With his words right fucking there.

  19. The business meeting doesn’t own the nominating data, the Hugo admins do.
    The business meeting can request that the data be released, but only request. The Hugo admins decide whether they can anonymise the data sufficiently for a narrow release, a wide release, or no release at all. They’re not bound to agree with the business meeting.

  20. @seekingferret

    I think you’re ignoring that a system where citizens of many different countries enter data into a computer system which can be located anywhere in the world risks falling under all sorts of jurisdictions. There are many many examples of prosecutions being pursued of people who’ve never set foot in the country in question. I don’t know what the precise arrangements are in this case, but the general existence of the risk is clear to me.

    We’re not talking about “edge cases”, it’s been stated that the data can be partially de-anonymised so it’s a real problem.
    Did any of what I’ve mentioned go through the minds of the people making the decisions? I’ve no idea – it may have been rejected for other reasons before legal considerations even came up.

    Incidentally, the nature of the data – political, religious, etc – is entirely irrelevant. It could be your favorite colour and still be subject to the legislation.

    There are statutory gateways available for the release of data to third parties under various conditions, and release under an NDA to researchers producing a product for the data owner is pretty much a canonical example – no one could use contractors otherwise. Again, I’ve no idea if this was explicitly considered or not.

    (Just to repeat what I said above, I’m not claiming expertise here, this is pretty much bog-standard knowledge if you’re employed by an organisation that handles personal data. Companies don’t spend time and money on this because the legislation is toothless and irrelevant)

  21. @MC DuQuesne

    The (non binding) resolution is only effective if the data can be anonymised. We’re told that it hasn’t been possible to do that.

  22. MC DuQuesne:

    “is greater than the risk that any of the 11,000+ members of the convention will sue for failure to follow through with the business meeting vote to release the data?”

    The risk of someone suing for a non-binding resolution not being followed is effectively zero.

  23. The business meeting doesn’t own the nominating data, the Hugo admins do.

    We’ve all expended a lot of effort to (variously) promote, save, defend, uphold or redeem the Hugo Awards.

    But if we’ve reached the point of arguing that “the Hugo admins” “own the nominating data,” maybe it really is time to throw in the towel.

    🙁

  24. Brian Z:

    “But if we’ve reached the point of arguing that “the Hugo admins” “own the nominating data,” maybe it really is time to throw in the towel.”

    Please do.

  25. @MC DuQuesne

    Could you say further why you think that Wikimedia data was “imperfectly anonymised” and released despite knowing that?

  26. Mark, It shows all the votes for a ballot. Someone’s publicly stated votes could be used to theoretically determine which ballot is theirs and thus determine their nondeclared votes.

    That’s the same and only impediment the hugo data has to perfect anonymization. I’d say they released it because they value transparancy and grok the specious nature of any privacy complaints that were brought up, just like the business meeting when they voted removing PII sufficient.

    The hugo admins have decided to ignore the request of the business meeting completely. Its not a problem with the anonymization because they released the data to some chosen people under NDA, but not extend that option to others.

    If it was an anonymization issue they would either release the data on request with an NDA, or not release it at all. This is obviously an issue with control of the data and an unwillingness to see the wrong people have it for some reason. Either something in the data that needs to be hidden from the general membership, or someone doesn’t want to give up their ownership of the data.

  27. @MC DuQuesne

    You quoted this, and I’m going to highlight the relevant portion:

    Moved, that the WSFS Business Meeting requests that the Administrators of the 2015 and 2016 Hugo Awards make publicly available anonymized raw nominating data from the 2015 and 2016 Hugo Awards, including the works nominated on each ballot in each category, but not including any information that could be used to relate ballots to the members who cast them

    Clearly, the administrators have decided that the information could be used to relate ballots to the members who cast them. Even as much release as we’re getting is beyond what the administrators were requested – not obligated – to do.

    What Wikimedia decided to do is irrelevant. They’re not the WSFS.

  28. I know this is repeating some of what people above have said, but I’m going to try and explain it again. Remember that I’m the chair of the meeting that passed that resolution, and it was my rulings that were appealed and sustained. I’m also the person who drafted the original resolution at the request of the makers. I ruled the resolution to be in order, but I said all along that there is nothing binding about it.

    MC DuQuesne on February 11, 2016 at 7:50 am said:

    is greater than the risk that any of the 11,000+ members of the convention will sue for failure to follow through with the business meeting vote to release the data?

    Despite you quoting the resolution, you do not seem to comprehend it. You also seem to think that the WSFS Business Meeting has the authority to compel the Hugo Award Administrators to do things via resolution.

    B.2.3 Short Title: Hugo Nominating Data Request (as amended)

    Moved, That the WSFS Business Meeting requests that the Administrators of the 2015 and 2016 Hugo Awards make publicly available anonymized raw nominating data from the 2015 and 2016 Hugo Awards, including the works nominated on each ballot in each category, but not including any information that could be used to relate ballots to the members who cast them; and

    Resolved, that it is the opinion of the WSFS Business Meeting that releasing such anonymized raw nominating data after the announcement of the results of the 2015 or 2016 Hugo Awards is not a violation of the privacy of members’ ballots.

    Now, let’s take this apart:

    1. The individual Worldcon committees are sovereign other than in those things explicitly defined in the WSFS Constitution. (Section 1.6.)

    2. The WSFS Business Meeting can only change the Hugo Award rules through the existing constitutional amendment process.

    3. There is no provision for the WSFS Business Meeting to compel Hugo Administrators to do anything not explicitly required by the existing WSFS Constitution. This was a “request,” not a “demand.” The word “request” is in the first clause. (I would have ruled as out of order any resolution that worded it as a “demand.”)

    4. The Administrators have no obligation to accede to this request. (WSFS Constitution section 3.12.)

    5. The resolution itself said that the request not include “any information that could be used to relate ballots to the members who cast them.” While a member of that committee initially said that they would do so, the committee as an entity later concluded that it could not comply with the request for the reasons stated.

    6. The statement of the individual committee member was made without consulting with the rest of the committee and cannot be held as binding upon them. (Analogy: I was an area head for the Sasquan committee. A statement from me that “there will be free ice cream at the Closing Ceremonies” would not be binding upon the Sasquan committee.) The individual was not the leader of the Hugo Awards Administration Subcommittee (HASC) and was not even the senior-most member of the Sasquan committee who was on the HASC.

    Therefore, I think that any suit brought by one of those members would be thrown out, and for that matter, I wouldn’t be surprised (IANAL!) if the plaintiff could be on the hook for bringing a frivolous case.

    Now let’s look at the goodwill risk: how will the members react to the Administrators’ decision? In this case, I think that the people saying that it’s No Big Deal to violate the members’ ballot privacy are likely to be significantly outshouted by those who take that privacy for granted.

    Looking at the legal risk versus the goodwill risk, I’d say the committee (and the parent organization of the 2015 Worldcon, which would be the legal entity potentially tapped by a hypothetical lawsuit) has made the right decision.

    MC: If you are one of those 11,000 people (otherwise you won’t even have standing to sue), and really feel that badly wronged, I suggest you engage legal counsel and attempt to file your lawsuit, if you can find a lawyer prepared to take the case, given the risks. But I’d be really surprised if any competent lawyer would take it without a big pile of money up front and your agreement to indemnify him/her from the penalties for frivolous suits.

    You want a longer-term solution, draft up legislation that would require the release of the individual ballots, just like we currently require the “We Also Heard From” top-15 list. Try and convince two consecutive Worldcon Business Meetings to pass it. (My personal opinion: fat chance.) And it could not be made retroactive. But after you somehow got it passed, people would then be able to make their votes knowing that their secret ballot wasn’t particularly secret. Maybe you like that idea; I certainly don’t.

  29. MC DuQuesne on February 11, 2016 at 9:44 am said:

    If it was an anonymization issue they would either release the data on request with an NDA, or not release it at all. This is obviously an issue with control of the data and an unwillingness to see the wrong people have it for some reason.

    Have you considered the possibility that (and I merely speculate here, having no insider knowledge) they might not trust certain parties to abide by the terms of an NDA? If you don’t trust the contracting party to abide by the agreement, there’s no point in trying to execute it. Even with people you trust, you can get missteps, as happened in this case.

    Embargoed data has been released in the past, always inadvertently. Thus people who have control of sensitive data are very leery of sharing it even with people they trust.

  30. @Kevin Standlee

    We were just holding the fort for you 🙂

    @MC DuQuesne

    An obvious difference is that the publication of the raw data (ETA: on Wikimedia) was known in advance to those voters, who will have agreed to it either implicitly or explicitly.

    Either something in the data that needs to be hidden from the general membership

    …And when the conspiracy theories come out, I go home.

  31. Brian Z:

    The 2015 Worldcon Committee and the 2015 Hugo Award Administration Subcommittee are obeying the rules of the World Science Fiction Society adopted by the members of the WSFS. You want them to break those rules. It is you who are in the wrong, not them.

    If you don’t like the rules, work to change them. I look forward to your attempt to change the WSFS rules to require future Administrators to release whatever information you think they should release. It should be an entertaining debate.

  32. Meredith, it speaks directly to the fatuousness of the legal risk red herring.

    Kevin, i have no desire to change the constitution, merely attempting to point out the attempt to avoid one unlikely frivolous lawsuit just opens one up for other just as unlikely and frivolous lawsuits.

    Your theory on distrust sounds likely. Are there any publicly available information on the hugo committee meetings that come up with these decisions?”

    “knowing that their secret ballot wasn’t particularly secret”

    I would love to see someone match a single ballot in the 84 database with its corresponding member of the con without resorting to id lookup. Its far less trivial to reverse reasonably anonymized data then some like to pretend.

  33. @MC DuQuesne
    Not if Mark’s comment here is accurate:

    An obvious difference is that the publication of the raw data (ETA: on Wikimedia) was known in advance to those voters, who will have agreed to it either implicitly or explicitly.

    Raw data that the participants expected to be published is not the same as raw data that the participants had reason to believe would be private. Hugo nominators had reason to believe their data was private. Therefore, Wikimedia is irrelevant.

    I note you ignored the rest of my comment, which pointed out why you were wrong to say the administrators had to release the data to anyone who asked for it.

  34. Kevin Standlee, you have followed the discussions here, so you may know that I have never supported the release of Hugo nomination data, either in raw or “anonymized” form.

    If the EPH creators alone are unilaterally handed our confidential ballot data, and an EPH co-creator is even willing to use our data in blog posts to further a political agenda, the Hugo Awards will appear to me to have lost their integrity.

    My own preference, as I stated here in the past, would be for the ballots to be destroyed as soon as possible after the winners have been announced in order to ensure that the Worldcon traditions of ballot secrecy – traditions stretching back to the McCarthy era – will be honored.

    We have just been told that the Hugo administrators of one or possibly multiple Worldcons have handed over our confidential voting data from those Worldcons to the Hugo administrators of a different Worldcon, an action which to my knowledge is completely without precedent in WSFS history.

    If you believe that there is a WSFS rule empowering the Hugo administrators of MAC II to take control of the distribution of my confidential voting data from Sasquan, Loncon 3, or any other Worldcon, please cite it.

  35. So I have to ask… what malfeasance are people expecting is being concealed in the partly-but-not-sufficiently-anonymized voting data as it is now? Is it just a vague suspicion of something dubious? Or something more specific?

  36. Jonathon, i suspect a hugo admin had a ballot with nothing but his own name nominated in every category except dramatic presentation which was all brony porn.

  37. MC DuQuesne on February 11, 2016 at 10:41 am said:

    Kevin, I have no desire to change the constitution, merely attempting to point out the attempt to avoid one unlikely frivolous lawsuit just opens one up for other just as unlikely and frivolous lawsuits.

    Exactly. If the legal risk is equal both ways, then the goodwill risk (which I listed) comes into play. IMO, the goodwill risk of the perceived violation of voter privacy is much higher than the complaints from a relatively tiny number of people whose motives seem suspicious to many observers. In the end, WSFS is run by its own members, not by non-members who complain loudly online.

    While it’s possible that I don’t agree with the level of concern that the 2015 HASC has expressed regarding the release of nominating ballot data, I strongly support their right to make the decision. If anything, I respect them more for being willing to stand up and say “No, and here’s why not,” when WSFS actually provided them with sufficient “political cover” to release the data and to reply to anyone who managed to break the ballot anonymity of any voter with, “Sorry about that; go talk to the Business Meeting who said we should release it.” They made the harder choice.

    Your theory on distrust sounds likely. Are there any publicly available information on the Hugo committee meetings that come up with these decisions?”

    You’re edging into sealion territory here. Of course the answers are no, there won’t be, and I did say that I was speculating and had no access to any sort of insider information. FWIW, it’s what I personally would be considering if I were part of that committee, which I am not. I am very reluctant to treat with people whose stated goals including destroying an institution I’ve now spent 60% of my life supporting.

  38. Wikimedia appears to have been okay with releasing imperfectly anonymized data in an international vote.

    Irrelevant. They aren’t WSFS or the Hugo subcommittee. What they release for their own elections is their business.

    Really, what is so hard to understand about that?

  39. “Irrelevant. They aren’t WSFS or the Hugo subcommittee. What they release for their own elections is their business.”

    That the hugo admins are free to act capricously and arbitrarily with the data has been established and I wasn’t disputing that. I was pointing out the baselessness of the legal jeopardy argument.

  40. Brian Z on February 11, 2016 at 10:59 am said:

    My own preference, as I stated here in the past, would be for the ballots to be destroyed as soon as possible after the winners have been announced in order to ensure that the Worldcon traditions of ballot secrecy – traditions stretching back to the McCarthy era – will be honored

    This is not an unreasonable proposal. We do something similar with Site Selection data. The procedural motion, “That the Site Selection Administrator is instructed to destroy the ballots,” is the point where the Worldcon election is final, the OFFICIAL sign goes up on the tote board, and all bets can be paid. You can no longer contest the results of the election at that point. (Although of course, the actual physical destruction of the ballots is unlikely to happen until sometime later; setting a fire in the middle of a meeting room is likely to be frowned upon, as would be running a shredder.) But the WSFS rules keep the administration of Site Selection within the control of the Business Meeting, unlike the Hugo Awards, which is within the control of the individual Worldcon committee and usually the HASC they create to do the job.

    (I’ve been a Site Selection administrator in a weirdly contested election. I was very tempted to recount the ballots on the assumption that I’d ruled a given write-in bid ineligible instead of just-barely technically eligible. (The “I-95 in ’95” NASFiC bid filed barely-legal papers one second before the deadline). I resisted the urge and destroyed the ballots after the election was final. Nobody, not even me, will ever know if disqualifying the RoadKillCon bid would have changed the result of the 1995 NASFiC election. I decided that if I ever knew, I’d probably let it slip, and that would be a Bad Thing.)

    You could, of course, author a proposal to require that Hugo ballot data be destroyed by the Worldcon Committee at a defined time. There might well be support for such a proposal.

    If you believe that there is a WSFS rule empowering the Hugo administrators of MAC II to take control of the distribution of my confidential voting data from Sasquan, Loncon 3, or any other Worldcon, please cite it.

    Oh, ask me a hard one next time. WSFS Constitution sections as follows:

    Section 1.6: Authority. Authority and responsibility for all matters concerning the Worldcon, except those reserved herein to WSFS, shall rest with the Worldcon Committee, which shall act in its own name and not in that of WSFS.

    Section 2.1: Duties. Each Worldcon Committee shall, in accordance with this Constitution, provide for

    (1) administering the Hugo Awards,….

    Section 3.1: Introduction. Selection of the Hugo Awards shall be made as provided in this Article.

    Section 3.12: Exclusions. No member of the current Worldcon Committee or any publications closely connected with a member of the Committee shall be eligible for an Award. However, should the Committee delegate all authority under this Article to a Subcommittee whose decisions are irrevocable by the Worldcon Committee, then this exclusion shall apply to members of the Subcommittee only.

    Note that the part about the exclusions in 3.12 isn’t directly relevant here, but the part about irrevocably delegating Hugo Administration authority is. When a Worldcon Committee makes that delegation, all of the constitutional references to the “Worldcon Committee” regarding the Hugo Awards can be read as the “Hugo Administration Subcommittee.”

    The WSFS Constitution does not require committees to keep voting information secret. It neither forbids committees from releasing such information nor requires them to do so. (There is a list of things they must release at 3.11.4, not relevant to this discussion.) Therefore, it is completely the decision of the Committee what to do with the data. Technically, they don’t even have to keep the individual voters’ preferences secret. In a highly technical sense, they have existing authority to release every single ballot with every voter’s name attached to his/her complete ballot. We have a very strong tradition of ballot secrecy, but it’s not a regulatory requirement. We rely upon Worldcon committees not being stupid enough to appoint Administrators who would violate both rules and tradition.

  41. Brian Z: If you believe that there is a WSFS rule empowering the Hugo administrators of MAC II to take control of the distribution of my confidential voting data from Sasquan, Loncon 3, or any other Worldcon, please cite it.

    As you know, I think it’s a bad idea to release the raw Hugo nominating data to anyone. It is unlikely to remain solely in the hands of those authorized to have it. Conrunners have a very poor record of keeping secrets — look what happened to the 1984 Hugo data.

    Then, even without the raw data, the analysis will be shared generally, meaning the advantages cannot be confined solely to those using these insights for “good purposes” (whatever we might think those are, but making slate strategy more effective would be the opposite of a good purpose in my mind.)

    Finally, as co-author of the rule now contained in Section 3.11.4 of the Constitution, I agree with Sasquan Hugo Administrator John Lorentz’ argument releasing voting information for nominees receiving fewer than 5 votes is a rules violation. (However, the Chair disregarded the plain wording of the rule and his interpretation was sustained by a vote of the Business Meeting.)

    All that said — I must disagree with your insistence on looking to a WSFS rule empowering Hugo administrators to distribute confidential voting data. The Consitution in Rule 1.6 says “Authority and responsibility for all matters concerning the Worldcon, except those reserved herein to WSFS, shall rest with the Worldcon Committee, which shall act in its own name and not in that of WSFS.” The Sasquan Business meeting determined no rule in the WSFS Consitution poses any barrier to releasing the data. So the situation is this: the Worldcon committee gets to determine how it will exercise stewardship over the Hugo data. Sasquan or MAC II was already empowered if it wanted to disclose the data under an NDA.

    The one thing that bothers me is that after the public debate at the 2015 business meeting, and with all the interest expressed by people who wanted the anonymized data (which Sasquan initially was going to offer on an equal basis to any interested party), MAC II didn’t make a public statement about what they were doing until they were asked for one. It’s not as if they had any intent to keep this secret — the results were going to be publicized at some point. And they could have avoided looking as if they were found out.

  42. So the situation is this: the Worldcon committee gets to determine how it will exercise stewardship over the Hugo data. Sasquan or MAC II was already empowered if it wanted to disclose the data under an NDA.

    Now we’re getting somewhere. Did Sasquan disclose the data under an NDA? We were told in the original post that Sasquan played no role beyond passing the nomination ballot data – whether it was the raw ballot data or the “badly anonymized” data – to MAC II.

    What about the information from prior years that Bruce Schneier mentioned. Did Loncon 3 disclose the data under an NDA? There is no acknowledgment of it in the statements so far, but it seems unlikely that Bruce would make that up.

    The MAC II Hugo administrators are not a subcommittee of Sasquan, nor of Loncon 3. As you put it, they have no stewardship over my data from Sasquan or Loncon 3.

  43. @Brian Z

    If the EPH creators alone are unilaterally handed our confidential ballot data, and an EPH co-creator is even willing to use our data in blog posts to further a political agenda, the Hugo Awards will appear to me to have lost their integrity.

    I think your conspiracy theory is WAYYYY off. But if you truly believe that the admins working with two gentlemen to show how EPH would work on nominations is Hugos losing their integrity please deprive us of your company. For a change act on your principles. Don’t just blow hot air and whine.

    The Hugos are doing fine. 10 years from now we will be dealing with a new scandal. And 20 years it will be a different scandal. Just like we always have.

  44. Brian Z: The MAC II Hugo administrators are not a subcommittee of Sasquan, nor of Loncon 3. As you put it, they have no stewardship over my data from Sasquan or Loncon 3.

    You’re adding conditions to my statement, and those conditions are not correct. Not every bad idea is illegal. Sasquan had the authority to give the data to MAC II. Period.

  45. MC Duquesne, while choosing to ignore the fact that Wikimedia told its voters, before they voted, that the data would be released, did note that Wikimedia is much better funded than WSFS. What they seem to have missed about this is that it means that Wikimedia is much better able to survive litigation than WSFS.

    Handing the data to two well-respected researchers in the field, under an NDA, to evaluate the effect of EPH so that the information will be available to the next WSFS business meeting is not distributing the data arbitrarily. Nor is it arbitrary or suspect to refuse to share the data, even under an NDA, with people whose stated intention is destroying the Hugos. The incentive there to violate the NDA is all too obvious.

  46. I think your conspiracy theory is WAYYYY off.

    There is also the incredible irony of Brian Z, a man with no integrity or credibility, accusing an organization of losing their integrity.

Comments are closed.