Congress and CAPTCHAs

Logic puzzle from Congressional web form

The online activism community is up in arms (if traffic on mailing lists is any indication) about a recent decision by the administrative offices of the House and Senate — which handle e-mail services for members — to begin offering a “logic puzzle” feature on the web forms they provide for constitutents to e-mail House members.

There’s a lot of people very upset by this. But is it really a body blow to online activism? Or is it a predictable response to a flawed campaign model?

First, let’s talk about what exactly all the fuss is about.

The “logic puzzle” is a flavor of CAPTCHA — those tests that have been popping up on forms everywhere to allow users to “prove” that they are human beings, and not automated scripts. For an example of a contact page that’s already been equipped with the logic puzzle, see Senator John Cornyn’s contact page.

Now, to understand why this is a Big Deal, you have to understand how advocacy software — the programs that deliver your message when you fill out one of those online “Write Your Congressman” forms provided by your favorite non-profit — typically works. The way they deliver those messages is by “cracking” these Web forms; they take your message, reformat it, and push it through one of those forms as if you had typed it in yourself.

You can probably see the obvious issue here — if a form can be cracked for a legitimate purpose like delivering a message from a constituent, it can be cracked for an illegitimate purpose (like sending spam) too.

So why use the forms? The whole reason why most member offices require e-mail to come through a Web form, rather than just publishing an e-mail address, is precisely that it makes it harder to submit a message, and therefore cuts down on spam flooding into member offices (which struggle just to keep up with the volume of legitimate mail they receive). It’s not a perfect defense, but it’s better than nothing; and it allows them to do things like require you to provide an address that proves you’re actually a constituent of that member.

But this makes it hard for advocacy tool vendors to facilitate mass e-mailing to offices; so those vendors respond by spending time and money subverting the forms, which then encourages offices to put up even more defenses, which pushes vendors to work harder to crack them. You can see how this leads us to adoption of tools like CAPTCHAs, which effectively increase the difficulty of cracking a Web form by requiring an actual human interaction with each submission to the form. So the advocacy tool vendors won’t be able to push your messages through the forms anymore.

There is a lot of indignation floating around at the moment about this being an illegal restraint of trade, a violation of the First Amendment, and so on. My take is a little different: I believe that steps like this were inevitable, and that this specific step is actually better thought out than I had anticipated it would be.

E-mail is Broken

Why inevitable? Because, as I’ve been saying for years now, e-mail is broken — especially as a vehicle for mass communication. It’s simply too easy to abuse.

If Congressional offices are required by the First Amendment to accept any and all e-mail that is directed to them, then why is the “logic puzzle” the straw that broke the camel’s back? Why wasn’t that threshold crossed when offices abandoned standard e-mail addresses for Web forms?

I’ll tell you why: because advocacy tool vendors know how to get around Web forms, but they don’t know how to get around the logic puzzle. That’s why this is the straw that broke the camel’s back; it has less to do with “digital democracy” and everything to do with businesses seeing their bottom line threatened. Nobody’s going to pay an advocacy tool vendor who can’t get people’s messages through to Congress.

But from a disinterested perspective, it’s hard to say that limiting communications by forcing them through Web forms is open communication, but limiting communications by forcing them through Web forms with a CAPTCHA is not. It’s a difference of degree only.

This CAPTCHA Ain’t Too Bad

Longtime readers of this blog know that accessibility of online resources to the handicapped is one of my personal hobbyhorses. I believe strongly that the Web is for everybody, and that “everybody” includes, among others, the blind and those with limited motor skills.

Given that, I have a strong dislike for the standard form CAPTCHAs take — an image with text embedded in it that you’re supposed to look at, find the letters, and then type the letters into a box. These CAPTCHAs presume that “human being” is equivalent to “able to see an image”, which is just not the case for the blind and those with impaired vision (like many elderly people). Some sites with these CAPTCHAs try to solve this problem by providing an audio CAPTCHA that reads the letters to you, but most do not, effectively locking these folks out.

So I was pretty dismayed when I first heard that Congress was going to require a CAPTCHA for online communication; it seemed like an obvious breach of the Federal government’s accessibility rules. However, once I saw how they were doing it, I was actually impressed — this is the first CAPTCHA I have seen that actually works from an accessibility standpoint.

Why? Because it doesn’t rely on images or audio. It simply presents you with a question in text, and then asks you to enter the answer into a standard HTML form field. There’s no reason why a blind person using a screen-reader or an old person using a screen magnifier would have problems with that.

To confirm this, I tested the logic-puzzle forms in Lynx, a Web browser that strips out all images and styles and shows you a text-only version of the site. (This is a good accessibility test because screen-readers essentially do the same thing, except they read the resulting text aloud.) The logic puzzle was easy to deal with — there were no special hurdles to jump through, like there are with most CAPTCHAs.

So I have to give the designers of the logic-puzzle system credit: they’ve come up with a CAPTCHA that I actually do not find objectionable. And that’s saying something.

Take a Deep Breath

I would urge anyone who is hyperventilating about these logic puzzles to relax. They are not the end of the world. They will make life more difficult for anyone cracking Web forms, but that should just make us think hard about whether it’s a sustainable proposition to base online advocacy on cracking Web forms.

As noted above, the current adversarial paradigm between e-activists and Congress has resulted in a vicious circle of roadblocks being thrown up and then being climbed over. Eventually they’re going to come up with a roadblock that’s simply too expensive for vendors to climb, and the end result will be that citizens’ ability to communicate with their members will have been permanently buried under mountains of campaign e-mails. That’s an outcome that nobody really wants — not even Congress, which has an interest in at least appearing to be responsive to constituents.

Isn’t there a better way? Shouldn’t there be a better way?

Vendors need to move beyond the model of “blasting huge volumes of e-mail” anyway, since there’s plenty of evidence that this simply doesn’t work — it doesn’t result in positive policy change. This could be an excellent opportunity for vendors and users of their tools to put their heads together and start developing new models of communication that are less adversarial (“hey Congress, we can climb over any barrier you put up!”) and more collaborative.

Will they? Who knows. But hope springs eternal.



June 7, 2006
2:53 pm

An additional reason for adopting this flava of CAPTCHA is that it is less crackable by spambots. Research using OCR have already created 90% correctness in getting past image-based CAPTCHA forms. But simple human puzzles are simultaneously harder to create a generalized solution for and easier for humans to deal with (I have trouble with 0 versus O on image-based CAPTCHA forms, for example).