June 2023 Update: Our Approach to AI

We’re thrilled to share that earlier this month, CTA was recognized by GAIN Power as a New Organization Making Impact at the 2023 #PowerfulIDEA Awards.

As big believers that kind tech can make a big impact, we are enormously honored to be recognized. And we’re incredibly grateful for all of our partners who have helped us grow, develop, and create impact together over the last year — thank you.

Read on to find out more about what’s happening with CTA!

Passkeys (and What They Mean For You)

There’s a big change coming to the way you log into your Google accounts, including your CTA-provided PAD account. Based on industry standards, passkeys are a new password and second factor replacement that allows you to use physical devices to authenticate to your online accounts.

Passkeys leverage public-private keys and cryptographic techniques to ensure that only you can access your account. They’re always secure, never guessable, and only stored on your device. Depending on whether you’re an Android user or iOS user, passkeys are generated a bit differently, but the upshot is the same: passkeys are profoundly more secure than passwords, and you’ll no longer have to carry around a hardware 2FA key (you were doing this, right?).

So what does this mean for you?

• Beginning in late June 2023, CTA will enable passkey support on your PAD account.
• Once enabled, you’ll simply visit the My Account page and add in a passkey.
• Chrome on macOS, iOS, Android, and soon, 1Password, all support passkeys.
• Going forward, instead of entering your Google password and using your 2SV device when signing into Google around the web, you’ll simply be prompted to use Touch ID, Face ID, or the Android equivalent to verify your identity. Don’t have a passkey stored on your device? No problem, you can always have the website request a passkey stored on a different device. You can even share passkeys!

So what do you do with your hardware 2SV keys?
Hold onto them! While passkey support is spreading quickly, as long as there are websites that only support basic passwords and 2SV, hardware 2SV keys are the best option for securing your account.

Also, your password isn’t disappearing quite yet! If you lose all of your devices (and don’t have your passkeys synced, for example, to iCloud), you’ll still need your password. And it is worth keeping a single 2SV hardware key on there too, just in case.

Google Login Page Asking for a passkey saved on macOS Chrome

If all of this is a bit confusing, don’t worry. We’ll send out detailed instructions on how to sign up in the coming weeks. You may already have received a prompt on personal accounts to sign up for passkeys. Passkeys are a public standard, and websites are quickly implementing support.

If you use iOS and iCloud Keychain, you may already have saved a few passkeys on your iPhone. Here’s a primer from Apple on how to set up a new passkey. Remember, while you can use a single device to store your passkey, you can store a passkey on multiple devices.

Questions about passkeys or anything else security-related? Email help@techallies.org.

Our Approach to AI

A statement from our CTO, Michael Fisher

With many in political tech talking about recent advancements in AI, CTA thought it apt to share our internal perspective and guidance that we’ve offered to our team.

As software engineers, product managers, analysts, and political tech practitioners, we’ve long leveraged tools that use predictive analytics and automation. As software engineers, our jobs would be exceedingly tedious without it. Our code editors have performed text prediction and offered guidance, all built by self-learning algorithms for many years. And political analysts have relied on machine learning algorithms to help us write persuasive communications to voters.

While the advancements we’ve seen in the past few months in generative AI are exciting, CTA remains cautiously optimistic about the future of AI and its implications for political tech. In our work at CTA, we foremost think about the privacy, security, and reliability of the data we hold for our partners. There are many open legal and ethical questions about the ownership of data produced by generative AI, and we have significant concerns about the privacy of data input into AI systems.

As a result, we’ve asked our team to be extremely judicious in their usage of AI systems and to treat them as they would any other Internet-based service: We would never provide private CTA or partner data to any service, so we won’t provide it to Google Bard, OpenAI ChatGPT, Microsoft’s GitHub Copilot, or any future AI platform.

We’re excited to see the innovative work of our partners in the political tech space, and we hope to see responsible usage of new platforms that balance innovation with the supreme responsibility all of us have to protect progressive organizations’ tactics, strategies, and most importantly, American voters’ private data.

Here’s a summary of what we’re asking of ourselves and our team:

1. Be secure. First and foremost, protect CTA’s privacy and the privacy of our partners.
2. Be curious, but cautious. Feel free to investigate whether generative AI can be helpful — i.e. in starting a short python script — but be cautious in just copy-and-pasting! Just like you wouldn’t use something from Google, StackOverflow, or Wikipedia without critical thinking, don’t mindlessly believe everything AI tells you.
3. Be transparent. Share internally what’s been helpful and what’s not helpful so others can learn and so that we, as an organization, can smartly maintain an up-to-date understanding of the opportunities and threats AI presents.

If you have questions about our approach, don’t hesitate to reach out to help@techallies.org.

Notes from BenDesk*

*Ben is our resident ZenDesk captain and manager of all help@ inquiries. We’re bringing you interesting inquiries from his inbox each month to help share learnings across our community.

Question of the Month: Can I give access to data from another PAD BigQuery project without allowing users to access the source project itself?

BenDesk Answer: For use cases where you may want to base a view in one PAD BigQuery project off a table in another PAD BigQuery project, authorized datasets and views are a great option.

With authorized datasets and views, you can give users in one project access to data from another project, without having to provide them with access to the source project. For example, if you have data in Project A and you want to allow users in Project B to see the data, you can use authorized datasets and views to grant them access to the data, without giving them access to the entirety of Project A. That will allow them to access the data through Project B with their standard permissions.

You also have the option to authorize tables within a dataset to be used in another project or individual views. We recommend authorizing the dataset where possible as it’s faster! To authorize, start by creating a dataset or view in Project B — the project your users are currently in — with your data. Then go into Project A — the project the data you want to share is located — and authorize the dataset or individual view in Project B.

For a step-by-step guide on authorizing datasets and views, check out our article on NotePAD here!

What We’re Reading:

• Office of Historical Corrections by Danielle Evans: A collection of short stories and a novella — each story is like a gut punch, but in a good way!
• Sooner or Later Everything Falls into the Sea by Sarah Pinsker: A collection of short stories that are all quirky and weird and sci-fi/fantasy themed, but also somehow super relatable.
• Romantic Comedy by Curtis Sittenfeld: If a love story between a writer for SNL and Hozier happened during peak quarantine…you would have this book.