He goes on to say,
While this is a good effort, it has security completely backward. It begins with a presumption of security: If there are no known vulnerabilities, the system must be secure. If there is a vulnerability, then once it’s fixed, the system is again secure. How anyone comes to this presumption is a mystery to me. Is there any version of any operating system anywhere where the last security bug was found and fixed? Is there a major piece of software anywhere that has been, and continues to be, vulnerability free?
…It’s all backward. Insecurity is the norm. If any system — whether a voting machine, operating system, database, badge-entry system, RFID passport system, etc. – is ever built completely vulnerability-free, it’ll be the first time in the history of mankind. It’s not a good bet…
Basically, [he continues] demonstrate that your system is secure, because I’m just not going to believe you otherwise…
Assurance [in security] is expensive, in terms of money and time for both the process and the documentation. But the NSA needs assurance for critical military systems; Boeing needs it for its avionics. And our government needs it more and more: for voting machines, for databases entrusted with our personal information, for electronic passports, for communication systems, for the computers and systems controlling our critical infrastructure. Assurance requirements should be common in IT [information technology] contracts, not rare. It’s time we stopped thinking backward and pretending that computers are secure until proven otherwise.
As Bev Harris wrote in Black Box Voting: Ballot Tampering in the 21st Century,
This is not a computer-programming problem. It is a procedural matter, and part of the procedure must involve keeping human beings, as many as possible, in control of our own voting system. Any computerized voting system that requires us to trust a few computer scientists and some corporate executives constitutes flawed public policy. It doesn’t matter whether they come up with perfect cryptographic techniques or invent smart cards so clever they can recognize us by sight. The real problem is that we’ve created a voting system controlled by someone else.
Add to that the vendors’ perfectly lousy track record, unsavory business practices, hiring of felons, the billions of tax dollars at stake, and the revolving door between elected officials and vendor lobbyists and the entire system lacks credibility.
It is not sound business practice to reward the very companies that have continually fallen far short of professional standards, and have sprinkled their actions liberally with shoddy products and missed deadlines. Do they deserve lucrative contracts for new machines to replace the old, broken systems that they sold us before with such fulsome promises? The time-honored concept of accountability must be revived, not cavalierly disregarded. In this instance, it seems that crime does pay.
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).
