In the ongoing debate over the security of e-voting machines, one thing has stood out. The e-voting companies continually insist that they shouldn't let security researchers examine their machines, often claiming that these well-respected researchers would simply hand over the details to other irresponsible parties. In other words, they were basically admitting that their machines weren't secure, but were hoping that security-by-obscurity would protect them. Unfortunately, security-by-obscurity rarely works -- because the obscurity is never quite as obscure as people hope. It appears that a Princeton professor was able to get his hands on five e-voting machines from Sequoia by bidding $82 in a government surplus auction. He's now examining the machines, and while he says they appear more secure than Diebold's machines, there are still problems with them. Sequoia has responded that it doesn't matter, because any machine that was tampered with would have obviously broken seals. Unfortunately for Sequoia, it's already been pointed out that such seals are easily removed and replaced without anyone noticing, and it seems to happen quite often. However, the bigger point, that Sequoia seems to be ignoring, is that by relying on a security-by-obscurity policy, e-voting companies are assuming that no one with malicious intent would ever get their hands on these machines to inspect them. However, if all it takes is $82 from a government surplus auction (for five of the machines) it seems pretty clear that anyone who wants to examine these machines for vulnerabilities (for either good or bad purposes) can easily get their hands on one. That knocks out the obscurity -- and, with it, whatever "security" that came with it.
If you liked this post, you may also be interested in...
- Lightning Strikes Twice: Wannabe Murderer Butt-Dials His Almost-Victim
- Companies Developing Crowd Analysis Programs To Detect 'Abnormalities' In Behavior And Match Faces Against Giant Databases
- Facebook Needs To Learn It Can't Teach Tolerance By Acting As An Overzealous Censor
- Microsoft To Encrypt Data Center Links; Says NSA Hacking Would Be Unconstitutional
- EasyDNS Continues To Fight Bogus Website Seizures By City Of London Police After Verisign Issues 'No Decision'