Bruce Schneier Sounds The Alarm: If You're Worried About Russians Hacking, Maybe Help Fix Voting Machine Security
from the wake-up-call dept
We’ve been writing about the lack of security (and accountability) in electronic voting machines almost since Techdirt began. Our very first post on the subject, way back in 2000, declared that e-voting is not safe. Of course, over the years, we’ve seen more and more examples of this, from the Diebold debacle to Sequoia’s security disaster. Basically e-voting is a complete clusterfuck. The machines have long been easily hackable, and the companies behind them don’t really seem to care much. They frequently don’t do common security practices, such as allowing for outside testing of their machines (or, even better, open sourcing their code for security testing). Instead, it’s a big “trust us” and any time security researchers have gotten their hands on these things, they’ve discovered that the trust is totally and completely misplaced. The machines are a disaster.
Along the way, this has created significant distrust among the electorate. Not an election goes by where we don’t see someone accuse the election of having been “rigged” in some manner or another, with people pointing to the insecure voting machines as the mechanism. While nothing nefarious has been proven, just the fact that this has created massive levels of distrust in one of the basic practices necessary for democracy to work is concerning.
Now, combine this with the ongoing claims of Russia hacking the DNC’s computer systems (which some experts are still disputing). Whether or not it’s true, Bruce Schneier is noting that this should be a very loud wakeup call for fixing the security of voting machines:
But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.
We no longer have time for that. We must ignore the machine manufacturers? spurious claims of security, create tiger teams to test the machines? and systems? resistance to attack, drastically increase their cyber-defenses and take them offline if we can?t guarantee their security online.
Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails, and no Internet voting. I know it?s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.
As he notes, “election security is now a national security issue,” but it doesn’t seem like anyone in the political realm has realized this yet. Hopefully, it doesn’t take the discovery of a hacked election to make the point clear.