Musing on California Secretary of State Deborah Bowen's effort to decide whether electronic voting machines are "secure," Bruce Schneier argues that giving the machines to computer experts to see whether they can break into them, then ordering particular fixes of the holes revealed by the test, is "completely backward." Better to demand from the get-go that companies convince those experts and hackers that their machines are designed for security. However profit concerns will always mean that companies prefer to skimp on the front end and scramble to fix on the back end. If they get away with it, this is cheaper than engineering in security against potential attacks.
Schneier then offers criteria that might lead to "assurance" -- the best we can do in a real world of determined human beings with imaginations -- to provide security when we need it. He follows with this interesting observation:
It seems to me that what we need is not only "assurance" but also a deep, society-wide conversation to discern what needs to be "secure," what needs to be "private," what needs to be "safe." Our technological capacities have outrun our understanding of those issues. We don't want to leave the shape of the future to markets, smart nerds, the occasional aspiring dictator, and chance.