Musing on California Secretary of State Deborah Bowen's effort to decide whether electronic voting machines are "secure," Bruce Schneier argues that giving the machines to computer experts to see whether they can break into them, then ordering particular fixes of the holes revealed by the test, is "completely backward." Better to demand from the get-go that companies convince those experts and hackers that their machines are designed for security. However profit concerns will always mean that companies prefer to skimp on the front end and scramble to fix on the back end. If they get away with it, this is cheaper than engineering in security against potential attacks.
Schneier then offers criteria that might lead to "assurance" -- the best we can do in a real world of determined human beings with imaginations -- to provide security when we need it. He follows with this interesting observation:
It seems to me that what we need is not only "assurance" but also a deep, society-wide conversation to discern what needs to be "secure," what needs to be "private," what needs to be "safe." Our technological capacities have outrun our understanding of those issues. We don't want to leave the shape of the future to markets, smart nerds, the occasional aspiring dictator, and chance.Assurance is expensive, in terms of money and time for both the process and the documentation. But the NSA needs assurance for critical military systems; Boeing needs it for its avionics. And the government needs it more and more: for voting machines, for databases entrusted with our personal information, for electronic passports, for communications systems, for the computers and systems controlling our critical infrastructure.
No comments:
Post a Comment