Bruce Schneier Sounds The Alarm: If You're Worried About Russians Hacking, Maybe Help Fix Voting Machine Security

from the wake-up-call dept

But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified. We no longer have time for that. We must ignore the machine manufacturers’ spurious claims of security, create tiger teams to test the machines’ and systems’ resistance to attack, drastically increase their cyber-defenses and take them offline if we can’t guarantee their security online. Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails, and no Internet voting. I know it’s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

We've been writing about the lack of security (and accountability) in electronic voting machines almost since Techdirt began. Our very first post on the subject, way back in 2000, declared that e-voting is not safe . Of course, over the years, we've seen more and more examples of this, from the Diebold debacle to Sequoia's security disaster . Basically e-voting is a complete clusterfuck. The machines have long been easily hackable, and the companies behind them don't really seem to care much. They frequently don't do common security practices, such as allowing for outside testing of their machines (or, even better, open sourcing their code for security testing). Instead, it's a big "trust us" and any time security researchers have gotten their hands on these things, they've discovered that the trust is totally and completely misplaced. The machines are a disaster.Along the way, this has created significant distrust among the electorate. Not an election goes by where we don't see someone accuse the election of having been "rigged" in some manner or another, with people pointing to the insecure voting machines as the mechanism. While nothing nefarious has been, just the fact that this has created massive levels of distrust in one of the basic practices necessary for democracy to work is concerning.Now, combine this with the ongoing claims of Russia hacking the DNC's computer systems (which some experts are still disputing). Whether or not it's true, Bruce Schneier is noting that this should be a very loud wakeup call for fixing the security of voting machines As he notes, "election security is now a national security issue," but it doesn't seem like anyone in the political realm has realized this yet. Hopefully, it doesn't take the discovery of a hacked election to make the point clear.

Filed Under: bruce schneier, e-voting, elections, electronic voting, hacking, security