Schneier on Voting Machine Security


I asked security guru Bruce Schneier about those troublesome voting machines and the mindset that foists them upon us.

Schneier: The security of voting machines points to two big issues. The first one is that security is actually very hard. People think technology magically makes security worries a thing of the past, but it's just not true. Security is very hard and very subtle.
These voting machine companies were no better than any other software, or hardware, computer company we've seen in the past few years. They did a really lousy job. And because the systems were proprietary, because the companies had a vested interest in keeping the flaws secret, the public didn't know about them. So we have this problem of insecure voting machines.
The other thing it points to is the need to have backup systems that work. When you have an insecure system, or a system that could be insecure, the way you make it secure is often not by spending the huge amounts of money to secure the system, but having secure backup procedures, or secure procedures around the system. And that's why people who understand computer security call for voter verifiable paper trails. No matter what the machine is, what it does, whether it works or not, whether it's hackable or not, it's got a paper back up to fall back on if something happens.
Another issue with voting is that we only do it every other year. An ATM system gets used millions or thousands of times a day, every day, so problems are found and fixed. Voting, we forget about it, so it's much harder to build up any institutional knowledge of how to do it. People come to the voting booths, and the machines are different this year. They've never been taught, they've never been trained, the poll workers have different machines, there isn't the familiarity they get with a VCR.

Know It All: ATMs and gas pumps seem pretty secure. Are there institutional reasons that the government seems get this stuff so wrong so often?

Schneier: There are a couple of reasons that things like automatic teller machines and gas pumps are more secure. The first one is, there's money involved. If someone hacks an ATM, the bank loses money. The bank has a financial interest in making those ATMs secure. If someone hacks a voting machine, nobody loses money. In fact, half the country is happy with the result. So it's much harder to get the economic incentives aligned.
The other issue about voting machines is that ballots are secret. A lot of the security in computerized financial systems is based on audits, based on being able to unravel a transaction. If you go to an ATM and you push a bunch of buttons and you get out ten times the cash you were supposed to, that's a mistake, but that mistake will be caught in audit, and likely, you will be figured out as the person who got the money by accident, and it will be taken out of your account. Because ballots are secret, a lot of the auditing tools that we in the community have developed for financial systems don't apply.
I had a long, interesting talk with Schneier, during which we touched on everything from airport security (things are no more encouraging on that front than with voting machines) to IT culture. I'll post more of that interview here in the days ahead, and an edited version of the full thing will appear in an upcoming print edition of the magazine.

Info here on his latest book, Schneier on Security.