- FTC targets prerecorded telemarketing drivel
- 16 hot roles for IT pros
- Securing SSLVPN with client certificates
- 13 desktop-virtualization tools
- 10 must-have virtualization tools
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
'Tis the season for being drowned in political commentary and ads. It's been a very long season indeed, and it's not over yet by a long shot.
Along with the surfeit of political commentators and more-than-daily polls (each of which comes up with a different truth) there has been an undercurrent of mistrust when it comes to the voting mechanisms many people use. The worry is that the voting machines themselves could have a deciding impact on the election in some cases.
I suppose some of you might wonder why I should take the time to write about this topic again, because so little has changed in the four years I've been commenting on it. While there may be no fundamental change that can be seen, there have been enough changes in degree that I guess it's time to revisit the mess.
There has been a minor change in official attitudes about the suitability of the current generation of electronic voting systems.
While too often local election officials seem to turn a blind eye to any problems -- perhaps preferring pilfered elections to any admission of a mistake -- state- and federal-level officials now are worrying more frequently about making sure that people's votes are accurately counted. For example, the secretaries of state in Colorado and California have decertified all of their current batch of electronic voting machines because of worries about hackability, accuracy and reliability. The state of Ohio undertook an extensive (and expensive) review of electronic voting machines and found serious problems with them. Similar issues were found by a study undertaken by the state of California.
Both reports, along with a number of others, show that the companies building these systems apparently are incapable of learning anything about security. If someone wanted to do a case study in how to not build security into a computer-based system, he or she would have plenty of real-world examples in the electronic-voting-machine industry.
In addition to many technology-related issues related to what seems to be an extraordinarily poor understanding of standard, basic, computer-security practices (for example, the use of virus checkers), many problems have been found with these companies' understanding of common-sense organizational or physical-security practices. For example, one manufacturer decided to put a lock on all its machines -- I guess to prevent unauthorized people from accessing the physical system -- but then negated the value of doing so by using the same key in all its devices and publishing a picture of the key on its Web site.
The election bombardment of attack ads and clueless commentary is quite depressing, but equally depressing is the vision of technology vendors adamantly ignoring years of many people detailing the security issues with their products. I hope this is mostly an isolated case, and other types of vendors actually listen to comments on security issues and try to fix problems.
Disclaimer: Harvard is in the business of learning. From what I can see, these vendors would not make good students, but the university has expressed no opinion on their inability to learn, so the above is my observation.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comments (3)
In praise of Ye Olde PaperBy Jeff Helm on January 10, 2008, 8:27 pmI agree completely with the sentiment that paper ballots are the best tool to preserve or restore public trust in elections. What are election boards now demanding...
Reply | Read entire comment
The Solutions ExistBy Rick on January 9, 2008, 1:28 pmWhile the vendors have failed on even the most basic of security tasks the academic community has come up with several clever solutions to voting problems. I urge...
Reply | Read entire comment
RE: Election (including security) madnessBy Tidalcreek on January 8, 2008, 2:56 pmWith the number and complexity of problems with voting machines there are no quick and easy solutions. There is a slow, painstaking but ultimately trustworthy solution...
Reply | Read entire comment
View all comments