Swiss armored cars and voting
Gene Spafford has been widely quoted as saying "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench."
It seems that someone in Switzerland isn't satisfied with an armored car, and is now using an infantry division to deliver the votes from the voting machines to a central voting registry (see, for example, coverage in Computerworld and Network World).
There are three problems with what they've done:
(1) It's solving the wrong problem.
(2) It's solving the wrong problem.
(3) It's solving the wrong problem.
The first problem it's not solving are that the end-of-day vote tallies don't actually need to be protected from prying eyes - they're public information. So while they need to be digitally signed to prevent tampering, quantum cryptography isn't needed.
The second problem it's not solving is that existing cryptography (whether for protecting the data from prying eyes - confidentiality - or protecting against tampering - integrity) is more than adequate for voting data. As a friend of mine says, raising the tall pickets on a security fence doesn't make the fence stronger; the attacker goes over the lower pickets or goes around the end of the fence.
The third problem it's not solving is that the weak point in modern voting systems isn't cryptography - it's bugs, whether accidental or intentional. A system that uses cryptography such as is being used in Switzerland can be attacked just as easily as one without cryptography. And in fact, there are advantages to the attacker - as there's no way to eavesdrop on the quantum cryptography, it's impossible to build systems that detect and stop attacks.
A great publicity stunt for the fans of quantum cryptography. As David Wagner from UC Berkeley says, quantum cryptography is “a way to hoodwink companies with too much money into paying $50k or $100k for a box that doesn't solve a problem they don't have.”
It seems that someone in Switzerland isn't satisfied with an armored car, and is now using an infantry division to deliver the votes from the voting machines to a central voting registry (see, for example, coverage in Computerworld and Network World).
There are three problems with what they've done:
(1) It's solving the wrong problem.
(2) It's solving the wrong problem.
(3) It's solving the wrong problem.
The first problem it's not solving are that the end-of-day vote tallies don't actually need to be protected from prying eyes - they're public information. So while they need to be digitally signed to prevent tampering, quantum cryptography isn't needed.
The second problem it's not solving is that existing cryptography (whether for protecting the data from prying eyes - confidentiality - or protecting against tampering - integrity) is more than adequate for voting data. As a friend of mine says, raising the tall pickets on a security fence doesn't make the fence stronger; the attacker goes over the lower pickets or goes around the end of the fence.
The third problem it's not solving is that the weak point in modern voting systems isn't cryptography - it's bugs, whether accidental or intentional. A system that uses cryptography such as is being used in Switzerland can be attacked just as easily as one without cryptography. And in fact, there are advantages to the attacker - as there's no way to eavesdrop on the quantum cryptography, it's impossible to build systems that detect and stop attacks.
A great publicity stunt for the fans of quantum cryptography. As David Wagner from UC Berkeley says, quantum cryptography is “a way to hoodwink companies with too much money into paying $50k or $100k for a box that doesn't solve a problem they don't have.”
posted by Jeremy at
9:48 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home