Sunday, December 10, 2006
Opinion: Preventive security is a farce
Opinion: Preventive security is a farce
Steve Duplessie
December 04, 2006 (Computerworld) Q: Why are we still having what seem like the same security issues? Where are the advancements and real solutions? -- X.Z., Wilmington, Del.
Warning: This column is a long, political rant.
A: Oh, no, my friend, it's not the same at all. It's worse. It's much, much worse. You are most likely referring to the fact that you still read about lost tapes in The Wall Street Journal, and you still get malicious viruses sent to you, and you still get outrageous amounts of spam even though you have 11 filters and an armed guard. Preventive security is still a farce in my opinion, and, sorry to say, the ultimate end is going to be that you will never prevent bad people from doing bad things, or good people from doing dumb things, or accidents from happening. All you can hope to do is minimize the damage, and that will inevitably end up meaning you will encrypt everything, all the time. I know, I know. What about the keys? Yeah, yeah, yeah. Deal with it. Ultimately, there is no other way.
Now, having said that, let me tell you something more horrific than the fact that last year my good friends at Marriott lost my personal data (see "When data goes missing: will you even know ") and two weeks later, The Boston Globe not only lost my information, it printed it in hard copy and distributed it across the great state of Massachusetts, apparently.
Democracy itself is being decimated, one hacked bit at a time.
Like many of you, I am smashed in the head with so many sensory inputs daily that I can't possibly comprehend the magnitude of most events. I live in an ADD haze where the fact that thousands of people die every day in wars around the globe and genocide still occurs gets the same nonattention as the cute little puppy left homeless after a local fire or which team won the football game. I think about security and data and privacy and ethics as isolated elements, as singular events designed at the hands of some poor slob or evil-doer with a small-minded mission, like stealing my money. Then I stumbled upon an HBO documentary (via OnDemand) calledHacking Democracy.
This may sound like some political rambling for a few minutes, but bear with me. I'm as capitalistic and conservative as a centrist can be. As a matter of fact, I'm a Republican living in Massachusetts, which makes me the political equivalent of a panda -- odd, interesting to look at, the brunt of many debates and not very threatening since we all know neither of us is going to aggressively attack anyone.
The basis of democracy is that everyone gets the right (and duty, in my opinion) to vote. One person, one vote. You don't like how things are going? You have the right to cast your ballot and try to change it. Granted, most Americans complain and yet don't vote, but they could if they wanted to. We can even vote for complete nitwits, as it is our right. Silly, idealistic me grew up believing this fundamental principle, and believing that all other things I hold dear about the democratic process and all its warts are based upon this one basic principle. It never dawned on me that someone would hijack the process.
Sure, we know that a person could make a "mistake" counting votes. We know that sometimes things get lost -- but only at a small, local level, right? I mean, please, if there are lots of votes to count, we use computers. Counting things is what computers do, isn't it? Haven't we been able to use a computer to tabulate basic math functions since, well, the invention of computers? Wasn't the first computing machine an automated abacus? Of all the problems yet to solve with computers, counting isn't one of them. We did that already. Or so I thought.
A vote-counting computer is the gizmo you use to either vote directly on, if it is a touch screen, or you have your ballot placed into and read, if it's an optical character recognition type. Either way, all that baby has to do is add up how many voters checked Box 1, and how many checked Box 2. That's it. My 12-year-old could program it.
Because we like to believe in higher-level constructs like truth and justice, we sort of just assumed that a) the voting tabulators, a.k.a. dumbed-down calculators (requiring approximately 4% of the functionality of a 69-cent device available in 99% of all electronic products everywhere in the world) could add, and b) the integrity of those machines (i.e., the security of those machines) would be ironclad. Sure, some could be compromised locally, but the checks and balances associated with such a simple process would have to be impossible to overcome, right?
Bam! Smashed in the mouth with reality. I'm not that smart, but here's how I would have assumed such devices might operate:
The magic voting tabulator would have a hardened OS that was entirely self-contained. It would not accept any field changes -- ever. Since all it has to do is add, the program would have been locked down since about 1972. Of course, there would be independent auditors who validate the machine code, create tests to run, and certify the integrity of the machines - that work for the people, by the people. Once the box is "enabled" (i.e., ready to accept votes when the polls open), any physical activity would trigger a tampering fault, and the system would shut down. All the data that had been read thus far would have already been either pushed out to the next level tabulator -- with no data being kept on the collection device itself -- over an encrypted proprietary link. There would be no bidirectional communication allowed: only one way out.
I'm fairly confident I could start a company and deliver the above specified devices without leaving my home and be able to make a tidy profit selling said devices for roughly $200 each. I'm also confident that if my 12-year-old couldn't program it, there's some other neighborhood kid who can. I'd let the guys who keep the nuke codes be the ones who are in charge of verifying the integrity of the system -- or maybe even better, the guys who keep the Oscar winners a secret. Make it a federal crime with the penalty of death for tampering with the voting process. I'd vote for that.
Apparently, I've been drinking the wrong Kool-Aid again. HBO uncovered the ugly truth behind the uglier process. Actually, a grandmother in Seattle did and brought HBO along for the ride. The story is scarier than Hostel and all three Saw movies combined.
This nice Seattle lady, Bev Harris, wondered why her district went from the old fill-in-the-oval ballots to touch screens. She didn't like the answers, so she started snooping around on the Internet. During her homework, she stumbled upon an FTP site from voting machine market leader Diebold. The FTP site contained all the source code for the voting machines. Up until that time, the world was told that source on such devices was completely secure, impenetrable and bulletproof. It was B.S.
She took the source to a few security gurus, who were able to hack the code and make it do whatever they wanted in about 10 seconds. They could make it output any result they wanted, regardless of the input. The Diebold machines used a removable disk that kept the tabulated data. That disk and all the others were then physically removed and inserted into the aggregation machine, which added up all the subvotes, declaring a winner. While the company boldface-lied to everyone and anyone, insisting the system was impenetrable, Bev and one honest guy who ran a voting district in Florida and smelled a rat proved that they could put a hacked executable on these disks and upload the hack with no problem -- and it takes only one machine to screw up an entire election.
The CEO of Diebold was portrayed as the cheesiest, smarmiest liar I've ever seen. The company spokesman/stooge was a "marketing director," which means there was no way any VP type was going to put his name on this titanic debacle. The poor guy reminded me of Tariq Aziz and Lee Anne McBride combined. (Tariq was Saddam's spinmaster during the first Gulf War, and I loved how this guy could say things like, "We are depleting the enemy of their critical armaments and are assured of victory within hours.") Lee Anne is Dick Cheney's spinmaster. She told us about the unfortunate accident where Dick shot his pal in the head with a shotgun on a very dangerous quail hunting trip.
Diebold's CEO and its spokesman lied to everyone from Congress to me. They did so without any consideration of the facts that stared them in the face. They actually said that Harris stole the source code. It was an awesome display of ethical devolution combined with outright ineptitude. At least Bernie Ebbers and Ken Lay were smart dirtballs. These guys are buffoons.
So it was completely and absolutely proven that the Diebold voting machines had security flaws you could sail an ocean liner through. (For the record, there are two other companies that make this stuff, but I can't remember their names, and they weren't implicated as dirtbags in this documentary.) It was also exposed that they charge huge money for these easily hackable calculators. One district paid $20,000,000 for a bunch of the bad boxes. Absurdity at its finest.
We are, after all, the country that elected Marion Barry back to office even after he was videotaped smoking crack. Democracy in action. The HBO program spent a lot of time showing how Republicans were benefiting by the scam, but the security issue affects all parties and peoples. It did do a nice job of showing how one district in Florida had its machines so wonderfully hacked that not only did Bush kick butt vs. Gore, but Gore actually received negative 16,000 votes. True story.
So, I'm sorry about the political, do-gooder rant. Security matters, and we aren't doing enough about it. It's not about technology alone; it's about policy and process. Presidential candidate Sen. John Kerry knew that in New Mexico, overwhelmingly Democratic districts reporting overwhelmingly Democratic outcomes in the exit polling were reporting Republican victories. He knew, and he did nothing. Worse, by conceding the race under the auspices of saving the belief in the system, there was no legal way to launch an official inquiry. There were people ready to go.
As long as people tolerate security botches, they will occur. As long as greed or power or lunacy is accepted as a reason for leaving a back door open for the ethically challenged, they will enter. As long as our system rewards dirtbags by allowing them to build junk and sell it for a ton, they will. Am I really to believe that IBM couldn't build these things? I don't even want to think about the ATMs these guys make. Stealing my ID sucks; stealing democracy violates every principle I thought I had.
Steve Duplessie
December 04, 2006 (Computerworld) Q: Why are we still having what seem like the same security issues? Where are the advancements and real solutions? -- X.Z., Wilmington, Del.
Warning: This column is a long, political rant.
A: Oh, no, my friend, it's not the same at all. It's worse. It's much, much worse. You are most likely referring to the fact that you still read about lost tapes in The Wall Street Journal, and you still get malicious viruses sent to you, and you still get outrageous amounts of spam even though you have 11 filters and an armed guard. Preventive security is still a farce in my opinion, and, sorry to say, the ultimate end is going to be that you will never prevent bad people from doing bad things, or good people from doing dumb things, or accidents from happening. All you can hope to do is minimize the damage, and that will inevitably end up meaning you will encrypt everything, all the time. I know, I know. What about the keys? Yeah, yeah, yeah. Deal with it. Ultimately, there is no other way.
Now, having said that, let me tell you something more horrific than the fact that last year my good friends at Marriott lost my personal data (see "When data goes missing: will you even know ") and two weeks later, The Boston Globe not only lost my information, it printed it in hard copy and distributed it across the great state of Massachusetts, apparently.
Democracy itself is being decimated, one hacked bit at a time.
Like many of you, I am smashed in the head with so many sensory inputs daily that I can't possibly comprehend the magnitude of most events. I live in an ADD haze where the fact that thousands of people die every day in wars around the globe and genocide still occurs gets the same nonattention as the cute little puppy left homeless after a local fire or which team won the football game. I think about security and data and privacy and ethics as isolated elements, as singular events designed at the hands of some poor slob or evil-doer with a small-minded mission, like stealing my money. Then I stumbled upon an HBO documentary (via OnDemand) calledHacking Democracy.
This may sound like some political rambling for a few minutes, but bear with me. I'm as capitalistic and conservative as a centrist can be. As a matter of fact, I'm a Republican living in Massachusetts, which makes me the political equivalent of a panda -- odd, interesting to look at, the brunt of many debates and not very threatening since we all know neither of us is going to aggressively attack anyone.
The basis of democracy is that everyone gets the right (and duty, in my opinion) to vote. One person, one vote. You don't like how things are going? You have the right to cast your ballot and try to change it. Granted, most Americans complain and yet don't vote, but they could if they wanted to. We can even vote for complete nitwits, as it is our right. Silly, idealistic me grew up believing this fundamental principle, and believing that all other things I hold dear about the democratic process and all its warts are based upon this one basic principle. It never dawned on me that someone would hijack the process.
Sure, we know that a person could make a "mistake" counting votes. We know that sometimes things get lost -- but only at a small, local level, right? I mean, please, if there are lots of votes to count, we use computers. Counting things is what computers do, isn't it? Haven't we been able to use a computer to tabulate basic math functions since, well, the invention of computers? Wasn't the first computing machine an automated abacus? Of all the problems yet to solve with computers, counting isn't one of them. We did that already. Or so I thought.
A vote-counting computer is the gizmo you use to either vote directly on, if it is a touch screen, or you have your ballot placed into and read, if it's an optical character recognition type. Either way, all that baby has to do is add up how many voters checked Box 1, and how many checked Box 2. That's it. My 12-year-old could program it.
Because we like to believe in higher-level constructs like truth and justice, we sort of just assumed that a) the voting tabulators, a.k.a. dumbed-down calculators (requiring approximately 4% of the functionality of a 69-cent device available in 99% of all electronic products everywhere in the world) could add, and b) the integrity of those machines (i.e., the security of those machines) would be ironclad. Sure, some could be compromised locally, but the checks and balances associated with such a simple process would have to be impossible to overcome, right?
Bam! Smashed in the mouth with reality. I'm not that smart, but here's how I would have assumed such devices might operate:
The magic voting tabulator would have a hardened OS that was entirely self-contained. It would not accept any field changes -- ever. Since all it has to do is add, the program would have been locked down since about 1972. Of course, there would be independent auditors who validate the machine code, create tests to run, and certify the integrity of the machines - that work for the people, by the people. Once the box is "enabled" (i.e., ready to accept votes when the polls open), any physical activity would trigger a tampering fault, and the system would shut down. All the data that had been read thus far would have already been either pushed out to the next level tabulator -- with no data being kept on the collection device itself -- over an encrypted proprietary link. There would be no bidirectional communication allowed: only one way out.
I'm fairly confident I could start a company and deliver the above specified devices without leaving my home and be able to make a tidy profit selling said devices for roughly $200 each. I'm also confident that if my 12-year-old couldn't program it, there's some other neighborhood kid who can. I'd let the guys who keep the nuke codes be the ones who are in charge of verifying the integrity of the system -- or maybe even better, the guys who keep the Oscar winners a secret. Make it a federal crime with the penalty of death for tampering with the voting process. I'd vote for that.
Apparently, I've been drinking the wrong Kool-Aid again. HBO uncovered the ugly truth behind the uglier process. Actually, a grandmother in Seattle did and brought HBO along for the ride. The story is scarier than Hostel and all three Saw movies combined.
This nice Seattle lady, Bev Harris, wondered why her district went from the old fill-in-the-oval ballots to touch screens. She didn't like the answers, so she started snooping around on the Internet. During her homework, she stumbled upon an FTP site from voting machine market leader Diebold. The FTP site contained all the source code for the voting machines. Up until that time, the world was told that source on such devices was completely secure, impenetrable and bulletproof. It was B.S.
She took the source to a few security gurus, who were able to hack the code and make it do whatever they wanted in about 10 seconds. They could make it output any result they wanted, regardless of the input. The Diebold machines used a removable disk that kept the tabulated data. That disk and all the others were then physically removed and inserted into the aggregation machine, which added up all the subvotes, declaring a winner. While the company boldface-lied to everyone and anyone, insisting the system was impenetrable, Bev and one honest guy who ran a voting district in Florida and smelled a rat proved that they could put a hacked executable on these disks and upload the hack with no problem -- and it takes only one machine to screw up an entire election.
The CEO of Diebold was portrayed as the cheesiest, smarmiest liar I've ever seen. The company spokesman/stooge was a "marketing director," which means there was no way any VP type was going to put his name on this titanic debacle. The poor guy reminded me of Tariq Aziz and Lee Anne McBride combined. (Tariq was Saddam's spinmaster during the first Gulf War, and I loved how this guy could say things like, "We are depleting the enemy of their critical armaments and are assured of victory within hours.") Lee Anne is Dick Cheney's spinmaster. She told us about the unfortunate accident where Dick shot his pal in the head with a shotgun on a very dangerous quail hunting trip.
Diebold's CEO and its spokesman lied to everyone from Congress to me. They did so without any consideration of the facts that stared them in the face. They actually said that Harris stole the source code. It was an awesome display of ethical devolution combined with outright ineptitude. At least Bernie Ebbers and Ken Lay were smart dirtballs. These guys are buffoons.
So it was completely and absolutely proven that the Diebold voting machines had security flaws you could sail an ocean liner through. (For the record, there are two other companies that make this stuff, but I can't remember their names, and they weren't implicated as dirtbags in this documentary.) It was also exposed that they charge huge money for these easily hackable calculators. One district paid $20,000,000 for a bunch of the bad boxes. Absurdity at its finest.
We are, after all, the country that elected Marion Barry back to office even after he was videotaped smoking crack. Democracy in action. The HBO program spent a lot of time showing how Republicans were benefiting by the scam, but the security issue affects all parties and peoples. It did do a nice job of showing how one district in Florida had its machines so wonderfully hacked that not only did Bush kick butt vs. Gore, but Gore actually received negative 16,000 votes. True story.
So, I'm sorry about the political, do-gooder rant. Security matters, and we aren't doing enough about it. It's not about technology alone; it's about policy and process. Presidential candidate Sen. John Kerry knew that in New Mexico, overwhelmingly Democratic districts reporting overwhelmingly Democratic outcomes in the exit polling were reporting Republican victories. He knew, and he did nothing. Worse, by conceding the race under the auspices of saving the belief in the system, there was no legal way to launch an official inquiry. There were people ready to go.
As long as people tolerate security botches, they will occur. As long as greed or power or lunacy is accepted as a reason for leaving a back door open for the ethically challenged, they will enter. As long as our system rewards dirtbags by allowing them to build junk and sell it for a ton, they will. Am I really to believe that IBM couldn't build these things? I don't even want to think about the ATMs these guys make. Stealing my ID sucks; stealing democracy violates every principle I thought I had.
# posted by raveneye @ 9:27 PM 
