Excellent article on the difficulties of preventing insider fraud in the Wall Street Journal, except that the title, Thwarting an Internal Hacker, may be a bit optimistic, compared to the details in the article: <read>
In the end, systems will always have trusted people who can subvert them. It’s important to keep in mind that incidents like this don’t happen very often; that most people are honest and honorable. Security is very much designed to protect against the dishonest minority
In the online article there is a very good list of articles and past problems with electronic voting systems. Each word points to a separate article:
Replacing trusted people with computers doesn’t make the problem go away; it just moves it around and makes it even more complex. The computer, software, and network designers, implementers, coders, installers, maintainers, etc. are all trusted people. See any analysis of the security of electronic voting machines, or some of the frauds perpetrated against computerized gambling machines, for some graphic examples of the risks inherent in replacing people with computers.
The heart of the article is a list:
There are five basic techniques to deal with trusted people:
1. Limit the number of trusted people…
2. Ensure that trusted people are also trustworthy…
3. Limit the amount of trust each person has…
4. Give people overlapping spheres of trust. This is compartmentalization; the idea here is to limit the amount of damage a person can do if he ends up not being trustworthy. This is the concept behind giving people keys that only unlock their office or passwords that only unlock their account, as well as “need to know” and other levels of security clearance…
5. Detect breaches of trust after the fact and prosecute the guilty… This is why audit is so vital.
Our challenge in Connecticut is to protect our optical scanners in 169 towns where expertise is scarce, most officials are very part time, and separation with overlap of duties is challenging and expensive. As the Coalition reports have shown, even protecting ballots with a credible chain-of-custody is yet to be accomplished.
Less challenging to overcome, yet still in place, is our dependence on our vendor LHS for programming of all our memory cards before each election – just the type of vulnerablity that provides an opening for insider fraud.
