Benlog

crypto and public policy

Expect the Unexpected: Voting and Security

Filed under: Security & Crypto June 7, 2004 @ 3:07 pm

“You have to expect the unexpected. Of course, if you expect the unexpected, then it’s not really unexpected anymore. And that leaves you open and vulnerable to the truly unexpected.”
– Joe Blake, played by Bruce Willis in “Bandits”

Security is an intriguing field. While everyone else is trying to make things happen, security folks try to make sure things don’t happen: no one should be able to steal money from the bank, no stranger should be able to enter your home without your permission, no terrorist should be able to hijack an airplane.

Thus, when designing a security system, you have to expect the truly unexpected: chances are low that anyone will ever hijack another plane 9/11 style, because, though it was once unexpected, it’s now very much an expected threat. That’s why most security specialists shook their heads when the Transportation Safety Authority started checking every passenger’s shoes after the shoe-bomber of late 2001: instead of focusing on new, completely unexpected attacks, airline security focused on past – and now expected – attacks. That may make people feel safer (and certainly I’m not trying to minimize the importance of that goal), but it almost certainly doesn’t actually make flying safer.

Project management – even when focused on risk management – is a different story. The general approach is to work from experience: if a snag occurred in the past, it will probably happen again. If it unexpectedly takes 10 days to get the right type of flowers delivered, a wedding planner will make sure to order the flowers in advance the next time around. You start to expect the unexpected. Soon enough, the unexpected becomes the expected: you’ve learned from experience, and you know everything there is to expect. In fact, you try not to waste too much time with the truly unexpected that experience taught you to ignore. A bride might wonder “what if the church roof collapses?” but an experienced wedding planner will smile and reassure her: it’s never happpened before, what’s the chance it’s going to happen this time?

These points are incredibly relevant to elections and the recent dilemma surrounding touch-screen voting machines without audit trails. While a number of computer scientists have been shouting from the rooftops that these machines will be the doom of our democracy, election officials claim the computer scientists “just don’t get it.”

This shouldn’t be surprising. On the one hand, an election is an incredibly complex operation, where all sorts of details need to come together in a single day. Not unlike a wedding. On the other hand, a completely unprecedented fraud technique cannot be ruled out, because the motivation for fraud is large: influencing a US presidential election is certainly worth hundreds of millions of dollars, if not billions. In other words, if the bride is the daughter of a sitting US President, you do have to worry about the roof collapsing because of malicious intent.

Election officials are project managers. They spend their time making sure people can attend the wedding and have a pleasant time. So when computer scientists knock on their door claiming the roof might cave in, they answer: “why? It’s never happened before.” And certainly, they’re not wrong. And neither are the computer scientists.

What we have here is a failure to communicate. Computer scientists need to frame their points in a more reasonable setting, with practical examples. And election officials need an education in security so they can learn to expect the truly unexpected. Each needs to see the situation from the other’s point of view. Maybe a bit of marriage counseling is in order.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.