The challenge in the information security field today does not usually lie in the transmission; instead, it lies in securing the end points. There is a lot of mainstream press about Switzerland’s approach to securing their electronic elections by using quantum cryptography.  Most of the press touts the Swiss’ decision to "use ‘unbreakable’ encryption method in upcoming elections" as the solution to all of the recent woes in securing electronic elections.  The Swiss will use individual particles of light — or quantum technology — to encrypt election results as they are sent for central processing.

That sounds great, and many of the news stories seem to suggest that the Swiss have found the silver bullet to having secure elections. This cannot be further from the truth and many of the news accounts are misleading at best.  What the Swiss did was to find another (fancy-sounding) way of transmitting data securely. But this is not what bothers security researchers and governments wishing to conduct electronic elections. It is not the transmission, it is the endpoints that are causing the most security breaches. There are various (and pretty decent) solutions for securing traffic - PGP, SSL, SSH, VPN - but few good solutions of securing the actual voting machine. In fact, by writing about the ‘unbreakable’ security of the Swiss voting, the press does a disservice to anybody but the folks who are trying (and maybe succeed) to penetrate a voting machine.

The Swiss should be given credit for trying to strengthen the transmission security. But the press should tell the whole story.

One Response to “Securing the Endpoints”

• S Richard 30October2007

  Here’s the link to the Schneier article - he is quite cynical about this story as well.

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>