Voting security expert Matt Blaze has delivered devastating broadsides against this nonsense, publicly saying again and again and again that blockchain has no place in voting security today. As CSO has previously reported, online voting is impossible to secure. Yet few proposals to secure electronic voting are easier to expose as complete nonsense than the idea of online voting, even when potioned by the magic blockchain spell. As soon as we hear the magic incantation - "abracadabra, BLOCKCHAIN!" - an astonishing number of faith healers leap from the woodwork and start doing their medicine man crypto bruh dance, assuring us with great fervor that blockchain will be our salvation, the balm to heal all wounds, the future, hope. The right mental attitude toward voting securityĬonsider first the optimistic froth around blockchain-based online voting. Nothing better illustrates the dangers of both security nihilism and unwarranted optimism than the state of voting security. Nevertheless, I don't stay awake at night obsessing over unlikely threats or threats I cannot defend against. But if someone with a battering ram, explosives, or a talented black bag team want to get into my apartment, I know that I can't prevent intrusion by those kinds of attackers. I trust that the lock on the front door to my apartment is good enough to withstand all but the most determined attacks. Mitigations that improve, but by definition do not perfect, security are worth nothing if we are not able to calibrate our trust to the level of security they provide. We feel the tug of these two extremes, too, do we not? "Everything is broken, we're doomed, we're hacked, hacked I tell ya!" With bulging eyes as the camera pans down a rain-swept street with goons smoking cigarettes in dark doorways, waiting to pounce. Yes, share this article with your less-technical colleagues. Security nihilism: Nietzsche would be proud Security people know this condition well. In their continued ignorance, the panic has subsided to despairing numbness, followed by weary resignation, followed by hopelessness and despair. Suddenly, a large number of people became aware of security issues and freaked out. We see this with the abrupt jolt to our republic's spine during the 2016 presidential election. Unreasonable optimism eventually gives way to panic and hysteria, and leads to defeatism. Not to mention a sure-fire way to insult the nerds who not only know better, but who you want to do your bidding. Making policy and governing based on the stern admonishment to nerds to "nerd harder" is a disaster waiting to happen. Perfect security is impossible, and good security is very hard. This is a toxic attitude, especially for policy makers in government. “Fix your fiddly computer thingumabobbers already. “We put a man on the moon, for crying out loud,” people say. Let me punch this straw man: "Nerds, nerd harder!" Yet for all the caricature that represents, there is a grain of truth. The extreme of unreasonable optimism afflicts those blissfully ignorant of information security issues.
0 Comments
Leave a Reply. |