So let's say you make a voting machine that is readily hackable given access to a memory card... wouldn't you think that the lock to said memory card should at least be secure? Apparently Diebold doesn't. It turns out that the voting machines use standard filing cabinet locks - so someone wanting to put corrupt code on a voting machine could do so with keys easily purchased from the Internet or in the homes/offices of many people. So, do people still think a paper trail is unnecessary? Using such a standard key doesn't provide much security, but it does allow Diebold to assert that their design uses a lock and key. Experts will recognize the same problem in Diebold's use of encryption — they can say they use encryption, but they use it in a way that neutralizes its security benefits. The bad guys don't care whether you use encryption; they care whether they can read and modify your data. They don't care whether your door has a lock on it; they care whether they can get it open. The checkbox approach to security works in press releases, but it doesn't work in the field. |