Information Assurance Isolationism

Forthcoming in the Peltier Effect Year in Review

I recently attended a lecture by a famous information security professional who lamented the terrible lack of interest in information security among those developing new technologies. He claimed that we were being shortsighted by considering technologies with security issues, and he provided two examples: computer controlled highways and electronic voting systems. Computer controlled highways would allow drivers to enter their destinations into their vehicle’s computers, and have the computer take them there; interacting with the computers from other vehicles to ensure safe driving distances and avoid obstacles. Electronic voting systems are self-evident.

The speaker pointed out that electronic voting machines could fail or be rigged, allowing for voting fraud. Similarly, car mounted computers can fail, causing horrific crashes. How could we even consider technologies with these flaws, he asked, and ended with the question: “Would you trust your life to a highway controlled by computers?”

My first thought when I heard this question was “I don’t know because you haven’t told me if it’s safer than the current system.” About 50,000 people die every year on our highways, mostly due to human error. If the computer system were more reliable than the current one, then yes, I would feel safer on an automatic highway, and so should he. But until he compares computer highways to the current situation, I cannot say where I stand.

What the speaker missed is that the issue is not whether computer controlled highways are infallible, they undoubtedly are not, but rather whether they are less fallible than the alternative. But the speaker was so narrowly focused on potential weaknesses in the technology that he was blind to the real question.

Similarly, I can’t say if I am against electronic voting systems until you tell me whether they are more or less accurate than the current system of paper balloting. Again, the question is not whether electronic voting is infallible, but rather whether it is more fallible than the alternative.

Ironically, it turns out that electronic voting may in fact be a much less fallible system than paper balloting. The 2004 Presidential election showed just how unreliable paper balloting is. All paper ballot elections have a margin of error--a certain percentage of votes cast in a paper ballot election go uncounted due to a variety of problems such as unclear markings or counting errors—and a surprisingly large margin or error. Hundreds of thousands of votes are not counted or miscounted due to paper balloting. Paper ballots are also vulnerable to tampering--someone could stuff the ballot box or throw ballets into the garbage--and both of these have happened.

Interestingly, in the speaker’s home state of California the last governor recall election was briefly held up by a lawsuit filed on grounds that municipalities in the Los Angeles area that used paper ballots rather than electronic voting violated the civil rights of their citizens to have their vote counted. That argued that paper balloting systems have been proven to be less reliable than electronic voting.

This is not to say that electronic voting systems and computer controlled highways don’t have problems. My point is that those problems do not themselves tell us that we should dismiss the systems. We need to use some system for voting, and some system for moving across highways. The problems with one system only tell us which system to choose if they are worse than the problems with all others.

I listened to another information security speaker who expressed the need for better security by asking “Are we there yet?’ and answering “Clearly not.” I then asked him what “there” is. He replied that “there” was an acceptable level of security. But my question is precisely “What is an acceptable level of security?” He admitted that he did not know, which means that he can’t say whether we are there yet. Without some conception of an acceptable level of security to which we can compare the current situation, we cannot say that our current situation is below par.

By analogy, I once listened to a speaker discussing what can be done to lower the divorce rate. While I had some reservations about his account of the reasons for the divorce rate and the solutions, my deeper question concerned his assumption that the divorce rate was too high. If he knows that the divorce rate is too high, then he must know what an appropriate divorce rate is in order to compare it to the current rate. Clearly, some marriages should not continue, and nearly everyone who ever got divorced probably thought that their marriage was one of them, so what is the proper divorce rate? Not knowing the proper divorce rate we cannot say that the current rate is too high. Maybe it’s just right. Maybe it’s too low in that too many people stay in bad marriages that should be ended.

The information security field must become aware of the hidden standards that are the basis of their positions. This will lend credibility to the entire profession, and help elevate the status of practitioners to the outside world.

Last Week’s Question:

What position did Alden Partridge, founder of Norwich University, hold in the military before resigning his commission?

The answer is: Superintendent of West Point

This week’s winner is Sam Moore, who wins a copy of book 100 Encrypted Sudoku Puzzles for the Information Assurance Professional. Congratulations Sam!

This week’s Question:

Until recently, Norwich University owned what other college in Vermont?

The winner receives a general consulting report to be used for his or her consulting business. Simply enter the topic of the report, your name, name of the client, and fee, and send it to your clients.