Wednesday, October 08, 2008
the security stuff problem
I recognize that most people don't spend much time thinking about computer security. To the extent that they do, they either assume that there's some "security stuff" that is protecting their computer and transactions, or that such stuff could be created.
Here's the problem: lots of people have tried to create secure systems for a long time, and have failed miserably.
I don't have to get technical at all, I can just talk in the consumer space.
1. For years, games companies put elaborate efforts and skilled people into trying to protect their games from piracy. They had special codes, special floppy disks with holes punched into the magnetic media or deliberate errors, physical dongles, you name it.
And yet their games were always pirated. Eventually most of them just gave up on protecting their games.
2. For years, continuing today, media companies like the record and movie industry have attempted to protect their content from piracy with Digital Rights Management (DRM). They have sophisticated hardware, elaborate codes, highly skilled people and a large monetary incentive. And they have failed.
iTunes music DRM? There's a hack.
DVD DRM? There's a hack.
3. Apple has an incentive to protect its iPhone from being used on any network, as it has an exclusive deal with AT&T. Their phone is "locked".
iPhone locking? There's a hack
THERE IS ALWAYS A HACK.
Because any piece of software or hardware you can create, I can put a layer in front of. Your software talks to a hardware dongle? I write a layer of software that pretends to be the hardware.
And we're not talking big power or political incentives here, we're talking smart kids (mostly) who wanted to play some games, listen to some music, or watch some movies.
So if they couldn't even protect SONGS, do you seriously think they're going to be able to protect AN ENTIRE ELECTION?
There is no unbreakable "security stuff" to do that, it simply doesn't exist.
And even if it did, the incredible complexity of it would mean that the entire election would boil down to "trust the machine and the computer guys".
Wouldn't you rather trust a piece of paper you can see, a counting system so simple elementary school students could perform it, and volunteers and scrutineers from your own neighbourhood that you can watch?
Here's the problem: lots of people have tried to create secure systems for a long time, and have failed miserably.
I don't have to get technical at all, I can just talk in the consumer space.
1. For years, games companies put elaborate efforts and skilled people into trying to protect their games from piracy. They had special codes, special floppy disks with holes punched into the magnetic media or deliberate errors, physical dongles, you name it.
And yet their games were always pirated. Eventually most of them just gave up on protecting their games.
2. For years, continuing today, media companies like the record and movie industry have attempted to protect their content from piracy with Digital Rights Management (DRM). They have sophisticated hardware, elaborate codes, highly skilled people and a large monetary incentive. And they have failed.
iTunes music DRM? There's a hack.
DVD DRM? There's a hack.
3. Apple has an incentive to protect its iPhone from being used on any network, as it has an exclusive deal with AT&T. Their phone is "locked".
iPhone locking? There's a hack
THERE IS ALWAYS A HACK.
Because any piece of software or hardware you can create, I can put a layer in front of. Your software talks to a hardware dongle? I write a layer of software that pretends to be the hardware.
And we're not talking big power or political incentives here, we're talking smart kids (mostly) who wanted to play some games, listen to some music, or watch some movies.
So if they couldn't even protect SONGS, do you seriously think they're going to be able to protect AN ENTIRE ELECTION?
There is no unbreakable "security stuff" to do that, it simply doesn't exist.
And even if it did, the incredible complexity of it would mean that the entire election would boil down to "trust the machine and the computer guys".
Wouldn't you rather trust a piece of paper you can see, a counting system so simple elementary school students could perform it, and volunteers and scrutineers from your own neighbourhood that you can watch?
Labels: security
[permanent link] posted by rakerman : 5:11 pm
Comments:
Post a Comment
