Crypto stars sound off on e-voting, digital rights management
by Paul Roberts
FEBRUARY 25, 2004 (IDG NEWS SERVICE) - SAN FRANCISCO -- A panel of
distinguished cryptographers at the RSA Conference here weighed in on
a variety of hot button issues, including electronic voting and
rights management for digital media.
Speaking at the annual Cryptographers Panel on Tuesday, Ronald
Rivest, co-creator of the RSA encryption algorithm, backed calls for
paper ballots to supplement insecure electronic voting technology,
while fellow luminaries Paul Kocher and Whitfield Diffie predicted
heated battles between privacy advocates and intellectual property
owners over the issue of digital rights management.
Rivest cited recent analysis of Diebold Inc. electronic voting
systems after a leak of the source code for those systems as evidence
that such systems were inadequate to ensure the authenticity of votes
cast.
Analysis of the Diebold source code showed that the company's
programmers failed to use accepted authentication methods to secure
voting data and cast doubt on the ability of Diebold or other
companies to patch the code in time to guarantee the results of
approaching elections, including this year's presidential elections,
he said.
To ensure the outcome of elections where electronic voting kiosks are
used, municipalities should implement voter verifiable technology
that would produce a paper copy of each ballot that is cast, Rivest
said.
Speaking to an audience of fellow cryptographers and security
experts, Rivest cautioned against the "digitizing" of votes. "We know
only too well the difficulties of securing complex electronic
systems," Rivest said. Technology companies and municipalities should
"go slow," and "keep it simple," relying on paper ballots and audit
trails to verify the data collected by electronic voting kiosks, he
said.
Speaking after Rivest, Kocher, president and chief scientist of
Cryptography Research Inc. cited "failed economies" in a number of
areas of technology adoption that are causing pain for corporations
and ordinary computer users.
The inability of entertainment companies to control the technology
used to play their products -- music and movies -- has resulted in a
flood of piracy that's hurting those companies, Kocher said.
Similarly, the way e-mail is sent and received makes it easy for
spammers to flood users' inboxes with unsolicited messages, he said.
The technology community and the private sector need to address those
issues if they want to solve problems like piracy and spam. Failing
that, government regulation may be needed to mandate security
standards, he said.
Concerns about piracy and terrorism may spell the end of computers
and computer networks that are entirely controlled by their owners,
said Diffie, chief security officer at Sun Microsystems Inc. The
ongoing battle between entertainment companies and their customers
over digital duplication of songs and videos and the federal
government's desire to tap into data sent over voice over Internet
Protocol networks may yield to built-in surveillance features that
report on how computers are being used, Diffie said.
The panel of cryptography experts was also critical of Microsoft
Corp., weighing in on a variety of issues, including the company's
security plans and revelations that its Windows source code was
recently leaked onto the Internet. Speaking shortly after Microsoft
Chairman and Chief Software Architect Bill Gates addressed the
conference, Adi Shamir of the Weizmann Institute of Science in
Israel, another RSA algorithm creator, said that the release of the
proprietary source code probably would not pose a security risk to
Windows users, but showed that Microsoft wasn't in control of its
code.
If the company had fingerprinted its released code, it would have
quickly been able to say where the leaked code came from. The fact
that the company initially appeared confused about the source of the
leak showed that even simple security measures are sometimes ignored
by powerful companies, he said. The leak of the source code posed
ethical problems for legitimate security researchers, who risk
violating the law in analyzing the code - a problem that virus
writers and online criminals don't have, Kocher said. Microsoft
should officially release the leaked code passages for analysis and
enable security researchers to legally examine it, he said.
Kocher was also critical of the security measures Gates outlined in
his speech, noting that none of the company's proposed measures
involved simplifying Windows, but instead required more additions to
the already massive code base. In a statement that elicited loud
applause from the audience, Kocher said that Microsoft should look
for ways to make Windows less and not more complex.
"As a species, we're not smart enough to handle the complexity of
this stuff. You have to get the complexity out of there," he said.
*
---
* Origin: [adminz] tech, security, support (192.168.0.2)
generated by msg2page 0.06 on Jul 21, 2006 at 19:04:17
search: