Podcast: Play in new window | Embed
Kenny asked: “There’s been so much lately about Russians hacking the elections and whether it was polling machines or e-mail servers to create negative propaganda. Will we ever be able to protect ourselves from these kind of attacks? I’d love to hear your thoughts.”
Kenny, the problem with making everything secure is that the more secure that it is, the hardest it becomes to use.
Emails server are easy in theory, you can require strong passwords, but you have to make sure your users don’t fall for phishing scams. You can require that all messages are encrypted, but that tends to only work well when you’re communicating with a the same people because everyone needs to have the proper keys to decrypt the message, anything you send to anyone that doesn’t have the key has to be unencrypted.
On top of that, the main failure point is typically the user, it’s important to set policies that people can and will follow so that private information can remain private.
As far as polling machines, they vary State by State, and some use them and others don’t, so who knows how vulnerable they are. The best policy there is probably to require some kind of printed proof that the voter can look at and then deposit somewhere, so that they can check that they voted as they intended to vote, and so it can be checked later. Other than that, we can’t really comment, since we don’t know how those systems really work.
So the short answer, after saying all that, is no, we can never make any online systems absolutely secure while still leaving them online. If it’s accessible remotely, it can be hacked. You just have to balance the “hardening” of the technology with the corresponding increase in difficulty of use.