<http://www.computerworld.com/action/article.do? command=viewArticleBasic&articleId=9004339&source=NLT_AM&nlid=1>
October 21, 2006 (IDG News Service) -- Source code to Diebold Election Systems Inc. voting machines has been leaked once again.
[...]
...................
After years of working as an information technology consultant, moving from one multinational firm to another over the last 12 years, I've learned a few things about how companies use computing machinery.
And one of the most important lessons I've taken away is this: anything that's hard and/or expensive will not get done unless there's a compelling economic or legal reason to do it. And by "compelling" I don't mean something along the lines of 'hey, that's a good idea, let's do it', I mean really compelling as in, this'll make us millions/billions or keep my CEO name out of the WSJ in one of those 'what went wrong' pieces.
Contrary to the claims of vendors who assert that their use of complex algorithms ('now with 128 bit encryption!') make things turnkey simple security is, in fact, quite hard. It's no exaggeration to say that it's one of the most difficult things to get right with a large-scale network or, as in the Diebold case, publicly deployed, multi-user system. It requires careful and logical planning, a respect for and awareness of the best thought in the field and, over time, careful attention to details and willingness to modify your designs as vulnerabilities are better understood.
For every organization that brings all these things to the table - and, as a result, deploys a well designed internal access control, intrusion detection and border security infrastructure - there are probably ten others for whom the slapdash approach is considered just fine.
Which brings me to Diebold.
They've won the contracts for distributing these machines, so the economic incentive for increasing security is, apparently, non-existent. As fas as I know they don't face any significant legal challenges, so that's off their worry list. And as for bad press; well, their political connections appear to shield them from facing serious bottom line consequences from that.
So it's no doubt simpler, easier and cheaper to take the path of least effort and push their sub-par devices out the door.
.d.
In all probability the airplane is banked and is turning, although your sensations make you feel it is in straight and level flight. Don't act according to your sensations. Check and cross check your instruments.
Pilot's Information File, 1944
...................... http://monroelab.net/blog/