LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Voting machine integrity through transparency

Voting machine integrity through transparency

Posted Apr 6, 2008 2:42 UTC (Sun) by rmunn (guest, #40618)
In reply to: Voting machine integrity through transparency by smoogen
Parent article: Voting machine integrity through transparency

So I am not surprised that lots of places bought stuff that was snake-oil. I am more surprised that we are re-evaluating it so quickly :).

I would add another reason to your list of 3. Most people tend to know the limits of their own competence, and trust experts in fields they're not competent in themselves. Most people know they aren't cryptology experts, for example, so when someone who claims to be a crypto expert tells them "Hey, I've got a really cool new crypto system to sell you," they have a tendency to trust that he knows what he's talking about. The way to get really secure crypto -- open design that's been hacked at for twenty years by an entire community of experts -- doesn't occur to them, because it's slightly counterintuitive. Your average non-expert thinks, "Yeah, but this new system has a secret design, so it must be even more secure than that open-design system over there." And that's why people continue to pay millions for snake oil like CSS (the DVD type, not the HTML type).

I think something similar may be happening with the voting-machine problem. You've got a bunch of election officials who aren't computer experts (and know this), so when someone sells them a system with the proviso "You can't reveal how the system works, so that the Bad Guys won't be able to hack it," they actually think this is a good idea.

Hmmm, maybe that's two reasons, not just one. First, people tend to trust those they believe to be experts; and second, Security through Obscurity is something that intuitively makes sense to non-experts. And so when one "expert" tells them S-through-O is a good idea and the other "expert" tells them no, it's not -- they tend to believe the first guy, and question the expertise of the second guy.

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.