iMyFone LockWiper

iMyFone LockWiper

Helps you bypass the iPhone passcode in case you forgot it and the device became unusable or you have to wait for a long time before attempting to unlock it again

FULL VERSION + CRACK
Flvto Youtube Downloader

Flvto Youtube Downloader

With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of moves

FULL VERSION + CRACK
Voicemod

Voicemod

Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effects

FULL VERSION + CRACK
Dolby Access

Dolby Access

Take advantage of stunning sound quality and realism in your multimedia experiences, with sound that surrounds you with the help of this app that gives you a free trial of Dolby Atmos.

FULL VERSION + CRACK
Logic Pro X

Logic Pro X

A fully-featured recoding studio that provides a complete set of tools for musicians who need to write, record, edit and mix music

FULL VERSION + CRACK

IT News

Feb 15
Employers that rely on foreign national talent face new electronic filing system and modified registration timeline for FY 2021 filing period.
Feb 14
Arista confirmed what had been rumored for the past few weeks, that it has acquired software-defined networking/cloud software vendor Big Switch Networks for an undisclosed amount.
Feb 14
The flaws could let a hacker alter, stop or expose how a person has voted.
Feb 14
Firefox 73 is a minor update that highlights Mozilla's decision to speed up the browser's release schedule.
Feb 13
The database giant is leveraging assets from its acquisition of DataScience.com to deliver a new enterprise-grade, cloud-based data science platform focused on collaboration.
Feb 12
It looks like Microsoft plans to update its Chromium-based Edge browser at about the same pace Google updates its Chrome browser.
Feb 12
A real-time payments infrastructure enabled by a blockchain-based stablecoin could offer many advantages, a Federal Reserve governor said during a recent speech.

Categories

Why getting election security right for 2020 matters

How much election security is enough? The answer: Enough to convince a losing candidate that they lost. Will that happen for the 2020 elections? Probably not.

"Is it enough? How much is enough?" Herb Lin, Senior Research Scholar at the Center for International Security and Cooperation at Stanford University, and co-author of the Stanford Cyber Policy Center's "Securing American Elections" report, asks. "Unfortunately it's not a technical answer. Enough means you've done enough so that you can persuade the loser of an election that in fact the voting machines weren't hacked."

"You have to take into account the possibility that the loser will rally his troops and complain about the result," he adds. "The election machinery, both organizational and technical, all of that has to be of sufficiently high quality, and resistant to attack, that you can persuade the loser of an election that they fairly lost."

That makes election security as much of a political problem as it is a technical problem. Voters must have confidence that the voting was fair, regardless of how much money is spent or what security controls are put in place. That makes securing election infrastructure categorically different than almost any other information security challenge today.

At present many jurisdictions are struggling to escape the bottomless pit of despair paperless voting, and that's a no-brainer. But once we raise the bar from wow-crazy-bad to meh-just-not-great, how do we reach a plateau of sustainably trustworthy voting security?

Like all political problems, that boils down to trade-offs.

Election security trade-offs

A consensus among election security experts is that human-readable paper ballots are the way to go. Are hand-marked paper ballots superior to machine-marked human-readable paper ballots? Or vice-versa?

Voters are notorious for making mistakes. Instead of an 'X' in the box, maybe they circle the box. Or they partially fill in the box. Or scratch out a mistake and mark a different square. Voter error of this sort has been with us since the beginning of paper ballots.

One proposed--and deployed--alternative is to use touchscreen voting machines that print out a paper ballot the voter can review before dropping the paper ballot into a ballot box. The touchscreen machine does not count votes; only the paper ballot matters. But how many voters will scrupulously review every ballot choice, especially on long ballots, to ensure the machine did not make a mistake? A hacked ballot-marking machine could potentially display the voter's choice on screen but print out a different voting choice. The gaslighting possibilities are troublesome.

That's a trade-off, with pros and cons each way. All it takes is a voter or two screaming bloody murder that the machine mismarked their ballot--whether true or not--to call the results of an election into question. Ensuring every voters' intention when voting is counted is also important.

Another trade-off is speed of counting. One major drawback of paper ballots is they take a long time to count by hand. That counting, even by good-faith poll workers, can be prone to error. Counting using optical scanners with risk-limiting audits--widely viewed as a suitable compromise between speed and accuracy--is faster, but still not instantaneous. Risk-limiting audits take time as well. That can be a problem when there's pressure to know the result.

"In Europe they wait," Lin says. "They wait until they get it right. We [in the U.S.] don't have the patience."

Another trade-off involves ensuring voting machines are accessible to citizens with disabilities. "Blind people are entitled to vote, and entitled to voter privacy," Lin points out. "Maybe you give them a special machine. Now they're being singled out and feel stigmatized. That's a political decision, somebody has to decide that, and they [politicians] will take flak for it either way."

"There are trade-offs to be made, and that's the fundamental point," Lin says. "How you decide to resolve the trade-offs is a question of public policy."

Stanford report calls for pen testing, code review of voting machines

As most CSO readers know, compliance does not equal security. The Stanford report slams checkbox-ticking compliance as a completely inadequate means of ensuring the security of voting machines, writing "the assurance of security by checklist compliance-a requirement of the certification process-provides a baseline level of security, but by itself is known to be inferior to security assessed through an adversarial process."

The report also casts shade on the closed-source, proprietary nature of for-profit voting machine vendors' products, although stops short of calling for open-source voting systems. "Vendors, who provide the hardware and software for elections, generally resist third-party inspection of source code on the grounds that allowing outsiders such access compromises their intellectual property."

The report calls for pen testing of voting infrastructure to become a regular, ongoing part of the electoral process to ensure the integrity of voting results. The report also calls for third-party source code review under both non-disclosure and non-compete agreements.

Close watchers of the election security space will be familiar with the National Academies 2018 report on election security, which offered specific, concrete recommendations by a number of security experts on how to bolster voting infrastructure. The Stanford report goes one step further, urging not only pen testing and third-party code review, but also multi-day voting periods (to give people time to vote when the inevitable computer glitches happen), and also recommends making it easier for political parties to provide funding and staffing resources to help candidates secure their campaigns.

So how much security, exactly, is enough to secure an election? The answer to that question is a constantly moving target. As technology continues to evolve, new threats will emerge, some we haven't even imagined yet. But in all cases the final test is the same: Are the voting results so airtight that even a bad-faith losing candidate has to admit they fairly lost? Then our elections are secure.

Otherwise not.

This story, "Why getting election security right for 2020 matters" was originally published by CSO.