Securing against the wrong risk

This week’s Economist includes an unusually poor article on security. It explains that the upcoming Swiss election will be using quantum cryptography to transmit the results from polling stations to central tabulation centres. It alleges that this makes the whole electoral process more secure. This is wrong.

What this is essentially saying is that there would otherwise be a risk of manipulation of this data in transit. The chief polling officer at one station might send a set of figures that get altered by a malicious agent en route to the tabulation centre. Having an encrypted link prevents this man-in-the-middle attack. It does not prevent the polling officer from lying, or the person at the tabulation centre from manipulating the results they input into the counting machines. It doesn’t prevent ballot-stuffing, vote buying, or the compromise of computer systems used to collect or tally votes. In short, it provides no security for the parts of the electoral process that are actually vulnerable to attack. In the absence of good security at the more vulnerable points in the electoral process, using quantum cryptography is like putting a padlock on a paper bag.

Hopefully, they will print my brief letter taking them to task for allowing themselves to be seduced by technology, rather than think sensibly about security.

[Update: 29 October 2007] Bruce Schneier has written about this. Unsurprisingly, he agrees that using quantum cryptography does not increase the security of the Swiss election.

Author: Milan

In the spring of 2005, I graduated from the University of British Columbia with a degree in International Relations and a general focus in the area of environmental politics. In the fall of 2005, I began reading for an M.Phil in IR at Wadham College, Oxford. Outside school, I am very interested in photography, writing, and the outdoors. I am writing this blog to keep in touch with friends and family around the world, provide a more personal view of graduate student life in Oxford, and pass on some lessons I've learned here.

7 thoughts on “Securing against the wrong risk”

  1. A chain is the perfect analogy here. If you have a chain with ten links – five strong, and five weaker – it is a waste of resources to strengthen the strong links.

  2. “Moving data from point A to point B securely is one of the easiest security problems we have. Conventional encryption works great. PGP, SSL, SSH could all be used to solve this problem, as could pretty much any good VPN software package; there’s no need to use quantum crypto for this at all. Software security, OS security, network security, and user security are much harder security problems; and quantum crypto doesn’t even begin to address them.”

  3. Security is a chain; it’s as strong as the weakest link. Mathematical cryptography, as bad as it sometimes is, is the strongest link in most security chains. Our symmetric and public-key algorithms are pretty good, even though they’re not based on much rigorous mathematical theory. The real problems are elsewhere: computer security, network security, user interface and so on.

    Cryptography is the one area of security that we can get right. We already have good encryption algorithms, good authentication algorithms and good key-agreement protocols. Maybe quantum cryptography can make that link stronger, but why would anyone bother? There are far more serious security problems to worry about, and it makes much more sense to spend effort securing those.

  4. Australian Gov’t May Employ a Homegrown Quantum Key System

    “The Australian government is trialling a new Quantum Key Distribution (QKD) system built by Aussie scientists. QKD is considered the world’s toughest security because the slightest attempt to intercept the one time keys, coded into lasers at the quantum level, will disrupt the beam. The technology differs from current cryptography tech primarily because it’s cheap. Well, less than the $US100k price tag of rival systems. It uses off-the-shelf networking gear instead of proprietary technology, and is built on open standards, so it’s easier to install. The random key is encoded at the quantum level in the sidebeam in the phase and amplitude, or brightness and colour, of a highly tuned laser beam. The creators, who built the system in part for their Ph.Ds, said it can be used to transport the most sensitive data like critical infrastructure and secret commercial IP. The days of hand-delivered security keys are numbered.”

Leave a Reply

Your email address will not be published. Required fields are marked *