|4 votes (100%)|
|No votes (0%)|
|No votes (0%)|
4 members have voted
I am neither a computer scientist nor a system operator. But I think most of the examples like you are suggesting could be resolved by going to the off-line backup then auditing the more recent transactions to verify the proper current state. It would be a nuisance, granted.
It would be an a lot bigger "nuisance" then having to postpone elections.
Imagine what will happen to the market (within minutes) if somebody dumps 60% of Microsoft stock for a penny on a dollar. Remember that most of the trading is done nowadays by automated systems, making decisions without human intervention. The whole market will crash immediately, and it'll only be the beginning of a huge chain reaction.
By the time feds realize something went terribly wrong, and stop the trading, trillions of dollars will be lost. Perhaps, they'd find a way eventually to reverse some of the trasactions and recover a part of the losses, but that will take months.
And even if everything was reversible, imagine what will happen to the market in general ... remember, we are talking about the market, that plunged 20% when Greenspan so much as hinted at his concern that certain technology sectors may be slightly overpriced.
Or consider the IRS getting hacked. It would be enough nuisance if someone just manages to break in and kill the entire database - you are right, in that case, they could just revert to the latest backup, and everything is great. Everybody would have to refile their reports, and it would cost a shitload of money, and take many months for people to get their refunds etc., etc., but still ...
But what if the hacker does not make himself known right away. Suppose, one intercepts people's e-file returns, and replaces the bank accounts for the refund with his own . How many months do you think would have to pass before the problem would even be noticed, let alone acknowledged? And where would all the money be by then?
Or, forget replacing the bank accounts, one can just steal the ACH info from the returns, and withdraw the money targeted to IRS. Then, when IRS comes aroudn to make the charge, sometimes there will be two charges to the account, and sometimes, there will be insufficient funds, and people would get slapped with a penalty, and ... how much nuisance would it take to resolve that (remember, there will be tens of millions of cases, each involving several banks, the IRS, the clearing house, likely, a few lawyers, and the taxpayer)?
Or simply add a $1000 to a random line of every 15th tax return ... and see what falls out ...
The possibilities are countless.
But in the case of voting, it is a one-time entry (no going back to yesterday's backup), and I am not certain just how well individual votes can be audited when they are entered electronically, particularly if the data is entered over today's internet. I think it would only require a modest disturbance to create a major problem
They can be audited very well. Like I said earlier, when you connect to an internet server, especially a government one, it can instantly determine your location, your ISP, the operating system you are using, the last X sites you visited etc., etc.
For example, it could be required that every voter provides his ISP and network address as a part of registration if he wants to be able to vote over internet at his own location (if not, he can go into a polling place, where a secure computer is setup, and vote from there). Nobody would be able to even connect to the site under your name, unless he is already in your home, or broken into your computer (which by itself is easy, but remember that he'd also have to connect your computer with you SSN and bio data, and do it not once, and not twice, but millions of times ... and again if somebody can get their hands on this kind of information right now, there are trillions of dollars to be made on it, so why are we not hearing about them?).
Not going to work for a lot of us...my ISP (like many others) provides dynamic addresses, so if I register with the address I have in October, it likely will be different in November.Quote: weaselman
... For example, it could be required that every voter provides his ISP and network address as a part of registration if he wants to be able to vote over internet at his own location ...
Not going to work for a lot of us...my ISP (like many others) provides dynamic addresses, so if I register with the address I have in October, it likely will be different in November.
First, I said "network address" (does not change), not "IP address". But if you think that's not secure enough, there is an even better way - they can require the MAC address of your router instead of ip.
Or, even more elegantly, they could send you an RSA certificate associated with your voter registration. That's just plain unbreakable.