They’re using something called, amongst other things, “traffic shaping.” Basically it allows different types of traffic – web browsing vs. SSH vs. file-sharing vs. WoW vs. whatever – to be throttled or shut down without affecting other applications. As they note, WoW traffic went undisturbed but access to Flash video was all but eradicated. (I choose to forgive their mangling of WoW cosmology – Azeroth is a continent and the planet on which it is found, not an island – in light of their clever off-hand suggestion that WoW be a meeting place to organize protests in the real world.)

Looking at the final graph, here’s what they most blocked in descending order:

• SSH, normally used for encrypted command-line access but also very useful as a sneaky way to proxy web traffic. If you have a co-worker who can always get to anything online no matter what your IT staff does, and SSH is allowed, that co-worker is using an SSH proxy. (For purposes of full disclosure, guess who’s shite at getting that to work? Moi. I’ve just never cared that much.) Other possible transgressive uses of SSH: terminal session to an external host that has a command-line IRC client installed; encrypted file transfer; etc. If the chart listing percentage dropped is also a rough guide to their list of concerns then they are quite right to consider SSH the most subtle threat to their attempted smothering of information access.
• Flash, used by basically every video site, including YouTube and many news sites, to embed video.
• Bittorrent, which of course would make an excellent way to distribute, say, video of the militia murdering someone in the street without it being localized or necessarily traceable to the original person who held the camera.
• POP, because you don’t want just anyone receiving email from their international friends and relatives, do you?
• Alternative web ports and HTTP proxies are always a popular target for IT staff who want to control access to porn or, you know, news. I’m going to guess they’re just taking a stab at random ports that are likely candidates for alternate web traffic (say, TCP 8080 or 8181) but maybe they’re packing the serious web filtering heat on that scale. If so then I have to wonder if there are some embargoes being broken.
• Web cam = citizen journalist/potential YouTube star/access to international friends and family who’ve pointed a web cam at their HDTV tuned to CNN. Verboten!
• SMB: surprise, Microsoft is super-chatty in Farsi, too. Also file-sharing, though gods help the poor bastard who’s down to trying to share drives across international lines. Any modern ISP that is at all conscious of what it’s doing will be blocking this at its own borders anyway.
• Then, waaaaaaaaaaaaaaaay down the list: normal old web traffic, email (I’m assuming they mean SMTP and IMAP only, since they list POP separately) and FTP.

So, related to my web filtering comment above, I don’t know a damned thing about what embargoes are in place. Ever since I got yelled at by a corporate VP in 1994 for calling up the Commerce Dept. on my own initiative to ask them about regulations related to international shipping of books that discuss encryption I’ve kind of let the lawyers worry about that stuff. That said, the ability to do this kind of traffic shaping on this scale suggests access to equipment that I would expect is embargoed. I don’t know, though. Maybe they can just buy all their Networking Company X equipment directly from X’s contracted manufacturer in China, y’know? I sure don’t. (Know, that is.) Maybe they’ve got enough people sitting around that they can just write up manual access-lists and try to filter everything by port on whatever devices they’ve got that can take ACLs and that’s why they’re only blocking some of this. I don’t know. In some ways the article raises more questions than it answers, for me, since it makes me want to know the specific techniques and technologies being applied.

All that aside, doesn’t it just kind of stab the ghost of my freshman self through the heart with an icicle to see the internet used to limit information and mask access to the truth? Yes it does. Why it still surprises me I’ll never know.

The FTC also alleges that the defendant engaged in the deployment and operation of botnets – large networks of computers that have been compromised and enslaved by the originator of the botnet, known as a “bot herder.” [...] According to the FTC, the defendant recruited bot herders and hosted the command-and-control servers – the computers that relay commands from the bot herders to the compromised computers known as “zombie drones.” Transcripts of instant-message logs filed with the district court show the defendants’ senior employees discussing the configuration of botnets with bot herders. And, in filings with the district court, the FTC alleges that more than 4,500 malicious software programs are controlled by command-and-control servers hosted by 3FN. This malware includes programs capable of keystroke logging, password stealing, and data stealing, programs with hidden backdoor remote control activity, and programs involved in spam distribution.

Since they were running botnets and keyloggers it’s safe to say that a major part of their business plan was identity theft, the fucks. If this is true then we are all better off with these people off the internet for at least a little while.

Late last year there was a similar shutdown of McColo, another major haven for this type of thing, and at the company where I then worked we saw a significant drop in spam traffic that corresponded almost to the minute with the shutdown. Now I’m very curious to track what happens in my various spam folders today and over the weekend. We might be about to enjoy a very pleasant few days. Given that it looks like Pricewert were caught as red-handed as can be, maybe even a little longer.

However, even if everyone involved in running Pricewert itself were to go to jail and never have the chance to run this sort of operation again, their bot herders and the criminal clients who sought out Pricewert’s services will just go somewhere else and set up shop again. They don’t even necessarily have to wait for things to cool off first… and I don’t think there’s a solution to that. Security tools such as intrusion prevention have issues that make some fantasy of in-the-cloud security across all ISPs or all major upstream providers just that: fantasy. While the 40 and 100 Gbps standards are on the horizon, 10 Gbps security devices are still prohibitively expensive for almost all potential customers. If individual organizations can’t afford that kind of inspected speed in their own data centers then there’s no way an ISP could hope to do the same. On top of that, intrusion prevention has too much potential for a false positive taking out something important. As for firewalls, they’re for premises and individual organizations, not entire classes of customer.

There are things that can be done – basic ACLs on border routers, policies that block specific known bad traffic at the outermost edges of ISP networks – but the internet is simply always going to be, to some degree, the frontier. That’s kind of the point of the internet, actually. By the time some technology or standard or service is understood sufficiently to have vulnerabilities identified and those risks mitigated, there are ten more completely new technologies or standards or services coming down the pipe. The only way to protect a given network from malicious traffic originating outside of that network is to disconnect from the outside world.

ISPs and especially their upstream providers are in the business of providing as much bandwidth as possible as reliably as possible. Just as at the user level there is the potential for tension between convenience and risk management, there is tension between risk management and the level of availability demanded by a hosting center. Any ISP or upstream provider that started policing the traffic of its large, high-bandwidth, highly available clients would be asking to go out of business and that’s just the legit providers. Even if tomorrow someone were to wave their magic wand so that inspection took no more resources than routing there would still be people who see the criminal elements of the internet as little more than an under-served market, especially in times like these.

After some thought and a discussion with The Boyf I decided that, given that the topic itself – securing credit card data and protecting personal information – is fairly apolitical and the tone of the thing seemed to be educational rather than advocating a particular point of view, well, what the hell, right? I did a little reading up on the big TJX breach, as that was apparently going to be the topic that morning, and wrote down a few thoughts in case my brain was fuzzy at 7:10am.

The experience itself was nice enough. The host was polite, the interview was brief, I didn’t say ‘um’ every other word and I got to say the thing that made me ultimately decide to do this: that there is no such thing as “security.” As I said to the host (after trying it out a couple of times on KJ, bascha and The Boyf last night), our society has become convinced that “security” is some attainable state of the absence of risk but in truth “security” is the ongoing process of trying to find a balance between risk and convenience.

It’s childish and silly of me but I really relished saying that to an audience of security-obsessed wingnuts.

The only thing I don’t understand is why the host asked me how 9/11 had changed network security. It hasn’t. I didn’t get a chance to bring this up but the truth is that 9/11 didn’t change a damned thing about network security – at least not in the markets where I’ve worked – because 9/11 was a physical attack, not an electronic one. The big engines of change have been government regulation, the very market interventions that free market righty types find so abhorrent. I’ve seen more clients make positive changes to their networks and their policies as a result of SarbOx, HIPAA and the FFIEC than anything else.

The host asked how a person can protect their credit card data and I said, in all honesty, that we can’t. The truth is that once your financial data is in a store’s hands it is out of yours. Period. If that data is compromised then they have to notify you but they don’t have to tell you how or by whom or anything else. In fact, there is a disincentive to inform. TJX’s (eventual) openness about how the theft was done led to lawsuit upon lawsuit. During the time span that the big, multi-store heist in question was being executed my bank sent me three (3) new copies of my credit card and I’ve never known exactly why. Was my information in that data? Probably so; I’ve shopped at Barnes & Noble plenty of times.

The example I gave them was that if one wants to make sure one’s credit or debit card data is never stolen from, say the grocery store, then one had better always pay in cash. It’s not that simple, though. Paying in cash means remembering to go to the cash machine and knowing exactly how much one will spend at the store. That also requires protecting one’s PIN from prying eyes at the ATM, keeping one’s wallet from ever getting stolen and then, even then, if one’s data is stolen directly from the bank, well… so much for all that effort.

The payment card industry has a set of protocols it requires called the PCI DSS (Payment Card Industry Data Security Standard). It’s a good start but it is only that: a start. It covers some basic common sense benchmarks but these are as basic as making sure default passwords aren’t left on vendor-provided cash registers and other equipment. It’s bare-bones at best. The truth is that payment data theft is a problem for which the market is not ever going to correct. The use of cards is way too profitable for everyone involved. Stores, the banks that issue the cards, the payment card providers themselves, payment processors, everyone involved makes way too much money off cards to ever give them up or to make them too inconvenient to use. No store is going to react warmly to someone walking in off the street and asking how that store protects credit card data. No store ever advertises that customer data is more secure with them than with their competitors.

So what do we do? There isn’t much we can do without accepting a high level of inconvenience. Sure, there are options – get prepaid cards to use for online shopping, but read up on the fraud protection for those cards first just in case it’s not as good as your normal credit card. Get a secured credit card. Get a credit card with your picture on it. Keep tabs on your account activity online – weekly, not monthly. Request a copy of your credit report once per year if not once per quarter. Write a check instead of using the card; check data can also be stolen but it’s harder to get at one’s cash with check data. Better yet, use cash. There are ways in which the TJX heist was very clever – they combined elements of physical theft (geographical proximity and physical access to the store) with an electronic intrusion (computer security is often contemplated only as a means of preventing distant attacks) – but ultimately war-driving and cracking WEP aren’t exactly innovations and the theft overall follows the same pattern used in all such cases: the thieves cast the widest possible net and took the easiest pickings. The only thing to do is to make one’s self a less attractive target surrounded by lower-hanging fruit.

None of these make the stores protect our data any better, though, and nothing ever will. Most of these ideas are only useful to protect against identity theft which could be much more easily and thoroughly protected by a couple of basic regulatory changes – require photos be included in credit reports and require automated notification if one’s credit report is accessed for any reason, two things that would cost the credit bureaus some money and save everyone else a lot of headache. Even regulation will at best discourage such carelessness in the retail sector. Ultimately the only option we have is to stare into the abyss and decide for ourselves how much we want that TV or that t-shirt.

So what do I do?

I use my card all the time. I hardly ever have more than a couple of dollars on me in cash. It’s just too convenient. I make up for it by monitoring my account and my credit record and trusting that I’ll be able to get refunds for any fraudulent activity. So far, so good. That’s “security” for me: the amount of risk I’m willing to tolerate balanced against the convenience I desire. Anyone who tells you “security” is anything else believes they can make a buck off it if they tell you enough times.

At any rate, I have two stories to tell:

First: Friday I’m talking to a client about some work he wants to do on Saturday. We’re trying to schedule a time. I grit my teeth and tell him that whenever is good for him is good for me. He picks a time that means it will be impossible for me to go to brunch and finally meet a friend’s girlfriend – whom I failed to meet last time she was in town because I was on-call. Then he says, and I quote, “Well, really, just as long as we can be done early in the afternoon, any time works. I’ve got plans to get shit-faced at 3, so we have to be done by then.”

Ah, yes, I told him. In that case, we needed to do it around 1 because I had brunch plans. Fair’s fair.

That day, once we were on the call, things went well and truly south. I was trying to figure out why The Thing We Were Doing wasn’t working when it occurred to me that The Thing We Were Doing didn’t make much sense in the first place. I very casually asked him why we were doing this and he said, “Because my boss is a fucking manager and doesn’t know what the fuck he’s doing, that’s why.”

My response was the only word I could produce in that moment: “…Okay!”

Second story: we have a ticketing system that is based largely around email. When a ticket gets created, it automatically emails a copy of itself to the client involved. They can reply to that email and update the ticket themselves if need be. When we update the ticket it emails a new copy of the ticket log to the client. So on and so forth. It’s quite the clever little ticketing system in that it will spot quoted text from itself in a reply email and excise that so that a ticket log remains a fairly continuous conversation without a lot of quoted text from earlier entries.

Today a client emails us an error message they had received about an email they had sent that had been tagged as disallowed by the standards of their firewall. They sent the email with the following text at the top:

Do not sand me any email

So, a ticket gets cut. What does it do? Send that very email right back to the client. So they reply:

Do not sand me any email

…which causes them to get an email copy of the ticket log. Again. Several rotations of this later we get one last email response from them:

DO NOT SAND ME ANY EMAIL I AM NOT INTRSTED

I laughed until I cried. I could just picture them sitting there sending us an email and immediately getting a reply back that simply quoted what they’d just sent and them, in turn, picturing us sitting there with an evil gleam in our collective eye and shooting them a response as quickly as possible, rubbing our hands together at the thought of their annoyance.

What was the very next ticket in the queue? That same client had tried to send their email again, gotten the rejection message again and forwarded it to us – generating another ticket and another automated response right back to them. This time their plea for silence read:

do not sand me any email do not

I laughed so hard I had to go outside. I still don’t know what we did with those tickets. I don’t care. Whatever it was, if we didn’t print and frame them to go on a wall then what we did was wrong.

One of the services my employers offer is URL filtering. Clients can be set up so that they can’t view websites that fall into certain pre-defined categories (adult, guns, politics, whatever) but there is also an overriding “allow” list and “deny” list, free-form lists where we can add a given URL to grant or block access to a given site regardless of whether or how it’s classified in the third-party database of URLs we use for category filters. This is all pretty standard, yes, I’m just trying to explain it for people who may not be familiar with the “Net Nanny” approach to web monitoring.

Most clients add big, obvious sites to their universal “deny” lists: myspace, Ebay, that kind of thing. Occasionally I get one that makes me die a little on the inside, like the time I was interrupted from reading the World of Warcraft user forums in order to block said forums for a client, a moment of terrible irony and a faint aftertaste of guilt. In one very amusing instance, I got a request around 3pm on a Friday afternoon from a client who wanted to unblock the Adult, Alcohol and Firearms categories and then have them re-enabled at the end of the day. Someone was, I could only conclude, getting ready for one heck of a weekend.

On even more rare occasions, however, we get a real glimpse into the inner workings of our clients’ offices and the personal obsessions that plague them. One had a string of radio station websites they wanted blocked; they had a colleague who was an incorrigible user of streaming broadcasts, the devil’s own bandwidth vacuum. Once we had a client who had to block, individually, a specific list of professional sports teams’ and, the next day, a collection of specific sports gambling sites. One had a pretty seriously MMO-addicted user and we had to block the forums.example.com domain for about half a dozen massively multiplayer games. Very rarely, a client will actually explain the situation to us, conversationally sharing private personnel matters in a way that makes us deeply uncomfortable; more often, we are left to invent our own explanatory scenarios.

Today, though? Today takes the cake. I just got asked by a client to block a specific list – half a dozen or more entries in length – of websites devoted to the personal and professional lives of the Olsen twins.

Some people don’t just need a hobby, they need a different hobby.

Bits and bytes are made to be manipulated; by turning votes into bits and bytes, we’ve made them orders of magnitude easier to manipulate during and after an election.

That’s a terrible thing to admit, especially given that I’ve made my career in network security, but it’s true. Ten years ago I set my password on the server where I still send and receive what I think of as my “real” email, and I hadn’t changed it since. It was many characters long, a sensible mix of letters and symbols and numbers. In all those ten years, my account was never cracked, my password never guessed, my login never abused.

Then I logged in on Monday afternoon, and I saw an email from Ebay telling me I’d successfully created a listing for 1,000 gold from World of Warcraft. Only, I hadn’t. I figured it was phishing spam, but it mentioned my specific Ebay login. So, I checked my account on Ebay, rarely used, and saw that, whoops, there were over 1,500 fake listings for WoW gold in my name. They were identical, and each listing page included Paypal buttons for the ordering of gold and leveling in WoW – it didn’t matter that they listed them using my account, because the goods weren’t actually bought at auction. It was just a convenient way for them to advertise their product and offer a direct-purchase Paypal link so many times that they could flood the listings one would get were they to search Ebay for World of Warcraft gold.

Long story short, the Ebay rep who talked to me (they call you after initially working with you online, which really sealed the deal for me in terms of coming away viewing it as a positive customer service experience – that, and it took them all of fifteen minutes to have the situation entirely fixed) told me two things: that it was the most fake listings he had ever seen, so many it crashed his administrative interface to the site when he tried to cancel them en masse, and that I should change the password on my email account.

Now, realize that the account in question is an old account. I’ve had it for over a decade. It’s an actual shell account on an actual server where I use Pine to read my email. It is not some Hotmail junk. I remember when I worked there, there was a terminal set up in one corner and whenever someone mistyped a password for an account on our system, an alert would pop up on that monitor.

But I work in network security, and I couldn’t very well just cross my fingers and hope for the best, could I? I’d already cancelled my Paypal account entirely in a fit of paranoid track-covering. I was already in slash-and-burn mode regarding anything related to my Ebay account. It occurred to me that if they had logged in as me then they knew my street address, they knew my email address, they knew my phone number, everything. Even if they couldn’t do much with my street address, it still drove me bat-shit just knowing they knew that. Anything I could do to improve the chances of not having my life dug further into, well, it had to be a pretty good idea, right? And so I sucked it up and typed something I hadn’t in a very long time:

passwd

Now I have to remember a new one. The old one is so programmed into my fingers that I still type it every time I log in. I felt oddly invaded, oddly stripped bare by the experience, but nothing about it is as bad, frankly, as my annoyance at having to remember a new password.

If I could wrap my hands around the necks of those bastards, that’s the last thing they’d hear as the light dimmed: You made me remember a new password, you fuckers.

What’s funniest to me is that I change all my other passwords all the time. Ebay password? Totally changed. I don’t buy or sell on Ebay that often, but I log in fairly frequently just to glance around. I change that password a lot. I just didn’t get lucky on this one.

It’s just that one password, on my “real” email, that I’d let stay the same. Eventually it was like a quiet point of shameful pride, like a monk with a prodigious collection of skin mags. But now even I, perverse as I am, will change it often as well. Just one more thing to go in the calendar appointments, one more account to remind myself to change every so often.

I would wring those bastards’ necks in two seconds, given half a chance.

And so, with that in mind, pretend for a moment that you and I are sitting in a bar. There is a large plate of cheese fries between us, with ample supplies of both ranch and honey mustard dressings. I have a Diet Coke (it counteracts the cheese fries, right?) and you have the beverage of your choice. You have just pulled out a pen and one of the bar napkins and said, “So how could it work and be safe?”

This is not a circumstance in which we are going to solve the problem from start to finish, but I do have a few ideas. I don’t know how feasible they are. I don’t even know if they’re truly secure, because encryption and authentication are not my specialties. I do network perimeters, though, so I do touch on authentication and encryption. I am not, however, a genius. I am a guy who is good enough at his job to keep doing it. Keep this in mind. I say this in part to excuse any gaffes and in part to make clear that criticism or other suggestions will not offend me. I am aware of my limitations! Anything we can come up with to improve on the following scenario is a good thing. I do not believe that in a day or a month or a decade the whole world will look back on this post as The Answer That Worked, but neither have I found much of anywhere that this is being discussed in a serious but casual and open way. So, we begin here, and see what happens.

The biggest issue with online voting is, how do we know your vote was cast by you? Online voting would, if dissected into an order of operations, look a great deal like voting in person, in part because that’s already the model that works, and in part because this can be translated into a friendly, tech-free presentation to the user that will make them comfortable with a new process by making it feel like the old process wherever possible. That means the first thing we have to do is check in at the front desk. So, we need to authenticate you. However, managing a national database of logins and passwords is impossible and, just as importantly, neither would it be anonymous. Confidential is not the same as anonymous (let’s hear it from the HIV-testing activists from ten years ago, people), and what we’re gearing for is authenticated anonymity. (I don’t even know if that’s a real term, but we’re too busy eating cheese fries to care. This is all just kicking the ball around.) You want to check in at the front desk but, after that, you do NOT want your vote in any way tied to your name. Remember, you don’t sign your ballot before you stick it in the box.

The second big question is going to be ensuring that your vote is not tampered with. In real life we do this by being alone in the voting booth and then putting the ballot in the box ourselves. Polling place workers do not take the ballots from our hands after they’re filled out. Instead, they are tucked away in the big, brown boxes for security’s sake. After that, we have to trust that the authorities are honest with their counting, but hey, we already do that. So far, so good. How to duplicate this online is going to be to use extra-strength encryption. I am not talking about 128-bit encryption you use to check your bank balance. Yes, that’s great, and the kid down the street sniffing your wireless link is not going to be able to crack that in a hurry, but we know someone can: the government. Rumor has had it for years that 128-bit is the industry standard because the average cracker can’t break it but the NSA can and in real time. Perhaps it is true that Uncle Frank is simply not going to care about that, but the geeks sure as heck will. If we’re going to sell online voting to anyone, we have to win over the geeks first. Then they can sell their Uncle Frank on it on their own time. Thus, I’m going to go out there and suggest 1024-bit encryption. It’s overkill, yes, but it is very, very safe, and all the nerds out there with GnuPG are going to like seeing that big number.

The third question is, how do we deliver it? The bottom line is that, like any question of voting equipment and processes, it’s going to be decided at the state and local-elections-board levels. Your town or county or city or whatever is going to have to keep a server where the votes are tallied. This is not hard, because the process of tallying votes is now largely computerized anyway. Butterfly ballots excluded, do you really think that here, in NC, when we complete the little arrow to the candidate’s name that someone is going through and checking those by hand? Those things are scanned and the results stored on a computer. We will store our results on the same computer. Voila.

“That’s a lot of nice talking,” you say to me around a mouthful of Beverage(tm), “But we already know all that.”

Too true! Here’s the tech part of it, and it’s very simple: one-time crypto keys.

Let’s say we have our system in place. I want to vote online because I am lazy and I could be sitting at home stuffing myself with my own plate of cheese fries rather than out standing in line. Thus, I appear at my local polling place and skip the line and go straight to the front table that’s next to the other front table. There is no line. I tell them who I am, and they check me off in the big book because I’m now saying that I have voted and I am not going to vote in person. The other front table checks me off, too. The nice people behind the table hand me a CD with the voting client software on it (a cosmetically modified VPN client that is light and simple and will uninstall the day after the election and a link to the page where I will vote, using a private IP address for which I’ll only have a route after the VPN client has bound to my network interface). Then, they reach into a big box next to them and pull out an envelope. It looks like a paystub – perforated edges on each end – and they open it. They toss the carbon-copy sheet in the middle, hand me one of the two pieces of paper inside, and take the other piece and stick it into a ballot box.

I have now, for the purpose of validating that as many votes were cast as voters showed up to vote, voted.

I go home. I start warming up the cheese fries.

While that’s happening, I pop the CD in and install the VPN client. It is quick and painless, and requires minimal user interaction. When it launches, I am asked for one thing: the string of letters and numbers printed on the otherwise blank sheet of paper I was handed at the polling place. That string is my key. I should note here that I don’t mean the actual encryption key, I mean something like a pre-shared secret – it’s not 1024 bits of characters, it’s just a random jumble of characters (let’s say 8 to 12 characters in length) that can be compared on the far side of my connection to verify that this is legit. Once I put that in, my browser launches and I am taken to a page that has the appropriate offices and candidates for my precinct/district/etc. I vote by clicking a few radio buttons. I click submit, which takes me to a listing of the votes I just cast. I am asked to review these votes and confirm them. Because this is just a simple page, my enhanced accessibility software for any disabilities I might have has no problem handling it – the page is read outloud, the text is enlarged, whatever. I click that I have verified this information, and tah-dah, I have voted.

The server on the far side marks my key as having been used. It can never be used again, not even next election.

I eat my cheese-fries.

That night, one candidate in a race asks for a recount. The number of votes cast is compared to the number of voters having shown up to vote, voted early or listed as voting online. The tallies are run again. There is no problem with online votes because they are, ultimately, every bit as secure as the output of a touch-screen machine that has no paper trail. So, OK, there are potential problems of the tallies having been tampered with, but these problems exist already in our system, so they are separate questions entirely.

Now, of course, there are problems with this. What about all those unused keys sitting in that box? They are thrown away. But what if someone decides to start opening them and checking off random no-shows in the voter roll and just voting for them? Well, that could already happen with blank paper ballots at any polling station. If we distrust the people running our elections, that is a separate question entirely and not of import to the technical matter of allowing secure, online voting.

But what, then, of Uncle Frank? He’s so bad with computers he tried to install iTunes and wiped his hard drive! He didn’t even know what iTunes was!

That, my friend, is Uncle Frank’s problem. Perhaps his geek niece will help him. Perhaps his geek niece will be so civicly minded that she sets up a local volunteer tech-support line for her precinct to help folks who aren’t sure what to do – staffed by both Democrats and Republicans, and endorsed by the local elections board after receiving election-staffing training. Perhaps she is supported entirely by one party or the other, like the many other programs the parties run on election day to assist voters by giving them rides to the polls, ringing doorbells to remind them it’s election day, all sorts of things.

But they could trick them into voting the wrong way! Yes, and so can phone-jamming schemes in New Hampshire prevent them from getting to the polls in the first place; the thing is, if it’s found out, it can be punished just as surely as any other form of election fraud.

Fine, Mr. Smarty Pants, what about spyware? Hackers? Key-stroke loggers? What about a virus that changes the local host file on Uncle Frank’s computer so that he gets redirected to a false website and his vote is stolen and he gives away his key to someone else to use? That? That I’m not so sure about. That’s partly a function of making sure your computer is safe in the first place and partly a function of threatening such voter fraud with the same punishments as any other form of voter fraud. It is, ultimately, a matter of law enforcement. I’m here to answer the technical matter of making the online voting happen as securely as possible, though, so I simply don’t have the technical answers other than to say that we all risk this every time we check our online banking or pay a bill. As such, Uncle Frank (or his geek niece) are going to have to take the same precautions they take every day, cross their fingers and hope for the best just like the rest of us.

So who’s going to pay for this? We are. We’re the taxpayers. The same budgets that pay for touch-screen voting machines will pay for the VPN equipment, and connections, and the perimeter security around the machines that handle tallying and the VPN concentrator itself, and on and on and on. Will it be expensive? Oh, you bet it will. It’ll be worth it, though, and heck, what we’re spending now on touch-screen devices is already pretty outrageous.

And yet, there are other problems, and other questions, and probably a whole slew of technical issues and hitches and hiccups that I just haven’t thought of. So what are they? It’s time to get cracking on this issue, because it’s going to happen one day, sooner or later, safe or not. We might as well start kicking around the best-case scenarios – not the worst-case, but the best-case – so that we can push for them early.

Now please, stop bogarting the honey mustard.