Opinion

FUD Watch | The Boogeyman in the E-Voting Machine

There's no mix quite like Halloween, politics and government. It's a cocktail that can be heavy on the fear-mongering. Here are some examples

By Bill Brenner, Senior Editor

Page 2

E-voting security: Much has been made about the security holes in e-voting machines, and there is plenty of merit to the argument. Princeton University and other research organizations I trust have warned that e-voting machines used in New Jersey and elsewhere are unreliable and potentially prone to hacking. To me that's a no-brainer.

But I look at this the same way I look at all technology. I assume there are security holes whether they have been researched and reported or not. But I'm not about to shy away from the technology, either. In the long run I think e-voting machines are a good thing because it cuts down on the amount of paper used and it's a quicker, more efficient way to tally votes. [That's probably going to get me in trouble with those who say there should be a paper trail on these machines. There should in the short term, but I think a better way will emerge eventually.]

There's no doubt some machines will be tampered with, and I applaud the researchers who try to stay on top of this. But vote counts have been tampered with since the nation was founded. It's always going to be a problem, and while e-voting machines open the door for new methods of voter fraud, the overall threat hasn't changed much. I think most of these machines will do their thing without incident.

Mass ID protection law: I'm actually stunned by how little has been written about this. But I've seen enough to know that the business community thinks it goes too far. I had a conversation the other day with a colleague who feels the same way. While this looks like the most detailed ID theft law out there, my friend pointed out that it's going to be near-impossible for businesses to obey.

He may be right. But then I've also heard the business outcry at the enactment of every security/privacy regulation that's come along before this one. Take your pick: HIPAA, SOX, GLB, and industry standards like PCI DSS.

Eventually, most businesses adjust, become compliant and more secure in the process. And as long as companies are honest with regulators and auditors about where they are having difficulty, they won't be thrown to the wolves.

This Halloween, be aware of the threats around you and take the right precautions. But for goodness sake, don't hide under the bed.

About FUD Watch: Senior Editor Bill Brenner scours the Internet in search of FUD - overhyped security threats that ultimately have little impact on a CSO's daily routine. The goal: help security decision makers separate the hot air from genuine action items. To point us toward the industry's most egregious FUD, send an e-mail to bbrenner@cxo.com.