Former NSA Chief and now CEO cyber security contractor says Canada needs more cyber security, cyber weapons, and should deploy electronic voting: Don’t let cyberattack threat deter Canada from online voting, says former head of NSA <read>
Former National Security Agency director Keith Alexander, seen here testifying before the U.S. Senate intelligence committee in March, says Canada may need to develop an offensive cyber security posture or the ability to shut down cyberattacks. (Susan Walsh/Associated Press)
foreign interference that may have influenced the U.S. election should not deter Canada and other countries from embracing online voting, says the former head of the U.S. National Security Agency.
Retired U.S. general Keith Alexander, speaking at a defence industry trade show in Ottawa, also said it is important the Canadian military have some kind of offensive cyber capacity, even if that ability is limited.
There is no going back to a manual voting system, Alexander said in an interview with CBC News following his remarks to defence contractors, in which he warned that both government and private sector networks are vulnerable to a rising tide of “destructive” cyberattacks…
The U.S. experience is something to learn from, he said, but it should not make countries like Canada leery of e-voting.
“You can create a system where people can authenticate and vote online,” said Alexander, who in addition to running the NSA during the Edward Snowden leaks, was also head of the U.S. military’s cyber command.
We agree that everyone including all levels of the U.S. Government need to beef up cyber security. Yet, no system is yet, or ever will be completely secure. There are several reason against Internet Voting at this time:
- No system has proven secure and likely cannot be made secure. Especially a system used over the Internet, presumably on consumers’ computers and smart phones.
- Encryption is not sufficient and is not even safe, with holes provided by organizations within the U.S. Government.
- Proposed systems for public online voting implementation do not and cannot provide voter verification and publicly verifiable auditing of results.
- No commercial system has successfully passed a credible security audit or open security test. Most vendors have resisted any such testing.
Meanwhile it is pretty clear that U.S. voter registration systems were hacked before the November election. Consider the latest document leaked to the Intercept: Top-Secret NSA Report Details Russian Hacking Effort Days Before the 2016 Election <read> No evidence yet that the 2017 election was manipulated or deterred by such an attack, nor actual evidence that the Russian Government was involved. There is also little evidence to the contrary. A difficult thing to prove either way. One problem with the Internet and cybersecurity is that it is easy to make it look like someone else did it. Evidence that looks like Russian hackers could come from elsewhere, and even then its a far cry from Russian hackers to determining it was the Russian Government. From the Intercept:
The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.
While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.
