Saturday, July 4, 2009

Podcast: Crypto-Gram 15 Nov 2006: perceived vs actual risk

from the Nov 15, 2006 Crypto-Gram Newsletter
by Bruce Schneier

* Voting Technology and Security

Voting accuracy, therefore, is a matter of:
1) minimizing the number of steps
2) increasing the reliability of each step.

Electronic voting is like an iceberg; the real threats are below the waterline where you can't see them. Paperless electronic voting machines bypass that security process, allowing a small group of people -- or even a single hacker -- to affect an election.

The solution is surprisingly easy: The trick is to use electronic voting machines as ballot-generating machines. Vote by whatever automatic touch-screen system you want: a machine that keeps no records or tallies of how people voted, but only generates a paper ballot. The voter can check it for accuracy, then process it with an optical-scan machine.

* The Inherent Inaccuracy of Voting

There are two basic types of voting errors: random errors and systemic errors.
Random errors are just that, random. Votes intended for A that mistakenly go to B are just as likely as votes intended for B that mistakenly go to A. This is why, traditionally, recounts in close elections are unlikely to change things. The recount will find the few percent of the errors in each direction, and they'll cancel each other out. But in a very close election, a careful recount will yield a more accurate - but almost certainly not perfectly accurate- result.

Systemic errors are more important, because they will cause votes intended for A to go to B at a different rate than the reverse.

The problems of electronic voting machines become critical: they're more likely to be systemic problems.

* Perceived Risk vs. Actual Risk

Reasons why some risks are perceived to be more or less serious than they actually are:
1) We over-react to intentional actions, and under-react to accidents, abstract events, and natural phenomena.
2) We over-react to things that offend our morals.
3) We over-react to immediate threats and under-react to long-term threats.
4) We under-react to changes that occur slowly and over time.

Perceived vs actual risk:
1) People exaggerate spectacular but rare risks and downplay common risks.
2) People have trouble estimating risks for anything not exactly like their normal situation. "
3) Personified risks are perceived to be greater than anonymous risks.
4) People underestimate risks they willingly take and overestimate risks in situations they can't control.
5) People people overestimate risks that are being talked about and remain an object of public scrutiny.


time 60:38
PS: this is my cheat sheet of Bruce Schneier's Podcast:
http://www.schneier.com/crypto-gram-0611.html

Labels: ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home