Editorial: how to break into bank vault?

Copy
Please note that the article is more than five years old and belongs to our archive. We do not update the content of the archives, so it may be necessary to consult newer sources.
Photo: Urmas Nemvalts

Today’s the day that EU e-elections begin. Just two days ago, and international group of activists came out with an announcement that e-elections are not secure. The repercussions have split people into two fronts. A smaller part (mainly the long-term e-elections critics) thinks it was high time for someone to point out the weaknesses in e-elections. The rest have formed a defence, standing for the reputation of e-elections (and, more widely, of Estonia as an e-state), viewing the experts as an attempt by Centre Party to sway the elections.

But maybe it’s better to take a time out and take a look, nice and quiet. Firstly, what do we know of the problems detected? Not much, we have to admit. All we have is an emotional assessment, the analysis itself has not been shown to the public.  

All we know is allegedly there is a problem with e-elections; and the problem is linked to malware. That’s not saying anything new. Malware has existed since the Internet first was created. People have always been busy rendering it harmless and the job is here to stay. To say that e-elections aren’t secure as computers may contain malware is as good as saying better don’t leave home as burglars may make use of that.

Yes, burglars do exist. Yes, they may break into your apartment, especially when you have a bad lock or – drawing a parallel with e-elections – you have an outdated antivirus programme. But, in addition to locks, there are signalisation and security companies. Even for an ordinary apartment. Talking about e-elections, we’d better compare with Eesti Pank money vault. Could the central bank be broken into? Theoretically – yes. In practice – very complicated. It’s not just that the lock is better, but the control is more constant and effective.

To continue: let’s have a look at how the suspicion was served. Good practice would prescribe that the one discovering a security glitch will tell the software producer, in details – so the latter can fix it. Now, we learned of the assessment via media, and without the technical information which would help – provided there indeed was a glitch discovered – to quickly solve the problem. 

Summarising: a group of activists has passed a critical judgement on security of e-elections, only referring to widespread and general problems and doing it a couple of days before elections in a way not corresponding to good practice. The activists are not revealing the content of their analysis, but they think the e-elections should be cancelled. Why exactly? That, they say, we’ll hear after the elections. If this were a serious analysis, the activists have found a weird way of presenting it.

This will not mean Estonia should not consider the issue – whoever it was who ordered the analysis. Elections are an event of such weight that procedures thereof must not only be secure, they also have to look secure. But until there is no clear analysis on e-election problems, we have no reasons to doubt its security.

Comments
Copy
Top