Former MI6 Chief: ‘ Electronic voting presents serious hacking risk.’

“Bizarrely the stubby pencil and piece of paper that you put your cross on in the ballot box is actually much more secure than anything which is electronic.”

Former MI6 Chief Sir John Sawers

sir-john-sawers

Former MI6 Chief Sir John Sawers

Sir John Sawers, former chief of the British Secret Intelligence Service [MI6], has said that any move towards electronic voting in the UK would leave major elections at risk of being targeted by cybercriminals and hackers. Twitter: @Intel_Today

Sir John Sawers recommends traditional ‘pencil and paper’ approaches to voting because they are “actually much more secure”.

“The more things that go online, the more susceptible you are to cyberattacks,” Sawers said on Tuesday (3 January 2017) on the BBC’s The New World: Axis of Power.

Sir John Sawers was head of MI6 between 2009 and 2014, when he was succeeded by Alex Younger.

RELATED POST: UK’s Intelligence Agencies

RELATED POST: Who Is Who in World Intelligence and Security Agencies : MI6 Alex Younger

In light of the current uncertainty over US election hacking, Sawers warned that the UK need to have systems which are robust.

“The only trouble is, the younger generation of people expect to be able to do things remotely and through electronic devices. Bizarrely, the stubby pencil and piece of paper that you put your cross on in the ballot box is actually much more secure than anything which is electronic.”

The Risk

Sir John Sawers is — of course — very political and some will suspect his intervention is in support of the alleged claim — all expert agree that the FBI does not contain a real proof — that Russia hacked the US election.

(By the way, former CIA Director James Woolsey just said a few hours ago that those who believe that Russia, and Russia alone, was behind the hacking will likely be proven mistaken.)

Nevertheless, experts generally agree that the risk posed by these electronic voting devices is very real.

But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.

We no longer have time for that. We must ignore the machine manufacturers’ spurious claims of security, create tiger teams to test the machines’ and systems’ resistance to attack, drastically increase their cyber-defenses and take them offline if we can’t guarantee their security online.

Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails, and no Internet voting. I know it’s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.

RELATED POST: MI6 Alex Younger & BND Bruno Kahl: Russian Hackers Will Target European 2017 Elections

International Law

“One of the big problems we face with cyber is that it hasn’t really been discussed internationally about what is the acceptable use of cyber-powers, where the red lines are and what happens when those red lines are crossed,” Sir John Sawers stated.

Toni Gidwani, a former Department of Defense (DoD) analyst who now heads up operations research at cyber-security firm ThreatConnect, agrees:

“The rules here are not as clean in terms of what’s allowable and what the consequences are.”

According to the US Department of State, cyber activities would constitute a use of force if they were to cause direct physical injury and property damage such as (1) operations that trigger a nuclear plant meltdown; (2) operations that open a dam above a populated area causing destruction; or (3) operations that disable air traffic control resulting in airplane crashes.

The US has — of course — never suggested that hacking a foreign government was an ‘Act of War’. And whether or not, ‘hacking an election’ — whatever this exactly means — is an ‘Act of War’ under the Law of Armed Conflict is certainly debatable at this point in time.

This probably explains why Andrew Fletcher recently wrote:

“Now the very foundation of the American democratic process, free and fair elections, are potentially vulnerable to foreign interference. Likewise, Russia could, in the future, become the victim of cyber-attacks in vulnerable areas within its own political or economic system. To help protect against cyber intrusion, countries should establish international law on the matter and work assiduously to maintain the law’s integrity.”

Obama’s Warning to Putin

Allegations by US government agencies, including the CIA, that Russian hackers intervened in the 2016 presidential election were not related to the counting of votes. Instead, it is alleged that hackers obtained and released sensitive information, including emails from the Democratic National Committee, to help Donald Trump.

However, contrary to a widely held belief and numerous reports by US media, Obama’s warning message to Moscow was not about the hacking of the Democratic National Committee (DNC) or of its chairman John Podesta’s emails.

In a message delivered to Moscow over the Red Phone on 31 October 2016, Obama warned Putin that:

“International law, including the law for armed conflict, applies to actions in cyberspace. We will hold Russia to those standards.”

RELATED POST: ‘Russia Hacking’: The Facts about Obama’s Warning Message to Putin

“Establish international law on the matter and work assiduously to maintain the law’s integrity” seems indeed a good idea. The sooner, the better.

REFERENCES

Online voting could leave British elections vulnerable to hacking, former MI6 head warns – Independent

By November, Russian hackers could target voting machines

Russian Hacking and the U.S. Election: Against International Law?

International Law in Cyberspace — US Department of State

This entry was posted in Alex Younger, Hacking, MI6, Obama, Putin, Sir John Sawers and tagged , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s