#64 - Bruce Schneier on surveillance without tyranny, secrets, & the big risks in computer security
November 3 2020, 11:46PM: The NY Times and Wall Street Journal report that some group has successfully hacked electronic voting systems across the country, including Florida. The malware has spread to tens of thousands of machines and deletes any record of its activity, so the returning officer of Florida concedes they actually have no idea who won the state — and don't see how they can figure it out.
What on Earth happens next?
Today’s guest — world-renowned computer security expert Bruce Schneier — thinks this scenario is plausible, and the ensuing chaos would sow so much distrust that half the country would never accept the election result.
Unfortunately the US has no recovery system for a situation like this, unlike Parliamentary democracies, which can just rerun the election a few weeks later.
• Links to learn more, summary and full transcript.
• Motivating article: Information security careers for global catastrophic risk reduction by Zabel and Muehlhauser
The constitution says the state legislature decides, and they can do so however they like; one tied local election in Texas was settled by playing a hand of poker.
Elections serve two purposes. The first is the obvious one: to pick a winner. The second, but equally important, is to convince the loser to go along with it — which is why hacks often focus on convincing the losing side that the election wasn't fair.
Schneier thinks there's a need to agree how this situation should be handled before something like it happens, and America falls into severe infighting as everyone tries to turn the situation to their political advantage.
And to fix our voting systems, we urgently need two things: a voter-verifiable paper ballot and risk-limiting audits.
According to Schneier, computer security experts look at current electronic voting machines and can barely believe their eyes. But voting machine designers never understand the security weakness of what they're designing, because they have a bureaucrat's rather than a hacker's mindset.
The ideal computer security expert walks into a shop and thinks, "You know, here's how I would shoplift." They automatically see where the cameras are, whether there are alarms, and where the security guards aren't watching.
In this episode we discuss this hacker mindset, and how to use a career in security to protect democracy and guard dangerous secrets from people who shouldn't get access to them.
We also cover:
• How can we have surveillance of dangerous actors, without falling back into authoritarianism?
• When if ever should information about weaknesses in society's security be kept secret?
• How secure are nuclear weapons systems around the world?
• How worried should we be about deep-fakes?
• Schneier’s critiques of blockchain technology
• How technologists should be vital in shaping policy
• What are the most consequential computer security problems today?
• Could a career in information security be very useful for reducing global catastrophic risks?
• And more.
Get this episode by subscribing to our podcast on the world’s most pressing problems and how to solve them: type 80,000 Hours into your podcasting app. Or read the linked transcript.
The 80,000 Hours Podcast is produced by Keiran Harris.