A blind faith in science can lead to much trouble

Net Results: If you spend a lot of time talking to people in the technology business, you come across a lot of weird new words…

Net Results: If you spend a lot of time talking to people in the technology business, you come across a lot of weird new words, odd terminology or just plain idiotic marketing speak.

To me, that's a plus side to the job. I like collecting the new terms (new to me, anyway; I know some of them have been around for a while). I have an informal policy of trying to learn one unfamiliar term every week or so which, in the tech industry, isn't hard.

This week's term is "bluesnarfing". Excellent, isn't it? Could be the name of a new band or something your parents would have forbidden you to do when you were 17.

But it is actually the act of infiltrating another's mobile phone via its Bluetooth network. This week, Nokia admitted that a number of its handsets were vulnerable to this kind of mobile hacking and it is pretty serious stuff.

READ MORE

An attacker would be able to download and make changes to the address book and calendar on the victim's phone. The affected models include the Nokia 6310, 6310i, 8910 and 8910i phones.

While Nokia said the phones needed to be set to be visible to other Bluetooth devices, a report by British security company AL Digital said the vulnerability existed even when some phones had their devices set to be invisible.

Perhaps more worrying is a vulnerability Nokia said existed in the 7650 model phone, which could be "bluesnarfed" in such a way that an attacker could read data and also send SMS messages via the phone, making it look as if the phone owner sent them.

I am sure this brings a pleasurable glow to those of a particularly bitter and revenge-filled bent, who will immediately imagine a whole realm of possibility if their boss/ex/teacher/annoying guy in the next cubicle owns one of these handsets.

The problems affect other brands of phone, too, the report says including some models of Ericsson and Sony handsets. There's a question of whether the same vulnerability might exist with Bluetooth-enabled laptops (and there are lots of those, these days). You can read the whole report on www.bluestumbler.org.

Time to panic? Well, I don't think so, but it is certainly time to spend a bit more cash and brainpower on thinking through security issues before some technologies are widely implemented.

Which brings us rather neatly to the discontent expressed on many sides - discontent now becoming full-blown controversy - over the Government's plans to yank us into its version of the 21st century with that woefully undertested and uncertain technology, the e-voting machine.

The Government's version of the 21st century means forcing voters to vote in such a way that the integrity of the voting process will always be open to question.

This is not to suggest that any political party in this blessed isle would misuse the voting process - let's just say that some individuals have, in the past, shown how easy it can be to spoof the plain old ballot box and paper approach to casting one's preferences.

Yes, paper and ballot box are prone to error and misreading. We were told this week on radio of the problems with spoilt votes that weren't intentionally spoilt, and who can forget that other resonant word for our vocabularies, unknown to most until the last US presidential election: chad (hanging ones, to be precise).

But at least with such old-fashioned techniques there is a paper trail, and the voting process - of people arriving, casting votes and putting them in locked ballot boxes, which are then opened for the count - can be observed. This has been a crucial factor in working to guarantee a democratic electoral process in some developing countries.

There's a trail of both paper and observed human activity.

But with e-voting machines as they currently exist, none of this is available. No paper trail and, more shockingly, source code for the program running the machine that is not independently available for examination to ensure it is "clean". And the system could be hacked.

The "real world" equivalent is an election in which the ballots are never made available for recounts or independent verification, and the announcements about the election results are all made by the governing party.

I know the State would like the supposed kudos of being able to say it is the first nation in the world to run a full election electronically, and that intentions behind this effort are good, if naïve. But the "real world" equivalent of these machines would never be tolerated in a democratic country.

As often is the case with technology, people get blinded by the science. As with Bluetooth - or even corporate and home wireless networks - they think only of the best-case possibilities, not the worst-case vulnerabilities.

E-voting is very definitely not yet ready for primetime - as numerous studies in the US and elsewhere have shown. We need to resolve the potential problems before they happen and not wait for a full-blown scandal to point out how premature our trust in all things electronic can be. klillington@irish-times.ie

weblog: http://weblog.techno-culture.com

Karlin Lillington

Karlin Lillington

Karlin Lillington, a contributor to The Irish Times, writes about technology