The government has really tried to make the systems as reliable as possible. People have expect haitians towards the government provide different services, and the online vote is natural for us. Had several expert teams come to a study and assess that. Geeks, the online voting, it is open. I have no idea what to do with that. That they can join everything. I basic question is about the trust. If we do have the trust towards governments, and we put that into the context of the united istes, any kind of system inherently not trusted i. Is there any possibility that also here this Technical Solutions could have more transparency . Quickly will pick you point as as we eve all. The internet has some core, not trusted aspects to it. There is a distrust of our government in the United States. There has been a combination of both parts, trust in both areas. It sounds like you have that in estonia. You have much more you have some foundational pieces that are solving the problems. Like your national id card. That provides an identity that we dont have here in the United States. We need to get some of these Building Blocks in place. Move security down below the operating systems so that we can solve the problem with a trusted platform. That would take years for those class those platforms to be out throughout the home and consumer markets. Plex i was recently in particular. Some of the smaller countries think that there at a this advantage. Discerning that shown that it will allow you to be much more agile, much more responsive to the numerous passion of her technologies that come out. Plex it is one election jurisdiction, not 7000. I like to say that trust, for prosperity. To the extent that these systems its hard to compare cocacola to an increase, this , the valid,ct thing ,ou know, the data structure that is an extremely important part. For verification aspect. Next tesla had one of their cars there. That is a different relationship between manufacturers. You. Let me congratulate ask the panel. The issue that strikes me is the insecure and for structure, hardware and software, we can over to rely upon it. We have a convergence of activities. They are trying to look at International Trade and what we do. It is virtually the same type of concerns expressed to. National Security Council staff is meeting up on transportation safety, administration. A vehicle to vehicle proposals, because you know him to because security is not filled in. This could play a useful role in calling out for a heavy investment, internationally possibly, specifically in the United States is problem, to help us, to give a little plug to intel. Make the investment across the board that speeds the softwareion of safe systems. Without fact, none of the systems are trustworthy. We will not be able to put a layer on top that will ever get away from the invented threat that reads the key to your encryption. It is an impossible task. Mckenzie put out in june history recommendation. It is making its way around courtrooms. We are the thinking about endorsing it. Thank you. First, i think that government and to help speed this along, the trustworthiness. It has been a key question here. Are there other things that to helpnts can be doing , to shortenis place this 30 years to 40 years. . Example, the gentlemen raise the question of the National Transportation security , there are proposals for vehicle to vehicle communication. You are hearing too far off the road, and there is a radio broadcast that says, hey, man, you are running opera. You are running off the road. People care about the privacy of their location. That if it ising done in the open, then people we are seeing nonprofits with heats on staff. People like can say, i dont think you need a thin number two through this. Number to do this. It is starting to happen in the hacker community. They have developed this effort called i am the calvary. These are efforts the hacker that wey is saying often break stuff, but we have to step up. Tore is no calvary coming save us. We have a responsibility to help save the world, so to speak. It is berry ambitious. I think you will see a lot of wonderful things. To build things, while we break things. I think the government is doing some things, with respect to the National Institute for standards and technology. Working onrding voting technology. They have done Research Reports what thehelp on pack issues are. Ways forribed that in anyone can reagan understand. Thathave written reports are geared towards someone who works in an election office. As of yet, we have not developed standards for an internet Voting System. We are a little ways from that. There are some nongovernmental efforts. What specifications might be needed. That is a little ways off. I think what joe said something that is important, getting all the stakeholders the opportunity to provide input. That is why i appreciate Something Like cyber security. One thing that struck me in the conversations that i have to over the past week was have a machine involved in voting, or technology involved in voting, there is a certification process. Further,s us even because when you want to update it for security reasons, you might have to recertify it. It is one of those things what we can do to help security a long might the ways to speed that process up so that we can get the more secure technologies. You can tell at the backend if it worked right during the election to help you a limit eliminate some of those certifications. Torequires the ability audit. On thes not focusing trust of the government. Is to address the critics that things are happening in the proper way. We are talking about specific hardware. It should be a combination of things. We will make the security more difficult to happen. In case this protection fails, it is possible that this happens. It should be a combination of both. Since maybe there are people who trust the computer or they have authorityfied by an they want to jack any time during the voting process. We need to combine both things. The certification will and sure will in short that security practice has been taken into account when this computer has been developed. Responsibility is to the voting process. We are going to do ron, and it will come over to this site. Thank you. Network security analyst with the Carnegie Mellon university. Knowledge,mpressive it may make me change my mind about congress. [laughter] i am a new england are, originally. You stole my thunder a little bit, jo. The difference between trust and trustworthiness. The government to be what is trustworthy, but the systems to be trustworthy. Just yesterday at a secured conference here in washington, d. C. , general alexander, the head of nsa, said the current architecture of the internet is indefensible. What we need for trustworthiness is, number one, not mathematical proofs that ballots can be verified. Is transparent systems that all voters can understand. The main way we know to do that is with durable paper records. They have the additional benefit the voters intent to be reexamined and provide meaningful recounts and audits. That is my question. Isnt the trustworthiness in the systems what matters . The supervised voting, which is an insurmountable problem. I think you are right on the transparency and what voters can understand. I would say you are the point technology, interacting with voters all the time. How is that trustworthiness in the system . Do they come out of it and feel that it was a great experience . It is more or less what i said before. The majority of voter trust is with the system. Who do not trust the systems. People need to say that it does not matter. It is important that the system can be audited. Aboutare talking unsupervised voting, it can work. When we are talking about remote voting, which would be the maybeon, for instance, the voter can print the paper at home, but what will happen with this paper. Is it enough or not . It is an important part of using to understand what is happening inside the voting process, when we are using only a computer. Some of the phrases we talked , for thoseer involved in security, we see that people have a ton of confidence in the internet. If they only knew what we knew. I will throw another blog in your ear. This. That was put forth, a good friend of ours, a standard. Ky guy they have a the recalled software independence. An undetectable change in the outcome. Is that youdo that do have some sort of durable, physical media that the voter can verify and recount later. That if youing dont have something to audit, recount, independent from the software, you may be in a world of hurt. On the notion of statistical recount, wrist limiting audits. The whole point being if you compare a subset of the ballots with the data structures, and you dont find enough errors that disagree speaking that would show you that the outcome would change if you actually recounted it, then you dont have to do a recount. You know there is no error that would have been possible. Californians change their law recently you can do the traditional way of certifying the machine on the front or you. An skip all that you can do one of these audits that show that no one else would have won. The trick is what happens if you find errors. Then you have a recount. We know this guy. Sri international. The point of internet voting is to make it easier for voters to cast their votes in a way that gets counted accurately. The next generation is the cryptographic Voting Systems. Two recent studies that have come out that cost some concern. That voters could not figure out how to do the verification with the three of the most commonly used systems. It was too complicated for them to understand how. In another study, which is about to be released, even if they can figure out how, they are not motivated. They do not understand why. Is, how do we get to systems that are have the desired capability, but also offer the voter what they need. Another piece of this is the castn of being able to voters do not understand why they should want to use the technology. If the voters dont understand how do we, it get to the cyberhuman parts of the voting issue. . I will be really clicked. Quick. Ll be really describe some of these cryptographic ideas in normal i can teach you the high level notion of what that is we need to be able to do things like that that dont cover only little components, but talk about the role of the technology in accomplishing the integrity we need. They want to go in and make ,heir decision, push the button and they are done. The vote is counted. That is the extent. That is the challenge we have to get over. That weto make sure have means that allow for a system that helps them do that in a versatile way. In this project, the voters verify that their selections have been made. Of the problems that we have in this project is how to balance the verifier to ability the verifiability and the usability. Most people dont care about this. This is for the people who do not trust the system. How can weis, so thate this in a way the system can distinguish between somebody who is going to who makes somebody any kind of trick. So, the problem is how can we , butde this as an option does not jeopardize the voting process for the voters. At the same time, to make verification efficient. We put this as on option in some cases. They that is not codes are arty sent by the voters. Happens in norway voters check their return codes. It has not been based on a real study. It was based on a problem they had when they were trying to print some voting cards. The people that called made a stipulation that means that 70 of the people who received wrong voting cards detect the error. The more data we have for the studies, the better. The norwegian system has not been studied here in the United States. 2011, andstem since also it has been shown in different conferences. That it is is important to design a verification process that is easy for the voters. It is also important that the critics understand. If the voters understand, it is fine for them. Is that thet part system can make a distinguishing decision. The voters do not always care what kind of Voting System they will face. What is more compelling to them is who they want to vote for an this election is important. Once they get there, i think it is the responsibility of the stakeholders to care about elections. We need to make sure that it is available, function, and that it will work. You said something that caught you hear about all these breaches. Where the sometimes idea of sending a something as votes over the internet how did that get to be a good idea . We have this Natural Inclination and can do spirit. We have come to admire when people make light of challenges and obstacles or minimize them. They are lesse if daunting, we can do this. We can overcome it. We can apply ourselves. I think that is one of the voting in theis country today. The unfortunate part of it is if there are shades of bad, it is the worst of the worst. The ballot is being sent in an unencrypted email attachment to election offices. I told somebody about this one time. Somebody who was doing Security Consulting for large firms. His eyes got large and he wanted to cover his ears and not hear what i was saying. It is true. I think there is a lot of bridging that needs to happen for people to understand what the key challenges are, what we need, and work on those kinds of research problems. I think it is they can do front your spirit of rhode island that is carrying us through. [laughter] final round of comments here. Joe said it would take 30 years to 40 years. That is kind of a long time. The Digital Natives using this now will be in their 40s or 50s. That means i will be in my young 60s. [laughter] that is a long way. I am curious if the other panelist agreed with that timeframe. Maybe, if there is one kind of thing that we can do, that one thing, what would that be . That may be a little long because of the whole process on how Fast Technology is advancing, but there does need to be an effort, a focused effort, on trying to deal with the problems today. We have to do a better job. Someone mentioned earlier that identity is a big one. Reasonable amount of things that you can do to provide a more secure environment, no youre talking with. You still have those underlying that the devices to be secure. I dont think it would take white that long. If we want to really push this, we need to look at looking at the concerted effort to design a National Environment that standardsbased, thats going to be able to scale. We are solving a rock local issue, find food we can do that without a lot of work in 30 years or 40 years. If we are solving a national issue, we have a real problems that need to be addressed, real design considerations. We need to discern whether or not we are going to do this on top of a trusted or on trusted environment. Those decisions need to be made. Intel we can get to a national focus, we were not solve the problem. This estimateith of 30 years or 40 years . Whof you talk to folks evaluate these kinds of , protocol stacks for the next Generation Internet what might replace what we have now their most optimistic projection to have a coherent internet is 40 years. This is something that no one knows anything about. Right now, you have folks doing adversarial routing attacks. Suddenly a route is rerouted for an hour. Hstan what the heck. There are things like that i dont think you can solve until we have a fully deployed piecemeal path to the internet. I am going to shout out to missouri. We are also a show me people. I think we need to ask what is the floor beneath which we are. Ot willing to sink systemswe owe ourselves that do produce the evidence you to know that was the correct outcome. I think joe is on the money with the timeframe. That is my take. I dont think we need to wait 30 or 40 years. Risk in a way that is acceptable. Ultimately there are people thinking about how to use technology in the elections. Risks are evolving. We have different parties like my company. To see if they are acceptable to use for an election only for certain groups. We need to move. We cannot wait. If we wait we will find other risks in the future. I think we have the technology for introducing internet voting. Wewe want to limit the risk can think about using certain people. Also present. I think it is not the solution. Some things we might be able to do to shorten that is to let these elections, part where we can get our heads around this and figure out how to use it. We can lay the sidewalks but we really wont know how people want to use this technology. Howoncern is we can imagine long it is going to take to solve these problems. We are on this slope. Unfortunately the attackers are on this slope. My concern is that hackers might get much better than the defenders. Mcafee has been trying to get that. Gainswant to unlock these , we have got to start getting security right. To us that is the important message. It is not just talking about the downside and the risk but also the benefits we can unlock if we get this right. I want to thank mcafee and my panelists. Paul and robbie, who are doing our tweets. The volunteers are interns. , National CyberSecurity Awareness month will be here to talk about updates, so we will have tom cornman from the House Committee on intelligence. Risk. L talk about ie fifth of november am sorry. On the fourth of november we will have an event on nato talking about the new cyber strategy. That is going to be with the assistant secretarygeneral, so the top nato official probably the fourth ofon november. Keep your eyes open for the next taper we are doing with mcafee. Next paper we are doing with mcafee. One of these places if we dont get security right we are not going to be able to unlock the amazing potential we can find. Hank you to our panelists thank you for being here and making us smart on the issue. Thank you for being here. [applause] coming up, campaign debates between minnesotas senate handed eighth and the candidates for governor of pennsylvania. Then an update on the ebola virus. Next washington baum on, diane nissen military strikes against iraq and syria. How Media Coverage on gary hart and his extramarital affair changed political reporting. Also your