Newly appointed professor: Creating trust is crucial in cyber security
Trust and cyber security are interconnected in elections and digital voting, says the newly appointed Professor Carsten Schürmann. If the result of an election is not trusted, it does not matter if it is correct.
On October 1, 2019, the IT University of Copenhagen appointed Carsten Schürmann as professor in Computer Science.
His research focuses on securing critical infrastructure technologies, but also elections and e-voting, which the number of voting machines in his office bear witness to. Carsten Schürmann and his students have succeeded in hacking the machines, not to influence American elections, but in order to answer one important question: How to design technology that you can trust?
If the people do not trust the result, it does not matter if it is correct.
Carsten Schürmann, Professor at ITU. «
“When introducing new technologies in elections you have to understand the risks involved. Securing a system against adversaries is necessary but it is not sufficient. Building systems that can be trusted is more difficult than securing it,” he says.
The foundation of our society
Trust and public confidence are the most important elements in elections, Carsten Schürmann argues. They are the cornerstones in a democracy.
“If the people do not trust the result, it does not matter if it is correct,” he says. In the extreme consequence, the lack of confidence in voting result can lead to violence and people being killed.
Thus, lack of trust jeopardises the very foundation of democracy, Carsten Schürmann argues. If the result is not recognized, people may stop voting, and the losing parties may no longer concede. That he calls a “slippery slope”.
In his research, Carsten Schürmann has identified security flaws in voting systems by hacking and taking over control of the WinVote voting machine. The purpose is to demonstrate how easy it is done.
“Our main concern is that voting machines that do not produce a voter verifiable audit trail cannot be trusted. The paper trail needs to be audited through a post-election audit,” he says.
While building a secure voting system inside a lab environment is easy, building a system in the real world that can be trusted whatever the result is complicated, Carsten Schürmann explains. For that reason he is proud to have led the first ever pilot of a risk-limiting audit, Risk-Limiting Audit, outside the United States during the 2015 Danish referendum. By statistically sampling ballots, election auditing is one way to create trust.
In his inaugural lecture ‘From Truth to Trust – Securing Digital Democracy’ the newly appointed Professor will explore the connection between mathematics, technology and the social contract on which digital democracies are built.
Carsten Schürmann, Professor, email firstname.lastname@example.org
Anna Lohmann Ahlbom, Press Officer, phone +45 25 55 04 47, email email@example.com