Full Disclosure mailing list archives
RE: Presidential Candidates' Websites Vulnerabl e
From: John.Airey () rnib org uk
Date: Fri, 2 Jul 2004 17:00:36 +0100
-----Original Message----- From: Kurt Seifried [mailto:listuser () seifried org] Sent: Friday, 02 July 2004 02:48 To: Barry Fitzgerald; Frank Knobbe Cc: Jordan Klein; full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Presidential Candidates' Websites Vulnerable It is of interest to note we just had our federal election here in Canada a few days ago. I went to the polls, they checked my name, gave me a paper ballot, I took it to the booth, made my "X" (within the circle using the pencil provided), folded the ballot as indicated and handed it to them. They tore a small black strip off the ballot and put the ballot in the box. The collection of small black strips is used to ensure the ballots in the box have a second verification mechanism (i.e. if you remove or add ballot to a ballot box it would show up in the tally of ballots vs. ballot strips). The count was done relatively quickly and by midnight or so we knew who had won (polls closed at 8:30pm or so in most places). Personally I hope we NEVER use anything more sophisticated then this for federal elections in Canada. I simply don't see how an electronic system SIGNIFICANTLY improves on this time tested and simple method. Widespread fraud is quite difficult in our system, requiring coercion of numerous people, or of the people at the polling stations (and of course you'd have to deal with the scrutineers from opposing parties, perhaps with a sharp blow to the head). I have read some proposals for electronic systems, to make them truly anonymous, and verifiable, and tamper resistant you need an extremely complicated amount of math and crypto, as well as technological deployment. I just don't think it's ready yet, and I am not sure it will be for many years.
What you describe is similar to the UK, except that we have numbered counterfoils which are stored separate from the ballot papers. It is possible therefore to work out who voted for whom, but only with a court order. It would only ever happen if electoral fraud was being investigated. In England and Wales the weakest part of the system is that the Presiding Officer travels alone to the count centre and could in theory add ballots, but it would be a lot of manual work. It isn't possible to issue a ballot in less than twenty seconds in the polling station with three staff, so working alone you could probably only fake one ballot per minute. Since you have to reach the count centre in a reasonable time, you'd be hard pushed to influence the result. (In Scotland they are collected, hopefully by more than one person). I work as a Presiding Officer at elections, so I know the system well. Using a computerised system faking ballots or changing votes would be relatively easy. For those reasons I would be opposed to electronic ballot machines whoever makes them. I think though that this is way off-topic now, so I'll quit while I'm ahead. -- John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk I don't know which is worse. The makers of soap operas thinking they portray real life or those that watch them thinking it is real life! -- DISCLAIMER: NOTICE: The information contained in this email and any attachments is confidential and may be privileged. If you are not the intended recipient you should not use, disclose, distribute or copy any of the content of it or of any attachment; you are requested to notify the sender immediately of your receipt of the email and then to delete it and any attachments from your system. RNIB endeavours to ensure that emails and any attachments generated by its staff are free from viruses or other contaminants. However, it cannot accept any responsibility for any such which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Presidential Candidates' Websites Vulnerabl e Schmidt, Michael R. (Jul 01)
- <Possible follow-ups>
- RE: Presidential Candidates' Websites Vulnerabl e Schmidt, Michael R. (Jul 01)
- Re: Presidential Candidates' Websites Vulnerabl e Steve Ames (Jul 01)
- RE: Presidential Candidates' Websites Vulnerabl e John . Airey (Jul 02)