RE: Presidential Candidates' Websites Vulnerabl e

[John.Airey () rnib org uk]

> -----Original Message-----
> From: Kurt Seifried [mailto:listuser () seifried org]
> Sent: Friday, 02 July 2004 02:48
> To: Barry Fitzgerald; Frank Knobbe
> Cc: Jordan Klein; full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Presidential Candidates' Websites
> Vulnerable
>
>
> It is of interest to note we just had our federal election 
> here in Canada a
> few days ago. I went to the polls, they checked my name, gave 
> me a paper
> ballot, I took it to the booth, made my "X" (within the 
> circle using the
> pencil provided), folded the ballot as indicated and handed 
> it to them. They
> tore a small black strip off the ballot and put the ballot in 
> the box. The
> collection of small black strips is used to ensure the 
> ballots in the box
> have a second verification mechanism (i.e. if you remove or 
> add ballot to a
> ballot box it would show up in the tally of ballots vs. 
> ballot strips). The
> count was done relatively quickly and by midnight or so we 
> knew who had won
> (polls closed at 8:30pm or so in most places).
>
> Personally I hope we NEVER use anything more sophisticated 
> then this for
> federal elections in Canada. I simply don't see how an 
> electronic system
> SIGNIFICANTLY improves on this time tested and simple method. 
> Widespread
> fraud is quite difficult in our system, requiring coercion of numerous
> people, or of the people at the polling stations (and of 
> course you'd have
> to deal with the scrutineers from opposing parties, perhaps 
> with a sharp
> blow to the head).
>
> I have read some proposals for electronic systems, to make them truly
> anonymous, and verifiable, and tamper resistant you need an extremely
> complicated amount of math and crypto, as well as 
> technological deployment.
> I just don't think it's ready yet, and I am not sure it will 
> be for many
> years.
What you describe is similar to the UK, except that we have numbered
counterfoils which are stored separate from the ballot papers. It is
possible therefore to work out who voted for whom, but only with a court
order. It would only ever happen if electoral fraud was being investigated.

In England and Wales the weakest part of the system is that the Presiding
Officer travels alone to the count centre and could in theory add ballots,
but it would be a lot of manual work. It isn't possible to issue a ballot in
less than twenty seconds in the polling station with three staff, so working
alone you could probably only fake one ballot per minute. Since you have to
reach the count centre in a reasonable time, you'd be hard pushed to
influence the result. (In Scotland they are collected, hopefully by more
than one person).

I work as a Presiding Officer at elections, so I know the system well.

Using a computerised system faking ballots or changing votes would be
relatively easy. For those reasons I would be opposed to electronic ballot
machines whoever makes them.

I think though that this is way off-topic now, so I'll quit while I'm ahead.

-- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk 

I don't know which is worse. The makers of soap operas thinking they portray
real life or those that watch them thinking it is real life!

-- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html