RE: Things to do - Requirement Document. Security.

[Michael Zolotarev <michael.zolotarev@baltimore.com>]

Jason,
> I'd have to disagree. If you don't think about the security/privacy 
> implications of providing, for example, audit trails now then it may 
> prove difficult to retrofit them later.

In my opinion, audit trail requirements (as much as archiving) present no
specific implications for voting. What's the difference between an audit
trail of financial transactions records and voting records, for instance? No
much, let me say. Audit trail kept securily, in authenticated way, with the
records chained and optionally signed, to prevent altering. The same
commercial audit trail system, if there were one around, would be
appropriate for providing audit trails for voting, financials, and whatever
else. The actual structure of a token, and its inner security, have very
little significance for the general audit trailing, IMO. 
What does have some importance for audit trails, though, is that each token
may need to have some sort of a key, or a unique ID, to facilitate
search/sortering/retrieval. But this is a far from the security as anything
can be.

> 
> Also you say:
> 
> >Note. It SHALL be possible to encrypt only certain components of the 
> >complete vote structure, rather >than encrypting the whole lot.
> 
> And the same again with regards to ballots. I don't see what you're 
> trying to say/achieve by this because plainly the entire vote 
> structure could be encrypted with something like SSL or just a hand 
> rolled encryption solution. Please explain...

Yes, you are right saying that we should also be able to partially encrypt
ballots.

Why partially encrypt? Imagine a vote, which has a common header with the
elements/attributes used for classification, transmittion, sorting, storing
etc. And a field which contains the actual "Vote" - the voter's specific
choice. The voting system processes the vote token (including sending it
around a lot) based on the header information. And only after the vote
reached the election HQs, the vote gets counted. It's quite reasonable to
have the vote encrypted for the HQs, so that nobody can steal/modify it, at
the same time leaving the rest- ie headers and whatever else, in clear.


> 
> regards,
> Jason
> 
> -- 
>             The FREE e-democracy project
> ----------------------------------------
>             http://www.free-project.org
> ----------------------------------------
>   secure, private and reliable Free Software
> 
> 
> This footnote confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
> 


-----------------------------------------------------------------------------------------------------------------
"How can I make sure the right people get access to the right resources 
and business applications, with a user base that's constantly growing and
changing?" 
The answer... 
Baltimore SelectAccess 
Next Generation Authorisation Management 
http://www.baltimore.com/selectaccess/index.html
-----------------------------------------------------------------------------------------------------------------
The information contained in this message is confidential and is intended 
for the addressee(s) only.  If you have received this message in error or 
there are any problems please notify the originator immediately.  The 
unauthorized use, disclosure, copying or alteration of this message is 
strictly forbidden. Baltimore Technologies plc will not be liable for direct, 
special, indirect or consequential damages arising from alteration of the 
contents of this message by a third party or as a result of any virus being 
passed on.

In addition, certain Marketing collateral may be added from time to time to 
promote Baltimore Technologies products, services, Global e-Security or 
appearance at trade shows and conferences.
 
This footnote confirms that this email message has been swept by 
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.