RE: Things to do - Requirement Document. Security.

[Kevin Broadfoot <KBroadfoot@baltimore.com>]

All,

Security and audibility requirements will differ depending upon which part
of the elections process is being examined. IMHO much of the discussion
seems to be focused  solely on the casting of a vote but from the point of
view of an elections administrator and to some extent a vendor, elections
are much more than Election Day.   

Auditing an election needs to take account of voter registration practices
and should not solely be confined to discussions about whether it is
possible/necessary/legal to be able to trace the voter's choice as recorded
on the ballot document.  Voters may need to be registered before casting a
vote or they may no.  In some election jurisdictions registration may take
place only between certain dates in others it is rolling. What will be
important is auditing voter eligibility and at the time of issuing the
ballot document ensuring that the ballot is provided only to those
authorised to vote.

Secondly, forgive me if I may sound a little frustrated (but I am becoming
increasingly so :) )with the idea that voter anonymity is the same as a
secret ballot.  It isn't!   These are two separate issues and they are
handled differently in different jurisdictions.  Voting systems must ensure
that voters can 
(i)cast their votes in privacy - this means no one is looking over their
shoulder telling them how to mark the ballot
and 
(ii)their votes can be *kept* secret - this means that the voter's expressed
choice is not later available to or used by parties that may have an
interest in influencing the outcome of the election.  

Neither of these equate to voter anonymity.  In the US anonymity of the
ballot document is *how* this is achieved but it is not necessarily the only
way it is or can be achieved. 

Keeping votes secret relies as much on the diligence in application of
elections procedures as on the characteristics of the process.  

OK - rant over!  ;)

regards,

Kevin Broadfoot 
Principal Consultant

Baltimore Technologies (UK) Ltd, Innovation House, Mark Road, Hemel
Hempstead, Hertfordshire, HP2 7DN, UK.
Tel: +44 (0) 1442 342600 Fax: +44 (0) 1442 212513 Mob: +44 (0) 07867
528803

E-mail mailto:kbroadfoot@baltimore.com
Website http://www.baltimore.com





-----Original Message-----
From: Jason Kitcat [mailto:jeep@free-project.org]
Sent: 25 June 2001 12:03
To: election-services@lists.oasis-open.org
Subject: RE: Things to do - Requirement Document. Security.


Hi,

>	If there are practices followed in financial and other 
>sectors, it is fine
>because then we can, in our specs, satisfy this requirement by following
the
>same practices. On the other hand may be there are some differences like
the
>voting (audit) records are open to public at some point, while financial
>records are not public. So, may be, we might need some practices in the
>audit trail which is specific to the voting domain.
>
>	Jason, can you articulate some unique audit trail 
>requirements in this area

Firstly, I find it very problematic when people start comparing 
electronic voting with financial transactions and technologies. 
Generally there are not the same at all, built with different 
requirements etc. Take an e-commerce transaction, the basis of that 
transaction is identifiability - that is the merchant gets as much 
information about you as possible so that if something fradulent 
happens they either a) Spot it because the information you provide 
doesn't match with the card number b) or they hope the information 
will allow them to track you down and gain recourse for your actions.

However in electronic voting we don't want to be able to track people 
down if at all possible. We want to maintain a secure privacy on 
votes. Thus audit trails and logging in general provide a major 
challenge to the privacy issue.

There aren't any easy answers to this but certainly there are lots of 
people thinking about it!

In terms of requirements, naturally there are needs for 
authentication of the validity of the logs (ie tamper-proof), storing 
variable levels of details depending on the: Nature of the vote, 
legal requirements and performance needs.

regards,
Jason

-- 
            The FREE e-democracy project
----------------------------------------
            http://www.free-project.org
----------------------------------------
  secure, private and reliable Free Software


This footnote confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.


-----------------------------------------------------------------------------------------------------------------
The information contained in this message is confidential and is intended 
for the addressee(s) only.  If you have received this message in error or 
there are any problems please notify the originator immediately.  The 
unauthorized use, disclosure, copying or alteration of this message is 
strictly forbidden. Baltimore Technologies plc will not be liable for direct, 
special, indirect or consequential damages arising from alteration of the 
contents of this message by a third party or as a result of any virus being 
passed on.

In addition, certain Marketing collateral may be added from time to time to 
promote Baltimore Technologies products, services, Global e-Security or 
appearance at trade shows and conferences.
 
This footnote confirms that this email message has been swept by 
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.