Random key tokens and voting security

["David Webber \(XML\)" <david@drrw.info>]

I've realized another lynch-pin here is random key assignment
and access.

In the polling station - random physical tokens are handed
to voters to enable a voting session on a DRM - after 
their electoral roll entry is verified.

For remote voters - a similar process may work.  Eg a
call-center where callers verify their credentials (they have
pre-registered and received an entitlement letter in the 
mail with an activation code).  Then the call-center can
issue another code.  Such codes would have to be 
one-time-use to prevent their sharing.   In an open
source environment there would need to be a 
configuration value that seeds the code generator,
but that would remain secret along with the algorithm.  
That would prevent people generating their own codes.

The ballot counting software could then check for
valid codes by comparing to the list of those issued
by the call-centers.  As with the polling station - there 
would be no indexing of codes to voters.  Of course 
this is not quite as guaranteed to be anonymous, as the 
call-center staff could record codes without the
caller knowing.  That's a trade-off between 
remote voting and privacy and security compared to
the polling station.

It's always the boundary conditions in systems
that are the most problematic - and somewhere
there has to be some level of trust.

Another idea I like here is that call-centers can
be regional - so that minimizes chances for vote
selling.  You could tie callers to their own phoneID
numbers too for more physical verification much
as the credit card companies do already.

DW