Re: [election-services] Random key tokens and voting security

["Simon Bain" <sibain@tendotzero.com>]

Hi.

To much open to abuse.
Any system should be completely anonymous. It should enable the voter to
log in to the system. There public credentials (login info, name etc)
should then be dropped and the system should have in place already a
completely seperate set of identifiers which it and only it knows. In this
way there is very little chance that interference can take place on the
system or by officials.

If a hacker gets on to the system they cannot change an individuals vote,
for a number of reasons the main one however being that the vote and the
id is encrypted to an algorythm that the system has put into place, and as
such is unknown. They can delete votes (This should be noticed by the date
checks of data input) add information this again will be noticed and the
info will not decrypt to a recognisable ballot.

The first priority of any system must be security. If people believe that
there is even a small chance of it being compromised they will not use it.

Simon
-- 
Simon Bain
TENdotZERO
----------
Tel:    0845 056 3377
        44 1234 359090
Mobile: 44 (0)7793 769 846

<quote who="David Webber \(XML\)">
> I've realized another lynch-pin here is random key assignment
> and access.
>
> In the polling station - random physical tokens are handed
> to voters to enable a voting session on a DRM - after
> their electoral roll entry is verified.
>
> For remote voters - a similar process may work.  Eg a
> call-center where callers verify their credentials (they have
> pre-registered and received an entitlement letter in the
> mail with an activation code).  Then the call-center can
> issue another code.  Such codes would have to be
> one-time-use to prevent their sharing.   In an open
> source environment there would need to be a
> configuration value that seeds the code generator,
> but that would remain secret along with the algorithm.
> That would prevent people generating their own codes.
>
> The ballot counting software could then check for
> valid codes by comparing to the list of those issued
> by the call-centers.  As with the polling station - there
> would be no indexing of codes to voters.  Of course
> this is not quite as guaranteed to be anonymous, as the
> call-center staff could record codes without the
> caller knowing.  That's a trade-off between
> remote voting and privacy and security compared to
> the polling station.
>
> It's always the boundary conditions in systems
> that are the most problematic - and somewhere
> there has to be some level of trust.
>
> Another idea I like here is that call-centers can
> be regional - so that minimizes chances for vote
> selling.  You could tie callers to their own phoneID
> numbers too for more physical verification much
> as the credit card companies do already.
>
> DW
>
>
>
>
>
> To unsubscribe from this mailing list (and be removed from the roster of
> the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/election-services/members/leave_workgroup.php.
>