OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

election-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: On sequencing and proximity vulnerabilities

With the automation of electoral roll processing there's
an additional risk introduced - one of comparitive 
sequencing - that post-voting can potentially be used
to show how a voter cast their vote.

For this to happen it assumes the decryption methods
become available to read and compromise the vote
records themselves.

Computers introduce sequencing into everything they
do - if only at the basic level of assigning media on to
the recording device - up to entries in a database.

Therefore - time-windowing - taking a period of time
from the attendence record in the polling station and
comparing that to the votes cast - can compromise

One way around this that I can see is for some
kind of buffering and deferred random writing of votes
so as to remove any such sequential patterning.

Of course the other answer is for the computerized
voter electoral roll records to not introduce any
sequencing when logging voter attendence / 
participation.  That is probably easier to ensure.

As part of a trusted proces method - I believe this
is another fundamental priniciple here - that 
implementers need to avoid inadvertently introducing
physical sequencing into their solutions.

Thanks, DW

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]