Re: [election-services] Further musings on the need for VVPAT...

["Simon Bain" <sibain@tendotzero.com>]

David hi.

On point 1 you are only partially correct. Yes some part of the process
must have details of where to send a confirmation. However not all of the
process needs this. In fact it is far better if only one part does.

User logs in by a PC passing their login credentials.
Server verifies them and sets up a session on a remote database which is
encrypted by a hash set at the time the process was started at login. This
has with it a SessionId which is internal to the process.

This SessionId is passed with seperate undisclosed and unknown (Created at
this time) details to the voting server which registers the vote and
passes back the SessionId to the verification server. It matches the 2 and
responds with a "great thanks very much" or an "O I have screwed up"
email.

The Voting server has no idea who the user is and does not need to know.
The SessionId dies before the confirmation email is sent as does the
session on the database, which itself holds no identifying details.

Yes somebody could hack in at this point. But to decrypt thi slot would
take one hell of a rack of servers, a while and details of at least 3
seperate IP addressess and login details.

Cheers
Simon


<quote who="David Webber \(XML\)">
> More from the Vote Here discussions today.
>
> Here's what I compiled to support the need for paper
> in an all digital process involving DREs only!
>
> DW
>
> 1) You cannot have an anonymous trusted verifiable computer
>     process. eBanking works because it is not anonymous.
>     Every eProcess out there gets to know your email
>     address or account ID to send a confirmation
>     somewhere in the process.  If it does not send a
>     confirmation - then you have no verification - the
>     DRE is thus reduced to an entertaining arcade
>     gaming machine - for which you have no
>     guarantees to actually what reality is.
>     That theoretical stumbling block is key to
>     understanding the need for a verifiable paper record
>     in anonymous voting systems.
>
> 2) Voters need trust (and US Gov HAVA demands it).
>     Paper is the most trusted mechanism everywhere.
>
> 3) The banks have a trusted process that handles
>     billions of paper cheques annually.  Their error rates
>     are infintesimally small.  These technologies are
>     simple, proven and secure.  We need to base a
>     trusted voting process around such crosschecking
>     and accounting methods.  There will always be
>     enticing exotic proprietary and uncertified and
>     potentially compromisable technologies offered
>     up - but a trusted process needs to be simple
>     and obvious.
>
> 4) We need to develop open public specifications
>      so that there is an open marketplace for solution
>      providers.  This is the lesson of railways, telephones,
>      automobiles and electricity.  The software industry is
>      no different.
>
>
>
> To unsubscribe from this mailing list (and be removed from the roster of
> the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/election-services/members/leave_workgroup.php.
>


-- 
Simon Bain
TENdotZERO
0845 056 3377
44 1234 359090
44 (0) 7793 769 846