RE: [election-services] GAO report on election system security

["Simon Bain" <sibain@tendotzero.com>]

Hi,

Agreed about the reconcilliation. However.

It is still a percieved threat/worry. And as such we should not ignore or
throw it to one side. Just as we should not let it lead us. What we need
to do is participate and educate.

There is always a concern about the unknown, what we as "informed
users/developers/" should do is show people that there concerns are
understandable, but can be proven to be incorrrect.

It is an educational job. This is of course easier said than done, and is
best suited to the actual adoption of electronic voting. As using is by
far the best method of allaying fears.

On a slightly perverse note I do not think that the general public has
such fears as in the UK. (So called informed people may, and these maywell
be publisiced, but the general public?). People in some areas actually
want to use text messaging (SMS) to vote... Something that I would never
do because of the security risks. The reasons I believe that they do not
percieve risks here is:

1) They use SMS hourly (minutely in the case of my kids)
2) we have telivision programms in the UK which ask for votes to be sent
in by SMS
3) It has been aorund for what seems like ever.

In other words people are now comfortable with the technology.

This is where evoting in whatever guises needs to get to. Once it has been
used by a critical mass "successfully" then most fears will be allayed.
Just as they were with:

on line banking
and
on line tax returns

All the best from a warm wet and windy eastern'ish UK

Simon
-- 
Simon Bain
TENdotZERO
Mobile: 07793 769 846
Office: 0845 056 3377 - 44 (0) 1234 359090
Fax:    44 (0) 208 882 9411

<quote who="David RR Webber \(XML\)">
> Simon,   Unfortunately while on the surface they may appear similar -
> there are key differences.   The most obvious is that in banking you are
> able to ultimately reconcile your monthly activity with your paper
> transactions, and also have that overall statement.   In voting - because
> of the need for privacy you do not have that ultimately tracability.
> Notice also that most deployed systems do not have even paper trails.  And
> then there is the issue of transparency.   IMHO I believe the GAO is
> clearly seeing the right things in terms of the significant gaps yet to be
> fixed here to get to that same level of trust as e-Banking.   DW
>
>
> -------- Original Message --------
> Subject: Re: [election-services] GAO report on election system security
> From: "Simon Bain"
> Date: Mon, October 24, 2005 2:23 am
> To: "David RR Webber (XML)"
> Cc: election-services@lists.oasis-open.org
>
> David hi.
>
> Are these not the same fears that users had for online banking?
>
> Which although there are headline cases, has proved to be very securre.
> With the majority of bank accounts in the UK at least now having online
> access.
>
> I think the biggest hurdle for electonic voting is user perception. So
> training / education would be a large part of any installation. Just as it
> was when we first had the ballot box, which (although before my time) I
> believe people were very distrusting of.
>
> Cheers
>
> Simon
> --
> Simon Bain
> TENdotZERO
> Mobile: 07793 769 846
> Office: 0845 056 3377 - 44 (0) 1234 359090
> Fax:    44 (0) 208 882 9411
>
>
>>  The GAO produces 107 page report on security of voting systems  The GAO
>> has released a 107 page on the security of voting systems today.
>>
>> What the GAO found -
>>
>> "While electronic voting systems hold promise for improving the election
>> process, numerous entities have raised concerns about their security and
>> reliability, citing instances of weak security controls, system design
>> flaws,
>> inadequate system version control, inadequate security testing,
>> incorrect
>> system configuration, poor security management, and vague or incomplete
>> voting system standards."
>>
>> Examples of Voting System Vulnerabilities and Problems:
>>
>> • Cast ballots, ballot definition files, and audit logs could be
>> modified.
>> • Supervisor functions were protected with weak or easily guessed
>> passwords.
>> • Systems had easily picked locks and power switches that were exposed
>> and
>> unprotected.
>> • Local jurisdictions misconfigured their electronic voting systems,
>> leading to election day problems.
>> • Voting systems experienced operational failures during elections.
>> • Vendors installed uncertified electronic voting systems.
>>
>> The full 107 report is here.
>> --------------------------------------------------------------------- To
>> unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  You may a link to this group and all your TCs in
>> OASIS at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in
> OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> --------------------------------------------------------------------- To
> unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in
> OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php