[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [election-services] GAO report on election system security
-------- Original Message --------
Subject: RE: [election-services] GAO report on election system security
From: "Paul Spencer" <paul.spencer@boynings.co.uk>
Date: Mon, October 24, 2005 12:35 pm
To: <sibain@tendotzero.com>, "David RR Webber (XML)" <david@drrw.info>
Cc: <election-services@lists.oasis-open.org>
I think SMS voting is being pushed by politicians in the UK on the basis
that "if millions of 18-24s vote by SMS on Big Brother, they will vote in
parliamentary elections as well if they can use SMS". Making democracy is
interesting(?) as Big Brother doesn't seem to enter the equation, any more
than security.
Simon is absolutely right that those who understand the issues should do the
educating. If we could get e-voting (preferably using EML) adopted in less
controversial areas, the acceptance would increase. This probably means the
private sector and remote voting. There are a limited number of companies in
the UK that manage much of the voting for unions and company AGMs. Perhaps
these are the people (or their customers) we should be convincing. Thinking
aloud though, companies may not want people voting themselves at their AGMs
rather than just appointing the chairman as a proxy with no guidance on how
to use their votes.
Regards
Paul, from an equally wet and windy southern'ish UK
> -----Original Message-----
> From: Simon Bain [mailto:sibain@tendotzero.com]
> Sent: 24 October 2005 15:40
> To: David RR Webber (XML)
> Cc: election-services@lists.oasis-open.org
> Subject: RE: [election-services] GAO report on election system security
>
>
> Hi,
>
> Agreed about the reconcilliation. However.
>
> It is still a percieved threat/worry. And as such we should not ignore or
> throw it to one side. Just as we should not let it lead us. What we need
> to do is participate and educate.
>
> There is always a concern about the unknown, what we as "informed
> users/developers/" should do is show people that there concerns are
> understandable, but can be proven to be incorrrect.
>
> It is an educational job. This is of course easier said than done, and is
> best suited to the actual adoption of electronic voting. As using is by
> far the best method of allaying fears.
>
> On a slightly perverse note I do not think that the general public has
> such fears as in the UK. (So called informed people may, and these maywell
> be publisiced, but the general public?). People in some areas actually
> want to use text messaging (SMS) to vote... Something that I would never
> do because of the security risks. The reasons I believe that they do not
> percieve risks here is:
>
> 1) They use SMS hourly (minutely in the case of my kids)
> 2) we have telivision programms in the UK which ask for votes to be sent
> in by SMS
> 3) It has been aorund for what seems like ever.
>
> In other words people are now comfortable with the technology.
>
> This is where evoting in whatever guises needs to get to. Once it has been
> used by a critical mass "successfully" then most fears will be allayed.
> Just as they were with:
>
> on line banking
> and
> on line tax returns
>
> All the best from a warm wet and windy eastern'ish UK
>
> Simon
> --
> Simon Bain
> TENdotZERO
> Mobile: 07793 769 846
> Office: 0845 056 3377 - 44 (0) 1234 359090
> Fax: 44 (0) 208 882 9411
>
> <quote who="David RR Webber \(XML\)">
> > Simon, Unfortunately while on the surface they may appear similar -
> > there are key differences. The most obvious is that in banking you are
> > able to ultimately reconcile your monthly activity with your paper
> > transactions, and also have that overall statement. In voting
> - because
> > of the need for privacy you do not have that ultimately tracability.
> > Notice also that most deployed systems do not have even paper
> trails. And
> > then there is the issue of transparency. IMHO I believe the GAO is
> > clearly seeing the right things in terms of the significant
> gaps yet to be
> > fixed here to get to that same level of trust as e-Banking. DW
> >
> >
> > -------- Original Message --------
> > Subject: Re: [election-services] GAO report on election system security
> > From: "Simon Bain"
> > Date: Mon, October 24, 2005 2:23 am
> > To: "David RR Webber (XML)"
> > Cc: election-services@lists.oasis-open.org
> >
> > David hi.
> >
> > Are these not the same fears that users had for online banking?
> >
> > Which although there are headline cases, has proved to be very securre.
> > With the majority of bank accounts in the UK at least now having online
> > access.
> >
> > I think the biggest hurdle for electonic voting is user perception. So
> > training / education would be a large part of any installation.
> Just as it
> > was when we first had the ballot box, which (although before my time) I
> > believe people were very distrusting of.
> >
> > Cheers
> >
> > Simon
> > --
> > Simon Bain
> > TENdotZERO
> > Mobile: 07793 769 846
> > Office: 0845 056 3377 - 44 (0) 1234 359090
> > Fax: 44 (0) 208 882 9411
> >
> >
> >> The GAO produces 107 page report on security of voting
> systems The GAO
> >> has released a 107 page on the security of voting systems today.
> >>
> >> What the GAO found -
> >>
> >> "While electronic voting systems hold promise for improving
> the election
> >> process, numerous entities have raised concerns about their
> security and
> >> reliability, citing instances of weak security controls, system design
> >> flaws,
> >> inadequate system version control, inadequate security testing,
> >> incorrect
> >> system configuration, poor security management, and vague or incomplete
> >> voting system standards."
> >>
> >> Examples of Voting System Vulnerabilities and Problems:
> >>
> >> • Cast ballots, ballot definition files, and audit logs could be
> >> modified.
> >> • Supervisor functions were protected with weak or easily guessed
> >> passwords.
> >> • Systems had easily picked locks and power switches that were exposed
> >> and
> >> unprotected.
> >> • Local jurisdictions misconfigured their electronic voting systems,
> >> leading to election day problems.
> >> • Voting systems experienced operational failures during elections.
> >> • Vendors installed uncertified electronic voting systems.
> >>
> >> The full 107 report is here.
> >>
> --------------------------------------------------------------------- To
> >> unsubscribe from this mail list, you must leave the OASIS TC that
> >> generates this mail. You may a link to this group and all your TCs in
> >> OASIS at:
> >> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this mail list, you must leave the OASIS TC that
> > generates this mail. You may a link to this group and all your TCs in
> > OASIS
> > at:
> > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> > --------------------------------------------------------------------- To
> > unsubscribe from this mail list, you must leave the OASIS TC that
> > generates this mail. You may a link to this group and all your TCs in
> > OASIS at:
> > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail. You may a link to this group and all your
> TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]