Submitted for comment :-) -- Yours, J.A. Terranson sysadmin@mfn.org "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden ---------- Forwarded message ---------- Date: Thu, 1 Jul 2004 18:47:55 -0700 From: Kurt Seifried To: Barry Fitzgerald , Frank Knobbe Cc: Jordan Klein , full-disclosure@lists.netsys.com Subject: Re: [Full-Disclosure] Presidential Candidates' Websites Vulnerable It is of interest to note we just had our federal election here in Canada a few days ago. I went to the polls, they checked my name, gave me a paper ballot, I took it to the booth, made my "X" (within the circle using the pencil provided), folded the ballot as indicated and handed it to them. They tore a small black strip off the ballot and put the ballot in the box. The collection of small black strips is used to ensure the ballots in the box have a second verification mechanism (i.e. if you remove or add ballot to a ballot box it would show up in the tally of ballots vs. ballot strips). The count was done relatively quickly and by midnight or so we knew who had won (polls closed at 8:30pm or so in most places). Personally I hope we NEVER use anything more sophisticated then this for federal elections in Canada. I simply don't see how an electronic system SIGNIFICANTLY improves on this time tested and simple method. Widespread fraud is quite difficult in our system, requiring coercion of numerous people, or of the people at the polling stations (and of course you'd have to deal with the scrutineers from opposing parties, perhaps with a sharp blow to the head). I have read some proposals for electronic systems, to make them truly anonymous, and verifiable, and tamper resistant you need an extremely complicated amount of math and crypto, as well as technological deployment. I just don't think it's ready yet, and I am not sure it will be for many years. Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html