[Full-Disclosure] Presidential Candidates' Websites Vulnerable (fwd)

J.A. Terranson measl at mfn.org
Thu Jul 1 19:58:06 PDT 2004 

Submitted for comment :-)

-- 
Yours,

J.A. Terranson
sysadmin at mfn.org

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."

  Osama Bin Laden




---------- Forwarded message ----------
Date: Thu, 1 Jul 2004 18:47:55 -0700
From: Kurt Seifried <listuser at seifried.org>
To: Barry Fitzgerald <bkfsec at sdf.lonestar.org>, Frank Knobbe <frank at knobbe.us>
Cc: Jordan Klein <haplo at haplo.net>, full-disclosure at lists.netsys.com
Subject: Re: [Full-Disclosure] Presidential Candidates' Websites Vulnerable

It is of interest to note we just had our federal election here in Canada a
few days ago. I went to the polls, they checked my name, gave me a paper
ballot, I took it to the booth, made my "X" (within the circle using the
pencil provided), folded the ballot as indicated and handed it to them. They
tore a small black strip off the ballot and put the ballot in the box. The
collection of small black strips is used to ensure the ballots in the box
have a second verification mechanism (i.e. if you remove or add ballot to a
ballot box it would show up in the tally of ballots vs. ballot strips). The
count was done relatively quickly and by midnight or so we knew who had won
(polls closed at 8:30pm or so in most places).

Personally I hope we NEVER use anything more sophisticated then this for
federal elections in Canada. I simply don't see how an electronic system
SIGNIFICANTLY improves on this time tested and simple method. Widespread
fraud is quite difficult in our system, requiring coercion of numerous
people, or of the people at the polling stations (and of course you'd have
to deal with the scrutineers from opposing parties, perhaps with a sharp
blow to the head).

I have read some proposals for electronic systems, to make them truly
anonymous, and verifiable, and tamper resistant you need an extremely
complicated amount of math and crypto, as well as technological deployment.
I just don't think it's ready yet, and I am not sure it will be for many
years.


Kurt Seifried, kurt at seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

More information about the cypherpunks-legacy mailing list