[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Presidential Candidates' Websites Vulnerable

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
From: "Jordan Klein" <haplo@xxxxxxxxx>
Date: Thu, 1 Jul 2004 10:48:18 -0500

> Anybody have any better ideas? We certainly can't trust the politicians or
Diebold.  Considering the results of the last
> election the whole process seems questionable, like in Chicago
> "vote early, vote often."

IMO, the only way to have the best of both worlds (electronic voting that
helps the impaired, and an audit trail) is to have them print out some sort
of encoded bar-code receipt that is what gets tallied.  When you vote, you
immediately get two receipts.  One to take home that gives you the name(s)
of who you voted for, and the other is read by a counting machine that
actually tallies the votes.  The electronic voting machine that you use
should NOT actually tally any votes.  The bar-coded receipt that is tallied
should also be a one-use code.  That way, someone could run them through as
much as they want, and they would only get counted once.  It should be
trivial for the voting machine to come up with unique random numbers that
can facilitate this.  Also, when the vote is actually tallied by the
separate machine that does this, it should give a receipt of it's own to
confirm who you voted for.  You could then compare the receipts of both
machines to ensure your vote was counted properly.  The receipts would then
be kept by the voters, just in case massive data loss occurred.  If that
happened, then they could ask the voters to bring back their receipts, also
encoded with the same bar code, to be recounted.

Oh yes, and there should be a checksum of the unique number assigned to each
vote to ensure that someone couldn't just reverse engineer the barcode and
make up a bunch of bogus votes.  I'm not sure exactly how that part would
work, but I'm sure there's a way.

Beyond this type of mechanism, I can't see a real way that electronic voting
can satisfy both the impaired and the security minded.

-- 
Jordan Klein                     ~  Beware of dragons
haplo@xxxxxxxxx                  ~  for you are crunchy
Solaris / OpenBSD / Linux Admin  ~  and go well with ketchup

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
  - From: Frank Knobbe
- Re: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
  - From: Ron DuFresne
- Re: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
  - From: Daniel Veditz

References:
- RE: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
  - From: Clairmont, Jan M

Prev by Date: RE: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
Next by Date: RE: [Full-Disclosure] Web sites compromised by IIS attack
Previous by thread: RE: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
Next by thread: Re: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
Index(es):
- Date
- Thread