Full Disclosure mailing list archives
Re: Presidential Candidates' Websites Vulnerable
From: "Jordan Klein" <haplo () haplo net>
Date: Thu, 1 Jul 2004 10:48:18 -0500
Anybody have any better ideas? We certainly can't trust the politicians or
Diebold. Considering the results of the last
election the whole process seems questionable, like in Chicago "vote early, vote often."
IMO, the only way to have the best of both worlds (electronic voting that helps the impaired, and an audit trail) is to have them print out some sort of encoded bar-code receipt that is what gets tallied. When you vote, you immediately get two receipts. One to take home that gives you the name(s) of who you voted for, and the other is read by a counting machine that actually tallies the votes. The electronic voting machine that you use should NOT actually tally any votes. The bar-coded receipt that is tallied should also be a one-use code. That way, someone could run them through as much as they want, and they would only get counted once. It should be trivial for the voting machine to come up with unique random numbers that can facilitate this. Also, when the vote is actually tallied by the separate machine that does this, it should give a receipt of it's own to confirm who you voted for. You could then compare the receipts of both machines to ensure your vote was counted properly. The receipts would then be kept by the voters, just in case massive data loss occurred. If that happened, then they could ask the voters to bring back their receipts, also encoded with the same bar code, to be recounted. Oh yes, and there should be a checksum of the unique number assigned to each vote to ensure that someone couldn't just reverse engineer the barcode and make up a bunch of bogus votes. I'm not sure exactly how that part would work, but I'm sure there's a way. Beyond this type of mechanism, I can't see a real way that electronic voting can satisfy both the impaired and the security minded. -- Jordan Klein ~ Beware of dragons haplo () haplo net ~ for you are crunchy Solaris / OpenBSD / Linux Admin ~ and go well with ketchup _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Presidential Candidates' Websites Vulnerable Marek Isalski (Jul 01)
- <Possible follow-ups>
- RE: Presidential Candidates' Websites Vulnerable Clairmont, Jan M (Jul 01)
- RE: Presidential Candidates' Websites Vulnerable Harlan Carvey (Jul 01)
- Re: Presidential Candidates' Websites Vulnerable Jordan Klein (Jul 01)
- Re: Presidential Candidates' Websites Vulnerable Frank Knobbe (Jul 01)
- Re: Presidential Candidates' Websites Vulnerable Barry Fitzgerald (Jul 01)
- Re: Presidential Candidates' Websites Vulnerable Kurt Seifried (Jul 01)
- Re: Presidential Candidates' Websites Vulnerable Ron DuFresne (Jul 01)
- Re: Presidential Candidates' Websites Vulnerable Nasir Ghaznavi (Jul 02)
- Re: Presidential Candidates' Websites Vulnerable Daniel Veditz (Jul 02)
- RE: Presidential Candidates' Websites Vulnerable Harlan Carvey (Jul 01)
- Re: Presidential Candidates' Websites Vulnerable Barry Fitzgerald (Jul 01)