mailing list archives
RE: Presidential Candidates' Websites Vulnerabl e
From: John.Airey () rnib org uk
Date: Fri, 2 Jul 2004 17:00:36 +0100
From: Kurt Seifried [mailto:listuser () seifried org]
Sent: Friday, 02 July 2004 02:48
To: Barry Fitzgerald; Frank Knobbe
Cc: Jordan Klein; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Presidential Candidates' Websites
It is of interest to note we just had our federal election
here in Canada a
few days ago. I went to the polls, they checked my name, gave
me a paper
ballot, I took it to the booth, made my "X" (within the
circle using the
pencil provided), folded the ballot as indicated and handed
it to them. They
tore a small black strip off the ballot and put the ballot in
the box. The
collection of small black strips is used to ensure the
ballots in the box
have a second verification mechanism (i.e. if you remove or
add ballot to a
ballot box it would show up in the tally of ballots vs.
ballot strips). The
count was done relatively quickly and by midnight or so we
knew who had won
(polls closed at 8:30pm or so in most places).
Personally I hope we NEVER use anything more sophisticated
then this for
federal elections in Canada. I simply don't see how an
SIGNIFICANTLY improves on this time tested and simple method.
fraud is quite difficult in our system, requiring coercion of numerous
people, or of the people at the polling stations (and of
course you'd have
to deal with the scrutineers from opposing parties, perhaps
with a sharp
blow to the head).
I have read some proposals for electronic systems, to make them truly
anonymous, and verifiable, and tamper resistant you need an extremely
complicated amount of math and crypto, as well as
I just don't think it's ready yet, and I am not sure it will
be for many
What you describe is similar to the UK, except that we have numbered
counterfoils which are stored separate from the ballot papers. It is
possible therefore to work out who voted for whom, but only with a court
order. It would only ever happen if electoral fraud was being investigated.
In England and Wales the weakest part of the system is that the Presiding
Officer travels alone to the count centre and could in theory add ballots,
but it would be a lot of manual work. It isn't possible to issue a ballot in
less than twenty seconds in the polling station with three staff, so working
alone you could probably only fake one ballot per minute. Since you have to
reach the count centre in a reasonable time, you'd be hard pushed to
influence the result. (In Scotland they are collected, hopefully by more
than one person).
I work as a Presiding Officer at elections, so I know the system well.
Using a computerised system faking ballots or changing votes would be
relatively easy. For those reasons I would be opposed to electronic ballot
machines whoever makes them.
I think though that this is way off-topic now, so I'll quit while I'm ahead.
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk
I don't know which is worse. The makers of soap operas thinking they portray
real life or those that watch them thinking it is real life!
NOTICE: The information contained in this email and any attachments is
confidential and may be privileged. If you are not the intended
recipient you should not use, disclose, distribute or copy any of the
content of it or of any attachment; you are requested to notify the
sender immediately of your receipt of the email and then to delete it
and any attachments from your system.
RNIB endeavours to ensure that emails and any attachments generated by
its staff are free from viruses or other contaminants. However, it
cannot accept any responsibility for any such which are transmitted.
We therefore recommend you scan all attachments.
Please note that the statements and views expressed in this email and
any attachments are those of the author and do not necessarily represent
those of RNIB.
RNIB Registered Charity Number: 226227
Full-Disclosure - We believe in it.