Saturday, December 02, 2006
US NIST recommends scanned paper ballots
Slashdot reports
(in case you're wondering, Internet voting counts as a "paperless e-voting machine")
I wonder how many experts have to say that electronic voting sucks before people will listen.
Of course, crazed luddite that I am, I would eliminate the machine-based counting as well, and just have humans count the paper.
Slashdot - NIST Condemns Paperless Electronic Voting - December 1, 2006 /.
"Paperless electronic voting machines 'cannot be made secure' [pdf] according to the [US] National Institute of Standards and Technology (NIST). In the most sweeping condemnation of voting machines issued by any federal agency, NIST echoes what critics have been saying all along, that due to the lack of verifiability, 'a single programmer could rig a major election.' Rather than adding printers, though, NIST endorses the hand-marked optical-scan system as the most reliable."
(in case you're wondering, Internet voting counts as a "paperless e-voting machine")
I wonder how many experts have to say that electronic voting sucks before people will listen.
Of course, crazed luddite that I am, I would eliminate the machine-based counting as well, and just have humans count the paper.
Slashdot - NIST Condemns Paperless Electronic Voting - December 1, 2006 /.
Tuesday, November 28, 2006
let's have a discussion
Adam asserts that I have
But Adam, you haven't responded to a single issue that I raised.
I welcome all perspectives, provided they are fact-based.
In particular, I invite realistic threat-risk assessments, cost assessments, and cultural assessments.
Let us take Internet voting.
1. Is the code open-source?
2. Has the code been audited by neutral computer security experts?
3. Where are the servers?
4. How are the servers protected?
5. Has the server security been audited by neutral computer security experts?
6. Who pays to protect the servers and the code for the thousands of days during which they are not being used for municipal elections?
7. Who wrote the code?
8. Have they all passed an independent security certification?
9. Do they have ties to any particular political party or other organization that might have an interest in the outcome of the election?
10. How do you mitigate the risk of paying or forcing someone to vote in the way you want, as you watch them on the Internet?
11. How do you mitigate the risk of the massively insecure home computers that are used for Internet voting?
12. When the full costs of security audits and thousands of days of security protection are taken into account, in order to provide a single day of municipal voting, how do you justify the expense?
There's a dozen questions. I have way more where those came from.
I challenge anyone to answer.
a very disturbing and one sided perspective
But Adam, you haven't responded to a single issue that I raised.
I welcome all perspectives, provided they are fact-based.
In particular, I invite realistic threat-risk assessments, cost assessments, and cultural assessments.
Let us take Internet voting.
1. Is the code open-source?
2. Has the code been audited by neutral computer security experts?
3. Where are the servers?
4. How are the servers protected?
5. Has the server security been audited by neutral computer security experts?
6. Who pays to protect the servers and the code for the thousands of days during which they are not being used for municipal elections?
7. Who wrote the code?
8. Have they all passed an independent security certification?
9. Do they have ties to any particular political party or other organization that might have an interest in the outcome of the election?
10. How do you mitigate the risk of paying or forcing someone to vote in the way you want, as you watch them on the Internet?
11. How do you mitigate the risk of the massively insecure home computers that are used for Internet voting?
12. When the full costs of security audits and thousands of days of security protection are taken into account, in order to provide a single day of municipal voting, how do you justify the expense?
There's a dozen questions. I have way more where those came from.
I challenge anyone to answer.
