[ISN] Oscars vote vulnerable to cyber attack under new online system, experts warn

From: InfoSec News <alerts_at_private>
Date: Fri, 3 Feb 2012 03:15:02 -0600 (CST)
http://www.guardian.co.uk/film/2012/feb/02/oscars-vulnerable-cyber-attack-experts-warn

By Andrew Gumbel
guardian.co.uk
2 February 2012

Computer security experts have warned that the 2013 Oscars ballot may be 
vulnerable to a variety of cyber attacks that could falsify the outcome 
but remain undetected, if the Academy of Motion Picture Arts and 
Sciences follows through on its decision to switch to internet voting 
for its members.

The Academy announced last week that it would be ditching its current 
vote-by-mail system and allowing its members to fill out electronic 
ballots from their home or office computers to make their choices for 
best picture and the other big Hollywood prizes, starting in 2013.

It announced a partnership with Everyone Counts, a California-based 
company which has developed software for internet elections from 
Australia to Florida, and which boasted it would incorporate "multiple 
layers of security" and "military-grade encryption techniques" to 
maintain its reputation for scrupulous honesty in respecting its 
members' voting preferences.

The ballot change will be a culture shock for an Academy voting 
community that tends to be older and more conservative: indeed, concerns 
are already surfacing as to whether all of the Academy voters even have 
email addresses.

But Everyone Counts' security claims have been met with deep scepticism 
by a computer scientist community which has grappled for years with the 
problem of making online elections fully verifiable while maintaining 
ballot secrecy – in other words, being rigorous about auditing the 
voting process, but still making sure nobody knows who voted for what. 
So far, nobody has demonstrated that such a thing is possible.

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn
Received on Fri Feb 03 2012 - 01:15:02 PST

This archive was generated by hypermail 2.2.0 : Fri Feb 03 2012 - 01:18:39 PST