Re: CRIME Electronic Voting Security

From: Crispin Cowan (crispin@private)
Date: Thu Sep 11 2003 - 14:12:30 PDT

  • Next message: Crispin Cowan: "Re: CRIME Electronic Voting Security"

    Marc Schuette wrote:
    
    > signatures on the outside envelope are matched on all ballots and if 
    > there is a non-matching sig the elections office will notify that 
    > person of the error . 
    
    So it would be hard to file fake or duplicate ballots.
    
    > the secrecy envelopes are opened under observation and there is no way 
    > to identify a ballot (dem/repub/other) at this point - after they are 
    > opened they are fed through the counting machines and tabulated. 
    
    And it would be hard for a vote counter to selectively count ballots; to 
    be expected.
    
    > you can call the elections office and they can tell you if you were 
    > sent a ballot and if they received a ballot back from you - they 
    > cannot tell you how you voted only if they got a ballot from you 
    > (there is an assumption that it was counted correctly if you did NOT 
    > hear from teh elections office that your ballot was NOT counted). 
    
    This doesn't fly: Americans barely vote at all (pitiful 50% turn-outs) 
    and they certainly are not going to verify ballot receipt via phone in 
    any significant volume. This leaves the system wide open to the 
    previously mentioned attacks of "losing" ballots from selected counties.
    
    > just some general broad strokes but it seems there are multiple 
    > checkpoints where fraud MIGHT be discovered. you (anyone) can observe 
    > this process during a ballot count. call the elections offices and ask 
    > to go on a tour that night. 
    
    Tours don't work, because that is not where the threat occurs. The 
    problem is that ballots are submitted via UDP datagram (no verification 
    of receipt) and the attacker can see the source IP address.
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
    Chief Scientist, Immunix       http://immunix.com
                http://www.immunix.com/shop/
    



    This archive was generated by hypermail 2b30 : Thu Sep 11 2003 - 14:36:28 PDT