[E-voting] what's a good e-voting system?

Justin Mason jm at jmason.org
Mon Nov 10 02:19:44 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Dave Madden writes:
>On Fri, Nov 07, 2003 at 11:02:56PM +0000, Adrian Colley wrote:
>Hmm - does anyone have any idea of the possibility of getting our hands
>on a Nedap system? The database on the PC sounds like the most
>attractive target for fraud imo. If we could write a little program
>called "altervotes" which would actually work on the DoEnv PCs, it'd
>absolutely destroy the credibility of the system. That it requires
>physical access and some level of fraud by those involved in the
>electoral process would be irrelevant - showing that the system can be
>hacked by insiders would still be a huge coup. Right now, we discuss
>this in terms of theory and possibilities. An actual script would make
>it far more concrete, and even non-technical prople would see the
>problem when they hear that a program that's actually been written could
>alter the electoral count.

It'd be nice to get access to one of these, but it sounds very unlikely
without a high degree of cooperation from NEDAP themselves or the
government :(

BTW you say 'That it requires physical access and some level of fraud by
those involved in the electoral process would be irrelevant' -- that
depends.   It may *not* require physical access, depending on how securely
the DOE have set up the vote-counting environment.  This PDF:

http://www.environ.ie/DOEI/DOEIPol.nsf/0/588f0ce7a372f8c480256b7c0042de9d/$FILE/Elect%20Voting%20Info%20paper.pdf

notes that 'PCs with the (IES) software are dedicated for election work
and are not connected to a network to ensure additional security and
privacy' -- but there's always a slim possibility that somebody will plug
them in for some reason, e.g. to copy on some updates or similar.

Still, I do see the usefulness of demonstrating how easy it would be for
malicious code to silently rewrite the votes in the Access DB, assuming
it could be got onto one of the IES machines.  (yes, it is Access,
according to that URL.)

Also -- is there a copy of the Zerflow report
(http://www.redbrick.dcu.ie/~afrodite/E-Voting/Report/node18.html) online
anywhere?  That sounds interesting.   Ditto for the 'Polling Staff
Training Guide'?

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh CVS

iD8DBQE/rvXAQTcbUG5Y7woRApHxAKCnIykLo2FxtUmy6j2wMdcSY4i65gCdEJvc
RckXmdLsEAd/77GYjHynYpM=
=dTSr
-----END PGP SIGNATURE-----





More information about the E-voting mailing list