[E-voting] Second report published

Casey, Dermot (GE Cons Fin) Dermot.Casey at ge.com
Wed Jul 5 09:37:12 IST 2006


Not sure if its Frank Bannister from looking at the TCD Policy institute website.

I think the risk model is poor - there is one done for the Reachservices Public Service Broker system which is publically available that is significantly superior and could have served a model. (see http://www.reach.ie/publications/ Paper 6 Broker Security Model - Pgs 59 -91)

My problem is that with a poor risk model the analysis is flawed and I'm concerned that they've let the vote recording software off the hook because of a poor model


P.s. Its interesting to contrast the openess and availability of information on reachservice - whatever you think of it - with how difficulty it was to get similar information on the e-voting system

>>-----Original Message-----
>>From: Colm MacCarthaigh [mailto:colm at stdlib.net] 
>>Sent: 04 July 2006 20:06
>>To: Casey, Dermot (GE Cons Fin)
>>Subject: Re: [E-voting] Second report published
>>On Tue, Jul 04, 2006 at 07:21:41PM +0100, Casey, Dermot (GE 
>>Cons Fin) wrote:
>>> Anyone have any idea why the Assessment of Risks (Appendix 
>>5B) has "The Policy Institute - TCD" as source.   And what 
>>their qualifications in threat models and risk assessment for 
>>IT Systems are ?
>>Is this Frank Bannister again (not at a browser right now) ? 
>>Colm MacCárthaigh                        Public Key: 
>>colm+pgp at stdlib.net

More information about the E-voting mailing list