Re: E-mail Voting Security Q

From: N. Thornton (bigcat@meeow.co.uk)
Date: 08/31/02 

From: bigcat@meeow.co.uk (N. Thornton)
Date: 31 Aug 2002 13:12:59 -0700

Lassi Hippeläinen <lahippel@ieee.orgies.invalid> wrote in message news:<3D6F1D90.FD5BE305@ieee.orgies.invalid>...
> "N. Thornton" wrote:

> > We want to vote by email, but have zero security in place - anyone can
> > create multiple email accounts and multi-vote. Is there any way we cna
> > improve the security of this? This doesnt need to be 100% secure, just
> > secure enough for 95% of people not to get round it would be adequate.
> >
> > Number of people voting 30 to 50 at present
> > Personal identities of voters are unproven
> > Sign up to the list is automated.
> >
> > Thanks, NT.
 
> A voting system must identify the voters, i.e. you have a central
> registry of who can vote, and the voters are marked up when they cast
> their votes. That requires proving voting identity, which need not be
> personal.

Right, currently that's done just by using the voter's email address.
One person 8 addresses = problem. I need to get this sorted out before
it goes live soon. I seem to be one of only 2 people pointing out the
rather obvious fact that some people will vote swing.

> IMHO, the simplest way is to use a cookie that is given at sign up and
> presented when voting. But it has at least three drawbacks: it binds the
> identity of the voter to the machine that was used when signing up,

Yup, I guess that would be a problem for some. But if the cookie is
delivered to their machine(s) whenever they go to the site, they will
quickly have the same cookie on both machines... hopefully that should
avoid problems.

> anybody who has access to the machine can use the cookie to vote,

Well, they'd have to get the sending email addr right too, so I think
we're OK there.

> and
> the cookie can be stolen.

Yeah, it could, but not by many people. I think we could live with
that.

But how does it stop one person signing up 8 times using different
identities?

And people delete their cookies sometimes, or refuse them, then they
couldnt vote. So I'm not sure how that'd work.

Thank you for your input. If you can explain the bits I can't, I'm all
ears.

Thanks, NT

Relevant Pages

  • Re: E-mail Voting Security Q
    ... > voters affecting 10% to 15% of the vote. ... favour of us email voting with NO security in place. ... I am thinking the webpage voting with cookie should be adequate. ...
    (comp.security.misc)
  • Re: Bill OReilly, Captain Incompetent
    ... I am writing for Gore/Kerry voters. ... instructions to staffers who working for the stupid white male members ... Herbert Walker Bush about going back on his No New Taxes pledges by ... The Perot vote was largely composed of the Greatest ...
    (alt.politics.bush)
  • OT- Rolling Stone: Was the 2004 Election Stolen?
    ... I spent the evening of the 2004 election watching the ... Republican National Committee to register voters in six battleground ... mysteriously failed to properly register a presidential vote on more than ... as many as 1 million ballots were ...
    (alt.sports.basketball.nba.la-lakers)
  • Re: Three Main Reasons Obama Bin Laden is so Popular
    ... By your logic, most non-black voters would vote forobama, ifobamawere ... I don't think Bush was worse than Clinton. ... 'tax' program will ever touch them. ...
    (alt.politics)
  • Re: Relax NeoTards: The Fix Is In
    ... voters say machines are switching votes In six cases, ... -- Three Putnam County voters say electronic voting ... Gazette their electronic vote for "Barack Obama" kept flipping to "John ...
    (misc.survivalism)
Quantcast