Re: Security Concerns Database

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Thu Nov 27 2003 - 13:38:37 CST

Excellent reorganization and expansion, Amit. A couple more annotations
(look for 'DQM'):

Context: We are considering a physical computer-assisted voting system
that produces paper ballots. Right now, we are not concerned with
internet voting, etc.

I. Anonymity / Privacy Issues

   A. Monitoring people's vote
      1. Electronically (via easter eggs)
         [DQM: I think "trojans" is a better word; "easter eggs"
         suggests "playful extra code created by original developers."
         "Trojans" carries more the the sense of malice and danger, and
         includes code inserted later on]
      2. Physically (e.g. via numbers on physical ballot)

   B. Inferring votes via timestamp information (i.e. if time or sequence
      information is recoverable from a collection of ballots, this can
      be correlated with a covert videotape of all the people who enter
      the polling place).

II. Robustness Issues

    A. Robustness against Hardware/Software failures

       1. Making sure ballot reconciliation is not affected by hardware
          failure during election.

    B. Robustness against other malicious attacks.

       1. Illegal modification of the ballots

          a. By Users / Voters
          b. By Voting Officials
          c. By others

          d. Types of attacks:
             i. insert
             ii. delete
             iii. modify

          e. Context for attacks:
             i. Electronic ballots
                 1. During local creation/storage
                 2. During any electronic transmission
                 3. [DQM] During physical transmission of electronic
                    records on media such as CDs, flash-cards, etc.
             ii. Physical ballots (tampering, ballot-box stuffing/destruction)

       2. Related: Being able to verify/trust that all ballots were counted.
          a. Removing the "black box" aspect to electronic voting.
             This refers to voters not being able to see how the electrons
             are stored on disk to verify the votes they casted are accurate.

    C. Robustness against (non-adversarial) human error

       1. Voter error
          a. During Electronic Interaction
             i. Validating accuracy of system in recording voter intent.
          b. During physical handling of printed ballot

       2. Errors by Voting Officials
          a. In setting up electronic system
          b. In physical handling of printed ballots
          c. In closing phase of election
             i. dealing with electronic system
             ii. dealing with physical ballots

       3. Errors by others
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sun Nov 30 23:17:11 2003

This archive was generated by hypermail 2.1.8 : Sun Nov 30 2003 - 23:17:13 CST