As a long time reader of comp.risks, and having a professional interest in security (as a sysadmin), I'll take this opportunity to say that anyone who is promoting online voting as a replacement for paper ballots is (in my opinion) one or more of a)Hopelessly naive, b)Frighteningly optimistic, c)Woefully ignorant of the problems of authentication combined with anonymity, d)Ignoring the problems of coercion, or (worst of all) e) Willing to accept vote tampering. I do not seriously think that the Electoral Commissioner would be willing to accept vote tampering, but every electronic or online system has been demonstrated to be vulnerable to it. Worse, such attacks can occur at any point, be it in corrupt coding, interference with the ballots, or by injecting forged ballots. All of these have be proven to be possible in every practical and theoretical system proposed to date. This is ignoring the problem of d) - if the voting is not occurring in a public place, how do you prove that t...
yeah. There are several versions of this, and as far as I can tell they're bogus on all levels. I need to write up what they're actually doing, which is nothing like what they claim to be doing. (Nobody exchanges anything except credits on a centrally-controlled "blockchain" which is for all practical purposes just a centrally-administered database.)
ReplyDelete"I need to write up" is my new phrase for "I have some rough notes in a WordPress draft along with a huge pile of others"
ReplyDelete