[nSLUG] Evoting Rant

Daniel AJ Sokolov daniel at falco.ca
Wed Oct 17 00:08:11 ADT 2012

Let me set this straight: I think that Evoting is a bad idea for any 
public election. There is but a single group that I would see it 
warranted for: voters with certain handicaps.

Putting aside my general approach to Evoting, I have observed what is 
going on in the HRM. And it is appalling.

They have sent Login AND Password, in plain visibility, on ONE and the 
same page in an easily identifiable envelope - and they even put a "do 
not forward" message on it so voters who are out of town can not evote 
after all.

They did not set up DNSSec.

They force you to use JavaScript.

The website officially supports only certain operating systems and 
browsers (no word of Linux) and apparently a single screenreader.

No source code has been disclosed (however, a single HRM employee was 
tasked with verifying that the source code is perfect - what a relief).

They are unable to verify fingerprints of the SSL certificates in use. 
They were very nice, talked to the Returning Officer and called me back: 
"You just need to type in https and then it is secure."

Daniel AJ

More information about the nSLUG mailing list