[nSLUG] Evoting Rant

Dennis d'Entremont dennis.dentremont at gmail.com
Wed Oct 17 08:30:33 ADT 2012

I used to work for the same folks who run Intellivote. If anyone remembers
knowledge house then you should know that it's some of the same folks...

On Wed, Oct 17, 2012 at 8:10 AM, Rory <rory at unixism.org> wrote:

> I wish this was surprising.
> Given the pool of web application devs outs there, though, it doesn't
> surprise me at all. I continually run into sites that cost considerable
> money to build (devs, consultants, etc) and are full of all the classic
> newbie security holes. Or that use 'encryption' to virtually zero effect.
> You'd think more of us had learned a thing or two about secure development
> over the last decade or so.
> Add to that all the complexities inherent in elections and voting, you've
> got a recipe for disaster.
> R
> On 2012-10-17, at 12:08 AM, Daniel AJ Sokolov wrote:
> > Let me set this straight: I think that Evoting is a bad idea for any
> public election. There is but a single group that I would see it warranted
> for: voters with certain handicaps.
> >
> > Putting aside my general approach to Evoting, I have observed what is
> going on in the HRM. And it is appalling.
> >
> > They have sent Login AND Password, in plain visibility, on ONE and the
> same page in an easily identifiable envelope - and they even put a "do not
> forward" message on it so voters who are out of town can not evote after
> all.
> >
> > They did not set up DNSSec.
> >
> > They force you to use JavaScript.
> >
> > The website officially supports only certain operating systems and
> browsers (no word of Linux) and apparently a single screenreader.
> >
> > No source code has been disclosed (however, a single HRM employee was
> tasked with verifying that the source code is perfect - what a relief).
> >
> > They are unable to verify fingerprints of the SSL certificates in use.
> They were very nice, talked to the Returning Officer and called me back:
> "You just need to type in https and then it is secure."
> >
> > Sure.
> > Daniel AJ
> > _______________________________________________
> > nSLUG mailing list
> > nSLUG at nslug.ns.ca
> > http://nslug.ns.ca/mailman/listinfo/nslug
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20121017/67d7d153/attachment.html>

More information about the nSLUG mailing list