[nSLUG] Evoting Rant

Doooh Head doooh_head at hotmail.com
Wed Oct 17 08:52:59 ADT 2012


When it comes to "evoting" I have never been so astounded at the ignorance's that abound at that simple term.
People get all wierded out at what they think it represents but don't consider how broken our "paper" voting system really is and what evoting actually delivers

J

Date: Wed, 17 Oct 2012 08:30:33 -0300
From: dennis.dentremont at gmail.com
To: nslug at nslug.ns.ca
Subject: Re: [nSLUG] Evoting Rant

I used to work for the same folks who run Intellivote. If anyone remembers knowledge house then you should know that it's some of the same folks... 

On Wed, Oct 17, 2012 at 8:10 AM, Rory <rory at unixism.org> wrote:

I wish this was surprising.



Given the pool of web application devs outs there, though, it doesn't surprise me at all. I continually run into sites that cost considerable money to build (devs, consultants, etc) and are full of all the classic newbie security holes. Or that use 'encryption' to virtually zero effect.




You'd think more of us had learned a thing or two about secure development over the last decade or so.



Add to that all the complexities inherent in elections and voting, you've got a recipe for disaster.



R



On 2012-10-17, at 12:08 AM, Daniel AJ Sokolov wrote:



> Let me set this straight: I think that Evoting is a bad idea for any public election. There is but a single group that I would see it warranted for: voters with certain handicaps.

>

> Putting aside my general approach to Evoting, I have observed what is going on in the HRM. And it is appalling.

>

> They have sent Login AND Password, in plain visibility, on ONE and the same page in an easily identifiable envelope - and they even put a "do not forward" message on it so voters who are out of town can not evote after all.


>

> They did not set up DNSSec.

>

> They force you to use JavaScript.

>

> The website officially supports only certain operating systems and browsers (no word of Linux) and apparently a single screenreader.

>

> No source code has been disclosed (however, a single HRM employee was tasked with verifying that the source code is perfect - what a relief).

>

> They are unable to verify fingerprints of the SSL certificates in use. They were very nice, talked to the Returning Officer and called me back: "You just need to type in https and then it is secure."

>

> Sure.

> Daniel AJ

> _______________________________________________

> nSLUG mailing list

> nSLUG at nslug.ns.ca

> http://nslug.ns.ca/mailman/listinfo/nslug



_______________________________________________

nSLUG mailing list

nSLUG at nslug.ns.ca

http://nslug.ns.ca/mailman/listinfo/nslug




_______________________________________________
nSLUG mailing list
nSLUG at nslug.ns.ca
http://nslug.ns.ca/mailman/listinfo/nslug 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20121017/84ae91aa/attachment.html>


More information about the nSLUG mailing list