Ben and all,
You have some good thoughts here that of course, have been discussed
many times before on this and other e-mail forums as well as within
sever publicly held corporations and some state governments in the
US that currently use Internet online voting today. (Florida, Texas, and
Minnesota).
The FEC - Federal Election Commission has a list of potential vendors
for DRE's - Direct Recording Electronic, or electronic voting software
and other electronic mechanisms. Here is the link:
http://www.fec.gov/pages/dre.htm
We [INEGroup] use our own in house developed product for use on the
internet that can be accessed directly from a JAVA app from your browser,
complete with authentication, duplication detection of E-mail addresses
or login id's, and secret word implementation as well as complete encryption
using PKIK's and or PGP. It is only available, for security reasons during
notified by E-Mail announcements, periods where resolutions or other
items that require member voting for approval of policies or other issues
that may be submitted on usually a monthly basis. This limited use time,
like the ISOC does, provides some additional security from "Hacking"
as you seem to be concerned about.
Ben Edelman wrote:
> Joop wrote:
>
> > I still believe that dishonesty of the voters is not the central problem
> > and that web based voting can easily be audited after an election in case
> > the results are challenged.
>
> I'm no expert on membership -- was only peripherally involved in Berkman's
> Representation in Cyberspace Study (see
> <http://cyber.law.harvard.edu/icann/rcs>) and the work of the MAC. But, in
> my mind, "fraud" can occur at any of several levels of the process. It
> could occur with fraudulent registrations -- me registering Benjamin A.
> Edelman, Benjamin B. Edelman, and so on. It could occur with non-fraudulent
> but still "not representative" messages -- like if I signed up as members of
> ICANN everyone I knew (or all the employees of my corporation) and had them
> all vote for me. And it could occur if I simply hacked into the voting
> tabulation system, added a lot of seemingly-legitimate members who voted the
> way I wanted them to vote, and covered my tracks.
>
> Preventing the first seems tricky to me, especially since, for privacy
> reasons, ICANN is understandably hesitant to require identification like a
> photocopy of a driver's license, and in any case there's no international
> standard for identifying documents of that sort. But an outside auditing
> firm -- the kind of thing I understand KPMG to be able to do, for a fee --
> could potentially watch for that sort of problem and let the world know if
> they see what they suspect to be "fraud." Same with the second kind of
> fraud, I suppose, though I'll admit that it'll be harder to know this kind
> of fraud if we are unlucky enough to see it.
>
> The third kind of fraud is perhaps the most worrisome of all -- if it were
> possible, it would seem to be the "easiest" way to rig an election, and the
> way most certain to have the desired result from the defrauder's
> perspective. But, in my experience with software development, it seems like
> something we should be able to prevent, primarily through careful review of
> the code and infrastructure that make up the online voting system. I'm
> thinking of a sort of peer review -- a group of talented programmers,
> security experts, professionals who do exactly this kind of thing all the
> time -- who would examine the system, perhaps try to hack in (anyone see the
> movie _Sneakers_?), and report their findings. This would of course require
> the permission of the author and administrator of the software, which makes
> me ask...
>
> Joop, would you be willing to submit your code for peer review? By a small
> group of professionals, or by the entire community? I can understand good
> reasons why you might not be -- despite the growing respect given by the
> programmer community to open source, there are those, including myself I'll
> admit, who have our doubts. But I can easily imagine a credible argument
> being made for why any voting software used by ICANN has to be open, at the
> least, to a select panel of software security experts, and perhaps to the
> world at large.
>
> Thoughts from others?
Regards,
--
Jeffrey A. Williams
Spokesman INEGroup (Over 95k members strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail [EMAIL PROTECTED]
Contact Number: 972-447-1894
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
