PRIVACY Forum Archive Document
|
PRIVACY Forum Digest Sunday, 27 February 2000 Volume 09 : Issue 09 (http://www.vortex.com/privacy/priv.09.09) Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, Cable & Wireless USA, Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Internet Voting - A Recipe for Trouble! (Lauren Weinstein; PRIVACY Forum Moderator) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are via an automatic list server system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list server system. Please follow the instructions above for getting the list server "help" information, which includes details regarding the "index" and "get" list server commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com/". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 09, ISSUE 09 Quote for the day: "Dream of me with croutons." -- King Henry II (Peter O'Toole) "The Lion in Winter" (Avco Embassy; 1968) ---------------------------------------------------------------------- Date: Sun, 27 Feb 2000 15:10 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Internet Voting - A Recipe for Trouble! Greetings. While I do not plan to routinely post announcements for PFIR (People For Internet Responsibility) in their entirety here in the PRIVACY Forum Digest, I'm making an exception today. The topic of the statement below is Internet Voting, a concept with serious ramifications, and serious problems, which could deeply impact all of us around the world. We're not talking about some abstract concept far in the future--in the U.S. the first official election use of Internet (Web) voting is just a couple of weeks away! As you'll see, there are many reasons to be very concerned about this entire area--with privacy issues being among the many potential dramatic risks. --Lauren-- ---------------------------------- Date: Sat, 26 Feb 2000 14:19:53 -0800 (PST) From: pfir@pfir.org (PFIR - People For Internet Responsibility) Subject: PFIR Statement on Internet Voting To: PFIR-List@pfir.org PFIR Statement on Internet Voting (http://www.pfir.org/statements/2000-02-26) PFIR - People For Internet Responsibility - http://www.pfir.org [ To subscribe or unsubscribe to/from this list, please send the command "subscribe" or "unsubscribe" respectively (without the quotes) in the body of an e-mail to "pfir-request@pfir.org". ] 2000-02-26 Greetings. As the election season gets into full swing, the concept of voting via the Internet has been receiving a great deal of attention. The Arizona Democratic Party is in fact about to hold what they say is the first legally-binding U.S. public election (their presidential primary in early March) which will allow Web-based voting. This is being touted as a major and obvious step forward. In reality, this rush to permit such voting could be a highly risky proposition, riddled with serious technical pitfalls that have rarely been discussed. Some of these issues are fairly obvious, such as the need to provide for accurate and verifiable vote counts and simultaneously enforcing rigorous authentication of voters (while still making it impossible to retroactively determine how a given person voted). Certainly all software involved in the election process (even when online voting is not contemplated) should have its source code subject to inspection by trusted experts unrelated to the firms providing those software systems. When "off-the-shelf" software is being used for such applications, this presents an interesting set of problems, to say the least. But even with such inspections, these systems are likely to have bugs and problems of various sorts, some of which will not be found and fixed quickly. This is just an inescapable fact when it comes to virtually all software, but could have remarkably serious consequences if such unavoidably complex software systems become integral to virtually all aspects of the actual voting process. Perhaps of far greater concern is the apparent lack of understanding suggested by permitting the use of ordinary PC operating systems and standard Web browsers for Internet voting. While the use of digital certificates and "secure" Web sites for such voting can do a reasonable job of identifying the connections and protecting the communications between voters and the voting servers, those are unfortunately not where the biggest risks are lurking. In recent cases of mass releases of credit card numbers and other customer information, it wasn't the communications paths that were compromised, but security at the servers themselves, even though they were touted as secure and used advanced encryption technology for communications with customers. Even with the best of intentions and efforts at good software design, the same kinds of security failures leading to private information disclosure or unauthorized modifications are possible in an Internet voting environment, just as we've seen in the commercial arena. Another area of serious concern is the ease with which voters' PCs could be compromised prior to elections by hostile software (which could be inadvertently loaded onto these systems via e-mail attachments, innocent-appearing Web downloads, or many other means) and could be designed to silently and invisibly alter the voter's input, ballot selections, and displayed output, with no clue to the voter or the voting server that this has occurred. Deployed on a sufficiently large scale (which might actually not need to be very large in the case of tight races) election results could actually be altered through such software manipulations. There is no obvious technique for avoiding the possibility of such tampering without resorting to "single-use" operating systems and specialized voting software, which would need to be specially booted (from distributed floppy disks or CD-ROMs) on voters' systems, presenting significant configuration complexities. The recent rash of Internet distributed denial of service attacks provides vivid evidence of how simple it is for "invisible" malevolent software to be distributed to unsuspecting users' computers. Even existing versions of such software could potentially be altered to subvert Internet voting in the manner described above. Which brings up another point--imagine the ideal targets that Internet voting servers would make for denial of service attacks. What better way to demonstrate power over the Internet than to prevent people from voting as they had expected? At the very least it would foster inconvenience and anger. Such attacks would also be likely to foster increased concerns regarding how Internet voting might skew voter participation in elections--between those persons who are Internet-equipped and those who do not have convenient Internet access. Trust in the election process is at the very heart of the world's democracies. Internet voting is perhaps the perfect example of an application where rushing into deployment could have severe negative repercussions of enormous importance. --Lauren-- Lauren Weinstein lauren@pfir.org or lauren@vortex.com Co-Founder, PFIR: People For Internet Responsibility - http://www.pfir.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy ------------------------------ End of PRIVACY Forum Digest 09.09 ************************
Copyright © 2005 Vortex Technology. All Rights Reserved.