OK, it's relevant to OpenBSD because I wouldn't consider anything else
safe enough to run on the servers.  Not that I'm in a position to do
any of it.  The servers could even be run from custom official live
CDs so they were harder to tamper with, with maybe a RAM drive for
speed.

There seems to be a conflict between having anonymous votes and having
something similar to paper ballots that can be recounted.  So let
authentication, identification, etc. be handled by one machine and
stored in one database then the transaction is handed over to another
machine which stores the votes.  That could be something simple like a
tab-delimited file which could be counted by hand, one line per voter.
The file could be only writeable by the owner. The same person can't
vote twice because the first machine wouldn't allow them in a second
time.

I'm assuming there's physical security over the server room, if that
was compromised all bets are off.  When I last voted I verbally
identified myself to one person who handed me my ballot, which I
checked off in pencil, then identified myself to another worker who
cranked my ballot into a simple counting machine about 40 years old.
Yes, if one person got access to the files in seclusion they could
alter something assuming they were root, that would have to be as
impossible as erasing the pencil marks on the ballots and changing
them.  I assume there are always multiple scrupulous workers present.

It doesn't have to be an SSN, a driver's license number would work as
well.  Some long number known mostly only to the voter and to the
government which doesn't arrive by the same mailing as the key the
town sends  Somewhat analogous to a public key, with the private key
being the number the town mails each voter for each election.

Laziness isn't the only reason to do this, I would hope to expand it
to maybe a weekly vote on things that are put to the House and Senate
so there's direct input from voters instead of only electing people
who do their voting.  There probably wouldn't be a lot of interest but
being able to provide feedback to elected representatives could be
useful, conversely there would be statistics on what percentage of the
time they voted as the public wanted.

Instead of voting with a web browser, there might be some security to
be gained by using a dedicated client.  Or voting from something like
an Android phone (I have no experience with IOS).  Android security
seems almost excessive.  Incorporating the phone numbers on each end
could be useful although not to be trusted as identification by
itself.  An app could connect to a phone number and load a ballot,
fill it out offline, then dial another number to submit it in
milliseconds which lessens the load on the server.  For that matter
you could produce live CDs to be booted and used only for voting, any
operating system you want.

I think bouncing ideas off a community of knowledgeable computer
hobbyists and professionals is a useful thing to do.  I became an
OpenBSD user about 2001 because I inherited a Linux box at my job that
had been root kitted and I needed something more secure, it's still my
first choice.  I later firewalled the entire office through another
OpenBSD box, it worked very well.  So yes, security in academia where
student records were concerned, we had thousands of transcripts.
-- 
Credit is the root of all evil.  - AB1JX

Reply via email to