[LINK] Electronic witnessing [was: High Court case Re: Register Online to Vote Should be LLegal]

Kim Holburn kim at holburn.net
Fri Jul 30 10:07:53 AEST 2010 

On 2010/Jul/30, at 9:31 AM, Stephen Wilson wrote:
> Tom Worthington wrote:
>> Courts seem to have avoided the issue of technical standards for
>> electronic documents by simply accepting documents which look like a
>> paper document when printed out.
>>
>> Given that no one at the AEC is checking the signatures on the paper
>> documents they get, there seems little point in creating a complex
>> system of multiple digital signatures for the electronic equivalent.
>> There would be some simple authentication which could be applied and
>> which would be as good as a "signature" (which no one ever checks),
>> without the complexity of digital signatures.
> Tom, you seem to be advocating no extra investment in security?  The
> courts are actually being forced to sharpen their attention, by cases
> such as the tampering with electronic evidence in a court database  
> by a
> 'hacker' on behalf of an accused person (I'll try to dig out the
> reference if Linkers are interested).
>
> The AEC might not check handwritten signatures routinely, but I bet  
> they
> dig them out when it comes to investigating electoral fraud, and then
> the witness signature and details will indeed be followed up.  Philip
> Argy's point was that there is no accepted way to even invoke an
> 'electronic witness' much less create enough forensic certainty to
> support AEC investigation.
>
> Digital signatures need not be any any more complex than credit  
> cards or
> electronic bus tickets.

True and they would not be any more secure than bus tickets either.   
To be secure, digital signatures need a user's understanding of the  
principles.  Not going to happen soon.

> Surely if we don't do something serious now about e-authentication,  
> then
> e-voting when it becomes widespread in coming years will be vulnerable
> to rorting, which would set back the cause dramatically.


And we need on-line registration why?  And we need e-voting why?

If we do move to on-line registration what are your plans for  
protecting the on-line voting registration process from 4chan and its  
ilk?

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list