[atlarge-discuss] Security of elections Re: [atlarge-discuss] WHAT MOST MEMBERSWANT

[espresso@e-scape.net]

At 00:11 +1300 2003/04/04, Joop Teernstra wrote:
Steven Waters wrote:
>>There's no reason why people couldn't register with several unique
>>emails, names, and user/pass.
>
>That is true. But for the moment the members' list does not show any
>evidence of it.

I can't speak to that issue (not having ever looked at the current
membership list) but there are several kinds of security issues
involved, whether the voting is on a Web site or by e-mail.

1. Membership status

>From what has been said by Vittorio and others, we are indeed at
a disadvantage when it comes to ensuring that no individual
registers under multiple identities. We simply don't have the
means and manpower to verify each registration, and the database
in fact does not seem to provide enough information for us to
do it if we had.

2. Confirmation of information supplied

Once somebody has registered (whether under a true or false
identity) about all we have to go on is a name and e-mail address
(possibly with an IP number identifying the point of original
of the sign-up, perhaps not) but I doubt the group has a
procedure whereby anyone looks at logs to confirm where the
registrations came from and it wouldn't prove much if they did:
many people have multiple e-mail addresses, or use the same
address from computers in various locations, etc. We also
have no means of contacting people when the e-mail address
they used at registration bounces messages... but such people
might well still be members who should be eligible to vote
and discover the elections by visiting the Web site from some
other account.

I see a double-bind here:
- if we don't have a means for people to advise of e-mail
address changes, they can't help us keep the list updated
and they can't vote unless they re-register in time with a
new address;
- if we provide a mechanism for people who want to update their
contact information on the Web site, how can it be made secure
enough that nobody can pick a name from the published list of
registered members and hijack their membership?

It's unfortunately true that most self-selected passwords are
not very secure. It's also obviously not a good idea to issue
membership numbers in sequential order since the chronology
of registrations is accessible.

>We still have the safety of being too unimportant for deliberate fraud
>and
>our problems are more likely to stem from voting for the wrong
>candidate
>because of insufficient information about him (and falling for his
>nice
>words instead of his actions), then getting the wrong candidate due to
>ballot box fraud.

One of the deepest ironies within ICANNATLARGE.ORG is that
probably nobody outside it thinks it's worth sabotaging but
some of its members may be here for exactly that purpose and
have the technical ability to do it.

>Anyway, if wanted, the PB can still be used to generate and send
>multiple
>messages with unique passwords, even if  the passwords are then used
>to
>identify an email ballot.

One measure which *might* make voting a bit more secure is to use
multiple identifiers. That is, for example, to assign membership
numbers to each registrant from a random number generator in
a process which does not go through an ICANNATLARGE domain server,
sending these separately from the balloting (perhaps with the
Call for Nominations) and then generating a random password
which goes with the e-mail ballot or URL for Web balloting.

Then any vote which does not include both the membership
number and the password would be invalid and we would not be
relying on people's names and e-mail addresses which can be
found fairly easily with a little research on the Web. It
obviously won't stop a hacker or serious identity thief but
it might be better than relying on e-mail addresses and
passwords alone.

Regards,

Judyth

##########################################################
Judyth Mermelstein     "cogito ergo lego ergo cogito..."
Montreal, QC           <espresso@e-scape.net>
##########################################################
"A word to the wise is sufficient. For others, use more."
"Un mot suffit aux sages; pour les autres, il en faut plus."
##########################################################



---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de