Online voting increases voter turnout minimum 30%

[Riverwind]

What about our passwords!?

And what identification did you have to provide before you allowed to create an account? All the password does is show that you are authorized by the original maker of the account to post under the name assigned to the account. That is not a secure system.

[benny]

And what identification did you have to provide before you allowed to create an account? All the password does is show that you are authorized by the original maker of the account to post under the name assigned to the account. That is not a secure system.

It is secure as long as I can denounce someone who would post under my name (benny) an opinion that would contradict mine.

[Riverwind]

It is secure as long as I can denounce someone who would post under my name (benny) an opinion that would contradict mine.

And what are the consequences of someone posting under your name? A little bit of confusion? Not much to be concerned about. But with online banking the consequences of a security breach are much more severe so the requirements are much higher (verification by mail, debit card number + password, secret questions, etc).

When it comes to security one size does not fit all. Measures that are appropriate for one application are not necessarily appropriate for another. That is why an e-voting system would need the mail in applications and PINs that are re-issued every election. Of course, requiring those secuirty measures will make the system less convenient but they are necessary to ensure that system is perceived to be secure.

[benny]

And what are the consequences of someone posting under your name? A little bit of confusion? Not much to be concerned about. But with online banking the consequences of a security breach are much more severe so the requirements are much higher (verification by mail, debit card number + password, secret questions, etc).

When it comes to security one size does not fit all. Measures that are appropriate for one application are not necessarily appropriate for another. That is why an e-voting system would need the mail in applications and PINs that are re-issued every election. Of course, requiring those secuirty measures will make the system less convenient but they are necessary to ensure that system is perceived to be secure.

To me, it is very simple: One cannot vote against online voting online; by voting online, this person is putting enough value on online voting.

[CAMP]

And what are the consequences of someone posting under your name? A little bit of confusion? Not much to be concerned about. But with online banking the consequences of a security breach are much more severe so the requirements are much higher (verification by mail, debit card number + password, secret questions, etc).

When it comes to security one size does not fit all. Measures that are appropriate for one application are not necessarily appropriate for another. That is why an e-voting system would need the mail in applications and PINs that are re-issued every election. Of course, requiring those secuirty measures will make the system less convenient but they are necessary to ensure that system is perceived to be secure.

You have raised a question for me that I will address to Intelivote. I know that you must be on the official Elections Canada list to be able to vote and that is where the Intelivote system would gather potential voters from. They would get a letter via snail mail with a pin # and I know that they said a secondary question like your date of birth could also be used as a positive ID as well as other personal questions. What I'm not sure of is if they do this every election or you keep this information for the next one? My guess is it will most likely be re done again each election . But I will check and post the response here.

[Riverwind]

What I'm not sure of is if they do this every election or you keep this information for the next one?

Keeping the information would create an adminstrative nightmare because people do change their minds and lose their PINs. This would be especially true if the PIN are only used once every couple years.

The other adminstrative nightmare is reconcilling the voters list. This would require that e-voters cast their vote long before the actual election which puts them at a disadvantage.

[benny]

Keeping the information would create an adminstrative nightmare because people do change their minds and lose their PINs. This would be especially true if the PIN are only used once every couple years.

The other adminstrative nightmare is reconcilling the voters list. This would require that e-voters cast their vote long before the actual election which puts them at a disadvantage.

I think that the only real problem is that we have to assume that there will be a black market of PINs online.

Edited July 2, 2009 by benny

[CAMP]

Keeping the information would create an adminstrative nightmare because people do change their minds and lose their PINs. This would be especially true if the PIN are only used once every couple years.

The other adminstrative nightmare is reconcilling the voters list. This would require that e-voters cast their vote long before the actual election which puts them at a disadvantage.

Could you elaborate on this disadvantage? I know at an election the online voters would be able to vote a week before the walk in voters and most likely up to the night before the walk in voters. The list would be updated in real time as to who voted and their name struck off the voter list so they couldn't also do a walk in vote.

[CAMP]

I think that the only real problem is that we have to assume that there will be a black market of PINs online.

The Intelivote system uses the same system as many sign up sites to remove auto bots from attempting to sign up by creating a human reader interface to get rid of bots. You probably have seen them where there are letters and numbers all super imposed on lines and background that only a human can see.

This gets rid of someone fishing for pins endlessly. Pins I guess could be sold but there will be secondary and even more questions if necessary to confirm a voter. Also I'm sure that legislation could be put together to make it a federal offence with a prison term if necessary to curtail such an event.

[CAMP]

The Intelivote system uses the same system as many sign up sites to remove auto bots from attempting to sign up by creating a human reader interface to get rid of bots. You probably have seen them where there are letters and numbers all super imposed on lines and background that only a human can see.

This gets rid of someone fishing for pins endlessly. Pins I guess could be sold but there will be secondary and even more questions if necessary to confirm a voter. Also I'm sure that legislation could be put together to make it a federal offence with a prison term if necessary to curtail such an event.

There is also the monitoring of the system to ensure that a person attempting to enter the system can only attempt to enter the pin # 3 times and then the system monitoring will kick in.

[Riverwind]

The list would be updated in real time as to who voted and their name struck off the voter list so they couldn't also do a walk in vote.

Our system depends on paper lists that are printed and distributed to the polling stations. There are only two options:

1) Cut off online voting early. How early depends on system but it would have to be before the advance polls open because that is when the paper lists are printed and distributed.

2) Force online voters to use the online system once they sign up.

2) Is what happens for mail in votes. Once you sign up you have to mail in your ballot or you don't get to vote. If they use 2) for the online system then voters would have to reapply for every election - a major inconvience that undermines your argument that the online system would be more convenient.

[Riverwind]

There is also the monitoring of the system to ensure that a person attempting to enter the system can only attempt to enter the pin # 3 times and then the system monitoring will kick in.

So someone could write a script that would lock thousands of people out of the system by entering a wrong PIN?

[ToadBrother]

The Intelivote system uses the same system as many sign up sites to remove auto bots from attempting to sign up by creating a human reader interface to get rid of bots. You probably have seen them where there are letters and numbers all super imposed on lines and background that only a human can see.

You are aware that these particular methods have been crackable for some time, right?

This is what scares me about online voting. It's advocates seem so tragically unaware that the "security" technologies they advocate are not so secure at all.

[benny]

Pins I guess could be sold but there will be secondary and even more questions if necessary to confirm a voter. Also I'm sure that legislation could be put together to make it a federal offence with a prison term if necessary to curtail such an event.

These additional questions and new criminal offences would be enough for me to accept online voting.

[Riverwind]

These additional questions and new criminal offences would be enough for me to accept online voting.

If do something requires that we make new criminal offenses then we should not be doing it all.

[CAMP]

You are aware that these particular methods have been crackable for some time, right?

This is what scares me about online voting. It's advocates seem so tragically unaware that the "security" technologies they advocate are not so secure at all.

That part of the security is only one level that eliminates someone from turning a computer loose to hack the system.

There are other higher levels of security that create the safety needed. I was just wanting to let everyone know that automated bots can't penetrate the system because of the human ID interface. Please read the article I posted on here earlier and you will learn alot about online voting and what truly is the security level. Just look back to earlier posts.

[CAMP]

If do something requires that we make new criminal offenses then we should not be doing it all.

Well that's a very strange comment. So then when we made seatbelts mandatory I guess we should have all stopped driving then huh. Anything new such as online voting should always be watched closely and have deterents set up along with it to ensure it's success. I'm not advocating we just jump into this and run with out monitoring and a watchful eye. This is a serious technology that can improve our democracy greatly by increasing voter turn out and providing a means of communication to our government inbetween mandates.

[ToadBrother]

That part of the security is only one level that eliminates someone from turning a computer loose to hack the system.

There are other higher levels of security that create the safety needed. I was just wanting to let everyone know that automated bots can't penetrate the system because of the human ID interface. Please read the article I posted on here earlier and you will learn alot about online voting and what truly is the security level. Just look back to earlier posts.

CAPTCHAs are security like those littly tiny chains on apartment doors are security. They're not security at all, and each new iteration of technology is quickly bypassed.

If anyone thinks CAPTCHAs should be used in any way for securing anything critical (like banking or voting), then those people are morons. CAPTCHAs should not be relied upon for anything mission critical.

[CAMP]

CAPTCHAs are security like those littly tiny chains on apartment doors are security. They're not security at all, and each new iteration of technology is quickly bypassed.

If anyone thinks CAPTCHAs should be used in any way for securing anything critical (like banking or voting), then those people are morons. CAPTCHAs should not be relied upon for anything mission critical.

So the banking online industry isn't safe the I assume you're saying?

[benny]

If do something requires that we make new criminal offenses then we should not be doing it all.

We would not be in the middle of this worldwide market meltdown mess if new criminal offenses would have existed for digital money; I'm therefore forced to conclude that to be able to follow the money, all legislators should be elected through a digital process.

[Riverwind]

So the banking online industry isn't safe the I assume you're saying?

Banks don't use capchas. They use long number (debit card) + password + personal questions. More importantly, if a hack attempt happens the system can lock out access without causing a huge inconvenience since the user can always call a human operator and get access restored.

All of your arguments ignore the fact that e-voting is a unique application because it is used infrequently and when it is used it is used by a large number of people at once. This creates logistical problems that cannot be easily solved by looking at applications like online banking.

Edited July 2, 2009 by Riverwind

[benny]

Banks don't use capchas. They use long number (debit card) + password + personal questions. More importantly, if a hack attempt happens the system can lock out access without causing a huge inconvenience since the user can always call a human operator and get access restored.

All of your arguments ignore the fact that e-voting is a unique application because it is used infrequently and when it is used it is used by a large number of people at once. This creates logistical problems that cannot be easily solved by looking at applications like online banking.

It is precisely because e-voting requires the more advanced features that legislators chosen by this method and only them will be able to regulate online banking in particular and the new economy in general.

[CAMP]

Banks don't use capchas. They use long number (debit card) + password + personal questions. More importantly, if a hack attempt happens the system can lock out access without causing a huge inconvenience since the user can always call a human operator and get access restored.

All of your arguments ignore the fact that e-voting is a unique application because it is used infrequently and when it is used it is used by a large number of people at once. This creates logistical problems that cannot be easily solved by looking at applications like online banking.

The capchas used by intelivote is only one of the levels of security, they also use a long number (Pin) and a password section could also be implemented (I'm going to check with Intelivote and see if it already is) and I know for sure personal questions are. There is also lock out access after 3 tries and a human intervention if necessary. There is a human monitoring of the system and alerted if someone is trying to hack. The online voting logistics works as such..... one week before the walk in polling begins the online starts. (This give 6 days to vote online) This has been shown to eliminate the overload problems. Then the night before the walk in polling begins the online voting is ended. The updated list of who has voted online is printed out and given to the walk in polls with names stroked out of those who have voted. Then the walk in poll carries on for the rest of the time.

Simple straight forward and effective.

[Riverwind]

The online voting logistics works as such..... one week before the walk in polling begins the online starts. (This give 6 days to vote online) This has been shown to eliminate the overload problems.

There have been no large scale tests so such a claim is not credible. Roll out such a system and I guarantee that a lot of people will not be able to access the system because of lost PINs and/or similar problems.

Then the night before the walk in polling begins the online voting is ended.

The lists are printed out before the advance polls and then reused on the day of the poll. This is a simple effective way to ensure that people who vote at the advance polls do not vote again on the day of the election. Requiring that the advanced poll voter lists be manually entered into a computer before reprinting them is much more complex unless they do what they do with the mail in ballot (i.e. people registered for online voting are not allowed to vote at the walk in polls). Edited July 2, 2009 by Riverwind

[CAMP]

There have been no large scale tests so such a claim is not credible. Roll out such a system and I guarantee that a lot of people will not be able to access the system because of lost PINs and/or similar problems.

The lists are printed out before the advance polls and then reused on the day of the poll. This is a simple effective way to ensure that people who vote at the advance polls do not vote again on the day of the election. Requiring that the advanced poll voter lists be manually entered into a computer before reprinting them is much more complex unless they do what they do with the mail in ballot (i.e. people registered for online voting are not allowed to vote at the walk in polls).

Hmm I'm not sure what you're saying here but I'll take a stab at it.

When the online or electronic voting starts the list is in the computer. As people vote online their names are still on the list but the computer will stroke out their name when a print out is requested. This request would happen after the closing of the on line time period. This printed out list showing stroked out names of those who have voted electronically would be used at the walk in polling station. Only those names not stroked out would be allowed to vote at the walk in poll. The computed results of the electronic vote remain secret until the walk in polling is done and tabulated as it is now. The walk in polling results would be entered into the computer and added to the electronic results and then the official monitor would give the results to the public.

The printing out of the list would be relatively an easy task. The system would allow for a choice of how you would vote. If you choose to vote electronically then you can't vote at the walk in. Hope I answered what your questioning or thinking.