Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Security Failures Continue, Where are the Consequences? | Main | Wi-Fi Eavsdropping Continues, Security Measures Too Complex »

What We Can Learn from E-Voting Mess

E-voting has taken a beating in the last couple of weeks because of poor security. We are witnessing a profound lack of trust in electronic voting systems from county and state level governments in the U.S. to the U.K.'s Electoral Commission. The secretary of state of California has restricted the use of e-voting machines and U.K. officials have called for an outright halt to their use. How did it get so bad and what can we learn from it?

ComputerWorld is quoting the U.K. Electoral Commission:

E-voting "should not be pursued any further without significant improvements to testing and implementation and a system of individual voter registration", the commission said.
Although remote voting systems had "in broad terms" proved successful and facilitated voting, "the level of implementation and security risk involved was significant and unacceptable", the watchdog found.

The commission goes on to say that the rollout of e-voting machines was poorly planned and executed.

Electoral Commission chief executive Peter Wardle said: "We have learnt a good deal from pilots over the past few years. But we do not see any merit in continuing with small-scale, piecemeal piloting where similar innovations are explored each year without sufficient planning and implementation time, and in the absence of any clear direction, or likelihood of new insights."
In some of the pilot areas for both e-counting and e-voting, "it was clear that local authority elections staff were supplier-led", the commission warned.

Also, security researchers found that e-voting machine vendors seemed to think of security as an add-on, which of course is a recipe for disaster.

In short, when we are developing or acquiring applications we need to:

1. Think about security as fundamental, it isn't an add on.
2. Understand how we will test and test during development and not too far into the process
3. Not depend on vendors to lead us through the process
4. Be ready to pull the plug when the risks out weigh the benefits

Tags:      
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on August 7, 2007 9:50 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/373

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net