TapeVoting

3 May 2007 11:05 by Rick

I haven’t been able to find any decent report of the electronic voting trials taking place today in the local council elections, the best is probably Jason Kitcat. I have these comments to make about the principle:

It is not presently (nor in the foreseeable future) possible to construct a secure, Internet-based system for remote electronic voting.

Dr. Rebecca Mercuri, Bryn Mawr College, 2002

The main reason is that you have many conflicting and contradictory requirements. You need to check that the mechanism to vote is actually available; the entitlement of the person to vote; that they vote only once; that privacy is maintained; that no coercion has taken place; that the voter gets positive feedback that their vote has been cast as they directed; and that the candidates and other observers get an unambiguous assurance that count mechanism is accurate and unbiased. Note that some of these are not the same requirements as for commercial transactions; that interaction is deliberately not anonymous (else you won’t get anything delivered nor charged), nor are the requirements for all elections the same.

No voting system is going to meet all these requirements but the added factor in remote electronic systems is the possibility of automation generating sufficient mis-votes to influence the outcome. Proving identity is not done at the ballot box but the attendants are going to notice gross abuse; Privacy is weakened by numbered ballot slips but it takes a manual, obvious and difficult cross reference to trace back each vote, unlike electronic systems where the identity and the vote cast can easily be in the same or linked databases; no one can twist your arm when marking your cross; you put the slip in the locked box personally; representatives of all interested parties can see the count, where the actual voting slips are present laid out on the table and they can oversee any queries that arise.

Introducing the internet into this is to shroud the whole process in a dense fog. You cannot rely on the security of the entry device (home PC) nor the transport mechanism (ISP to global internet). No amount of encryption can compensate for the huge number of home systems that are vulnerable and exposed. It is analogous to leaving ballot boxes unsupervised on street corners for a few days as you have no way to tell how the voting slips arrived. To continue the analogy, how can the voter recognise a genuine ballot box—read “spoofed voter web sites”. Finally, if you get your vote to the correct system, the opportunities for that server, connected to the world, to be attacked are not insignificant. In a recent case, personal details of applicants for NHS positions were exposed alongside their names; this is despite the system requirement to strip off these details before recording the data at all.

There are arguments in favour of electronic polling stations but the systems used must be independently audited (not proprietary black box systems) and provide a printed feedback confirmation of the vote cast which can be deposited in a ballot box in case a manual count is needed e.g. in case of system failure, compromise or dispute.

Dr. Mercuri goes on to say

To say that “it is probably impossible to make any system perfect” and then use this as an excuse to impose a horribly imperfect and flawed process on the voting public, is sorely misguided.

Posted in Miscellaneous, Security | 4 Comments »

TapPostal Voting

2 May 2007 10:09 by Rick

The second thought on elections and voting relates to the scandal of the postal vote fraud in the 2004 local elections in Birmingham (and perhaps other places). This happened because polling booth voting has always been relatively relaxed with no requirement to prove identity on arrival and reasonably anonymous being quite hard to trace a vote cast back to the voter. They assumed that this could be carried across to a postal system with little change, no thought being given to possible intimidation and no checks made to ensure that the right people registered and that they were those that actually voted. With a postal system, rigging is much easier to organise as there is more time and it can be done out of sight of the officials.

It was said on the radio news that

Figures seen by the BBC suggest the problem was worse than first thought.

In four other wards, where there were allegations of fraud at the time but no formal enquiry, more than half the postal voters have disappeared from the list.

and I thought at the time that it was a rather rash assumption that all those that vanished were fraudulent. There are other reasons that could have influenced it; for example people who registered last time seeing the scandal and not wanting to be involved any more, or not wanting to go through the enhanced procedures being introduced this time. However I see from the written report that other wards have seen little change so perhaps there is some merit in it.

As a footnote, it is also my opinion that a large scale postal system denies the right of voters to hear and see all the arguments which typically are given right up to the day polls open. This typically works against the small and local parties who reply on the few weeks run up to polling day to get their message across.

Posted in Miscellaneous | 1 Comment »

TapOne “person” one vote

09:33 by Rick

It is May and our thoughts turn to elections. Somewhere in the country always has elections at the start of May and this year it is our turn, so I have a few thoughts around this theme to pass on.

The first relates to the story of the Fire Brigade’s Union which, in common with a number of bodies like this, has a problem with its council. For very good reasons I am sure, sometime in the past they wanted to make sure that their minority members were adequately represented so they arranged for their council to have a member to represent each of the Women’s, Gay and Ethnic Minority interests (women are a minority among fire fighters). Now, rather late, they have discovered that this gives some members double representation and a more or less effective veto on certain issues before council. To resolve this they are trying to abolish them.

As I heard it announced the first time it said “the fire-fighters union is trying to remove the gay, black and women representatives from the council”—a more poorly worded statement I can’t imagine! But even when we and they understand what they really mean, they still have a problem—other representatives on the council also represent minority groups, but of a more industrial nature. So it looks like they need to thoroughly review their constitution and understand what democracy really means.

The same applies to political parties, particularly the Labour Party. The unions have always had a block vote “on behalf of their members,” though this has been diluted in recent years. All the time it exists, some members who also belong to a union effectively have two votes on party affairs.
Another misguided attempt to manipulate the rules to try to equalise the representation is the biased shortlist—e.g. all women thus disenfranchising people before they even vote.

Representational government is only fair and seen to be fair if it is not tinkered with. If you want (as we should) to ensure proportionate representation of all groups entitled to vote they you must have a proportional representation voting system. There is no other choice.

Posted in Miscellaneous | Comments Off on One “person” one vote

TapHappy Birthday Great Britain

1 May 2007 10:27 by Rick

Royal Standard 1707
Thanks to Paul James for the picture.
On this day 300 years ago, Great Britain was formed by the Act of Union between the thrones of England and Scotland. Queen Anne was on the throne at the time and a period of relative peace and stability was beginning. The standard also reflects interests in France and Ireland one of which would be quietly dropped and the other would give no end of trouble in later years.

Posted in Miscellaneous | Comments Off on Happy Birthday Great Britain

TapDue care and attention

28 Apr 2007 10:43 by Rick

Envelope returning Driving Licence
This is how at least one of our public bodies looks after our valuable identity documents. And they tell us to take care!?

To those who may not know, every Briton over about 25 would recognise this as a Driving Licence.

Posted in Miscellaneous, Security | Comments Off on Due care and attention

TapNavigating London

26 Apr 2007 09:13 by Rick

Doesn’t every one have this problem? You pop up out of a hole in the ground; you know exactly where you are; you know exactly where you are going; but you have no idea which way you are facing! All it needs is N,S,E,W signs at tube station and subway exits then you wouldn’t get people staning in the middle of the pavement peering at scrappy maps trying to orientate themselves.

Posted in Miscellaneous, Navigation | Comments Off on Navigating London

TapPoles apart

21 Apr 2007 17:38 by Rick

By convention, the ends of a magnet are labelled North & South to reflect the direction they point when it is freely suspended. The magnetic field of the earth can be likened to a big bar magnet.

Question: Approximately where would the North pole of this magnet be located.

Answer: Somewhere in the Antarctic. Yes, it was a trick question! Unlike poles attract; like poles repel; so for the North pole of a compass needle to point North, it must be attracted by a South magnetic pole somewhere on the Arctic ice sheet north of Canada (about 7 degrees away from the True North Pole.)

Posted in Navigation, Technical | Comments Off on Poles apart

TapHi-Ho Silva

17:25 by Rick

After 35 years service my Silva orienteering compass has stopped working. I didn’t think that they could but mine seems to have lost its magnetism so it will point any way I care to put it. Actually that is not quite true, there is a little charge in it so it will slowly drift around—to point exactly the wrong way! I can only imagine that it has become de-gaussed by an electric field or perhaps from getting too hot but I don’t know how. I trust that airport X-ray machines don’t harm them?

Posted in Navigation, Technical | 3 Comments »

TapHappy Birthday

8 Apr 2007 08:00 by Rick

It is my father’s birthday today and he was also born on Easter Day so the clever among you can work out how old he is as it has never happened in the intervening years. His mother always said that he popped out of an Easter Egg not brought by a stork like ordinary babies.

Posted in Miscellaneous | Comments Off on Happy Birthday

TapConfessions of an email spammer

7 Apr 2007 15:42 by Rick

A while ago, when this web site was really getting going, I discovered the need for a mail form to help people communicate back. At the time I was having problems with random senders being blocked and this seemed the easiest way to do it. I found what looked to be a good system in Jack’s Formmail.php v5.0!. I went through it carefully, pulled out parts which uploaded files to the server which I thought were dangerous, and used it. This has been running for a couple of years—until today.

Today I got a heap of bounced emails into an account that is not normally used much and looking at a few, it was clear that the originals had been generated by my modified script; I had signed them.

The content of a form generated email from my script is as follows, much the same as the original in fact:

 1. To: [recipient]
 2. Subject: [subject]
 3. MIME-Version: 1.0
 4. From: "[realname]" <[email]>
 5. Reply-To: [email]
 6. X-Mailer: DT Formmail5.0_RJP_2
 7. Content-Type: multipart/mixed;
 8.         boundary="----=_OuterBoundary_000"
 9. This is a multi-part message in MIME format.
10.
11. ------=_OuterBoundary_000
12. Content-Type: multipart/alternative;
13.         boundary="----=_InnerBoundery_001"
14.
15.
16. ------=_InnerBoundery_001
17. Content-Type: text/plain;
18.         charset="iso-8859-1"
19. Content-Transfer-Encoding: quoted-printable
20.
21. realname: [realname]
22. email: [email]
23. message: [message]
24.
25. Message sent by formail.php v5.0_RJP_2 from [HTTP_REFERER]
26.
27.
28. ------=_InnerBoundery_001--
29.
30. ------=_OuterBoundary_000--

Lines 1 & 2 are generated by the PHP mail() routine, lines 4 & 5 are generated by the script, lines 21-23 are obtained from the input form and the rest is pretty much fixed. I think my web host inserts Return-Path; [account email address] after line 8 and adds

Received: (from [account]@localhost)
by west-penwith.org.uk (8.12.11/8.12.11/Submit) id [id];
[datestamp]
Date: [datestamp]
Message-Id: [id]

to the front before the mail leaves home. [recipient] is fixed to my email address and coded in the script so that it can’t be harvested, [subject] is, I presume, sanitised by mail(). [email], the sender’s email address, is checked using a regexp and malformed ones rejected. [message] is not checked, but is protected by being inside a MIME type text/plain part.

Have you seen the flaw yet?

Looking at the bounced messages kindly provided by Yahoo! where they quoted the incoming message in full there were some strange additions. There was a big gap between lines 4 and 5 containing the spammy message. Also lines 21-23 were in a different order and there was a lot of additional text before line 25. This consisted of the same spammy message and a very long "bcc:" list. What they had done was inject

[bogus email address at west-penwith.org.uk]
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
Subject: [spammy subject]
bcc: [lots of email addresses]

[Spammy content]

..

as the value for my variable [realname] and I hadn’t validated it. The insertion into the content of the message was benign, but in the header, it was taken and interpreted as written which is why all those bcc addresses were sent rubbish. As a last minute alteration, I thought it would be nice to have the mail come from a real person rather than just an email address and didn’t think of the consequences.

Verdict: Guilty as charged.

What I am curious about is a) why the mail stream wasn’t terminated by the “..” before line 5 as it is supposed to be and b) how they discovered the flaw. Unfortunately I haven’t been receiving mail from this form for a few weeks (this may be related) so I would have missed any test runs. Do they have a bot which picks up the variables used by a form and try injecting rubbish into them to see what happens, or has a human cracker been on the job?

I should point out that the flaw that was exploited was not in the original script, it was caused by an alteration I had made. The [subject] may also be vulnerable in a similar way, though it would depend on how mail() interprets it, the manual is vague on this. There are a lot of other things which even the original script doesn’t check so perhaps I should look around for a better one.

Posted in email, Technical | 3 Comments »

« Older Entries
Newer Entries »

^ Top