cookies and OnLine Voting
RC Steve Sterling
rcsteve at tcrcm.org
Thu Dec 23 21:32:57 AKST 2004
Communication with the membership would be essential for success. Might even
require a separate mailing to the membership. Being in the software
business, I know the techie part is 15-20% of any project; working out the
business process, testing, training users and communications is 80-85% of
the effort.
Making sure no one gets left out come voting time has to be a critical
objective to be sure.
Keep thinking out loud-- thats all I am doing here as well..
-----Original Message-----
From: discussion-request at nsrca.org
[mailto:discussion-request at nsrca.org]On Behalf Of Grow Pattern
Sent: Thursday, December 23, 2004 8:41 PM
To: discussion at nsrca.org
Subject: Re: cookies and OnLine Voting
Steve,
If the current member number is, say 600 plus, how many do you
think are on the discussion list? I heard about 200. If that is right then
we need to design a system that reaches more than just this e-mail list.
Just thinking out loud,
Eric.
----- Original Message -----
From: "RC Steve Sterling" <rcsteve at tcrcm.org>
To: <discussion at nsrca.org>
Sent: Thursday, December 23, 2004 10:32 PM
Subject: RE: cookies and OnLine Voting
> Thanks Bill-- you can probably tell I love this techy stuff-- Which has
> got
> me thinking about the correct way to do an online voting system, should
> the
> new officers and membership choose to consider it.
>
> To ensure acceptability, it would need to be a "double-blind" system.
> Required protections would include:
> -- Define criteria of "valid voting members", then system restricts voting
> to only those meeting the criteria.
> -- Authenticate the voter (ensure someone else doesn't vote in your name).
> -- Ensure no multiple ballots.
> -- Provide feedback to the voter so they know their vote got registered as
> the intended, and provide a doublecheck just in case the system errors or
> did let someone else vote in your spot.
> -- Protect the secrecy of an individual's vote. (Use double-blind
> databases)
> -- Auditable results.
> -- Mail-in ballots for those that don't have online access or don't want
> to
> use online ballots.
>
> I'm not sure "double-blind" system is exactly the correct label for it,
> but
> I'll try to illistrate. Think of a paper ballot with individual serial
> numbers, the serial number is listed on the main ballot, plus on a
> tear-off
> strip. When someone votes and puts their ballot in the box, they tearoff
> the
> strip with their ballot serial number on it. When tallying the votes, a
> list
> is made of the ballot serial numbers and how it was voted. An individual
> voter can look at the results list, and using the ballot serial number,
> check and see that his/her vote was counted, and counted correctly. But
> know
> one can tell how any individual voted except the individual voter that
> holds
> that ballot number.
>
> We could build it, test it over the next year on some surveys, work out
> any
> bugs and build user confidence, before doing anything as critical as an
> election.
>
> Steve Sterling
> Web Team Member
>
> -----Original Message-----
> From: discussion-request at nsrca.org
> [mailto:discussion-request at nsrca.org]On Behalf Of Bill Glaze
> Sent: Wednesday, December 22, 2004 7:13 AM
> To: discussion at nsrca.org
> Subject: Re: Off Topic
>
>
> Steve:
> Thanks so much to you and Marty for your education about cookies. Not
> only have you completely explained my "need to Know" (read: curiosity)
> but you folks have taught me something also. (Not an easy thing to do,
> BTW! ;-) Is this list great, or what? Bill Glaze
>
> RC Steve Sterling wrote:
>
>>Hi-- without disclosing too much of the site's security that would give a
>>hacker an edge to break in--
>>
>>On login when you travel into the member's only section (retrieve latest
>>K-Factor, membership management etc), a non-persistent cookie is set as a
>>token so you don't have to login to each separate page you may browse.
>>
>>Other non-persistent cookies are used to pass values from one page to
>>another in the membership administration sections (mainly Maureen's
> domain).
>>
>>Note they are non-persistent cookies. They are never written to the
>>user's
>>hard-disk, unlike "normal" cookies. They only exist as a volitile variable
>>in that browser session. Closing the browser distroys them. You will also
>>see a "logout" on some of those members pages, and those distroy the
> cookies
>>without closing the browser.
>>
>>Why did I use non-persistent cookies? Other methods of passing this token
>>are much easier to hack.
>>
>>You can test this yourself. Login to www.nsrca.org/members. You will see a
>>menu with at least "download kfactor", "Update Password" and "Logout".
> Click
>>on "download Kfactor" and/or "Update Password". You get there without
>>hassle. Hit the browser back button. You get back to the menu
>>(www.nsrca.org/members/default.asp), again without hassle. Close the
> browser
>>window, open up another and go back to the menu at
>>www.nsrca.org/members/default.asp. It makes you login again because that
>>cookie was destroyed.
>>
>>I only speak for the section I am responsible for (www.nsrca.org/members).
>>Other people take care of other areas. They may be using cookies (normal
>>or
>>non-persistent) for other purposes.
>>
>>Steve Sterling
>>
>>
>>-----Original Message-----
>>From: discussion-request at nsrca.org
>>[mailto:discussion-request at nsrca.org]On Behalf Of Bill Glaze
>>Sent: Tuesday, December 21, 2004 7:04 AM
>>To: Discussion
>>Subject: Off Topic
>>
>>
>>I'm asking some of the computer gurus on this list:
>>Why can't I access the NSRCA web site when I have cookies disabled? I
>>realize that the commercial sites want to insert cookies into my system
>>to "further serve me" (ahem) better. But, inasmuch as I am already
>>sold<G> on the NSRCA, it seems peculiar to me that they want to install
>>cookies. Any help out there for my curiosity? TIA
>>btw: I remove all cookies at the end of the particular session..
>>
>>Bill Glaze
>>AMA 2221
>>NSRCA 2388
>>
>>=================================================
>>To access the email archives for this list, go to
>>http://lists.f3a.us/pipermail/nsrca-discussion/
>>To be removed from this list, go to http://www.nsrca.org/discussionA.htm
>>and follow the instructions.
>>
>>=================================================
>>To access the email archives for this list, go to
>>http://lists.f3a.us/pipermail/nsrca-discussion/
>>To be removed from this list, go to http://www.nsrca.org/discussionA.htm
>>and follow the instructions.
>>
>>
>>
>>
>>
>
> =================================================
> To access the email archives for this list, go to
> http://lists.f3a.us/pipermail/nsrca-discussion/
> To be removed from this list, go to http://www.nsrca.org/discussionA.htm
> and follow the instructions.
>
> =================================================
> To access the email archives for this list, go to
> http://lists.f3a.us/pipermail/nsrca-discussion/
> To be removed from this list, go to http://www.nsrca.org/discussionA.htm
> and follow the instructions.
>
=================================================
To access the email archives for this list, go to
http://lists.f3a.us/pipermail/nsrca-discussion/
To be removed from this list, go to http://www.nsrca.org/discussionA.htm
and follow the instructions.
=================================================
To access the email archives for this list, go to
http://lists.f3a.us/pipermail/nsrca-discussion/
To be removed from this list, go to http://www.nsrca.org/discussionA.htm
and follow the instructions.
More information about the NSRCA-discussion
mailing list