|
preventing black markets in signature ability?
2001-01-17 23:21:30
There seems to be a lot of evidence that voting anonymously
(the privacy constraint) and free from fraud or accidental
errors (the authenticity constraint) might not be possible to
do online any better than can be done with paper ballots or
specialized, auditable electronic voting machines. And clearly
the potential for serious abuse is much worse when unauditable
data-processing (such is inherent on the Internet and would be
even if everyone converted to static IPv6 addresses) is used to
the exclusion of truckloads of paper ballots. Stacks of
paper are much more difficult to forge than a series of IP
addresses, and that will remain true for a very long time.
So I've never been a fan of general online voting, and I
hope it is a long time before political elections are performed
with unauditable equipment such as web browsers on wintel PCs.
If that ever happens I expect the temptation of serious fraud
will become too great for those capable of it, and so it
would only serve to discredit other kinds of online democracy,
such as certificate-based petition signing.
Petitioning is the topic of the SmartInitiatives Initiative --
www.smartinitiatives.org -- which fascinates me more all the
time. With online certificate-based petition signing, there
is no need to keep the names of the signers private; in fact
they might necessarily be a part of the public record (I am
not sure about that.) So, with the strict privacy constraint
relaxed, is anyone at all concerned that such authentication
might still be subject to any serious fraud?
The financial services industry uses weaker forms of web-based
authentication all the time for transactions to and from
customer and corporate accounts seemingly without any limits
on the size of the transaction, and other kinds of businesses
do, too. If online brokers let people shuffle million$ from
pork belly futures to and from foreign exchange index options
(and other accounts via wire transfer) all with 56-bit
encryption, I can hardly see any Registrar or Clerk fretting
over a list of certificate-based crypto-signatures as any
worst than the corresponding stack of papers.
After all, election officials (in California, anyway) are
required to take a random sample of the signatures collected
on any official petition and verify them by looking up and
contacting the people who purportedly signed them. Since
most such petitions require thousands of signatures at the
very least, nobody forging any sizable percentage of their
signatures, electronic or not, has any real hope of escaping
the scrutiny of random sample verification, and the penalties
for intentional fraud are very serious. So, while in theory
attempting such fraud might be easier, I don't see how it
could ever work in practice. Can anyone?
So, what I'm getting to is this excerpt from the SmartInitiatives
mailing list message below:
Here's what the Jones Report (Secretary of State Bill Jones' Internet
Voting Task Force Report, January, 2000, has to say about the viability of
digital certificates:
While there are similarities between voting and petition signing, it is
important to note that the two are not identical and they have somewhat
different cost and security properties:
Petition-signing is a year-round activity, whereas voting occurs during a
limited time window. Hence, servers and other infrastructure needed to
support petition signing would need to be running year-round, instead of
just during a time window before election day. This may dramatically
increase the total cost of managing the system. While it is reasonable to
expect voters, for security reasons, to submit a signed request for
Internet voting authorization each time before they vote (similar to a
request for an absentee ballot), it is not reasonable to expect voters to
submit such request each time they wish to sign a petition. As a result,
voters who wish to sign petitions electronically would likely have to be
issued authorization (means of authentication) that are open-ended in
time. The longer such authorizations are valid, the more likely it is that
some of them will be compromised, or sold, reducing the integrity of the
petition-signing system over time. Voters can sign any number of
petitions in an election cycle. Hence, a compromised authorization to sign
petitions would be usable for signing any number of petitions, magnifying
the damage to the system's integrity.
Does that make sense to anyone -- does anyone believe that?
My guess is that some mid-level government official just didn't
want to think it through, especially given the requirement for
random sampling of petition signatures.
THE ONLY PART THAT REALLY BOTHERS ME, is the word "sold". If
I am such a pathetic excuse for a citizen that I decide to sell
my ability to sign petitions to someone else, then of course I'm
not going to give myself away if some Clerk phones me up and
asked if I signed something; of course I'll say I did.
The initiative process is one of the things I think is really
great about California, and if the Internet can support a
paperless form of signing such signatures, I think that would
be the greatest application since HTTP. But, if it can't
overcome the potential serious problems of a black market in
signing ability, then it probably isn't worth it.
So, what solutions are there to the potential for such sales?
Perhaps during verification, the signers being scrutinized
would simply be asked to describe what they signed, or the
date and time they signed, or both? Would that fix the problem?
Cheers,
James
Date: 18 Jan 2001 04:36:05 -0000
From: "Smart Initiatives" <SmartInitiatives-owner(_at_)listbot(_dot_)com>
Subject: Seemingly-Contradictory Views from the Same Source
Smart Initiatives
Dear Smart Initiatives Online Newsletter Subscriber,
Washington, D.C., is not the only place where important issues are hashed
out in hearing rooms. On January 22, 2001, I'll be testifying before the
Speaker's Commission on the California Initiative Process in Sacramento,
California. I'll be urging the Commissioners to adopt Smart Initiatives
for California. Also appearing with me will be the Technical Director of
the California Task Force on Internet Voting, the report of which comes
out strongly against Smart Initiatives.
As I pointed out in my last post to this list ("In Defense of Smart
Initiatives," January 13, 2001), the main excuse cited in this report as a
reason not to implement Smart Initiatives was the, in my opinion
erroneous, contention that digital certificates are inadequate and
insufficient to establish and authenticate the identity of citizens who
have signed a Smart Initiative. In the report's own words, implementation
of Smart Initiatives needs to wait for "the development of a system to
electronically verify identity."
Much of the European Union, the bank consortium Identrus, and the Federal
Government, among others, already believe, and are acting on that belief,
that digital certificates and the Public Key Infrastructure they make
possible can provide very secure means to "electronically verify
identity." As you will see in the article below, so does the Secretary of
State of California, only he seems to have forgotten that he does.
Regards,
Marc Strassman
Executive Director
Smart Initiatives Project
Seemingly-Contradictory Views from the Same Source
By Marc Strassman
etopia(_at_)pacificnet(_dot_)net
Executive Director
Smart Initiatives Project
http://www.smartinitiatives.org
January 13, 2001
Copyright 2000, by Marc Strassman, all rights reserved
Here's what the Jones Report (Secretary of State Bill Jones' Internet
Voting Task Force Report, January, 2000, has to say about the viability of
digital certificates:
While there are similarities between voting and petition signing, it is
important to note that the two are not identical and they have somewhat
different cost and security properties:
Petition-signing is a year-round activity, whereas voting occurs during a
limited time window. Hence, servers and other infrastructure needed to
support petition signing would need to be running year-round, instead of
just during a time window before election day. This may dramatically
increase the total cost of managing the system. While it is reasonable to
expect voters, for security reasons, to submit a signed request for
Internet voting authorization each time before they vote (similar to a
request for an absentee ballot), it is not reasonable to expect voters to
submit such request each time they wish to sign a petition. As a result,
voters who wish to sign petitions electronically would likely have to be
issued authorization (means of authentication) that are open-ended in
time. The longer such authorizations are valid, the more likely it is that
some of them will be compromised, or sold, reducing the integrity of the
petition-signing system over time. Voters can sign any number of
petitions in an election cycle. Hence, a compromised authorization to sign
petitions would be usable for signing any number of petitions, magnifying
the damage to the system's integrity.
Here's a press release on the same subject, also available on the
Secretary of State's official website at:
http://www.ss.ca.gov/digsig/press1014.htm
FOR IMMEDIATE RELEASE
Thursday, October 14, 1999
Secretary of State Jones Brings Widespread Expansion
of E-Government One Step Closer to Reality
Jones Approves VeriSign, Inc. as First Certification Authority Permitted
to Verify the Integrity of Digital Signatures Used in Electronic
Communication with State and Local Government
MOUNTAIN VIEW -- With the push of a few keystrokes, California Secretary
of State Bill Jones digitally signed a proclamation recognizing VeriSign,
Inc. of Mountain View as the first company authorized to provide digital
signature certification services to state and local government across
California. The accreditation of California's first "Approved
Certification Authority" will dramatically broaden the number of
government functions that can be conducted over the Internet.
"This is an important step in the march toward electronic government in
California," said Jones. "The availability of reliable digital signatures
will go a long way toward improving the number of government transactions
that can be conducted over the Internet.
"Many government agencies have been hesitant to provide complex services
over the Internet until they have reliable digital signatures that they
know will have the full force and effect of law. Today, we have provided
those agencies with an additional level of security," said Jones.
Jones presented the digitally signed certificate to VeriSign CEO Stratton
Sclavos during a ceremony at VeriSign's Mountain View, California
headquarters.
"VeriSign is honored to be the first Certification Authority recognized by
the State of California," said Sclavos. "We are committed to providing
state and local government with the services they need to advance
E-Government here in our home state."
Under the Digital Signature Act of 1995, digital signatures used in
written communication with California state and local government are only
valid if they meet criteria outlined in Government Code Section 16.5 and
regulations adopted by Secretary Jones in 1998. Under those regulations,
public entities must only rely on digital signature certificates issued by
an "Approved Certification Authority". VeriSign, Inc. is the first company
approved to issue certificates for public entities in California.
(--End --)
(For a reiteration of these points in a second press release, announcing
approval of Digital Signature Trust as a second provider of digital
certificates for doing business with the State of California, see the
press release at: http://www.ss.ca.gov/digsig/press1118.htm.)
FOR IMMEDIATE RELEASE
Thursday, November 18, 1999
Jones Approves Second Company to Provide Digital
Signature
Services to State and Local Government in
California
"Digital Signature Trust" Approved to Serve as a Certification Authority
for Digital Signature Transactions in California
SACRAMENTO -- In a move that will help California state and
local government regain their leadership role in the use of technology to
improve government efficiency, Secretary of State Bill Jones today
announced that Digital Signature Trust (DST) has been added to the
Approved List of Digital Signature Certification Authorities in California.
"Digital signature technology will help many state and local
government agencies transition toward a paperless government in
California," said Secretary of State Bill Jones.
"When we passed California's digital signature regulations we
knew that government, technology companies and the citizens of the state
would all have to
work together to make eGovernment solutions a reality," noted Jones.
"Today, we are one step closer to a more efficient California government."
DST, based out of Salt Lake City, Utah, is the second company to
apply and receive approval from the Secretary of State to provide digital
signature
Certification Authority services to California state and local government.
DST became the first licensed Certification Authority in the U.S. when it
gained its license in the state of Utah in 1997.
Under the Digital Signature Act of 1995, digital signatures used
in electronically written communication with public entities are only
valid if they meet criteria outlined in Government Code Section 16.5 and
regulations adopted by Secretary Jones in 1998. Under those regulations,
public entities must only rely on digital signature certificates issued by
an "Approved Certification Authority."
Prior to placement on the Approved List, certification
authorities must undergo a performance audit to ensure that their policies
and practices are consistent with the requirements of the Digital
Signature Act and the regulations adopted by the Secretary of State. The
complete criteria for certification is available on the Secretary of
State's Internet site at: www.ss.ca.gov.
-30-
Let's review what Secretary of State Jones said on October 14, 1999:
"This is an important step in the march toward electronic government in
California," said Jones. "The availability of reliable digital signatures
will go a long way toward improving the number of government transactions
that can be conducted over the Internet.
"Many government agencies have been hesitant to provide complex services
over the Internet until they have reliable digital signatures that they
know will have the full force and effect of law. Today, we have provided
those agencies with an additional level of security," said Jones.
Then on November 18, 1999, he said:
"Digital signature technology will help many state and local government
agencies transition toward a paperless government in California," said
Secretary of State Bill Jones.
"When we passed California's digital signature regulations we knew that
government, technology companies and the citizens of the state would all
have to work together to make eGovernment solutions a reality," noted
Jones. "Today, we are one step closer to a more efficient California
government."
If digital signatures were such a good way of "helping many state and
local government agencies transition toward a paperless government in
California" in November, why were they mainly seen as something capable of
"magnifying the damage to the system's integrity" in January, two months
later?
When he said in January 2000, that "The longer such authorizations are
valid, the more likely it is that some of them will be compromised, or
sold, reducing the integrity of the petition-signing system over time,"
had the Secretary forgotten his statement of three months earlier that
"The availability of reliable digital signatures will go a long way toward
improving the number of government transactions that can be conducted over
the Internet"?
He had also said in October that ""Many government agencies have been
hesitant to provide complex services over the Internet until they have
reliable digital signatures that they know will have the full force and
effect of law. Today, we have provided those agencies with an additional
level of security."
Is that "additional level of security" sufficient for other agencies but
not sufficient for "government transactions that can be conducted over the
Internet" by the Secretary's own agency?
In short, how is it possible that digital certificates are IN GENERAL a
boon to e-government but completely inadequate for electoral purposes,
including the signing of petitions online?
Is the resolution of this apparent contradiction as simple as realizing
that electoral functions are not part of "e-government," that
"e-government" only refers to bidding on contracts with the state and not
to things as nebulous as, well, elections and initiative petition signing?
Are digital certificates perfectly acceptable for use in functions the
Secretary of State believes are worthwhile, or politically expedient, or
fun to officiate over, but completely unacceptable for functions (like
initiative petition signing) that he'd just as soon not see happen?
If so, then let him make it clear that e-government has nothing to do with
how the citizens of the state govern themselves and has only to do with
how they are administered. Unpleasant as such a realization may be, at
least it will be, in the words of the Secretary of State himself, "an
important step in the march toward electronic government in California."
-30-
______________________________________________________________________
To unsubscribe, write to SmartInitiatives-unsubscribe(_at_)listbot(_dot_)com
| <Prev in Thread] |
Current Thread |
[Next in Thread> |
- preventing black markets in signature ability?,
James P. Salsman <=
|
|
|