Subject: Re: [EL] Electionlawblog news and commentary 4/19/11
From: John Tanner
Date: 4/19/2011, 11:02 AM
To: Candice Hoke
CC: "election-law@mailman.lls.edu" <election-law@mailman.lls.edu>

The CA law apparently leaves it up to voters whether they want to continue to receive election booklets by mail or electronically.  Voters who lack internet access will still receive the information in paper form.  I don't think there's digital divide issue, as there certaoinly woudl be if electronic copies were the sole option.  Voters who opt for electronic information will, I presume, receive a pdf for their particular precinct.  That seems a less inviting target for hacking/mischief than the existing websites
    
This makes a great deal of sense in CA, where the booklets often are very lengthy, and where information often must be provided in multiple languages.  I actually rasied the possibilty with the CA SoS office back in 2004 as a way of deflecting concerns over the cost of bi- and multi-lingual ballots  It has the potential of saving a good deal of money and of providing environmental benefits.

2011/4/19 Candice Hoke <shoke@law.csuohio.edu>

On 4/19/11 11:38 AM, Rick Hasen wrote:

Paperless Voting Coming to Ventura County?

See here.


Yes, online voter information is quite a bit cheaper than paper mailings.   But demographic studies of internet access, including by Pew, reveal substantial socioeconomic differences in internet access.  You can guess relatively accurately the "haves" versus the "have nots." 

Worse or at least as troubling as equal access is the profound lack of understanding regarding the ease with which websites can be brought down, have posted information modified, or spoofed (misdirected to a fake but often highly similar site). 

The Department of Homeland Security seeks to facilitate vast improvements in the security attributes of software, especially of broadly utilized website software.  As you might imagine, many of the "most egregious exploitable software weaknesses" are found in software designed for internet-facing applications.  Unfortunately, the Feds' continuing involvement reflects the empirical truth that most software is "egregiously exploitable." 

Those seeking to use the internet for voter information should consider whether they have the monie$ to:

    -- purchase website software that has been designed to avoid all of the "egregiously exploitable" software weaknesses -- and not simply depend on vendors' fanciful but grossly erroneous claims of security, and

    -- hire and maintain a qualified network security staff 24/7, to protect access to the site and its "data integrity."

When those essentials are factored in, the overall price changes significantly upward.   Ventura County needs a computer security expert consultation. 



DHS:   https://buildsecurityin.us-cert.gov/bsi/securecoding.html

"Key Practices for Mitigating the Most Egregious Exploitable Software Weaknessesthe Software Assurance Pocket Guide Series - Development Volume II provides recommended practices for preventing the most critical exploits in software. Common Weakness Enumeration (CWE) provides a standard means for understanding software security risks; enabling more informed decision-making by suppliers and consumers about the security of software. This pocket guide addresses the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors. The main goal for the Top 25 CWE Coding Errors list is to stop vulnerabilities at the source by educating programmers on how to eliminate the most egregious programming errors before software is shipped.  This pocket guide is being updated to reflect the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors,...." 



_______________________________________________
election-law mailing list
election-law@mailman.lls.edu
http://mailman.lls.edu/mailman/listinfo/election-law