Subject: Re: [EL] Electionlawblog news and commentary 4/19/11
From: Candice Hoke
Date: 4/19/2011, 10:21 AM
To: "election-law@mailman.lls.edu" <election-law@mailman.lls.edu>


On 4/19/11 11:38 AM, Rick Hasen wrote:

Paperless Voting Coming to Ventura County?

See here.


Yes, online voter information is quite a bit cheaper than paper mailings.   But demographic studies of internet access, including by Pew, reveal substantial socioeconomic differences in internet access.  You can guess relatively accurately the "haves" versus the "have nots." 

Worse or at least as troubling as equal access is the profound lack of understanding regarding the ease with which websites can be brought down, have posted information modified, or spoofed (misdirected to a fake but often highly similar site). 

The Department of Homeland Security seeks to facilitate vast improvements in the security attributes of software, especially of broadly utilized website software.  As you might imagine, many of the "most egregious exploitable software weaknesses" are found in software designed for internet-facing applications.  Unfortunately, the Feds' continuing involvement reflects the empirical truth that most software is "egregiously exploitable." 

Those seeking to use the internet for voter information should consider whether they have the monie$ to:

    -- purchase website software that has been designed to avoid all of the "egregiously exploitable" software weaknesses -- and not simply depend on vendors' fanciful but grossly erroneous claims of security, and

    -- hire and maintain a qualified network security staff 24/7, to protect access to the site and its "data integrity."

When those essentials are factored in, the overall price changes significantly upward.   Ventura County needs a computer security expert consultation. 



DHS:   https://buildsecurityin.us-cert.gov/bsi/securecoding.html

"Key Practices for Mitigating the Most Egregious Exploitable Software Weaknessesthe Software Assurance Pocket Guide Series - Development Volume II provides recommended practices for preventing the most critical exploits in software. Common Weakness Enumeration (CWE) provides a standard means for understanding software security risks; enabling more informed decision-making by suppliers and consumers about the security of software. This pocket guide addresses the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors. The main goal for the Top 25 CWE Coding Errors list is to stop vulnerabilities at the source by educating programmers on how to eliminate the most egregious programming errors before software is shipped.  This pocket guide is being updated to reflect the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors,...."