Re: [ALSC-Forum] How To Validate a human being

[Jeff Williams]

Stephen and all stakeholders or interested parties,

Stephen Waters wrote:

> On Thu, 2001-10-11 at 09:40, Eric Dierker wrote:
> >
> > Again we are regulating the poor and the small.  When we need to be regulating
> > the Strong, Rich, Big and powerful.  We do not need regulations to protect big
> > business from our vote but to protect us from big business. (don't get me wrong I
> > want to be big when i grow up)
>
> Quite the opposite. We are attempting to regulate that the vote not be
> coopted from the poor by an industrious, not necessarily rich, few.

  Great point!  Well stated also...  Thank you!  >;)

>
>
> > It seems that every technique suggested here about security could be routed
> > around by Versisign but not by 99% of the users.  Remember that when you outlaw
> > guns only outlaws have guns.
>
> naw, it's simple enough to ignore VeriSign altogether. With Certs, PGP,
> or similar techniques, you can hand-roll it all as Jeff W. has
> aforementioned. Most, maybe even all, of the software required for this
> even has publically accessible source code that programmers you trust
> can look at.

  That's exactly right.  In fact it has been available for some time now.
Why the ICANN BoD and staff have not availed themselves of
this is beyond me, to date.

>
>
> > The best protection against fraud is a very large election so that any
> > shenanigans are diminished by virtue of percentages.  ( a lot complain about the
> > last election - but shucks I like the folks we got to elect and I don't think
> > they got there by fraud )
>
> The problem with this scenario is that computers make large-scale fraud
> much simpler. This is why Jeff, myself, et al. are pro-crypto.

  Also exactly right as well here!  Indeed a huge number of new
computers are being added to the internet via a multitude of
access methods on a daily basis.  This increases the opportunity
for fraud to exist and go undetected for some time.  With
secure systems via Crypto techniques and technology,
the opportunity for fraud is greatly reduced.

>
>
> A Scary Scenario: Latently hijacked DNS of a widely used ISP.
> Industrious individual/organization captures the voting sessions of
> legit folks and fakes the voting session so these folks think they have
> actually voted.

  Yes, and this already happened almost exactly one year ago
with the ICANN BOD election as an example.

> Industrious entity collects PINs and passwords (ala last
> election) and votes how it pleases. If well-implemented, this could
> happen in all the regions in the same election, by one or many entities.
>
> With PGP, certs, etc., this wouldn't happen unless the voter
> specifically sent her secret key unsecured somewhere or it was recovered
> by a BOH. But, as I noted before, if the secret key was used to vote,
> the voter would notice because ICANN would say in bold, red font "Our
> database indicates that you have already voted. If you suspect someone
> has stolen your key, please report the incident here:".

  Yes!  Good point again.

>
>
> There are many Scary Scenarios. The worst are always the ones you find
> out about long afterward (I'm thinking 16th Amendment, but insert as you
> please).
>
>   ------------------------------------------------------------------------
>
>    Part 1.2   Type: application/pgp-signature

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup - (Over 118k members strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number:  972-447-1800 x1894 or 214-244-4827
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208