[Theforum] Re: Changes to the VotingReqs document

.jeff jeff at members.evolt.org
Tue Feb 5 17:34:50 CST 2002


> From: A. Erickson
> > Let's leave it at that, design the DB in the most
> > correct way to meet our needs .. and put trust in
> > those that do have access to not do something they
> > shouldn't.
> No. Sorry. I think we have to come up with something
> better than that.

agreed, but on a organization-wide level -- not with regard to the voting
application.  in other words, the voting application should not be burdened
with checks/balances that should be implemented at a higher level (most
likely socially).

> Yes, we have to trust that the information won't be
> compromised.  However, it's important that we determine
> ahead of time what counts as compromised and what we
> need to do to protect that data as much as possible.

true.  again, this needs to be done at the higher level.

> It's not enough for me to say to people -- your vote
> will be anonymous, well, except for Rudy...but that's
> okay. Not meaning to pick on Rudy.

honestly, there's really no way around the issue you mention here.  if it's
in the database, it can be retrieved.  hell, anyone with access to the
database transaction logs could reverse engineer the votes even if they were
deleted from the database, given enough time and motivation.

at some point we've got to accept that we can't always use technology to
secure technology.  the solution for this problem is a social one.  make the
penalties severe enough that no one will want to compromise the data.



jeff at members.evolt.org

More information about the theforum mailing list