@s7ephen mentions this in the "thread":
@cykyc hrm yea, I guess I am more thinking it solves a small part of "authentication" but mostly overtrust of polling locations and machines
I have been an elections judge (currently a Chair Judge) for the City of Minneapolis since 2004. Minneapolis breaks down polling areas into wards (high level) and precincts (low levels). The magic happens at the precinct.
The first task is to authorize the voter. That is, is the voter in the right precinct to vote? It is against the law in MN to vote in the wrong precinct, so this is a good thing :-) The authorization process usually starts out by seeing if the voter knows if she is in the right location. If the voter thinks so, a roster book is consulted. The election judge then asks the voter her name and address. If there is a match, that voter is authorized to vote in that precinct. If not, see Same Day Registration process (not documented here :-)
The voter then signs the roster, which attests an oath, that the voter is not up to any shenanigans and such.
Note: the voter did not authenticate herself at any time.
Deterrents, trust, and possible knowledge by election judges are the mitigating controls in lieu of authentication for MN.
So, sadly, we don't authenticate in the first place, unless the name is not on the roster. For my precinct, that means that 90% of the individuals would not be served by having a strong auth solution in place, such as PKI.
0 comments:
Post a Comment