There’s a report from the University of Las Vegas, Nevada, of an interesting scheme to either facilitate vote fraud or to just undermine the credibility of a student government election there. Apparently an anonymous email was distributed warning of potential fraud in an upcoming election, and attached to the email was a file containing the last four digits of every student’s identification number — the same information that apparently students use as a password to vote.
Whether the anonymous email was really an attempt to faciliate fraud, or just to cast doubt about the credibility of an upcoming election, is unclear. This is an example of the sort of attack on a voting system that I wrote about in my “denial of service” threat analysis.
The response from the student government body in charge of running these elections, though, was unusual:
Zucco said CSUN’s elections committee is working on a different system. In his e-mail, he stated, “We are currently working on a system that no one knows about and it will stay that way [until] the system is operational.” He explained the secrecy is crucial until Elections can be certain the new system will be implemented.
It is not clear that a “security through obscurity” response here will either be effective, or whether it will have credibility, if potential voters do not know whether their votes are being counted as intended.