Joseph Kiniry

Personligt feed med nye kommentarer i tråde, du overvåger:


Kommentar til 70.622 nordmænd stemte over internettet - men sikkerheden får kritik

the devil is in the details

As soon as Norway's code drop happens DemTech will be doing some analysis. From what I have heard, given that we had observers at the election in Norway, the problem came down to a single JavaScript statement being put in the wrong place in the code (initialization inside vs. outside of a loop)....
Kommentar til Mystisk fejl hærger Danske Banks netbank

Ghostery vs. DanskeBank

Indeed, in my experience, the use of Ghostery causes one to be unable to even click on the "login" link on DanskeBank's website. Joe
Kommentar til Unittests af vores e-valgssystem kan vente

correctness and security evaluations of evoting systems

We'll be adding a snapshot of the system to our DemTech evoting systems repo this week too. We have performed audits of several released evoting systems so far: Norway's system, Scantegrity II, The Netherland's KOA system, etc. I'm certain we'll see t...


Note that pentesting does not guarantee a secure system---it can only help raise confidence and do more accurate risk analysis, but is very subjective based upon the skill of the pentesters and the amount of time they have to do the analysis. Sorry for being so quiet lately on all of these matte...

reflections on technique

Allan, Your more fundamental complaints about the social, political, and technical foundations of NemID's architecture resonate with me. I, too, think that there are fundamental problems with what we use today. In the short term, I try to objectively critically analyze what we have, make recom...

reflections on comments

Peter, your comments on the advantages and disadvantages of relying upon third-party identification and authentication services are correct. Precisely characterizing the security profile of an authentication service that relies upon such n-factor authentications is troublesome, but generally rea...

clarification and comments

Hello readers, Your comments above are good ones. The solution that we are prototyping is meant to seem like a drop-in replacement for NemID but is actually quite different behind the scenes. E.g., no public interface to witness DDOS, no mandatory private key delegation, no Java on the client ...
Kommentar til Sådan hjælper du udviklingen af open source valg-software


That's a cut-and-paste error.
Kommentar til Hjælp forskerne med at gøre dansk valg-software open source


Feel free to ask any questions you like about our R&D, development processes, methodologies, and tools, etc. The development we do focuses on case studies to show off advanced concepts, tools, and techniques for mission-critical and safety-critical systems. Everything we do is fully Open...
Kommentar til Sådan hjælper du udviklingen af open source valg-software


Please feel free to ask any questions you like about or R&D, current systems under development, development processes, methodologies, and tools! Joe
Kommentar til Har du ikke lært at debugge kode?

a part of my response to Peter (sent via email)

Peter, I think you missed the courses that I teach. Readers have also commented on other courses that do explore these topics, but perhaps not as aggressively as you and I would like (e.g., the Advanced Software Engineering course at ITU or the basic Software Engineering course here at DTU). S...
Kommentar til Disse 7 eksperter skal rådgive politikerne før afstemning om e-valg

Re: Ivan Damgaard og hans viden

I'm aware of Ivan's work in the area and he and DemTech do keep in touch.
Kommentar til Høring om eValg

Re: Spørgsmål om ekspert uafhængighed

Note that DemTech's response essentially says, "We think that objective trials are a good idea if you get the law in order by following these recommendations." Trials that are properly designed, strictly time limited, inexpensive, controlled, transparent can help reveal if evoting in...

Re: 6 års udvikling af forskere?

I have nearly twenty years experience in running large IT projects, both in industry and academia. Suffice to say we know what we are doing on that front. Feel free to look up my LinkedIn profile for evidence.
Kommentar til Danmarks førende e-valgsforsker: Forkast lovforslag om e-valg

Re: trillions of dkk in the U.S.A.

Let's say 100s of billions of dkk on the conservative-side then. I do believe that, when all is said and done, it has or will get into the trillions.
Kommentar til Danmarks førende e-valgsforsker: Forkast lovforslag om e-valg

trillions of dkk in the U.S.A.

Thanks for the coverage and comments! The HAVA costs (estimated at over $2B USD ~= 10B dkk) are only the tip of the iceberg of total national costs in the U.S.A. Per-state estimates for the further costs of experiments, equipment, storage, maintenance, training, (re-)certification, salaries, ov...
Kommentar til eValg: Lyt til en expert

recording of the lecture is now available

Here is the recording: Thanks for coming everyone, particularly Poul-Henning! We had a completely full house (perhaps 200?) and another 37 watching online.
Kommentar til eValg: Lyt til en expert

Re: Att: Joseph Kiniry

@Kim Jensen You'll note that no where do I or DemTech suggest that evoting should be used for national elections. Instead, we ask whether or not this makes sense at all by posing a hypothesis. The point of a scientific project is to propose a hypothesis and then objectively, rationally, test t...
Kommentar til eValg: Lyt til en expert

Re: Att: Joseph Kiniry

Hi Joseph Thank you for commenting here. Always easier when we can talk directly to the parties involved. Couple of questions: 1) You say that you were involved in hacking the Dutch systems. Was that what we see in this video: ? Rop Gonggrijp is...
Kommentar til eValg: Lyt til en expert

Re: kommer der nogen fra folketinget

Representatives from the government, the municipalities, and media will attend the lecture. So yes, we have the ear of the government, both via politicians and bureaucrats.