As soon as Norway's code drop happens DemTech will be doing some analysis. From what I have heard, given that we had observers at the election in Norway, the problem came down to a single JavaScript statement being put in the wrong place in the code (initialization inside vs. outside of a loop)....

Indeed, in my experience, the use of Ghostery causes one to be unable to even click on the "login" link on DanskeBank's website. Joe

We'll be adding a snapshot of the system to our DemTech evoting systems repo this week too. https://github.com/demtech/evoting-systems We have performed audits of several released evoting systems so far: Norway's system, Scantegrity II, The Netherland's KOA system, etc. I'm certain we'll see t...

Note that pentesting does not guarantee a secure system---it can only help raise confidence and do more accurate risk analysis, but is very subjective based upon the skill of the pentesters and the amount of time they have to do the analysis. Sorry for being so quiet lately on all of these matte...

Allan, Your more fundamental complaints about the social, political, and technical foundations of NemID's architecture resonate with me. I, too, think that there are fundamental problems with what we use today. In the short term, I try to objectively critically analyze what we have, make recom...

Peter, your comments on the advantages and disadvantages of relying upon third-party identification and authentication services are correct. Precisely characterizing the security profile of an authentication service that relies upon such n-factor authentications is troublesome, but generally rea...

Hello readers, Your comments above are good ones. The solution that we are prototyping is meant to seem like a drop-in replacement for NemID but is actually quite different behind the scenes. E.g., no public interface to witness DDOS, no mandatory private key delegation, no Java on the client ...

That's a cut-and-paste error.

Feel free to ask any questions you like about our R&D, development processes, methodologies, and tools, etc. The development we do focuses on case studies to show off advanced concepts, tools, and techniques for mission-critical and safety-critical systems. Everything we do is fully Open...

Please feel free to ask any questions you like about or R&D, current systems under development, development processes, methodologies, and tools! Joe

Peter, I think you missed the courses that I teach. Readers have also commented on other courses that do explore these topics, but perhaps not as aggressively as you and I would like (e.g., the Advanced Software Engineering course at ITU or the basic Software Engineering course here at DTU). S...

I'm aware of Ivan's work in the area and he and DemTech do keep in touch.

Note that DemTech's response essentially says, "We think that objective trials are a good idea if you get the law in order by following these recommendations." Trials that are properly designed, strictly time limited, inexpensive, controlled, transparent can help reveal if evoting in...

I have nearly twenty years experience in running large IT projects, both in industry and academia. Suffice to say we know what we are doing on that front. Feel free to look up my LinkedIn profile for evidence.

Let's say 100s of billions of dkk on the conservative-side then. I do believe that, when all is said and done, it has or will get into the trillions.

Thanks for the coverage and comments! The HAVA costs (estimated at over $2B USD ~= 10B dkk) are only the tip of the iceberg of total national costs in the U.S.A. Per-state estimates for the further costs of experiments, equipment, storage, maintenance, training, (re-)certification, salaries, ov...

Here is the recording: https://c.deic.dk/p4nnxbkr1di/ Thanks for coming everyone, particularly Poul-Henning! We had a completely full house (perhaps 200?) and another 37 watching online.

@Kim Jensen You'll note that no where do I or DemTech suggest that evoting should be used for national elections. Instead, we ask whether or not this makes sense at all by posing a hypothesis. The point of a scientific project is to propose a hypothesis and then objectively, rationally, test t...

Hi Joseph Thank you for commenting here. Always easier when we can talk directly to the parties involved. Couple of questions: 1) You say that you were involved in hacking the Dutch systems. Was that what we see in this video: https://www.youtube.com/watch?v=sSsyYKgwnVk ? Rop Gonggrijp is...

Representatives from the government, the municipalities, and media will attend the lecture. So yes, we have the ear of the government, both via politicians and bureaucrats.