qwghlm.co.uk : because all the other domain names were taken

From today’s Torygraph:

The choice of Conservative candidate to challenge Ken Livingstone as London mayor in two years’ time will be decided by voters across the capital, David Cameron announced yesterday. Londoners – whether Tories or supporters of other parties – will be able to vote by telephone or text message in a novel procedure the party hopes will revive interest in politics.

While it might be good enough for Big Brother, is it really going to be secure enough for a party political election? The expert’s view suggests not:

The requirement for strong communications integrity measures is entirely appropriate. We are, however, concerned that elsewhere in the study mention is made of practical use of methods, such as SMS, which cannot support this in any meaningful way. Methods that cannot support sufficient communications integrity measures should be explicitly rejected.

…and also this:

We do not believe that there is any method available for suitably secure text (SMS) voting that meets the other requirements of voting systems. While the CESG (2002) proposal appears to have the potential for being suitably secure in many ways, its reliance on response IDs that voters should check makes it excessively open to coercion of voters and vote selling.

In a way, it could be quite funny. A talented and politically motivated hacker, with a bit of insider access, could block, modify or even outright fake the messages being sent in to Tory HQ; you could get anyone – yourself, your mum, the bloke down the newsagent – to become Tory candidate for mayor.

(Seriously, I doubt they will, once they realise the security implications – expect this PR stunt to be quietly withdrawn in a couple of months’ time)