Slashdot Mirror
An Anonymous, Verifiable E-Voting Tech
Kilrah_il writes "After the recent news items about the obstacles facing E-voting systems, many of us feel it is not yet time for this technology. A recent TED talk by David Bismark unveiled a proposal for a new E-voting technology that is both anonymous and verifiable. I am not a cryptography expert, but it does seem interesting and possibly doable."
Problem: Politicians who desire the ability to freely pillage and back-stab the population have to worry about winning elections.
Solution: E-voting.
I read the article - all zero words of it - so perhaps the multimedia component of it addressed this concern, but I find it hard to imagine how:
If I can verify that my vote was counted, and can prove how I voted if there was a fraud to force a recount/etc, how does the system make it impossible for me to prove to my boss/spouse/friends/church/etc how I voted?
The problem with receipts is that if you can prove how you voted, then you can punish people for not voting the right way. All an abusive husband has to do is tell her wife to show up with a receipt showing the correct votes or they'll be beaten. You can make the receipt private, but an abusive husband/wife/parent/boss/etc will just tell people to turn them over or they'll be punished.
The effects of this kind of thing can be very subtle. People will change their voting patterns even if they think they MIGHT be asked to show that receipt. Maybe everybody in their union or church or whatever voluntarily posts their receipts as a show of solidarity, and who wants to then be the one person who doesn't join in?
If a voting system is well-designed it should not be possible for anybody to prove how they voted. Other controls should be used to ensure all votes are counted.
The problem isn't the idiots in charge, it's the idiot voters who elect them in the first place. The government in the US is the result of the contradictory demands of a highly polarized and frequently badly misinformed electorate.
You must NOT be able to prove your vote was counted correctly for a specific candidate. That leads to bribes/threats (i.e. your boss can ask to see the proof. if you want to assume that's illegal, think of all the other people who may "ask" to see it or offer something if you volunteer)
There are ways to do this and meet your requirements, but there is more to it than the 3 you listed.
When we use media, we capture the voter intent perfectly. There is a chain of trust between the voter intent, and the record of the vote, because that record only passes through the voter.
Making a mark on a piece of paper, voting by mail like we do in Oregon, is cost effective, and verifiable, and trustworthy. Recounts are possible too.
I know my intent was correctly recorded, and if there is a issue with the counting, we can all go into a room, and visibly verify every vote, getting a correct tally.
With a machine, it's a vote by proxy. We fail to record the voter intent, because the electronics only record what the machine thought the intent was, not the intent itself.
Because of this, no electronic system makes sense. I like counting them electronically, with scanners and such. We can audit that, verify, recount.
I don't like a touch screen, because we fail to actually capture the intent, only the machine record of what it thought the intent was.
Blogging because I can...
Agreed, E-voting is the classic solution in search of a problem.
Unless you have a disability, in which case it is the classic "solution to a problem".
Where I went to vote, anyone who wished had the option of bringing an assistant. I recall doing this for my grandmother when her health was failing. She couldn't see well enough to read the ballot much less fill in a circle. So, I would read the ballot to her, and she would tell me what to mark.
I'm all for throwing money at math and CS (it keeps me employed), but I still think that E-voting is unnecessary. Just use paper. With paper, the ballots can be recounted in front of a group of representative for each side whenever there is a dispute. It's simple and crystal clear to the vast majority of voters. The only disadvantage is that it's slow, but so what? Voting is important, we can afford to slow down a little and do it carefully.
Vote buying. That's what's wrong with it.
ANYTHING that gives the voter the opportunity to walk out with confirmation of HOW they voted is a huge problem. In the system you describe, the voter could decide to not put their paper slip into the box, or to drop in a fake substitute (and no, you couldn't verify it was a real slip without making their vote non-anonymous in the process).
So, they walk out the door, show their slip to "Guido", and poof - their vote has been bought.
The only time their vote gets screwed up is if a manual recount is done at that station, which in terms of % is low (by design - with an electronic system).
You need a solution where the original vote is cast on paper, and is scanned in (and retained) by the system... and the voter verifies their vote electronically on screen before walking off empty-handed.
MadCow.
I used to have a sig, but I set it free and it never came back.
Voting systems need to be understandable by the voter. This means KEEP IT SIMPLE, STUPID. A computer expert should not be involved.
A counting machine based on PAPER can be physically verified and observed by anybody who can COUNT including the interested parties so all are confident of the result. Even a closed corrupt count could come to light if the paper record is preserved. A counting machine can be ignored during a recount; if there is nothing to count then there is no recount and even less deterrent since one can't validate the results. One can't even know if the machine is hacked while a counting machine can be compared against a paper count.
You have to be ignorant OR foolish to think that ANY computer system is better than a paper one under the same conditions. A totally open computer system can be hacked and all traces removed - you do realize that linux still gets patched for security holes right? A hacked compiler or linker can produce bad programs despite clean code. Foreign made hardware components are also suspect (doesn't he NSA have a chip fab plant of their own?) It would take multiple experts just to verify machine at 1 point in time; even then could easily miss a clever attack or a serious security hole. That is barring any tampering after 100% verification (which would only be in theory because you can't get to 100% just like you can't ever be 100% sure a program is bug free.)
The hanging chad problem was over hyped but it is a great example of a solution for a non-problem that complicated the paper system thereby creating a security flaw. It should be obvious that a simple system everybody could see was flawed took so long to be killed off was a problem and now we have people asking about a much much much more complex system and one which only a specialized few could identify flaws?? It defies reason.
Of course, its a somewhat moot issue since the system favors 2 parties which are for sale so any games between the zealots are just a distraction from the larger gaming of the public by the powerful.
Democracy Now! - uncensored, anti-establishment news
Let's see:
* disabled people of all kinds,
* sick, old and just tired people who want to vote from home instead of driving for half an hour and then standing in line for an hour
* travelers who want to vote from wherever in the world they are
* young people who don't like boring old voting stuff
In almost all of these cases in the US e-voting favors Democrats - young, educated, lazy, traveling. That is the reason there is a subversive trend to undermine it by creating very, very badly misdesigned e-voting machines.
Now if your country does not have that problem, you might be like Estonia - every citizen gets an ID card with a proper PGP-ish electronic signature in it and he can vote on a web site using that signature either in a voting booth or at home and later verify his vote with a hash on a tally. And that has been fully working for two elections already with no problems.