Canada To Adopt On-Line Voting?

belmolis writes "Here in Canada we have an old-fashioned paper ballot voting system that by all accounts works very well. We get results quickly and without fraud. Nonetheless, Elections Canada wants to test on-line voting. From the article: 'The head of the agency in charge of federal elections says it's time to modernize Canada's elections, including testing online voting and ending a ban on publishing early election results.' Is it worth trying to fix a system that isn't broken?"

Online voting cannot be secured

[Opportunist]

Hell, didn't anyone learn anything from online banking? It can NOT be made secure. Why? Inherently. Because you would have to trust a machine that is not under your control, as the voting agency: The user's computer. And there is no way to verify that his vote is actually his decision. And I'm not even talking about the guy with the gun pointing at his head telling him how to vote.

Here's a scenario that happened in reality a while ago with online banking. Anyone with half a brain should be easily able to tell how to apply it to online voting. We might have to get someone to explain it to a politician, though.

A piece of malware existed (and still exists), that was developed as a reply to the one time pad banks handed out. Since intercepting and using the user's credentials was useless in such an environment, what they did was to manipulate the user's browser to make the user do the malicious transaction himself. What happened was, essentially, this: The malware manipulated (through a BHO) the input and the reply from the bank. The user entered, e.g. that he wanted to transmit 100 bucks to pay his electricity bill. The malware sent that he wants to send 1000 bucks to a mule. The bank replied that those 1000 bucks will be sent to the mule, which the browser displayed as 100 bucks to electronic provider, asking for the OTP-key. The user, thinking he's paying his bill (and everything he saw reflected this) entered the key.

There is NO way the bank (or, in turn, the election committee) could somehow see that the input was manipulated. And in this case, at least it could be seen on the bank statement. How do you expect to at least NOTICE that your vote was altered in a secret ballot?