In France, a Showcase of What Can Go Wrong With Online Voting

Bruce66423 submits a report from The Independent, writing that "a French primary election is made the stuff of farce after journalists defeat the 'secure' election system." From the article: An 'online-primary,' claimed as 'fraud-proof' and 'ultra secure,' has turned out to be vulnerable to multiple and fake voting. The four-day election has also the exposed the poisonous divisions created within the centre-right Union Pour un Mouvement Populaire (UMP) by the law permitting gay marriage which took effect last week. ... What was already shaping up as a tense and close election was thrown into utter confusion at the weekend. Journalists from the news site Metronews proved that it was easy to breach the allegedly strict security of the election and vote several times using different names."

Heh.

[Black+Parrot]

Journalists from the news site Metronews proved that it was easy to breach the allegedly strict security of the election and vote several times using different names.

Adds a new meaning to "vote for me".

Working as planned

I like this system. Each vote costs €3 and you can vote as often as you like. In other countries money buys you access, influence and power but we pretend that everyone is equal. France sweeps away the hypocrisy and makes it explicit: mo' money, mo' votes.

Vive La France, Vive La Révolution!

Re:Working as planned

[manu0601]

I like this system. Each vote costs €3 and you can vote as often as you like. In other countries money buys you access, influence and power but we pretend that everyone is equal. France sweeps away the hypocrisy and makes it explicit: mo' money, mo' votes.

This election is not ran by the French Republic, it is ran by one political party in city of Paris, to decide what candidate they will have for next Paris mayor. It does not reflect France position on electronic voting.

Re:Working as planned

[hcs_$reboot]

Moreover, the voting system was not well designed: just by knowing the name, address and birth date of someone (eg someone from another party, not likely to vote during UMP primaries), and paying €3, one could vote several times... Sadly, that botched voting system gives the impression the electronic vote is a lost cause. That reminds me of a Windows to Linux migration in a big administration where the migration and training where so badly implemented that people where reluctant to work on Linux, and the whole gave an impression of a big failure.

Re:Working as planned

[Meeni]

The official republic electronic voting system (reserved for consulate registered voters so far) has never been breached (that is known of). I have some reservations about e-voting (for lack of accountability and falsifiability by the random citizen), but being weak and easy to compromise doesn't seem to be the most important problem for the particular implementation. However, it is hard to use, and I know many voters that gave up voting because it was to difficult to have the voting system to work on their computer.

UMP (which is conservative right party) is reckoned for hiring the worst people to do any sort of techno job and ridicule themselves in dub-songs when trying to be cool on facebook. That would be just another milestone in their long history of hiring the nephew of some big shot, because he "knows computer", for 100k euros of public funds.

Moreover, the paper ballot vote at the last UMP president election also got seriously rigged. There was a 2 month period where the two prominent candidates claimed victory (and it seems that the one that cheated the most is still the ongoing president of the party... ). So in some sense, a weak system is not a bug, for the elections of this party, it's a feature.

Designed Poorly

[starworks5]

Clearly its not that internet voting cannot work, its that this was implemented poorly, credit cards are easy to get your hands on, what really matters is the vote verification. Nothing prevents a person from stealing vote by mail ballots, and using a fake signature to send in the vote, whether the vote is tallied is another matter.

Now if you used multi-factor verification, along with biometrics (webcam photo) and IP logging, you would be able to sample and defeat fake votes.

Re:Designed Poorly

[Coeurderoy]

The only way Internet voting can work is if you launch a brand of transparent urns called "internet" and use them for manual voting. No amount of biometrics will ensure that a vote is not a "family vote". And that is before you factor in the fraud issues.

Re:Designed Poorly

[Sique]

Internet Voting can not work for a simple reason. Internet Voting has to both ensure that each person which votes is clearly identified to make sure the person is eligible to voting and at the same time can not be identified to make sure the voting is secret, at the same time clearly identify the vote to make sure it is counted only once and at the same time not making the individual vote identifyable to keep the voting secret.

Paper-and-pen voting solves this problem by first identifying the person, handing the person a non-identifyable sheet of paper, the ballot, let the person vote in secret and then keep the vote in a closed box until the counting. (And the problems surrounding pen-and-paper-voting like ballot stuffing can be managed by making everything of the voting box except the actual voting public.)

Re:Designed Poorly

[linnumees]

Yes it can.

Estonia has a smardcard-based ID card that can be used for authentication and digital signatures (two different keys). The latter is legally as good as your handwritten one which means you can build all sorts of services on top of that, elections are just one of them. The vote is encrypted with the public key of the current election, signed with the ID card and sent to a central server. Later, the double votes are removed according to the list of people who voted on the election day (so if you were forced to vote for someone and your ID card taken away, you can just grab your passport and go vote again using the "old" method), votes are separated from the signed container, moved to a physically different machine, decrypted and counted. Anyone can go and see how all the process is done.

See http://www.vvk.ee/voting-methods-in-estonia/engindex/reports-about-internet-voting-in-estonia/ for details.

Re:Designed Poorly

[Yoda222]

I force you to vote for what I want in front of me on internet using your ID card and I threat you that if I see you going at the voting place the day of the election I put your sex tape on the internet, or I kill you, or anything between these two options.

Re:Designed Poorly

[Helix_Sky]

Traditional voting is done in secret. There is no one standing behind you to see what you voted. So all you have to do is say "Yea, I voted for " and no one knows the difference. That is why the most coercive stories you heard about the US presidential election were bosses threatening to close down a business or fire people if Obama won.

The big advantage of the current system is that there are independent observers that can ensure that you are not being coerced at the time you make your vote.

Re:Designed Poorly

[Helix_Sky]

I agree that this can happen but to be able to change an election you'd typically have to change thousands of votes. That kind of coordination would be hard to hide and is the reason why all the GOP hair pulling about possible current voter fraud is stupid.

As a safety measure you set up two tiers of priority voting kiosks. The first tier kiosks would be in public places but provide privacy so that no one can see your vote. The second higher tier kiosks would be in official government locations and would require you to present your id to a person first before using the kiosk. The first tier kiosks would be less secure but more numerous, while the second would provide the same level of protection as currently voting in person. The highest tier vote, with online being tier 0, takes precedence over all other votes no matter when they are given.

You have the whole system available at least a week before the election. If your online vote is coerced then you have a week to use any of the kiosks to record your true vote. While it is possible that someone could watch you an entire week to make sure you didn't change your vote, it is not something that could be done on a large scale.

The kiosks would also take your picture to prevent someone from using a stolen card.

UMP centre-right!?

[loufoque]

Maybe centre-right by American standards, but more like borderline far-right by French ones.

Re:UMP centre-right!?

[hcs_$reboot]

There is one big difference between US and French parties: in France, not even once the president ever pronounce the word "god"...

Oxymoron?

[jasnw]

Is "safe online (PUT YOUR SERVICE HERE)" as much an oxymoron as the much-malinged "military intellegence" back in the '60s? I see lots of stories about both sides of online voting, but I've not seen an answer to the basic question of "is it possible to have a safe hack-proof online voting system." I don't mean an assessment of whether Siebold or any of the other idiots in this market have fool-proof systems, but whether or not voting can be done safely online even if Brother Stallman designed it. My own feeling is that it's like putting something critical such as access to power grids online - not a good idea unless there's no other way to get what you need. I don't really see what's so hard about schlepping down to your local school and voting once a year or so. If that's too hard for you, don't bother voting because the hard work of making an informed choice is likely beyond your capabilities as well. (Does not apply to people who can't get to a voting booth for several of many good reasons, and mail-in ballots has worked for these people for decades.)

Re:Oxymoron?

Online voting is inherently unsafe even if it can be proven that each person can cast one (and only one) vote. Without online voting, people go to the voting booth and put their votes in, either electronically or on ballot. No one can see who votes for whom. With online voting, your vote can be forced by others in authority. Your church, your parent, your , even your local criminal organization. Since an authority figure can oversee and insist on you voting in a way they prefer, without in-place measures protecting that vote and ensuring its confidentiality, an online vote can never be made safe.

Re:Oxymoron?

[Coeurderoy]

Let's assume the infrastructure for online voting is "perfect", open source, reviewed code, yada yada ... Now how do you garanty that there will be no interference from familly members, particularly from conservative families... How do you fight vote buying when it is easy to put a screen copy tool at work to ensure "correct" voting... How do you fight disenfranchising when a well aimed pickaxe can cut off a couple of high rises long enough to lower their vote and short enough to make it difficult for the oposition to protest. And then assuming that you succeeded in getting an open source solution (any other solution is just a way to give the vote to the software editor, of course the current electronic vote solutions do exactly that) how do you protect tampering at the data transmission point, since you do not need, and actually cannot really use teams of supervisers from oponing parties, it is enough to corrupt a small group of officials so that they ignore the real vote and send what ever is convenient... The core issue of "modern voting" is that most important votes end up being between two very close candidates, and in most cases the differences between the number of voters is smaller than the margin of errors in the pre-election pools. Additionally we let the cost of election run amock so unless the "winner" is proven to actually eat little babies for breakfast, even if nobody in his or her right mind can believe that the vote is "correct" redoing the whole shebang seems too expensive. So "online voting" cannot work, moreover it "solves" a problem that does not exist, if not enough people can be bothered to show up to do a manual count, you got a problem that no voting technology can ever solve, and if they do come, then you do not need electronic voting systems.

Re:Oxymoron?

[ArcherB]

It isn't possible, because you can no longer have any reasonable guarantee that there was no coercion. You need to control the location the vote is cast.

Shouldn't that disqualify absentee voting? Frankly, I see no difference between Internet voting and voting by mail when it comes to security. The best way to eliminate voter fraud is to have all votes be in person with ID checked and visible mark (purple finger, for example) that can be used to identify who has already voted and can not be removed within the time frame that the polls are open. The only excuse for voting remotely should be if the voter is physically unable to make it to the polls, and even then, physical confirmation must be made of the handicap in question and the vote should be cast with a verified poll worker present.

Re:Oxymoron?

[IanCal]

Frankly, I see no difference between Internet voting and voting by mail when it comes to security.

Scale. Voting by mail is done in fairly small numbers and importantly is not the standard. You have to go through extra hoops to do it. As it's implemented, it certainly has the problems of coercion, but is probably better than stopping those people voting at all.

Internet voting, however, would be something I'd see as standard. Not a special case for those who can't make it to the polls, but for everyone. And that's where it starts to worry me.

Re:Oxymoron?

(Replying as AC because I'm also moderating)

Even if the system is, in fact "perfect" - and even if you could somehow avoid the possibility of coercion - you've still got a HUGE problem: how do you convince the general public that the system IS actually secure? Most people aren't nearly technically savvy enough to figure it out for themselves, or even to really understand the difference between "secure crypto" and "insecure crypto" even if you carefully explain it to them. And telling them that it's all OK because a bunch of hackers designed and/or reviewed the system isn't going to cut it, no matter how much of a good idea that might be in theory or even in practice.

The fact is, if a non-trivial group of people think the system was hacked, you've got a credibility problem REGARDLESS of whether or not it was hacked. Unfortunately there are distressingly large numbers of people willing - even eager! - to believe all sorts of wacky conspiracy-theory shit (google "chemtrails"). With a traditional in-person paper system you can at least demonstrate that massive fraud is impractical. With an online system there's simply NO WAY to convince people that massive fraud DIDN'T occur.

Re:Oxymoron?

[F.Ultra]

Also depends upon how the mail voting is implemented, over here (Sweden) you don't just mail in your vote. You still have to go to specific voting places (if you are abroad you have to go to the Embassy) and there the voting is set up exactly like it's done on election day in the normal voting place.

Re:Oxymoron?

[Cacadril]

There is a countermeasure to coercion. Allow people to vote as many times as they like; only the last vote counts. If you are forced to vote for Eve, you vote again later in the afternoon, for Alice.

Your boss would have to keep you locked in until the poll closes to prevent you from overriding the forced vote with a later vote. It would be hard to do that with enough people to change the election outcome, without it becoming very evident.

Add another provision: When you vote electronically, the computer shows you ten pictures and you have to select one. When you vote next time, you are shown ten pictures including the one one you selected. You have to select the same picture as last time to override the previous vote. The system does not tell you if you picked the right picture. If your boss forces you to vote five minutes before the poll closes, you select a different picture, and that vote is not valid. Your boss may force you to select a particular picture, but his chances of picking the right one will be just 10%. He could force you to vote ten times, but there could be timeout rules to make that hard.

Add a third provision: You may also vote in person at any police station, school, or any one of a number of places, and not just on election day, similar to absentee votes. A vote in person overrides votes over the Internet even if the Internet vote was issued later. If you suspect that you may be forced to vote for Eve just before the poll closes, vote in person early.

Missing case

[gmuslera]

That journalists find and publish it is something that went right. The worst that could happen (or is happening actually) is that noone makes public their findings, or they are forbidden/punished by law if they try to see or warn if there any "weak" point. And of course, the people behind the election, both politicians and company.

The lesson that will be learned

[frovingslosh]

It is a crime to vote multiple times. That crime will not be prosecuted. It is a much bigger crime to expose that the system is corrupt and open to fraud. That crime will be prosecuted.

Re:The lesson that will be learned

[fuzzyfuzzyfungus]

Is it a crime in this case? It varies by jurisdiction, of course; but party primaries are often technically just of the same legal standing as somebody's Friday poker club voting about something. They are, of course, magnified by history and institutional inertia; but the elections by which parties decide on their own candidates for office and elections where voters decide on candidates to actually put in office are quite different things.

Re:Hate group

Also their appeal commission for electoral matters is named C.O.N.A.R.E which translates pretty much to "asshole" in french.

That name became popular after their tried electing a leader for their party last year, the two sides stuffed ballots, they couldn't find any kind of agreement so far and they now have officially two different leaders and two dozens simultaneous "general secretary" title holders.

The only political form of opposition they actually opposed since the new president got elected was on the topic of gay marriage by showing everyone the immense depth of their evilness, trying to provoke insurrection, throwing racist and homophobic insults and repeating nonsense.

Finally about 3 out of 4 people at the head of this party is either being prosecuted or has already be condemned for various offenses such as buying people's votes, stealing public money, having dead people vote.

Lately Nicolas sarkozy and Eric Woert (previous minister of economy) are being tried for, oh greatness, abusing an old senile lady, the richest in France, the owner of the cosmetics brand Loreal. Suitcases full of euros for financing Sarkozy's campaign.

Another one still Sarkozy but with Claude Guéant (previous minister of intrior), inculpated for receiving money from Muhamar Khadaffi. Possibly up to 50 million dollars.

The minister of interior just before that was Brice Hortefeux and this nice dude with the looks of a wafen SS was condemned for "racist insults" towards militants of hist own party, the mighty UMP.

The present auto proclaimed leader of the UMP is JeanFrancois Copé. His little personal problem is he has been photographed in the house of a convicted weapon dealer, the same person who he signed fiscal exemptions for million euros when he was minister of economy.

And the list goes on and on and on...

Those people, they are rot. They represent everything that is bad in hour country. This is why we can't have nice things.

Storm in a teacup

[AdamInParadise]

A few facts :

• It's only a primary for the Paris mayoral election next year, i.e. not a national election.
• The journalists shown that it was really to vote as someone else if you knew a couple of easily and legally obtained piece of information about them i.e. no hacking involved. However, so far there's no indications that fraud is actually taking place.
• The same party is having a primary in Lyon as well, but they are using a traditional paper ballot, and so far it seems to be going pretty well.

OK, so electronic ballots are proved to be less "secure" than paper ballots, again. The UMP is proved to be technologically illiterate, again. Yawn.

supposed to make a credit-card payment of €3

[gl4ss]

it sounds like a voting fit for a reality show.
"To register their vote on-line, Parisians were supposed to make a credit-card payment of €3 and give the name and address of someone on the city’s electoral roll."

sounds to me it's just a scam to get 3 euros out of people.

1) have an election about an extremely heated issue to some groups.
2) provide them a means to vote multiple times by paying 3 euros per vote
3) get money from said groups.

it doesn't look to me like they're going to refund that money.

because eh, the whole concept of how it's done goes against ultra secure and quite frankly against any principles that goes with modern voting. the whole concept is anything but secure or fair. it doesn't matter how good the code behind the service is even.

couple of good ground rules:
a) voting is a right - it is to be provided gratis for every adult.
b) check identity somehow(pay id cards from social security or whatever).
c) default enforced(unless disabled etc) voting method should not be a process that is observable to people even if a voter "wants" it to be.
d) if you need to limit amount of candidates have them collect supporters lists(this is usually easily done for people serious about being a candidate, since the limit should be relatively low). these lists can be forged and people can sign the list for multiple candidates, but that only gets them to be a candidate.

Re:Hate group

[Coeurderoy]

I really do not like Nicolas Sarkozy and his politics, but calling him "the worst criminal ..." is the kind of hyperbole that discredit the rest of your message.

What's wrong with "normal" voting?

[Darkness404]

Before rushing to adopt online voting, we really need to ask ourselves, what exactly is wrong with just voting normally that voting online solves.

Re:What's wrong with "normal" voting?

[fredprado]

There is nothing wrong with voting normally as there is nothing wrong with travelling from east to west cost by foot. It is just a lot slower than the alternative and requires considerably more work.

The right question to make is not this one, though. It is: "Is there a way to achieve both anonymity and security"? The answer is unfortunately no. That is true for normal, paper voting as well, by the way.

The main difference is that electronic voting, and in special online voting, is easier to be tampered with in large scale, and paper voting is easier to be tampered with in smaller scale.

Re:Hate group

[manu0601]

The only political form of opposition they actually opposed since the new president got elected was on the topic of gay marriage

OTOH, time is hard for right wing opposition, since the so-called left wing François Hollande is pursuing the exact same economic policy as former right wing president Nicolas Sarkozy.

During the presidential campaign, François Hollande said he would fight finance power and renegociate the treaty on stability, coordination and governance (TSCG), which commits signatories to austerity. He did none of this.

Re:My favorite UMP moment....

[fritsd]

I think it is almost a given that certain centre-right political parties (mostly christian democrats in EU countries) attract the type of career politician that is out for power (because his/her party is almost always in government coalition due to the political place in the spectrum), and then after 20 years or so the rot sets in and instead of being a centre-right christian democrat party (religiously conservative, socially between right-wing liberal and labour party) they become the "Party of the Power".

What you can do then in your country is to vote the bastards out and watch them flail and squirm amongst themselves--let the infighting start!

In many countries there has been great progress once the Party of Power is excised from government; and in 4-8 years they can come back, chastised, leaner, and closer to their original centre-right christian democrat ideals, with the powermongers retired or in jail.

IMPORTANT: this mechanism only works in democratic countries with a representative voting system, i.e. the entire democratic world except for commonwealth (US, UK, Canada and Australia IIRC). So in order to let this cleansing mechanism work you must first change the constitution so that every party with more than 3 or 5% of the popular vote can get in governing coalition. For the US this would probably mean a Green Party government with the Republican-Democrat Power Party in opposition. It may seem a bit far-fetched this century, I admit...