In France, a Showcase of What Can Go Wrong With Online Voting

Bruce66423 submits a report from The Independent, writing that "a French primary election is made the stuff of farce after journalists defeat the 'secure' election system." From the article: An 'online-primary,' claimed as 'fraud-proof' and 'ultra secure,' has turned out to be vulnerable to multiple and fake voting. The four-day election has also the exposed the poisonous divisions created within the centre-right Union Pour un Mouvement Populaire (UMP) by the law permitting gay marriage which took effect last week. ... What was already shaping up as a tense and close election was thrown into utter confusion at the weekend. Journalists from the news site Metronews proved that it was easy to breach the allegedly strict security of the election and vote several times using different names."

Working as planned

I like this system. Each vote costs €3 and you can vote as often as you like. In other countries money buys you access, influence and power but we pretend that everyone is equal. France sweeps away the hypocrisy and makes it explicit: mo' money, mo' votes.

Vive La France, Vive La Révolution!

Re:Working as planned

[manu0601]

I like this system. Each vote costs €3 and you can vote as often as you like. In other countries money buys you access, influence and power but we pretend that everyone is equal. France sweeps away the hypocrisy and makes it explicit: mo' money, mo' votes.

This election is not ran by the French Republic, it is ran by one political party in city of Paris, to decide what candidate they will have for next Paris mayor. It does not reflect France position on electronic voting.

Re:Working as planned

[Meeni]

The official republic electronic voting system (reserved for consulate registered voters so far) has never been breached (that is known of). I have some reservations about e-voting (for lack of accountability and falsifiability by the random citizen), but being weak and easy to compromise doesn't seem to be the most important problem for the particular implementation. However, it is hard to use, and I know many voters that gave up voting because it was to difficult to have the voting system to work on their computer.

UMP (which is conservative right party) is reckoned for hiring the worst people to do any sort of techno job and ridicule themselves in dub-songs when trying to be cool on facebook. That would be just another milestone in their long history of hiring the nephew of some big shot, because he "knows computer", for 100k euros of public funds.

Moreover, the paper ballot vote at the last UMP president election also got seriously rigged. There was a 2 month period where the two prominent candidates claimed victory (and it seems that the one that cheated the most is still the ongoing president of the party... ). So in some sense, a weak system is not a bug, for the elections of this party, it's a feature.

Designed Poorly

[starworks5]

Clearly its not that internet voting cannot work, its that this was implemented poorly, credit cards are easy to get your hands on, what really matters is the vote verification. Nothing prevents a person from stealing vote by mail ballots, and using a fake signature to send in the vote, whether the vote is tallied is another matter.

Now if you used multi-factor verification, along with biometrics (webcam photo) and IP logging, you would be able to sample and defeat fake votes.

Re:Designed Poorly

[Sique]

Internet Voting can not work for a simple reason. Internet Voting has to both ensure that each person which votes is clearly identified to make sure the person is eligible to voting and at the same time can not be identified to make sure the voting is secret, at the same time clearly identify the vote to make sure it is counted only once and at the same time not making the individual vote identifyable to keep the voting secret.

Paper-and-pen voting solves this problem by first identifying the person, handing the person a non-identifyable sheet of paper, the ballot, let the person vote in secret and then keep the vote in a closed box until the counting. (And the problems surrounding pen-and-paper-voting like ballot stuffing can be managed by making everything of the voting box except the actual voting public.)

Re:Designed Poorly

[linnumees]

Yes it can.

Estonia has a smardcard-based ID card that can be used for authentication and digital signatures (two different keys). The latter is legally as good as your handwritten one which means you can build all sorts of services on top of that, elections are just one of them. The vote is encrypted with the public key of the current election, signed with the ID card and sent to a central server. Later, the double votes are removed according to the list of people who voted on the election day (so if you were forced to vote for someone and your ID card taken away, you can just grab your passport and go vote again using the "old" method), votes are separated from the signed container, moved to a physically different machine, decrypted and counted. Anyone can go and see how all the process is done.

See http://www.vvk.ee/voting-methods-in-estonia/engindex/reports-about-internet-voting-in-estonia/ for details.

UMP centre-right!?

[loufoque]

Maybe centre-right by American standards, but more like borderline far-right by French ones.

Oxymoron?

[jasnw]

Is "safe online (PUT YOUR SERVICE HERE)" as much an oxymoron as the much-malinged "military intellegence" back in the '60s? I see lots of stories about both sides of online voting, but I've not seen an answer to the basic question of "is it possible to have a safe hack-proof online voting system." I don't mean an assessment of whether Siebold or any of the other idiots in this market have fool-proof systems, but whether or not voting can be done safely online even if Brother Stallman designed it. My own feeling is that it's like putting something critical such as access to power grids online - not a good idea unless there's no other way to get what you need. I don't really see what's so hard about schlepping down to your local school and voting once a year or so. If that's too hard for you, don't bother voting because the hard work of making an informed choice is likely beyond your capabilities as well. (Does not apply to people who can't get to a voting booth for several of many good reasons, and mail-in ballots has worked for these people for decades.)

Re:Oxymoron?

(Replying as AC because I'm also moderating)

Even if the system is, in fact "perfect" - and even if you could somehow avoid the possibility of coercion - you've still got a HUGE problem: how do you convince the general public that the system IS actually secure? Most people aren't nearly technically savvy enough to figure it out for themselves, or even to really understand the difference between "secure crypto" and "insecure crypto" even if you carefully explain it to them. And telling them that it's all OK because a bunch of hackers designed and/or reviewed the system isn't going to cut it, no matter how much of a good idea that might be in theory or even in practice.

The fact is, if a non-trivial group of people think the system was hacked, you've got a credibility problem REGARDLESS of whether or not it was hacked. Unfortunately there are distressingly large numbers of people willing - even eager! - to believe all sorts of wacky conspiracy-theory shit (google "chemtrails"). With a traditional in-person paper system you can at least demonstrate that massive fraud is impractical. With an online system there's simply NO WAY to convince people that massive fraud DIDN'T occur.

The lesson that will be learned

[frovingslosh]

It is a crime to vote multiple times. That crime will not be prosecuted. It is a much bigger crime to expose that the system is corrupt and open to fraud. That crime will be prosecuted.

Storm in a teacup

[AdamInParadise]

A few facts :

• It's only a primary for the Paris mayoral election next year, i.e. not a national election.
• The journalists shown that it was really to vote as someone else if you knew a couple of easily and legally obtained piece of information about them i.e. no hacking involved. However, so far there's no indications that fraud is actually taking place.
• The same party is having a primary in Lyon as well, but they are using a traditional paper ballot, and so far it seems to be going pretty well.

OK, so electronic ballots are proved to be less "secure" than paper ballots, again. The UMP is proved to be technologically illiterate, again. Yawn.

What's wrong with "normal" voting?

[Darkness404]

Before rushing to adopt online voting, we really need to ask ourselves, what exactly is wrong with just voting normally that voting online solves.

Re:What's wrong with "normal" voting?

[fredprado]

There is nothing wrong with voting normally as there is nothing wrong with travelling from east to west cost by foot. It is just a lot slower than the alternative and requires considerably more work.

The right question to make is not this one, though. It is: "Is there a way to achieve both anonymity and security"? The answer is unfortunately no. That is true for normal, paper voting as well, by the way.

The main difference is that electronic voting, and in special online voting, is easier to be tampered with in large scale, and paper voting is easier to be tampered with in smaller scale.