Slashdot Mirror
Azerbaijan Election Results Released Before Voting Had Even Started
Jah-Wren Ryel writes "Florida's hanging chads ain't going nothing on Azerbaijan. Fully a day before the polls were to open, election results were accidentally released via an official smartphone app, confirming what everybody already knew — the election was rigged from the beginning. The official story is that the app's developer had mistakenly sent out the 2008 election results as part of a test. But that's a bit flimsy, given that the released totals show the candidates from this week, not from 2008."
while it makes impossible to "rig" the election it makes it totally easy to rig the election the other usual way: voter intimidation, peer pressure, pressure from family, employer requiring certain vote, buying of votes... voted for legalization of pot? goodbye job.
this is why the pen & paper and a decent society to handle that is the only way to do them(enough volunteer vote counters from enough parties).
if you can prove who you voted then you can be persecuted for voting certain way(or if you refuse to prove being "loyal").
and if the vote organizers are crooked then they could crook the signed voting too, press vote and all you would get would be "thank you for your vote for power party 1." or just have everyones receipts show up as normal but the total tally being something wildly different..
world was created 5 seconds before this post as it is.
I suspect that it's partially inertia/penny-pinching and partially because crypto only solves certain (quite specific) problems within the larger problem of 'run an election'.
For instance, in those countries that have smartcard-or-equivalent national IDs, cryptographically signed votes would be trivial; but you'd be reusing keys explicitly designed to not be anonymous, indeed, designed to be identifying. That is an issue. Beats some 'SSN+Mother's maiden name' bullshit; because at least it verifies something; but it isn't what you are looking for.
If you anonymously issue keys, now you've got a weak spot there that crypto can't help you with: the crypto makes it quite possible to ensure that Anon_Key_X was responsible for Vote_X, and only Vote_X; but you still need to devise a system by which an eligible voter can obtain (without some absurd hassle) one and only one anonymous key, without it being covertly linked back to them, or them being able to sign up for ten, or the people running the system being able to generate 250,000(or simply keep a copy of the keys as they are issued, and 'win the race' to get a signed ballot into the pot with that key).
If you have such a system, you also have a system that could trivially just hand the voter a ballot, since you have already satisfied anonymity, uniqueness, resistance to plural voting, etc. No need for the crypto at all.
(Also, aside from that, a country with vote rigging tendencies is presumably going to use hierarchical PKI, not some web-of-trust cypherpunk wet dream, so what exactly will an election whose ballots are signed with keys that all descend from the 'Glorious Cryptographic Key for Make Benefit of People's Republic Motherland' prove? Hierarchical PKI schemes, as SSL has taught us, work OK if you are primarily concerned with criminals and frauds; but if the CA is the enemy, you are fucked. If you are the root, you can generate mathematically pristine child keys as fast as your little ASICs can carry you without the slightest trouble.)
"The system uses standard personal computers as voting terminals,"
Geez, the NSA pawns PCs. Are you f**ing kidding me?
"with voters using a barcode to authenticate their votes."
Identifiable? i.e. you can be datamined on your voting choice?
"Voting terminals are linked to a server in each polling location using a secure local area network. No votes are taken or transmitted over a public network like the Internet."
FFS, there's no such thing as a 'secure local area network' now. You have a huge agency attacking every network it can. Networks not connected to public networks are hack physically, locally or via third party companies. If Belgacom can't keep its backoffice networks protected, what makes you think you can?
Really in a post PRISM world, recognize that you cannot trust electronic elections, encryption is broken, the keys you send around by email, they're intercepted an read. The networks you create ad-hoc, they're broken into. If you don't want the NSA or GCHQ choosing your PM, you need a paper audit trail.
Signing a vote isn't going to help one bit because fake citizens can be created that can sign fake votes.
You need anonymity to make certain people vote for whom they want, not whom they want others to think they should vote for.
The only way to prevent rigging is to make certain people get to vote in anonymity, but to be able to see every individual vote go into the ballot and after the voting has ended, be counted by many (independent) eyes.You need to control/bribe a lot of people if you want to get away with rigging an election if that system is in place.
I was promised a flying car. Where is my flying car?
Allowing people to check their vote from home would fuck up anyone whose vote was made under coercion. As it is, you can vote one way and say you voted another way.
This is less of an issue in the US, but it is still an issue... your boss asks you which way you voted.... let's just check that.
Problems? What problems?
You seem to misunderstand the point of modern elections. They are not in place so that the people can choose their representatives. They are there to suppress revolt by displacing the responsibility of bad government into the people.
Actually counting the votes is a pointless expense. The system works just as well by flipping a coin.
Azerbaijan are ahead of their time in more ways than the obvious one.