Slashdot Mirror
Estonia Urged To Drop Internet Voting Over Security Fears
wiredmikey (1824622) writes "A team of global IT experts have urged Estonia to drop electronic voting from this month's European elections, saying they had identified major security risks. They also said the system's operational security is lax, transparency measures are insufficient. and the software design is vulnerable to cyber attacks. 'Estonia's Internet voting system blindly trusts the election servers and the voters' computers,' said U.S. computer scientist J. Alex Halderman, a co-author of the report released Tuesday. 'Either of these would be an attractive target for state-level attackers, such as Russia.'"
The source for the voting system is available for anyone to inspect. The Estonian National Electoral Committee released a statement dismissing the researchers claims: "At this point, we can give only preliminary answers to allegations published in the Guardian, as the researchers have not shared the full results of their work with us. The researchers met with officials from the electoral committee in October 2013, and could have contacted us at any point in the last 6 months to share the initial findings of their research. ... The researchers have not discovered any new attack vectors that had not already been accounted for in the design of our system as a whole. ... It is not feasible to effectively conduct the described attacks to alter the results of the voting. ... The electoral committee has numerous safeguards and failsafe mechanisms to detect attacks against the elections or manipulated results."
"Numerous safeguards and failsafe mechanisms to detect attacks"
In practice, doesn't that end up being an ass-covering official equivalent to "We're pretty sure that Norton hasn't expired and we probably ran Windows Update pretty recently unless the junior admin was out that day" fairly frequently?
Hate on e-voting all you want, point out all the ways a malicious person could mess with it, but don't tell me that e-voting is not going to happen. Being able to instantly poll your entire population without having to go through the trouble of setting up polling stations nationwide and get people to those places will transform democracy.
The issue is that you only get real security when the people in charge of the security are both well funded and the organization as a whole takes security very seriously.
To my knowledge, the only organizations that really tend to have good security are banks and government intelligence. And in both of these we've seen major security breaches.
I think the attraction of corrupting the voting system simply outweighs the internal pressure to secure the system such that if implemented, a digital voting system would be inherently compromised.
I struggle to think of a solution to this problem that wouldn't be undone by a mixture of inside man corruption, laziness, and external manipulation by powers that want to control the process be they state level or not.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
...we know that Russia won't be able to stuff 100,000 paper ballots marked "yes" for a plebiscite into ballot boxes if they keep the current system...
Plus they might be able to make the vote look in favor of remaining away from Russia by simply manipulating the totals after Russia has manipulated them first...
Do not look into laser with remaining eye.
> Source code is publicly available
I'm going to suggest something: a publicly-accessible read-only port to the ROM where you can put in a USB and pull the entire ROM off automatically. Then people can confirm it matches the official binary, which people can confirm by compiling the source code themselves.
It must be hardware-level and not under control of the processor or ROM so spoofing would require infiltration of the voting machine hardware.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
maybe.
but for voting of the parliamentary DO NOT FUCKING USE INTERNET VOTING.
why? technical cheating? actually no. that's just one worry. even if it worked 100% secure the main problem of *being able to sell your vote* remains. that also means your spouse can intimidate you into voting who he/she wants. your employer can intimidate you to vote who they want you to vote for. the local mafia can pay a visit and demand you vote for their candidate.
world was created 5 seconds before this post as it is.
Quite simply it comes down to independent auditing. With my bank account, my email or even my Facebook; I can tell if I have been hacked or if these companies are playing fast and loose. I will look at my bank account and bloop I am $30,000 short. Where did it go? I will then begin an investigation and bring my previous bank statements as backup if needed. Worst case scenario the bank won't cooperate and I will take it to the courts where again my evidence will be brought to bare. Lastly I can switch banks. Quite simply it is because I have feedback as to what is happening.
The same with facebook. If suddenly my posts are all encouraging people to help out a Nigerian prince then I've been hacked. I will then be able to take some action.
The reason I mention the above technologies is that I think that we can all assume that our banks, facebook, and our email companies all are very good and work very hard at avoiding being hacked; yet they have all been hacked. Look at Target, they (to use the correct term) were PWNED.
But when I vote online it is fire and forget. I don't know what happened to my vote. There is no physical record for me to point to. I can't check up on my vote after the fact. At least with a paper ballot system I take my physical ballot and I give it to some vaguely trustworthy government person who is closely watched by as many representatives of the various parties as there are parties. Each watching with the interests of their official in mind. So if they see something they don't like then they can call police/election officials/newspapers etc. I like this system. It is not impossible to thwart but close enough.
In my city, Halifax, they added online to the municipal elections and I am truly scared. This should be illegal in 20 different ways. They justify it saying that it cuts costs and increases participation. Basically it didn't cut costs as they had to screw with the system so much, send out so many instructions, and answer so many questions. Plus in the end it basically didn't increase participation. I carefully looked at the votes and luckily none of the online voting was significant enough to have altered an outcome.
But let's say that someone had screwed with the results (as a programmer you can't tell me that it isn't going to be that hard) the only people who are going to cheat are going to be bad people. People who, once they are in, will ensure that only they can continue to cheat. So to me every online voting system is basically waiting for the first set of evil and smart people to come along. That is it. But once it happens, by the altered rules of the voting system, how do I fight the vote? How can it be contested? How can there be a recount?
Now I understand that some voting systems are complicated with many propositions, levels of government, etc being voted on in a single booth. So I have a very simple solution. You press your buttons which then produces a ballot on the screen, you then look at the ballot on the screen and see if you like it. Then you press print. It then produces a ballot that matches the one on the screen and you can compare. Then you say OK and then bring your ballot to the ballot box per normal. Then the computer tallies up the votes and announces a tentative winner. Then the humans can count the votes to see if the computer agrees with the paper ballots. But the key is that the paper ballots have the final say. The computer is only there to help. Then if there is a wild difference between the paper and the computer more interesting auditing mechanisms can come into play.
As a computer programmer I am 100% certain that any online election can easily be rigged. But I am by far not alone. 100% of the time that independent security researchers have gotten their hands on electronic voting systems they have hacked them and usually with ease. So the solution is that these companies don't allow independent auditors but ones of their own choosing and ones that they pay well.
This is a serious problem. Basically online voting is pretty much demanding that some evil person runs our government.
Using computers to register, count, transfer, and archive vote tallies is impossible to do without an almost certain effort to alter the vote totals by parties interior to the project (people creating and maintaining the systems and the show runners) and outside the project ("hackers"). Of the two, the insiders are far more likely.
This is not a failure of tech or of implementation. This is a human thing: those disposed to alter election tallies have infinite motivation to find a way to do it. They can either slip in during the coding phase or the implementation phase, or even during the elections. Like rats, they will find a way.
The difference between paper and electronic is basic: paper leaves a physical trail. E-voting can be rigged to leave NO trace. IS rigged to leave no trace. No audit is possible: all audits are predicated that the datasets and code are correct to begin with. If someone slips in backdoors, they can alter vote totals in real time and therefore all recounts will be "accurate". Paper receipts are useless, because what is printed is not necessarily what actually happened. Paper printouts that are reviewed by the voter on site for accuracy and then stored in boxes by the voting agents *can* be a valuable check, for the paper should match the e-count. But why then the extra step of the computer? Just use paper to begin with. Canada does it (I hope still does) and they count elections by hand in three hours, no matter what the size, local or national, because human counting easily scales.
Source code is worthless as a trace. One never knows what the machine is actually doing from microsecond to microsecond; the code executed need not match what you see on the source. This makes coders heads explode, but it is true. The machine can be programmed to lie. I know this, because I have done it, on orders from my bosses, in the past, to make a bit more money for my company. Cheating is easy and it is undetectable if you are even marginally clever about it. The count can also be altered far from the source tabulating machine and local system, at other levels. Such malignancy will not be accounted for by the counting company; their rep is on the line, they don't believe it is possible and further they don't want to know.
Use e-voting and you will see the powerful grab control, one way or another. Use paper.
Right! Because internet voting and less centralization is how we get the highest quality stories on Slashdot.
When our name is on the back of your car, we're behind you all the way!
It doesn't help that voting is an inherently trickier problem: a lot of the easy and obvious ways of detecting tampering go out the window if you aren't supposed to be watching the behavior of the users in detail. You are also monitoring something that happens infrequently, for relatively high stakes, rather than something (like credit card transactions) that happens all the time, usually for relatively low stakes, which makes statistical detection of anomalies less useful. Cloning a mag-stripe card, or just getting the number, is trivial; but the bank can watch its behavior, freeze it if that behavior changes, and as long as they get it right fast enough and often enough, the cost of the fraud is probably lower than the cost of doing something more architecturally sensible.
I suspect that people would be...less pleased... if they received a call from the government "Your apparent voting patterns have shifted unusually recently, your ballot has been deactivated for security reasons until we complete the verification process...", and since elections are relatively rare, the freeze would almost never be fast enough,
Electronic voting can only be secure if everyone knows how everybody else voted. Otherwise there is no way to know if the outcome has been modified at some point in the process.
The truth is that all men having power ought to be mistrusted. James Madison
maybe.
but for voting of the parliamentary DO NOT FUCKING USE INTERNET VOTING.
why?
NSA..... nuff said.
Only to idiots, are orders laws.
-- Henning von Tresckow
the local mafia can pay a visit and demand you vote for their candidate.
That's just not scalable though. How many people can the mafia personally witness voting and have it affect an election, and keep it under wraps? Measures to prevent those scenarios are non-technical measures.
Even though it's not on the ballot, Estonia overwhelmingly voted to join Russia.
Well... I think something that might help is if they had a two part secret key system. Where in the identity of any individual vote could only be unlocked by the person that cast it.
Then make it possible for voters to query how their vote was calculated. So if I personally voted for X then I checked the system and it says that my vote was counted as Y then we know there was tampering or at the very least a mistake.
This would make vote altering harder because they wouldn't be able to change the vote tally to match the correct encrypted vote.
Very important to this concept is that only the voter can decrypt the their encrypted vote.
The vote is cast anonymously after some sort of ID verification to make sure you should even vote in the first place. The anti voter ID stuff appears to be nonsense so far as I can tell... possibly an attempt to protect voter fraud schemes. In any case, you need voter ID to have a secure voting system.
So your ID lets you vote, you vote, you are then prompted for a password to encrypt your vote. The actual encryption scheme should be pretty aggressive. The password should be something that can be unique to that specific vote. Write it down on a piece of paper or something. Then after the votes have been officially declared, you can go back into the system, enter the signiture of your vote serial number. Not your personal ID but the ID of that vote which should be anonymous. View what the system labeled it. Then download the file... decrypt it with your password and see if the public record matches the encrypted record.
Obviously this is just out of my ass here. So it could easily be refined by someone with more experience or more thought on the matter.
But a two part system would seem to be less prone to error.
If a significant number of ballots don't match the encrypted version then you might need to invalidate an entire election and start over.
Possible problems with the system are if the system that actually casts the vote is itself compromised. In that way the encrypted vote would be compromised as well. However, the person that cast the vote would still know which way they did vote so they should be able to at least know personally if their vote was tampered with indifferent to whether anyone else believes them.
Another place you could have a security breach is between the system that holds all the individual votes and the system that measures the final tally. If that system were compromised every decrypted vote could say X while the final tally could say anything. This system could be made more secure by making it redundant. Several totally different system could add up the votes simultaneously and then have the results compared. They should match exactly every single time. If they don't then you know you have a problem... mostly likely a software bug but this is something where paranoia is warranted.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
In former Soviet countries?
As many as they want. All they need to do is hire additional hands.
That's easy. Let the user register as many accounts as they want with the electoral commission, with only one actually tied to their voter ID and actually tallied (note: registration should be *not* over the net! Should ideally be in person, with photo ID presented). A second party can thus sit right behind you during the election, watch you log in and cast a vote... and they have no idea if they were watching you actually vote or just register a fake vote on an account not connected with anything.
On the other hand, with paper voting, the person can (usually) just take a photo of their ballot with their cell phone to prove who they voted for.
There's a lot of opposition to internet voting. I get it; it's VERY easy to do wrong. But that doesn't mean it's *inherently* flawed. All types of voting systems have flaws. Most conventional voting systems have literally hundreds of ways they could be rigged, from the pathetically simple to the so-elaborate-only-the-CIA-could-pull-it-off. You'll never get 100% impossible to mess with from any system, internet or not. Internet voting adds its own new potential attack vectors and eliminates a number of ones from conventional voting.
The problem you mentioned, gl4ss, is one of the four main new vectors. The other three are DoS, compromised computers, and compromised software.
Actually, "compromised computers" isn't entirely new, compromised polling machines are a common fear that has on occasion proven true, and more concerningly, it's often impossible to prove whether they were compromised or not. The main solution to this for internet voting is actually every geek's favorite boogieman - Trusted Computing (you know, that set of hardware capabilities that was supposedly going to make it so that PCs can only run Windows and you won't be able to copy MP3s any more ;) ). Basically with TC, you have a chain of trust. Your bios is profiled before it starts up. Your bootloader can be assured that it's running a "safe" unmodified BIOS, your OS can be assured that both the bios and bootloader are safe, and apps can be assured that the bios, and os are safe. And if they're not they can refuse to even decrypt themselves. Your voting software can come on a CD or read-only flash drive with both an app and a Live CD, for people who don't have a TC-compliant OS but do have a TC-compliant bios.
TC isn't perfect, of course. Support isn't universal. It's vulnerable to cold boot attacks - although that requires physical access and there's countermeasures. And defining "safe" or "unmodified" is always going to be a balance between being as expansive as possible but not letting potentially vulnerable systems through the safety net. For people who don't have a valid TC system, the electoral commission could provide a Raspberry Pi or similar for $25-50, setup specifically for voting.
Compromised software is fairly easy to deal with (man in the middle attacks); banks already do this (banks are a good analogy, BTW - why are people so willing to deal with their life savings on the net but terrified of net voting? It all comes down to secure implementations). When the user registers (to reiterate, not over the net), you let them pick confirmation text and/or a confirmation image. When the software starts and you log in, it downloads this info from the electoral commission and prominently displays it before you continue on to actually vote.
With DoS (or non-malicious net failure), there's a lot of things you can do. The simplest is simply to redirect the user to any other form of voting - phone, mail, polling place, at the registrar's office, or whatnot. This can be casting a normal vote there as the non-internet-voters do, or a streamlined version - your computer could print out a pre-filled-out ballot, for example, or supply you with a alphanumeric hashed version of your ballot, optionally timestamped and with your voter ID. In some implementations, a TC-assured timestamp can be made available and the user's vote securely timestamped, allowing
By a scallop's forelocks!
I think everyone else is just jealous because they have low voter turnout while Estonia's going to get 3000% in their next election.
The only downside is the overwhelming election of Moot to Prime Minister.
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
every vote counts.
they can do enough.
but being deprived of your right to vote who you want is enough, even if it just happens for 100 000 or whatever, easily done if they have 1000 enforcers. but that's not really the point, it's enough that their candidate gets more votes than the candidate who wasn't cheating.
and they don't really need that much in estonia. if they got a party/coalition that gets without cheating 100 000 votes and they get 100 000 extra votes through cheating or whatever then they'll be the dominant party in estonia - and they don't really need that! all they need is a dominant candidate in the coalition/party and that takes just 30 000 or so votes. buuut what if many groups take these approaches? and womens magazines get to promoting the idea that if women don't get to choose the mens votes then men are not to get sex? and a few big industry employers get the bright idea of giving a bonus if they vote for company candidate *while at work* ? the result being that no candidate playing fair gets through...
world was created 5 seconds before this post as it is.
I might be modded down for my opinion on a technology loving website
With all due respect, I think you're mistaken. Slashdot is a website where experts in one area of technology complain about how terrible another area of technology is, and how it's risky and doesn't bring much benefit.
We Slashdotters often really hate technology, but we make exceptions for our own fields.
You do not have a moral or legal right to do absolutely anything you want.
No worries, Estonia. NSA will make sure Russia will not hack into your internet voting system.
Only your last vote counts. So you can sell your vote as many times as you like. You'll just vote again after that.
Firstly, people here should understand that e-voting as in voting machines and internet voting are completely different and not really comparable.
One of the opposition parties of Estonia is strongly against internet voting, mainly because their voters are not using it a lot and they are able to mobilize their voters well to go voting on paper as opposed to most other parties. For various reasons they are in power at the capital city and the trip of the researchers to go and observe the current voting process was paid by the city, so already for that they can't claim that they are totally independent. And, of course, the fact that the whole thing came to light a few days before the elections of the European Parliament was just a coincidence. This far they have yet to actually publish the report, which, from what we know this far, doesn't have any new attack vectors, only the ones that were already considered more-or-less from the very beginning.
Estonia has a smardcard-based ID card that can be used for authentication and digital signatures (two different keys). The latter is legally as good as your handwritten one which means you can build all sorts of services on top of that, elections are just one of them. The vote is encrypted with the public key of the current election, signed with the ID card and sent to a central server. Later, the double votes are removed according to the list of people who voted on the election day (so if you were forced to vote for someone and your ID card taken away, you can just grab your passport and go vote again using the paper-based method), votes are separated from the signed container, moved to a physically different machine, decrypted and counted. Anyone can go and see how all the process is done, it is fully auditable and all the video recordings of the whole process are later uploaded to Youtube. By no means it is so that only some certain people are chosen to make the audit to get favourable results.
Additionally, you can also check that the vote made it into the system and was for the correct candidate with your smartphone without compromising secrecy, so even if your computer was infected with malware, you can still make sure everything goes correctly.
See the website of the elections committee for more.
Most states allow voting by mail. Doesn't that present the same problems?
Oh, there are definitely some very interesting voting system designs (mostly cryptographic flavors) out there, though I'm definitely not expert enough to say much of use about them. My point was merely that lots of the really obvious verification systems (the ones that don't need crypto-fu) tend to assume a that total or near-total knowledge of the system by trusted insiders is OK, and that there are (mostly) trusted insiders, worst case not-entirely-trusted-but-know-they-are-being-watched-and-we-know-where-they-live insiders.
With voting, total knowledge is almost always explicitly forbidden (even making it possible for 3rd parties to verify what an individual did in the polling booth is generally considered an issue) and insiders are barely trusted to transport sealed ballot boxes, much less refrain from drawing up death-lists based on who voted how. Doesn't make the problem impossible; but does eliminate most of the obvious direct borrows from banking and the like.
People can still sell their votes right now. Put your vote in envelope in clear view of person who is paying you, enter voting place with them, they observe you putting the envelope in the ballot box, done.
Greylisting is to SMTP as NAT is to IPv4
Already solved by not allowing non-voting persons in voting area (not only in voting booth).
> with paper voting, the person can (usually) just take a photo of their ballot with their cell phone to prove who they voted for.
Take picture of one ballot and submit another.
No one can know what you did in the voting booth without the voter's encryption key. Under the system I laid out, the vote could be counted without the voter's encryption key. However, the votes could not be verified without that key.
The point of the encryption is to create an independent and untouchable tally of the vote.
It would be very impractical to audit the list since it would require every voter personally decrypt their vote and cross check it. But it would be secure. No one besides the person that cast the vote would be able to tamper with the vote without it being detected.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
But we can't send in the troops to coerce them to vote our way if they do it online!
Er, I mean, the populace can't vote 107% for breaking away from their oppressive government.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
...how do you expect to get a much more complex system correct? Mind you, I'm aware that the problem is not necessarily the system itself, but the transparency of the system. People probably won't like to hear it but I'd suggest that the only way to eliminate fraud is to have votes linked to your ID so that every vote can be verified as A) not having voted multiple times, B) not voting if you don't exist in at least two separate systems e.g. social security and driver's license, and C) not voting outside of your registered district's area unless it's a national ballot initiative. Further, no more provisional ballots: if you cannot be bothered to register well enough ahead of an election to participate via the normal means, you do not get to vote.
In a small country with 1.3 million inhabitants, a couple tens of thousands of votes can be decisive.
Or: How small the margin for a polemic vote? In Mexico, we have had presidential candidates winning with a (much disputed) 0.55% difference to the second place. How many votes do you need to rig such an election?
I once asked this to an Estonian government person at a e-voting presentation in my country. Her answer: "We let you vote many times. Only the last one counts."
That would allow you to vote at the workplace, then go home and vote again.
Of course, you can gather people at the election day, two hours before booths close, and have everybody vote for $foo. Then, throw a party and lock them in (or something like that), and secure the vote is "right".
It might still happen, but many among us will still fight for the population to understand the unavoidable security risks in doing so. We have the duty to do so.
By your reasoning, mail in ballots are just as problematic as internet voting. People can offer to buy your mail in ballot. Your spouse or employer can intimidate you in to signing up for mail voting and vote for you. The mafia can pay you a visit and demand you sign up for mail voting and give the ballot to them.
If you can prove your vote was correctly recorded, then you might be more easily persuaded to sell it — be it that you receive a pay for it, or you receive the service of not getting your bones broken.
A vote once cast is just a piece of paper among many. Nothing should tie it to a voter's identity. A voter should be unable to prove he voted a particular way.
I think being able to explain something to an ordinary person is an unreasonable requirement given the level of intelligence of an ordinary person. I don't think it's desirable to have an election system that does not involve any math.
What percentage of American citizens understand the electoral college?
The results of a proper electronic election are better able to be verified by intelligent people.
With electronic voting, you can store not only the vote totals, but also who voted for what in a way that is scrambled, and make the results public. This way each person can verify that their vote was counted without allowing others to see how they voted.
Your scheme is very similar to what we use in Debian for voting for the project leader (unlike the fully-open tally sheets for voting on issues, not people). However, this scheme is good only where people trust each other, for ocassions where you know there will be no vote buying/coercion. Not for a national elected government.
There is really nothing to see here. The report was commissioned by the Estonian Centre Party (ostensibly by the City Council of Tallinn, but they are the same thing) and was strategically scheduled to be published a few days before the European Parliament elections. (The Centre Party has been denouncing e-voting for a long time, mostly because they don't do well at those because of the demographics of their core electorate, and of course their own constant campaigning against it.) The team was handpicked from among well-known e-voting contrarians, so the result was a foregone conclusion. I was only surprised how much demagoguery and outright lies went into it, but then, knowing the Centre Party, I should not have been. Cherry-picking the data, wilfully drawing the wrong conclusions, purposefully deceiving the reader, deliberately ignoring information that disproves what they're out to achieve etc etc. Let's just say that the fact that letting the observers know the SSID and the password of the guests' wireless network segment does not constitute a security breach that would merit annulling all the election results. There were other laughable ‘discoveries’ as well, such as “we took the copy of the system home and logged on as root, we were able to change some stuff in it“. Well, duh. If you're on the clock, you must draw the conclusions that the master demands, and even better if you are predetermined to do that anyway because of your convictions (which indeed were the reason you were hired anyway).
Some of the same problems. In many cases you can cancel your mail vote by going to a voting booth.
If mail voting was popular, it would need to be made more secure.
Finally! A year of moderation! Ready for 2019?
Say this system is approved. Say you want to buy my vote. You demand proof that I voted the way you wanted me to — If the e-voting platform allows me to confirm my vote was properly counted. So, all you have to do is to promise me to hand over the money if I prove you I did what we agreed. (or you can threaten me with physical violence unless I can prove it to you, same reasoning).
A secure voting system should never allow me to prove what was my vote — But that would make me very suspicious, as it could be recording false votes from the beginning, right? Right. The only solution is to have voters deposit papers with their stated vote (and no personal identifying marks!) in a booth, and allow for recounts if needed.
I don't see the problem with my scheme in regards to trust. Only I can identify which vote is mine. The votes are anonymous. The ID on each vote would at most say where the vote was cast not who cast it. I would know which vote was mine because I would record the ID number of MY ballot at the time of casting the vote. That ballot ID would not be associated with my identity in any way. Further, that ballot's encrypted ballot would only be accessible to me and only if decrypted it with my password. The point of which would only be to compare the official recording of the ballot with an encrypted file created at the same time which should mirror that ballot.
If A does not match B then you know there is a problem. That is the point.
Auditing all the ballots would require literally everyone that voted to individually decrypt every single ballot personally. Obviously not possible for more then a small sample set. Which the voting public under my scheme would be encouraged to do on their own.
Anyone that found a mismatch would then be encouraged to contact the authorities to begin an investigation.
The above would make some types of vote tampering more complicated. The issue I'm most worried about though is ballot box stuffing. Where some individual or group fills out hundreds or thousands of illegitimate ballots and submits them for counting.
To address this, you need voter ID and you need to have good records of who voted in each election. They compare the list of registered voters to the census beuro/IRS to make sure they actually exist as real people. And then you compare the total number of votes counted with the total number of people that were recorded as voting.
All three records should match.
All people that vote should be real people.
And the number of people that voted should equal the number of votes recorded.
I suspect that if you applied this standard to many elections the numbers would not match. I think many people that are said to vote are not actually real people. Some of them are dead. Some of them are entirely fictitious. Mickey Mouse has been known to vote occasionally. And of course sometimes there are a lot more ballots cast then the number of people that actually voted. The most striking examples of this is when the number of people voting exceeds the number of people registered to vote. Which is impossible unless non-registered voters are voting... a non registered voter voting is sort of like a non-registered driver driving. Yes, you have a right to vote while driving is a privilege... but only citizens with no felonies on their record are allowed this right... and they have to be alive and not cartoon characters.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Less then 1 percent of our population has ever really understood the system. What percentage of internet users actually understand the internet?
Probably less then 1 percent.
Your argument that they need to understand it for it to be practical is absurd. People interact with and use things all the time without fully understanding their inner workings.
What is most important is that those inner workings are self consistent with stated goals, transparent, efficient, and sustainable.
The existing system runs contrary in many aspects to the stated goal. It is generally closed off from public scrutinty in that we appoint people to audit it but the actual auditing process is rarely exposed to the public. And our current voting system is so inefficient that it costs tens of millions to billions of dollars every election cycle which makes it impractical for us to have elections with much frequency.
A secure digital system would also be much more efficient which would give voters more opportunities to vote which would also likely make the government more responsive to public opinion.
We could have minor elections all the time. Major city council decisions could be put to a full city vote on a weekly basis. Log in... cast your vote... log out... wait for the election results... query what your vote was recorded as... they should match... the number of people that are real versus those that are registered should match. The number of people that voted should equal the number of ballots recorded.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
The problem with voter-verifiable systems is that they are very prone to vote coercion or buying. If you can prove your "right way" vote was correctly counted, you can get the cheque. Or avoid the punishment for exercising your free will.
From the summary the points seems to be in the territory of just conjectures. This is confirmed by this disclaimer in the Downloads page: DOWNLOADS We will be providing partial code for our proof-of-concept attacks after the conclusion of the May 2014 European Parliamentary elections.
You're not living in a democratic society, if you cannot vote with https://en.m.wikipedia.org/wik...
In democracy it's your vote that counts; In "feudalism" it's your count that votes. -Jallberg
Casteism