Slashdot Mirror
Online Voting Should Be Verifiable -- But It's a Hard Problem
An anonymous reader writes with a link to a pithy overview at The Conversation of recent uses of (and nagging difficulties with) online voting and asks Regular 'internet voting too risky' arguments don't take some approaches into account like verifiability of votes by voters, observers, and international media. Could we have end-to-end verifiable online voting systems in the future? What are the difficulties? Where is it being done already? From the linked article (which provides at least some answers to those questions), one interesting idea:Another challenge to designing verifiability in online voting is the possibility of malware infection of voters' computers. By some estimates between 30%-40% of all home computers are infected. It’s quite possible that determined attackers could produce and distribute malware specifically designed to thwart or alter the outcome of a national election – for example undetectably changing the way a user votes and then covering its tracks by faking how the vote appears to have been cast to the voter. Whatever verifability mechanisms there are could also be thwarted by the malware.
One way to try to prevent this kind of attack is to make voters use several computers during the voting process. Although this is hardly convenient, the idea is to make it more difficult for an attacker to launch a co-ordinated attack across several computers at once.
One way to try to prevent this kind of attack is to make voters use several computers during the voting process. Although this is hardly convenient, the idea is to make it more difficult for an attacker to launch a co-ordinated attack across several computers at once.
Just like postal voting, Internet voting is a bad idea.
In a family group, you simply don't know who is really voting. Yes, the correct person may be marking the postal ballot, or clicking the votes, but a dominant family member can be looking over the voter's shoulder, making sure the vote corresponds to the dominant family member's preferences.
The real "Libtards" are the Libertarians!
Online voting must be both verifiable and Anonymous. Not sure how that would be possible.
run OpenBSD. =)
We are really really good at handling online transactions of various kinds. Voting is easy. You just have to give up the secret ballot...
Anonymous secure verifiable voting is a bad joke.
Finally! A year of moderation! Ready for 2019?
Or we could just use paper ballots that simply work.
Why the need to push technology into places where it is not needed and it doesn't improve the process?
We can't even get voting machines that are secure and verifiable. We contract companies with no accountability to make these, and they don't even listen to third party researchers, or calls for open reviews. Why on earth would we think we could secure it on a public network, with umpteen more attack vectors?
If we have a machine-readable and human readable paper record, then the paper record could be imaged, then submitted to a independent system to verify that all the votes are accounted for, and that what is printed is what is read by machine. It is up to the voter to verify what is printed is what was voted.
What's more is the voting verification system does not need to be from the same manufacturer of the voting machine itself.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
I am a ( small ) contributor to the future IEEE 1622 standard. We chose not to deal with the security problem, and to tackle only the electronic interchange format. Security, in electronic voting, seems too hard a problem to solve right now.
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
The problem with online voting is not a problem of technical merits. PGP already solved the digital signing bit ages ago.
The problem, instead, is how do we ensure that the vote cast was not in any way coerced?
In the current system with anonymous votes, it is very hard to force or coerce a voter to vote as one wish. Furthermore, it's more or less impossible to know which vote a certain person cast since the act of voting itself is done in secrecy. This is not so in the case of online voting.
To take an extreme example - let's say your best friend partakes in the election. How do you know that your best friend didn't vote for a particular candidate with a gun pointed at his or her face?
systemd is not an init system. It's a GNU replacement.
Shouldn't we have the option as to whether or not we want our votes to be anonymous? I mean, people are pretty verbal on Facebook with the parties they support, and people even order signs to stick into their lawn etc. Is there any need for voting to be 100% anonymous anymore?
Or we could just use paper ballots that simply work.
Why the need to push technology into places where it is not needed and it doesn't improve the process??
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
Calling a fundamental difficulty "nagging" implies that online voting CAN be fixed. That's misleading.
... like the 1980s, "I want a computer to balance my checkbook."
Online voting is a solution to a problem we don't have.
It little behooves the best of us to comment on the rest of us.
As has been demonstrated by state-backed cyber-terrorism (Stuxnet anyone?), having the government voted into power by online vote is an invitation for a foreign, well-funded, well-versed cyper-power to massively influence the ingredients of the next government - no need to physically invade the country anymore - just rig the election in a non-detectable way... job done.
The same thing they claim on-line voting has problems with, is the exact same thing we have problems with using boxes. Every election there is somehow missing ballots, and don't even get me started on dangling chads, absentee ballots, and how many dead people are voting every election.
No system is perfect, but what they have currently can't be any worse than on-line voting.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Not environmentally sound, but send personalized lists of candidates by postal service to each voter with candidate numbers scrambled in a way known only to the voting server. Then when voting online, the voter uses the peronalized number for the candidate. Malware won't know what candidate numbers the voter has, but the server receiving them will. Malware can thus only affect the outcome by voting on random candidates on behalf of the voter instead of on the candidate the voter wanted.
Unfortunately the chosen candidate can not be verified back to the voter until the vote has been committed and can no longer be changed, otherwise malware could iterate through numbers to see which candidate is which.
In Canada you can file your taxes (and even get the replies via e-mail), renew your driver's licence, file for immigration changes (visa extensions, etc.), renew car plates, get a new passport, etc. all online. And yet, we don't feel we are secure enough to allow people to vote? How the fuck does that make any sense?
In the end, all this bullshit about "we can't provide enough security for voting" is just a smoke and mirrors job. The real fear is that everyone who doesn't vote now because it's a pain in the ass will start voting, and that could seriously change the political landscape.
And while you may be tempted to start giving me examples of how it's not a pain in the ass, such as how you can pre-vote with an envelope (wait, why is this allowed but online isn't?), or go physically in the morning/afternoon/whatever, NOTHING beats the ease-of-use of and time saving of online voting.
David Bismark demos a new system for voting that contains a simple, verifiable way to prevent fraud and miscounting — while keeping each person's vote secret. http://www.ted.com/talks/david...
But don't worry, we've got "Lawrence's Mom is a Slut" waiting in the wings as our new VP.
SJW's don't eliminate discrimination. They just expropriate it for themselves.
I don't want people who aren't invested enough* to go to a poll to decide policies that affect my life.
(*modulo people with disabilities or who have work conflicts, but we already have mechanisms in place to account for that -- I'm talking about the general issue of lowering the bar too much)
An unjust law is no law at all. - St. Augustine
So hard you can't give it an A?
Look, if you foreigners insist on using American boards, learn the language!
But don't worry, we've got "Lawrence's Mom is a Slut" waiting in the wings as our new VP.
Can't be any worse than the last two. :P
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Why have online voting? Really, voting in person means people who are interested enough bestir themselves to do so. And if they are interested enough to go vote, presumably they at least know the candidates' names ahead of time and hopefully something of the issues. Until you can guarantee there are no ultra-low information voters then universal turnout is not good. Otherwise might as well turn voting over to Mechanical Turk.
...but it's hard problem.
I think voting from private devices will never work if you cannot verify who is actually voting. So far the best way is the only verifiable way, to have someone physically prove who they are and go to a public voting place to cast a vote. I think its possible to register in a way to possibly have a facial verifications or fingerprint could possibly provide proof. But its not without risk to hacking or fraud. I certainly get how the voting process is not being used to its potential. Lot of people don't vote at all for many reasons.
Wait until all the State Driver's Licenses become smart cards and use those to verify identity. Similar to the PIV/HSPD-12 cards the U.S. government uses for employees. Require PINs just like with ATM cards.
With the card being an actual computer that can store secure digital certificates, and the same trust model the entire country uses now -- your government-issued Driver's License (and/or Passport) is accepted by pretty much EVERYONE as proof of identity -- this is doable.
Learning HOW to think is more important than learning WHAT to think.
Once a ballot leaves the voters control security depends on only on procedures. Its worthwhile to view a wonderful old movie "The Great McGinty" for a satiric take on elections and politics. The writers of that script knew a lot more about voting and elections than the clowns who opine here.
1. Have a universal number, lets call it a SIN number for simplicity
2. Have a web site / physical record of casted votes with the casted vote and the voter's unique id hashed by something like MD5/SHA & date/time of casted vote in the incredibly rare case of hash collisions (correction, see below)
3. Send a mail-in pamphlet that provides a seed so that only the voting registry knows your unique (no reverse SIN guess in case your SIN was compromized by 'influencing' parties)
Me: Joe Blow
Issued SEED: 1234567890
SIN Number: 32323
Vote: Mad-like-hell Libertarian
Public Government Site Record:
| Mad-like-hell Libertarian | 8e63860d2a80a5d32d95345592697328 | May-14-2015 / 08:54pdt
(Example hashed from seed+sin / MD5)
The only problem being that the public needs to know (or rely) on the hash magic, but if you really care about your vote being untampered with, you can learn how to use basic tools to make it work.
For independent audits of the voting office, all SIN/seed hashes are to be retained for a number of years (or forever depending on data retention blah blah) so that independent audits of SIN numbers to actually viable voters, etc.. can be verified.
(Correction, because the registry can pre-calculate the hashes of everyone, they can re-generate a new seeding number until it doesn't collide with existing generated hashes)
Bye!
Why are people saying that anonymity is not a requirement? It essential for two reasons: coercion and vote selling.
No one should be able to force someone to vote a certain way, whether it is a thug on the street or a dominating presence at home. Sure it's not a problem in the US now, but that may be because our current system is coercion resistant - no one else gets to see you fill out the ballot.
There is the related issue of vote buying: voters should not be able to prove that they voted a certain way. Otherwise, it would be easy to set up a system of "Show me your ballot for party X, and get five bucks!" Again, not a problem now, but our current system is resistant.
Also, it would be great if the implementation was available to much more volatile countries where there are major voting issues. Maybe a mix of polling stations an mobile phones?
There has been some work done on electronic polling stations that make much stronger guarantees (and make the e-voting machines you are probably used to look even more laughable) that are able to provide formal proofs that the votes were cast correctly without revealing voter identification... it's not internet based but it gives you an idea. Tacoma Park MD actually used such a system for a local election several years ago.
But is it NP-Hard?
on line = your boss can force you to vote there way at work.
By time we get to the polls we get to choose between Kang and Kodos. The real choosing has been done in back rooms by power brokers and billionaires. Low voter turn out is in part fueled by the apathy that comes from only getting to choose between two pre-selected options by those with very different morales and priorities from the rest of us. The candidates on the ballot only got their by becoming indebted to those power brokers and rich, meaning they have to be corrupted as a per-requisite.
E-voting without fraud is a solvable problem, you just need to holistically think about the issues, like this guy: http://www.ted.com/talks/david...
You have to make sure every link in the chain is secure.
That means:
1) Secured military-grade with strong anti-tamper machines, built on open-source OS software and hardware, that'll sign votes with a one-time-only HSM with strong anti-tamper (i.e., acid to burn off everything inside it if someone attempts to open it). Every HSM's public key will be competely open to the public, and the public will verify that the number of booth is what it's supposed to be.
2) Real life humans verifying the identity of the person voting (citizenship status, age, etc.), and verifying that they're alone in the booth.
3) Technology that uses biometrics (combination of voice, fingerprint, retina, DNA, whatever) to make a GUID for every person - this will also assure they haven't voted twice.
4) Open counting of the votes, booth by booth. Again, this will be completely open so the public can verify that all booths are accounted for and the vote counting is correct.
USB thumb drives are getting cheaper each day. Put a bootable OS on such a device and mail it to each voter. Yeah not all computers will boot to the same program. Maybe put multiple boots for specific computer types; Windows, Mac, etc. I would stay away from phones and tablets, they are too unreliable and prone to infection.
This problem has already been solved.
People already trust the financial system. Copy it.
Instead of creating a 'bank account', people would create a 'voter registration'.
Instead of processing debits and withdrawls, the system would process votes.
The solution is elegant because it is simple. By modeling it after the banking system, you inherit the implicit trust in that system. Anyone who challenges the system, has to challenge the global financial system. Who is going to stand up and say, "You can't trust your bank to accurately tally something as simple as vote!" ??? Doing so would open up a whole pandora's box of problems that nobody wants to deal with. "If they can't even tally a vote, can they really accurately track my account balance?" being among the most obvious.
How about an easier option of sticking with paper ballots, but having a longer window in which to vote? Having just a day at the polls, one a work day, assures that a fair portion of the population (especially the working poor) will have a hard time getting to the polls to throw away their vote.
How about having all mail in ballots be either be legal to send with a first class stamp or come postage paid. Even in our vote by mail state I find it to be a PITA to get my ballot in since I only ever have first class stamps, and barely use those anymore anyway.
Online voting should not exist.
Blockchain technology has almost solved this already.
You could use a chain of hashes - staring with first hash of an id by a government agency, then that hash will go to a second and third party (private or civic organization) to be hashed again .
This system will ensure validation of an individual and yet preserve the anonymity – unless all parties involved in the system are compromised.
Then you can store these hashes in a smart card, either standard format or usb key format. The cost for the cards and additional readers will be less anyway then the cost of organization traditional voting systems.
At the application level, plugins for browsers or mobile apps can be written to access the smart card with a pin. In terms of validation on the backend, the vote request can be simultaneously pushed to three different servers, say government agency, opposition parties and a civil agency servers. Cross-validation between these should match.
Now, even in the case of weak online payment systems, as we have at the moment, only base of cc number and 3 digits on the back, the fraud percentages are small compared with potential fraud in traditional voting systems – so in any case I don't see real reasons not to adopt an online voting system.
If Democracy is worth anything it's worth an hour of your fucking time once a year to go a polling place.
I also agree with you. I do think we need to make a couple more considerations though.
First "those unavoidably out of town" should not be an excuse unless the distance between postal zip codes is greater than say 200 miles
Since when does a round trip of "200 miles" take "an hour"?
it is possible for your boss to intimidate you into not voting
Is it coercion for the boss to threaten to terminate your employment if you fail to travel on Election Day, ostensibly for essential business purposes, to a location that just happens to be between 100 and 200 miles away from the polling place?
We need to be fair and make election day a National Holiday! So that everyone has the day off.
It might take more than a day to travel to and from the polling place. For example, I went to college about 180 miles from home. How should someone at school 180 miles away from home vote in the district where he is registered? Take a Greyhound bus back home and miss several days of classes, including an important exam?
We probably need to make exceptions for the groups for which anti-strike laws already exist, Health, Safety and infrastructure folks who potentially have to work the holiday.
Are pharmacies considered "Health" for this purpose?
All the cleaner election benefits of paper ballots, plus you could do anything governments do right now to paper currency to prevent fake ballots from being stuffed into election counts
Best system for dealing with different disabled voter challenges easily bar none.
We are always getting 70-80% voter turnout in where vote-by-mail is being used now for a decade.
Why the push for online voting? Because, the Internet or something?
Just because you can doesn't mean you should. There is much to be said for making the effort to show up and mark a ballot. If voting becomes as easy as clicking some on-line survey like you find on the typical news page, then we will end up with what we deserve.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Sometimes fitting a headline in a finite space trumps correct grammar. This explains, for example, the use of "M$" in comment subjects to save seven characters compared to "Microsoft". Is "But It's a Hard Probl" more acceptable than "But It's Hard Problem"?
Democrats, hipsters, and neo-technotards, please give it up.
There's absolutely nothing wrong with paper ballots that reminding people to double-check the accuracy of wouldn't solve. It's worked forever, reduces security to the (relatively known problem to solve) of physical security of a location and transit -- something banks have done for centuries. For voter verification, require Photo IDs from a recognized entity, and/or "vouching" similar to what's done now in many states when needing to notarize something from someone with insufficient ID.
Make ballot-by-mail and online voting special-case-only (eg, registered expats; those on deployment; etc.) and such a small scope that it's not worth the coordinated, targeted investment in massive hack schemes, then secure using the best, reasonable internet-encrypting technology.
Stop trying to re-invent things that aren't really that broken to begin with. And sorry Millennials, the inability to vote by app from your cell phone is a feature not a bug.
In related news: I wish more people would go watch Max Headroom again. Sometimes I feel we're living about 15 of those 20 minutes into the future
Hire a Linux system administrator, systems engineer,
Headlines should be short, complete, and grammatical, but it's also a hard problem. Leave out "short" and the story will exceed the headline length constraint and thereby fail to be posted. Leave out "complete" and be accused of clickbait. So instead, the writer left out "grammatical".
Also, there's been a rash of 911 calls resulting in SWAT teams breaking down the doors of people who voted for Candidate B over Candidate A.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
USB thumb drives are getting cheaper each day. Put a bootable OS on such a device and mail it to each voter.
And watch a malware hypervisor load your thumb drive in a virtual machine. You'd need Secure Boot to thwart this.
What about a layered encryption system?
First, a random token is generated for your vote. This could be generated client side (with potential collisions) -- it's just a way for someone to verify their vote later. That, plus the vote(s) are encrypted with the Tallying Machine (TM) public key. Next, the output of that is combined with your identity information and encrypted with the Identity Machine public key. The whole thing is then sent to the IM, decrypted, identity is verified, voting record is made, and then the encrypted vote+token is sent to on to the tally machine, the vote and token are decrypted and logged. If necessary, the vote+token could be sent to a mixer to shuffle the order to defeat timing attacks.
It be much easier to whiteboard, but I don't see any immediate flaws -- at least none that would be unique to this method of voting. It's a lot how the current in-person voting works as well.
https://www.eff.org/https-everywhere
There's an algorithm (or two) that leverages multi-step encryption to facilitate two (seemingly exclusive) properties.
The algorithm, developed by Dr. Andrew Neff, was first implemented by a company called VoteHere.
Now it is available for testing and vetting via an implementation at https://vote.heliosvoting.org....
FWIW I've posted about this system almost a dozen times over the past decade.
It's not just the NSA though, but potentially other adversaries which could impact the outcome of elections where there is a significantly powerful adversary (think Intel, China, or another player with access to lower-level hardware we can't verify). It's already scary that we don't have access to the sources for many of the components we depend on. I tend to use fewer components that include non-free software than most, but even with a free software BIOS, wifi, graphics, etc there are hard disk components and similar for which there is no obvious (to me) solution yet (I think there is some work on a free software firmware for one line of SSD though).
then how would voting, with even less accountability or transparency, be any more so? If I buy something, I expect to receive it. If I don't, no one tells me "the poll results say the other guy gets your item". Doesn't matter how many charts and graphs someone powerpoints, I have no way of knowing if my "order" was placed or accounted for properly because there is no direct (unless you're rich enough I suppose) receipt of the desired result after the voting transaction. the sheer number of unauthorized transactions and access of accounts shows no system is remotely secure enough
The whole issue of "I couldn't be arsed to show up to vote because I was too busy over a space of a week or more but I really did manage to find the hours necessary to properly educate myself on the issues and candidates and seek out my own interpretations aside from what is pushed to me by special interests" is a whole other problem.
But think of it this way. "Everyone knows" the Status Quo is terrible. "everyone knows" government is bought and sold by (insert the group you're not part of here). So when the Status Quo wants electronic voting thru the internet, why does "anyone" support it at all? Common sense and logic tell you "the same guys who are manipulating the system now will not want anything that makes that manipulation harder-they want what makes it EASIER."
You need to either be ok with that (i.e. botnet owners should have more votes than normal people, because the whole reason that people give their computers over to botnets, is that they want to personally have less power) or else you need to give up on the idea of online voting.
And since nobody sane is going to be ok with that (I think people will disagree with my above parenthesized assertion), then: give up on the idea online voting. By the time you "solve" the compromised-user-agent problem, you'll have lost 100% of the reason for online voting, as we see with the amusing idea of making people use multiple computers which are hopefully on competing botnets and therefore unable to reach enough consensus to vote the same way.
Just keep having people go to polling locations. Really, it's ok to do that.
"Believe me!" -- Donald Trump
As I noticed when I went to vote the other week in the UK General Election. All the ballots are numbered and your voter id is noted down and cross-referenced to the ballot you are handed. I had to double-check the implications of this after I'd voted and sure enough, it's a 'well known fact' in certain circles : "The use of numbered ballots makes it possible, given access to the relevant documents, to identify who has voted for whom, and there are many accounts of this being done regularly by the authorities in the United Kingdom, especially by the police and Special Branch to identify voters for fringe candidates". http://en.wikipedia.org/wiki/S...
Yes, it's like the ghost of 2000 is hanging over us . . . like Hanging Chads.
Imagine a simple device similar in appearance to a calculator. For registration, voter verifies his identity to a human, selects a random one of these devices from a box, places it into a writing machine. Voter selects a PIN, enters this into the machine. Machine permanently burns random private key to the device and saves public key and PIN encrypted with private key.
To vote, website displays a random number. User enters this into device along with voting selection and PIN. Device displays hash of encrypted hash of these values. User enters displayed number into website. Website saves originally displayed number plus user-returned result. To verify, same process except website can indicate whether user-returned number match last entry.
If coerced, use a wrong PIN. It will still verify but will not be counted.
Something like that.
Democrats
Christ, everything is politicized in your them vs. us two-party system, isn't it?
David Bismark demos a new system for voting that contains a simple, verifiable way to prevent fraud and miscounting — while keeping each person's vote secret. http://www.ted.com/talks/david...
And that's hardly an improvement. Any actor with access to the ballot paper printing could subtly (or unsubtly) bias the printing process, so that votes for the unfavored candidate would be counted towards the favored candidate in a region where the unfavored candidate is expected to win. It would also be undetectable.
Actually, I think I would welcome the addition of the Neo-Technotards as a third party. The political debates would be VERY entertaining. Can you imagine the looks of exasperation on the faces of the other parties' candidates?
voting should be at least a weeklong window. And Electoon Day itself should be a paid national/bank holiday. It should be more sacrosanct than Christmas Day; working on Election Day should be quadruple pay, to discourage employers from opening their doors.
In the parliamentary elections of September 2013, more than 250 000 Norwegians in selected municipalities were able to vote from home. They were taking part in a national trial of Internet voting, building on an advanced cryptographic protocol. Follow the link below for a talk about the technology behind it, presented at the last Chaos Computer Conference by Tor E. BjÃrstad http://media.ccc.de/browse/con...
... 7337 H4X0R
English uses articles for definiteness and word order for case (what is subject and what is object). Russian uses declension (noun endings) for case and word order for definiteness. Each noun has to be marked as a subject or object, which lets definite ("the") nouns go before the verb and indefinite ("a") nouns after. The letters you lose by not having articles you gain by having to mark the object as such.
What's to prevent a hacker from inserting votes into the system? Granted, there is a mechanism for detecting if votes are deleted, but it relies on people checking their vote receipt against a website. The bulk of the population is not going to do that, so a hacker has fairly high probability of being able to delete votes without being detected. And what happens when a hack is detected? Is there a way of determining how many of the ballots are tainted? Do you run the election again, or go with the results of the untainted ballots?
Maybe there is more to this system than was explained in the video, but It doesn't seem entirely bombproof at first glance.
When our name is on the back of your car, we're behind you all the way!
Both ballot-by-mail and online voting are meant to increase the convenience of voting, which should be as easy as possible to do.
If you want to keep those limited to specific groups and scenarios, fine. But let's expand the voting period beyond just a single workday --- ideally over the span of Friday--Sunday.
There's absolutely nothing wrong with paper ballots that reminding people to double-check the accuracy of wouldn't solve. It's worked forever...
Well, except when it hasn't worked. The paper ballot system has one major flaw - it is impossible to unambiguously and objectively assess the validity or meaning of a paper ballot, at least not in a way that everybody can agree on.
What constitutes a stray mark? What constitutes a vote?
I think a good compromise is a computer-generated paper ballot which is voter-visible/verifiable, but not voter-modifiable. Let the voter pick their vote on a fancy touchscreen or whatever. Print their vote on a piece of paper behind a plexiglass screen, then have the voter hit the ok button and watch the piece of paper fall into the box. As the ballot comes out of the printer it could even run past a scanner for verification by the same algorithm that will be used for counting votes later.
This lets the machine validate the ballot while the voter is standing there and able to make corrections. There is no ambiguity around voter intent. Then the machine prints out a ballot which is completely standardized (easy to OCR accurately, unambiguous, no stray marks, etc).
There are real benefits to using computers in voting. The key is to capture those benefits, while then mitigating the risks they introduce.
End-to-end auditable voting systems
Spoon not. Fork, or fork not. There is no spoon.
widespread vote by mail has shown to be reliable and effective. what do you have against it?
As I understand it, you have to be a verifiable resident of a particular precinct for 30 days before you can vote in that precinct. People who move house in the 30 days prior to Election Day need to vote at the polling place for their old precinct, not their new precinct. If the distance from someone's new residence to the polling place for his old residence is greater than reasonable cycling distance (let's say 10 miles/16 km) but less than the absentee ballot eligibility cutoff (DarkOx suggested 200 miles/320 km), he won't be able to make it to the polling place on time. So such a rule would constructively disenfranchise recent movers.
"Either you show me your vote as you're casting it, or I (don't pay your bribe/fire you/beat you up/kick you out of my house)."
As I learned in history class, in the great depression a vote was worth a few dollars. You had to show your ballot to the Large Man outside the window before depositing it in the box, or you didn't get your money.
Secure voting requires that a voter can't prove how they voted to any other person, even with their active collusion.
While it's sometime necessary to bend this in unusual cases, like a disabled voter who needs assistance voting, it really has to be impossible in the common case.
I've seen some really interesting ideas regarding PGP signatures, using blockchain technology
To know if they'll work try this test.
Go to any Walmart.
Offer some people a free lunch if they'll listen to you explain the government's new way of voting.
I think you'll know what will happen.
what about the blockchain? satoshi could be issued thru mail based on electrol register, then voters use the satoshi to place a bid on the candidate nominated.?... Or something similar
Use malware signatures to uniquely identify the machine.
Convenience.
Paper Trail.
Research your candidates with your ballot in-hand for two weeks. (as I am now for a local election due in by19MAY, mostly school board members)
Go check Oregon's voter fraud rates as well.
If a company has a person who has access to the accumulated counts, then that person can change the vote, downstream, upstream, or final destination. The individual computers don't matter; there are no ways, given the constraints, the verify who voted for what - yes, there are established, effective ways of controlling the data, but if you can't audit the entire chain, it doesn't matter. The code, the counts, the data are owned by private companies, and they have established that all of that are their protected trade secrets. Past lawsuits show us that they refuse court orders and countersue, and that they destroy the data, such as it is. Puttering around with geeky analysis of the browsers and malware isn't addressing the problem which is: they who control the machines control the elections. Worrying about the "hackers" on the outside is specious. It's the hackers on the inside.
In democracy it's your vote in elections that counts; In FEUDALISM it's your count that votes;
Casteism
Are you all, the "best and brightest" of slashdot seriously implying that you cannot think of a way to design an anonymous ballot??? it is a trivial problem. Are you all forgetting that while the *voting* is online, real life and government are not??? There is no reason why the "voting" process could not be replaced by a person going to physically pick up an encryption key, which could be used for their entire life if they guard it well. The government then has the decryption keys, but they don't need to know who owns what key.