Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Devise Voting System That Seems Secure, But Is Hard To Use

Posted by Soulskill on from the find-the-candidate-and-hand-them-your-vote dept.

An anonymous reader writes: According to an article in ReadWrite, a team of British and American researchers have developed a hacker resistant process for online voting called Du-Vote. It uses a credit card-sized device that helps to divide the security-sensitive tasks between your computer and the device in a way that neither your computer nor the device learns how you voted (PDF). If a hacker managed to control the computer and the Du-Vote token, he still can't change the votes without being detected.

69 of 103 comments (clear)

  1. Only geeks can vote? by linear+a · · Score: 4, Insightful

    I vote yes!

    1. Re:Only geeks can vote? by Garridan · · Score: 2

      Probably not. The authors made the newbie mistake of saddling their scheme with purpose-built crypto. They make a slight nod to the danger of this in the appendix, and sweep it under the rug (IND-CPA is nice and all, but it's not a proof of security). Experience says that they're overrating the security of their system, and there's a good chance it's broken. Thus, geeks will think they're voting, but The Man will actually be doing the voting for them.

    2. Re:Only geeks can vote? by Meski · · Score: 1

      Hard to use has a certain attraction.

  2. Transparency by prefec2 · · Score: 4, Interesting

    Voting must be secure, private, equal, and transparent. If the counting is done by a machine and there is no paper trail then this transparency is not realized. Nice to see that they are able to secure the transmission, but now the devices can still be tampered with. What I do not understand, why is it so important to replace the voting process with an electronic voting process. Voting is an important act in a democracy, therefore, it is also important to give it enough time and ritual to perform it.

    1. Re:Transparency by itzly · · Score: 1

      What I do not understand, why is it so important to replace the voting process with an electronic voting process

      Because it makes it much easier to rig the elections.

    2. Re:Transparency by epine · · Score: 3, Funny

      If I wanted ritual in my life, I would have become a priest and pursued my career with extreme political ambition so I could vote for the freaking pope.

      I guess you've never read an article in your life about mobilizing the voters who are too lazy (or metabolically downtrodden from their Cheetos and Coke diets) to physically show up at a polling station?

      Paper is a physical token. Reliably obtaining exactly one unambiguous, untamperable physical token with confidentiality from each adult member of society—the vast majority of which are collected on the same day—hasn't exactly proven to be an easy problem, especially when broadened to include public trust—that every voter understands and believes the process to have all of these properties (to at least a substantial degree).

      Electronic voting vastly reduces the complexity on the collection side, but then the tamperability problem looms supreme, but this could almost be solved with enough crypto cleverness, except that the public trust story then requires a tiny bit of numeracy beyond grade six math.

      Ritual, however, is accessible to a four-year old.

      The same four-year olds who are unfortunately not yet equipped with fully functioning batshit detectors.

      I don't want to abolish ritual. I simply want to reduce it to the size where I can drag it into the bathroom and drown it in the bathtub.

    3. Re:Transparency by Gravis+Zero · · Score: 1

      Voting is an important act in a democracy, therefore, it is also important to give it enough time and ritual to perform it.

      yet people in the US still have to take time off from work to vote. they need to make it a national holiday if they actually want to increase voter participation.

      --
      Anons need not reply. Questions end with a question mark.
    4. Re:Transparency by penguinoid · · Score: 1

      What I do not understand, why is it so important to replace the voting process with an electronic voting process.

      Because they're so much easier to tamper with, and any tampering can be blamed on accidental software bugs (because everyone who doesn't use formal methods software knows that all software is inherently buggy)

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    5. Re:Transparency by phantomfive · · Score: 1

      It's not private. It requires that a 'secret' value (named 'k' in the paper) be sent to the voter in the device. The server needs to know that value to decrypt the vote, thereby being able to identify the voter.

      --
      "First they came for the slanderers and i said nothing."
    6. Re:Transparency by pjt33 · · Score: 1

      Here in Spain elections are always on Sunday. (In fact, we have elections tomorrow). However, I don't imagine that that would be very popular with certain constituencies in the southern U.S.

    7. Re:Transparency by vux984 · · Score: 1

      Because of gerrymandering, the polling station that was selected for me in my district is about 8 miles across a city in a location without a bus stop and the closest public transportation about 3 miles away.

      1) Perhaps you could find some sort of way to carpool or even split a cab... what with the entire district having a reason to go there that same day. Not to mention political parties and volunteer groups all over the place running busses etc.

      If only there were some sort of alternative like the ability to mail in a ballot... oh... wait. There is.

      2) I agree with you gerrymandering ought to be criminal.

    8. Re:Transparency by penix1 · · Score: 2

      There are many factors that play in low voter turnout but to name the worst offenders here we go:

      1. The two party system itself. Having only two nationally recognized parties by the media ignores a very large part of the population that doesn't agree with either of them. This is the primary reason gerrymandering works too.
      2. Primaries. Having primaries in the two party system means those that support a candidate that doesn't win the primary feels left out and doesn't see a need to vote in the general election.
      3. Winner takes all in national elections. This means that electoral votes get ignored once a majority is achieved. This is how President Obama won.
      4. Using an electoral college. The electoral college made sense when communicating voter wishes meant paper delivered by horse to the capitol. It makes no sense in the age of computers and high speed communications. Also, because there is no real assurance that an elector will vote they way the voters want, you wind up with messes like the 2000 election where the electoral vote did not match the popular vote.
      5. No holiday for election days. Nobody wants to work all day just to have to stand in long lines all night to vote. Let's face it, if a person had all day to vote those lines would be considerably shorter with only the procrastinators being punished.

      Those are just a few off the top of my head. I know there are many more.

      --
      This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
    9. Re:Transparency by DrunkenTerror · · Score: 1

      "gerrymandering ought to be criminal."

      But how would you get politicians to pass such a law?

    10. Re:Transparency by NicBenjamin · · Score: 1

      I call BS on this.

      In the US a national election is not carried out at the district level because it's also an election for at least the State House. Generally states will piggy-back even more election onto it -- back in Michigan you'd vote for Supreme Court, Community College Boards, County elected officials, etc. when you voted for President; the other even numbered years added State Senate and Governor to the mix; now that I'm in Ohio the big change is there's no Community College Board on the ballot.

      Since none of these districts is anything near coterminous they divide the state up into thousands and thousands of precincts. Ohio had 9,158, Michigan 4,577, last election. There's probably a precinct physically big enough in one of these states that you could actually be a full 8 miles from the polling place, but it's not typical, and it's not a result of gerrymandering.

    11. Re:Transparency by prefec2 · · Score: 1

      Strange! Really, do you live in the central Africa? 8 miles to the polling station. That looks like a method to keeping people from voting. I normally have to walk approx 6-8 minutes to the polling station, but even when I lived in a village there was one in the village. Easy to get there. However, 8 miles that is 13 km, by bike this is half an hour. In Germany you would have crossed two more villages.

    12. Re:Transparency by NicBenjamin · · Score: 1

      Or have elections on the weekend. If you really are wedded to voting on Tuesday we could have four-day elections with voting Saturday, Sunday, Monday, and Tuesday. This would actually make a lot of election administration simpler because if you only have a quarter of the voters per day you need fewer administrators, and if it turns out some great idea you had the day before the election was dumb you can switch on Saturday night and then only 3/4 of the electorate will have to put up with your dumb idea.

      In the US we tend to be very conservative in how we actually run the country, so rather then make the obvious, simple, cheap change and stop voting on Tuesday people seriously propose that everyone stay home from work on that Tuesday.

    13. Re:Transparency by Damarkus13 · · Score: 1

      My state has no polling places anymore. It's all vote by mail. I struggle to see how internet voting is more convenient than that.

    14. Re:Transparency by TheGavster · · Score: 1

      I concur with your points, but have a few corrections to (3) and (4), as the best way to win an argument is to not allow any holes:

      The "winner takes all" system means that all of a state's electors are pledged to the winner of the popular vote in that state, regardless of the margin. What happened in 2000 was that Bush won his states by narrower margins than Gore won his states, resulting in the "packing" situation that is the principle argument against an electoral college.

      The electors in 2000 all voted as they were assigned. The controversy over Florida's electors was over who to assign them to vote, as the results were within the margin of error for the voting process. If electors were assigned proportionally, the "hanging chad" would have come down to the one odd elector, rather than all 25, and we would never have heard about it.

      Separately, I think that (2) is one of the most important points, and the one that is least likely to see attention. I remember my frustration in the run-up to 2008's election to hear Howard Dean in an interview on NPR defend not only the primary system, but having different states vote different ways. If one of the more progressive voices at the time is married to that system, we have a long way to go to change it.

      --
      "Because Science" is one step from "Because old book". Try "Because of my experiment testing my falsifiable assertion".
    15. Re:Transparency by prefec2 · · Score: 1

      We have our elections on Sunday and the rest can vote via mail or go to the city hall any day and vote there.

    16. Re:Transparency by Guy+From+V · · Score: 1

      Whatevs Pancho Villa.

    17. Re:Transparency by prefec2 · · Score: 1

      They could allow to vote by mail and vote in the city hall. In Germany normally you get your "voting permit" weeks in advance. And you can use that card to vote at the city hall every day before the election. So all those I cannot go to a polling station on Sunday people can vote easily.

      BTW: Good look with your election tomorrow.

    18. Re:Transparency by zaroastra · · Score: 1

      When I complained about the political corrupts that rule back where I live, a swiss guy explained me that voting is the least you can do to keep the politicians in check.
      If you actually care, you will have to organize with other people to for instance review the public records or financials.
      But in the end quick, reliable, evolutive, secure, private, equal, transparent and open source voting is a must for decision making.
      So it is important to replace the voting process with the digital age because that will allow faster and more informed decisions.
      Representative democracy doesnt work anymore, I for one would replace it with something more 2.0, the sooner the better.

      --
      I'm trying to get modded "Interesting Flamebait Informative and Insightful Redundant Troll" *-* Please Help *-*
    19. Re:Transparency by vux984 · · Score: 1

      So it is important to replace the voting process with the digital age because that will allow faster and more informed decisions.

      1) How will replacing the voting system result in faster or more informed decisions by the voters? That's like suggesting making high tech toilets will get people to make better choices about what they eat.

      2) What on earth do we need -faster- decisions for? Because having to wait a few hours a few times a decade is the major problem with our system of government?

      I for one would replace it with something more 2.0, the sooner the better.

      Better how? Fewer people would know how it works. Therefore Few people should trust it. Doesn't sound "better" to me. Election systems need to be simple enough that everyone can understand them, everyone can see that hasn't been tampered with.

      A show of hands is simple but not anoymous.

      Physical ballots placed into a physical box. Then removed and counted in full view of everyone is also simple, and you gain anonymity. And a child can understand it and validate it. There is zero reason for an election to ever be more complicated than this.

    20. Re:Transparency by Godwin+O'Hitler · · Score: 1

      The same way the public gets them to pass all the other laws ... oh wait.

      --
      No, your children are not the special ones. Nor are your pets.
    21. Re:Transparency by Godwin+O'Hitler · · Score: 1

      Wait, are you saying Spain is less observant of the sabbath that Dixie?
      I live in Spain too (though I'm not Spanish) and Jesus is every freaking where. Although to be fair they don't stuff the religion down your throat.

      Well, all except the Jehova's Witnesses. I've never seen so many as in Spain.

      --
      No, your children are not the special ones. Nor are your pets.
    22. Re:Transparency by Godwin+O'Hitler · · Score: 1

      Well a Swiss guy would say that. Switzerland is one of the very few countries where the people themselves have a real-time veto on bad laws.
      Their votes actually count. They aren't just voting for promises.

      --
      No, your children are not the special ones. Nor are your pets.
    23. Re:Transparency by Agripa · · Score: 1

      Because two choices which do not represent me are so much better than one choice.

    24. Re:Transparency by jknapka · · Score: 1

      Electronic voting vastly reduces the complexity on the collection side, but then the tamperability problem looms supreme, but this could almost be solved with enough crypto cleverness, except that the public trust story then requires a tiny bit of numeracy beyond grade six math.

      Perhaps an ecosystem of vote verification tools built upon a well-understood verification algorithm with an open-source reference implementation would alleviate the crypto-innumeracy problem. The voter wouldn't have to understand the math; only how to enter a magic number, press a button, and check for the expected result. Multiple implementations help ensure that no one can game the verification process (or just implement the algorithm incorrectly) without being caught out in short order. The verification would have to be implemented in such a way that the voter could tell that their vote was recorded correctly, but could not demonstrate to another that they had voted a particular way. Obviously, the average voter can't tell whether the verification algorithm is implemented correctly, but it's not the voters who would be checking that. Any interested party could do so, and the voting population at large would be using tools that were subject to scrutiny, either by direct examination of the code or by comparison of output with the reference implementation.

      Also, the raw vote data of all elections (which of course would contain no data allowing voters to be personally identified) should be public, so that watchdog organizations can check that the outcome is in accordance with the votes cast. Such a data store should allow vote counts to be verified, and allow any randomly chosen voter to check that their vote is recorded correctly. I'm reasonably certain this would be straightforward to accomplish with a cryptographic voting system, but it would be basically impossible with physical ballots.

  3. Not secure by aaaaaaargh! · · Score: 2

    The counts can be hacked at the target computer. For example, by the government, by foreign governments or by the company providing the voting systems.

    Or are the "electronic votes" counted manually by thousands of volunteers and leave a huge paper trail?

  4. Re:"without being detected"...yet by freeze128 · · Score: 3, Insightful

    ...and that's the point! If it takes longer than 4 years to hack, it's effectively secure for a US Presidential election. By then, the elected official's term will be up, and there will be another election (with different encryption keys) so you will have to start over.

  5. Confidence versus rational confidence by mtrachtenberg · · Score: 4, Insightful

    It is conceivable that the World's Cleverest People (WCP) will devise a system that reliably enables people to vote over the internet. And researchers tell us America is no longer a democracy, so I suppose it doesn't really matter that only the WCP will have rational reason to have confidence in the system.

    But for those of us who think people should be able to prove to their own satisfaction that their vote was counted as cast, paper inserted into witnessed boxes and then counted in public seems like a better idea. It will never make Microsoft rich, though, so I doubt Microsoft Research will admit this.

    1. Re:Confidence versus rational confidence by mtrachtenberg · · Score: 1

      "World's Cleverest People" is just another way of saying "The Best and the Brightest."

      We will never learn.

  6. KISS by riverat1 · · Score: 4, Insightful

    Voting should be a low tech process that anybody can understand. Too much technological magic erodes the trust of voters who are capable of understanding it. Simply marking a ballot with a pen is understandable by anyone. Maybe you count them by machine but you always have the fallback of machine counting. I don't trust any voting process that doesn't have that fallback option. If the voting records are only held electronically how can you ever completely trust the results haven't been hacked?

    1. Re:KISS by Runaway1956 · · Score: 1

      Bingo. You shouldn't have to have an IQ of 300 to understand the process, or to use it. You shouldn't even have to have an IQ of 100. A lot of not-so-bright people live in this country after all. Probably 150 million or more. After all, 100 is the median IQ, right? Half or more of all Americans have IQ's equal to or lower than 100.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    2. Re:KISS by gnupun · · Score: 2

      Maybe you count them by machine but you always have the fallback of machine counting.

      Perhaps you meant "fallback of human counting." For simplicity:
      1. The voter selects a candidate on a touch-screen tablet.
      2. The tablet prints out the vote selection on a piece of paper. This ensures a valid vote has been cast by the voter.
      3. Voter deposits paper into a box along with other votes.
      4. A computer with a scanner rapidly scans the paper votes after the box is emptied into the counting machine.
      5. Humans manually recount votes using paper votes if any discrepancy in the vote count is found.

      The TL;DR version is use printers to cast machine-readable paper votes.

    3. Re:KISS by quetwo · · Score: 1

      Or how about you use a large-format "scantron". You fill in the bubble, and scan it. The paper copy can be re-counted, but it can be easily electronically calculated. Why do we need the touch screen? It seems like people want to introduce technology just for the sake of introducing technology.

    4. Re:KISS by itzly · · Score: 1

      1. The voter selects a candidate on a touch-screen tablet.

      Ah, I see you're building a finger print database. Nice.

    5. Re:KISS by riverat1 · · Score: 1

      Yes, I meant to say "hand counting".

      I don't have any problem with using a machine to print out your ballot as long as the voter can hold the printed ballot in their hand and verify it is correct before putting it in the ballot box.

    6. Re:KISS by zaroastra · · Score: 1

      given that IQ of 100 is the average of IQ of the population, in a normal distribution you will have about the same above as below that treshold.

      --
      I'm trying to get modded "Interesting Flamebait Informative and Insightful Redundant Troll" *-* Please Help *-*
    7. Re:KISS by Jeremi · · Score: 1

      Ah, I see you're building a finger print database. Nice.

      <Morbo>Touch screens do not work that way! Good night!</Morbo>

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    8. Re:KISS by itzly · · Score: 1

      Touch screens do not work that way! Good night!

      Not normally, no, but it could be added as an extra feature.

    9. Re:KISS by towermac · · Score: 1

      Yeah, but I don't want to pay for that. You're using a computer and printer to replace a pen.

      What's the point of that? To be sure some idiot that can't mark a circle gets to vote? Or maybe you're all paralyzed and parkinsons and really can't mark the circle.

      That's why all those old people are hanging around the polling place; they are there to help you. Or you can bring your own help.

      There's no good reason to have a computer anywhere near voting. The digital adding machine in a scantron is all we need. (And we're not even dependent on that, but it's nice to have your results by morning.)

    10. Re:KISS by Godwin+O'Hitler · · Score: 1

      I bet the parent poster wishes he'd said that.

      --
      No, your children are not the special ones. Nor are your pets.
    11. Re:KISS by gnupun · · Score: 1

      Well, how do propose we avoid a repeat of hanging doors and pregnant chads, like in the Bush/Florida election, without computers?

    12. Re:KISS by towermac · · Score: 1

      A pen marking on paper is not the same as having to destroy a small part of the paper. The chad thing is problematic as a design.

      Another example of fixing something that wasn't broken.

  7. Re:Bourgeois elections by Runaway1956 · · Score: 1

    So - you'll be voting for Clinton?

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  8. Beside hacking by AchilleTalon · · Score: 5, Insightful

    Beside hacking a device to steal votes, there is a number of other concerns about the online voting which cannot be eliminated by any device you can imagine.

    For example, how can you be assured the voter has not sell his vote and the buyer can just sit beside him to make sure he is getting what he paid for? How can you prevent someone to impose a candidate to someone else by threatening him/her/them? At a vote poll, you can make sure nobody is intimidated and anyway there is no way someone else can check the vote he tried to steal.

    Online voting is a big No-No.

    --
    Achille Talon
    Hop!
    1. Re:Beside hacking by Luke_22 · · Score: 1

      There are problems with paper voting as well.

      oldest trick:
      - bad buy gets a blank vote page, somehow.
      - bad guys marks the page as he wants, then gives it to voting guy.
      - voting guy goes to vote, puts the already marked vote in the box, carries out the new blank vote page.

      Loop and repeat.

      Or while counting the votes, if a city is expected to have an heavy turnout for the wrong candidate, if you can manage to sneak in a bad guy as the one who parses the ballots, he can have a small piece of pencil under the nails, and use it to erase "wrong" votes or "complete" blank ballots.
      It requires more skill, maybe a couple of them working together, but there are lots of money in an election, so finding the skilled people might not be that impossible.

      At the end, you only have to decide what to trust, the computer programs or the people.

      --

      IMHO, we need to harden the paper balloting. It's easier to harden, more expensive to fool and you can't fool it "globally" but only locally.

      Either that, or provide proofs of correctness and verifiability to everyone, for all computers involved. Kinda harder, although more awesome for us hackers.

      --
      "I was gratified to be able to answer promptly, and I did. I said I didn't know." -- Mark Twain
    2. Re:Beside hacking by david_thornley · · Score: 1

      Around here, a paper ballot is large, and not easy to conceal. Somebody taking one in or out would be noticed, and since all precincts around here have observers from both major parties somebody would call the police. Also, the voter fills out the ballot and puts it in the tabulating machine, which drops it into the ballot box, with no opportunity for observer tampering. In the event a manual recount is required, I'm pretty sure one of the observers would object to the bad guy. Besides, it's really hard to fill in an oval with something under a fingernail without being really obvious. In either case, the bad guy faces years in prison in exchange for modifying a few ballots.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  9. I've got an idea... by Anonymous Coward · · Score: 1

    We could print out the ballots on paper, and then instead of using digital or pen signatures, we could use our blood to check the boxes and "sign" the ballots.

    Now all we would need is a national DNA registry. This would also solve a whole bunch of problems with needing or not needing to present ID to vote, as you wouldn't need to show an ID card at all (although I honestly don't know why anyone would want someone that may or may not be an American citizen, or even the correct person voting, but this is apparently a thing in some US states).

  10. I love it by iamacat · · Score: 1

    Stupid and lazy people are kept from voting by having to read instructions and enter numbers into a token. The ones who manage to cast a valid ballot are likely also intelligent enough to understand basic scientific facts and elect politicians capable of cooperating with other humans! Instant fix for American government!

  11. Proctored voting by Okian+Warrior · · Score: 3, Insightful

    A lot of people think online voting is the next big thing, but the problem is actually very hard to do online.

    To do it right requires a "proctored" setting where the person is guaranteed to be alone, and unobserved (including video recording).

    If you can't guarantee that the person is alone, then they can be coerced into voting a specific way. If you can't guarantee that the person isn't observed, then the person can sell their vote.

    Video recording hasn't been addressed yet, but with the current system a voter can record their vote as proof of how they voted, and so vote selling is possible. It's functionally the same as being observed, just time shifted.

    Add in the requirements for recounts and verification, and physical ballots in a proctored environment is the simple solution.

    I've seen mathematical solutions that make tampering statistically impossible. The system injects a large portion of non-human votes in a cryptographically secure way such that it doesn't change the actual outcome, but it's impossible for a hacker to change votes due to the statistical likelihood that he'll change one of the non-human votes and be detected.

    Even with these systems, you still need a proctored environment that guarantees anonymous and unobserved voting.

    1. Re:Proctored voting by phantomfive · · Score: 1

      You do realize that 3 states have already gone entirely vote by mail.

      Is your point that some times states do stupid things, and don't learn the lessons of the past?

      --
      "First they came for the slanderers and i said nothing."
    2. Re:Proctored voting by Brulath · · Score: 1

      In Australia, at least, anyone can apply to vote by mail (which is very useful for the elderly or super-busy), and voting by mail is the only way to vote in things like local council elections. Voting is also compulsory. It seems to work fairly well; I've never heard of a vote-purchasing scandal, and any amount of vote purchasing which was on a large enough scale to influence an election result would be almost guaranteed to be leaked by somebody.

      If you can't guarantee that the person is alone, then they can be coerced into voting a specific way. If you can't guarantee that the person isn't observed, then the person can sell their vote.

      Every vote counts, for sure, but when your potential voting population is in the millions it'd become very difficult to cover up a vote-at-gunpoint scheme from the police. Similar with voting for cash, the chances of being able to conceal such a scheme–if it grows to a size where it can influence the outcome of an election–are small. The lack of needing to visit a polling station should also increase the number of people voting, which may work to counter-act the influence of the small number of votes which are compromised without alerting police.

      It's a massive hole on paper, for sure, but it remains to be seen whether it would actually result in any visible influence if it were enacted in practise. A much more effective way to purchase votes seems to be buying a news-media outlet–and it's legal to boot.

  12. I fail to see why online voting is necessary by scottbomb · · Score: 1

    Ditto the touchscreen voting machines and every other apparatus they come up with in their attempts to do away with the paper ballot, which has worked just fine for over 200 years. Just because it's more modern doesn't make it better.

  13. Re:KISS-errata by riverat1 · · Score: 1

    Maybe you count them by machine but you always have the fallback of machine counting.

    Of course I meant "you always have the fallback of hand counting."

  14. Re:Better to use paper by itsenrique · · Score: 1

    He's downmodded because there is no evidence for widespread absentee ballot fraud, and many on the site probably use absentee ballot voting for one reason or another.

  15. Re:Better to use paper by Lando · · Score: 1

    He's not down modded for this. He's got negative karma, so apparently in the past he's made a big enough negative impact that all posts start at -1 for him.

    --
    /* TODO: Spawn child process, interest child in technology, have child write a new sig */
  16. Over-the-shoulder problem by Meneth · · Score: 1

    No online voting system can eliminate the "over-the-shoulder" problem, where an attacker breaks the "privacy" requirement.

  17. Crypto is NEVER the answer if the question is Vote by goombah99 · · Score: 1

    yES!! if the TYPICAL voter does not understand why the vote is secure the method fails. this is virtually the turing rest for any proposed schema.

    Someone needs to write one of those form letters we have for why someones proposal to end spam will fail for all these stupid people who think the problem is crytography.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  18. Open voting logs is the solution by asilvestre · · Score: 1

    Many people thing about electronic voting only for presidential elections and so on, but where I think it could be a game changer is in bringing current democracies on the way to a system closer to what is known as direct democracy where implicated citizens could use their vote in very specific decisions and other people could delegate (temporally , with easy possibility of revocation and discretionally) to political parties or representatives so they could decide for them.

    I envision a system with independent census and electoral entities and using smartcard chips with certificates. I just made it up very fast it still has very vague parts, maybe inconsistencies but I feel starting from here it could be a sound system.

    The census entity is in charge of providing means to eligible citizens to sign their votes. For instance a smartcard with public private key, a protocol should be established in a way that the census entity knows which certificates has issued but cannot relate them to specific people.

    When a poll is called independent parties can apply to become electoral entities for that specific poll, these can be public entities, NGO's, etc... a number of them is somehow certified and chosen.

    During the time allowed to vote, each citizen signs his vote using his smartcard and sends it to all or a subgroup of the electoral entities chosen for the poll, independently of this, with his smartcard and any time during or even before the voting time he signs a request to the census entity stating his intention to vote.

    At the end of the voting all voting logs are signed by each of the entities and made public, these logs have all the votes, signed with their respective certificates, they've received, also the census entity makes public a log with all the voting requests made.

    The result of the election is not actually calculated by these entities but anyone can produce it by processing the logs, a protocol to work out inconsistencies should be designed, but it should be possible to work out given a honest census entity and the nature of public/private key certificates.

    1. Re:Open voting logs is the solution by asilvestre · · Score: 1

      I think that scenario would be a lot better of what we currently have, where sometimes only the 0.0001% of the majority can and regularly does things like that.

      I think people should believe in their society, a healthy society would most of the time choose the right thing and when it wouldn't it would be their responsibility allowing it to change and improve as a whole.

      Also in order to protect minorities (of any kind ethnic, geographical, professional, ...), a system could be devised so minorities could be self-determined. For instance before any poll if a minority gathers sufficient backup of their own a consultive poll is performed for them and the results are known and publicized before the actual poll happens, so society as a whole knows for sure what is the feeling of that subgroup and can decide on the grounds of that knowledge. A healthy society would take into consideration a strong opinion of a subgroup of its own.

    2. Re:Open voting logs is the solution by Godwin+O'Hitler · · Score: 1

      You make it so that changing something needs substantially more than 50% acceptance. If the vote is close, say between 45%–55%, the law gets sent back to the politicians for revision and revote. Then if it's still close to 50%, status quo reigns. This is how voting works in many specific cases.

      --
      No, your children are not the special ones. Nor are your pets.
  19. Don't make it too hard by reboot246 · · Score: 1

    If voting is too hard and complicated, the voters in Floriduh will never figure it out. We've been down that road before.

  20. "he"? by TMB · · Score: 1

    Based on the summary, I'm forced to conclude that it is safe to tampering from male hackers, but that female hackers can safely modify the results!

    1. Re:"he"? by arvindsg · · Score: 1

      ,,|,

      All you are promoting is waste of worlds resources, energy and time
      How low is your IQ that you can understand that word "he" in this context applies to all sexes(And not just male,female)

  21. Re:"without being detected"...yet by Albanach · · Score: 1

    Bruce Schneier said "a secure Internet voting system is theoretically possible, but it would be the first secure networked application ever created in the history of computers."

    Good luck to them.

  22. Opinion of the constitutional court of Germany by Casandro · · Score: 1

    I'm sorry, but please follow the current state of the discussion which probably is the opinion of the constitutional court of Germany.

    Essentially they found that it's rather irrelevant how secure it is, what's important is that it's easy to detect fraud. And by being easy they mean that a lay person without any special knowledge can, without a doubt, find out when fraud occurred.

    The typical well designed system is the hand marked paper ballot. The technique to check for fraud is trivial. You look into the ballot box before the election to make sure it's empty, you make sure everybody just throws one ballot into the box, you make sure that in the end the number of ballots is equal to the number of people voting, and then you make sure everything is counted correctly. The last part is hard to watch, but since the ballots are stored you can always have a recount.

    Compare that to those mathematical systems which, even if you understand the math, require you to actually see what computers are doing. So essentially you need to do a deep forensic analysis on a voting computer checking everything from the firmware to the individual dies of the chips.

    Other areas as in banking have it easier. There you can just have audit logs for everything and check against such logs. This cannot be done with elections because of voter privacy which is highly important by itself.

  23. waste of time by dywolf · · Score: 1

    Should be copying Oregon's Vote-By-Mail system instead.

    No lines, no having to get across town after or before work, all resulting in better voter turnout, particularly among those with the most trouble accessing the vote (ie, minorities, poor, and low income workers).

    Which is precisely why they'll fight it in every other state.

    --
    The guy who said the election was rigged won the presidency with the second-most votes.