Will Internet Voting Endanger The Secret Ballot?

MIT recently identified the states "at the greatest risk of having their voting process hacked". but added this week that "Maintaining the secrecy of ballots returned via the Internet is 'technologically impossible'..." Long-time Slashdot reader Presto Vivace quotes their article: That's according to a new report from Verified Voting, a group that advocates for transparency and accuracy in elections. A cornerstone of democracy, the secret ballot guards against voter coercion. But "because of current technical challenges and the unique challenge of running public elections, it is impossible to maintain the separation of voters' identities from their votes when Internet voting is used," concludes the report, which was written in collaboration with the Electronic Privacy Information Center and the anticorruption advocacy group Common Cause.
32 states are already offering some form of online voting, apparently prompting the creation of Verified Voting's new site, SecretBallotAtRisk.org.

Intent

The intent of online voting is two-fold: Allow creation of votes, and correction of incorrect votes. Everything else is smoke and mirrors. The best ballot is one where a physical chain of custody *is* preserved from printing through archival.

Re:Intent

[rickb928]

"incorrect votes".

That's almost funny. And pathetic.

Re:Intent

[davester666]

A lot of very knowledgeable people are saying that any vote for someone other than Trump is an "incorrect vote" and a sign of a rigged election.

Re: Will Internet Voting Endanger The Secret Ballo

Yes.

Computer based voting of any kind is a bad idea.

https://www.youtube.com/watch?v=w3_0x6oaDmI

ARE there any other questions?

A stupid idea made even worse

[treczoks]

Electronic voting is one of the most stupid ideas that politicians have croaked up so far. And that means a lot, even after gerrymandering, lobbyism, and two-party-systems.

Electronic voting is basically outright stupid. You cannot control if your vote was really counted, or if it was counted for the correct party or candidate. Votes can be manipulated by inside jobs or hacking, and with a political voting result being a very profitable target, and the voting machines safety and security record far from being unblemished, voting fraud is a very interesting goal for many, not only political, parties.

The problem is that electronic voting cannot fulfill the legal and philosophical demands for a democratic voting. This is not a failure of the planners, programmers, or hardware developers, this is system inherent, as many aspects cannot be implemented correctly without invalidating other important aspects of the same.

Now there is this totally broken idea and they want make it available online, opening the doors to fraud and abuse even wider.

Re:A stupid idea made even worse

How do you confirm your vote was really counted or counted correctly in a paper system?

You volunteer as a poll worker.
Or, be part of an organization that supplies poll workers and monitors to protect their interests, which BTW is how it's done almost everywhere in the USA that has paper ballots.

Re:A stupid idea made even worse

[rickb928]

I've been a poll worker. It's not always effective.

Re:A stupid idea made even worse

[zippthorne]

You cannot control if your vote...was counted for the correct party or candidate

Oh, rest assured your vote would be counted for the "correct" party.

Re:A stupid idea made even worse

[amiga3D]

It can be done with a paper system. A rigged paper system is labor intensive and thus harder to handle. Usually large voter fraud in a paper system gets outed sooner or later. They're just now uncovering a lot of vote fraud from the 2008 election by going back and verifying signatures. People are getting charged and going to jail.

Re:A stupid idea made even worse

[rickb928]

And you have no idea what happens at the polls. When no one acknowledges your complaint, when your written challenges are 'lost', when the lawyer you report to is refused access, you do what?

Oh yeah, before the internet you tell the local papers, the ones that also support the opposition...

Re:A stupid idea made even worse

[pcause]

As tech people we tend to focus on the serious technical issues with electronic voting (OPM hack anyone???) when there is a bigger and real world issue - undue influence. When you go to the voting booth no one knows how you really voted. But if there is electronic voting, your boss or your union can set up a bank of systems and "encourage" employees to vote with official watching what they do. Do you want you boss / union boss watching over your shoulder? The real pressure and peer pressure are not to be discounted and is one of the reasons for the voting booths we have today. Political corruptions is easier when the voting process can be corrupted and this makes buying votes pretty easy.

Re:A stupid idea made even worse

[AmiMoJo]

They want it because it allows them to rig elections. Look at the current Republican effort to introduce voter registration everywhere, because they know that people who vote Democrat are more likely to be denied a vote when registration is required.

The technology isn't the issue, it's just another way to make it harder for the "wrong" people to vote.

Re:A stupid idea made even worse

[presidenteloco]

And an employee can surreptitiously video the vote corruption, and, if laws were set up effectively, get the company or union boss sent to jail for 10 years for tampering with a national/state election.

Re:"Technologically impossible?"

[turbidostato]

"we'll probably figure out how create a system that uses authenticated electronic ledgers to prevent fraudulent tampering (blockchains, etc) while still preserving anonymity."

We'll probably not.

Authentication means "undoubfully identifying something's author (or owner)". Anonymity means "impossibility to identify something's author (or owner)".

See the problem?

I'm with you about distrusting "any blanket assertion", but in this case is an obvious logical impossibility, not even physical impossibility (i.e.: a perpetual motion device)

Now, remember this whenever somebody comes to sell you a "trustable e-voting system": it's even less credible than a guy trying to sell you a perpetual motion device.

You are missing the point

[Cigaes]

You are completely missing the point. All the cryptography and the blockchains and the secure protocols in the world can not detect if someone is standing behind the computer with a wad of cash (vote buying) or brass knuckles (coercion) and checking that you are voting right.

One of the core features of the secret ballot is the voting booth, where the voter is alone to do the final choice, with official oversight.

Of course, the privacy of the voting booth is not perfect, it is weakened by all sorts of features, from absentee voting to tolerating children in the booth with their parent. But it is still the norm for most voters and is way more solid than a situation where the norm would be to vote from home.

Re:You are missing the point

[arth1]

You are completely missing the point. All the cryptography and the blockchains and the secure protocols in the world can not detect if someone is standing behind the computer with a wad of cash (vote buying) or brass knuckles (coercion) and checking that you are voting right.

Indeed. Internet voting is in reality giving spousal abusers a double vote.

Re:You are missing the point

[C0R1D4N]

How about instead we just have voting booth machines available at every Town Hall/Police Station, go in, put in your information (or scan your driver's license for it to be quicker) it uses facial recognition like the new automated passport machines, and leave it open for an entire month. So anyone can go vote the 30 days up to the election and the results are tallied that night.

For those who think the "voter ID" requirements are prejudiced against poor people, just make state non-driving license IDs free. Problem solved.

Re:You are missing the point

You are completely missing the point. All the cryptography and the blockchains and the secure protocols in the world can not detect if someone is standing behind the computer with a wad of cash (vote buying) or brass knuckles (coercion) and checking that you are voting right.

There's a simple solution for that: You can vote as many times as you want, but only your most recent vote counts. Unless you want to stand behind me with those brass knuckles for literally every moment of the election, you'll never be sure I didn't just wipe out the vote you made me cast.

Re:You are missing the point

[Mandrel]

There's a simple solution for that: You can vote as many times as you want, but only your most recent vote counts.

Vote buyers would insist on the votes being cast just before the polls close, though that does create a manpower bottleneck if you want to buy lots of votes, unless they keep a watch on all their sellers via video link.

Re: You are missing the point

[tomhath]

Unattended voting booths have two major problems, fraud and failure.

Attended voting booths do nothing to stop fraud. Democrats have blocked every law that requires a person have some form of identification at the polling place. They also point out the the level of fraud detected is very low. Ever stop to wonder why they don't want a process which would detect fraud?

Re:You are missing the point

[Mandrel]

A solution would be to allow multiple votes, that all appear to go through, but to allow a vote to be sent as unalterable.

You still have the problem of most people not being good liars.

Re:You are missing the point

[Cigaes]

Indeed. I should have been more explicit in my message: the wad of cash and the brass knuckles were colorful examples, but the real threat comes from peer pressure within the family, even more so because it is most often implicit.

(There is a scene in an Astérix comic book: the village must vote between its current (male) chief and a woman; the Druid explains the secret ballot procedure, the woman candidate proposes a show of hand, and then a show of hand to decide if the actual vote will be by a show of hand; all the women raise their hand for the show of hand, and when the men want to raise theirs for the secret ballot, a dark look from their wives stops them. It loses a lot of its funny if you think about the actual reality of domestic abuse that is being parodied and that usually goes the other way around, but I think it illustrate how important and tricky the secret ballot is.)

Re:You are missing the point

And it will just flip the problem around, solving nothing. An abusive husband or wife (or any other vote coercer) would then police the voter when the polls open and force the voter to send the vote they want to see as unalterable. If you think about it, that makes it even easier for the coercer.

Re: You are missing the point

Attended voting booths do nothing to stop fraud. Democrats have blocked every law that requires a person have some form of identification at the polling place.

Not at all, they've challenged laws that were deliberately and purposefully engineered to restrict the electorate and cause harm to many voters.

This doesn't stop every law, just those that are poorly conceived.

They also point out the the level of fraud detected is very low. Ever stop to wonder why they don't want a process which would detect fraud?

Have you ever stopped to wonder why Republicans are so insistent that there is fraud, yet never bother to invalidate their own elections?

I mean really, they're the ones who are claiming that we can't trust the election system, yet they're in office, so thus why are we trusting them to decide the laws for the people?

Re:You are missing the point

[rickb928]

Are you paying attention? 'Voter ID' laws are being challenged constantly by one party, implemented and defended by another. That's not on the table.

Re:You are missing the point

[rickb928]

People have a hard time voting once, allegedly, which is why open voting was proposed. Not fixing anything.

Re:You are missing the point

[rickb928]

You underestimate the dark side.

Re:You are missing the point

On top of that it isn't sufficient to have the traditional voting booths and give the alternative of an internet vote since the abused then can be forced to use the internet vote.
The anonymity needs to be forced upon the voter.

Re:You are missing the point

Unless you want to stand behind me with those brass knuckles for literally every moment of the election, you'll never be sure I didn't just wipe out the vote you made me cast.

I won't need to, I can just show up a few minutes and force you to cast a new vote.
If I want to force multiple people to vote my way then.. well, if I can coerce you into voting then I should have no problem holding on to your phone and your modem until the voting closes.
Either that or force you to show up at my place some hour before the voting closes and have you vote from my computer. You can't go home until to voting closes.
In the case of a single family member deciding what the others should vote for it is less of an issue since he/she can just force everyone to cast a new vote some minute before the election closes.

Look, Italy had a system where everyone was handed a blank ballot at the voting booth and would vote in secrecy.
The way the mafia handled it was that they gave the voter a ballot filled out with the right vote and then had them give back the blank ballot on their way home.
To game the mafia you would have to commit voting fraud and create a fake ballot yourself.

The system that is in place allows for the voter to bring any number of ballots, pre-filled or blank into the voting booth where you put them in an envelope that hides your vote.
An envelope containing more than one ballot will be invalid.
Any indicator or drawing on the ballot except for the vote will also make the ballot invalid. This is to make sure that not even someone involved in counting the vote would be able to know what you voted for.

All those details may seem unimportant but they all have their reasons.
You don't just throw out a system that have been in use for centuries for shiny new technology without considering why those details are in place.

Re: You are missing the point

[rickb928]

Beat voters. Intimidate them. Threaten them and their families, their jobs, their friends.

The dark side often wears long black coats. The photos of them in 2008 failed to elicit much outrage. You've seen photos.

Re:You are missing the point

[fgouget]

How about instead we just have voting booth machines available at every Town Hall/Police Station, go in, put in your information (or scan your driver's license for it to be quicker) it uses facial recognition like the new automated passport machines, and leave it open for an entire month. So anyone can go vote the 30 days up to the election and the results are tallied that night.

Either these voting booth machines are entirely automated, which seems to be implied, and then it means the machine has both your vote and your id, meaning it violates the anonymity requirement; or you need to have not one but multiple clerks and party representatives manning the booth to ensure no one person can rig things, for a whole month which is going to be very expensive.
Either way the voting machine will need to be guarded day and night to ensure no one tampers with it, again by multiple individuals, again paid for a whole month, again very expensive.

Re:You are missing the point

[The-Ixian]

Yeah, it used to be that I could go in to any DMV location on Saturday.

Now, I have to take time off of work if I need to do anything that requires the DMV since almost all locations are closed on Saturday now.

Also, the hours are exactly the 9-5 business hours that I also happen to work myself.

If it is about money, why not close the DMV for a few hours in the morning and/or afternoon every day and stay open later? Or how about closing the DMV on Wednesdays in favor of keeping it open Saturday?

Wouldn't the point be to serve the most customers as possible?

Re:You are missing the point

[The-Ixian]

So just use bank ATMs that are located in already secured bank lobbies. Use law enforcement personnel or security guards to monitor the ATM's during business hours (I already see LEOs in bank lobbies as it is). Use card access doors (valid ID or bank card will open) and surveillance video after hours.

Yes, this de-annonymizes your vote.

I get that this can be a problem. But I don't think it is unsurmountable. I am sure we can get there if we really tried.

I think it is a worthy goal to allow everyone a say.

Re:You are missing the point

[The-Ixian]

Or for someone who works a job where they cannot really get time off.

All the DMVs in my area stopped servicing people on the weekend and cut their hours to less than banker's hours.

Re:You are missing the point

[The-Ixian]

I don't understand how this coercive vote you are so concerned about can't happen with a paper ballot?

An abuser is going to abuse. He doesn't need a reason.

The fact that the ballot is "secret" now just means that she can't prove it to her abuser (can't prove a negative), which will then call forth a beating for her lying to him....

Re: You are missing the point

[david_thornley]

The amount of voter fraud that could be stopped with voter IDs is negligible. For an ID to make a difference, someone has to walk into a polling place and commit a felony for each additional vote cast, with a chance each time that someone will know who the fraudster is impersonating and recognize the fraud. It's a really inefficient method to rig an election.

In the meantime, every voter ID law proposed in the US that I've actually looked at would have made it more difficult for certain people, who mostly lean Democrat, to vote. That, along with selective processing of absentee ballots, manipulating voter lists, and simply making it difficult to vote in the poorer sections of town, is a much more effective way to rig an election.

Re:You are missing the point

[fgouget]

So just use bank ATMs that are located in already secured bank lobbies.

Thus directly giving control of the elections to private companies and reducing citizen oversight to exactly zero.

Yes, this de-anonymizes your vote. ... I think it is a worthy goal to allow everyone a say.

De-anonymizing votes is the opposite of allowing everyone a say (because it enables community / employer / peer pressure). Not in theory, in practice, as shown by Chile's transition from open to secret ballots. Plus Internet (or ATM in your version) voting has nothing with ensuring anyone has a say. Finally, there's no point ensuring everyone has a say if you first made it trivial for anyone in the world to hack elections on a large scale.

Re:Blockchain technology

[turbidostato]

"If a vote is represented by a crytocurrency wallet balance"

Then you can always use a 2$ wrench to gain access to the wallet's content by brute force on the owner.

"and votes are randomly distributed to voters via paper wallets"

Which -so I hope, are destroyed after the owner deposits his or her ballot, then it is not an electronic voting system.

Re:"Technologically impossible?"

In paper ballots everyone with elementary education can participate in voting process and is able to verify part that they participate. No math-heavy based system has this property.

We already solved this problem

[MobyDisk]

I thought the sectet ballot problem was the same thing as the "digital cash" problem or the "blind signature" problem, both of which are solved. It basically involves storing a hash or digital signature of the vote along with the vote. That way no one who does not have a voter ID can vote, and the voter can verify their vote was cast, but no one can determine how they voted. This was solved around 2000, and often discussed on Slashdot at the time.

Re:We already solved this problem

The basic problem is that it doesn't matter how well you think through the cryptography of the voting process, how well you ensure that the votes are stored anonymously, how well you prevent people from voting twice while still making it possible to verify the result, how well you verify that the voting software hasn't been tampered with, because you cannot tell if someone with a cash incentive or wrench is looking over the shoulder of the voter to verify if the voter is casting the ‘right’ vote.
No technology can ever solve this problem, unless you want to have the government install cameras in every room in every house, so we need to create special places where we can verify that people are alone with their thoughts and ballot, free from coercion. Those are called voting booths. They're commonly taken for granted because they're just there, part of the background, when you vote, going as unnoticed as the pavement over which you walked to the voting station, but they're playing a crucial role in our democracy and may very well be one of the most important inventions of our time.

Re:Pah

This is actually a good point. Ensuring the correct party and people get into position of power is paramount to the functioning of a nation. The best solution would be to do away with elections because we in this day and age we can't afford to have officials beholden to the whims of public opinion. We need a independent, technocratic elite free of all influences of mob mindset, and with minimum terms to be measured in a decade at least. Seriously, we cannot have policies risking changing every 4 years or stupid decisions undoing decades of effort (see Brexit). The role of the populace is to fuel the state machine, not to make decisions.

Well not really

[Sax+Russell+5449D29A]

I guess they haven't heard of smartcards and public key cryptography. Heck, this would even let voters check and verify the integrity of their past votes without anybody else being able to see them.

Re: Will Internet Voting Endanger The Secret Ballo

[known_coward_69]

yes it will stupid. read up on Tammany Hall in NYC in the 1800's. people were marched to voting booths, overseers made sure they voted for the right people and then they were given gifts. same here. low paid people will be hired or voters will simply have to provide screenshots of their votes to receive prizes

Re: Will Internet Voting Endanger The Secret Ballo

[AK+Marc]

For the first 100 or so years, voting in the US was open ballot. The only reason it changed was because there was a civil war. Corruption and vote fraud was much less with an open ballot, and so long as you aren't in a situation with armed insurrection, is clearly superior to the secret ballot.

Once we go back to open ballots, fraud will drop, and online voting fraud will become irrelevant as well.

As if current voting systems

[Puppet+Master]

are secret anyway. I had to show them my voter registration card, my picture ID, and from that, they entered something into a computer which spit out a 4 digit number. Then that 4 digit number is used on the voting machines. So they already know that my ID is tied to that number and that number is tied to my votes. There's no secrecy any more.

Re:As if current voting systems

[CanadianMacFan]

I show the person my registration card and some ID. They cross my name off a printed list of eligible voters and hand me my paper ballot. I then go behind a screen to make my selections, fold the ballot up, and then drop it into a box with all of the others. The system works in Canada and in many other places in the world.

Why do some people have to make it so difficult?

Re: As if current voting systems

[riverat1]

In my state (Oregon, vote by mail) I fill in a paper ballot, place it in a secrecy envelope and sign the outside of the envelope. Once they validate my signature by comparing it with the signature on my registration they remove the ballot from the secrecy envelope and put it in the pile of other validated ballots. At that point there is no way to tie a vote back to an individual.

I can also verify that my vote was accepted for counting by checking online with the Secretary of State's office. If there is a problem I may have a chance to fix it depending on timing. All in all I'm confident that my ballot is secret and that it is being counted.

Re:As if current voting systems

are secret anyway. I had to show them my voter registration card, my picture ID, and from that, they entered something into a computer which spit out a 4 digit number. Then that 4 digit number is used on the voting machines. So they already know that my ID is tied to that number and that number is tied to my votes.

There's no secrecy any more.

I want to reassure you that your identity is almost certainly NOT tied to that number, if you vote in the U.S. That might be the Hart Intercivic eSlate system. If you need a voter ID, maybe you're voting in Texas.

Anyway, on that system and others in the U.S., those numbers are *not* tied to the identity of the voter. On the eSlate system, the number is assigned by a controller that does not have access to the voter's identity. It generates a new number whenever its button is pushed, which is distributed to the voting machines and printed on a ticket for the voter, so he or she can enter it into the machine when they vote.

Re: As if current voting systems

[fgouget]

I can also verify that my vote was accepted for counting by checking online with the Secretary of State's office. If there is a problem I may have a chance to fix it depending on timing. All in all I'm confident that my ballot is secret and that it is being counted.

All you really know is that your vote has been received. They may have thrown it straight into the trash though. That you're confident it is secret and being counted just shows you're of a trusting nature and optimistic.

Re:As if current voting systems

[fgouget]

I want to reassure you that your identity is *ALMOST* certainly not tied to that number, if you vote in the U.S.

There, fixed that for you. You did not verify the code and hardware actually being used after all, right? (reminder: source code does no count for obvious reasons)

Re: As if current voting systems

[AmiMoJo]

I wish people would stop using signatures for ID verification. I have arthritis, I can't reproduce my signature accurately over the long term. It was a real pain with credit cards until they moved to Chip & PIN. Signatures are also rather easy to forge.

Re:As if current voting systems

[dryeo]

Did you vote in the last Federal election? While every other Federal and Provincial election has been much as you described, last was different here.
Never did get voter registration cards, also no Elections Canada people with lists trying to make sure everyone is registered (could use the list to double check registration) as the government stopped Elections Canada encouraging people to register.
Checked online, both myself and wife came up as registered with the correct names. My wife mostly uses her maiden name, her ID is in her maiden name and doesn't have an address, the hydro bill is in her maiden name so she brings that along with her ID. Get to the polling station and it turns out she's registered under my last name with no ID in that name besides our marriage license, spent 2 hours with poll workers on the phone to Ottawa trying to straighten it out, eventually she got to vote. Lucky the polling place wasn't busy.
My son didn't have good enough ID so never voted. Provincial ID is $75 here and the place to get it is 40 miles to the east with no bus service (yay for austerity). He wasn't interested enough to find a way to get ID and I didn't have time to take of of work to take him to get ID. Another 19yr old disenfranchised.
There were other numerous problems caused by the need to have an address on your ID. People who live places without addresses, people such as university students whose ID had their home address instead of their temporary university address to name a few.

Re:As if current voting systems

[Puppet+Master]

I do live in Texas and here's how the last several elections have been laid out. Go to the court house, there is a table with 3 elderly ladies sitting behind it. I go to the first lady and show her your voter registration and she asks for your ID. I show her my ID and she asks "Republican or Democrat?" (Why that makes a difference I don't know), but I tell her Democrat (I think once I actually asked why that mattered), and she takes one of 2 little rubber stamps that either says R or D on it. And marks that next to my name and address in a big book. This shows that I have come to vote. Then she hands my ID to the next lady and also marks a "voted" on my voter registration card and hands it back to me. The 2nd lady writes down my name in a sign-in roster and asks me to sign my name. I do that and she hands my ID to the 3rd lady who looks at it, enters some information onto a machine which spits out this little piece of paper with a 4 digit number on it. She hands that piece of paper back to me along with my ID. Now all 3 ladies have viewed my ID and the 3rd lady has tied my ID to a 4 digit number. Maybe it's not tied together, but I find it very odd that she used my ID to enter something from it, and that generated the 4 digit code. I then take the 4 digit code to the voting machine and enter it. It pulls up the ballot and I put in my votes. Then I review the votes and finally cast my ballot. That's how it works where I live in Texas. In my eyes, that's not secret. That 4 digit code is tied to my votes, which is tied to my ID.

Re:"Technologically impossible?"

[known_coward_69]

your crypto don't mean shit when you can require voters to assemble at a pre-determined place to be watched how they vote to make sure they voted for the right guy and using other phones to take photos of screenshots

I gotta ask

[93+Escort+Wagon]

Why doesn't anyone trot out Betteridge's Law of Headlines when questions like this come up?

What if we don't care?

[Vegan+Cyclist]

How about electronic voting, with the caveat 'we can trace your vote'? I don't care who knows how I vote, I'm pretty vocal about it. For those of us that appreciate the convenience, why not make that the option? And for those who want more privacy (which is questionable in a lot of instances anyway), they can go to a booth. Win-win? (And in some ways I prefer the accountability. If I can see that my vote is actually counted, I feel better than doing it in person where it really could disappear..)

Re:What if we don't care?

[CanadianMacFan]

What about people who live or work in areas in which voting for the wrong person could have consequences? Someone working at a coal mine who wants to vote Democrat? A person with an abusive spouse who doesn't want to vote they way they were told to? Just because you are comfortable telling people who you vote for not everyone else has such luxury.

Re:What if we don't care?

[apoc.famine]

That was my instant thought. Amazon sets up warehouse voting areas where employees can vote under supervision "if they want to". Those that don't want to might not have jobs after the election. Every at-will state could work like this if the option to choose not to vote in secret existed.
 
I'm even in favor of getting rid of absentee voting for this reason. Lets have the polls open for 2-3 weeks, and offer rides a few of the days instead of mailing ballots back and forth. If you can't make it to an authorized polling place*, you don't get to vote.
 
*And I think we could come up with a system to authorize embassies and military bases to hold elections. A little trickier, but doable.

Re:What if we don't care?

[r0kk3rz]

What about people who live or work in areas in which voting for the wrong person could have consequences? Someone working at a coal mine who wants to vote Democrat? A person with an abusive spouse who doesn't want to vote they way they were told to? Just because you are comfortable telling people who you vote for not everyone else has such luxury.

Voter coercion is a really bad way to rig an election though. Sure it sucks for the individual involved but it would have to be done on a mass scale to have any effect on the outcome for any major election. Lets take the Brexit vote in the UK as an example, the Leave side had a margin of around 1M votes, so if you wanted to rig this so that the result changed, you'd at minimum need to coerce 1M people or more likely 2M people to ensure the result you want. Keeping a lid on 2M people and making sure nobody talks is a rather significant consipiracy

Whilst keeping the process free and secure for the individual is important, I can't help but think in the grand scheme of things simply making voter coercion and vote buying illegal is enough to squash the most egregious examples from happening.

Re:What if we don't care?

[fgouget]

I'm even in favor of getting rid of absentee voting for this reason. Lets have the polls open for 2-3 weeks, and offer rides a few of the days instead of mailing ballots back and forth. If you can't make it to an authorized polling place*, you don't get to vote.

You could start by having elections on a Sunday instead of having them on a day where almost no one has time to go and wait in line.

Re:What if we don't care?

[CanadianMacFan]

It's not just protecting the results it's also about protecting your right to vote. If you can't vote for who you want to then you have lost your right.

Most elections don't work like the Brexit referendum so that isn't the best example. In the last federal election when many people wanted the Conservative Party out of power a group formed trying to get people to pledge not to vote for them and vote for the person most likely to beat the Conservative person running in their riding. This group (I forget the name) didn't do this in every riding across the country. There are some ridings that have almost always stuck with a certain party. So they used polling data to find out which ridings had the closest races and concentrated on those by running ads, putting up flyers, door to door, phone calls, etc.

Then not every election is a national one. A small one industry town could be holding their local elections and the company could want the employees to vote for a particular candidate. Or the union could. Imagine if how you voted was in the public. You might not get that raise or promotion, crap jobs might start coming your way, or they just might find a reason to fire you.

My point was that not everyone had the luxury of being able to tell the world how they voted. An employer may not come out and say that you will be fired if you don't vote for someone but if you work in a completely terrible place and posters saying "Vote for Mary" start appearing you are probably going to get the hint.

Re:What if we don't care?

[r0kk3rz]

Most countries have anti-discrimination laws which could be used to guard against firing someone on the basis of political afilliation, at least in Australia we have a culture of respecting each others choice when it comes to politics and I've never heard of a company taking a stance on which party their employees should be voting for.

I don't see a need for one size fits all election process, some types of election might benefit more from being electronic than others. In particular it would be great if my home country national elections were electronic simply because it takes quite a long time to count all the votes, and do a nondeterministic number of recounts thanks to the wonders of ranked choice voting and crazy senate ballots in some states (I got to number candidates from 1-52 in my recent senate election).

For national elections I would be happy with pseudonymous elections, have the results on a public blockchain which everyone can verify the overall outcome and be given a code to check that their vote was unaltered and as they wished. People can destroy the code if they want it kept secret, even immedately if they trust the system.

However, if you're happy with your electoral process, and theres no issues with it then why ruin a good thing?

Re:What if we don't care?

[Vegan+Cyclist]

Well, that's why I said have both. There's online for those of us who don't care, and continue having booths for those who do care or have other concerns.. My point is: I don't see why it has to be binary. (And I'm not saying 'expose who everyone votes for online', just that if there's a chance an online vote can be traced, that caveat ought to be up-front and central, and that's a risk you know when you vote online, but for many, it's a good option as well.)

Re: Will Internet Voting Endanger The Secret Ballo

[Skewray]

There are provably secure cyptographic methods to ensure that no one can figure out who you voted for, and that you can check, after the election, that your vote was counted appropriately. These systems even include a method for providing a faked screenshot to be sold to vote buyers. The fact that almost no one uses these systems is the real problem.

Joseph Stalin once said

[melted]

"It is enough that the people know there was an election. The people who cast the votes decide nothing. The people who count the votes decide everything." Internet voting would basically remove the last remaining perception of legitimacy from any of this "democracy" farce that we have in this country. If government counts the votes, government will make sure the "right" candidate wins every time.

Re:Joseph Stalin once said

[melted]

Yes, but there are humans in the loop, some of which may disagree with vote rigging. Electronic voting is about removing humans from the loop. Once you're done with that, you can run elections with very predictable outcomes.

Re:"Technologically impossible?"

[Mr+D+from+63]

Secure voting is only part of the problem with internet voting. The only practical way to ensure a person does not have someone physically looking over their shoulder when voting is to have designated voting centers with private one person booths.

Secret online ballots with random code selection

[Mandrel]

One way to do a secret online ballot would be to have each voter attend a place of registration, where their identity is checked before they get to choose one unique voting card from among thousands. Each card contains online voting codes, which could be used for dozens of ballots.

The main problem with this is that it makes vote-selling easier than it is with physical poll attendance.

Remote secret ballots that prevent vote-selling may be impossible, because if you have to verify your identity remotely, there's always the possibility of shenanigans that link this to your subsequent vote, no matter how much the authorities say they are separated.

Re:Pah

Open ballots are inherently fraudulent. They exist for the sole purpose of empowering the ruling party to direct violent retaliation against those who voted against them at their whim.

Is it such a bad thing?

[Kremmy]

It says that blind ballots guard against voter coercion, but that's not true in the least. What's the one going around these days, vote for Clinton so we don't get Trump, if you vote for Stein or Johnson you're voting for Trump? That's blatant, widespread, constant voter coercion.

At this point I feel like we would be better off making the vote completely transparent. The blind vote isn't helping anyone but the people who would want to rig elections, since there is no way to publicly vet the voting process with it in place.

Re:Is it such a bad thing?

[david_thornley]

Telling you to vote for Clinton isn't coercion with a secret ballot. You can make the decision at the spot, and if you prefer to vote for one of the other candidates at that time, you can do so. Telling you to vote for Clinton in a verifiable way accompanied by a threat or reward is.

The way to vet the voting process is by using paper ballots. They're easy to understand, so nobody has to take it on faith that the electronics are fair and not tampered with. They can be monitored by observers. They can be re-examined if necessary.

Re:Is it such a bad thing?

[Kremmy]

But everybody has to take faith that the observers are fair and not tampered with. I can use my county government website to verify whether my ballot has been received and counted, but that is the extent of information that it will return to me. I cannot verify that my counted vote was counted properly, that my vote went toward my chosen candidate or my votes on measures were appropriately recorded.
I would support removing the blinders entirely, creating an open record of the vote, allowing anyone to verify the counts.
Granted, this is easier said than done. There are privacy implications, as scrubbing the data of personal information would inhibit independent verification. There are people who would refuse to vote if their vote was on public record. John Q Public might not want his family to know that he votes differently than the household slant, but perhaps openly recording who we vote for would allow us to move beyond some of the reasons why that might be.

Re:Is it such a bad thing?

[Kremmy]

Yes, given the attitudes thrown around about it.
There is a serious coercive element to the structure holding up the two party system.
It's something called intimidation: the action of intimidating someone, or the state of being intimidated.
intimidate
verb
frighten or overawe (someone), especially in order to make them do what one wants.

Yup. We're being coerced.

Re:Is it such a bad thing?

[cwsumner]

That's psy-war, but it is not coercion.

Re: Will Internet Voting Endanger The Secret Ballo

[Lordpidey]

Really? Noone can figure out who you voted for and you can ensure your vote was counted properly? I thought it was one or the other.

Care to point me in the right direction?

precisely - it's the diffuse one person booth

The modern system using one person voting booths distributed around with the ability to have outside supervision that people are really voting by themselves works quite well.

Likewise, marking a paper ballot and using electronic counting gets "auditability of results" and "rapid tally" - a recount is possible if there are questions, but the tallies can be electronically (and vulnerably) done quickly.

The remaining flaw is "access by disabled persons" - if you're blind, it's tough to mark a ballot with a pen - historically, in California, a sworn poll worker would assist the voter who could not get into the polling place, or help a blind person mark the ballot. That's compromisable, clearly, but not surreptitiously on a mass scale - you'd have to suborn hundreds or thousands of poll workers to have a significant effect.

Re:"Technologically impossible?"

[craigm4980]

"we'll probably figure out how create a system that uses authenticated electronic ledgers to prevent fraudulent tampering (blockchains, etc) while still preserving anonymity."

We'll probably not.

This is not impossible. In fact it is a solved problem. Blind Signatures can be used to do this. I actually designed and mostly implemented such a system: Source and docs here. I also was not the first to do this (David Chaum deserves far more credit than I do: his contributions to cryptography have enabled so many amazing things including my little experiment) .

That system lets everyone vote exactly once, maintains secret ballot, and gives voters the tools to confirm their vote was counted, and if not they can cryptographically prove it to the media or any auditors available.

However it also makes buying and selling of votes very robust and easy. Without an isolated voting booth, there really isn't any hope of making it impractical to sell your vote, or force people to vote particular ways. This is as important as the secret ballot: both are requirements for our electoral systems.

I have designed electoral systems, that use a voter booth, paper records, and some cryptographic verifiability that are resistant to coercion and vote selling/buying which makes me think there may be room improvement in this area. However paper ballots and voting booths are pretty close to ideal: The simple paper system is also easier for people to trust and verify, which is very important for elections.

Re:The Robinson Method...

Summary of the method: people vote by putting coins in boxes.
I can see a few disadvantages. For starters, it won't work for the vast majority of elections. Elections with only a few candidates are really rare, in most countries, and even for most local governments, people can choose between dozens or even hundreds of candidates. The Robinson method doesn't scale well to these scenarios. Then there's the already mentioned problem that write-ins are no longer private. And I also don't really fancy leaving voters alone with the entire voting record so far without supervision.
Where I live we vote by unfolding the ballot, marking an option, folding the ballot closed again, leaving the booth and dropping the ballot in the box under supervision of a multi-party committee and under full public view. I like this system better than the Robinson Method, because it scales well and it ensures privacy while still allowing the ballot box to be supervised, both by the committee and by the general public, at all times.

The subtleties can kill seemingly perfect voting.

[EmperorOfCanada]

Setting aside all the clear fraud, tampering, etc. There is also the possibility of fraud within the household. I can name piles of cultures where the man rules the house; full stop. Immigrants from these countries tend to congregate in communities in many countries. Thus the "man" of the house will do all the voting; can we guess where his voting will lay on the spectrum of women's rights, investigations into honour killings, curtailing of an oppressive religion, etc?

So in addition to all the wonderful possibilities for fraud and rigged elections, there is the simple disenfranchisement of entire groups.

Then we have bully voting. Quite simply an enforcer for some minor gang might show up at an apartment block and tell everyone that they vote in front of him and his men.

The above voting irregularities might not seem like much, except that so many elections are won by a percent or less. In the case of a local councillor or alderman a few hundred votes could easily flip the result of an election.

In a nation with a problem culture like one of the above. This could easily swing an election.

Re:"Technologically impossible?"

[ewibble]

The only way you can prevent fraud is allow people to check what they voted for is what they voted for. If you write down your vote on a piece of paper you know what you have written doesn't get changed behind your back, you can't do that with electronic voting.

If you allow people to check then you can always force them to check who they voted for in front of you. Maybe you have multiple passwords, each resulting in a different checked result, only the person knows which one is correct. However in this scenario if someone lies and says an election is fraudulent how would you prove it.

That being the case, I am not sure how completely anonymous paper voting will be in the future with facial recognition, and reading ticks, what is stopping someone putting a small camera watching you vote.

Re: Pah

[riverat1]

Welcome to the Borg. You will be assimilated.

Re: Will Internet Voting Endanger The Secret Ball

[Archfeld]

Use a gift card and mail to a PO box service that is engaged under a pseudonym and paid for in cash. Gift cards can be purchased at most grocery outlets, again for cash and anonymously. If you are REALLY paranoid use a VM'd OS that you subsequently wipe on your local library Wi-Fi, or at McDonald's or even Starbucks. For the extreme tinfoil helmet, you can buy for cash a very cheap used laptop that you can dispose of AFTER the transaction, preferably in pieces in several different trash bins behind local grocery stores.

Missing the forest for the trees

[matthol]

The current systems are inferior in every respect to a relatively simple system based on credit cards with smart chips associated with a voter registration. Anonymity is hardly preserved when doing absentee voting which is widespread. And worse, you can't really verify your vote, unlike an online system. Denial of service is much more likely under the current systems than if we could go online with a credit card to vote and then verify it just like an order on Amazon and like current absentee voting we could vote over a month rather than a few hours. It's trivial to have separate organizations store the database which associates credit card number to voteid number vs. voteid number to vote. Classic separation of duties. Everyone could inexpensively verify their votes. And if there was an issue, they could use an old fashioned in person paper ballot. What about today? Lots of denial of service is entrenched in the system - with inconvenient locations, days of operation, hours. You never know if your vote was really counted and if it was, counted correctly. It takes a long time to count them too. Under the current system, anyone who loses ballots can affect the vote. Anyone who dumps ballots in the bin can never be found out either. You have to ask why there is so much resistance to using modern methods and some pragmatic procedures to just vote online like we order from Amazon. Verifiable, accurate, easy, low cost, hard to hack over a months voting period.

It can be as good as postal voting

[davidwr]

Heck, it can be even better because with postal voting, every mail-carrier can be a man-in-the-middle DOS attacker. "Sorry Mr. Voter, your ballot never arrived, and since the election is over, too bad for you."

At least with online voting you can be assured your unopened ballot actually arrived.

Now, as for all of the OTHER weaknesses of mail-in balloting, including vote-counter fraud, voter-location (spouse/caretaker) fraud, coerced-voting fraud, etc., yes, those are still problems.

Internet voting makes the most sense for people in outer space and others with unreliable or slow paper-mail. It makes some sense for people who can't get to polling places who would use vulnerable vote-by-mail systems anyways. It also makes some sense in states like Oregon which use vote-by-mail exclusively for some elections (but it has the downside risk that it can weaken public support for a return to poll-based voting under the illusion that internet-based voting is as secure as poll-based voting).

Re: Will Internet Voting Endanger The Secret Ballo

[Skewray]

Really? Noone can figure out who you voted for and you can ensure your vote was counted properly? I thought it was one or the other. Care to point me in the right direction?

Most of the voting systems by David Chaum. I assume others' systems as well. All of these systems work by similar methods. One common trick is that if N numbers are XOR'ed together, then any number can only be revealed by again XOR'ing with the other N-1. So your vote can be XOR'ed with something that hides the actual vote, but the combination of the two can be checked from a list. There are other methods as well. I would explain it all, but I am not a cryptographer.

Re: Will Internet Voting Endanger The Secret Ball

[JaredOfEuropa]

Voting is meant to be anonymous; the process should be comprehensible to anyone, and anyone should be able to contribute to assuring that the ballot count is accurate. Paper based voting meets these requirements, and has the important bonus of being pretty resilient to tampering if enough citizens actually step up and help verify the results. The more you want to fraudulently influence a paper based vote, the more people you need to include in your scheme. Electronic voting on the other hand meets none of these requirements: anonymity is not guaranteed, the process is either sensitive to large scale fraud or hardened against fraud using encryption, making it completely intransparent to laymen. And auditing the count can only be done by experts, and even then fraud is pretty easy to miss.

Re: Will Internet Voting Endanger The Secret Ballo

[JaredOfEuropa]

Laymen cannot audit this system, nor is the process of assuring anonymity and an accurate count transparent or comprehensible to laymen. That means they cannot trust this system... which is kind of an important aspect of a ballot.

Re: Will Internet Voting Endanger The Secret Ball

[rickb928]

Amen.

PS: an improperly fitted lock could let the bomber into the building, and *boom*.

Re: Will Internet Voting Endanger The Secret Ballo

[rickb928]

Yeah. Koreans working for a few bucks internet cafes...

You think you can prevent that? With current technology?

All you really have to do is register 500,000 votes in a district with 60,000 registered voters. Invalidate the election. Hilarity ensues.

Re:Pah

[rickb928]

The Electoral College serves a specific purpose. If your intent is to stop serving that purpose, be specific, or at least honest.

But do you know the purpose?

Re:Of Course Not

[rickb928]

You can't win you don't play. Voting may not change things, but not voting assures you of that result.

Re: Will Internet Voting Endanger The Secret Ballo

[GameboyRMH]

I think that countries need to switch to an open ballot because of the conflicts between the secret ballot and hybrid direct/representative democratic systems and electronic voting (which thanks to advances in cryptography becomes more viable every day). However the only reason the US didn't have huge trouble with an open ballot was the decreased motive for vote buying, since all voters in that time were white males - and usually from the upper classes at that (during much of that period, the white males also had to own land and/or pass an "intelligence test" and travel in ways that weren't practical for the working class in order to vote). In short, the country club crowd had no reason to pay or coerce each other to vote the way they all wanted. The fledgling democracy would've been clearly identified as an oligopoly by today's standards.

An open ballot being shoehorned into today's world would cause corruption and vote fraud to skyrocket. A switch to an open ballot system, which again I think is a worthwhile pursuit, will need to be accompanied with very strong technical and legal countermeasures to prevent this.

Re: Will Internet Voting Endanger The Secret Ballo

[GameboyRMH]

s/oligopoly/oligarchy/g

Re:Voing Matters?

[rickb928]

They don't use dollars? Ok.

Re:Pah

[AK+Marc]

And in the first 50 years of the USA, when did that happen? Never? Sorry, reality proves you wrong.

Sure, they don't work in places with armed insurrection, but in more stable countries, they work much much better. Or are you asserting that the USA isn't a stable country?

Re:Pah

[AK+Marc]

Yes, that's what I asked the AC for. A citation of problems with open ballots in the USA. None were provided.

Re:"Technologically impossible?"

[mark-t]

what is stopping someone putting a small camera watching you voteIf I had to guess, probably the reward to risk ratio.

Re: Will Internet Voting Endanger The Secret Ballo

[Skewray]

Laymen cannot audit this system, nor is the process of assuring anonymity and an accurate count transparent or comprehensible to laymen. That means they cannot trust this system... which is kind of an important aspect of a ballot.

In California I make inkspots on a piece of paper, then it is fed into a big machine. I get s sticker that says, "I voted!" Is that better?

Re: Will Internet Voting Endanger The Secret Ballo

[presidenteloco]

Laymen cannot build a modern car or airplane or understand how it works, which means they cannot trust this system...

Same goes for the power grid, and the Internet, and pharmaceuticals.

Sooner or later, we're going to have to trust the concept of trusting a reputation based web of trust. We can't personally understand MOST of the technology that supports our modern lives.

No

[JavaBear]

It's that simple. Just a No.

The moment there is even a possibility for a vote to be monitored and/or identified, you have a broken system.
The moment there is even a possibility for a vote to be tampered with, there is no vote.

Voting hinges on the anonymity of the caster, and the transparency and trust in the process. Electronic voting, either on machines or on the internet gives you neither.

It's been done, though

[ivothamdrup]

No one's mentioned Estonia yet, so here we go: http://www.vvk.ee/voting-metho...: secret ballot over the Internet, separation of voter and vote, vote verification, and last but not least, open-sourced voting software. Researchers have pointed out a few hypothetical attack vectors available to state-level entities (last from 2014) which have been closed ever since, but the bigger problem is actually handling the PR during the elections, in the sense that a malicious person or persons can claim their votes were "hacked", drum up the media coverage, and even though they'll be proved wrong, the integrity of the ongoing elections would still be compromised.

Re:It's been done, though

[Actually,+I+do+RTFA]

The problem is that a person can claim their vote is hacked. Which means they can check if their vote was properly cast. Which means so can their boss/a mobster/abusive spouse/guy buying their vote.

That site says it avoids the issue, so obviously it's not possible to track their vote.

Re:It's been done, though

[ivothamdrup]

Re-vote electronically as many times as you want (each e-vote overriding the previous one) or cast a paper ballot on the election day which overrides the electronic ballot.

Authentication then anonymity

[presidenteloco]

What you're missing, I believe, is that the authentication is required at a certain time, and the anonymity is required at a different, later time. Thus the two can be achieved with a clever enough crypto protocol. The intervening time (casting the ballot: that is, marking the answers, and the transformation of the authenticated right to author those ballot answers into the anonymized record of the ballot answers) can be managed using a secure session.

Re:Authentication then anonymity

[turbidostato]

"What you're missing, I believe, is that the authentication is required at a certain time"

What you are missing, I believe, is that authentication is required at more than one moment in time, for more of one action or good.

You need to authenticate the voter to be who he says to be in order to avoid him voting twice. This you can get with this kind of system. But then you also need to authenticate that whatever that person voted is in fact what he voted. With paper you get this by the voter having the ballot in his full control from the moment the vote is decided (the moment he puts the vote within an envelope) till the moment he puts it in the ballot box and having an in-plain-sight chain of custody from that moment up to the moment the vote is counted. With an e-vote, how do you make sure whatever the voter decided is what got into the storing database without, at the same time, losing the voter's anonymity?

"...and the anonymity is required at a different, later time"

No. Anonymity is required along the full process. There *is* a moment when anonymity is also under risk with physical ballots and it is the period that goes from the voter putting the ballot in an envelope till the moment he puts it in the ballot box, and that's why this is done on a public place.

So, let's recap: on physical vote you gain both anonymity and authentication the Sherlock Holmes' way "Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth." You don't really probe them, you just leave neither place nor time where/when the ballot can be tampered with or its content tied back to its caster. On a purely electronic system, there's no way you can offer neither such impossibility nor a positive proof that it cannot be done, as there's a single party -which is not to be trusted, owning the full process, from cast to storage.

Re:Authentication then anonymity

[presidenteloco]

"With an e-vote, how do you make sure whatever the voter decided is what got into the storing database without, at the same time, losing the voter's anonymity?"

A one-way hash function serving as a checksum for the ballot content combined with the voter identity.

If a person wants to verify that their vote is in the database, they go to a web cafe and enter the hash function that is on their vote receipt and the db reports that it has a ballot-answer-set with that hash.

If this is concerning, because someone might force the person to submit their hash at a specific time and have a collaborator on the inside look at which ballot that is so determine how the person voted, there is another variant of this hash-based verification where all that can be verified is that the vote, as cast, was in fact part of the count. If enough percent of randomly selected voters verify that their vote was counted, via the hash method, the election can statistically be considered sound.
I think Chaum's system includes this capability.

Re:Authentication then anonymity

[turbidostato]

"A one-way hash function serving as a checksum for the ballot content combined with the voter identity."

The government owns both the voting machine and the database storing the results, which means the government can MiM the hash. Which in turn means that it is not enough for the voter to be able to recall the hash, it needs to recover what his result is, to be sure it's what he indeed voted. But once the voter can do that, he can be coerced to vote one way or another.

Re:"Technologically impossible?"

[presidenteloco]

Because it's not possible to bug a voting booth with a hidden micro-camera. Uh huh.

Let me give you this alternative to the ballot booth. Allow people a period of one month to cast their e-ballot.
Someone wishing to peer over that person's shoulder then has to follow them around everywhere they go, or imprison them, for the month.

In the cases where that is happening (for example, extreme marital abuse, modern slavery etc) the subject person has a lot bigger problems than whether they got to vote or not, and if none of their friends, acquaintances, relatives, or social agencies can help them out of their prisoner-life, that is a very sad, and hopefully very exceptional case. But should the existence of such extreme corner cases, abhorrent as they are, stop the overwhelming majority of independent, competent adults from voting in a new manner that is likely to encourage far greater democratic participation?

Re: Assembling people

[presidenteloco]

So first we have to achieve effective freedom from systematic oppression, then we can have Internet voting.

The first one sounds like a pretty good goal anyway. And I think we're a long way along that road in liberal democracies.

What are we, some kind of tin-pot dictatorship with goons running around corralling people? I haven't seen that in my town for a while.

This whole "you will be co-erced into voting on command" thing strikes me as treating the adult population as if we were all helpless children.
I don't buy it.

Re: Assembling people

[Dog-Cow]

You're not well-acquainted with human history, are you? The reason that voting is setup this way is precisely because all those things you poo-poo as not being realistic actually happened. Not in the hyperbolic forms you state, but in effect. Vote buying. Intimidation. These are real problems, and you don't realize it because you've only ever voted while the solutions have been in place.

Re:"Technologically impossible?"

[Mr+D+from+63]

You don't understand coercion. The victim can be coerced into voting by someone else. Imagine an abusive husband, as one example.

Bugging or putting a camera on a voting booth would be a monumentally difficult, risky, and possibly ineffective way to coerce a vote.

Re: Will Internet Voting Endanger The Secret Ballo

[TheRaven64]

Laymen cannot build a modern car or airplane or understand how it works, which means they cannot trust this system...

That's irrelevant. The interests of the people who build the cars are aligned with those of the people who use them, and if that proves not to be the case then there are liability laws that ensure that you can be compensated if your car is not built to spec. In contrast, the interests of small subsets of the population are typically not directly aligned with the rest when choosing a government.

In the UK, our elections run by putting a cross on a piece of paper, which then goes into a box. The boxes are taken to a central location for each constituency and are then counted. If I don't trust the system, then I can watch the box from the time that I cast my vote until it gets to the polling station and can then watch the votes being taken from the box and put into piles and counted. The same is true for almost any member of the electorate. In contrast, with an electronic voting system the number of people who are able to verify it is tiny: I have a PhD in Computer Science and work in computer security and I wouldn't be confident that I could spot hidden manipulation of an electronic election and I doubt that there are more than 100 people in the world who could - if that. Do you trust those 100 people to decide who wins the next election? Remember what Stalin said: it doesn't matter who casts the votes, only who counts them.

Re: Will Internet Voting Endanger The Secret Ball

[amiga3D]

I don't want my vote to be anonymous. The fraud at the ballot box is out of hand in the US, similar to that of many "third world" countries. With the new digital age the opportunities for fraud have been magnified to an incredible degree with the ability to change or eliminate thousands of votes electronically. I think if you want an anonymous vote you should be able to vote on paper and if not then a verifiable digital vote. Leave the option to the voter. I'll vote online only if it's not anonymous. One thing, no fucking chads.

Re:"Technologically impossible?"

[fgouget]

Please explain what steps you have taken in your voting protocol to ensure that, on election day, any voter can verify that the voting software and hardware actually preserves his/her anonymity and prevents cheating. Don't forget to explain why allowing for this verification by any voter on election day does not introduce any opportunity for tampering. Please keep things short, let's say ~1000 words, start from first principles, and limit yourself to concepts understandable by all voters.

Re:Blockchain technology

[fgouget]

If a vote is represented by a cryptocurrency wallet balance, and votes are randomly distributed to voters via paper wallets(no visible unique markings on the outside of the wallets to independently distinguish them from any other), so long as deposit of wallets can be done anonymously(Tor etc.) then this is a highly secure auditable method of electronic voting.

So auditable that a) the state will know exactly how you voted and can send the secret police should you have voted incorrectly, and b) it can even save you the trouble of voting since it knows your wallet id.

Please remember that the whole point of elections is to peacefully overthrow the government in power.

Stand up for what you believe in

[nehumanuscrede]

I would give up anonymous voting if it meant I could trust my vote couldn't be manipulated in secret.
Though I do understand the implications of it as some countries in the past have used such systems to remove potential competition to their own party.

The way I see it, if they're going to cheat to win, may as well make it as difficult and time consuming as possible for them.

A lesson from History:

A quote from Joseph Stalin: "I care not who runs for election. All I care about is who counts the votes."

Isn't that all that really matters to certain people? All they care about is who gets the victory. Whether they actually won isn't the point. In their opinion, too much money (and power) is at stake to leave it to voters. I think that is why the electronic voting machines we presently have were put in. Of course, the reason given was that they would get rid of "hanging chads" and make it fairer, but the real reason was the opposite. And no one is allowed to see how the inside of these machines work because that would "lessen security."

The same 'special' people will only agree to internet voting if they can have full control over the design of the system and are able to take it further. Instead of merely controlling who wins, they will want to know who voted against them. Anonymity will be gone. Also, it will be easier to add millions of votes at a central location with the press of a key. On one will know. They won't have to work in separate locations or drive around to wirelessly connect with the machines to make adjustments.

The present system is bad enough. Personally, I figure if ABC, NBC, MSNBC, or any of those guys eventually say it is a good idea and will help people or make something more fair, it is more accurate to believe the opposite. So far, I haven't heard that in this case. But it is not a serious enough proposal yet.

Re: Will Internet Voting Endanger The Secret Ball

[fgouget]

I think if you want an anonymous vote you should be able to vote on paper and if not then a verifiable digital vote. Leave the option to the voter.

Leaving the option to the voter is the same as leaving it to vote buyers and coercers.

One thing, no fucking chads.

Like Internet voting is the only solution to hanging chads. Guess what, in France we use paper and never had and never will get hanging chads!

Re: Will Internet Voting Endanger The Secret Ballo

[fgouget]

For the first 100 or so years, voting in the US was open ballot. The only reason it changed was because there was a civil war. Corruption and vote fraud was much less with an open ballot, and so long as you aren't in a situation with armed insurrection, is clearly superior to the secret ballot.

Chile also had open ballots and was not in a state of civil war or armed insurrection. Yet, as soon as they switched to secret ballots the election results changed significantly.

You're forgetting whole cultures and communities where women don't have equal rights (no matter what the law says), and employers who have the will and the means to try and nudge the balance.

Re: Will Internet Voting Endanger The Secret Ball

[internerdj]

Anonymous voting is pretty important, but I'll join you in the concern that I've got no way to go back and make sure my vote was properly recorded despite the problems that causes for anonymous voting.

Re: Will Internet Voting Endanger The Secret Ballo

[fgouget]

There are other methods as well. I would explain it all, but I am not a cryptographer.

And that is the problem. To actually verify that these systems work as they claim you need PhD in cryptography which means 99.99% of the voters are left out in the cold. Plus having a working theory is one thing, letting voters make sure on election day that the implementation is not buggy and does not leak your votes to third-parties via a side-channel is another entirely.

Re: Will Internet Voting Endanger The Secret Ballo

[fgouget]

Laymen cannot build a modern car or airplane or understand how it works, which means they cannot trust this system...

If cars or airplanes of a specific make keep crashing laymen are going to know pretty quick and will buy from its competitors. Same thing for the power grid, and the Internet, and pharmaceuticals.

But if done well, laymen would not know that the election was stolen. And it's not like you can go to the competition. Not only has the government a monopoly on elections, you cannot even escape whatever decisions it takes (no moving abroad is a not an option for most people).

Re: Will Internet Voting Endanger The Secret Ball

[fgouget]

Use a gift card and mail to a PO box service that is engaged under a pseudonym and paid for in cash.

Of course the whole "Internet voting equals Internet buying" analogy is fatally flawed. That's because the store does not care who you are as long as you pay so it's willing to accept a gift card you bought anonymously. In contrast the government wants to restrict voting rights to its constituency so it will never let you vote without first providing some form of identification.

Re: Will Internet Voting Endanger The Secret Ball

[Rei]

Must say you are a moron. Voting is meant to be anonymous.

And so Estonia's solution where people can vote online but override their vote on election day by casting a vote in person isn't a solution why? And that's just one of many possible technical solutions.

And the current practice of mail voting doesn't already eliminate ballot secrecy why?

Re: Will Internet Voting Endanger The Secret Ball

[The-Ixian]

You still need to give an address.... how hard is it to track down the purchaser if you have a physical address?

P.O. Box? Just find out who owns it or stake out the location and wait for the pick up.

Re: Will Internet Voting Endanger The Secret Ball

[The-Ixian]

Voting is meant to be anonymous.

Yeah, but is it really anonymous? Most states require a government issued ID in order to vote. The second that ID comes out into open air, you have to assume that all of the information on it has been given up.

At best, I would say that our current process is semi-anonymous. Given enough effort, your vote can be deduced.

I am personally all for online voting. The reason is just this: The more people that are able to vote, the more democratic the system.

I think that REASONABLE anonymity can be achieved through the use of TOR and other means. Hell, if you don't want to allow just any computer, make bank ATM's a valid voting station.

How about this solution: snap elections

[presidenteloco]

It would be known that the election will take place sometime this month.

But there would be a series of randomly timed, short 15 minute windows, announced via voting app notification, during which you can cast your vote with your smartphone or computer (requires fingerprint and face scan and secret knowledge to authenticate).

So you have to be being shadowed all the time, so that the vote coercer can be sure to catch you when the voting opportunity comes up.

Re:How about this solution: snap elections

[presidenteloco]

Along with this, it should also be possible to vote again in a subsequent random one of the voting time windows.

Only one of your submitted ballots counts.
It is your first-submitted ballot that counts.

The other voting sessions look real to any observer, but do nothing.

Re:How about this solution: snap elections

[david_thornley]

Meaning that the only people who can vote are those who can keep their smartphones or computers with them at most times. There are workplaces where smartphones are banned, or like mine. I can't get reception at work. There are workplaces where letting everyone take a 15-minute break wouldn't work. There are people who really can't afford a smartphone or computer, and a lot of them in fact don't have a smartphone or computer.

This is going to disenfranchise people, primarily the people with more strict jobs and less income, which the Republicans will approve of.

Re: Will Internet Voting Endanger The Secret Ball

[AF_Cheddar_Head]

The fraud at the ballot box is out of hand in the US, similar to that of many "third world" countries.

Citation please. I agree that Voter ID might be useful, but I have yet to see credible evidence of enough voter fraud to sway any US election held in the last 20 years. IMO The logistics of in person voter fraud make it very difficult to materially affect a large election. NOW, computer fraud or dishonest vote counters is another matter entirely but not something Voter ID would fix.

Anonymous voting helps prevent vote buying and voter intimidation. If the buyer or intimidater cannot confirm you voted the way they want what is the point?

Re: Will Internet Voting Endanger The Secret Ballo

[aurizon]

Secret ballot is assured in public unwatched (once you enter the curtained room - none can see how you vote) polling stations. It is not assured with an online login and vote, where threats an/or $$ can be used to witness how you vote under others eyes say at a workplace where the boss sees how every wirker votes and those that complain - just keep walking as you look for a new job.
Never in America you say? No, it is ever ready to pounce and coerce workers.

Vote on paper, in person, behind a curtain...

[bobwyman]

Voting should be done using a permanent, re-countable record (i.e. paper), in person, and behind a curtain. Computers should never be used vote. You might use them to count votes recorded on paper, but the paper should always be available for quality checks and recounts. Absentee ballots should only be permitted for military or diplomatic personnel, or those with a certified inability to reach the polls. (i.e. note from a doctor.)

Re:"Technologically impossible?"

[turbidostato]

"This is not impossible. In fact it is a solved problem."

I don't think so.

I mentioned the perpetual motion device for a reason. This discussion remembered me of an essay from Isaac Asimov about perpetual motion devices. It went into explaining the Second law of thermodynamics, then some examples of faulty devices, and why they were faulty... and ended, more or less, like this: "...and don't waste your time sending to me your 'really working' perpetual motion devices' designs. I am just an 'aficionado' so it very well may happen that I can't see the flaw on your design but, believe me, there *is* a flaw".

This is more or less the same. You *think* you solved the problem. Well, you didn't.

"That system lets everyone vote exactly once, maintains secret ballot, and gives voters the tools to confirm their vote was counted, and if not they can cryptographically prove it to the media or any auditors available."

What you did is decoupling authentication from anonymity and shared the responsibility between to different authorities. Well done sir, but still insufficient. Because, while you did authenticate the *voting effort*, you didn't authenticate *the ballot*. How do you probe that the casted vote was the same one that was counted? With physical ballots you do it by an open-in-sight chain of custody; with electronic zeros and ones, and given that the full channel is under control of a single party (the government), there's exactly one party the voter can be confident of: himself. And that means signing the casted vote by himself, which brings proper authentication but, at the same time, loses anonymity and the vote can be tracked back to himself*1. With physical votes also happens the same, which is why it is the voter himself the one putting the ballot within an envelope for anonimity and then in a box, usually transparent, for authenticity -and the ballot's chain of custody being in the open from then on.

Again, the comparation with a perpetual motion device is spot on: most of the time it will be wrong, even if done by trustable people like you, and there also will be a lot of snake oil sellers / untrustable parties that will try to cheat me for their own advantage. You can play now the "true scotsman" game and even come with a properly functional system by calling "e-vote system" a "two-worlds vote system"*2 (one that mixes and matches physical world and cybernetic) but, in the end, why take the risk? Even me, I'm an 'aficionado' and can be cheated; the standard 'Joe the Voter' much moreso so the only healthy position is Asimov's one: "it very well may happen that I can't see the flaw on your design but, believe me, there *is* a flaw"

*1 You could think the ballot could be cryptographically signed by the counting/auditing party instead of the voter, but you can't as you are still open to MiM attacks, which can't be tracked down *unless* you know what was in fact voted, which only the voter knows.

*2 Not that these kind of mixed systems wouldn't be of any help. A system like the one you talked about *coupled* with a traditional paper-and-box one could mean the results could be published within one minute of closing the casting period with a high degree of confidence.

Re: Will Internet Voting Endanger The Secret Ball

[david_thornley]

Gee, I fill out a paper ballot and put it into an electronic counting machine. If there's reason to suspect problems, or if the vote is really close, "they" will count all the paper ballots. The sealed ballot boxes will be handled well, with any opportunity for fraud observed by (at least) representatives of the two major parties. I'm pretty sure it's going to be counted correctly.

Re: Will Internet Voting Endanger The Secret Ball

[david_thornley]

To file an absentee ballot in this state, you fill out your ballot and put it in a blank envelope. You put that one in a larger envelope with your name on it, and mail that in a larger envelope.

When the ballot is received, someone files the envelopes with names on them. Someone keeps track of the envelopes until it's sure that the ballot is the right one for that person. Then people open the envelopes with names and throw the blank envelopes inside into a container, and when they're through they'll get the blank envelopes and get the ballots out. The fact that you voted on an absentee ballot is on record, just like it's on record that I voted at my precinct polling place. There's no way to connect a ballot with a voter.

Re: Will Internet Voting Endanger The Secret Ballo

[david_thornley]

Is your piece of paper kept so that it can be counted again in case of problems? If so, that's a lot better than any purely electronic voting system.

Re: Will Internet Voting Endanger The Secret Ball

[peawormsworth]

I did (nearly) everything you said already. And it Did Not work.

ebay would not allow the Visa gift card to be accepted until I attached my address to the card through the visa site. The visa site would not allow me to register on this site through an obscured IP.

It is my belief that you cannot purchase online in a private manner without committing fraud. Not because privacy requires fraud, but simply because companies make money from your lack of privacy. For example, you said that I should used a pseudonym for my PO box. I think that counts as fraud in my neighbourhood.

Re: Will Internet Voting Endanger The Secret Ball

[Rei]

You're missing the point. The complaint about electronic voting is that someone can compel someone to vote in a particular way when voting isn't in person because they can confirm that the vote was cast in the way that they want, which they can't do at a polling place. But this situation already exists with absentee ballots, when the person is filling out the ballot.

Meanwhile, in Estonian online voting, when you vote online, you can still later go to a polling place and change your vote. Meaning that the person who watched you vote a certain way online still has no clue whether that vote is actually going to be the final say, unless they hold you hostage all of voting day. Which someone could do with likely voters for a given candidate whether online voting exists or not.

This has nothing to do with whether people at the electoral commission can match voters with their votes (which they can't do with either paper or online votes in any decent system).

Re:"Technologically impossible?"

[turbidostato]

"This data must be recorded in a register of WHO voted, it must NOT be recorded in the register tallied votes."

Registered is the key here. How do you make sure whatever the voter decided is what got into the database?

Authentication means allowing the process to be submitted or not."

This is, by its own definition, authorization, not authentication, but I get your point. The problem is that this is *one* kind of authentication. You not only need to make sure the one voting is allowed to vote (you authorize by means of an authentication process followed by a tracking one), but you also need to make sure that the casted voted is counted as is. For this you also need authentication, the ballot's in this case.

"The numbers have to match, but the data doesn't have to be associated."

It needs to, if the system puts the vote in the shadows, where it may be modified from casting to counting.

Re:"Technologically impossible?"

[presidenteloco]

Why would an abusive controlling husband allow their wife/prisoner out of the house to cast a vote in a regular paper election, when such a vote is not controllable?

My point is, that kind of extreme coercion will prevent one-person-one-vote whether or not we have new technology for voting, and the new technology if designed well might help a person vote secretly when they have an hour away from their prison guard.

Re:"Technologically impossible?"

[presidenteloco]

See David Chaum's voting methods. As for understandability or trustworthiness of the method, one could get a line up of 100 cryptographic experts who would testify as to the apparent correctness of the algorithm and the implementation. At some point, you'll have to decide whether to trust that. If I could check their credentials and see that it was unanimous, I would believe that, to our present knowledge, it is a valid and unbroken voting method.

Another interesting twist would be to send the vote through three independently designed electronic voting systems, and only if the results from all three agreed perfectly would the election be considered valid.

Re:"Technologically impossible?"

[fgouget]

As for understandability or trustworthiness of the method, one could get a line up of 100 cryptographic who would testify as to the apparent correctness of the algorithm and the implementation.

Climate warming is easier to understand, there are over 2000 scientists who can and do testify that it is real and still 50% if not more of the population doubts it. And you think the testimony of a paltry 100 cryptographers will be sufficient?

Another interesting twist would be to send the vote through three independently designed electronic voting systems, and only if the results from all three agreed perfectly would the election be considered valid.

So either there are three computers and the voter must enter his vote three times without mistakes otherwise the results will differ causing everyone to doubt the system; or you have a four computer sending the vote data to the three others, after having tampered of leaked the votes, but all three implementations will show the same result, officially "proving" the election was not tampered with. In other words, no dice.

Re:"Technologically impossible?"

[turbidostato]

"As for understandability or trustworthiness of the method, one could get a line up of 100 cryptographic experts"

Or one could use a system so obvious no cryptographic experts are needed to start with.

"Another interesting twist would be to send the vote through three independently designed electronic voting systems"

This would help to avoid flaws, not to avoid malice.

The Space Shuttle used to use the same approach (because the flaws avoiding). Now, imagine that NASA wanted (secretly) for the shuttle to crash: all three subsystems would throw the wrong results in agreement, despite being independently designed. Now imagine we are not talking about NASA and flight computers but about government and voting systems.

You probably have an honest interest on e-voting, you did expend your time and effort to understand it well and yet, you can't come with, not only a flawless system but one without obvious concerns -and without obvious advantages for the voter either, except, maybe some extra comfort. No sir, e-voting systems go right to the same place than snake oil sellers and perpetual motion devices inventors.

Re:Pah

[cwsumner]

A global civilization built upon universal central *control* is the only way humanity will progress.

The problem with this sort of stuff, is that the people saying it always think that they are part of the elite. In History, it does not seem to work out that way. Instead they end up part of the fertilizer... 8-{