Slashdot Mirror
Will Internet Voting Endanger The Secret Ballot?
MIT recently identified the states "at the greatest risk of having their voting process hacked". but added this week that "Maintaining the secrecy of ballots returned via the Internet is 'technologically impossible'..." Long-time Slashdot reader Presto Vivace quotes their article:
That's according to a new report from Verified Voting, a group that advocates for transparency and accuracy in elections. A cornerstone of democracy, the secret ballot guards against voter coercion. But "because of current technical challenges and the unique challenge of running public elections, it is impossible to maintain the separation of voters' identities from their votes when Internet voting is used," concludes the report, which was written in collaboration with the Electronic Privacy Information Center and the anticorruption advocacy group Common Cause.
32 states are already offering some form of online voting, apparently prompting the creation of Verified Voting's new site, SecretBallotAtRisk.org.
32 states are already offering some form of online voting, apparently prompting the creation of Verified Voting's new site, SecretBallotAtRisk.org.
Yes.
Computer based voting of any kind is a bad idea.
https://www.youtube.com/watch?v=w3_0x6oaDmI
ARE there any other questions?
Electronic voting is one of the most stupid ideas that politicians have croaked up so far. And that means a lot, even after gerrymandering, lobbyism, and two-party-systems.
Electronic voting is basically outright stupid. You cannot control if your vote was really counted, or if it was counted for the correct party or candidate. Votes can be manipulated by inside jobs or hacking, and with a political voting result being a very profitable target, and the voting machines safety and security record far from being unblemished, voting fraud is a very interesting goal for many, not only political, parties.
The problem is that electronic voting cannot fulfill the legal and philosophical demands for a democratic voting. This is not a failure of the planners, programmers, or hardware developers, this is system inherent, as many aspects cannot be implemented correctly without invalidating other important aspects of the same.
Now there is this totally broken idea and they want make it available online, opening the doors to fraud and abuse even wider.
"we'll probably figure out how create a system that uses authenticated electronic ledgers to prevent fraudulent tampering (blockchains, etc) while still preserving anonymity."
We'll probably not.
Authentication means "undoubfully identifying something's author (or owner)". Anonymity means "impossibility to identify something's author (or owner)".
See the problem?
I'm with you about distrusting "any blanket assertion", but in this case is an obvious logical impossibility, not even physical impossibility (i.e.: a perpetual motion device)
Now, remember this whenever somebody comes to sell you a "trustable e-voting system": it's even less credible than a guy trying to sell you a perpetual motion device.
You are completely missing the point. All the cryptography and the blockchains and the secure protocols in the world can not detect if someone is standing behind the computer with a wad of cash (vote buying) or brass knuckles (coercion) and checking that you are voting right.
One of the core features of the secret ballot is the voting booth, where the voter is alone to do the final choice, with official oversight.
Of course, the privacy of the voting booth is not perfect, it is weakened by all sorts of features, from absentee voting to tolerating children in the booth with their parent. But it is still the norm for most voters and is way more solid than a situation where the norm would be to vote from home.
"If a vote is represented by a crytocurrency wallet balance"
Then you can always use a 2$ wrench to gain access to the wallet's content by brute force on the owner.
"and votes are randomly distributed to voters via paper wallets"
Which -so I hope, are destroyed after the owner deposits his or her ballot, then it is not an electronic voting system.
yes it will stupid. read up on Tammany Hall in NYC in the 1800's. people were marched to voting booths, overseers made sure they voted for the right people and then they were given gifts. same here. low paid people will be hired or voters will simply have to provide screenshots of their votes to receive prizes
For the first 100 or so years, voting in the US was open ballot. The only reason it changed was because there was a civil war. Corruption and vote fraud was much less with an open ballot, and so long as you aren't in a situation with armed insurrection, is clearly superior to the secret ballot.
Once we go back to open ballots, fraud will drop, and online voting fraud will become irrelevant as well.
Learn to love Alaska
are secret anyway. I had to show them my voter registration card, my picture ID, and from that, they entered something into a computer which spit out a 4 digit number. Then that 4 digit number is used on the voting machines. So they already know that my ID is tied to that number and that number is tied to my votes. There's no secrecy any more.
The day Microsoft creates a product that doesn't suck, it will be known as the Microsoft Vaccuum Cleaner!
Why doesn't anyone trot out Betteridge's Law of Headlines when questions like this come up?
#DeleteChrome
There are provably secure cyptographic methods to ensure that no one can figure out who you voted for, and that you can check, after the election, that your vote was counted appropriately. These systems even include a method for providing a faked screenshot to be sold to vote buyers. The fact that almost no one uses these systems is the real problem.
"It is enough that the people know there was an election. The people who cast the votes decide nothing. The people who count the votes decide everything." Internet voting would basically remove the last remaining perception of legitimacy from any of this "democracy" farce that we have in this country. If government counts the votes, government will make sure the "right" candidate wins every time.
Secure voting is only part of the problem with internet voting. The only practical way to ensure a person does not have someone physically looking over their shoulder when voting is to have designated voting centers with private one person booths.
Open ballots are inherently fraudulent. They exist for the sole purpose of empowering the ruling party to direct violent retaliation against those who voted against them at their whim.
Really? Noone can figure out who you voted for and you can ensure your vote was counted properly? I thought it was one or the other.
Care to point me in the right direction?
Some people encrypt by using rot-13 twice. I prefer the more secure method of using rot-1 a total of twenty six times.
The modern system using one person voting booths distributed around with the ability to have outside supervision that people are really voting by themselves works quite well.
Likewise, marking a paper ballot and using electronic counting gets "auditability of results" and "rapid tally" - a recount is possible if there are questions, but the tallies can be electronically (and vulnerably) done quickly.
The remaining flaw is "access by disabled persons" - if you're blind, it's tough to mark a ballot with a pen - historically, in California, a sworn poll worker would assist the voter who could not get into the polling place, or help a blind person mark the ballot. That's compromisable, clearly, but not surreptitiously on a mass scale - you'd have to suborn hundreds or thousands of poll workers to have a significant effect.
"we'll probably figure out how create a system that uses authenticated electronic ledgers to prevent fraudulent tampering (blockchains, etc) while still preserving anonymity."
We'll probably not.
This is not impossible. In fact it is a solved problem. Blind Signatures can be used to do this. I actually designed and mostly implemented such a system: Source and docs here. I also was not the first to do this (David Chaum deserves far more credit than I do: his contributions to cryptography have enabled so many amazing things including my little experiment) .
That system lets everyone vote exactly once, maintains secret ballot, and gives voters the tools to confirm their vote was counted, and if not they can cryptographically prove it to the media or any auditors available.
However it also makes buying and selling of votes very robust and easy. Without an isolated voting booth, there really isn't any hope of making it impractical to sell your vote, or force people to vote particular ways. This is as important as the secret ballot: both are requirements for our electoral systems.
I have designed electoral systems, that use a voter booth, paper records, and some cryptographic verifiability that are resistant to coercion and vote selling/buying which makes me think there may be room improvement in this area. However paper ballots and voting booths are pretty close to ideal: The simple paper system is also easier for people to trust and verify, which is very important for elections.
What about people who live or work in areas in which voting for the wrong person could have consequences? Someone working at a coal mine who wants to vote Democrat? A person with an abusive spouse who doesn't want to vote they way they were told to? Just because you are comfortable telling people who you vote for not everyone else has such luxury.
Setting aside all the clear fraud, tampering, etc. There is also the possibility of fraud within the household. I can name piles of cultures where the man rules the house; full stop. Immigrants from these countries tend to congregate in communities in many countries. Thus the "man" of the house will do all the voting; can we guess where his voting will lay on the spectrum of women's rights, investigations into honour killings, curtailing of an oppressive religion, etc?
So in addition to all the wonderful possibilities for fraud and rigged elections, there is the simple disenfranchisement of entire groups.
Then we have bully voting. Quite simply an enforcer for some minor gang might show up at an apartment block and tell everyone that they vote in front of him and his men.
The above voting irregularities might not seem like much, except that so many elections are won by a percent or less. In the case of a local councillor or alderman a few hundred votes could easily flip the result of an election.
In a nation with a problem culture like one of the above. This could easily swing an election.
That was my instant thought. Amazon sets up warehouse voting areas where employees can vote under supervision "if they want to". Those that don't want to might not have jobs after the election. Every at-will state could work like this if the option to choose not to vote in secret existed.
I'm even in favor of getting rid of absentee voting for this reason. Lets have the polls open for 2-3 weeks, and offer rides a few of the days instead of mailing ballots back and forth. If you can't make it to an authorized polling place*, you don't get to vote.
*And I think we could come up with a system to authorize embassies and military bases to hold elections. A little trickier, but doable.
Velociraptor = Distiraptor / Timeraptor
Use a gift card and mail to a PO box service that is engaged under a pseudonym and paid for in cash. Gift cards can be purchased at most grocery outlets, again for cash and anonymously. If you are REALLY paranoid use a VM'd OS that you subsequently wipe on your local library Wi-Fi, or at McDonald's or even Starbucks. For the extreme tinfoil helmet, you can buy for cash a very cheap used laptop that you can dispose of AFTER the transaction, preferably in pieces in several different trash bins behind local grocery stores.
errr....umm...*whooosh* *whoosh* Is this thing on ?
Really? Noone can figure out who you voted for and you can ensure your vote was counted properly? I thought it was one or the other. Care to point me in the right direction?
Most of the voting systems by David Chaum. I assume others' systems as well. All of these systems work by similar methods. One common trick is that if N numbers are XOR'ed together, then any number can only be revealed by again XOR'ing with the other N-1. So your vote can be XOR'ed with something that hides the actual vote, but the combination of the two can be checked from a list. There are other methods as well. I would explain it all, but I am not a cryptographer.
Voting is meant to be anonymous; the process should be comprehensible to anyone, and anyone should be able to contribute to assuring that the ballot count is accurate. Paper based voting meets these requirements, and has the important bonus of being pretty resilient to tampering if enough citizens actually step up and help verify the results. The more you want to fraudulently influence a paper based vote, the more people you need to include in your scheme. Electronic voting on the other hand meets none of these requirements: anonymity is not guaranteed, the process is either sensitive to large scale fraud or hardened against fraud using encryption, making it completely intransparent to laymen. And auditing the count can only be done by experts, and even then fraud is pretty easy to miss.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Laymen cannot audit this system, nor is the process of assuring anonymity and an accurate count transparent or comprehensible to laymen. That means they cannot trust this system... which is kind of an important aspect of a ballot.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Yeah. Koreans working for a few bucks internet cafes...
You think you can prevent that? With current technology?
All you really have to do is register 500,000 votes in a district with 60,000 registered voters. Invalidate the election. Hilarity ensues.
deleting the extra space after periods so i can stay relevant, yeah.
"incorrect votes".
That's almost funny. And pathetic.
deleting the extra space after periods so i can stay relevant, yeah.
I think that countries need to switch to an open ballot because of the conflicts between the secret ballot and hybrid direct/representative democratic systems and electronic voting (which thanks to advances in cryptography becomes more viable every day). However the only reason the US didn't have huge trouble with an open ballot was the decreased motive for vote buying, since all voters in that time were white males - and usually from the upper classes at that (during much of that period, the white males also had to own land and/or pass an "intelligence test" and travel in ways that weren't practical for the working class in order to vote). In short, the country club crowd had no reason to pay or coerce each other to vote the way they all wanted. The fledgling democracy would've been clearly identified as an oligopoly by today's standards.
An open ballot being shoehorned into today's world would cause corruption and vote fraud to skyrocket. A switch to an open ballot system, which again I think is a worthwhile pursuit, will need to be accompanied with very strong technical and legal countermeasures to prevent this.
"When information is power, privacy is freedom" - Jah-Wren Ryel
And in the first 50 years of the USA, when did that happen? Never? Sorry, reality proves you wrong.
Sure, they don't work in places with armed insurrection, but in more stable countries, they work much much better. Or are you asserting that the USA isn't a stable country?
Learn to love Alaska
Laymen cannot build a modern car or airplane or understand how it works, which means they cannot trust this system...
Same goes for the power grid, and the Internet, and pharmaceuticals.
Sooner or later, we're going to have to trust the concept of trusting a reputation based web of trust. We can't personally understand MOST of the technology that supports our modern lives.
Where are we going and why are we in a handbasket?
No one's mentioned Estonia yet, so here we go: http://www.vvk.ee/voting-metho...: secret ballot over the Internet, separation of voter and vote, vote verification, and last but not least, open-sourced voting software. Researchers have pointed out a few hypothetical attack vectors available to state-level entities (last from 2014) which have been closed ever since, but the bigger problem is actually handling the PR during the elections, in the sense that a malicious person or persons can claim their votes were "hacked", drum up the media coverage, and even though they'll be proved wrong, the integrity of the ongoing elections would still be compromised.
You're not well-acquainted with human history, are you? The reason that voting is setup this way is precisely because all those things you poo-poo as not being realistic actually happened. Not in the hyperbolic forms you state, but in effect. Vote buying. Intimidation. These are real problems, and you don't realize it because you've only ever voted while the solutions have been in place.
You don't understand coercion. The victim can be coerced into voting by someone else. Imagine an abusive husband, as one example.
Bugging or putting a camera on a voting booth would be a monumentally difficult, risky, and possibly ineffective way to coerce a vote.
I would give up anonymous voting if it meant I could trust my vote couldn't be manipulated in secret.
Though I do understand the implications of it as some countries in the past have used such systems to remove potential competition to their own party.
The way I see it, if they're going to cheat to win, may as well make it as difficult and time consuming as possible for them.
Voting should be done using a permanent, re-countable record (i.e. paper), in person, and behind a curtain. Computers should never be used vote. You might use them to count votes recorded on paper, but the paper should always be available for quality checks and recounts. Absentee ballots should only be permitted for military or diplomatic personnel, or those with a certified inability to reach the polls. (i.e. note from a doctor.)