I get motion sick if I try to read anything (book, map, phone, computer) in a moving car or train. I'll get zero productivity gain from a self driving car. Not sure what percentage of the population has the same issue, but I doubt it's insignificant.
I have no trouble using a computer on a car and do so regularly. Not sure what percentage of the population has no issue with motion sickness, but I doubt it's insignificant. (Yeah, we're both right.)
And even if you're not one of the above 'bad people', you could simply be one of the 90% of people who are collateral surveillance victims. So no, you don't need to be up to no good to be under surveillance and that's something to be concerned about.
I would hope that the rental company would reset the system in part of their cleanup/inspection after return, however.
Given that they don't seem to check tire pressure or verify wiper fluid level (both of which impact safety), I think expecting them to reset the infotainment system is pretty unrealistic.
Planes do detect other planes in proximity with the aptly-named proximity warning. Miles in advance. With beeps buzzes and autopilot disengagement. They are called ACAS.
Given that, to quote Wikipedia, while larger civil aircraft carry weather radar, sensitive anti-collision radar is rare in non-military aircraft, ACAS either does not detect planes that don't have a transponder, or need to rely on external systems to do so. Car autopilots can neither rely on other cars and pedestrians having transponders, nor on some central authority warning them when they're about to hit something. Thus they have to detect obstacles entirely on their own which requires a whole lot more sophistication than plane autopilots (which is also why planes have had autopilots for over 30 years and cars are just beginning to get them).
A car autopilot has to be much more sophisticated than aircraft ones because pedestrians, bicycles and even other cars don't have a transponder broadcasting their position and speed at all times. Furthermore in the air there are essentially no stationary obstacles (mountains and relief don't count: they are well mapped), whereas on the ground there are tons of obstacles (from parked cars to road work, construction areas encroaching on the road, etc). Plus the pilots of other aircrafts are nowhere as crazy and unpredictable as car drivers (fortunately).
As for understandability or trustworthiness of the method, one could get a line up of 100 cryptographic who would testify as to the apparent correctness of the algorithm and the implementation.
Climate warming is easier to understand, there are over 2000 scientists who can and do testify that it is real and still 50% if not more of the population doubts it. And you think the testimony of a paltry 100 cryptographers will be sufficient?
Another interesting twist would be to send the vote through three independently designed electronic voting systems, and only if the results from all three agreed perfectly would the election be considered valid.
So either there are three computers and the voter must enter his vote three times without mistakes otherwise the results will differ causing everyone to doubt the system; or you have a four computer sending the vote data to the three others, after having tampered of leaked the votes, but all three implementations will show the same result, officially "proving" the election was not tampered with. In other words, no dice.
So just use bank ATMs that are located in already secured bank lobbies.
Thus directly giving control of the elections to private companies and reducing citizen oversight to exactly zero.
Yes, this de-anonymizes your vote.... I think it is a worthy goal to allow everyone a say.
De-anonymizing votes is the opposite of allowing everyone a say (because it enables community / employer / peer pressure). Not in theory, in practice, as shown by Chile's transition from open to secret ballots. Plus Internet (or ATM in your version) voting has nothing with ensuring anyone has a say. Finally, there's no point ensuring everyone has a say if you first made it trivial for anyone in the world to hack elections on a large scale.
Use a gift card and mail to a PO box service that is engaged under a pseudonym and paid for in cash.
Of course the whole "Internet voting equals Internet buying" analogy is fatally flawed. That's because the store does not care who you are as long as you pay so it's willing to accept a gift card you bought anonymously. In contrast the government wants to restrict voting rights to its constituency so it will never let you vote without first providing some form of identification.
Laymen cannot build a modern car or airplane or understand how it works, which means they cannot trust this system...
If cars or airplanes of a specific make keep crashing laymen are going to know pretty quick and will buy from its competitors. Same thing for the power grid, and the Internet, and pharmaceuticals.
But if done well, laymen would not know that the election was stolen. And it's not like you can go to the competition. Not only has the government a monopoly on elections, you cannot even escape whatever decisions it takes (no moving abroad is a not an option for most people).
There are other methods as well. I would explain it all, but I am not a cryptographer.
And that is the problem. To actually verify that these systems work as they claim you need PhD in cryptography which means 99.99% of the voters are left out in the cold. Plus having a working theory is one thing, letting voters make sure on election day that the implementation is not buggy and does not leak your votes to third-parties via a side-channel is another entirely.
For the first 100 or so years, voting in the US was open ballot. The only reason it changed was because there was a civil war. Corruption and vote fraud was much less with an open ballot, and so long as you aren't in a situation with armed insurrection, is clearly superior to the secret ballot.
Chile also had open ballots and was not in a state of civil war or armed insurrection. Yet, as soon as they switched to secret ballots the election results changed significantly.
You're forgetting whole cultures and communities where women don't have equal rights (no matter what the law says), and employers who have the will and the means to try and nudge the balance.
I'm even in favor of getting rid of absentee voting for this reason. Lets have the polls open for 2-3 weeks, and offer rides a few of the days instead of mailing ballots back and forth. If you can't make it to an authorized polling place*, you don't get to vote.
You could start by having elections on a Sunday instead of having them on a day where almost no one has time to go and wait in line.
I want to reassure you that your identity is *ALMOST* certainly not tied to that number, if you vote in the U.S.
There, fixed that for you. You did not verify the code and hardware actually being used after all, right? (reminder: source code does no count for obvious reasons)
I can also verify that my vote was accepted for counting by checking online with the Secretary of State's office. If there is a problem I may have a chance to fix it depending on timing. All in all I'm confident that my ballot is secret and that it is being counted.
All you really know is that your vote has been received. They may have thrown it straight into the trash though. That you're confident it is secret and being counted just shows you're of a trusting nature and optimistic.
If a vote is represented by a cryptocurrency wallet balance, and votes are randomly distributed to voters via paper wallets(no visible unique markings on the outside of the wallets to independently distinguish them from any other), so long as deposit of wallets can be done anonymously(Tor etc.) then this is a highly secure auditable method of electronic voting.
So auditable that a) the state will know exactly how you voted and can send the secret police should you have voted incorrectly, and b) it can even save you the trouble of voting since it knows your wallet id.
Please remember that the whole point of elections is to peacefully overthrow the government in power.
How about instead we just have voting booth machines available at every Town Hall/Police Station, go in, put in your information (or scan your driver's license for it to be quicker) it uses facial recognition like the new automated passport machines, and leave it open for an entire month. So anyone can go vote the 30 days up to the election and the results are tallied that night.
Either these voting booth machines are entirely automated, which seems to be implied, and then it means the machine has both your vote and your id, meaning it violates the anonymity requirement; or you need to have not one but multiple clerks and party representatives manning the booth to ensure no one person can rig things, for a whole month which is going to be very expensive.
Either way the voting machine will need to be guarded day and night to ensure no one tampers with it, again by multiple individuals, again paid for a whole month, again very expensive.
Please explain what steps you have taken in your voting protocol to ensure that, on election day, any voter can verify that the voting software and hardware actually preserves his/her anonymity and prevents cheating. Don't forget to explain why allowing for this verification by any voter on election day does not introduce any opportunity for tampering. Please keep things short, let's say ~1000 words, start from first principles, and limit yourself to concepts understandable by all voters.
I'm sure every single mailed in vote is actually cast by the intended person and not by one person in the household "helping" or by churches rounding up the elderly to "help", or nursing home "helpers", etc.
That would be one-ballot-at-a-time election stealing. I'm not terribly worried about that; it would take such a massive program to alter 50,000 votes that way that this wouldn't be an effective way to steal an election. It's changing the entire count that I worry about.
Few elections are ever decided by ones and twos of votes. It's wholesale changing that is the problem.
In this case the worry is not so much one individual stealing an election, but entire categories of the population being denied their right to vote freely due to social factors.
There is a technology called blockchain nowadays. It's the only way to make online voting secure. Votes can be recorded into a blockchain in a way that no one else than the voter can see what the vote was and the record is unchangeable.
First, if only the voter can see what the vote is, then the government obviously cannot tally the votes, making the election impossible. Fortunately blockchains don't work like that: the transactions are public since the nodes must verify that they are valid.
Second, the voter must not be able to prove how he voted otherwise that opens the door to vote selling and coercion.
Third, voting must be restricted to citizens of age which implies that the government must maintain a list of the public keys of registered voters. Then it's trivial to use that list to de-anonymize all votes.
So no, blockchains are useless for traditional voting systems.
Exactly. Basically, you want voting to be as labor-intensive as reasonably possible. More labor means more people observing the system and making sure it's being run correctly and fairly. More people means more stability.
I would add the corollary which is that a more labor intensive process makes it necessary to bribe more people to successfully rig the election. This drives up the cost but also the risks: as the saying goes, once three people share a secret it's no longer a secret.
1) Open source everything from code to protocols to procedures.
Open-source is useless if you have no way to verify that it is the code being used on the computers on election day.
2) Have both public and commercial security assurance performed on everything.
Elections serve to peacefully overthrow the powers in place. So, as far as elections are concerned the government must never be trusted. So letting the government pick a select few to perform the security checks is no guarantee at all. Furthermore security audits are useless if they don't audit the software and hardware that is actually used on election day. But while it's possible to let a handful of people perform very basic checks on these up to election day, it is impossible to let the voters do so. In other words the voters have no way to verify anything.
3) Sign all software, both voter and server side. Use integrity checks everywhere.
Sign all software, including the signing software. Audit the compiler too, and the compiler's compiler (at the assembly level, not the source level), the operating system, the drivers, etc. If you skip any step it's all for nothing.
Of course on election day you must also verify that the computer is actually running the official software and not just software designed to print the official cryptographic checksums. So start election day by pulling out the hard-drive, putting it in a computer that you trust, and verifying its content with your software. Of course the observer next to you cannot trust your computer and software and thus will need to make the same checks using his own hardware and software, giving him an opportunity to hack the content of the drive after you have checked it.
4) Deploy physical tamper evidence on all servers and systems.
Which is moot due to the point above. Also seals are pretty easy to replace, particularly by the entity that stands the most to gain from a rigged election: the government. Finally seals make denial-of-service attacks trivial: just break the seal. Once someone points out the seal has been broken the computer and software must be thrown away and rebuilt from scratch, delaying the election.
5) Perform admin tasks only under public scrutiny. There will be enough nerds and enthusiasts who WILL gather to find flaws in your procedures and opsec; use them wisely.
Yay, everyone can see the admin typing ls and the expected result being displayed in the terminal. Just ignore the fact that there's a 3G card hidden inside the computer and hacker reconfiguring things remotely. Public scrutiny means nothing.
I have been on duty as an observer on electronic voting in my home country.
From TFA: "But experts in computer security maintain that nothing sent over the Internet is secure."
While I agree with the point he's trying to make about the issues with existing online voting systems, this hyperbolic statement is clearly wrong.
It's certainly possible to make Internet voting at least as secure as paper ballots.
You're mistaken on both points. The only things we know how to make somewhat secure are things that are not secret. For instance when you buy something online the store knows what you bought, provides you with the means to prove what you bought, and the bank knows your identity, that of the store and the amount of the transaction. Even so you're not protected from a store taking your money and never shipping the product. But at least, all this data can be used to prove the existence of the transaction and resolve conflicts.
But voting is different: not only must the state not know how you voted, but even you must not be able to prove how you voted. Furthermore you cannot trust any state-provided software because they are both judge and party and are the ones with the most to gain from a rigged election. This makes all the standard techniques used to keep things online secure unusable.
Back to the analogy, it's as if you wanted to build an online store that would only let registered customers (citizens) buy stuff, but have no knowledge of what they bought (how they voted), and not let them prove in any way what they bought (to prevent vote selling and corercion). Furthermore the people running the store would stand to gain a lot by cheating their customers, and there would only be one such store (your country) so you could not even rely on an reputation system to weed out bad actors.
There is no point hacking electronic voting computers if the result is not plausible. That's why anyone rigging the election will not make their candidate win with 99% of the votes. But even a candidate winning with 50.5% of the votes is implausible if he normally gets 5% of the votes. And implausible results trigger investigations, lawsuits... and reelections. That's no good.
So the first step is to rig the campaign so that the result you want will at least seem plausible. You can do that by helping your candidate, disrupting its opponents, or at least causing enough of a disturbance to make the result seem uncertain.
Hacking the DNC can do all that: discreetly leaking select information to his team can help them optimize their communication without even realizing who is the source ; the gathered information can also been used another team to disrupt the Democrats campaign ; and then making the leak public when it's no longer useful can cause enough of a disturbance to further muddle things up. No well softened, the public will be ready to accept any result.
Of course this is just a conspiracy theory. But today Trump is seen as having a good chance of winning the elections which seemed totally unrealistic not so many months ago. Just saying... So if he wins you'll now stage 2 was successful too;-)
Slashdot Mirror
I get motion sick if I try to read anything (book, map, phone, computer) in a moving car or train. I'll get zero productivity gain from a self driving car. Not sure what percentage of the population has the same issue, but I doubt it's insignificant.
I have no trouble using a computer on a car and do so regularly. Not sure what percentage of the population has no issue with motion sickness, but I doubt it's insignificant. (Yeah, we're both right.)
Unless you're clearly up to no good, you don't have to worry about spyware like this.
You mean up to no good like Angela Merkel, Chirac, Sarkozy and Hollande the last three French presidents, and 35 world leaders?
But of course you don't need to be a celebrity or a politician to be up to no good. You could be trying to help people through a humanitarian organization like the Red Cross, Doctors Without Borders, , or you could just have said something bad about the government of a minor island, etc.
And even if you're not one of the above 'bad people', you could simply be one of the 90% of people who are collateral surveillance victims. So no, you don't need to be up to no good to be under surveillance and that's something to be concerned about.
I would hope that the rental company would reset the system in part of their cleanup/inspection after return, however.
Given that they don't seem to check tire pressure or verify wiper fluid level (both of which impact safety), I think expecting them to reset the infotainment system is pretty unrealistic.
Planes do detect other planes in proximity with the aptly-named proximity warning. Miles in advance. With beeps buzzes and autopilot disengagement. They are called ACAS.
Given that, to quote Wikipedia, while larger civil aircraft carry weather radar, sensitive anti-collision radar is rare in non-military aircraft, ACAS either does not detect planes that don't have a transponder, or need to rely on external systems to do so. Car autopilots can neither rely on other cars and pedestrians having transponders, nor on some central authority warning them when they're about to hit something. Thus they have to detect obstacles entirely on their own which requires a whole lot more sophistication than plane autopilots (which is also why planes have had autopilots for over 30 years and cars are just beginning to get them).
A car autopilot has to be much more sophisticated than aircraft ones because pedestrians, bicycles and even other cars don't have a transponder broadcasting their position and speed at all times. Furthermore in the air there are essentially no stationary obstacles (mountains and relief don't count: they are well mapped), whereas on the ground there are tons of obstacles (from parked cars to road work, construction areas encroaching on the road, etc). Plus the pilots of other aircrafts are nowhere as crazy and unpredictable as car drivers (fortunately).
As for understandability or trustworthiness of the method, one could get a line up of 100 cryptographic who would testify as to the apparent correctness of the algorithm and the implementation.
Climate warming is easier to understand, there are over 2000 scientists who can and do testify that it is real and still 50% if not more of the population doubts it. And you think the testimony of a paltry 100 cryptographers will be sufficient?
Another interesting twist would be to send the vote through three independently designed electronic voting systems, and only if the results from all three agreed perfectly would the election be considered valid.
So either there are three computers and the voter must enter his vote three times without mistakes otherwise the results will differ causing everyone to doubt the system; or you have a four computer sending the vote data to the three others, after having tampered of leaked the votes, but all three implementations will show the same result, officially "proving" the election was not tampered with. In other words, no dice.
So just use bank ATMs that are located in already secured bank lobbies.
Thus directly giving control of the elections to private companies and reducing citizen oversight to exactly zero.
Yes, this de-anonymizes your vote. ... I think it is a worthy goal to allow everyone a say.
De-anonymizing votes is the opposite of allowing everyone a say (because it enables community / employer / peer pressure). Not in theory, in practice, as shown by Chile's transition from open to secret ballots. Plus Internet (or ATM in your version) voting has nothing with ensuring anyone has a say. Finally, there's no point ensuring everyone has a say if you first made it trivial for anyone in the world to hack elections on a large scale.
Use a gift card and mail to a PO box service that is engaged under a pseudonym and paid for in cash.
Of course the whole "Internet voting equals Internet buying" analogy is fatally flawed. That's because the store does not care who you are as long as you pay so it's willing to accept a gift card you bought anonymously. In contrast the government wants to restrict voting rights to its constituency so it will never let you vote without first providing some form of identification.
Laymen cannot build a modern car or airplane or understand how it works, which means they cannot trust this system...
If cars or airplanes of a specific make keep crashing laymen are going to know pretty quick and will buy from its competitors. Same thing for the power grid, and the Internet, and pharmaceuticals.
But if done well, laymen would not know that the election was stolen. And it's not like you can go to the competition. Not only has the government a monopoly on elections, you cannot even escape whatever decisions it takes (no moving abroad is a not an option for most people).
There are other methods as well. I would explain it all, but I am not a cryptographer.
And that is the problem. To actually verify that these systems work as they claim you need PhD in cryptography which means 99.99% of the voters are left out in the cold. Plus having a working theory is one thing, letting voters make sure on election day that the implementation is not buggy and does not leak your votes to third-parties via a side-channel is another entirely.
For the first 100 or so years, voting in the US was open ballot. The only reason it changed was because there was a civil war. Corruption and vote fraud was much less with an open ballot, and so long as you aren't in a situation with armed insurrection, is clearly superior to the secret ballot.
Chile also had open ballots and was not in a state of civil war or armed insurrection. Yet, as soon as they switched to secret ballots the election results changed significantly.
You're forgetting whole cultures and communities where women don't have equal rights (no matter what the law says), and employers who have the will and the means to try and nudge the balance.
I think if you want an anonymous vote you should be able to vote on paper and if not then a verifiable digital vote. Leave the option to the voter.
Leaving the option to the voter is the same as leaving it to vote buyers and coercers.
One thing, no fucking chads.
Like Internet voting is the only solution to hanging chads. Guess what, in France we use paper and never had and never will get hanging chads!
I'm even in favor of getting rid of absentee voting for this reason. Lets have the polls open for 2-3 weeks, and offer rides a few of the days instead of mailing ballots back and forth. If you can't make it to an authorized polling place*, you don't get to vote.
You could start by having elections on a Sunday instead of having them on a day where almost no one has time to go and wait in line.
I want to reassure you that your identity is *ALMOST* certainly not tied to that number, if you vote in the U.S.
There, fixed that for you. You did not verify the code and hardware actually being used after all, right? (reminder: source code does no count for obvious reasons)
I can also verify that my vote was accepted for counting by checking online with the Secretary of State's office. If there is a problem I may have a chance to fix it depending on timing. All in all I'm confident that my ballot is secret and that it is being counted.
All you really know is that your vote has been received. They may have thrown it straight into the trash though. That you're confident it is secret and being counted just shows you're of a trusting nature and optimistic.
If a vote is represented by a cryptocurrency wallet balance, and votes are randomly distributed to voters via paper wallets(no visible unique markings on the outside of the wallets to independently distinguish them from any other), so long as deposit of wallets can be done anonymously(Tor etc.) then this is a highly secure auditable method of electronic voting.
So auditable that a) the state will know exactly how you voted and can send the secret police should you have voted incorrectly, and b) it can even save you the trouble of voting since it knows your wallet id.
Please remember that the whole point of elections is to peacefully overthrow the government in power.
How about instead we just have voting booth machines available at every Town Hall/Police Station, go in, put in your information (or scan your driver's license for it to be quicker) it uses facial recognition like the new automated passport machines, and leave it open for an entire month. So anyone can go vote the 30 days up to the election and the results are tallied that night.
Either these voting booth machines are entirely automated, which seems to be implied, and then it means the machine has both your vote and your id, meaning it violates the anonymity requirement; or you need to have not one but multiple clerks and party representatives manning the booth to ensure no one person can rig things, for a whole month which is going to be very expensive.
Either way the voting machine will need to be guarded day and night to ensure no one tampers with it, again by multiple individuals, again paid for a whole month, again very expensive.
Please explain what steps you have taken in your voting protocol to ensure that, on election day, any voter can verify that the voting software and hardware actually preserves his/her anonymity and prevents cheating. Don't forget to explain why allowing for this verification by any voter on election day does not introduce any opportunity for tampering. Please keep things short, let's say ~1000 words, start from first principles, and limit yourself to concepts understandable by all voters.
I'm sure every single mailed in vote is actually cast by the intended person and not by one person in the household "helping" or by churches rounding up the elderly to "help", or nursing home "helpers", etc.
That would be one-ballot-at-a-time election stealing. I'm not terribly worried about that; it would take such a massive program to alter 50,000 votes that way that this wouldn't be an effective way to steal an election. It's changing the entire count that I worry about.
Few elections are ever decided by ones and twos of votes. It's wholesale changing that is the problem.
In this case the worry is not so much one individual stealing an election, but entire categories of the population being denied their right to vote freely due to social factors.
There is a technology called blockchain nowadays. It's the only way to make online voting secure. Votes can be recorded into a blockchain in a way that no one else than the voter can see what the vote was and the record is unchangeable.
First, if only the voter can see what the vote is, then the government obviously cannot tally the votes, making the election impossible. Fortunately blockchains don't work like that: the transactions are public since the nodes must verify that they are valid.
Second, the voter must not be able to prove how he voted otherwise that opens the door to vote selling and coercion.
Third, voting must be restricted to citizens of age which implies that the government must maintain a list of the public keys of registered voters. Then it's trivial to use that list to de-anonymize all votes.
So no, blockchains are useless for traditional voting systems.
Exactly. Basically, you want voting to be as labor-intensive as reasonably possible. More labor means more people observing the system and making sure it's being run correctly and fairly. More people means more stability.
I would add the corollary which is that a more labor intensive process makes it necessary to bribe more people to successfully rig the election. This drives up the cost but also the risks: as the saying goes, once three people share a secret it's no longer a secret.
1) Open source everything from code to protocols to procedures.
Open-source is useless if you have no way to verify that it is the code being used on the computers on election day.
2) Have both public and commercial security assurance performed on everything.
Elections serve to peacefully overthrow the powers in place. So, as far as elections are concerned the government must never be trusted. So letting the government pick a select few to perform the security checks is no guarantee at all. Furthermore security audits are useless if they don't audit the software and hardware that is actually used on election day. But while it's possible to let a handful of people perform very basic checks on these up to election day, it is impossible to let the voters do so. In other words the voters have no way to verify anything.
3) Sign all software, both voter and server side. Use integrity checks everywhere.
Sign all software, including the signing software. Audit the compiler too, and the compiler's compiler (at the assembly level, not the source level), the operating system, the drivers, etc. If you skip any step it's all for nothing.
Of course on election day you must also verify that the computer is actually running the official software and not just software designed to print the official cryptographic checksums. So start election day by pulling out the hard-drive, putting it in a computer that you trust, and verifying its content with your software. Of course the observer next to you cannot trust your computer and software and thus will need to make the same checks using his own hardware and software, giving him an opportunity to hack the content of the drive after you have checked it.
4) Deploy physical tamper evidence on all servers and systems.
Which is moot due to the point above. Also seals are pretty easy to replace, particularly by the entity that stands the most to gain from a rigged election: the government. Finally seals make denial-of-service attacks trivial: just break the seal. Once someone points out the seal has been broken the computer and software must be thrown away and rebuilt from scratch, delaying the election.
5) Perform admin tasks only under public scrutiny. There will be enough nerds and enthusiasts who WILL gather to find flaws in your procedures and opsec; use them wisely.
Yay, everyone can see the admin typing ls and the expected result being displayed in the terminal. Just ignore the fact that there's a 3G card hidden inside the computer and hacker reconfiguring things remotely. Public scrutiny means nothing.
I have been on duty as an observer on electronic voting in my home country.
You've had the wool pulled over your eyes.
Wikileaks?
From TFA: "But experts in computer security maintain that nothing sent over the Internet is secure."
While I agree with the point he's trying to make about the issues with existing online voting systems, this hyperbolic statement is clearly wrong.
It's certainly possible to make Internet voting at least as secure as paper ballots.
You're mistaken on both points. The only things we know how to make somewhat secure are things that are not secret. For instance when you buy something online the store knows what you bought, provides you with the means to prove what you bought, and the bank knows your identity, that of the store and the amount of the transaction. Even so you're not protected from a store taking your money and never shipping the product. But at least, all this data can be used to prove the existence of the transaction and resolve conflicts.
But voting is different: not only must the state not know how you voted, but even you must not be able to prove how you voted. Furthermore you cannot trust any state-provided software because they are both judge and party and are the ones with the most to gain from a rigged election. This makes all the standard techniques used to keep things online secure unusable.
Back to the analogy, it's as if you wanted to build an online store that would only let registered customers (citizens) buy stuff, but have no knowledge of what they bought (how they voted), and not let them prove in any way what they bought (to prevent vote selling and corercion). Furthermore the people running the store would stand to gain a lot by cheating their customers, and there would only be one such store (your country) so you could not even rely on an reputation system to weed out bad actors.
There is no point hacking electronic voting computers if the result is not plausible. That's why anyone rigging the election will not make their candidate win with 99% of the votes. But even a candidate winning with 50.5% of the votes is implausible if he normally gets 5% of the votes. And implausible results trigger investigations, lawsuits... and reelections. That's no good.
So the first step is to rig the campaign so that the result you want will at least seem plausible. You can do that by helping your candidate, disrupting its opponents, or at least causing enough of a disturbance to make the result seem uncertain.
Hacking the DNC can do all that: discreetly leaking select information to his team can help them optimize their communication without even realizing who is the source ; the gathered information can also been used another team to disrupt the Democrats campaign ; and then making the leak public when it's no longer useful can cause enough of a disturbance to further muddle things up. No well softened, the public will be ready to accept any result.
Of course this is just a conspiracy theory. But today Trump is seen as having a good chance of winning the elections which seemed totally unrealistic not so many months ago. Just saying... So if he wins you'll now stage 2 was successful too ;-)