The consensus of both high-assurance security and top minds in general INFOSEC is that voting shouldn't be done with computers or shouldn't exclusively rely on them. They're black boxes connecting via black boxes with endless ways to be attacked. I've noticed all the ways that protect them from that just make the process more incomprehensible to both lay people and technical people. The paper ballots or hybrids where electronics spit out a human-verified one are best schemes. Fewer forms of fraud that are easier to detect by massive numbers of people. Better to just improve those systems.
Far as hybrids, the Scantegrity scheme was always interesting to me as the human-visible steps are straight-forward:
Prior studies showed even it had usability problems. Someone interested in secure voting might want to tackle those for it or other stuff in the related work section.
Yes -- in this modern world where so many things are being made more convenient by doing them electronically/over the Internet, it's tempting to think that voting should be another such thing. But it has to be held out as an exception. This is one case where the old technology of paper is better.
It's not just a technical problem. With online voting, somebody can be forced to make a certain vote, for example, at gunpoint. Or blackmailing, bribing, et cetera.
Not only that, paper ballot voting scales well, creates jobs for people, and leads to increased trust in the system, since people are directly involved. Who does electronic voting benefit?
This all seems beside the point. So what if I can verify that my vote is correct? How does that stop somebody with access to the software/machines from tampering with the vote tallies?
I have worked as an election scrutineer for a political party. You just can't beat having several people standing there -- each representing a different political party -- watching each ballot be unfolded and counted, confirming the exact count for each candidate, contesting any spoiled or rejected ballots, recording an independent copy of the vote totals for all candidates, and signing off on the official vote total.
The fact that each ballot box has multiple eyewitnesses and that all of the counted ballots are sealed in a signed envelope makes the whole process very transparent and easy to audit. None of this is true to anywhere near this extent for electronic voting.
In California over half of ballots are sent in by regular, old fashioned, snail mail via the USPS. I have no handshake saying my ballot was received, no proof that someone at USPS or with easy access to USPS shipping infrastructure (e.g. the mail trucks that don't get locked when the mail man goes out) doesn't swap in a different ballot, or any assurances that again someone isn't correlating my name and address with the ballot I mailed in. All these problems are mostly solved just by using something like HTTPS.
Now the biggest problem is how secure people perceive the voting process to be. And since most people don't really understand how these things works there will be huge room for conspiracy theories to arise about vote hacking. This in turns undermines the democratic system. I've talked to many people who actually feel more secure sending in their credit card details over the POTS or by mail, not understanding that these systems are even less secure, even after explaining to them the vulnerabilities.
I know very little about security but couldn't a system be created like git, where for every vote the voter gets a sha of his vote?
That way she can later verify that in his section repository his vote is still there and has been counted. Of course the mapping sha1 <-> voter will be anonymous, but this way everyone can see all the votes.
This doesn't solve the problem of some hacker adding votes on top of the legitimate ones though.
yes they can. there are a few proposals around end-to-end verifiable voting.. with a "privacy preserving" verification.
This means that you can verify that you voted from whom you thought... but nobody can force that knowledge from you at gunpoint.. even if they had the verification token.
Some of the famous ones are Scantegrity (proposed by Ron Rivest) and Punchscan.
There is a practical advantage to being unable to confirm your own vote: if someone tries to buy votes people could just take the money and still vote anyway they choose since there is no way to prove afterwards that you didn't vote that way.
Anonymity is important, but the hashing is an issue because somehow the hash is created, and that is just as much a black box issue as the rest of the chain.
why can't the voting machine print a receipt with a unique random number for each instance? why can't every voter get an alphanumeric-ID that has nothing to do with his last/first names? This way the whole voting record can be listed publicly, searched and verified by all those who voted just like a lottery ticket to some extent. Technically there are so many ways to double-check the election correctness but none is implemented, why? just a dumb machine that my input is going to /dev/null without any way to check the return/error code?
The US used to be an epistocracy [0], and the result was disenfranchising racial minorities for decades. The testing system was deeply racist, and basically prevented black people from voting. The battle to eliminate the tests was long and hard and continued until a deeply divided Supreme Court upheld the Congressional nationwide ban on literacy tests in 1970, in Oregon v. Mitchell [1]. Although I dislike it when people cast uninformed votes, I would fight for their right to do so if it ever again came into question.
Let me guess, although you say "[the] right to vote should be restricted to those with knowledge" you did not have sufficient knowledge of the US's past as an epistocracy. Which makes me smile; you definitely wouldn't pass _my_ knowledge test :)
You're being downvoted heavily for this and it's easy to see why. The arguments against an epistocracy are numerous and in my opinion unrefuted, the core point being, who determines the epistocrats [0]?
And yet you yourself have in your own profile this quote:
"If you don't read a newspaper you are uninformed. If you do read a newspaper, you are misinformed."
Also, the article you linked to ends by saying Of course, any epistocratic system would face abuse. and but epistocracy tries to make sure the informed many are not drowned out by the ignorant or misinformed many.
But this is why we have multiple levels of government, checks and balances, and civil society.
[+] [-] nickpsecurity|9 years ago|reply
Far as hybrids, the Scantegrity scheme was always interesting to me as the human-visible steps are straight-forward:
https://people.csail.mit.edu/rivest/pubs/CCCEx09.pdf
Prior studies showed even it had usability problems. Someone interested in secure voting might want to tackle those for it or other stuff in the related work section.
[+] [-] ScottBurson|9 years ago|reply
[+] [-] amelius|9 years ago|reply
Voting offices protect against this.
[+] [-] echlebek|9 years ago|reply
[+] [-] chongli|9 years ago|reply
I have worked as an election scrutineer for a political party. You just can't beat having several people standing there -- each representing a different political party -- watching each ballot be unfolded and counted, confirming the exact count for each candidate, contesting any spoiled or rejected ballots, recording an independent copy of the vote totals for all candidates, and signing off on the official vote total.
The fact that each ballot box has multiple eyewitnesses and that all of the counted ballots are sealed in a signed envelope makes the whole process very transparent and easy to audit. None of this is true to anywhere near this extent for electronic voting.
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] jdavis703|9 years ago|reply
Now the biggest problem is how secure people perceive the voting process to be. And since most people don't really understand how these things works there will be huge room for conspiracy theories to arise about vote hacking. This in turns undermines the democratic system. I've talked to many people who actually feel more secure sending in their credit card details over the POTS or by mail, not understanding that these systems are even less secure, even after explaining to them the vulnerabilities.
[+] [-] pgz|9 years ago|reply
That way she can later verify that in his section repository his vote is still there and has been counted. Of course the mapping sha1 <-> voter will be anonymous, but this way everyone can see all the votes.
This doesn't solve the problem of some hacker adding votes on top of the legitimate ones though.
[+] [-] sandGorgon|9 years ago|reply
This means that you can verify that you voted from whom you thought... but nobody can force that knowledge from you at gunpoint.. even if they had the verification token.
Some of the famous ones are Scantegrity (proposed by Ron Rivest) and Punchscan.
https://en.m.wikipedia.org/wiki/End-to-end_auditable_voting_...
[+] [-] esrauch|9 years ago|reply
[+] [-] ChefDenominator|9 years ago|reply
[+] [-] ausjke|9 years ago|reply
[+] [-] known|9 years ago|reply
[+] [-] owenversteeg|9 years ago|reply
Let me guess, although you say "[the] right to vote should be restricted to those with knowledge" you did not have sufficient knowledge of the US's past as an epistocracy. Which makes me smile; you definitely wouldn't pass _my_ knowledge test :)
[0] https://en.wikipedia.org/wiki/Literacy_test
[1] https://en.wikipedia.org/wiki/Oregon_v._Mitchell
[+] [-] wlkr|9 years ago|reply
[0] https://link.springer.com/article/10.1007/s11158-012-9179-1
[+] [-] TheSpiceIsLife|9 years ago|reply
"If you don't read a newspaper you are uninformed. If you do read a newspaper, you are misinformed."
Also, the article you linked to ends by saying Of course, any epistocratic system would face abuse. and but epistocracy tries to make sure the informed many are not drowned out by the ignorant or misinformed many.
But this is why we have multiple levels of government, checks and balances, and civil society.