[pp.int.general] Online voting versus online discussion

Eduardo Robles Elvira edulix at gmail.com
Tue Dec 11 20:11:45 CET 2012 

Hello everyone:

I have to agree with Thomas in the sense that end-to-end auditable
voting systems allow anyone to universally verify that there was no
fraud. I have studied the stuff down to the mathematical level and
this shit works. Cryptographers can tell you that too.

There are some issues of course. First of all, it's also true that one
cannot trust the same way secure bank transfers as secure voting. Ben
Adida, a quite good cryprographer explains this in the talk I
referenced [1] Secure secret voting is like having to trust your bank
when you cannot have a direct look at your account.

You can verify that the whole process went correctly, the votes were
correctly tallied, the result is correct, there was no fraud in that
part. That's something that specialists and cryptographers can assure.
Even each voter can see that their vote-id (a hash) is there, and is
being counted.

BUT another issue is that the machine from which the vote was emitted
might have been compromised, so your vote, which was correctly casted
and counted, might have been altered before being sent. And that's a
big issue. Or it might have not been altered, but sniffed so it's not
secret anymore.

And of course if you vote via Internet, there's also the issue of
coercion. Which btw can also happen if you vote by mail and few people
are complaining about it.

There are ways to mitigate a bit all these problems in one way or another:
* You can allow to vote any number of times (so that if you were
coerced, you cna change your vote), helios voting does this
* You can try to control the whole software/hardware stack, using
"automatic vote dispensers", or giving away really secure systems like
a configured qubes-os for voting in pen drives (but then there's the
matter of trust - who gave you the pendrive?)
* If you worry about massive automatic fraud, you can apply divide and
conquer, creating different elections with different set of
authorities (which have the private keys of the election and in which
reside the secrecy of the vote)
* etc etc

Security is a state of mind folks, and we can be very paranoids - and
for good reason. But electronic voting is fun because of that!

Regards,
     Eduardo
--
[1] https://air.mozilla.org/wheres-my-vote/

More information about the pp.international.general mailing list