I have a way to make it better. I think combining old-fashioned checks and balances, with technology controls can make online voting about as secure as it is today (maybe more) and anonymous.
To make it anonymous, its really just a password. When a user registers to vote, they create an online account. On the days that a user votes, they log into their account and create a ballot. They then create a password for the ballot. This password hashed with a salt, and than hashed with their registration id becomes the unique id of the ballot. This way, at any time a user can login and view their vote... but that vote is not reversible to the voter.
Now for the checks and balances. 3rd party non-governmental parties should have a real-time replication of all data. (it's like an exit poll, but more reliable). Any time a registered voter creates a ballot, 2 things happen. An email is sent to the record holder, and a mail is sent to the address on record. Combine this with a public viewable record of all votes + registered voters who voted online (this information is already public) we should have a good idea at what business is going on.
Perhaps we can't prevent hackers, but this should be sufficient to know if a hack occurred. Of course, all software should be open source, so we can continue to make it more secure.
I think it's more secure than what is available today because today, I can't look at what is on public record as my vote. If someone changed it after I cast it... I'd never know.
If I knew someone would use it, i'd write the software.
Electronic voting is an entire field of research. As with cryptography, do not come up with your own methods.
Here are some problems with your method: allows coercion (is not receipt-free), violates vote secrecy (attacker can just force voter to reveal password), allows ballot stuffing, allows partial results (no voting under equal circumstances), probably completely relies on server for "security" of passwords, salted hashing orly?, hash tied to voter by timing info, ...
There are voting schemes (the more sophisticated ones are cryptographic, but interestingly there are non-cryptographic voting schemes like Punchscan that have interesting properties) that address these. But it gets fairly complicated fairly quickly, and at some point normal voters won't be able to make sense of them. The cryptographic voting schemes also tend to get computationally unwieldy, e.g. by requiring huge mixnets.
Using interactive proofs you can know that the machine won't modify your vote, and using zero-knowledge proofs plus a distributed key you can decrypt and randomize, being certain that votes haven't been lost and without revealing whom people voted for.
Additionally with a public ledger like the blockchain, you can be certain that your vote is there (checking your signature), and when votes were cast.
Using something like colored coins you can ensure that no additional votes are created.
The problem that I do see with remote voting is that I could be right next to you when you vote and coerce you to vote for the person that I want
Natanael_L I just skimmed through it but will read it later today. I worked on a prototype earlier this year implementing the blockchain part, not secure yet, specially it doesn't implement the end-to-end encryption. Anyhow you can read about it here and there is a link to the video of the prototype https://medium.com/@jagbolanos/votosocial-org-towards-an-e-v...
Well we already have mail-in voting and coercion could happen at some shadier physical locations.
Would it be possible to add another vote that invalidates the first, but preserves anonymity? Then there's no guarantee that someone doesn't just revote.
You could make it anonymous - the unique combination of your vote, your key, and the election blockchain could produce a password unique to you. This would allow you to verify that your vote was counted, but would not allow anyone else to do so - if they coerced you, you could run your key, the blockchain, and the opposite vote and produce a different password and your attacker would be none the wiser.
But then if you find that your password has changed, how do you prove it? I don't think there's any way to prove election fraud without violating election confidentiality, even for paper ballots. How do you propose stopping election fraud with paper ballots? The current defense is merely "it is hard."
In the end of the day, my vote is signed, and any of the bailout checkers can discover who I voted for. Also, I can not total the votes and verify their result.
There are electronic means if you're a crypto-nerd, but for the general public, paper ballots suit. You know your vote is marked to your preference when you put it in the box, and no-one can make you prove it one way or the other. You should also be able to stick around (or get someone to stick around for you) and confirm that the box you used is included in the counting, should you desire to.
I've been talking with people involved in elections in Honduras and they explained a technique that is normally used for paper ballots. It's called "La Cadena" (the chain) and it works like this.
A person goes to the voting center and gets a ballot
That person goes to the booth and marks the ballot
That person skips entering their ballot and goes out
Shows the ballot to the coercer, verifying the vote
The coercer gives the ballot to the next person
The next person gets another ballot and has the previous one hidden.
That person introduces the new ballot, hides the old one and goes out.
And the chain goes on.
Apparently it's a common way to coerce votes in low income urban areas and rural areas. You only need distraction or complicity from a person from the voting table and it's hard to detect.
Another common issue is vote stuffing.
On the philosophical part, it is in the end a human problem, but with technology at least you should reduce the possibility of cheating
An interesting tactic, but that kind of coercion would also work with online voting - standover men forcing you to vote on their computer, where they can see and track you. I imagine this would be particularly effective in poorer areas with less access to computers.
Complicity is always going to be hard to work around (it's the primary fault vector of electronic voting), but it seems 'the chain' wouldn't be too difficult to detect - the standover men would have to farm the ballots from the outgoing people and get them back into the line going in (but again, complicity to look the other way...)
Vote stuffing is easy to workaround - have the ballot papers custom-marked as they're handed out.
> technology at least you should reduce the possibility of cheating
Technology also opens up lots of new avenues for cheating. It also has the problem of not being understandable by the layperson if they have to manage it in any way at all.
It's also trivially easy to defeat this. Here in Canada, your ballot has a counterfoil with a number on it. That number is only removed immediately before you deposit your vote into the ballot box. This ensures that the ballot you deposit is the same one you were given by the polling clerk.
Electronic voting of any kind is dangerous, it's amazing how much trust is used in any voting but how little can be afford when it's electronic (online or in person machine based).
Are you saying you would be able to look and see what you voted for or just a hash of your vote? One important part of a secret ballot is that you can't sell your vote OR prove who or what exactly you voted for. (This is prevented by vote-by-mail ballots which could theoretically be sold, but it's worth considering for future systems.)
There's an important property of democratic voting that you're missing: Not only Computer Science PhDs with cryptography experience should be sure their votes aren't manipulated, everyone needs to be.
Stops Secrecy in Vote Tabulation: OVC has a team of scientists ready to program computer software for voting machines and electoral tabulation that would be publicly owned or open source. Open source software could be checked by any party or group by hiring a capable computer programmer.
Provides Paper Trail: The OVC recommended procedure for tabulating elections relies on a paper ballot that is then fed through a scanner into a locked ballot box so that all originals are saved in case of the need for a recount or audit (See Sample Ballot).
Scientifically Verifiable: In addition to open source voting machine and tabulation software, the Open Voting Consortium is also working on a database checklist for standard practices in vote tabulation that would assure transparency and accountability. Some aspects of the OVC concept will soon be enfolded into California legislation.
Saves Money: Typical voting machines cost between $2,000 and $3,000, but OVC open source software could be run on any personal computer (PC) and ballots could be printed on a normal printer. OVC envisions PCs with tamper-proof cases as the new voting terminals at a savings of hundreds or thousands of dollars per terminal.(See page on OVC Cost Analysis).
Interesting. I'm no subject expert so I can't critique this, but it sounds better than other online voting systems I've heard. I like the checks and balances in place too.
Now I only skimmed this article, but I feel like most people who argue against online voting use arguments about how insecure it is that already apply to what's happening right now (voting software is a black box, can be hacked, etc etc, this also describes current voting machines). The only difference is there isn't a single voting db or site somewhere for people to manipulate a large number of votes (which like you said is protected as long as people can verify the open software / data).
Yes paper does have indelible properties but paper doesn't scale well, and having a paper counting machine introduces the same black box that people use as argument against current voting machines. Yes security is an issue, but scalability is also an issue.
To make it anonymous, its really just a password. When a user registers to vote, they create an online account. On the days that a user votes, they log into their account and create a ballot. They then create a password for the ballot. This password hashed with a salt, and than hashed with their registration id becomes the unique id of the ballot. This way, at any time a user can login and view their vote... but that vote is not reversible to the voter.
Now for the checks and balances. 3rd party non-governmental parties should have a real-time replication of all data. (it's like an exit poll, but more reliable). Any time a registered voter creates a ballot, 2 things happen. An email is sent to the record holder, and a mail is sent to the address on record. Combine this with a public viewable record of all votes + registered voters who voted online (this information is already public) we should have a good idea at what business is going on.
Perhaps we can't prevent hackers, but this should be sufficient to know if a hack occurred. Of course, all software should be open source, so we can continue to make it more secure.
I think it's more secure than what is available today because today, I can't look at what is on public record as my vote. If someone changed it after I cast it... I'd never know.
If I knew someone would use it, i'd write the software.