In France, a Showcase of What Can Go Wrong With Online Voting 177
Bruce66423 submits a report from The Independent, writing that "a French primary election is made the stuff of farce after journalists defeat the 'secure' election system." From the article: An 'online-primary,' claimed as 'fraud-proof' and 'ultra secure,' has turned out to be vulnerable to multiple and fake voting. The four-day election has also the exposed the poisonous divisions created within the centre-right Union Pour un Mouvement Populaire (UMP) by the law permitting gay marriage which took effect last week. ... What was already shaping up as a tense and close election was thrown into utter confusion at the weekend. Journalists from the news site Metronews proved that it was easy to breach the allegedly strict security of the election and vote several times using different names."
Working as planned (Score:5, Insightful)
I like this system. Each vote costs €3 and you can vote as often as you like. In other countries money buys you access, influence and power but we pretend that everyone is equal. France sweeps away the hypocrisy and makes it explicit: mo' money, mo' votes.
Vive La France, Vive La Révolution!
Designed Poorly (Score:5, Insightful)
Clearly its not that internet voting cannot work, its that this was implemented poorly, credit cards are easy to get your hands on, what really matters is the vote verification. Nothing prevents a person from stealing vote by mail ballots, and using a fake signature to send in the vote, whether the vote is tallied is another matter.
Now if you used multi-factor verification, along with biometrics (webcam photo) and IP logging, you would be able to sample and defeat fake votes.
UMP centre-right!? (Score:5, Insightful)
Maybe centre-right by American standards, but more like borderline far-right by French ones.
Oxymoron? (Score:5, Insightful)
Missing case (Score:4, Insightful)
The lesson that will be learned (Score:5, Insightful)
Re:Oxymoron? (Score:3, Insightful)
Online voting is inherently unsafe even if it can be proven that each person can cast one (and only one) vote. Without online voting, people go to the voting booth and put their votes in, either electronically or on ballot. No one can see who votes for whom. With online voting, your vote can be forced by others in authority. Your church, your parent, your , even your local criminal organization. Since an authority figure can oversee and insist on you voting in a way they prefer, without in-place measures protecting that vote and ensuring its confidentiality, an online vote can never be made safe.
What's wrong with "normal" voting? (Score:5, Insightful)
Re:Designed Poorly (Score:4, Insightful)
Re:What's wrong with "normal" voting? (Score:5, Insightful)
The right question to make is not this one, though. It is: "Is there a way to achieve both anonymity and security"? The answer is unfortunately no. That is true for normal, paper voting as well, by the way.
The main difference is that electronic voting, and in special online voting, is easier to be tampered with in large scale, and paper voting is easier to be tampered with in smaller scale.
Re:Oxymoron? (Score:4, Insightful)
It isn't possible, because you can no longer have any reasonable guarantee that there was no coercion. You need to control the location the vote is cast.
Shouldn't that disqualify absentee voting? Frankly, I see no difference between Internet voting and voting by mail when it comes to security. The best way to eliminate voter fraud is to have all votes be in person with ID checked and visible mark (purple finger, for example) that can be used to identify who has already voted and can not be removed within the time frame that the polls are open. The only excuse for voting remotely should be if the voter is physically unable to make it to the polls, and even then, physical confirmation must be made of the handicap in question and the vote should be cast with a verified poll worker present.
Re:Designed Poorly (Score:5, Insightful)
Paper-and-pen voting solves this problem by first identifying the person, handing the person a non-identifyable sheet of paper, the ballot, let the person vote in secret and then keep the vote in a closed box until the counting. (And the problems surrounding pen-and-paper-voting like ballot stuffing can be managed by making everything of the voting box except the actual voting public.)
Re:Oxymoron? (Score:5, Insightful)
(Replying as AC because I'm also moderating)
Even if the system is, in fact "perfect" - and even if you could somehow avoid the possibility of coercion - you've still got a HUGE problem: how do you convince the general public that the system IS actually secure? Most people aren't nearly technically savvy enough to figure it out for themselves, or even to really understand the difference between "secure crypto" and "insecure crypto" even if you carefully explain it to them. And telling them that it's all OK because a bunch of hackers designed and/or reviewed the system isn't going to cut it, no matter how much of a good idea that might be in theory or even in practice.
The fact is, if a non-trivial group of people think the system was hacked, you've got a credibility problem REGARDLESS of whether or not it was hacked. Unfortunately there are distressingly large numbers of people willing - even eager! - to believe all sorts of wacky conspiracy-theory shit (google "chemtrails"). With a traditional in-person paper system you can at least demonstrate that massive fraud is impractical. With an online system there's simply NO WAY to convince people that massive fraud DIDN'T occur.
Re:Designed Poorly (Score:3, Insightful)
Re:Oxymoron? (Score:3, Insightful)
There is a countermeasure to coercion. Allow people to vote as many times as they like; only the last vote counts. If you are forced to vote for Eve, you vote again later in the afternoon, for Alice.
Your boss would have to keep you locked in until the poll closes to prevent you from overriding the forced vote with a later vote. It would be hard to do that with enough people to change the election outcome, without it becoming very evident.
Add another provision: When you vote electronically, the computer shows you ten pictures and you have to select one. When you vote next time, you are shown ten pictures including the one one you selected. You have to select the same picture as last time to override the previous vote. The system does not tell you if you picked the right picture. If your boss forces you to vote five minutes before the poll closes, you select a different picture, and that vote is not valid. Your boss may force you to select a particular picture, but his chances of picking the right one will be just 10%. He could force you to vote ten times, but there could be timeout rules to make that hard.
Add a third provision: You may also vote in person at any police station, school, or any one of a number of places, and not just on election day, similar to absentee votes. A vote in person overrides votes over the Internet even if the Internet vote was issued later. If you suspect that you may be forced to vote for Eve just before the poll closes, vote in person early.
Re:My favorite UMP moment.... (Score:4, Insightful)
What you can do then in your country is to vote the bastards out and watch them flail and squirm amongst themselves--let the infighting start!
In many countries there has been great progress once the Party of Power is excised from government; and in 4-8 years they can come back, chastised, leaner, and closer to their original centre-right christian democrat ideals, with the powermongers retired or in jail.
IMPORTANT: this mechanism only works in democratic countries with a representative voting system, i.e. the entire democratic world except for commonwealth (US, UK, Canada and Australia IIRC). So in order to let this cleansing mechanism work you must first change the constitution so that every party with more than 3 or 5% of the popular vote can get in governing coalition. For the US this would probably mean a Green Party government with the Republican-Democrat Power Party in opposition. It may seem a bit far-fetched this century, I admit...