Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security The Internet Politics Technology

In France, a Showcase of What Can Go Wrong With Online Voting 177

Bruce66423 submits a report from The Independent, writing that "a French primary election is made the stuff of farce after journalists defeat the 'secure' election system." From the article: An 'online-primary,' claimed as 'fraud-proof' and 'ultra secure,' has turned out to be vulnerable to multiple and fake voting. The four-day election has also the exposed the poisonous divisions created within the centre-right Union Pour un Mouvement Populaire (UMP) by the law permitting gay marriage which took effect last week. ... What was already shaping up as a tense and close election was thrown into utter confusion at the weekend. Journalists from the news site Metronews proved that it was easy to breach the allegedly strict security of the election and vote several times using different names."
This discussion has been archived. No new comments can be posted.

In France, a Showcase of What Can Go Wrong With Online Voting

Comments Filter:
  • by Black Parrot ( 19622 ) on Sunday June 02, 2013 @04:21PM (#43891227)

    Journalists from the news site Metronews proved that it was easy to breach the allegedly strict security of the election and vote several times using different names.

    Adds a new meaning to "vote for me".

  • Working as planned (Score:5, Insightful)

    by Anonymous Coward on Sunday June 02, 2013 @04:24PM (#43891235)

    I like this system. Each vote costs €3 and you can vote as often as you like. In other countries money buys you access, influence and power but we pretend that everyone is equal. France sweeps away the hypocrisy and makes it explicit: mo' money, mo' votes.

    Vive La France, Vive La Révolution!

    • by manu0601 ( 2221348 ) on Sunday June 02, 2013 @07:52PM (#43892511)

      I like this system. Each vote costs €3 and you can vote as often as you like. In other countries money buys you access, influence and power but we pretend that everyone is equal. France sweeps away the hypocrisy and makes it explicit: mo' money, mo' votes.

      This election is not ran by the French Republic, it is ran by one political party in city of Paris, to decide what candidate they will have for next Paris mayor. It does not reflect France position on electronic voting.

      • by hcs_$reboot ( 1536101 ) on Sunday June 02, 2013 @10:11PM (#43893047)
        Moreover, the voting system was not well designed: just by knowing the name, address and birth date of someone (eg someone from another party, not likely to vote during UMP primaries), and paying €3, one could vote several times... Sadly, that botched voting system gives the impression the electronic vote is a lost cause. That reminds me of a Windows to Linux migration in a big administration where the migration and training where so badly implemented that people where reluctant to work on Linux, and the whole gave an impression of a big failure.
        • by devent ( 1627873 )

          OT: Friendly reminder, please look up the words "where", "were" and "was".
          I'm no native English speaker but I think this is what you mean:
          > ... where the migration and training _was_ so badly implemented that people _were_ reluctant to work on Linux,

          • Hey! Danke schön! Usually I watch my where / were / was but for some reasons everything went where even where I didn't intend to wear a where for a were.
            Thanks mate.
      • by Meeni ( 1815694 ) on Monday June 03, 2013 @03:50AM (#43894127)

        The official republic electronic voting system (reserved for consulate registered voters so far) has never been breached (that is known of). I have some reservations about e-voting (for lack of accountability and falsifiability by the random citizen), but being weak and easy to compromise doesn't seem to be the most important problem for the particular implementation. However, it is hard to use, and I know many voters that gave up voting because it was to difficult to have the voting system to work on their computer.

        UMP (which is conservative right party) is reckoned for hiring the worst people to do any sort of techno job and ridicule themselves in dub-songs when trying to be cool on facebook. That would be just another milestone in their long history of hiring the nephew of some big shot, because he "knows computer", for 100k euros of public funds.

        Moreover, the paper ballot vote at the last UMP president election also got seriously rigged. There was a 2 month period where the two prominent candidates claimed victory (and it seems that the one that cheated the most is still the ongoing president of the party... ). So in some sense, a weak system is not a bug, for the elections of this party, it's a feature.

        • by fgouget ( 925644 )

          The official republic electronic voting system (reserved for consulate registered voters so far) has never been breached (that is known of).

          First that system belongs to Scytl [scytl.com], a Spanish company so the government has little control over it. Second it has been breached:

          • * First it had an SQL Injection vulnerability [paulds.fr] in the online support page (handled by Atos [atos.net]). The person who reported this wisely did not further exploit it to see which other systems this would give him access to.
          • * Then there is this paper [scribd.com] shows it's easy to change the Java client so it modifies the user's vote before submitting it. There is also a video [youtube.com] and a recipe for exploitin [degroupnews.com]
          • by Meeni ( 1815694 )

            Thanks for the nice additions. It is a shame that you didn't got more mods up.

            I did not know of the first exploit. Thanks for lighting it up.

            I had read the scribd paper. It is not a problem with the vote but with the security of the user terminal. Obviously all systems are subject to this, even voting on electronic booth at the poll station (where on top of it, officials and their minions have physical access to the device).

            The 3rd bug is more a glitch than a real problem, but I get your point that security

  • Designed Poorly (Score:5, Insightful)

    by starworks5 ( 139327 ) on Sunday June 02, 2013 @04:29PM (#43891279) Homepage

    Clearly its not that internet voting cannot work, its that this was implemented poorly, credit cards are easy to get your hands on, what really matters is the vote verification. Nothing prevents a person from stealing vote by mail ballots, and using a fake signature to send in the vote, whether the vote is tallied is another matter.

    Now if you used multi-factor verification, along with biometrics (webcam photo) and IP logging, you would be able to sample and defeat fake votes.

    • Re:Designed Poorly (Score:4, Insightful)

      by Coeurderoy ( 717228 ) on Sunday June 02, 2013 @05:03PM (#43891499)
      The only way Internet voting can work is if you launch a brand of transparent urns called "internet" and use them for manual voting. No amount of biometrics will ensure that a vote is not a "family vote". And that is before you factor in the fraud issues.
    • Re:Designed Poorly (Score:5, Insightful)

      by Sique ( 173459 ) on Sunday June 02, 2013 @05:43PM (#43891781) Homepage
      Internet Voting can not work for a simple reason. Internet Voting has to both ensure that each person which votes is clearly identified to make sure the person is eligible to voting and at the same time can not be identified to make sure the voting is secret, at the same time clearly identify the vote to make sure it is counted only once and at the same time not making the individual vote identifyable to keep the voting secret.

      Paper-and-pen voting solves this problem by first identifying the person, handing the person a non-identifyable sheet of paper, the ballot, let the person vote in secret and then keep the vote in a closed box until the counting. (And the problems surrounding pen-and-paper-voting like ballot stuffing can be managed by making everything of the voting box except the actual voting public.)

      • Re:Designed Poorly (Score:4, Informative)

        by linnumees ( 1147107 ) on Sunday June 02, 2013 @06:47PM (#43892173)

        Yes it can.

        Estonia has a smardcard-based ID card that can be used for authentication and digital signatures (two different keys). The latter is legally as good as your handwritten one which means you can build all sorts of services on top of that, elections are just one of them. The vote is encrypted with the public key of the current election, signed with the ID card and sent to a central server. Later, the double votes are removed according to the list of people who voted on the election day (so if you were forced to vote for someone and your ID card taken away, you can just grab your passport and go vote again using the "old" method), votes are separated from the signed container, moved to a physically different machine, decrypted and counted. Anyone can go and see how all the process is done.

        See http://www.vvk.ee/voting-methods-in-estonia/engindex/reports-about-internet-voting-in-estonia/ [www.vvk.ee] for details.

        • Re: (Score:3, Insightful)

          by Yoda222 ( 943886 )
          I force you to vote for what I want in front of me on internet using your ID card and I threat you that if I see you going at the voting place the day of the election I put your sex tape on the internet, or I kill you, or anything between these two options.
          • You don't even have to watch to see if he goes to the voting place, all you have to do is to confiscate his passport on the voting day, you can even return it to him the next day.
          • I agree that this can happen but to be able to change an election you'd typically have to change thousands of votes. That kind of coordination would be hard to hide and is the reason why all the GOP hair pulling about possible current voter fraud is stupid.

            As a safety measure you set up two tiers of priority voting kiosks. The first tier kiosks would be in public places but provide privacy so that no one can see your vote. The second higher tier kiosks would be in official government locations and would req

        • by fgouget ( 925644 )

          votes are separated from the signed container, moved to a physically different machine, decrypted and counted.

          Let me correct that: "the government tells you that votes are separated from the signed container, moved to a physically different machine, decrypted and counted. Now, tell me, who has the most to lose in an election? Is it not those in power who just happen to be the ones organising the election?

          Anyone can go and see how all the process is done.

          And what can you see? A bunch of computers humming away? How do you know they are counting votes and not mining bitcoins?

      • by Meeni ( 1815694 )

        What the French republic implementation does (not the bogus system described in this article, that pertains to a particular party internal votes only) seems to enable verifiable anonymous votes.

        You receive credentials in a split fashion. Half comes in the mailbox as paper. The second half is sent to a personal device (email is possible, but sms is preferred). If you want to prevent somebody to vote for you, just have your credentials sent to your personal phone, even if the family head receives the mail cre

        • by Meeni ( 1815694 )

          Addition:
          * physical coercion is possible to force somebody to vote. It is always a possibility as soon as voting happens outside of a controlled ballot room. So even split credential is not a definitive solution to the issue of forced/bought votes.

          I fail to see the benefit for the general voting body. IT makes sense only for citizens that cannot otherwise access a physical ballot due to distance (think deployed military personnel, nationals leaving in foreign countries, etc).

    • Is that really how mail votes are handled in your country? In Sweden the mail votes are handled exactly like on election day, the same checks etc so it's not possible to just fake a signature.
  • UMP centre-right!? (Score:5, Insightful)

    by loufoque ( 1400831 ) on Sunday June 02, 2013 @04:29PM (#43891283)

    Maybe centre-right by American standards, but more like borderline far-right by French ones.

    • It means "...either conservative (Catholic, etc.) and/or supporting neoliberalism."

      http://en.wikipedia.org/wiki/Category:Right-wing_parties_in_France [wikipedia.org]

      Not quite the same as the US right wing.

    • There is one big difference between US and French parties: in France, not even once the president ever pronounce the word "god"...
  • Oxymoron? (Score:5, Insightful)

    by jasnw ( 1913892 ) on Sunday June 02, 2013 @04:29PM (#43891289)
    Is "safe online (PUT YOUR SERVICE HERE)" as much an oxymoron as the much-malinged "military intellegence" back in the '60s? I see lots of stories about both sides of online voting, but I've not seen an answer to the basic question of "is it possible to have a safe hack-proof online voting system." I don't mean an assessment of whether Siebold or any of the other idiots in this market have fool-proof systems, but whether or not voting can be done safely online even if Brother Stallman designed it. My own feeling is that it's like putting something critical such as access to power grids online - not a good idea unless there's no other way to get what you need. I don't really see what's so hard about schlepping down to your local school and voting once a year or so. If that's too hard for you, don't bother voting because the hard work of making an informed choice is likely beyond your capabilities as well. (Does not apply to people who can't get to a voting booth for several of many good reasons, and mail-in ballots has worked for these people for decades.)
    • I would like to believe it is possible to create a online voting system as safe as the physical one. I'm not saying hack-proof, because humans are in the equation and we know how they are prone to always screw things up... But as safe as the physical it should be possible. I would add, then, to you question: is it possible to make such safe system easy/simple to use in a sensible time-span?

      I do, however, agree on your feeling that perhaps even if we could, it would be better if we did not. Just as I don't

      • by IanCal ( 1243022 )
        It isn't possible, because you can no longer have any reasonable guarantee that there was no coercion. You need to control the location the vote is cast.
        • Wouldn't a duress code solve the coercion problem?

          • by IanCal ( 1243022 )
            Sounds quite complicated.
            It'd need to be unique to each person, and have been delivered to them without anyone else seeing (you don't want the person you're afraid of knowing you're signalling duress). Then, given that someone is likely to turn up at the house (voter fraud is very serious, I'd expect the police to be involved) you could be found out.
            If it's a workplace thing, do you want to risk getting fired?
            The problem is you need to this to be indistinguishable from a normal vote to any observer, a
        • Re:Oxymoron? (Score:4, Insightful)

          by ArcherB ( 796902 ) on Sunday June 02, 2013 @05:35PM (#43891737) Journal

          It isn't possible, because you can no longer have any reasonable guarantee that there was no coercion. You need to control the location the vote is cast.

          Shouldn't that disqualify absentee voting? Frankly, I see no difference between Internet voting and voting by mail when it comes to security. The best way to eliminate voter fraud is to have all votes be in person with ID checked and visible mark (purple finger, for example) that can be used to identify who has already voted and can not be removed within the time frame that the polls are open. The only excuse for voting remotely should be if the voter is physically unable to make it to the polls, and even then, physical confirmation must be made of the handicap in question and the vote should be cast with a verified poll worker present.

          • by IanCal ( 1243022 )

            Frankly, I see no difference between Internet voting and voting by mail when it comes to security.

            Scale. Voting by mail is done in fairly small numbers and importantly is not the standard. You have to go through extra hoops to do it. As it's implemented, it certainly has the problems of coercion, but is probably better than stopping those people voting at all.

            Internet voting, however, would be something I'd see as standard. Not a special case for those who can't make it to the polls, but for everyone. And that's where it starts to worry me.

            • Also depends upon how the mail voting is implemented, over here (Sweden) you don't just mail in your vote. You still have to go to specific voting places (if you are abroad you have to go to the Embassy) and there the voting is set up exactly like it's done on election day in the normal voting place.
              • Over here, "postal voting" (mailing your vote in) is different from "absentee voting" (voting at a different voting centre outside your electorate, on election day), or "early voting" (voting at special voting centres, before election day).

                For postal voting, you receive a ballot form and some special envelopes in the mail shortly before the election, and you fill them in and send them back within a few days of the election.

                For absentee voting or early voting, you attend a centre which is set up like a norma

                • Just checked to be sure and we do have postal voting but it's only for people who are outside of the country on the election day and there's a very strict procedure; for example you must send it via a foreign postal service, the procedure must be witnessed by two people above 18 years of age that verifies that the procedure was followed and so on.
        • Re: (Score:3, Insightful)

          by Cacadril ( 866218 )

          There is a countermeasure to coercion. Allow people to vote as many times as they like; only the last vote counts. If you are forced to vote for Eve, you vote again later in the afternoon, for Alice.

          Your boss would have to keep you locked in until the poll closes to prevent you from overriding the forced vote with a later vote. It would be hard to do that with enough people to change the election outcome, without it becoming very evident.

          Add another provision: When you vote electronically, the computer show

      • on line vote = foreced to vote your bosses way at work.

      • by Altrag ( 195300 )

        Need two things:
        - Verification that you are who you say you are.
        - Verification that you haven't voted before.

        The second part is easy. Distribute a pre-generated code to each eligible and registered voter (this already happens in my country -- we get voter cards a week or two before the election, though they're more of a reminder than anything important -- you can vote without them as long as you provide some other proof of residence.) Generating a 128bit (or longer) code randomly for each citizen is dead

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Online voting is inherently unsafe even if it can be proven that each person can cast one (and only one) vote. Without online voting, people go to the voting booth and put their votes in, either electronically or on ballot. No one can see who votes for whom. With online voting, your vote can be forced by others in authority. Your church, your parent, your , even your local criminal organization. Since an authority figure can oversee and insist on you voting in a way they prefer, without in-place measures pr

    • Re:Oxymoron? (Score:4, Informative)

      by Coeurderoy ( 717228 ) on Sunday June 02, 2013 @05:22PM (#43891635)
      Let's assume the infrastructure for online voting is "perfect", open source, reviewed code, yada yada ... Now how do you garanty that there will be no interference from familly members, particularly from conservative families... How do you fight vote buying when it is easy to put a screen copy tool at work to ensure "correct" voting... How do you fight disenfranchising when a well aimed pickaxe can cut off a couple of high rises long enough to lower their vote and short enough to make it difficult for the oposition to protest. And then assuming that you succeeded in getting an open source solution (any other solution is just a way to give the vote to the software editor, of course the current electronic vote solutions do exactly that) how do you protect tampering at the data transmission point, since you do not need, and actually cannot really use teams of supervisers from oponing parties, it is enough to corrupt a small group of officials so that they ignore the real vote and send what ever is convenient... The core issue of "modern voting" is that most important votes end up being between two very close candidates, and in most cases the differences between the number of voters is smaller than the margin of errors in the pre-election pools. Additionally we let the cost of election run amock so unless the "winner" is proven to actually eat little babies for breakfast, even if nobody in his or her right mind can believe that the vote is "correct" redoing the whole shebang seems too expensive. So "online voting" cannot work, moreover it "solves" a problem that does not exist, if not enough people can be bothered to show up to do a manual count, you got a problem that no voting technology can ever solve, and if they do come, then you do not need electronic voting systems.
      • Re:Oxymoron? (Score:5, Insightful)

        by Anonymous Coward on Sunday June 02, 2013 @05:47PM (#43891825)

        (Replying as AC because I'm also moderating)

        Even if the system is, in fact "perfect" - and even if you could somehow avoid the possibility of coercion - you've still got a HUGE problem: how do you convince the general public that the system IS actually secure? Most people aren't nearly technically savvy enough to figure it out for themselves, or even to really understand the difference between "secure crypto" and "insecure crypto" even if you carefully explain it to them. And telling them that it's all OK because a bunch of hackers designed and/or reviewed the system isn't going to cut it, no matter how much of a good idea that might be in theory or even in practice.

        The fact is, if a non-trivial group of people think the system was hacked, you've got a credibility problem REGARDLESS of whether or not it was hacked. Unfortunately there are distressingly large numbers of people willing - even eager! - to believe all sorts of wacky conspiracy-theory shit (google "chemtrails"). With a traditional in-person paper system you can at least demonstrate that massive fraud is impractical. With an online system there's simply NO WAY to convince people that massive fraud DIDN'T occur.

      • by MacDork ( 560499 )

        Let's assume the infrastructure for online voting is "perfect", open source, reviewed code, yada yada ...

        Now how do you garanty that there will be no interference from familly members, particularly from conservative families...

        You're setting the bar higher for online voting than the current system. How do you gaurantee no interference from family members now? I know you don't vote the right way. I'm not driving you to the polling station. I'll lock you in your room and monitor you until the election is over.

        How do you fight vote buying when it is easy to put a screen copy tool at work to ensure "correct" voting...

        It's just as easy to modify the html in a page so it only looks like you voted a certain way. There's also photoshop. What fool is going to pay for a vote with a screenshot as proof? I can sell my vote to every interested part

        • by fgouget ( 925644 )

          Now how do you garanty that there will be no interference from familly members, particularly from conservative families...

          You're setting the bar higher for online voting than the current system. How do you guarantee no interference from family members now? I know you don't vote the right way. I'm not driving you to the polling station. I'll lock you in your room and monitor you until the election is over.

          That results in a family member not voting, whereas Internet voting allows you to force that member to vote against his camp. It also means locking up that member for the whole election day whereas Internet voting usually does not allow you to change your vote so you don't need to lock him up after you've coerced him to vote.

          lrn2crypto

          You'll have to be clearer about that one.

          • by MacDork ( 560499 )

            Now how do you garanty that there will be no interference from familly members, particularly from conservative families...

            You're setting the bar higher for online voting than the current system. How do you guarantee no interference from family members now? I know you don't vote the right way. I'm not driving you to the polling station. I'll lock you in your room and monitor you until the election is over.

            That results in a family member not voting, whereas Internet voting allows you to force that member to vote against his camp. It also means locking up that member for the whole election day whereas Internet voting usually does not allow you to change your vote so you don't need to lock him up after you've coerced him to vote.

            I'm taking you to the polling station. You're gonna get one ballot and an ink pen. When you are done marking your selections, you take a picture of it with your smartphone OR ELSE.

            Yeah, you're right. Nobody could possibly be coerced now. They have a curtain after all.

            • by fgouget ( 925644 )

              I'm taking you to the polling station. You're gonna get one ballot and an ink pen. When you are done marking your selections, you take a picture of it with your smartphone OR ELSE.

              Yeah, you're right. Nobody could possibly be coerced now. They have a curtain after all.

              Mark the ballot as expected and take a picture. Then add another mark that makes it invalid. As I said, votes against your camp: 0.

              • by MacDork ( 560499 )

                I'm taking you to the polling station. You're gonna get one ballot and an ink pen. When you are done marking your selections, you take a picture of it with your smartphone OR ELSE.

                Yeah, you're right. Nobody could possibly be coerced now. They have a curtain after all.

                Mark the ballot as expected and take a picture. Then add another mark that makes it invalid. As I said, votes against your camp: 0.

                Exif tells me you spent several extra seconds after you took the picture in the booth. That tells me you were making additional marks on your ballot. I'm beating you within an inch of your life for this infraction.... See how clever you are? You just earned yourself a beating. Now that you have missing teeth and broken ribs, that vote seems pretty insignificant doesn't it? I bet you won't do THAT again.

                Besides, your current system allows the same process of forced voting [yahoo.com] which you describe via absentee ball

    • You and Coeurderoy both have narrow views of voting. Yours is that voting would/should only be done once a year or once every two years. Imagine the hypothetical secure, open "perfect" voting system that has all the authentication/authorization requirements, yadda yadda. We could have referendums once a week! Gallup and the others would be out of a job, because people could officially state their opinion in a way that could sway public policy. The White House petitions that are such a joke could have millio

  • Missing case (Score:4, Insightful)

    by gmuslera ( 3436 ) on Sunday June 02, 2013 @04:32PM (#43891319) Homepage Journal
    That journalists find and publish it is something that went right. The worst that could happen (or is happening actually) is that noone makes public their findings, or they are forbidden/punished by law if they try to see or warn if there any "weak" point. And of course, the people behind the election, both politicians and company.
  • by Anonymous Coward

    > Metronews said that one of its journalists had managed to vote five times, paying with the same credit card, using names, including that of Nicolas Sarkozy.
    > The discovery generated an explosion of name-calling within the party and calls by Mr Bournazel for the primary to be abandoned. After a three-hour crisis meeting on Saturday, the Paris federation of the UMP decided to press ahead

    Dont need to read more than that. The PTBs dont care if the election is rigged or not. Likely broken by design.

    • by o'reor ( 581921 )
      Yup. Either broken by design, or designed by people who didn't actually care about the result. Those guys neither have a culture of democracy, nor a culture of computer security. It boggles my mind that they've been 10 years in power until 2012...
    • it sounds like a voting fit for a reality show.
      "To register their vote on-line, Parisians were supposed to make a credit-card payment of €3 and give the name and address of someone on the city’s electoral roll."

      sounds to me it's just a scam to get 3 euros out of people.

      1) have an election about an extremely heated issue to some groups.
      2) provide them a means to vote multiple times by paying 3 euros per vote
      3) get money from said groups.

      it doesn't look to me like they're going to refund that money

  • by frovingslosh ( 582462 ) on Sunday June 02, 2013 @04:37PM (#43891355)
    It is a crime to vote multiple times. That crime will not be prosecuted. It is a much bigger crime to expose that the system is corrupt and open to fraud. That crime will be prosecuted.
    • Is it a crime in this case? It varies by jurisdiction, of course; but party primaries are often technically just of the same legal standing as somebody's Friday poker club voting about something. They are, of course, magnified by history and institutional inertia; but the elections by which parties decide on their own candidates for office and elections where voters decide on candidates to actually put in office are quite different things.

  • The people who make the decisions to buy electronic voting systems --are they particularly susceptible to snake-oil salesmen? Surely there is ample evidence that a truly secure on-line voting system is about as likely a unicorn registering to vote, but somehow, the buyers of the system think that they can buy what no-one else can buy?

    To register their vote on-line, Parisians were supposed to make a credit-card payment of â3 and give the name and address of someone on the cityâ(TM)s electoral roll.

    • Here in North Carolina, even without on-line voting, we have several unicorns and many people over 150 years of age who vote by Absentee ballot. Most of them seem to be Democrats.
    • by Shagg ( 99693 )

      What makes you think that the people who make the decisions to buy electronic voting systems want it to be truly secure?

  • Storm in a teacup (Score:5, Informative)

    by AdamInParadise ( 257888 ) on Sunday June 02, 2013 @04:53PM (#43891443) Homepage

    A few facts :

    • It's only a primary for the Paris mayoral election next year, i.e. not a national election.
    • The journalists shown that it was really to vote as someone else if you knew a couple of easily and legally obtained piece of information about them i.e. no hacking involved. However, so far there's no indications that fraud is actually taking place.
    • The same party is having a primary in Lyon as well, but they are using a traditional paper ballot, and so far it seems to be going pretty well.

    OK, so electronic ballots are proved to be less "secure" than paper ballots, again. The UMP is proved to be technologically illiterate, again. Yawn.

    • OK, so electronic ballots are proved to be less "secure" than paper ballots, again.

      Hum, do you remember the election for the leader of UMP between Fillon and Copé ?
      The vote was done with paper ballots, but there have been massive frauds anyway, since Copé stole the election.
      The fraud was so massive that Fillon rightfully complained, but since we are talking about politics, they settled "peacefully".

      What this proves is that UMP leaders abuse the voting system.

      • by fgouget ( 925644 )

        Hum, do you remember the election for the leader of UMP between Fillon and Copé ? The vote was done with paper ballots, but there have been massive frauds anyway, since Copé stole the election.

        First that fraud was done in the result collating stage which is independent from the technology used at the booth. I'll grant you that with Internet voting you only have a single "urn" and thus no collating taking place. But as seen here that does not help prevent fraud at all.

        Second, each voting booth published its own results at the end of the paper vote counting process. So detecting the fraud was just a matter of independently collating the results. So this fraud was easy to detect. Internet fraud how

  • by Darkness404 ( 1287218 ) on Sunday June 02, 2013 @04:59PM (#43891479)
    Before rushing to adopt online voting, we really need to ask ourselves, what exactly is wrong with just voting normally that voting online solves.
    • by fredprado ( 2569351 ) on Sunday June 02, 2013 @05:13PM (#43891559)
      There is nothing wrong with voting normally as there is nothing wrong with travelling from east to west cost by foot. It is just a lot slower than the alternative and requires considerably more work.

      The right question to make is not this one, though. It is: "Is there a way to achieve both anonymity and security"? The answer is unfortunately no. That is true for normal, paper voting as well, by the way.

      The main difference is that electronic voting, and in special online voting, is easier to be tampered with in large scale, and paper voting is easier to be tampered with in smaller scale.
      • Seems to work well enough in the UK
      • by fgouget ( 925644 )

        It is: "Is there a way to achieve both anonymity and security"? The answer is unfortunately no. That is true for normal, paper voting as well, by the way.

        Unless you're doing it really wrong, paper has no trouble providing both: the voting booth, voter list and id check provide security; while the lack of a link from the paper ballot to anything else provides anonymity.

        • To provide anonymity the counting and the voting must be separated. In between ballots must be stored in containers. That does provide opportunity for tampering. There can be and there actually were many cases where the containers were tampered with.

          The most famous paper vote tampering suspicion that has occurred in US was probably in Florida during Bush's first mandate. The recount was made multiple times and each time the results were a little different. It points to obvious flaws in either ballot secu
          • by fgouget ( 925644 )

            To provide anonymity the counting and the voting must be separated. In between ballots must be stored in containers. That does provide opportunity for tampering.

            Which is why in France the container is transparent (1), stays in the polling station under the surveillance of the voters for the duration of the elections, and why the ballots are counted by voters right away, still in the polling station. So at no time can the ballot box be tampered with.

            The most famous paper vote tampering suspicion that has occurred in US was probably in Florida during Bush's first mandate. The recount was made multiple times and each time the results were a little different.

            It points to two major flaws in your election system:

            • * Voting on a myriad things which requires complex and hard to decipher ballots. In France we vote on one thing at a time and have pre-printed ballots for every cand
            • Transparent urns and local counting do not prevent tampering at all, although they may help to increase security a bit. Anonymity and security are like speed and position in Heisenberg Principle, the more you get from one of them the less you will have from the other. Local counting gives away anonymity for security. You still have a reasonable measure of anonymity although less than you would have in central counting, and in exchange you have a little more security.

              And no, centralization does not make h
              • by fgouget ( 925644 )

                Transparent urns and local counting do not prevent tampering at all, although they may help to increase security a bit.

                Merely stating so does not mean it's true. You'll have to tell us what reasoning lead you to that conclusion if you want to convince reasonable people.

                Anonymity and security are like speed and position in Heisenberg Principle, the more you get from one of them the less you will have from the other.

                A bad analogy does not a proof make.

                Local counting gives away anonymity for security.

                That might be true if there was one polling station for every dozen voters. But there's normally a thousand voters per polling station. Also, unlike in the US where each ballot could be unique due to the millions of combinations of voting just for 20 resolutions, in France there are only 2 to 20 different possible ballots.

                • Merely stating so does not mean it's true.

                  It is true never the less.

                  You'll have to tell us what reasoning lead you to that conclusion

                  No, I do not have to tell you anything more than what I have already told you, read again and you may understand with some effort.

                  That might be true if there was one polling station for every dozen voters. But there's normally a thousand voters per polling station.

                  Being one in a thousand people does not provide anonymity. Especially considering these thousand people live relatively near from each other. It is very easy to blackmail small communities and check the local results if the counting is local. It is one of the prices you pay for your less than smart system.

                  If that were true we'd know who wrote Duqu [wikipedia.org], or who stole the account and password information from Yahoo!, LinkedIn, Twitter, Living Social, etc. The problem is that if the attacker plays his hand right we'll never even have any reason to suspect that something is wrong.

                  If it was economically viable to know it we w

                  • by fgouget ( 925644 )

                    You live in fantasy land, but that is the place most of your country likes to reside in anyway, so at least you shouldn't be lonely there.

                    Oh, ok then. I thought you were reasonable but now I see I've been wasting my time discussing with you.

                    • "Reasonable" is so far removed from your personal experience that you wouldn't likely recognize it even if it bit you in the ass, my friend.
    • by Anonymous Coward

      Before rushing to adopt online voting, we really need to ask ourselves, what exactly is wrong with just voting normally that voting online solves.

      What is wrong with normal voting? Here are juts a few things off the top of my head,

      1. It is much more difficult to buy votes
      2. It is very difficult to intimidate voters
      3. Paper trail add verifiable
      4. Corrupt polling station official generally can only affect one polling station
      5. Mass vote rigging difficult to achieve
      6. No single entity makes lots of money off of an election
      7. It is far less convenient to sell your vote, and the buyer can't verify how you voted.

      So, if you wish to rig an election or make lo

    • what exactly is wrong with just voting normally that voting online solves.

      How soon we forget [mediabistro.com]. Remember when we waited for the result for months, and then got a Supreme Court coin-toss, because marking and counting paper ballots is error-prone - some can be interpreted either way.

      To this add long wait times at the polls, which effectively requires some people to pay a high price (waiting for hours) to vote, skewing the outcome.

      Granted, it has not been demonstrated that computerized voting can solve t

    • by Anonymous Coward

      The verifiability of current systems is pretty low. You can't tell if your vote is included in the total. Thats a problem.

      The other problem is making sure each qualified voter gets at most 1 vote.

      Now, obviously, if the electronic online election does not solve the first issue (verifiability) completely, that is just dumb, since solving that for online elections is easy, even for secret ballot, and thus the online elections should benefit over the more traditional ones in this respect.

      Solving the other issue

      • The verifiability of current systems is pretty low. You can't tell if your vote is included in the total. Thats a problem.

        Of course you can, over here on election day any one who wants are free to stay and monitor the whole counting process

    • by Hentes ( 2461350 )

      Cost.

    • A recount of a paper ballot will generally give a different result.

      If you have an electoral system where each vote is counted towards the composition of the government, then this is a problem.

    • by Shagg ( 99693 )

      what exactly is wrong with just voting normally that voting online solves.

      Cheating on a large scale is difficult with traditional voting. Online/Electronic voting solves that.

  • Nicholas Sarkozy (an obviously corrupt shill for the content industry) is ousted and what do you know .. there's a voting system brought to bare which can be easily manipulated to meet the required outcome of corrupt business.

    Seriously, who really believes in voting anymore? As long as these supposedly democratic systems CAN be manipulated, they WILL be manipulated. It's long past time to recognise that the governments that were supposed to serve us are now imprisoning us. Our rights to do just about any
  • by Anonymous Coward

    In the last few years, China has demonstrated what a large organization can do with cyber warfare. If China can hack the computer systems for designs of the F-35 and V-22 Osprey, wouldn't China also be able to hack some online, nation wide election system? Maybe Taiwan should try online voting systems, just to show the world it can be done.

  • It's funny... Diebold/Evergreen make many of the ATMs you probably use. The ATM will never give you an extra $20, and yet the voting machines they design are shown to be 1-3% off....

    And this is in-person electronic voting.... why would the internet, a wild-west pool of hackers and government agencies, seem like a safe place for clean democracy?

    For me, counting the hand cast ballots with witnesses, no matter how laborious (exaggerated claim, btw) is the most superior and reliable way to ensure that democra

  • UMP is not "centre-right". Their model is US Republicans, on the French political spectrum, they are clearly right wing, and trying to attract far-right voters. Even by US standard, they would be clearly Republicans.

    This is not a French official election, this is an internal party vote, organized by the political party itself. There are no rules or law to regulate how they vote. The UMP has made itself ridicule already with their leaders' election, but the socialist party was not particularly better when
  • The main benefit of a workable electronic voting system is that we will be able to vote more regularly on a range of issues, taking some of the power away from the politicians. I think that this may be one of the primary reasons why Diebold, who can produce near perfect ATMS, cant/wont build an accurate voting system.
  • These systems have no other purpose but cheating.

    The Canadians have a manual paper system with multi-party guarded counts. It scales, it works, it can be recounted.

    E-voting was an idea slammed home in every case. It cannot be secured. No purpose but an invisible and unstoppable means to alter vote counts. The counts have been altered, the machines and systems compromised numerous times on investigation. And that's just outside cracking; anyone on the inside can change code, accumulated totals, and elections

"Gotcha, you snot-necked weenies!" -- Post Bros. Comics

Working...