Some States Have Embraced Online Voting. It's a Huge Risk.

An anonymous reader quotes a report from Politico: On Sunday, researchers at the Massachusetts Institute of Technology and the University of Michigan revealed numerous security flaws in the product that West Virginia and Delaware are using, saying it "represents a severe risk to election security and could allow attackers to alter election results without detection." In fact, it may be a decade or more before the U.S. can safely entrust the internet with the selection of its lawmakers and presidents, according to some experts. Still, a handful of states are pushing ahead, with the encouragement of one politically connected tech entrepreneur -- and the tempting logic of the question, "If we can bank online, why can't we vote the same way?" These are the problems with that logic:

1) Elections are different. Lots of people bank, shop and socialize online -- putting their money and personal details at potential risk of theft or other exploitation. But elections are unique for two reasons: They are anonymous and irreversible. Aside from party caucuses and conventions, virtually all U.S. elections use secret ballots and polling places designed for privacy. That protects people from being blackmailed or bribed to vote a certain way -- but it also means that, barring an advance in the technology, voters have no way to verify that their ballots were correctly counted or challenge the results. That's far different from a consumer's ability to contest a fraudulent credit card purchase, which depends on their financial institution linking their activity to their identity.

2) The internet is a dangerous place. Even if it were possible to require electronic ballots to travel through servers only in the U.S., no method exists to ensure security at every server along the way. It would be like trusting FedEx to deliver a package that had to pass through warehouses with unlocked doors, open windows and no security cameras. The most effective way to protect data along these digital paths is "end-to-end" encryption [...] Researchers have not figured out how to use end-to-end encryption in internet voting.

3) People's devices may already be compromised. It's hard enough to protect a ballot as it transits the internet, but what really keeps experts up at night is the thought of average Americans using their computers or phones to cast that ballot in the first place. Internet-connected devices are riddled with malware, nefarious code that can silently manipulate its host machine for myriad purposes. [...] Importantly, election officials cannot peer into their voters' devices and definitively sweep them for malware. And without a secure device, end-to-end encryption is useless, because malware could just subvert the encryption process.

4) Hackers have lots of potential targets. What could an attacker do? "There are literally hundreds of different threats," said Joe Kiniry, chief scientist of the election tech firm Free & Fair. Among the options: Attacking the ballot; Attacking the election website; Tampering with ballots in transit; Bogging down the election with bad data; and/or The insider threat involving a "bad" employee tampering with an election from the inside.

5) Audits have faulted the major internet voting vendors' security. Virtually every audit of an internet voting system has revealed serious, widespread security vulnerabilities, although the ease with which a hacker could exploit them varies.

6) Internet voting advocates disagree. Election officials who embrace internet voting deny the risks are as serious as the experts say.

7) What it would take to make internet voting secure. Secure internet voting depends on two major advances: technology that allows voters' computers and phones to demonstrate that they are malware-free, and end-to-end encryption to protect ballots in transit. [...] Solving these problems would require expensive, long-term collaboration between virtually every big-name hardware- and software-maker, Kiniry said. Note: Each point listed above has been abbreviated for brevity. You can read the full article here.

xkcd

[ShanghaiBill]

https://xkcd.com/2030/ [xkcd.com]

Re:

[Kisai]

He's not wrong.

Like the entire mechanism for secure voting already exists, it's used inside bitcoin. That's the entire "blockchain" mechanism.

Where things get complicated is cost. You can not have both an anonymous and secure system. That's impossible. To vote digitally is to be able to cast any vote, for anyone, at anytime, and the blockchain will only go back to the ip address of the voter, not the voter themselves. For that to be solved, requires pushing the votes from the other end of the chain.

Every ve

Re:

[lobiusmoop]

You guys take voting too seriously. It's not a choice between good and evil like some kind of comic book story, you are choosing between several (usually just 2 for the US) groups of people who are fundamentally trying to do their best for you. It doesn't make all that much difference fundamentally which one of them wins really.

Re:xkcd

[mark-t]

Gerrymandering isn't so much voter fraud as much as an attempt to control the outcome of elections by determining geographical boundaries for certain types of political support and moving those boundaries around for voter districts so as to try and ensure that some particular outcome is more likely on a larger scale.

It would be impossible to do if people simply did not discuss who they were intending to vote for with anyone, not even for polling purposes.

As for the other kinds of voter fraud you mentioned, it bears noting that the total amount of voter fraud for US presidential elections that has ever been detected in the entire history of the united states combined is still multiple orders of magnitude smaller than the single smallest margin of victory by a president *ever*. That's not to say that we should somehow be expected to tolerate such tiny amounts of voter fraud as much as it to say that there is not any historically valid basis to think that voter fraud is ever even remotely likely to actually affect the outcome of a presidential election as long as vigilance is maintained (technically as long as it continues to be believed that vigilance is being maintained, but of course the best way to ensure that people continue to believe it is to actually just continue to do it).

Re:

[Z00L00K]

Gerrymandering isn't so much voter fraud as much as an attempt to control the outcome of elections by determining geographical boundaries for certain types of political support and moving those boundaries around for voter districts so as to try and ensure that some particular outcome is more likely on a larger scale.

To me that falls under voter fraud as well.

Re:xkcd

[Impy the Impiuos Imp]

It smacks of impropriety, but is solidly considered a valid power of the states, and the Supreme Court is loathe to suddenly invent a constitutional argument that the judicial branch should direct it rather than the political (elected) branches. The courts are already fought over in presidential elections as crypto legislatures to control as it is. Nominating judges is the second most important power of the president, after the veto, as far as treating winning the presidency goes for the rest of the parties.

Re:xkcd

[stabiesoft]

I've always thought it nuts to allow (for red and blue) as all it does is extend the redness or blueness of a state. To me a fairly simple solution would be all boundaries (except for those on the edge of the state) must be convex. I see these barbell shapes with a sliver connecting to areas and it just screams manipulated.

Re:xkcd

[CrimsonAvenger]

To me a fairly simple solution would be all boundaries (except for those on the edge of the state) must be convex.

You DO realize that any convex boundary is a concave boundary for the district across the boundary, right?

A better solution would be to require that all districts be rectangular, and as close to square as is possible. Still has problems, but it'll work better than most solutions.

Re:

[dfghjk]

Is voter suppression something "being done by voters"?

The OP's point was clear even if he should have used "electoral fraud" instead. Why not engage in the substance of the post rather than nitpick over terminology, especially when our president abuses the term "voter fraud" constantly.

Re: xkcd

[e3m4n]

Why is it that every time a discussion of voting fraud comes up everyone always focuses on presidential elections? Sure if one district in Pennsylvania dumps 100,000 extra votes because they compromised the system in some manner.

Presidential elections are not the only elections that count. Flipping a seat in the House of Representatives requires much smaller amounts of tampering where by a few thousand deceased voters could actually have an impact. Repeat that a few times in a few districts across a few states and yes, it might not impact a presidential election, but it can cause havoc for local elections and district based federal ones. Any amount of fraud should be curtailed. I find the acceptance of proven fraud as cost of doing business disturbing. That simply paves the way for incremental increases in the amount of fraud we tolerate.

We have ZERO TOLERANCE policies for all kinds of shit in the country. A 5yo was suspended for chewing a poptart into the shape of a gun and saying BANG for gods sake. Why, with voting being as important as it allegedly is, do we not have a ZERO TOLERANCE policy for voting fraud?! Zero Tolerance should imply some pretty severe consequences when caught. Such as those that got caught voting 6 - 8 times in the 2016 election. Sure 8 votes from this ONE person is not going to shift the results enough to sway the outcome, but handing down a 30 year prison sentence and a lifetime ban from voting again would send a very clear zero tolerance message; that the risk vastly outweighs the reward.

Re: xkcd

[YrWrstNtmr]

Indeed. And it doesn't even have to be "a few thousand".

A few years ago, in the contest for State senate, my district came down to a literal tie. The make up was 51(R) - 49(D). Flipping one single vote could have caused it to be 50(R) - 50(D) with a (D) governor who votes in the case of a tie.
Changing the control of the Senate in a semi-major state.

Of course, the district lines were redrawn (gerrymandered) for the following election, and the D won easily.

Re:

[Impy the Impiuos Imp]

The point of tfa is:

1. God knows what zero day hacks giant state-sponsored agencies are holding in reserve in their golf bags.

2. With no tracking and post-facto reverification with voters, you will never know, or even detect it.

Re:

[e3m4n]

I have similar concerns with the electronic voting machines now. Just because the code is clean when audited does not mean that the machine I happen to walk up to is free of anything sinister when I cast my vote. Flipping a bit on a hard drive and writing data is not a task directly tied to the buttons I press on the voting machine. Its flipped because the running kernel interpreted the button press and instructed the processor to write that data to the hard drive. Which essentially means any program can in

Re:

[tepples]

I find the acceptance of proven fraud as cost of doing business disturbing. That simply paves the way for incremental increases in the amount of fraud we tolerate.

Likewise, I find the acceptance of proven suppression as cost of doing business disturbing. That simply paves the way for incremental increases in the amount of suppression we tolerate.

Re:

[e3m4n]

suppression is so rampant on so many levels I could not even begin to count the ways it exist. Thats not to excuse it, but OMG have you even given it a thought? Just think about yourself and how your interactions can indirectly lead to low turnouts, or flat out intimidation. IT might not even be a conscious thought, but just talking to people when in a group and your opinion happens to be a very minority one, is in itself, a suppression. There is as much work to be done weeding out supression as there is we

Re:

[stabiesoft]

You are delusional if you think presidents don't matter. Few examples, they get to nominate all the judges(these are lifetime appointments remember). Yes they must be passed by the Senate, but most go thru especially if the Senate is the same party as the WH.
The Fed cut rates when we had the best economy ever.
The reallocation of money for the wall.
The executive orders (too many to enumerate) many bordering on how dictatorships act(both parties).

gerrymandering [Re:xkcd]

[Geoffrey.landis]

The interesting thing about gerrymandering is that it would be trivially easy to eliminate it from presidential elections ...

Presidential elections are not where gerrymandering is occurring. Congressional districts are what is gerrymandered.

You're saying that it's trivially easy to solve a problem that isn't the problem that needs solving.

It is true that first-past-the-post by state elections do mean that the popular vote is not the presidential selection, and that this is due to the way that the voters happen to be distributed across the states... but this is not due to gerrymandering, since state boundaries were set more than a

Re:xkcd

[AleRunner]

Considering that the election system is already under attack by various kinds of voter fraud including gerrymandering, lack of voter ID, double-voting and dead people voting it's not going to be worse with internet voting.

All of those leave clear traces. Gerrymandering you can see the boundaries and can measure the level that they have been fixed for advantage of the incumbents. Voter ID - you can remember the newspaper articles and see who is demanding voter ID without ensuring that it's issued automatically for free to all voters. Double voting / dead people voting - someone has to carry the vote to the vote to the election place so, on the rare occasions that they do this at a scale that matters it's easy to show that they have been doing this (which is why all democratic election systems allow representatives from all candidates at voting stations).

Internet voting, in the end, just comes down to flipping bits from some remote location. Possibly that's by standing over someone as they vote on their computer. Possibly that's by sending in the votes for dead people, but remotely. Double voting can be multiplied by people who have access to the computers sending in a vote for everyone else who doesn't vote. Possibly that's by making it so that the ID verification programs don't work as well for Women / older dudes / black people / with glasses / etc. whichever demographic you want to target.

One of the most important things in voting is making sure that nobody else can see the vote just before it's cast. That's possible in a voting booth. It's impossible with both postal and electronic voting. With postal votes that can be ar solved by allowing people to override their postal vote on the

Worst of all, most experts who actually know about voting systems are able to say that the current paper based voting systems in the US are pretty reliable. There's a simple thing you can do, if you don't believe this, which is volunteer to help in polling stations so that you see the work that goes into making sure things are fair. If internet voting comes in then the experts are pretty much agreed it isn't safe and normal people can't volunteer and see how it works. This will destroy the credibility of the voting system.

Overall internet voting will magnify most existing problems and introduce a load of new ones too. It's a strongly bad idea.

Re:

[hankwang]

"With postal votes that can be ar solved by allowing people to override their postal vote on theâ

Please finish your sentence!

Re:

[Anonymous Coward]

CROFLOL! I have been given access to the secret alliance git repository so I just thought I'd pull one out and contribute here:

Don't click on his homepage link! creimer is trying to get you to subscribe automatically to his youtube channel, force you to watch his digi-feces videos and make money off you!

MODDOWN! ; creimer karma whoring sock puppet post!
That+YouTube+Guy == creimer: he really thinks he is a prolific youtuber!

MODDOWN! ; creimer youtube spam post again! creimer wants you to click on his youtube channel, then click on his stupid amazon affiliate link spam on Youtube. There is nothing of value on creimer youtube channel. Only creimer click-bot goes there.

CREIMER' SUBMISSIONS UPDATE:
Note also that creimer is trying to regain karma by getting his submissions published as articles on /. so make sure to go to:
https://slashdot.org/~Mononymo... [slashdot.org]
https://slashdot.org/~That+You... [slashdot.org]
https://slashdot.org/~The+Fat+... [slashdot.org]

https://slashdot.org/~vetpiet [slashdot.org]
https://slashdot.org/~Crash+Du... [slashdot.org]
https://slashdot.org/~real%20d... [slashdot.org]
https://slashdot.org/~The+Orig... [slashdot.org]
https://slashdot.org/~cre1mer [slashdot.org]
https://slashdot.org/~__aaclcg... [slashdot.org]
https://slashdot.org/~IDrinkFa... [slashdot.org]
https://slashdot.org/~crreimer [slashdot.org]
https://slashdot.org/~cdreimer [slashdot.org]
https://slashdot.org/~criss69 [slashdot.org]
https://slashdot.org/~Anonymou... [slashdot.org]
https://slashdot.org/~FatCashe... [slashdot.org]
https://slashdot.org/~ILoveFat... [slashdot.org]
https://slashdot.org/~IHateFat... [slashdot.org]
https://slashdot.org/~IAteFatC... [slashdot.org]
https://slashdot.org/~ITapeFat... [slashdot.org]
https://slashdot.org/~IApeFatC... [slashdot.org]
https://slashdot.org/~IPrayFat... [slashdot.org]
https://slashdot.org/~FatCashe... [slashdot.org]

suspected:
https://slashdot.org/~The+New+... [slashdot.org]

and mod down his submissions as well. The great thing is that you don't even need mod points to mod down a submission, just click on the "minus" icon!

Yes, believe it or not, creimer owns all the above sock puppet accounts. It is a mystery why Slashdot management tolerates it! creimer wrote:

I don't bother with mod points. I'm doing something much more sinister. It took ten story submissions ? I'll have to double check the number ? to move cdreimer's karma from neutral to excellent without ever being exposed to the capricious mods. Mmmmmwwwwahahahahahahaha!

https://slashdot.org/comments.... [slashdot.org]

Danger, Will Robinson, Danger! Creimy is posting more than 2 posts a day. Hurry! mod down otherwise /. will go to hell again! Note: you can mod down even if already at -1 to lower karma and to prevent lost /. users to accidentally mod up.

creimer wrote:

All you need to do is find a website with a permissive TOS, say, Slashdot, create a Python script to scrape your own comments, sprinkle Amazon affiliate links in various posts, and then re-post past links whenever possible. Won't be long before you start making "coffee money" each month.

https://slashdot.org/comments.... [slashdot.org]

C.D. Reimer is a renowned Slashdot collaborator, as he puts it himself; "Because of the quality of my posts and my article submissions, I'm a highly rated commentator and moderator."

But did anybody ever wondered what "C.D." stands for? Well, it stands for Creimy Dumpty of course!

Creimy Dumpty sat on the wall,
Creimy Dumpty had a great fall.
All the king's horses
And all the king's men
Couldn't put Creimy Dumpty
Together again.

Creimy's siblings video and theme song, very realistic, especially the pants, just like Creimy's:
https://www.youtube.com/watch?... [youtube.com]

With "Vice President Pence Vowing US Astronauts Will Return To the Moon", we are sure they will need miracle workers up there, here is what it would look like. Note that Creimy takes care of bringing a lot of food to the moon as depicted below:
https://www.youtube.com/watch?... [youtube.com]

Creimy's real pictures:
Before the sex change:
https://ibb.co/DfV7rYk [ibb.co]
After the sex change:
https://ibb.co/L8XLJLP [ibb.co]

Creimy's "enterprise-level" chair, he talks about it all the time on slashdot:
http://www.keynamics.com/image... [keynamics.com]

Creimy's head, while his supervisor was talking to him, not with him, since it is impossible to do with Creimy:
http://ibb.co/mRVSaG [ibb.co]

Creimy acting in educational resource document, he actually confirmed himself on Slashdot that he was handled by Special Education for the Santa Clara County Office of Education! He is really a king Dumpty!:
http://www.sccoe.org/depts/stu... [sccoe.org]

CROFLOL! another creimer sock pocket detected. Real Data Collection, CDR backward, you are such a genius Chris!
https://slashdot.org/~Real+Dat... [slashdot.org]

Also, I still use my iPhone 6S and I save 65$ a month by keeping using it. As a very special customer, I can get a new free phone from Sprint whenever I want!

I remember you the guy accused of being creimer. Then they pretended you were part

Re:

[Tony Isaac]

No software, or engineering of any kind, is without flaws, even fatal ones. Ironically, the XKCD linked in this thread used aircraft safety as an example of reliable engineering!

Bridges are very, very safe, but sometimes they collapse and kill people [ctif.org]. Sometimes elevators malfunction and kill people [indianexpress.com].

My point is that software is not a special category of engineering fragility.

Let's just go to the polls like normal

[alvinrod]

Either you're a redneck conservatard that flocked to the beaches or some other outdoor gathering as soon as (or maybe even before if you were a real rebel) your state's lockdown ended, or you're a guilt-riddled libtard that flocked to one of the various protests for George Floyd (and maybe rioted a bit if you were a real rebel) the past few weeks.

If you didn't have coronavirus before, you've probably been exposed to it by now or you're likely to come into close contact with someone who has been for the a

I wouldn't count on that

[rsilvergun]

there's no shortage of folks who just avoided both. I didn't go to protests and I'm still sheltering in place. I wear a mask when I'm out and I work from home.

Meanwhile Epidemiologists say COVID-19 is here to stay until at least mid 2021.

Re:

[Mr. Barky]

To get to the point of herd immunity, you need to have about 70%+ of the population infected, at least if we don't continue to have other measures such as social distancing in place. To be more precise, the fraction needed is 1 - 1/R0 (R0 is the average number of new infections caused by each case). R0 for COVID seems to be about 3.5 or so without any measures in place.

R0 is not a constant for a disease. It is dependent upon how people behave. If people wear masks, R0 goes down, etc.

Note: in the worst-hit a

Re:

[account_deleted]

Comment removed based on user account deletion

We'll just have to hope..

[h33t l4x0r]

There's as many R hackers as D hackers, that way they balance each other out.

Re:

[Q-Hack!]

There's as many R hackers as D hackers, that way they balance each other out.

Does that mean the the L hackers are the ethical ones?

Online voting is not safe.

[slack_justyb]

Tom Scott video explaining where we are in online voting and why it's still a very, very bad idea. [youtube.com]

Re:

[AmiMoJo]

But is it worse than voting in person when you have Republicans suppressing the vote?

If online voting results in say 1000 cases of fraud but allows 100,000 people who would have had their votes suppressed to participate in democracy then it's a worthwhile trade-off.

Of course the best solution is to stop suppressing votes but that doesn't seem very likely to happen.

Re: Online voting is not safe.

[e3m4n]

turning a blind eye to all form of voter fraud will eventually lead to someone like putin taking power yes. Voter ID is not fraud.. well I should say being required to prove whom you claim you are is not fraud. Being required to show a trusted source of photo ID to prove whom you are is a countermeasure to some forms of fraud, like someone else pretending to be you. Its not unreasonable to ask people to show proof that they are whom they claim if the potential exists to prevent someone else from voting. Allow me to illustrate how often we show ID in this country.

- To buy a beer in this country I have to show ID.
- If I were so incline to smoke I must show ID to buy cigarettes.
- To open a bank account in this country I have to show ID.
- To get on an airplane in this country I have to show ID, not just any id but a RealID verified ID that previously verified 4 sources of ID.
- To ride a train I have to show ID. Soon to get on a Greyhound Bus I will have to show ID.
- I have to prove who I say I am in some form of verification check to make a payment on my utility bill.
- I have to show ID to put cash on one of those pre-paid visa cards.
- In order to receive any form of social services such as food stamps, welfare, collect unemployment insurance, or get on medicaid/medicare, I must show an ID.
- To Buy/Drive/Rent a car I have to show ID.
- To Rent/Buy property such as a house, condo, or apartment I must show many forms of ID.
- I must present ID to get a marriage license as well as prove my identity before said license is signed by a notarizing member such as a clergy or captain of a ship.
- Just this last fall I have to show two forms of ID in order to adopt a pet from a humane society that will eventually euthanize pets that stay too long.
- To apply for a Hunting or Fishing license I have to show a photo ID
- To buy a gun I am definitely expected to show an ID, this seems rather obvious
- To purchase a cell phone I have to show ID
- To make a blood donation I have to show ID
- Believe it or not to even do things like buy over the counter medication like chidrens cough syrup I have to show ID
- To buy a rated M video game I have to show ID
- And I've been told, to buy nail polish at CVS (a chain of pharmacies), they require ID.

Voting is supposed to be the single most empowering thing you can do in an elected government. Now if showing ID is so important for things like having a beer or adopting a pet, or for fucking sake buying nail polish, how can one portion of one poliical party push for legislation that states all you have to do is walk into the correct voting precinct and state any name and cast a vote for that person? Literal video of someone being handed Eric Holder's ballot to cast a vote in his name during an election. The argument that low income people cannot afford an ID is also horeshit too since those persons are receiving food-stamps/welfare/medicaid/all-of-the-above and every single one of those process require those same persons to show ID. So those fake disenfranchised people already showed an ID just to be able to apply for benefits. There honestly is no real reason to prevent requiring proof of identity to vote. To the contrary, going out of your way to prevent verifying identity is as obvious as saying 'hey look over that way' to get you to turn your back while they do something. Proving identity is essential for the security of voting process, and any valid argument as to where potential problems exist, only serve to resolve those issues, not abandon the idea of security in the first place.

No need

[burtosis]

Just have a federal right to vote by mail in addition to whatever exists now. In 5 states this is the only way you can vote, but every single state has some kind of vote by mail system that can be expanded. If it’s good enough for active military it’s good enough for everyone. Automatic voter registration and same day registration should also be a right in every state.

Re:

[ShanghaiBill]

Just have a federal right to vote by mail in addition to whatever exists now.

That would require amending the constitution.

Probability of that happening: 0%.

Re:

[Darinbob]

Technically, if the constitution doesn't forbid it, then we already have that right! Huzzah!

Re:

[ShanghaiBill]

Technically, if the constitution doesn't forbid it, then we already have that right! Huzzah!

The Constitution doesn't forbid states from implementing universal vote-by-mail. Several states, including Colorado, Hawaii, Oregon, Washington and Utah, have already done this.

But the Constitution does not permit the federal government to require vote-by-mail.

Some states make VBM universal.

Some states make VBM optional and available to anyone who requests it.

Some states deny VBM to any voter without a valid reason for an absentee ballot.

Re:No need

[slack_justyb]

Just have a federal right to vote by mail in addition to whatever exists now.

That is more complicated than is let on at first blush. First some background, Article I Section 4 Clause 1 of the US Constitution.

The Times, Places and Manner of holding Elections for Senators and Representatives, shall be prescribed in each State by the Legislature thereof; but the Congress may at any time by Law make or alter such Regulations, except as to the Places of choosing Senators.

This indicates the exclusive nature of voting by the States. And courts have upheld that States get the vast majority of sway when it comes to how elections go down.

However one of the more famous times recently this "regulation" power has been invoked is with the "Motor Voter" law that went into effect in 1995, which forced states to offer the ability to sign up to vote when you go to renew your driver's license. The only exemption to this is if the State does not require voter registration or the State offers Election Day Registration (EDR). As it stand North Dakota is the only state that is exempted by not requiring any form of voter registration and Idaho, Maine, Minnesota, New Hampshire, Wisconsin, and Wyoming are exempt since they offer EDR.

Congress has full authority to pass law regulating Federal elections. Now what Congress cannot do is change when voting happens in a state, where the voting will happen, and how the voting will proceed.

That last part is the highlight question to something like what you ask. Congress can say, "Women can vote", "You do not need a title to land to vote", and "you must offer the chance to register at the DMV." This all deals with how someone is recognized as a voter, not the method they will use to vote. Now Congress has indicated [congress.gov] that they want to strip all conditions to vote by mail. Which they can do, but a State still has the right to offer it or not. Additionally, some States redefine mail-in voting as proxy voting which, without getting too detailed, can still have restrictions on even if HR138 passed and became law. Now those restrictions would trigger lawsuits and it would be hazy on where the Courts would go on that. So, it's not as clear as "just do A then B" as it would seem. There is a lot of detail being skipped over here, so don't take my account as covering every single point here. But I did want to convey that changing elections in the US at the Federal level, is really, really difficult.

Lots Of Things Wrong Here

[Jane Q. Public]

I'll start with the first point:

1) Elections are different. Lots of people bank, shop and socialize online -- putting their money and personal details at potential risk of theft or other exploitation. But elections are unique for two reasons: They are anonymous and irreversible. Aside from party caucuses and conventions, virtually all U.S. elections use secret ballots and polling places designed for privacy. That protects people from being blackmailed or bribed to vote a certain way -- but it also means that, barring an advance in the technology, voters have no way to verify that their ballots were correctly counted or challenge the results. That's far different from a consumer's ability to contest a fraudulent credit card purchase, which depends on their financial institution linking their activity to their identity.

This demonstrates lack of imagination. These issues have been tackled and solved.

Let me give you an example: In WA State, ballots are mailed in using 2 envelopes: the inner envelope contains your anonymous ballot. The outer envelope has your name and address, and a place for your signature.

When signed ballots are received, the name and address (and signature if necessary) are checked against the list of registered voters. Your name is checked off as having voted, and the inner envelope is then put in the pile to be counted.

So whether you voted is recorded, but not how. The number of names recorded as having voted is checked against the number of votes actually counted.

You can go online later to see whether your vote has been counted.

There is a paper trail; there are paper ballots showing the actual votes and they are saved.

Anyone who is involved in the election can send observers to where the votes are marked off and tallied.

Using that system, it would take a rather large and involved conspiracy to cheat by a large amount.

I'm not claiming all places that have wanted to implement mail-in voting lately have such a system. I'm just saying that it does exist, and it is approximately as secure as in-person voting.

Re:

[Anon42Answer]

Your details to your own statement "These issues have been tackled and solved." do not address the issues and whole misdirect the focus and nature of internet voting.

Reread what you quoted

[raymorris]

Reread what you quoted and then see if any of what you said in any way refutes anything that you quoted.

>> That protects people from being blackmailed or bribed to vote a certain way -- but it also means that, barring an advance in the technology, voters have no way to verify that their ballots were correctly counted or challenge the results.

> So whether you voted is recorded, but not how.

So the system you described does not allow the voter to verify that their vote was correctly counted or challenge an error.

It in no way protects from a person forcing or "strongly encouraging" someone else to vote a certain way. This was a real problem before secret ballots - employers would have have employees vote as directed.

Just this past week someone here on Slashdot said he always fills out a mail-in ballot in his wife's name, so his vote is counted twice.

I've been writing security-related software for over twenty years. Designing and building secure internet systems is what I do and what I've done pretty much my whole adult life. There's no way I'm touching online voting. Aside from the obvious issues that systems routinely have major security holes, that they don't function as designed, it's actually provably impossible to design any web-based system with some of the security guarantees that In-person voting has. Even if the system were implemented perfectly.

For example, in-person, you go to the voting booth by yourself. Nobody else can see your vote, so they can't buy your vote or bully you to vote a certain way. Any web-based system allows somebody to stand there and watch the homeless folks vote as directed for $2/vote. It allows whomever to order you to vote a certain way, and watch to be sure you do so.

Re:

[raymorris]

> It's well within the purvue of research-level computer scientists (not webbies) to produce a formally verified remote voting protocol and a formally verified, zero-dependency open source implementation of it to provide all of the guarantees of paper voting in its formal specification.

Only if it's in the purvue of said scientist to come to each house and watch the person vote, to ensure their spouse / parent / guy who paid them with a pack of cigarettes isn't watching the screen, among other things.

Re:

[LynnwoodRooster]

No, not at all. Trivially easy. Bribe a single mail carrier in a neighborhood that traditionally votes the way you DON'T want to go. Pay them to just throw out all ballots. I didn't "add" votes to the total, I merely "deleted" likely votes I don't like. A single person, carrying ballots without any accountability, spread over a few weeks - no one will notice.

Re:

[h33t l4x0r]

The mail carrier will almost certainly get caught and do real prison time, somewhat reduced after snitching on you. But you're right, the attempt is easy, just getting away with it that's tricky.

Re:

[thegarbz]

So whether you voted is recorded, but not how. The number of names recorded as having voted is checked against the number of votes actually counted.

And yet that process relies on human oversight over humans. It is not an anonymous process. I dare say the enemy of perfect is good enough applies in this situation, but even this process here is in many ways *less* anonymous and more open to problems than in person voting.

Hard to know where to begin

[AlanObject]

I bet there are more than a thousand engineers within 20 miles of me who could design and implement an online voting system that was 1) secure, 2) audit-able, 3) universally accessible, 4) inexpensive compared to what we have now, and 5) anonymous.

Almost everything this article has to say about the risks of online voting is wrong.

Obsessing over possible hacks and individual system failures is pointless and counter-productive. Assume a hack can happen. Your design goal is to make the hack meaningless.

Re:Hard to know where to begin

[Jane Q. Public]

You'd probably be wrong.

Online systems today are unconscionably fragile and prone to vulnerabilities.

They are too complex. And the tools used and components from which they are built are often not sufficiently audited for security.

Here is an example: one of the most popular software libraries used today for encrypted logins, called "bcrypt", went for years without being thoroughly audited by cryptographers.

In fact, the authors stated that "we hope" the additional key-generation rounds they implemented in order to slow down its operation did not introduce new vulnerabilities.

And it was reasonable to think so, considering the way it was built. But hope and thinking so just don't cut it when it comes to cryptography.

In fact I'm still not sure whether bcrypt has, in fact, been thoroughly cryptographically audited.

Re:Hard to know where to begin

[Darinbob]

Trouble is, those qualified engineers won't be building such a system. Instead some fly by night corporation will do it by winning the lowest bid and outsourcing the work to China. Sadly, this is not a joke.

Re:

[AlanObject]

Unfortunately you are right about that.

Re:

[LynnwoodRooster]

Instead some fly by night corporation will do it by winning the lowest bid and outsourcing the work to China. Sadly, this is not a joke.

"And in other news, we're happy to announce that President-elect Xi Jinping will be occupying the White House in January 2021. His first declared act will be to make Chinese New Year a new National holiday..."

Re:

[Nkwe]

Don't forget the requirement that it must not be possible for a person to see (demonstrate to others actually) *how* they have voted after the fact, only that they have voted. Many really smart people have spent a lot of time thinking about this and the answer is always the same - online voting is a bad idea.

Re:

[phantomfive]

I bet there are more than a thousand engineers within 20 miles of me who could design and implement an online voting system that was 1) secure, 2) audit-able, 3) universally accessible, 4) inexpensive compared to what we have now, and 5) anonymous.

If you live in Silicon Valley, there aren't a thousand engineers who can do that. SV is oriented towards rapid development, not security.

Re:

[JaredOfEuropa]

The thing is: ideally the voting process is auditable by laymen, and that means they must understand the process end-to-end. Any idiot understands how paper ballots works, how the counting works, and how it is hard to perform any large scale fraud if there's enough impartial observers watching. And if they want, they can perform the role of impartial observer themselves. That way you can ensure that the vast majority of people will respect the outcome of the election even if it didn't go their way.

Wit

Re:

[NormalVisual]

I bet there are more than a thousand engineers within 20 miles of me who could design and implement an online voting system that was 1) secure, 2) audit-able, 3) universally accessible, 4) inexpensive compared to what we have now, and 5) anonymous.

Regarding points 1 and 5 - I'm curious to see how they'll get around preventing someone from watching how you vote on a computer at the library or at an internet cafe, and paying you accordingly.

Re:Hard to know where to begin

[LionKimbro]

Clearly, you have not worked in computer security.

If you did, you could find 5 flaws in what you are saying very quickly, and given an hour, come up with at least 30.

Here's my 5 quickies:
1. monitoring software observes what you are doing, and reports it
2. software is hacked, performs a particular vote, regardless of what you say, and then reports back to you that you voted the way you did, in convenient audit
3. network stack is hacked; with access to local private keys, is able to intercept and modify your vote
4. "the vote is determined by the person who (or computer that) counts the vote" -- sure, you can audit your vote, but you can't audit anybody else's vote, and only the tally is what matters
5. the point is to have a process that people can trust because they understand everything about how it works, and not efficiency -- because the system is super-obscure, it fails to generate trust in the process -- furthermore, people who actually work in computer security will say what they say today: THIS IS NOT TRUSTWORTHY

You've rested your argument on the financial industry. Guess what: All those banks have perfect ledgers about how money moves where and when. It is completely transparent to them -- and not just to them, but to various government agencies. There are strict rate limits on monetary transfers over a certain amount. When moving around large sums of money, there is mandatory reporting. We tend to not think of opening a bank account as a big deal, because we just deal with personal bank accounts. But at the corporate level, opening a bank account is a BIG deal, and you can get arrested for attempting to opening a side bank account. Tracking the money is where it's at. So it's not comparable, AT ALL, to anonymous voting and anonymous vote tallying. Your thought that it is "because every consumer monitors their own account" is completely incorrect. It's because there is a completely transparent and redundant system every step across the way.

Encryption is great: a person can send a message to another person and it can't be deciphered in between. "Yay," but it doesn't solve our problems, at all. Public key encryption doesn't solve the problem of the security of a vote. One time pads do not solve the problem of the security of a vote. Homomorphic algorithms do not solve the problem of the security of the vote. How do you confirm that people are not double-voting? If you register keys or pads, you have eliminated anonymity. If you do not register keys or pads, who the hell is sending you a vote, and who is sending votes multiple times? There is an extremely high motive for foreign and internal actors to subvert and control the system. The best subversions will cause a vote to be won by a fractional amount, and will do so imperceptibly, and may even erase it's tracks, so that audits show a clean system.

You say that "brilliant engineers can solve all of the problems." Will you listen to the brilliant engineers, when the brilliant engineers tell you, "NO" ..? I assure you, the brilliant engineers understand public/private key cryptography, which is covered in most any undergraduate computer science discrete mathematics course. Engineers know exactly what it can do, and can't do. Security experts understand that encrypting and decryption of the message is the LEAST of the problems of securing an anonymous vote.

Again: Securing the transmission of the message is the LEAST of the problems in secure voting. It is just one tiny piece in a very large puzzle of problems that have to be solved.

It is not "common sense" that considers it impossible -- it is profound thinking on the parts of highly knowledgeable people. What is "common sense" is "if you can dream it, they can do it." The uncommon sense is understanding, "You know what, this is actually pretty difficult, when you start to think about it..."

Voting is NOT about convenience, and it is NOT about efficiency. It is about TRUST.

Paper ballots wor

Paper ballots or paper trail, with options?

[Dasher42]

It seems to me that the act of casting the ballot thoughtfully is time-consuming and demanding of equipment. Doing that off-site with researched guides offering solid pro-and-con would allow a more informed choice to the public.

Yet, only a paper trail is secure. Might we not cast our ballots in different ways, but opt to show up in person to certify a paper ballot printed with our selections? This would speed things along, and could be done with the integrity of paper ballots which most other democracies still use.

Re:

[AmiMoJo]

The issue is voter suppression. The Republicans have done so much to repress voters that people are looking for ways to bypass their restrictions, including postal voting and internet voting.

Everything is a risk, talk about balance

[fermion]

One way to create FUD is to list all the things that are bad. If you just want to make everyone feel that the world is going to end if some change occurs, then just talk about all the bad things that will happen.

If you want to stop the windmills, focus on the birds it will kill. If you want to stop the scooter, focus on the fact that they litter the streets. If you want to stop the expansion of learning to online platform, focus on the the few that do not have a smart phone or data plan.

There is no do

Re:

[CptJeanLuc]

If there is any FUD here, it is the comment I am replying to. Well, it is more "fuD", with focus on the D. You are sowing doubt where none is warranted.

Paper ballots work. There is a paper trail, in case of uncertainty, count the votes once more. It is hard to rig the system, at least on a large enough scale to influence election results. Corrupted nations or states can do it, but you have to ban election observers etc, which basically tells anyone the election is rigged - so you do have to give the game aw

Sadly, probably won't fix problems with voting

[Rick Schumann]

On the surface you might think that internet voting might fix a bunch of problems, but I don't think it'll fix the problem of whole demographics of people being excluded in one way or another from voting. You know who I mean for the most part. The people who want to keep certain people from being able to vote will just find a way to delete or otherwise invalidate their votes, or for all we know, change them to what they want.
For the time being we need to be able to vote using physical ballots and ensure th

Want to stop e-voting, privatize it

[misnohmer]

Nobody is making money on classic voting, so nobody to lobby to keep it that way. If you look to other industries, like poker for example, states will fight you tooth and nail against you playing online, while they have no problem you doing it at local card rooms or casinos. WA state went so far to criminalize online poker in order to protect brick and mortar businesses, and even duding COVID-19 lockdown, if you want to play, violating the lockdown rules to setup a home game is less of an offence than tryin

security isn't the main principal issue

[gl4ss]

it's that you can setup shop near a mcdonalds and pay people a bigmac in exchange for their vote. thats the main reason for a closed ballot vote in the first place and not for a system where you just go and put your vote in a book (which is 100% secure and tamper proof but also so transparent that your employer knows if you voted for him).

just that you have an _option_ to show other people what you voted for compromises the whole idea.

some people don't mind that though - but it actually does matter. especia

And Just like that!

[SirAstral]

You lost something you never had to begin with.

I love the smell of confusion in the morning!

Remember folks, this is not a democracy of any kind, and as the riots have been proving lately, you only have the rights you "demand". I tell you what... you give me all the power and I will be happy to tell you what you want... sound good? Oh wait... that does not change anything for you, but it does change me into having a lot more power than I do now.

Just remember that when you go to the poll and vote R or D, you are voting for just more corruption and whatever changes that crazy mess brings us.

Technical solution for #3

[sizzlinkitty]

The third item could be resolved by spinning up a unique container in a cloud provider and putting a html 5 interface in front of it which connects internally over vnc. Then present the user with a series of questions to verify their identity and after passing them, allow them to cast a vote. After which the container will be burned and it doesn't matter what is on their personal devices.

Hacking: bad, manipulating voters: good

[petes_PoV]

The goal of any election is to return a "true" result. That the candidate(s) who win are offering the most beneficial elected term to the largest number of voters. As judged by those voters and recorded in their votes.

One way to falsify that result is to interfere with, or corrupt, the voting process. This can be done at any step along the way - no matter what the actual process of casting that vote is. However, an equally effective way to produce a bad election result is for one or more candidates to off

Enabling voting fraud is the intended result

[khchung]

Like the news about some universities stop using standardized test scores as admission criteria, the way for the move to online voting make sense is that making fraud possible is exactly the intention of this change.

You think anyone sane, after hearing about so many various govt/companies getting hacked, or numerous data leaks, would still think that it is possible to secure online voting? People are already so worried that many are against contact tracing apps! I.e. people won't trust technology even if

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[kaur]

The Estonian internet voting system is mostly working as you describe it. The government-issued digital identity does the identification part, encryption does the secrecy part, distributed systems and procedures ensure role separation. Everything is audited, the procedures are public, the cryptographic protocol is public, the source code of the system is public. Risk analysis & management, security management, auditing and oversight are all part of the system.

This has worked since 2007. We got a statew

popcorn

[Cajun Hell]

On the bright side, at least no matter how the presidential election goes, we already know the outcome is very likely to be disputed afterwords, so there should be a lot of fireworks and drama. (Are you still paying for entertainment?) Hopefully the winner's margin is larger than the total number of voters in West Virginia and Delaware combined.

You could say we have already been dealing with absentee ballots for a century or two, which come with the same theoretical risks despite it not really being the same, thanks to its more oldschool physical, formal and regulated interface. We never let the fact that overseas soldiers are allowed to vote, make us question an election, did we?

But if peoples' malware-infested PCs and phones are now being thrown into this, then Republicans' shrill screeching about the integrity of the mailman becomes obsolete. While everyone laughs at Republicans, their phantasmal demon mailman cackles along ... and his backup cavalry arrives: THE INTERNET joining up with the older, greyer horsemen of the questionably-secret ballot (the domestic abusing spouse or the tyrannical employer). Suddenly that's some credible election FUD.

When someone says "I'm not sure I believe these numbers," you won't even be able to say they're wrong, no matter how crazy they are, because nobody should believe those numbers. And even if West Virginia and Delaware's votes don't matter in the presidential election because the other states do a landslide, these votes-we-can't-trust states will still send newly-elected reps to Congress.

Re:

[thegarbz]

I for one just hope we get a senile old grandpa than an oversized manbaby running the country next. I mean either way we're screwed for the next 3 years as well, but one is slightly less screwed than the other.

I mean seriously 370milllion people in the country and the choice boils down to someone who acts like a 2 year old and someone who was alive when Lincon was shot?

End to end encryption is a solved problem

[johannesg]

Not having privacy will certainly hurt democracy, as some groups will simply force a specific vote that is verified by the leaders of the group, tampering with the voting application can be done invisibly making it a very desirable point of attack, and without a paper ballot there is no possibility of a recount in case of doubt, but end to end encryption is a solved problem. It's not enough to guarantee online voting, but that is not what makes it impossible.

When your computer talks to your bank, the server

Paper Ballots

[Ranger]

Voting needs to be auditable. It's not just a matter of being able to recount votes, but you need to be able to check every step of the process. You can use electronic devices but there needs to be a paper trail. And as long as Republicans continue to suppress voting, just no to online voting.

On a separate note we should embrace ranked choice voting for candidates. It reduces the likelihood of extreme candidates from winning and gives third parties a real shot at participating in elections without spoiling

Powers that be

[codeButcher]

But... But how will they get "the right" people into power if they can't manipulate elections???

Get $100 do your e-voting at my place

[heson]

Do your e-voting at my place, if I see that you vote correctly you get $100.
This way we can jump start the trickle down economics by giving the poor a good incentive to vote for lower taxes for the rich and a lower minimum wage.

Re:Also applies to vote by mail

[ShanghaiBill]

How many of these also apply to vote by mail

Fraud can happen in any election. But the number of co-conspirators needed to effectively cheat in a vote-by-mail election is vastly higher than in an online election.

With vote-by-mail, you would need to modify thousands of ballots by hand. I do mine in ink.

The cheaters would also need to be in the right place, such as employees at the post office.

To cheat online only takes one person and it can be done from anywhere.

Re:

[Jane Q. Public]

That's similar to what I said above.

Re:

[h33t l4x0r]

Voter fraud [washingtonpost.com] is hard to get away with, and is a felony. That's why I say to people thinking about trying it, please, for the sake of the people in your life who care about you, consider murder instead.

Much easier to get away with and you can still affect the election.

Re:

[Z00L00K]

It might be a felony, but if the perpetrator is located outside the jurisdiction - or has left the country - then it might be hard to follow up.

Re:

[bigfinger76]

voter fraud is quite common

No, it isn't. It 's quite rare, actually.

Re:

[h33t l4x0r]

1071 [whitehouse.gov] is not rare, but it is a very low percentage of votes cast. Since neither side is more likely to profit from it than the other, the fact that only one side is making a fuss tells you there must be something else going on. And that something is that mail-in-voting will make it very hard to disenfranchise certain "types" of voters by under-servicing their communities. And no I'm not talking about old white people.

Re:

[Rhipf]

1071 is just a number. Out of context it can be either rare or extreme.
Let's assume that those 1071 cases of fraud occurred in one polling station during one election. In that case I would say that is an extreme case of fraud.
Now, let's look at a more realistic case. Those 1071 cases of fraud you linked to are from several elections over several years. Let's assume that over that time period there were only a total of 1,000,000 total votes cast. That would mean that the incidence of fraud is approximately 0

Re:

[h33t l4x0r]

Don't forget buying groceries.

Re:

[LaughingRadish]

I prefer to listen to the experts in data security who have demonstrated for decades that it's quite easy to accomplish. Given that, do you really think it's quite rare?

Re:

[account_deleted]

Comment removed based on user account deletion

Re: Also applies to vote by mail

[daath93]

It doesn't take modification. They found cases of unopened balots sitting in a post office a year later, here.

Many Ways To Cheat

[SmaryJerry]

There are more ways to cheat an election than just altering ballots. For example it wouldn't be hard to just print infinite ballots to be mailed in.

Re: Many Ways To Cheat

[e3m4n]

If not cheat, simply flood the system with so much FUD that trying to sort through valid versus invalid that they have to abandon the process entirely. Lets say your precinct distributed 8000 ballots (keep in mind city counsel positions make ballots unique for every precinct), but received 18,000 ballots back. Even with unique watermarks who has voluntary based time to verify this? Remember Dade County Florida in the 2000 presidential election and those damn punchcards?? If it wasnt so close of. Presidentia

Re:

[phantomfive]

Fraud can happen in any election. But the number of co-conspirators needed to effectively cheat in a vote-by-mail election is vastly higher than in an online election.

Mail-in votes enables vote-buying. If someone can watch you vote, they can be sure of who you voted for. This is a historically common form of voter fraud, and it happens in some countries still today.

A century+ ago, free drinks and money for a vote

[drnb]

But the number of co-conspirators needed to effectively cheat in a vote-by-mail election is vastly higher than in an online election.

No. Its exactly the same. Spouse, boss, etc watches you vote. Over a century ago you could get free drinks and money for coming in and voting for the sponsored candidate. There is a reason our voting became private at a gov't controlled facility, it was due to wide spread abuse when it was not.

Re:Also applies to vote by mail

[ShanghaiBill]

I live in California and I vote by mail.

My ballot comes with a unique numerical ID and a barcode.

I can go online and verify that my ballot was received.

Re:

[niftydude]

Interesting - I haven't lived in Cali for a bit over 20 years.

Does the system also allow you to confirm that what they received for your numerical ID is what you sent?

Re:

[mce]

Out of genuine interest: What options do you have if/when it was not received?

Re:

[Z00L00K]

Can't you go to the post office to hand in your ballot? Unless they recognize you and know where you stand beforehand it's not going to be an issue.

Of course - there's not anything that says that there's someone at the postal office that do ballot stuffing, but that can happen at any point in the chain up to the counting regardless.

Re: Also applies to vote by mail

[e3m4n]

The driving force behind this entire topic is social distancing. Turning a post office into a voting precinct is no different than just staffing a precinct in the first place. Actually there are fewer post offices than precincts so it might actually be worse.

Re:

[CaptQuark]

Talk about edge cases. Both Washington and California have bar codes to track vote-by-mail ballots. You can also drop your own ballot at the post office or polling drop-off station if you're paranoid about a random mail handler hiding your ballot.

---

Re: Also applies to vote by mail

[e3m4n]

What if I am paranoid that this unique ID was cross-referenced with my drivers license, name, and address when I applied for a ballot? How does that meet the states construction that necessitates anonymous voting??

Re:

[Nidi62]

Seriously is it that hard to actually turn up in person and vote?

For a lot of people, yes, it is. Let's look at the recently completed Georgia primaries for examples why:
Closed precincts, reduced staff, and faulty machines led to long lines in certain areas, meaning people would have to wait hours in many cases (some even waiting until after midnight). This, combined with the heat and storms rolling through the area means it is quite likely people gave up and simply left, not voting. For those who did wait hours, well, not all people are able to devote that much time.

Re:

[Quirkz]

1) You can drop your ballot off at a safe drop spot. Or any mailbox, anywhere. You don't have to put it in your own personal mailbox for outgoing.
2) If one district had a suspiciously low ballot return percentage - say 40% instead of 60% everywhere else, I think they'd investigate.
3) Many states have methods where you can look up online and confirm your mail-in ballot was received.
4) Any mail carriers handling ballots would have to have a pretty good reason to believe the ballots in their hands skew opposit

Re:

[Darinbob]

Many (most?) states already have vote by mail and have done this for years, even true blue red states.

Re:

[ShanghaiBill]

Utah is the reddest of the red and has universal vote-by-mail.

Re:

[93 Escort Wagon]

How many of these also apply to vote by mail, the thing that the left is trying to force on us in the name of safety from the Wuhan Flu?

Records show us that Trump's been voting by mail since at least 2004 - so he must feel confident that it's safe.

Re: Also applies to vote by mail

[zkiwi34]

If you believe a state government can put together a trustworthy mail-in voting system on a large/statewide scale In less than 6 months, youâ(TM)re as mad as Trump is any day of the week.

Re:

[LaughingRadish]

Maybe you could show where those details are mostly incorrect.