Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
United States

An Anonymous, Verifiable E-Voting Tech 236

Kilrah_il writes "After the recent news items about the obstacles facing E-voting systems, many of us feel it is not yet time for this technology. A recent TED talk by David Bismark unveiled a proposal for a new E-voting technology that is both anonymous and verifiable. I am not a cryptography expert, but it does seem interesting and possibly doable."
This discussion has been archived. No new comments can be posted.

An Anonymous, Verifiable E-Voting Tech

Comments Filter:
  • by alen ( 225700 ) on Wednesday November 03, 2010 @09:40AM (#34111454)

    and how much better is it than marking a circle with a pen and having someone scan the ballot into a machine? most of the issues with e-voting have been that people are too dumb to see what they are doing

    • Re: (Score:3, Insightful)

      by jcrb ( 187104 )

      Agreed, E-voting is the classic solution in search of a problem.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Problem: Politicians who desire the ability to freely pillage and back-stab the population have to worry about winning elections.
        Solution: E-voting.

        • Re: (Score:3, Insightful)

          by KarrdeSW ( 996917 )

          Problem: Election workers don't feel like counting paper ballots by hand or feeding them one at a time through a scanner.
          Solution: E-voting. I'll just print off an Excel report.

          FTFY

          The people who write and distribute RFPs for electronic voting systems are generally not interested in the outcome of the election, they are just a worker drone trying to utilize technology to make their job a bit more glamorous than counting papers.

        • by AigariusDebian ( 721386 ) <`gro.naibed' `ta' `suiragia'> on Wednesday November 03, 2010 @03:20PM (#34116494) Homepage

          Let's see:
          * disabled people of all kinds,
          * sick, old and just tired people who want to vote from home instead of driving for half an hour and then standing in line for an hour
          * travelers who want to vote from wherever in the world they are
          * young people who don't like boring old voting stuff

          In almost all of these cases in the US e-voting favors Democrats - young, educated, lazy, traveling. That is the reason there is a subversive trend to undermine it by creating very, very badly misdesigned e-voting machines.

          Now if your country does not have that problem, you might be like Estonia - every citizen gets an ID card with a proper PGP-ish electronic signature in it and he can vote on a web site using that signature either in a voting booth or at home and later verify his vote with a hash on a tally. And that has been fully working for two elections already with no problems.

      • Please tell me - do we get ANYTHING out of e-voting apart from a time saving between closing the polling stations and declaring the result?

        For elections regarding terms of more than 4 years - forget it. The potential lack of trust in e-voting (as opposed to regular paper voting), because conspiracy theorists will immediately claim any election was stolen, which is a lot harder to do if there are actual people counting the votes publicly...

        Just think about how much time is still being wasted discussing wheth

        • Re: (Score:3, Interesting)

          by Quantus347 ( 1220456 )
          Do the words "Hanging Chad" mean anything to you? Paper voting has as many problems as E-voting, and as much potential for massive screw-ups. If there were a system that was actually secure, e-voting would be great. Unfortunately, the systems out there are all closed system "black box" deals where the manufacturer refuses to reveal any of the internal workings. Because of that the only people who actually know are the hackers using them to fix elections. If they were open, and thus subjected to rigorou
          • Do the words "Hanging Chad" mean anything to you? Paper voting has as many problems as E-voting, and as much potential for massive screw-ups.

            Correct me if I'm wrong, but were the hanging chads not created by machines?

          • by ArcherB ( 796902 )

            Do the words "Hanging Chad" mean anything to you? Paper voting has as many problems as E-voting, and as much potential for massive screw-ups. If there were a system that was actually secure, e-voting would be great. Unfortunately, the systems out there are all closed system "black box" deals where the manufacturer refuses to reveal any of the internal workings. Because of that the only people who actually know are the hackers using them to fix elections. If they were open, and thus subjected to rigorous enough testing to consider secure and reliable, we'd be golden.

            Besides, you shouldn't really assume that the machine that electronically reads your paper ballad and transmits the results are any more secure/reliable as the purely electronic solution.

            Why not have both. You place your vote electronically (electronic voting), it prints a receipt clearly listing your choices with a barcode linking that receipt to your voting session. After reviewing your vote receipt, you place your receipt in a box (paper voting). If you have a problem with your vote (receipt doesn't match your choices), the poll worker can scan the barcode to remove your vote, allowing you to vote again. All voided votes should be kept in a separate box for verification.

            Results would

            • by MadCow42 ( 243108 ) on Wednesday November 03, 2010 @10:53AM (#34112810) Homepage

              Vote buying. That's what's wrong with it.

              ANYTHING that gives the voter the opportunity to walk out with confirmation of HOW they voted is a huge problem. In the system you describe, the voter could decide to not put their paper slip into the box, or to drop in a fake substitute (and no, you couldn't verify it was a real slip without making their vote non-anonymous in the process).

              So, they walk out the door, show their slip to "Guido", and poof - their vote has been bought.

              The only time their vote gets screwed up is if a manual recount is done at that station, which in terms of % is low (by design - with an electronic system).

              You need a solution where the original vote is cast on paper, and is scanned in (and retained) by the system... and the voter verifies their vote electronically on screen before walking off empty-handed.

              MadCow.

              • by ArcherB ( 796902 )

                ANYTHING that gives the voter the opportunity to walk out with confirmation of HOW they voted is a huge problem. In the system you describe, the voter could decide to not put their paper slip into the box, or to drop in a fake substitute (and no, you couldn't verify it was a real slip without making their vote non-anonymous in the process).

                The paper "receipt" is the paper ballot. The voter does not take it with them. It goes into the ballot box after the voter verifies that it is correct.

                If you are concerned that a voter might place a fake ballot in the box, you could put a system in place that scans the barcode as or before the ballot is dropped in to verify its authenticity. You could even set it up so that the vote is not officially counted until it's scanned and placed into the box.

                You bring up a good issue, but not one that isn't easi

                • So how about each polling place and printing machine have a mini digital signature. Polling place setup involves loading hashes of the printer signatures into each scanner at the location.

                  The receipt (that the voter takes with) has a code, and the ballot has a hash of that code. Voters scan the receipt code to "open" the scanner, *then* they can scan the corresponding ballot if the hash matches.

                  The ballot includes a barcoded signature block using the location key, printer key, creation timestamp and has

              • And paper voting?

                Vote buying. That's what's wrong with it.

                ANYTHING that gives the voter the opportunity to walk out with confirmation of HOW they voted is a huge problem. In the paper system , the voter could decide to pull out their camera phone, take a photo of their market ballot.

                So, they walk out the door, show their photo to "Guido", and poof - their vote has been bought.

                and even with a manual re-count it doesn't show up.

                but people are hopeless romantics about paper.
                everything is better on paper.

          • Re: (Score:3, Insightful)

            by dkleinsc ( 563838 )

            Do the words "Hanging Chad" mean anything to you?

            Yes, it does. Also the Minnesota senate election in 2008. In both cases, because there was a physical record of each vote, there were clear ways of determining exactly what the vast majority of voters intended to do, even those who didn't do exactly what the counting machines expected. The problems in both those elections were because partisan jackasses were coming up with excuses for why votes for the other guy shouldn't count, or why something that may or may not have indicated a clear intent should count

          • Foolish (Score:5, Insightful)

            by bussdriver ( 620565 ) on Wednesday November 03, 2010 @01:46PM (#34115298)

            Voting systems need to be understandable by the voter. This means KEEP IT SIMPLE, STUPID. A computer expert should not be involved.
            A counting machine based on PAPER can be physically verified and observed by anybody who can COUNT including the interested parties so all are confident of the result. Even a closed corrupt count could come to light if the paper record is preserved. A counting machine can be ignored during a recount; if there is nothing to count then there is no recount and even less deterrent since one can't validate the results. One can't even know if the machine is hacked while a counting machine can be compared against a paper count.

            You have to be ignorant OR foolish to think that ANY computer system is better than a paper one under the same conditions. A totally open computer system can be hacked and all traces removed - you do realize that linux still gets patched for security holes right? A hacked compiler or linker can produce bad programs despite clean code. Foreign made hardware components are also suspect (doesn't he NSA have a chip fab plant of their own?) It would take multiple experts just to verify machine at 1 point in time; even then could easily miss a clever attack or a serious security hole. That is barring any tampering after 100% verification (which would only be in theory because you can't get to 100% just like you can't ever be 100% sure a program is bug free.)

            The hanging chad problem was over hyped but it is a great example of a solution for a non-problem that complicated the paper system thereby creating a security flaw. It should be obvious that a simple system everybody could see was flawed took so long to be killed off was a problem and now we have people asking about a much much much more complex system and one which only a specialized few could identify flaws?? It defies reason.

            Of course, its a somewhat moot issue since the system favors 2 parties which are for sale so any games between the zealots are just a distraction from the larger gaming of the public by the powerful.

        • Re: (Score:3, Insightful)

          by gumbi west ( 610122 )

          There are important benefits. One that I would think the slashdot would like is the possibility of instant runoff balloting.

          In this scheme

          1. every person ranks all of the candidates;
          2. everyone's vote is counted as a vote for their top ranked candidate (their favorite person for the spot);
          3. the lowest vote candidate is removed;
          4. for people for whom this was their top ranked candidate, their top ranked candidate is changed no their next highest ranked candidate

          This possibility has huge upside for third party candi

    • by vlm ( 69642 )

      and how much better is it than marking a circle with a pen and having someone scan the ballot into a machine?

      That is an insightful comment. Could anyone explain the following quote

      many of us feel it is not yet time for this technology.

      That would imply some sort of roadmap or goal is in mind. What is it and why can it not be discussed?

      There seems to be little point in it, other than making money by selling something new.

    • by TheLink ( 130905 )
      What many e-voting proponents overlook is:

      0) A main requirement for voting systems is convincing the losing sides that they _lost_.

      If not enough of the losers believe they lost, you may have riots or civil war.

      Something simple like a decent paper ballot system where the votes are counted in front of observers (from the various parties, and 3rd party observers) can be quite convincing to the losers.

      So even if this e-voting system is that good, it may be still too opaque/fancy for the losers and their support
    • Re: (Score:3, Insightful)

      by Confuse Ed ( 59383 )

      and how much better is it than marking a circle with a pen and having someone scan the ballot into a machine?

      In an ideal system, anybody should be able to independantly verify the following (which currently can't be done in a simple paper based ballot)

      • was _my_ vote counted correctly for the candidate I selected (or not counted if I chose not to participate)
      • Are all the votes that have been counted attributable to real voters
      • has each person voted either 0 or 1 times

      Unfortunately I can't RTFA to see how many of these ideals the proposed system achieves, as it seems to be a video rather than a text based article.

      • by a2wflc ( 705508 ) on Wednesday November 03, 2010 @10:06AM (#34111906)

        You must NOT be able to prove your vote was counted correctly for a specific candidate. That leads to bribes/threats (i.e. your boss can ask to see the proof. if you want to assume that's illegal, think of all the other people who may "ask" to see it or offer something if you volunteer)

        There are ways to do this and meet your requirements, but there is more to it than the 3 you listed.

        • You must NOT be able to prove your vote was counted correctly for a specific candidate.

          Exactly! Although I figure that he has done this, he doesn't explain how. Now, you can tell, at the beginning of his talk that he's addressing a more "newbie" audience, so it doesn't surprise me that he doesn't go into this... but I'd still like to know.

          Until then, I'll stick with punchscan/scantegrity, which is the only system I've seen which seems to be iron-clad. However, in order for it to work like it is designed, it requires that the voting public know what to do (like destructively verifying some

        • It would be cryptographically possible to ensure your vote was correctly counted without reviling who you voted for. With a one way function you could generate a hash of your vote, which would be compared with a second hash generated at counting time.
          • by Yaur ( 1069446 )
            the problem with this is that the amount of data to be hashed is small enough that brute force is possible, especially if the voter has an incentive to assist the attackers.
        • This sounds a lot like the punchscan voting system. I am at work and not able to see the video right now, but I googled bismark and found this article [wired.co.uk], which has some details.

          Punchscan and its variants do allow you to be able to prove to yourself (with a 50% probability) that your vote was counted as you intended. That might not sound like much comfort (only 50%?), but if the election authority tries to change 2 votes, their probability of getting away with it falls to 1/4, then to 1/8 with 3 votes, and s

          • I found a link to David Bismark's home page here [bismark.se]. He is explaining how Pret a Voter works. This is related to the punchscan system, although it works by randomizing the order of the candidate list instead of introducing an indirection symbol like punchscan does.

            Odd that the wired article [wired.co.uk] would not give credit where it is due and mention Pret-a-Voter [pretavoter.com].

            BTW, everyone, this is not an electronic voting system, even though it is uses computers if various ways, it is an optical scan paper ballot system.

        • by dwandy ( 907337 )

          That leads to bribes/threats

          I was in agreement with this, but I'm no longer as convinced this is a problem that needs to be solved.
          With my cell-phone camera I can already take a picture of my vote for proof to someone else so the problem (if there is one) would already exist today; or would be becoming an issue as more and more people have the ability.
          If it does become a problem then we would simply needs to alter the proof function to allow for the user to ask for one of three responses w/o anyone else

      • The primary requirement for voting is that convinces the losers they lost fairly. Technology impedes that objective and Cryptography that no one understands denies it entirely. Transparent observation that people with high school educations can appreciate. Things that decentralize rather than centralize control are valuable too since it makes cheating a retail operation not a wholesale operation. cryptography centralizes things. someone controls the keys.

        All other desired features pale in comparison

    • Re: (Score:3, Insightful)

      by Imagix ( 695350 )
      Have you ever been an election official? Marking a circle is a challenge to people as well.
  • Root problem (Score:2, Interesting)

    by Toe, The ( 545098 )

    Better voting systems still won't fix the root issue: the people who get elected into power are corrupted by that power.

    Metagovernment [metagovernment.org] isn't perfect, and it will take a long time to get up and running, but... how does it compare to what we have now, where votes are sold to the highest bidder, idiots are in charge, and our participation is limited to 30 seconds in a booth every two years?

    • by jcrb ( 187104 )

      Even worse depending on your definition of "better" the voting systems may only server to make corruption worse.

      With all the stories of machines starting pre-loaded with votes, or selecting different candidates that what the voter pressed, or machines that produce no hard copy of the results that will be subject to random sampling, is there any reason to believe that e-voting machines are anything but a mechanism that most politicians support because they hope to be able to use them to fraudulently record v

    • Re:Root problem (Score:5, Insightful)

      by hrvatska ( 790627 ) on Wednesday November 03, 2010 @10:00AM (#34111812)
      The problem isn't the idiots in charge, it's the idiot voters who elect them in the first place. The government in the US is the result of the contradictory demands of a highly polarized and frequently badly misinformed electorate.
      • by Hatta ( 162192 )

        The real problem is the plurality system which excludes any voices besides the two major parties. Until Americans can vote for a 3rd party without handing the country over to the other side as happened in 2000 our political problems will remain intractable. Of course that can't happen unless the Constitution is amended, which would require the two major parties to cooperate to undermine their own power.

    • Re: (Score:3, Interesting)

      by DJ Jones ( 997846 )
      The problem with this metagovernment system you reference is that the average person does not adequately understand our legal code well enough. This is the reason America is more of a republic. It was thought that electing "elite" officials who have our interests at heart but more direct knowledge of law would make better law makers.

      If you live in state that allows referendums this concept becomes very apparent. I consider myself a well informed, educated individual. I've taken many business law class
      • Re: (Score:3, Informative)

        by Toe, The ( 545098 )

        Your critique is entirely correct, and is very much taken into account by the Metagovernment project.

        "The voter doesn't understand the legal code."
        1. People don't have to participate in every decision, just the ones they care about and understand.
        2. Since Metagovernment is a ground-up re-do of governance, it is a re-do of legal code as well. It is not intended to replace the US federal government just yet, but rather small communities' governance. Over time, people will get a better understanding of how to

        • Our concept of electors really exists in a way to balance power amongst the states. As you (kind of) point out, a simple majority really doesn't work well on the national level. Sure, it sounds great, but we don't live in an even world. Nine states contain >50% of the population and 25 contain 16.67%. Dump cash into California, Texas, New York, and Florida and you'll be elected. That's why we have electors, so that yes, Rhode Island and Alaska voters have disproportionate power compared to Pennsylva

    • by TheLink ( 130905 )

      Better voting systems still won't fix the root issue: the people who get elected into power are corrupted by that power.

      votes are sold to the highest bidder, idiots are in charge

      The root issue is not what you claim. If you're talking about the USA, are votes really sold to the highest bidder? I am assuming the elections are not badly Diebolded.

      What makes you so confident "metagovernment" will work? Makes no sense to me.

      1) So far from what I see, in the 2008 US Presidential election, more than 98% of the voters who voted, voted for either a Democrat or a Republican. You get similar figures for the 2004 elections and so on.

      http://en.wikipedia.org/wiki/United_States_presidential_elect [wikipedia.org]

      • by Qzukk ( 229616 )

        I don't tell a chef in detail how to cook my dinner. I'm not as good a cook as he is (if I was better, maybe I should be a chef instead). But I can taste the results for myself. If the results are satisfactory, I'll vote for him again. If they aren't to my taste, I'll vote for someone else.

        So you go to an Italian restaurant and like the food. Next week you're going to go to the same cook and order sushi?

        The exact same problem exists with the party system: the Republicans may have dragged our country into t

        • by TheLink ( 130905 )

          So you go to an Italian restaurant and like the food. Next week you're going to go to the same cook and order sushi?

          Only if:
          1) The restaurant serves good sushi
          2) I feel like having their sushi

          If there are enough people who want Italian restaurants that serve sushi, people would start restaurants that do so.

          Such restaurants already exist.

          The exact same problem exists with the party system: the Republicans may have dragged our country into two wars, presided over a major recession, gave the banks a big fat bailout so they could pay their CEOs a big fat bonus... but at least they're (mostly) anti-abortion, and that's what really counts right?

          You should ask the voters. The Two Parties seem to be able to figure out what really counts for the voters. As a result, between the two, they've been getting about 98% of the votes. Which is not bad given the diversity of the USA.

          If you think voters are voting for stuff just because of o

      • There is choice- the voters could have voted for someone else (e.g Nader) but less than 2% ever do so. So either the Two Parties are better choices than the rest, or the voters are idiots.

        There is another possibility here. Voters don't like either choice from the two parties, but if asked will tell you they absolutely would rather have one of them than have to deal with the other. They may see a viable option among the 3rd parties and independents but a problem arises: They know most people will vote for one of the two major parties, they also know that because of this a vote for the major party they dislike less will create a stronger chance of the other guy losing than a vote for one of

  • Here in Indiana... also known as "flyover country" to you sophisticated Coasties, we are just so primitive and backwards. All we have here are paper ballots that are easy to fill in and are then automatically optically scanned to register the vote electronically while still having a full paper record of the ballots. I wish we could be more sophisticated and have exotic electronic systems that employ security experts to both verify them and crack into them at the same time.. think of all the taxpayer money

    • by jcrb ( 187104 )

      Actually in the very coastie state I live in we have the same lovely optical scanners for our voting.

      However we only scan ballots with machines we don't bother with anything as time wasting as say having the poll worker scan your ID with their eyes.

      It wouldn't matter how great an e-voting system we installed if I can just go from polling site to polling site voting in the place of anyone I know is out of town, dead, planning to vote later in the day, etc

      • by vlm ( 69642 )

        It wouldn't matter how great an e-voting system we installed if I can just go from polling site to polling site voting in the place of anyone I know is out of town, dead, planning to vote later in the day, etc

        Why go to all the trouble? Due to popular "motor-voter" registration laws anyone living in your district with a legal license and/or legal vehicle is probably registered. So all you need to do is crack last years phone book for name/address pairs and start voting. Most years there is a well under 50% chance you'd even be noticed as so few vote. If by some miracle you're "busted" simply walk away, its not like the 90+ year old poll worker will capture you for the feds.

        Reason #324823 to not bother voting,

    • Re: (Score:2, Insightful)

      by fringd ( 120235 )

      that sounds pretty good, but i think this crypto-thing would be better. people are working hard on the crypt to solve real problems [blackboxvoting.org]

      what you describe is pretty good, as it tries to fix problems with throwing the paper votes, but this improves on that a bit.

      it's features include
      * at the end i can check that my vote is in the published database of votes, which newspapers, etc can verify is added right.
      * I cannot prove to anybody else who i voted for (so they can't strong-arm me)
      * officials can not throw the vo

    • In WV we do something similar. They look you up in the register and tear off a stub with your number in the register on it, and write the ballot number on that, then hand you a paper scantron ballot in a plastic privacy folder. You go into a little booth that resembles a lectern with privacy screens to fill it out, then hand your stub and ballot (in the folder) to the scantron operator. He checks that the ballot you handed him matches the stub, places the folder against the input slot on the machine, and

      • My biggest complaint with our ballots lies with the two things I feel shouldn't be on ballots whatsoever -- there shouldn't be a "fill in this bubble for a straight party ticket" option, and the parties of the candidates should not be mentioned on the ballot. It should be as difficult as possible for someone whose stance is "I have no real opinion, but I'm a , so I'll vote for their guy" to vote. You should at *least* have to know who "their guy" is.

  • by Rich0 ( 548339 ) on Wednesday November 03, 2010 @09:55AM (#34111726) Homepage

    I read the article - all zero words of it - so perhaps the multimedia component of it addressed this concern, but I find it hard to imagine how:

    If I can verify that my vote was counted, and can prove how I voted if there was a fraud to force a recount/etc, how does the system make it impossible for me to prove to my boss/spouse/friends/church/etc how I voted?

    The problem with receipts is that if you can prove how you voted, then you can punish people for not voting the right way. All an abusive husband has to do is tell her wife to show up with a receipt showing the correct votes or they'll be beaten. You can make the receipt private, but an abusive husband/wife/parent/boss/etc will just tell people to turn them over or they'll be punished.

    The effects of this kind of thing can be very subtle. People will change their voting patterns even if they think they MIGHT be asked to show that receipt. Maybe everybody in their union or church or whatever voluntarily posts their receipts as a show of solidarity, and who wants to then be the one person who doesn't join in?

    If a voting system is well-designed it should not be possible for anybody to prove how they voted. Other controls should be used to ensure all votes are counted.

    • Re: (Score:3, Interesting)

      by DeKO ( 671377 )

      You do know that TED Talks consist of people going in front of other people and cameras, and talking, right? So perhaps the substance is indeed in the video.

      The guy actually presents a very simple way to verify your vote was correctly registered, without ever revealing who you voted for. The secret is to remove the candidate names (by shredding that part of the ballot), scanning your vote into the system, and taking home the receipt, which contains no names. Only the system knows which is which. You can lat

      • by Yvanhoe ( 564877 )
        So you have a receipt showing that you vote for #3, you know who #3 is, but how can you check that the system counted your vote for #3 as a vote for the candidate you chose ?

        Verifiability and anonymity are 2 things out of 3 necessary for a good voting system. The 3rd thing is independence from a third party. If you need to trust a third party to match information, to keep records anonymous or to correctly make a sum, this is not a good evoting machine.

        All the current solutions require one of the three c
      • But... If only the system knows which option is for which candidate, all you can verify is that your paper and the database have the same option; you can NOT verify that the option listed belongs to the candidate you intended to vote for.

    • My license has one of those complex bar codes on the back. Why not produce a receipt encoded with this value, the allow the voter in votes that are contested by the candidates to be able to return to a polling place and swipe the results to see that their vote was accepted? If like my voting place, no one but the voter is allowed at the booth except under very special circumstances. This of course would require making sure that the poll watchers only permit the owner of the strip to use it.

      Even with such

    • by vlm ( 69642 )

      If I can verify that my vote was counted, and can prove how I voted if there was a fraud to force a recount/etc, how does the system make it impossible for me to prove to my boss/spouse/friends/church/etc how I voted?

      Easy, allow multiple votes with only the last one being counted. The only people whom know which receipt is the last, valid receipt, is you, and the govt voting machine.

      This fixes the casual problem as I can now "prove" to management at work that I voted "R" but still maintain hipster street cred while showing I voted straight communist party ticket. However someone in the govt or an electioneering volunteer could obtain the list of valid last votes. So you'd need some manner of verified destruction on a

      • by vlm ( 69642 )

        Easy, allow multiple votes with only the last one being counted.

        I hate to post a followup to myself but another great idea I had comes from some statistical crypto work I looked into for anonymous cash.

        My idea is give everyone ten ballots and you may only receive a receipt for one of your ballots. So, if you expect intimidation, submit one "R" and get a receipt, and nine "D" and you're safe. The system has no record of which receipts you keep and which you toss in a bonfire or shredder, but a human makes sure you only leave the building with precisely one or zero full

        • by Rich0 ( 548339 )

          That isn't a bad concept. You could probably accomplish the same thing by having everybody just vote like they normally do, and print out a receipt randomly a small percentage of the time (maybe 10% - maybe less). The booth would be designed to make receipt printout undetectable to those in the vicinity (very quiet, or with masking noise/etc).

          Then when your boss asks for a receipt you just say that you didn't get one. However, if you don't know which votes have receipts you don't know which ones you can

        • by NateTG ( 93930 )

          Easy, allow multiple votes with only the last one being counted.

          As soon as you can produce misleading receipts, you can't make verifiable claims about non-counting.

          I remember thinking about this sort of problem, and the basic answer is that if you want to have verifiable voting, you'll need a trusted party to hold the votervote relationship. Though you can split it between multiple places and so on.

    • Wouldn't it be nice if people WERE encouraged to post their vote-receipts to prove that they've voted? Not if it shows who their chosen candidate was, of course, but just a token to demonstrate that they've taken part in the electoral process and thus bucked the trend of political apathy.

      Seems to me that harnessing that peer-pressure to encourage people to take an active interest would be very beneficial to the democratic process.

      As long as we can trust it, of course...

      • by Rich0 ( 548339 )

        Frankly, my feeling is that the only thing worse than people too apathetic to vote are people who are too apathetic to research issues and then they vote anyway.

        If somebody can't be bothered to vote, then then last thing I want is for them to pull some lever just to be more popular.

    • by Splab ( 574204 )

      And this is why you should go watch the movie...

      There is one problem with the system, since the order has been shreded, I can only tell that my vote has been counted in the order I voted, but I can't verify that the count goes towards the people I chose since the order is always random.

      Also, he talks about hand verification, I can't see how that can happen without the 256bit encryption key being supplied to those unscrambling the data (you need to know the sequence to hand count it)) - that means criminals

      • by Rich0 ( 548339 )

        And this is why you should go watch the movie...

        You say "and this is why," and you don't say what the "this" is... By all means feel free to summarize the approach, but it sounds like you don't actually think it will work.

        From your description it seems that they don't actually give you enough information to verify the vote, which means that it isn't actually a verifiable system. Of course, a system that isn't verifiable doesn't suffer from the downsides of a verifiable system... :)

    • by David Jao ( 2759 )

      If I can verify that my vote was counted, and can prove how I voted if there was a fraud to force a recount/etc, how does the system make it impossible for me to prove to my boss/spouse/friends/church/etc how I voted?

      It's the magic of mathematics. Modern cryptography is amazing in many ways, and one of the amazing things is that we know how to do seemingly impossible things like "allow voters to prove their vote counted, without allowing them to prove how they voted."

      There are many ways to achieve what you ask, even if it seems impossible to you. One way is to use undeniable signatures [wikipedia.org]. The idea is that the verification process is interactive, and you (meaning the system designer, not necessarily the voter) can choose

  • Given the recent corruption in all government levels, I don't feel I can entirely trust manual systems, let alone e-voting. I might warm up to the idea a little bit more if basic things, such as - gasp - an audit trail is added to the e-voting. I never understood how an electronic voting machine would not include auditing facilities.
  • A fragile democracy is one where, among other things,
    no-one trusts the current paper-ballot voting system,
    because it is highly manipulated and corrupted.

    Many countries fall into this category.
    Iran is a notable recent case.

    They could use a well-principled Internet voting system
    administered by a UN agency.

    You could run the election for a month to prevent
    voter intimidation. You could have the computer,
    rather than the dictator's cronies, count the votes.

    There would be no more 10% to 20% discrepencies in

    • Re: (Score:3, Insightful)

      by Amouth ( 879122 )
      what we need is a way of making the ones who don't vote - who don't give a shit - who have zero political affiliation - the ones that handle and count the votes..

      Sorry but i do have issues when the people who count the votes have a political affiliation.
    • Will it stop someone carrying an AK-47 forcing their way into a home and directing the occupants to vote in a particular way while watching them do so?

    • Are you willing to hand your voting over to a UN agency? Other than just handing over the country is there a way to lose more sovereignty than that?

  • by gurps_npc ( 621217 ) on Wednesday November 03, 2010 @10:13AM (#34112022) Homepage
    It was simply a variation of the paper receipt to prove that you vote. Or maybe he just explained it poorly. As far as I can tell from his description, you can prove tell that you voted, but you can't tell WHO your vote was for.

    Besides, it's not that hard to create a paper ballot system that is secret and fair, but uses computers to speed the creation and counting.

    Step 1. Have a printer kiosk that lets you select who you vote for electronically. It also shows 3 colors/icons/etc. You select a color/icon when you vote.

    Step 2. The kiosk then prints out TWO identical bar coded paper receipts that does not have anything but numbers on it.

    Step 3. Take bar coded paper receipt to second machine, called a reader.

    Step 4. Feed one (either one) into the reader. That reader displays who you voted for, you can confirm or deny. Assuming you confirm, it keeps the one recepit and you keep your own. If you deny, it spits out the bad receipt, and you are legally required to shred both before you try again.

    Step 5. To confirm your vote, you log on to a database, look for your recepit number and enter the color/icon you remembered. If you enter the wrong one, it displays a false vote without reveleaing that you entered the wrong color/icon.

    Net result is that you and only you know who you voted for, and you can verify that your vote was counted.

    • Re: (Score:2, Interesting)

      by lras ( 807944 )

      Net result is that you and only you know who you voted for, and you can verify that your vote was counted.

      Sorry for being dense, but how does that verify that my vote is affecting the the announced result of the election? Couldn't they just announce "X got 60% of the votes" anyway? (By jamming in a lot of false ballots, or by just lying?)

      • Some of what you are describing is already checked for by standard methods, plus the fact that the votes are all in an open database.

        Specifically, when counting votes, you don't just do a full count, you also break it down into X votes from Y district, and even by voting machine, which is verified independently by the voter registration rolls. So each machine has a list of the people that voted using it, the total vote count for each candidate, and the ability to check if the vote was counted.

        A bunch of

    • Prove to me that the false vote will be the one the guy intimidating/paying me wants to see, and not the "wrong" false vote.

    • Step 6: Collect $100 from the partisan who watches you confirm your vote, since your system makes vote buying practical.

  • I'm assuming that not everyone is as obsessed with the "paper trail" as some fanatics are (really, data is data whether it's on a paper or stored digitally, if your vote is anonymous it can still be tampered with).

    Why not a basic e-ID system (we have several here in Sweden although the most popular is simply called BankID) which is used to login to the voting website/voting machine. When logged in you get to create a new username and password for the actual voting. Your real identity gets marked as "has an

    • Why not a basic e-ID system (we have several here in Sweden although the most popular is simply called BankID) which is used to login to the voting website/voting machine. When logged in you get to create a new username and password for the actual voting. Your real identity gets marked as "has an id" and the new account is completely disconnected from your regular identity, you can now use the new username+password to cast your vote. This system even opens up the possibility to change your vote before the e

  • I like all of the ideas he mentioned, from the uniqueness of each ballot, to the tear off receipt, to the shredding of the plaintext ballot "key". These are great for maintaining anonymity, but what about ballot stuffing? How do you prevent someone that's been dead for a couple months from "voting"? My polling place didn't ask for ID, just my name, I imagine that probably happens quite a bit...
  • If you're removing the candidate list from the side you keep, that means that the barcode somehow has your specific ordering of candidates stored. While this may be encrypted, the computer has a way of knowing for that specific ballot, what each option is for, which means that someone, somewhere, has access to that key to be able to determine how to get the per ballot candidate ordering.

    That key will be much easier to get access to than people think, and once you do, you've compromised the secrecy of the e

  • md5 hashes [google.com] and cookies?

    Just askin...

  • by PotatoHead ( 12771 ) <doug.opengeek@org> on Wednesday November 03, 2010 @10:31AM (#34112364) Homepage Journal

    When we use media, we capture the voter intent perfectly. There is a chain of trust between the voter intent, and the record of the vote, because that record only passes through the voter.

    Making a mark on a piece of paper, voting by mail like we do in Oregon, is cost effective, and verifiable, and trustworthy. Recounts are possible too.

    I know my intent was correctly recorded, and if there is a issue with the counting, we can all go into a room, and visibly verify every vote, getting a correct tally.

    With a machine, it's a vote by proxy. We fail to record the voter intent, because the electronics only record what the machine thought the intent was, not the intent itself.

    Because of this, no electronic system makes sense. I like counting them electronically, with scanners and such. We can audit that, verify, recount.

    I don't like a touch screen, because we fail to actually capture the intent, only the machine record of what it thought the intent was.

    • by sycorob ( 180615 )

      I like this explanation - it basically sums up why I like paper voting, not electronic voting. I'm a software developer with 10 years of experience, and I have no way of verifying what the voting machine is doing internally. With my paper ballot we can, in theory, recount the whole thing manually in front of cameras, and know what happened. I can explain this process to my grandmother, and she can understand it and participate in it. Using technology that is only comprehensible to a small number of people i

    • Voting by mail breaks the privacy chain at the root.

      What guarantees are there, in Oregon, that churches don't have prayer-and-ballot meetings, or that employers don't have a mass ballot break, or anything like that?

      Here in Minnesota, I fill out my optically-read ballot in privacy. Nobody is allowed to watch over my shoulder. Then I feed it into the machine, and my vote gets counted. The neat thing is that, if a recount is needed (and state law prescribes one if the election is too close), the paper

  • Transparency ensures that a voter can prove his vote, thus sell it!

  • What is the point of detaching and shredding the list of candidates part of the form in his method? Surely the 2D barcode must have this information of what box is what candidate. Just means counting by hand would now be impossible as one would have to decode the 2D barcode. I guess it's so the ballot worker doing the scanning doesn't see it. But the scanner is a computer and can decode the barcode by definition.
  • Removing the candidate list seems like an dangerous complication to the system. The system can verify that a ballot was collected, but there is no possibility to correct a ballot that was miscounted.

    Once removed, voters cannot verify for themselves who they marked their ballot for. On the counting side, it allows for fraud simply by changing the correspondences.

    Also, if someone cracks the servers, they could replace or delete every ballot in the country, causing detectable but widespread chaos as every ba

  • I think the method presented in the video is fundamentally flawed. The presenter claims that, given just your receipt, no one can determine how you voted. But that's obviously false -- SOMEONE, somewhere, must have the cryptographic key that can correlate an 'X' in the third box down on your individual ballot as a vote for John Smith. Otherwise there's no way for your vote to be counted.

    The presenter goes on to claim that third-parties (news media, international observers, etc.) can take the scanned bal

  • Over the years I've hear of various ways in which the democratic process can be improved. I saw this TED talk last night and it certainly looks interesting; if it can make the proceedings so much more transparent, let's set up a trial somewhere and see how it goes. Personally, I'd like to see it combined with instant-runoff voting [wikipedia.org]; a system that has seen only limited implementation despite its advantages. Yet, I wonder if I will ever encounter these concepts in practice.

    I find it disappointing that, all
  • http://en.wikipedia.org/wiki/End-to-end_auditable_voting_systems [wikipedia.org] I think the system described in the TED talk is the Prêt à Voter system.
  • Another epic fail. When will academics learn that e-voting simply makes fraud easier and less detectable, no matter how good the math is?

    When will academics learn that a voting system the average voter can't understand is a system the average voter can't trust?

  • Maybe this is covered in the video, but it's a small miracle that I can get a connection out here at all...

    But the reality is that most people's systems are compromised already. If we have online voting, the same guys that set up botnets with thousands of systems will have a field day stealing votes.

    I don't see how you can do voting online as long as so many clients are hopelessly compromised.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...