[trymas]

Great push for use of latest technologies, especially for government sector.

I skimmed the article, and I do not see a mention of Estonia's e-voting. AFAIK, they are using (IMHO) flawed system, that they just believe it works (i.e. it was not breached). Estonia is very innovative in technological sector, but their e-voting system is a very risky play with their democracy.

[mpitt]

I was watching this just yesterday, a thourough (it seems) review of the Estonian system.

https://media.ccc.de/v/31c3_-_6344_-_en_-_saal_1_-_201412281...

[teddyh]

I haven’t seen the video, by my feeling is that there’s no need to “review” any e-voting system, since the very concept is irredeemably flawed. If a person can in any way prove to a third party what they voted on, then the system is wide open to coercion of voters. If I can e-vote, then someone could force me at gunpoint to log in and e-vote to their liking instead of mine. If the system allows changing my vote later with some sort of password, they can simply take my password away from me. If changing one’s vote is hard, like having to actually going to a poll booth, then they could make sure that I am either watched or made unavoidably busy for the duration. I could easily see these techniques being deployed at scale towards more easily cowed sections of the citizenry, like the poor.

[atirip]

Oh nice, your technique could then be used succesfully against ANY voting. Right? Just watching the boots. Because keeping the poor or 30% of population watched at gunpoint 24/7 for 2 weeks in Europe so that nobody notices is perfectly easy.

[PeterisP]

A prime comparison is a local employer bussing everyone from their village to the tactically most appropriate voting location and paying them a bit of money and/or alcohol to vote properly - despite being generally illegal, when it happens in a paper ballot system, these people can and do vote as they please anyway. (I recall a case in local municipality elections where there were criminal charges for such actions, but the vote counting in that district showed that most of the bussed-in and paid voters actually voted against the organizer).

Since there is no way for anyone, including themselves, to get to know how their vote went, if the voting stations are run properly, can be monitored by all constesting parties, yadda yadda, we know how to run this process even in cases where the opposing parties are openly hostile and attempt dirty tricks.

In e-voting, there is no good way against this approach, and local "strongmen" are a realistic threat that actually will get used in contested elections if they are able to. They'd have everyone from their factory to either vote in their office with the supervisor watching over the shoulder or get fired, and there's no good way to prevent that from happening.

[sccxy]

In e-voting you can change your vote unlimited times. I think it is pretty good approach against your example.

[teddyh]

No, I addressed this argument in my original comment above. If you need a password to change a vote, someone can take the password away from you after you voted the first time. If you can show up physically at the polling place and change your vote, your hypothetical corrupt employer can simply announce crunch time at work and effectively keep you on the premises. It might also be as simple as them not paying for the bus to to polling place, so you have no way to get there.

[teddyh]

Yes, this is exactly the sort of things I was thinking of.

[mpitt]

Not exactly, because of ballot secrecy. Nobody, not even you, can prove what you voted (or didn't vote) with a paper ballot. This is the primary countermeasure against coercion and bribery of the electors.

With e-voting, providing ballot secrecy becomes much more complex because at the same time you need to prove that every voted is counted as it was cast.

[Xylakant]

> Nobody, not even you, can prove what you voted (or didn't vote) with a paper ballot.

More importantly, nobody is allowed to enter the voting booth with you. However, there's absentee vote by letter in practically all european voting laws that I'm aware of and that can be used as an attack vector since you can fill it in at home.

[codesnik]

taking a selfie with your filled in ballot is easy measure for vote buyers. There also exists a practice of exchange ballots, when you go into the booth with already filled in ballot and have to bring back to buyer empty one as a proof. No system is perfect.

[sccxy]

Your arguments against e-vote can be used in regular voting also.

You can take photo of your vote to prove it to 3rd party. Also it is easy to buy votes from poor in regular voting.

For e-voting you can vote 1000 times and when you still feel need to vote 1 more time, then it is possible to use regular voting. E-vote period ends before regular voting.

It all goes to trusting the government. I trust my government and I e-vote.

Same ID-card is used for e-voting, banking & pretty much everything. It would be easier/more profitable to steal money from bank accounts than mess with these small elections.

[mlni]

The described system is absolutely great for selling your vote, as you can prove within 30 minutes of voting who you voted for. It also allows you to change your mind an unlimited number of times until the voting deadline.

It is a very inconvenient system for buying votes though, as the voters can pick up your money and then go vote for whoever they wanted to in the first place.

[tauntz]

"they are using (IMHO) flawed system" Care to elaborate on this?

[mpitt]

The reviewers found terrible opsec, lack of an appropriate threat model, and demonstrated the feasibility attacks both on the vote counting server and on the voting client.

For more information you can watch the video I linked above or read a summary here: https://estoniaevoting.org/findings/summary/

[johansch]

E-voting is flawed by design. The voting secret is lost.

(What is to stop the husband to control who the wife votes for, or vice versa?)

[Strom]

You can change your vote in private. If you're worried about getting locked up and/or murdered by your wife after she has seen who you initially voted for, then you could set up a cron job to change the vote even if you're no longer breathing.

In addition, the same problem applies to paper voting. What stops your wife from demanding that you wear a hidden live streaming camera when you go to vote, so that she can see you really cast your paper vote for the candidate she insists on?

[Natanael_L]

Don't vote remotely.

https://roamingaroundatrandom.wordpress.com/2014/06/16/an-mp...

[johansch]

"and the only way to force individual voters to vote as you wish is to physically watch them vote."

Yes, exactly.