[pgz]

I know very little about security but couldn't a system be created like git, where for every vote the voter gets a sha of his vote?

That way she can later verify that in his section repository his vote is still there and has been counted. Of course the mapping sha1 <-> voter will be anonymous, but this way everyone can see all the votes.

This doesn't solve the problem of some hacker adding votes on top of the legitimate ones though.

[sandGorgon]

yes they can. there are a few proposals around end-to-end verifiable voting.. with a "privacy preserving" verification.

This means that you can verify that you voted from whom you thought... but nobody can force that knowledge from you at gunpoint.. even if they had the verification token.

Some of the famous ones are Scantegrity (proposed by Ron Rivest) and Punchscan.

https://en.m.wikipedia.org/wiki/End-to-end_auditable_voting_...

[grzm]

Indeed. Really interesting stuff, the intersection of security, privacy, democracy, technology, social systems.

This slide deck from Ron Rivest gives a good overview of the landscape:

Ronald L. Rivest MIT

Auditability and Verifiability of Elections

ACM-IEEE talk March 16, 2016

https://people.csail.mit.edu/rivest/pubs/Riv16x.pdf

[esrauch]

There is a practical advantage to being unable to confirm your own vote: if someone tries to buy votes people could just take the money and still vote anyway they choose since there is no way to prove afterwards that you didn't vote that way.

[ChefDenominator]

As you present this argument here is exactly as it is typically presented elsewhere, which is in a vacuum.

The question to consider is: how do the potential issues presented by a tool allowing individuals to confirm their own vote compare with the issues potentially resolved?

In this consideration, it must be included that tools already exist for individual vote confirmation. Snapchat and even just plain-old MMS are two easy examples. Additionally, a widespread campaign to manipulate a vote through bribing voters is likely to be uncovered through other means such as whistleblowers, else the necessary number to effect the outcome of the election is unlikely to be met.

What is the potential benefit? Individuals can verify their vote was included in the final count as they intended. This would even make allowances for human counters who have trouble interpreting a voter's ballot (e.g. hanging chads) can be corrected, plus increases in efficiency, such as adding some sort of automated counting system, can be employed while black box concerns substantially mitigated.

Allowing voters to confirm votes would substantially reduce nearly all vote rigging concerns that relate to the counting of their votes, largely leaving only the issues beyond this, such as voters voting more than once, voters voting in place of other voters, etc.

[lswainemoore]

What if when you vote you were given one real sha, which shows who you actually voted for, and then one fake sha, which would show the opposite? As long as only you (and the vote aggregator) knew which one was which, you could produce "proof" to any vote buyer.

[comex]

But the fake SHA would have to not be counted, yet the purpose of the SHA is to prove that your vote was counted. There are variations on the scheme, but fundamentally, in a system where the voting machine gives you a real and fake token, which have to be indistinguishable after the fact, what's preventing it from swapping them?

[wu-ikkyu]

That minor advantage is outweighed by the disadvantage of not knowing if any of the votes were counted correctly.

[rosalinekarr]

But pgz specifically said that the votes could be kept anonymous.

[pgz]

Yeah but the people corrupting you, would ask you for your sha as confirmation.

Here in Italy for example it's forbidden to bring your smartphone into the voting cabin, because the Mafia was asking for photo proofs.

So esrauch found a great counter to my idea.

[ChefDenominator]

If parties are corrupt enough to require a picture, and voters willing to engage in this corruption, how do you, realistically, prevent this from happening?

Body cavity searches?

[aYsY4dDQ2NrcNzA]

Fill out a Mafia-friendly ballot, take your picture, then spoil it and request a new ballot.

[ChefDenominator]

My general opinion is that mafiosos are clever and would already have figured out a way to get around such tactics.

[jdavis703]

That the Mafia can buy people to vote for their preferred candidates I think shows a failure of the political class. Why haven't politicians been able to deliver a government where what they're proposing is more valuable than a few dozen to hundreds of euros?

[ChefDenominator]

Anonymity is important, but the hashing is an issue because somehow the hash is created, and that is just as much a black box issue as the rest of the chain.