[arkadiyt]

> We wondered what it would be like to conduct democratic elections online. While that is the far-far future, we set about building something that could get us a step closer towards that future.

There is unanimous agreement from the security community that we must not use digital voting. It is a mistake, full stop. As an opinion app it doesn't matter, but we must use paper ballots for our elections.

For anyone interested in learning more I recommend this short 20m Enigma conference talk by Ben Adida (currently building open source voting software/hardware at https://voting.works):

https://www.youtube.com/watch?v=dy0_8A9U8Rs

[antpls]

The security community is an expert community, and the people opinion isn't always aligned with expert's opinion, as the covid19 crisis showed it to us.

There is probably a place for a digital voting system, for example physically disabled people. It could also be used to let people vote on less important topics, where they would have otherwise no direct voice. For some important elections, we could have a majority of people voting on paper, but still have a digital voting system for specifically allowed people.

Some people already trust enough their phones to install a covid19 contact tracing app, without fully understanding all the layers of the technology.

At the end of the day, if enough people trust digital voting, it can happens, even if the system is not provable end to end.

[ShorsHammer]

While you are right and certainly most if not all prominent infosec people would be highly sceptical of any online voting I really don't think that's a reason to dissuade people from trying.

It's utterly absurd to say everyone should just give up and we will only use paper for the next 500 years. People should be attempting secure online voting and kneejerk pessimism or shutting down discussion on it is counter-productive.

[schwartzworld]

paper has tremendous advantages over online. why is it absurd to want to embrace those rather than shoehorn ourselves into a more gameable system?

[Lurkars]

In Germany, a election must be equal, secret and comprehensible. (Hope I translated correctly: gleich, geheim, nachvollziehbar). One of the three will always fail in online voting systems. The obvious is always the comprehensibility, because the majority won't understand the software. That can only be sold by losing the secret vote, because then a vote is reasonable for anybody.

[bobmaxup]

Unanimous? That seems extremely unlikely, no?

[maccam94]

It is fundamentally impossible to have secret ballots[1] in a digital system along with provable integrity. Secret ballots are necessary to prevent vote buying, intimidation, and coercion. If no one can prove which voter submitted which ballot, nor what choices a voter indicated, the voter is free to choose without risk of repercussions. The breakdown of any digital voting system is always with verification.

With paper, the voter can see that their ballot is securely stored under the supervision of the election operators, and they can see that representatives from multiple parties watch the movement and counting of the ballots.

In contrast, with a digital system it is impossible to verify that your ballot was delivered with the choices you intended without also being able to show that proof to anyone else. It is important that the voter is unable to show proof of their vote for the reasons mentioned above. Unlike a paper-based process, you cannot directly observe the functioning of an electronic circuit, the transmission of data over cables, or the storage of bytes in memory, and neither can anyone else trying to verify the integrity of the process. You'll never know if someone has replaced any of the hardware or software components with malicious versions designed to fool voters and rig elections.

1: https://en.wikipedia.org/wiki/Secret_ballot

[ShorsHammer]

I can prove the existence of X with zero-knowledge proofs without exposing X. Obviously there's more from there for elections but the cryptographic groundwork certainly exists.

[jobigoud]

But unlike the paper mechanism, the average person, nor the experts for that matter, can verify the correct and uncompromised implementation of the zero knowledge algorithm. You trade off the understandability and verifiability of the scheme.

[jeffrallen]

I work in Switzerland on evoting issues and I disagree with that reply, so by definition opinion is not unanimous. End to end verifiable voting systems work. The devil is in the (operational details) but societies which wasn't evoting can have it if they read the research (or cheat and just take Switzerland's law).

[jobigoud]

Verifiable by the voters themselves or on theoretic level?