[tonywebster]

In the perspective of an American, the primary concern is authenticity, and there's a high probability of that when you have to show up in person or request an absentee ballot. Not that I support more government programs to identify citizens, but I'd think should be some sort of PIN number or password issuance process during the issuance of things like driver's licenses, state IDs, passport numbers, Social Security cards, IRS filings, etc.

Government cannot run a program that elects a new government behind the walls of a datacenter. It's a major conflict of interest. The way things work now, the government really only handles the voter registration process, which is exposed enough so you know they're not messing with it. County employees and poll workers on-site are far enough removed from the people in power that there's little concern of major corruption. When recounts happen, staff from both campaigns are physically present to look at each ballot. When we get ballot counting machines from companies like Diebold, there's concern that a big corporation could be influencing a vote or that the system wouldn't be secure.

But I look at some of the things happening with health insurance marketplaces and health data exchanges as proof that government can tackle big tech problems in cool ways. The State of New York is building a health information network (Google: NYeC SHIN-NY) where all medical providers in the state have their electronic health records connected in a statewide network. It's not the government itself running the program, but a collaborative of government and healthcare people. The service doesn't store or transmit private health information, it just handles the secure handshakes, authorization, and authenticity. That is, a patient can grant/deny access to medical records from their phone -- or in an emergency situation, an EMT can bypass that and get the records directly. I think this is genius.

If we looked at something like this on a local or state level, a collaborative of sorts could include the Secretary of State, various government and non-profit representatives, and open source and security folks. I think that would be the first step toward moving to an online voting system: setup an entity that people can trust.

Obviously, it'd have to be optional. There were a lot of elderly folks at my polling place last November, proudly wearing their 'I Voted' sticker. No way they'd go online, even if it did support IE 5.5.

[tomhschmidt]

I wonder if there's some way to be transparent in an electronic / online voting system. Maybe the government sends a UUID or hash to your email after you vote, and later releases a dataset of which UUIDs voted for which candidates. This way, you can verify that your vote was counted and that all votes sum correctly.

[jjsz]

The problem with that entity is what form of authenticity they request. They may ask for finger prints or a special voter id similar to the DoD's. I prefer that IT proctors each confirm authenticity with 30 or so voters holding up a piece of paper and an issued hash on a 32" screen.