[trymas]

One little critique I have, is about Estonia's e-voting.

That's a total black box technology. Basically what they did is said "ok, let's vote using internet, and we'll believe results are true". They do not know is someone hacked them, etc. Voting data from the servers was transferred using personal computer and flash drive of some random sysadmin. It's horrible. In my opinion, they do e-voting for the sake of doing it and being 'first'. Though big thumbs up for e-citizenship.

IMHO, Baltic states are in the forefront of IT technologies. 3G works almost anywhere, 4G in cities. Internet is cheap and super fast (if you do not have 100Mbps connection - you have slow internet connection). You do your taxes, get your doctor appointments using internet and so on, for a very long time (since 2010 at least). All Baltic states have prominent startups, though Estonians where first to sell startup for big bucks (Skype).

[OlleTO]

I agree with you but also believe e-voting undermines the integrity of the democratic system as a whole, black-box or not.

How it currently works where I live is that, at the start of election day, all the volunteers and officials who are working for the day are allowed to inspect the urn, check for hidden compartments, and so on to ensure it's empty (And anyone can sign up to volunteer). Then they receive and place the votes in the urn together, and it remains sealed until the counting commences.

This creates a transparency that is simply not possible with an electronic solution. Even if it was possible to go through all software and hardware being deployed (A project which by itself would take years and cost millions), and the problem of being able to cast anonymous votes without the possibility of anyone finding out what you voted for was solved, you still hand over the democratic control of the election process to a small technological elite who will be doing these checks, while you gain very little from actually doing so.

Denmark tried to put an e-voting system in place a few years back but failed because one of the parties that was intially in favor where swayed by an angry group consisting in large part made up of computer science professionals and students.

[mvanvoorden]

It's not black box technology, they're entire government systems are open source.

http://arstechnica.com/tech-policy/2013/07/estonia-publishes...

[patrickmn]

Not sure what to think about this: https://github.com/vvk-ehk/evalimine/blob/098ff93f9f159c977d...

[imre]

geeez, they should really start using python 3 instead, python 2 is so last decade

[marcosdumay]

So what? How do you know that's the code actually running on their servers?

[makeitsuckless]

It's not a "little critique", we're basically talking about abandoning the fundamental principles of a functioning democracy here.

If such an election was monitored by international observers, the way we often do with third world countries, the report could be summarised as "probably completely fraudulent, because we weren't allowed to verify anything".

E-voting is election fraud. Period.

Elections should be transparent and verifiable, and every voter should to cast their vote protected from outside interference (i.e., alone and unobserved in a voting booth). These things are not optional.

[belZaah]

How so? The electronic voting is modelled exactly based on mail-based voting that is widely used globally. You put your ballot into an envelope, add another one and off it goes. To a public mailbox. Transported, sorted and delivered along with open-back postcards. To be manually handled by volunteers in a way most voters even do not realise exists.

We put your e-ballot into two envelopes making sure cryptographically they require separate keys to open. Deliver it via a secured and openly described channel and provide a cryptographic receipt. We welcome tens and tens of voluntary observers all over the world to observe all the proceedings. And improve the processes and code with every iteration there is.

How is the electronic approach less secure than the physical one?

Also, what many do not realise, is the fallback. Should there be an inkling of doubt about whether your vote went where it was supposed to or was handled properly, you can go and vote physically on the voting day and have that vote prevail over the electronic one.

[makeitsuckless]

Mail based voting is also extremely dubious. We allow it in some exceptional cases for a small minority. Personally I'm against the concept.

Also, I never mentioned "secure". That's a red herring when it comes to any form of electronic voting. It's about democracy, which includes the guarantee that each vote is cast in absolute freedom.

Nobody can hold a gun to a voters head, and no voter can be forced to justify their vote afterwards, because they and only they know what they voted.

We didn't build that guarantee into our democracies by accident, and taking it because we've invented some shiny new toys that bring us nothing but some minor convenience is an insult to democracy.

And like I said, it's ridiculous that we hold third world countries and new democracies to those standards, but have started to massively ignore them ourselves, because we are too lazy to maintain the very foundations of our democracy.

[belZaah]

That guarantee of no gun is there in Estonian case. If somebody has a gun to your head you can go to a physical polling station and vote there overriding your forced vote.

[makeitsuckless]

That's the complete reverse of a guarantee. The person with the gun can stop met from going to a polling station.

Hence, in a true democracy, the only free way to vote is at a polling station, in a voting both constructed in such a way that I have total privacy from the moment I vote to the moment I put the vote in the ballot box, yet transparant enough so it can be observed by anyone (hence, short curtains, box in the same open space, etc).

We even put polling stations in hospitals, care homes, embassies abroad, military bases etcetera to ensure voting happens in total freedom, transparency and anonymity. This principle also applies to the counting of the votes.

All of this did not come about by accident, and the fact that it's being abandoned by people who do not wish to even argue why they want to remove fundamental democratic safeguards should be met with extreme suspicion.

The arguments in favor of electronic voting are extremely weak, and in many instances e-voting has already been found to be subject to deliberate manipulation.

There is no excuse for lowering our standards for the most essential element of a democracy.

[thekodols]

While things described in the second paragraph are true, calling Baltic States as being at the forefront of IT tech is a bit of a stretch.

Except for Estonia (Estonia actually doesn't like to be associated that much with Baltics, their mentality is more in line with their northern neighbors.), governments here don't really know how to approach IT. They're just as much out of touch with modern technologies as US gov. It's quite chaotic and unregulated. Plus, silly amounts of corruption.

And the regulations that they do impose end up hurting the countries instead of helping them.

Plus, we are tiny countries (population-wise) that have 2nd world living standards. Not many people can afford to start startups.

[belZaah]

Which part of it would you consider a black box? The protocols are open (you can write your own voting application), the source code is largely open, there are numerous reports on it, you are most welcome to become an observer (and many do) etc. An informed critique of the system would actually be very welcome, just stating "random guys with flash drives are bad" is not that helpful

[bgarbiak]

I wonder how any e-voting system could provide both anonymity of the vote and a secure access ("one person, one vote")? To provide the latter you've got to login somewhere, right? And to stay anonymous you can't leave any identity trace. In Estonia the voter has to login using her/his personal ID card so there's no anonymity at all?

[Tankenstein]

Read the spec, it's basically storing the vote in a completely encrypted state. Once counting starts, the personal information is destroyed (literally, i know the guy, he takes the hard drives and bashes them until they are completely powder pretty much), and the votes are unencrypted. Once you start counting, there is no way to know whose vote is who. (It's actually much more difficult, but it's based on mail voting. I'm a bad source on this, read the spec. Everything is open-source.)

[marcosdumay]

You can make pseudonyms by letting people carry a public key to be signed by the same kind of organization that currently oversees voting (around here, 5 randomly chosen people per urn).

That'd be completely useless for preventing people from proving how they voted, but is sufficient obfuscation for preventing the votes from becoming public.

[Kymps]

I agree, the e-voting technology should be a lot more secure, but as long as they keep improving it, I don't see it as too big of a problem, but if they used the same technology in the states for example, I would be pretty worried. The influence Estonia has in the world is negligible compared the US, so if something was to go wrong, sure, it would be pretty bad, but compared to the same happening in a more influencial country, it would be pretty minor.

[tn13]

In many countries and places this strategy of "ok, let's vote using internet, and we'll believe results are true" would work well. USA, India are not one of those places.

All the mainstream media reports on such topics and especially technology should be taken with a boatload of salt.

[xioxox]

e-voting (and postal voting) is also terrible because it allows easy coercion of the voter. You can't control the environment elsewhere. In a real polling station, at least nobody else gets to sit next to the voter to make sure they vote the right way.

[devdoomari]

what about verifiable mix-net voting? wouldn't mix-net voting prevent from such things in the first place? if not, why/how? (*I'm learning about these stuff, and I want to know your opinions on them...)

[pgeorgi]

One feature of traditional voting is that everybody interested can be a volunteer and inspect _all_ aspects of the procedure. There are few requirements (some basic reading, some math which is mostly addition and division up to 10 digits in the worst case).

Once you start adding more complicated math to it, you lose this very desirable property. Once you add tech, you have a black box (what does the silicon in this computer _really_ do?)

[devdoomari]

It's much easier to cheat on traditional voting system. You can just make a pre-made box filled with fabricated votes, turn off (or pause) recording, befriend(bribe) those inspection-related personnels, etc. From what I've learnt, with methods like mix-nets, you can be probabilistically sure that a person has voted, and there are no 'false' votes

[pgeorgi]

Pre-made box filled with fabricated votes: let every volunteer (typically at least one by every party, plus a couple independents) check that boxes are empty and in order, and that nobody stuffs them over the day.

Turn off / pause recording: no idea what you even mean, there's physical presence of opposite parties throughout the entire process.

Bribe inspection-related personnel: again, volunteer driven with volunteers from all parties plus independents - it will be hard to bribe your direct competitors (and enough of them).

The higher levels where numbers are tabulated publicize all numbers (in and out), so anything that's off can be verified locally in a distributed way.

The idea is that everything happens under public scrutiny. I don't see how that could work with fun algorithms and probabilities that only some experts can understand.

The main problem is that seemingly opposing forces collude secretly, but there won't be a fix for that in the voting mechanism.