August 29, 2016
I’ve been fascinated with the topic of online voting for a long time, so I was interested, but not terribly surprised to read that the FBI claims foreign hackers penetrated state election systems.
My thoughts on online voting have changed as I’ve grown older.
In high school and college I said technology is the future! It’s insane that we’re still using paper and pencil for something so important. Computers are better at counting than humans. Yay e-voting!
Then I realized that you can’t trust individual company or organization with that much power & any trusted online voting software would have to be open source so that it could be independently verified by security experts everywhere.
Then I learned more about how many 0-day vulnerabilities exist and are being stock-piled by state actors for every layer of the stack. Our routers, firmware, operating systems, browsers, popular code libraries, etc. It’s all been compromised. You can’t trust any of it. So you’d have to open-source the hardware too & probably keep the whole thing air-gapped from the internet. And still that might not be enough!
Today, I believe there’s no way to secure a system (electronic or not) without publishing a log of every vote cast. This gets tricky when you have secret ballots, but there are a couple ways to handle it. The first way would to be to allow people to choose whether they want their ballot to be public or private. That way you’d end up with enough public votes that you should be able to tell whether the election was massively rigged or not (assuming you expect the private votes to follow the same distribution as the public ones). The second option would be to assign everyone a private one-time key when they vote — a receipt they can look up later. Everyone can then look up the key from their voting receipt on the public log and make sure their vote was tallied correctly. The second option has the benefit of keeping secret ballots, but you’d need a separate way to verify that the number of lines in the public log is the same as the number of people who showed up to vote. That can be solved by publishing a list of who showed up to vote.
Of course, we can’t know for sure that we’ve had a fair election while the NSA dragnet continues to exist. We would never know which candidates were forced to drop out from those in power using their access to surveillance intel to blackmail a candidate or leak their dirty secrets to the press.