1.5 million seems woefully inadequate for just the security element of a pre-established plan.<p>> The internet voting project is, for reasons unclear, categorized under the Open Source Voting project, despite “open-source” not being mentioned in the grant paperwork, Jerdonek, an open-source voting proponent, says. Open-source voting technology uses public computer code to process paper ballots. It is unrelated to online voting. On Tuesday, San Francisco Supervisors began crafting legislation to conduct a long-awaited open-source voting pilot.<p>This really concerns me.
This is a terrible idea. Paper ballots work, are secure, and the processes are well understood. The value an attacker could garner via control over elections is enormous, so there's a big incentive to do so.
Electronic Voting has been proven to be untrustworthy.<p>Increasingly complex systems featuring a mix of tokens and crypto have costs that exceed simple, human readable ballots and do not add any value.<p>I can only conclude the driving force is to undermine democracy with what is basically a man in the middle attack.<p>There is literally trillions of dollars in value there. Not exactly great for the disenfranchised.<p>Vote by mail works and we should be using it.
For reference, these are what are required for a just, trustworthy election:<p>Anonymity. No voter shall be linked to a personally identifiable record of their vote intent.<p>Freedom. Voters may vote or not.<p>Transparency. A human readable, physical record of voter intent shall be recorded from each voter. This record is used directly for the final tally.<p>Oversight. The law, means, methods, records, shall be performed and made available to the watchful public eye.<p>The problem areas for electronic voting are:<p>No linking of voters to expressions of voter intent. The record of vote cast.<p>When voters express intent to a machine, the actual physical expression ends up as a smudge of grease on some input device. The machine interprets that fleeting expression used for the final tally.<p>Any electronic vote is, by the nature of the technology, a vote by proxy thus placing voters in a position of forced trust, unable to require their actual vote record be hauled into court if needed, and the record is subject to manipulation the voter will have no knowledge of.<p>Even worse?<p>Voters cannot verify their vote record captured by the machine reflects their vote intent. The display may show them something, anything at all and who are they to know what actually got recorded, if anything at all was?<p>Banking gets around this by personally identifiable transactions, double, triple records, receipts and other means and methods people can use to understand whether the right thing happened, and or was manipulated.<p>Anonymonity denies us all these tools. The product of that is we really need to use a physical expression of the voter intent if we were to have any chance at all of having a trustworthy election.<p>At the moment of that expression, the voter has a chain of trust between their own internal intent and the mark they made on the physical media. After that moment has passed it doesn't come again, and that is the one and only opportunity to correctly capture and then make use of voter intent in an election.
Online voting should be limited to:<p>1) Open ballot elections. (e.g. lawmakers voting on a nomination)<p>2) Small consequences elections. (E.g. flag change)<p>3) "Non binding elections" (i.e. opinion polls with huge sample size and marketing)<p>4) Small groups of tech savvy people.
If there is going to be online voting, then at a bare minimum there must be a public anonymous API that can be used with the voters key material to validate their entire voting choices <i>actual choices not counts</i> so that random people at random times can validate that every specific detail they entered was not tampered with, even if this requires semi-technical people to validate, then fraudsters will know there is a risk of being caught. Even one invalid record must trigger an audit by a truly independent third party. Voter keeps a copy of what they submitted along with checksums and cryptographic signatures. Audit logs must be proven immutable with a chain of custody and attestation throughout the entire system. Even admins of the system must not be able to tamper with it even if their life depended on it. Look to vaulting appliances for some <i>mediocre</i> examples on how to start this process. This will need to be a better implementation than the vaulting appliances however and I can not imagine anyone building this for $1.5M.<p>Whatever is built must be submitted to the public for penetration testing along with a large bug bounty program. Invite the best penetration testers from all around the world and encourage them to use whatever hacking and social engineering methods they can dream up and provide them with full legal immunity and a low bar to entry.
Can’t we just vote on a blockchain? With asymmetrically encrypted transactions? I mean perhaps elections should not be <i>conducted</i> online, but surely the integrity would be improved if governments were to require votes be tallied on a blockchain.. just a thought
If only there were some means of establishing consensus via a distributed and publicly verifiable means.<p>DAO’s are the future of governance, they are proven working in the wild and should replace the archaic systems we allow others to manipulate in the name of “governance”.
This lack of transparency, public oversight, and engagement seems to be a trend. I would love to hear how other cities have managed to steer their elected officials into community oversight. Financial influence cannot be the only option.
Imagine we start putting cryprokitties technology to better use.<p>1. Voter registration cards are manufactured with in the US with tight supply chain controls.<p>2. US based security researchers with a history of vulnerability identification are qualified and selected at random to hands-off oversee that manufacturing process is free of supply chain attacks. Firmware builds similarly are done deterministically on different platforms overseen by different security research firms, etc.<p>3. Electronic cards are picked up in person, at random, after traditional voting registration is complete.<p>4. Each card generates two subkeys via a KDF. A public "verify" keypair and unlimited private "vote" keypairs.<p>5. The user publishes a signed statement to a public database with their "verify" keypair including their real name and voter registration number.<p>5. Every election, a private "vote" keypair is allowed to sign a digital vote ballot to this public database.<p>6. Voters are required to view the public database at a later date to confirm their random vote keypair signed their intended values. They publish a signed statement that their verification was complete.<p>7. The vote is only considered valid when the the number of verified statements matches the number of cast votes, or after a cutoff time if the difference is not enough to change the outcome.<p>8. The vote database is forever public and can be counted and verified by anyone at any time.<p>---<p>Yes there is some handwaving here but I really feel we have the technical tools to have provably accurate digital voting.<p>This becomes possible when most citizens have enough education to understand and trust cryptography.<p>That would require a generation of much better education. We should vote on that.