Some heavy security checks:<p><a href="https://github.com/vvk-ehk/evalimine/blob/master/ivote-server/hes/vote_analyzer.py" rel="nofollow">https://github.com/vvk-ehk/evalimine/blob/master/ivote-serve...</a>
This seems like a good contract to the typical (american-inspired) secrecy around governmental systems. I would also like to believe open source makes software more secure, but I'm not sure if there is any research that confirms it.<p>Oh, and cool its made in python and not some enterprise java or .NET :)
Common, not a single positive comment ? Things in the administration always take time. At least it's a move in the right direction. Next add a build CI to produce signed images. Then propose USB keys for people to boot their own system on the voting booth.<p>At least it's better than the Diebold debacle in the states.
How does a voter or independent voter know that the code that has been verified is actually running on the machine that they connect to?<p>You have to trust the sys admins. And as we all know: something is trusted if it can break your security policy.
No matter how open the code is. It is extremly hard, if not impossible, to ensure this code is running on the actual systems.<p>E-voting sounds intersting in theory, but in practice it is basically not worth the trouble. It is way more complex than a regular system with ballots and the only gain is that the results can be published sooner.
The license (Creative Commons
Attribution-NonCommercial-NoDerivs 3.0) is a strange choice for a project published on Github. Github encourages forking and making changes, which goes against the NoDerivs part of the license, unless I'm misunderstanding something.
The title is wrong (the article isn't, necessarily). The license, <a href="https://github.com/vvk-ehk/evalimine/blob/master/LICENSE" rel="nofollow">https://github.com/vvk-ehk/evalimine/blob/master/LICENSE</a>, is non-free/open source.
Lot's of proposals have been submitted on the bitcoin forums for some sort of cryptocurrency solution/proof of work online voting, where there is full transparency by looking at the block chain to see how many votes somebody had, and prevention of a malicious actor forging votes. Of course you have to trust whoever is mining the coins and handing them out, and trust end users sytems aren't compromised.<p>I would expect in my country anyways that any online voting would be DDOS'd by idiots looking for a soap box the media will pay attention to and create a huge debacle resulting in them scrapping it and forcing a regular ol' paper vote.
Could it be, that secret ballots are insecure? <a href="https://en.wikipedia.org/wiki/Secret_ballot" rel="nofollow">https://en.wikipedia.org/wiki/Secret_ballot</a><p>In the US, we officially supported secret ballots in 1892. Still, I wonder if we all found the strength to open up the ballot, if that wouldn't eliminate some of the viability of voting fraud?<p>I'll start, I voted for Obama in 2008 & 2012.
Sadly many of the identifiers are named in estonian. Limiting this project to estonian developers only. I'm aware that this is _estonians_ voting system, but i'm sure there are developers all around the world who would be interested in contributing (especially security audits would be interesting) to this project without the necessity to reverse engineering/translating the code.
Original story at <a href="http://news.err.ee/politics/0233b688-b116-44c3-98ca-89a4057acad8" rel="nofollow">http://news.err.ee/politics/0233b688-b116-44c3-98ca-89a4057a...</a> has been updated with some background - domestic controversy and such
Creative Commons-licensed, written in Python using vim, shared on Github. It ticks all the boxes, just sad that the README is empty.<p>Unless I'm mistaken, I can't find any tests though. Maybe they didn't release it, but it's a bit worrying.
There has been significant work in the academic community about electronic voting schemes. For example, Civitas (<a href="http://www.cs.cornell.edu/Projects/civitas/" rel="nofollow">http://www.cs.cornell.edu/Projects/civitas/</a>) is a voting system developed by researches at Cornell that provides universal verifiability, voter verifiability, anonymity, and coercion resistance. It is also implemented in a security-typed programming language, which provides additional guarantees about the correctness of its implementation.
There was this talk on TED a few years ago about e-voting without fraud:<p><a href="https://www.youtube.com/watch?v=izddjAp_N4I" rel="nofollow">https://www.youtube.com/watch?v=izddjAp_N4I</a><p>I think they had a website for it, too, but I can't find it right now, and don't remember how it was called exactly.
You should read the book "ein König für Deutschland" (a King for germany) - it very reasonably makes clear why computer-based voting always will be Much easier manipulable and why democracies should stay with paper based Voting.