Why experts are overwhelmingly skeptical of online voting

The vulnerabilities they found are laughable. Even with all of them fixed, what about infected disk firmware, compromised Intel Management Engine (or the AMD equivalent), or a subverted compiler [1]? On the system itself, or on a developer&#x27;s machine.<p>And suppose you somehow fix all of that, and run it on a mathematically verified secure chip. How do you know vulnerabilities weren&#x27;t inserted into the silicon, or perhaps the whole chip was swapped with a compromised one when you weren&#x27;t looking. There&#x27;s already been reports of factory compromised hardware for credit card readers.<p>With control of the entire USA as the prize, you can bet that&#x27;s the level of attack you&#x27;ll be dealing with.<p>[1] <a href="https:&#x2F;&#x2F;www.win.tue.nl&#x2F;~aeb&#x2F;linux&#x2F;hh&#x2F;thompson&#x2F;trust.html" rel="nofollow">https:&#x2F;&#x2F;www.win.tue.nl&#x2F;~aeb&#x2F;linux&#x2F;hh&#x2F;thompson&#x2F;trust.html</a>

In Germany online voting is forbidden by the constitutional court since 2009:<p>- <a href="https:&#x2F;&#x2F;www.ccc.de&#x2F;en&#x2F;updates&#x2F;2009&#x2F;wahlcomputer-urteil-bverfg" rel="nofollow">https:&#x2F;&#x2F;www.ccc.de&#x2F;en&#x2F;updates&#x2F;2009&#x2F;wahlcomputer-urteil-bverf...</a><p>&quot;In its decision today regarding the constitutional vote of the German Federal parliament in 2005, the judges of the Federal Constitutional Court made clear that comprehensible and secret votes are the core of our democratic system. This system is eroded by the use of voting machines. It must be possible for people without technical knowledge to trace and understand the complete voting process. Therefore, votes shall not be saved solely in electronic memory at any time.&quot;

Quote from the the TrailofBits audit report [0]<p>&gt; Anyone with administrative access to the Voatz backend servers will have enough information to fully reconstruct the entire election, deanonymize votes, deny votes, alter votes, and invalidate audit trails<p>That&#x27;s...sub-optimal<p>[0] <a href="https:&#x2F;&#x2F;github.com&#x2F;trailofbits&#x2F;publications&#x2F;blob&#x2F;master&#x2F;reviews&#x2F;voatz-securityreview.pdf" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;trailofbits&#x2F;publications&#x2F;blob&#x2F;master&#x2F;revi...</a>

Leaving aside technological security, one HUGE problem with online voting is that there is no way to ensure the vote was not coerced.<p>Scenario: A particular community&#x2F;religious institution&#x2F;school, etc., lets their members know (not in writing) that they will be required to have their vote witnessed by two other members, on pain of expulsion.<p>This is not far-fetched, even in some places in America, and certainly in other countries. Even if we can be 100% certain that the vote is secure and not tampered with <i>online</i>. I don&#x27;t see any realistic technological solution for this. Giving the option of in-person or online voting won&#x27;t solve it - those wishing to coerce will simply require members to pick the online option.<p>Yes, this is already possible with mail-in voting (and there are reports of it happening.) But if online voting becomes mainstream it will become a much bigger problem.<p>Disappointed that the article didn&#x27;t mention this at all. Reminds me of <a href="https:&#x2F;&#x2F;xkcd.com&#x2F;538&#x2F;" rel="nofollow">https:&#x2F;&#x2F;xkcd.com&#x2F;538&#x2F;</a>