1

As a follow up to this great question and the answers provided I (as stubborn and naive as I am) still don't get why creating a secure voting system is practically impossible.

First off why is anonymity so important? I don't see any democracy like Europe or america prosecuting those who didn't vote for the elected party. Sure in China and North Korea and stuff I can understand (if they would ever have an election).

If people have an online account to do government related things on (we in the Netherlands do) then ensuring only 1 vote per person is easy. You simply let people vote through their account. And if you want anonymity you store the vote and the voter separately within different time frames so there is no correlation between the vote and the voter.

An infected PC might be a problem but would a random-reader, like the one you use for bank transactions, not be enough?

Community
  • 1
Vincent
  • 433
  • 3
  • 9
  • 1
    I think this is more of a political discussion than an IT security question. The question "why is anonymity so important" definitely is. – S.L. Barth Apr 30 '15 at 08:38
  • @S.L.Barth fair enough, but I'll leave it in if you don't mind, feel free to discard that bit ;) – Vincent Apr 30 '15 at 08:40
  • 2
    @S.L.Barth I think it's fine to leave the question open so long as it's not a debate of opinions as to how voting should be done, but objective explanations of how certain legal requirements translate into certain technical architectures. See Wolter Pieters' PhD thesis for a scientific (based on Actor-Network Theory) account of voting requirements. – Steve Dodier-Lazaro Apr 30 '15 at 08:50
  • 3
    @VincentAdvocaat it would be a good idea to change how you ask the question, so as to incite readers to stick to technical facts and uncontroversial materials. – Steve Dodier-Lazaro Apr 30 '15 at 08:52
  • 1
    As asked, I'm truly not sure what your question "really" is. The core of the question appears to be the importance of anonymity for government elections, which is a political theory question, not an Infosec one. If there is a technical question here, this will require an edit. – schroeder Apr 30 '15 at 17:37
  • there's 3 questions in the text, that's only part of the first question, Steve DL was able to answer quite correctly, i don't see it as such a big deal – Vincent Apr 30 '15 at 19:32

1 Answers1

3

Feasibility

It's not impossible, just terribly impractical. The issue of remote electronic voting is not so much a lack of cryptographic primitives than a lack of trust. You as a voter must trust your computer and the platform on which you vote to correctly register your vote. You must still trust your own computer to correctly verify the vote you cast. The organiser must also trust you and all the other voters that your computers are under your control, and that it is you indeed who are casting your own vote.

The state of the art is a paper published last year in Computer Security Foundations by Mark Ryan and his team. It shows that it is at least possible to cast votes without trusting your computer, if you choose to trust a small piece of hardware instead. It's still very inconvenient, but this solution is already more practical because the trusted hardware is more readily manufactured, verified and distributed than a full-blown computer.

Anonymity

You need to guarantee anonymity mainly so the organisers cannot infer who you voted for. If the organisers are able to query the voting system at any point in time, they could infer all individual voter choices by querying the system before and after any vote is cast.

Note that there are different legal, technical and societal concerns about e-voting and remote voting in each country. Wolter Pieters did his PhD thesis on the controversies surrounding electronic voting, and compared the issues between the USA, the UK, the Netherlands and Estonia. It's a very good non-technical introduction to the challenges of voting and electronic voting.

Steve Dodier-Lazaro
  • 6,828
  • 29
  • 45
  • 1
    And the organizers are not the only party who may take an unhealthy interest in finding out who voted what. The moment anonymity goes away, people can be browbeaten by anyone into voting "correctly". – S.L. Barth Apr 30 '15 at 08:50
  • I agree with Vincent and think these answers are being a bit precious about anonymity. If you are voting for where to go for lunch you just everyone in the room to raise their hand for option A, then option B. And the lesser anonymity the question is discussing is "did you vote" not "who did you vote for" which the organizers already have in the electoral roll. – daniel Feb 27 '17 at 12:14