As a long time reader of comp.risks, and having a professional interest in security (as a sysadmin), I'll take this...

As a long time reader of comp.risks, and having a professional interest in security (as a sysadmin), I'll take this opportunity to say that anyone who is promoting online voting as a replacement for paper ballots is (in my opinion) one or more of a)Hopelessly naive, b)Frighteningly optimistic, c)Woefully ignorant of the problems of authentication combined with anonymity, d)Ignoring the problems of coercion, or (worst of all) e) Willing to accept vote tampering.

I do not seriously think that the Electoral Commissioner would be willing to accept vote tampering, but every electronic or online system has been demonstrated to be vulnerable to it. Worse, such attacks can occur at any point, be it in corrupt coding, interference with the ballots, or by injecting forged ballots.

All of these have be proven to be possible in every practical and theoretical system proposed to date. 

This is ignoring the problem of d) - if the voting is not occurring in a public place, how do you prove that the voter is not being coerced?

Edited to add:
Just this morning, more research showing the flaws of Internet voting systems:


  1. Yep Rob Masters I get what you're saying, it's certainly got some challenges (I'm in IT too) but it's got to be better than the current system where whole ballot boxes can go missing and they have to re-do an election.

  2. Mike Disbury Actually, it is not an improvement - as with an Internet or electronic system it is trivial for entire electronic ballot boxes to be replaced without any sign of anything being wrong. 

    I'll take a provably missing bunch of votes and a re-vote over that!

  3. I guess it comes down to trust doesn't it? if I can shop on line, do my banking and even my tax, I shouldn't I be able to vote?

  4. The difference is that with the others, you have a means of tracking your behaviour, and have a verifiable identity associated with your actions.

    Voting, by its nature should be anonymous, and your behaviour should not be able to be traced or tracked. At the same time, you need to be able to have reasonable certainty that your behaviour has not been tampered with.

    To date, there is no method of electronic transaction handling that allows for this conflict to be managed. Physical ballots, handled by large groups in a public forum remain the least corruptible method - because large groups in public areas are difficult to secretly corrupt.

  5. online voting is a disaster waiting to happen just for the saving of a few pieces of silver. we have had very few ballot boxes go missing and the result of the election was not in the end affected.  but a fraud of an online voting system could well be undetectable and untraceable. Trust is not the issue it's distrust we need that is why we have the rules we have currently have. they are designed to take trust out of the equation.

  6. Excellent way of putting Garry Winterton! We use a  system of no trust - but solid verification.

  7. Also since a fraud of an online system would  inevitably be government sourced.
    Then it follows If some one wins a series of elections with a margin of 1 to 4% over 4 consecutive elections with an online voting system how would you know if it's a fair result?

  8. Rob Masters
     The inherent problem with electronic voting is that designers try to do too much with the electronic vote; more than is required. What is electronically required is just tallies. That is all.

    In terms of voters voting at a polling booth, a verifiable system of voting is possible, using the tally machine to produce a human-readable ballot paper which the voter can verify visually before putting it in the ballot box. The tally machine only keeps tallies against the candidates. Not who or when the vote was cast. The tallies are collected at the end of day and presented as provisional results; to be verified by a subsequent, physical count of ballot papers.

    If a voter "spoils" their ballot (i.e. the machine-printed paper doesn't show voter intent) the paper is handed to a polling booth official who marks the paper as a spoil and places it in a "spoils" ballot box which is secured like the others and opened at the time of physical ballot count and the corresponding tallies decremented.

    No "copies" of ballot papers ("receipts") shall ever be produced for the voter as that facilitiates the buying/selling of votes or votes under duress.

    Votes under duress, etc. are impossible to rule out with Internet voting; where the voter is not under the view of an officer of the electoral office. Postal votes are already vulnerable to that.

  9. Bernd Felsche re: Duress - yes, but as long as postal votes remain small proportion of the overall vote, it is not too big an issue.

    re: Electronic tally boxes - the problem there is the problem of compromised machinery presenting an incorrect count. This has already occurred with the USA electronic tally boxes (to give just one example).

  10. Rob Masters
     You seem to have misunderstood; the tally machines' results are only preliminary. A "pre-count". (One from which certainly any spoilt ballots are yet to be deducted; by electoral officials, under supervision.)

    Authoritative counting is of the physical ballot papers, verified by the voter before being placed in the ballot boxes by voters. That works at least as well as the present system. Even if the electronic tally boxes are compromised, it makes no difference because the ballots count; not the tallies.

    Electronic tallies only exist to quell the feeding frenzy of the meeja and those who absolutely cannot e.g. go to the toilet before they know "a result". Or even those who take their smartphone to the toilet to keep an eye on the results; then bring the smartphone to the dining table. (yuk)

  11. Ah - gotcha. OK, that is a useful compromise.


Post a Comment

Popular posts from this blog