
Why experts are overwhelmingly skeptical of online voting - arunbahl
https://arstechnica.com/tech-policy/2020/09/why-experts-are-overwhelmingly-skeptical-of-online-voting/
======
rbecker
The vulnerabilities they found are laughable. Even with all of them fixed,
what about infected disk firmware, compromised Intel Management Engine (or the
AMD equivalent), or a subverted compiler [1]? On the system itself, or on a
developer's machine.

And suppose you somehow fix all of that, and run it on a mathematically
verified secure chip. How do you know vulnerabilities weren't inserted into
the silicon, or perhaps the whole chip was swapped with a compromised one when
you weren't looking. There's already been reports of factory compromised
hardware for credit card readers.

With control of the entire USA as the prize, you can bet that's the level of
attack you'll be dealing with.

[1]
[https://www.win.tue.nl/~aeb/linux/hh/thompson/trust.html](https://www.win.tue.nl/~aeb/linux/hh/thompson/trust.html)

~~~
echlebek
The demand for electronic and online voting is so high that I fear it will be
implemented in a compromised way, before the problem is actually solved. As I
understand it, all known descriptions of electronic voting are worse than
paper ballots in terms of security and anonymity.

This is just what a former CS professor told me years ago, but it seems to be
supported by what experts are saying.

Edit: clarity and addl thought

~~~
rbecker
I think the key is, you can't tell if the system's been compromised by looking
at it. And not even by taking it apart and examining it, bit by bit. Not
without an electron microscope. And unlike with banking, you can't tell by the
results either.

We need a clear way to communicate why it's so dangerous that computer
illiterate people will understand, and that's as clear as I can put it.

------
amai
In Germany online voting is forbidden by the constitutional court since 2009:

\- [https://www.ccc.de/en/updates/2009/wahlcomputer-urteil-
bverf...](https://www.ccc.de/en/updates/2009/wahlcomputer-urteil-bverfg)

"In its decision today regarding the constitutional vote of the German Federal
parliament in 2005, the judges of the Federal Constitutional Court made clear
that comprehensible and secret votes are the core of our democratic system.
This system is eroded by the use of voting machines. It must be possible for
people without technical knowledge to trace and understand the complete voting
process. Therefore, votes shall not be saved solely in electronic memory at
any time."

------
lucozade
Quote from the the TrailofBits audit report [0]

> Anyone with administrative access to the Voatz backend servers will have
> enough information to fully reconstruct the entire election, deanonymize
> votes, deny votes, alter votes, and invalidate audit trails

That's...sub-optimal

[0]
[https://github.com/trailofbits/publications/blob/master/revi...](https://github.com/trailofbits/publications/blob/master/reviews/voatz-
securityreview.pdf)

------
llimos
Leaving aside technological security, one HUGE problem with online voting is
that there is no way to ensure the vote was not coerced.

Scenario: A particular community/religious institution/school, etc., lets
their members know (not in writing) that they will be required to have their
vote witnessed by two other members, on pain of expulsion.

This is not far-fetched, even in some places in America, and certainly in
other countries. Even if we can be 100% certain that the vote is secure and
not tampered with _online_. I don't see any realistic technological solution
for this. Giving the option of in-person or online voting won't solve it -
those wishing to coerce will simply require members to pick the online option.

Yes, this is already possible with mail-in voting (and there are reports of it
happening.) But if online voting becomes mainstream it will become a much
bigger problem.

Disappointed that the article didn't mention this at all. Reminds me of
[https://xkcd.com/538/](https://xkcd.com/538/)

