
Online voting in Finland: Conclusions and recommendations (2017) [pdf] - tom_mellior
http://oikeusministerio.fi/documents/1410853/4750802/Online_voting_in_Finland_Conclusions+and+recommendations.pdf/35d9f998-5ec3-4b50-8eae-a2acbc64cd66
======
shaki-dora
Excellent! It used to be that the tech community was the most vocal against
any scheme to increase the use of tech in voting. That consensus seems to have
weakened.

So to all the blockchain-proponents etc: remember that it’s not enough for
elections to just be safe. They also need to be safe _in a way that is obvious
to non-cryptographers_.

Many countries run elections on paper ballots and with public ally-observeable
counting of votes. They do so in rural communities as well as cities with
millions of voters. They rarely see voters waiting in line for more than a few
minutes. And the costs are neglible in the grand scheme of things.

That is the gold standard for elections, and it’s actually damn easy to
achieve.

~~~
wu-ikkyu
Observation of vote counts is only a 1 to 1 relationship. You can't know if
the whole election at scale is safe based on watching one person count votes.
Perhaps it might _feel_ safe to some, but that doesn't mean it is.

Moreover, physical observation doesn't scale. Only a handful of people can
observe due to the physical limitations of meatspace. A simple attack could be
to "DDoS" the count observations by crowding them out with your agents.

~~~
mixmax
But that's not how vote counting works.

Typically there's a member of each party represented in teh election present
for the counting, and often they're open to observers from the outside.

This means that you'd have to collude with your political enemies to steal
their votes....

~~~
wu-ikkyu
Collusion between supposed political enemies has happened frequently
throughout history

~~~
sigstoat
the observers at polling places are not highly ranked party members making
deals in smoky rooms. they're almost certainly residents of the tiny area
being polled, or the polity conducting the count.

certainly shady deals between a couple of folks at the tops of parties is a
possibility, but collusion between the thousands or tens of thousands of local
volunteers of both parties?

~~~
acct1771
Never forget the Manhattan project. Mass collusion being difficult isn't
necessarily a 100% certainty that it's not occurring.

It'd take quite a bit of money, though, this.

------
pjc50
You've reminded me to participate in the Scottish Government's electoral
consultation. [https://consult.gov.scot/elections/electoral-
reform/](https://consult.gov.scot/elections/electoral-reform/)

Online voting is a means of handing the election _directly_ to hackers,
without having to go through the tedious intermediary of "fake news" and so
on.

~~~
gsnedders
I'd totally missed that was happening; thanks for the link!

------
tauntz
On the same topic, Finland's neighbour, Estonia, has had online voting for
over 10 years (since 2005).

[https://e-estonia.com/solutions/e-governance/i-voting/](https://e-estonia.com/solutions/e-governance/i-voting/)

[https://www.valimised.ee/en/internet-voting/internet-
voting-...](https://www.valimised.ee/en/internet-voting/internet-voting-
estonia)

~~~
tom_mellior
Here's an evaluation of the Estonian system (originally from 2014, I believe)
by independent experts:
[https://estoniaevoting.org/](https://estoniaevoting.org/)

Money quote: "What we found alarmed us. There were staggering gaps in
procedural and operational security, and the architecture of the system leaves
it open to cyberattacks from foreign powers, such as Russia. These attacks
could alter votes or leave election outcomes in dispute. We have confirmed
these attacks in our lab — they are real threats. We urgently recommend that
Estonia discontinue use of the system."

~~~
rumcajz
A talk from CCC here:
[https://www.youtube.com/watch?v=PT0e9yTD2M8](https://www.youtube.com/watch?v=PT0e9yTD2M8)

~~~
Avamander
I expected some heavy vulnerabilities, but most of it is just FUD (and
outdated in addition to that). But I agree that the e-voting system could be
done better, with more auditing and etc.

------
woliveirajr
> The monitoring group came into the conclusion that online voting should not
> be introduced in general elections, because the risks involved are greater
> than the benefits.

I wish some countries would look carefully at this conclusion. I think I'll
even send this to some "media influentiers". I think I'll send to some
friends. I think I'm gonna cry a bit.

------
gt_
_> A separate recount of votes to detect and correct mistakes that have
occurred in the vote count is not possible in online voting... If a recount of
votes was carried out in an online voting system, it would be based on the
information produced by the system itself and would give the same result as
the actual count._

This was easily my favorite part.

------
vim_wannabe
Absolutely love it when people are able to go against Change for the sake of
change™.

~~~
Zhyl
It's an alluring proposition, though. The student who is just learning about
computers and digital ways of doing things will see the problem of voting as
'solvable' and would be able to list a large number of advantages to an
electronic voting system.

In that sense, I don't think anyone advocating electronic voting is trying to
'Change for the sake of change' (compared to, say, a police force trying to
replace desktops with iPads). The naivety of it, though, is more the
discussion that is being had.

~~~
moccachino
One of the often cited advantage of online voting is that everyone can do it
without needing to interrupt their day and thus more people would perhaps
vote. That 'advantage' might be revealing itself now as a liability now that
we see what effect the lack of face-to-face time has on people, especially in
political discussions.

------
chmaynard
I wonder if blockchain technology could play a role in the development of a
secure and reliable online voting system.

~~~
thg
I don't think the blockchain is going to protect you from a maniac with a
wrench "convincing" you to vote the way he likes.

~~~
askvictor
What's to stop a maniac with a wrench "convincing" you to transfer all of your
money to his bank account electronically?

~~~
thg
Money transfers can be rolled back rather easily and unless that maniac has an
offshore account, wants to be on the run for quite some time and get close
enough to someone with enough money to actually make it worthwhile, it's
hardly going to work out or be worth the trouble.

Being coerced into voting for a certain party is a whole different problem,
with different actors. You're not going to run the election again when the
spouse of someone pressured them into voting against their will. How would you
even want to prove it had happened in the first place? There's not going to be
a paper trail without giving up voter secrecy, which is yet another problem.

------
hippich
While paper voting being simple and reliable is valid point, what tech can
bring (of course if costs, security, etc will be solved to trust it as much as
we trust paper voting) much more granular voting options.

So instead of waiting for specific large event to put some question on a
ballot, state could send push notification to cellphones asking to vote for
specific proposition and quickly get response.

This would enable democratic process for much larger number of state projects
instead of relying on elected officials and people hired by elected officials.

~~~
specialist
That's called an opinion poll. Or marketing research.

Voter fatigue is already a severe problem. More direct democracy has plenty of
down sides.

The alternative is to organize, lobby, participate. Bring the heat. So much
that whoever's in the way sees the light.

Campaigns and elections are just the opening acts of democracy.

------
Y_Y
If we can bank online, why can't we vote online? In the clever separation of
powers that most modern states have it seems like the part that determines
voting procedures and election boundaries should also be separated. Otherwise
the incumbents are incentived to maintain the status quo!

~~~
nileshtrivedi
Voting online will take away one of the biggest feature of a free and fair
election: Lack of coercion. Voting must be done in a publicly visible manner
(and yet, the ballot should remain secret) so that there is provably no
coercion. Voting from home - will enable coercion by families, employers and
goons.

~~~
Mediterraneo10
> Voting must be done in a publicly visible manner (and yet, the ballot should
> remain secret) so that there is provably no coercion.

There can certainly be coercion even in countries that maintain secret
ballots. In Russian regions, it is not unheard of for civil servants and
teachers to be told by their superiors that they must vote the favoured party
“or else”, and a mobile phone picture of their ballot might be demanded as
proof that they did so.

~~~
chopin
Which is why it is forbidden in many countries to take such pictures. Hadn't
there been a scandal with Trumps son-in-law (or son maybe) who posted a
picture of his ballot?

~~~
relix
You think because it's illegal, it'll stop people that are being coerced?

~~~
chopin
In Germany, we have roughly this system (and I think that it is similar in
US): the voting boxes are some rather tiny cardboard boxes which can be seen
by the people running the election, they are rather open. You would need to be
pretty sneaky to take pictures. As well, in Germany phones tend to not be able
to switch off the clicking sound of the camera.

If I am able enough to tweak my stuff to take such a picture I'd be surely
able enough to provide a fake picture. The attacker would need to provide the
device which in turn does not scale very well. So, apart form husbands, this
attack would not make much sense.

If that was to be done in scale, it'd be noticed fast. And people would ask
questions quickly. That might be different for Russia, I admit. In US, no need
for all that, you have electronic voting boxes, which are completely opaque to
voters and counters.

EDIT: spelling.

------
a_imho
sortition > voting, at least for choosing representatives

