Lol honestly I don’t trust anyone who says their system is secure. The idea that some random company that built an android or iOS app with an aws backend magically has no vulnerabilities is laughable, especially after they had hard coded credentials in their repo. The more the ceo says it the more he loses credibility. I might trust a big 5 company to implement this, might. But generally until our systems are secure by default I don’t think anyone could do this right, and there are so many resources going into hacking it it will take a lot of guarantees for me to start to feel better. Mail in voting is simpler and much less vulnerable to scalable hacking.
Open source is not enough, since you have to trust the compiler and hardware the system is running on as well [1,2]. But from the page you linked, the key benefit of that system isn't that it's open source, but that the results are verifiable. I.e. you can check that the results are trustworthy, even if you don't trust the code or machines it's running on?
I’m definitely more likely to trust open source. Generally the more eyes on it the better, I still think even one vulnerability could potentially be catastrophic though.
That microsoft link looks really interesting, I don’t understand automated theorem proving and crypto enough to see how it would work even with untrusted hardware (although it does say it can be run on any third party system)
This is probably a stupid question, but why is mail in voting seen as secure when online voting isn't? I mean, obviously the latter is less secure, since you don't know how the votes are counted and can more easily change the results en mass.
But shouldn't both have the same issues with things like voter coercion? Did we suddenly decide that isn't a risk at all?
It's simple: you can't tell the difference between a compromised and a secure system. Not by looking at it, not by taking it apart. Nothing short of checking each bit with an electron microscope will do (can't trust the disk firmware not to lie, after all). And unlike with banking, you can't tell from the results either.
There is a monetary incentive for the company running online systems such as banks to keep things secure(ish). They are made by mostly technically savvy people and in general are audited properly.
Electronic voting goes to the lowest bidder. They have no incentive to keep things secure and test it properly as that would cost more and cut their middle line. It just needs to work and look secure.
Don't think fiscal incentive assures good implementations. If it really did, places like Experian wouldn't keep getting caught with their pants down. It really just incentivizes hard to audit ones, and extensive legal engineering more often than not as the mathematics dictate. Sometimes it's cheaper to erect legal barriers than to actually dove the problem.
This is what separates "business" from "academia", and unfortunately when the stakes are as high as politics, the business good enough solution leaves too much open to doubt for a healthy civic trust to form.
One big difference is that you are likely to actually notice an error your bank makes. You have a way of proving the mistake (for example the physical check you deposited online, or the email about the transaction).
We don't even have a system in place in America to deal with an election whose results are deemed a mistake or hacked. Do we just have election day again? What if the error comes to light after the new administration has taken power?
Whats at stake. If bank hacked, bank/insurance cover losses. If presidential vote hacked, no one covers campaign costs, new election, and total chaos that ensued. And what if the hack was not detected?
It has to be something based on blockchain, i guess.
Good question. The answer is, because with finances, you can tell if you were hacked by the state of your account. With voting, hacked election results can look as convincing as real ones.
