Hacker News new | past | comments | ask | show | jobs | submit login

Your examples are all less scalable and easier to detect that hacking.

> That is a great step forward, compared to the closed black boxes, e-voting systems I have heard of before.

It's still a black box. You have only their word to go that the published source is what is actually running on the machine in front of you in the voting booth. And they have only the word of their computers.

So yes, it's a great step forward, in the same way that going up a flight of stairs is a great step towards reaching orbit.




"Your examples are all less scalable and easier to detect that hacking."

Less scalable likely yes, but easier to detect depends. How would I know, if my local vote regulator is a russian asset?

"You have only their word to go that the published source is what is actually running on the machine in front of you in the voting booth."

That can be changed. In a way, that I also can voluntarily help with the voting and vote count today, you could have community based people overwatching the technical deployment of the machines.

I am not saying, that what the swiss are doing is enough. But I like voting and I would like voting to happen more often. That would be way easier with digital secure solutions. We can transfer our money digital securly, so why not also our vote?

(well yes, anonymity of vote makes it harder, but not impossible)

More voting, more democracy.


Even if experts are convinced that the e-voting system is secure, it cannot be understood by laypeople. To a random person on the street, e-voting is absolutely intransparent, it's a magic black box that spits out a result. And as soon as distrust of the government comes up (no matter whether justified or not), e-voting can amplify the allegations of voting manipulation.

In contrast, paper and mail voting are things that are technically less secure than a well-designed e-voting system, but they can be understood by laypeople. In Switzerland, my vote goes into a ballot box, guarded by people from different parties. They are counted by citizens from different parties, with many people in the same room. Manipulation has happened in the past, but it has always happened in a constrained scope (e.g. people fishing voting ballots out of the mailboxes of their neighbors). And if it happens large-scale in a single town, this may be detected by statistical analysis ("the number of votes for a certain party is unusually high or low compared to other similar towns"). If citizens don't trust the count, they can request a re-count of the sealed voting ballots by other people.

Making voting simpler is a good thing. In Switzerland, we have had mail voting for a long time now. Yes, you still need to fill out a piece of paper and bring it to a post box, but the thing that takes the most time is actually informing yourself about the things/laws/referendums you're voting on, not filling out the paper. And the attack vector on mail voting is easy to understand.

The problem with e-voting is not security, it's trust. If we erode trust in our voting systems, we erode trust in our democracy. This has already started to happen in a few places, most notably in some areas in the US where e-voting systems are deployed, and where certain groups of people keep repeating their allegations of voter fraud. (They can claim this about regular voting as well, but it's easier to disprove than with closed e-voting systems that only very few "experts" can understand.)


"In Switzerland, my vote goes into a ballot box, guarded by people from different parties. They are counted by citizens from different parties, with many people in the same room. "

I very much agree to your point, that laypersons need to be able to understand the system. At least the basic concept. No dark magic.

After all a vote is just encrypted information going to a server.

The details are more complex, sure, but there is a growing number of tech literate people.

So not all people might understand it all directly, but if their neigbhor does (and indeed also checks occasionally), then this might be enough.


A vote is not just "encrypted information going to a server". The law says that every voter must be able to vote once (and only once), and that the vote must be secret, towards other voters and towards the government. A vote must be authenticated, it must be ensured that it's only counted once, but the counting system may not know what you voted (at least as long as the vote is tied to your identity). This means that you cannot use classic encryption algorithms, because for tallying the votes, you must be able to sum up votes for which you're not allowed to know what the vote is. This requires "novel" schemes like homomorphic encryption, zero-knowledge proofs, etc. (Not novel in the academic sense, but in a practical sense, there is still quite little practical experience with this kind of cryptosystem, compared to TLS for example.)

I have yet to find someone that can explain me how homomorphic encryption works in a way that I fully understand. And I'm a software engineer. I understand RSA or Diffie Hellman. A lot of people understand RSA or Diffie Hellman. Almost nobody understands homomorphic encryption. This means that almost nobody even has the necessary base knowledge to even being able to review an e-voting system.

Without voting secrecy, I'd say that building a robust system would work reasonably well. With voting secrecy, it's a different story.


"Without voting secrecy, I'd say that building a robust system would work reasonably well. With voting secrecy, it's a different story. "

Sadly this is true and I agree to that. I am also a fan of open voting, but I can see that general society is not ready for that.

And to your other points I mainly agree, but I am a bit more optimistic, than one can build a system of open trust, even though I have to admit, that I also do not understand the specific system, but I also did not really look into it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: