Hacker News new | comments | show | ask | jobs | submit login

Yup. There is exactly no way to ensure the secret ballot (voter privacy) or public count (auditable results) with any form of electronic voting.

This is actually not quite true. See http://www.cs.cornell.edu/andru/papers/civitas-tr.pdf

Skimmed that paper. Thanks for link.

Nice to see Civitas would use a tamper evident log file (rolling temporal hash). Alas, generally, encoding the order of the ballots cast destroys voter privacy.

I stand by my earlier comment (cross thread): These crypto based voting systems rely on hash collisions to hide individual ballots within a herd of ballots. Because Civitas encodes votes as ranked preference (to support winner takes all, Condorcet, approval voting), there's even more information contained within each ballot, decreasing the likelihood of a hash collision, increasing the likelihood of inferring each voter's unique ballot.

Something did occur to me, however. Right now, all races are encoded onto a single ballot. Making it more likely that every ballot within a precinct is utterly unique.

But if each race was split onto its own ballot, then a crypto based voting system might be workable.


As loathe as I am to validate a crypto-based scheme in any way, these schemes aren't going away, no small part because the geeks keep pushing technological fixes for perceived societal problems. So I'm somewhat resigned that I should make the most of it, help make sure the worst parts are mitigated.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact