[kwlug-disc] Say No To Electronic Voting ...

Fri Jul 31 19:23:42 EDT 2020

In another thread, Mikalai said:

On Fri, Jul 31, 2020 at 10:53 AM Mikalai Birukou via kwlug-disc <
kwlug-disc at kwlug.org> wrote:

> Two weeks ago I was involved in a hakaton in Belarus, brainstorming tech
> for elections. Our team have articulated a process in which voters
> (their devices) check and count votes, collected with servers, of
> course. Note, there are no blockchains. Of course, we would I invite big
> Chinese operators into own elections :) .
>
> Elections is all about human trust and human consensus. In a solution
> that we've articulated. There are three points/stages that need check
> and human correction based on cryptographic evidence. Just counting is
> not enough, and may be not engaging enough.
>
> I want this type of system to be used in our municipal
> elections/referenda. Hence, project, concepts, discussion may be
> relevant to many of us.
>
> State of the project. It turns out that cryptography is trivial, when we
> use NaCl (http://nacl.cr.yp.to/) level of abstraction for crypto tasks.
> Everything else has to do with actual settling on some standard form of
> https endpoints, preparation of Docker Stack files to describe
> configurations for different scales, etc. For September I have slides,
> diagrams with data flow, key use.
>
> Opinion and input back is very much appreciated. Especially, if we'll
> set a goal to see if this approach can be implemented i here, on
> municipal, provincial and federal levels.
>

This is a pet peeve of mine: I don't want to see anything electronic in the
main voting process,
because of the reasons below.

The voting process should have the following criteria:

- *Anonymity*:
A ballot cannot be traced to an individual, so there is no pressure or
reprisal if they vote against
their boss or something like that.
- *Transparency*:
The entire process should be understandable to, and observable by a lay
person.
Encryption, tokens, hashes and all that tech stuff cannot be understood by
a regular person. It is stuff
for specialists, which should not be the case.
- *Auditability*:
The voter list records who is eligible, and who actually showed up, so if
someone comes in and finds
that he did vote before, they can raise a red flag that there is vote
rigging going on.
Ballots can be counted/recounted with representatives from the various
candidates/parties to ensure
neutrality.
Software on the other hand can be modified by one corrupt programmer or
installer for a bribe,
under pressure or for ideology. Even if a committee supervises the software
release, this is a single
point of failure (see next point), and there is no guarantee that "this
software" is what ended up on
the machine/web site, or released as an app.
- *Decentralization*:
Ballots should not all go to one location to be counted (where it can be
switched, or stuffed en route --
I know because that was what happened in Egypt). Also, you can bribe or
threaten a fewer number of
people to get a favorable result for you or your friends.

With internet voting, it is far easier to switch every n-th vote to a
certain candidate/party, and the
game is over. Because anonymity is required, one cannot trace a person to
an actual vote. If this
data is recorded, then it can be leaked and people can be threatened or
intimidated. In the absence
of that, switching votes is very easy.

There is no problem with having a machine scan the completed ballot to make
counting easier. The
paper ballot is still the authoritative vote, and can be manually recounted
if needed. We do have
those in a minority of the elections we have (municipal I think).