I was, and am still, under the impression that e-voting can never be allowed in a democratic society, since if it is possible for a voter to in any way prove which way they voted, it is then possible to pressure people to vote one way or the other. I.e. if there is no possible way for me to prove I voted a certain way, there is no possibility for anyone to pressure me to vote a certain way, since I could always lie and say I voted the way they told me to when in fact I voted the way I wanted to anyway.
This is also a large part of the reason why votes are secret.
E-voting must therefore never be allowed; it allows voting to be subject to outside pressure and would cease to provably reflect the actual will of the voters.
> if it is possible for a voter to in any way prove which way they voted, it is then possible to pressure people to vote one way or the other.
Can't deniability be ensured crytographically? I know it can be done cleverly for paper (there's a great TED talk on it), so I'm unsure why it's impossible digitally.
It's possible via homomorphic encryption, i.e. a way to manipulate cyphertext to make some mathematical operations like sums/products or logical comparisons without revealing the actual secrets. For example, it's possible to compare two encryptions of two numbers and get an encryption of their sum or to know which one is larger without knowing either.
However one drawback of such a voting system would be an inability to get actual vote tallies, only an ordering of the candidates.
There is an older google talk about this delving into more detail.
I am under the exact same impression. Many smart people repeatedly advocate deploying e-voting systems without understanding the basic underlying problems, which are not technical in nature. I don't think even homomorphic cryptography helps when it's possible to physically stand behind a remote voter and witness exactly what they vote.
So yes, the only reliable way to vote is to require every voter to enter a physically controlled area in which they are guaranteed the privacy of secret voting. If they can vote anywhere else, they can be coerced to voting according to someone else's will, whether that's a family member, a briber, a foreign agent or some other kind of oppressor.
You can easily implement e-voting without letting anyone prove that they voted a certain way. This leads to concerns about rigged elections, but those same concerns are present with traditional voting.
At the other extreme, you may be able to construct a crypto-system where someone can prove that there vote was incorrectly counted without being able to prove how they voted. The downside to this approach is that it is likely that would likely involve a fair amount of technical knowledge to verify that the "receipt" you get from voting corresponds to the vote you intended to case.
A middle ground would be to allow people to detect when their vote is mis-counted, but be unable to prove it. This can be easily accomplished by giving every voter a random ID at the time of voting, and then publicly posting the ID/Vote pairs.
> You can easily implement e-voting without letting anyone prove that they voted a certain way.
How? Someone could be standing behind them with the proverbial gun to their head, watching everything they do. They could even be forced to use some other computer to use to cast the vote. In conclusion, i sincerely doubt your bald assertion.
8 comments
[ 2.9 ms ] story [ 22.0 ms ] threadThis is also a large part of the reason why votes are secret.
E-voting must therefore never be allowed; it allows voting to be subject to outside pressure and would cease to provably reflect the actual will of the voters.
Can't deniability be ensured crytographically? I know it can be done cleverly for paper (there's a great TED talk on it), so I'm unsure why it's impossible digitally.
http://www.ted.com/talks/david_bismark_e_voting_without_frau...
However one drawback of such a voting system would be an inability to get actual vote tallies, only an ordering of the candidates.
There is an older google talk about this delving into more detail.
https://www.youtube.com/watch?v=ZDnShu5V99s
So yes, the only reliable way to vote is to require every voter to enter a physically controlled area in which they are guaranteed the privacy of secret voting. If they can vote anywhere else, they can be coerced to voting according to someone else's will, whether that's a family member, a briber, a foreign agent or some other kind of oppressor.
At the other extreme, you may be able to construct a crypto-system where someone can prove that there vote was incorrectly counted without being able to prove how they voted. The downside to this approach is that it is likely that would likely involve a fair amount of technical knowledge to verify that the "receipt" you get from voting corresponds to the vote you intended to case.
A middle ground would be to allow people to detect when their vote is mis-counted, but be unable to prove it. This can be easily accomplished by giving every voter a random ID at the time of voting, and then publicly posting the ID/Vote pairs.
How? Someone could be standing behind them with the proverbial gun to their head, watching everything they do. They could even be forced to use some other computer to use to cast the vote. In conclusion, i sincerely doubt your bald assertion.