[EM] Idea for a free web service for (relatively) secure online voting

[Kristofer Munsterhjelm]

Mike Frank wrote:
> Hello, I was thinking of building a free public web service, perhaps 
> operated by a charitable NPO,  that would allow organizations (including 
> perhaps small governments) to operate online elections in a way that 
> offers some sophisticated modern security features.
> 
> In addition to taking standard security precautions, the site would 
> generate a certain form of electronic certificate, made available after 
> the election to each registered voter, that is basically a concise, 
> easily-verifiable, cryptographically-secure proof which assures that the 
> voter's specific ballot information (or their lack of a ballot, if they 
> did not submit one) was correctly figured into the official election 
> results.  (The voter could verify their certificate using open-source 
> software or online services which could be made available by any number 
> of independent organizations.)
> 
> In such a system, if significant numbers of ballots were being 
> electronically altered before tallying (as Diebold has been accused of), 
> this kind of tampering could be easily detected by affected voters.  So 
> it would be much harder to get away with, would be less likely to 
> happen, and so the voters could hopefully have more confidence in the 
> system as a whole.

How would this system work? I guess you could use blind signatures to 
submit the actual votes, but how would it ensure the voters that their 
votes are counted? I know of some systems to produce proofs for 
Plurality, but I'm not sure how they could be turned into proofs for, 
say, Schulze. If the system permits ranked or rated votes, you'll also 
have to deal with the "fingerprint attack", where a vote-seller asks the 
voter to vote in a particular manner, using a rank that with high 
probability will be unique.

> Such a system wouldn't directly address suspicions that the voter rolls 
> in a given election might have been padded with unreal voters; this 
> would require verifying the real-world authenticity of voter identities 
> through some process of voter registration, but that is a problem that 
> could be handled separately offline (e.g. via registration in-person or 
> by mail, like voter registration is often done now, and/or by publishing 
> of voter rolls for independent verification).  For use in smaller 
> organizations where the list of eligible voters is common knowledge 
> (e.g. all organization members), padding of rolls would not be an issue 
> anyway.

Other possible attacks from the outside could involve coercion (vote my 
way while I watch) or bribery (same as above, but with a payment if you 
do what I say), and identity confusion (where the person's computer is 
zombified so that the ballot cast differs from what the voter intended). 
If you want to be sophisticated, you could have a vote retraction signal 
(a number or similar) which would nullify your vote if you send it 
before the election, and an external device to confirm the ballot just 
before you submit it (so that you can see it's what you actually wanted).

Of course, a voter retraction signal opens up the possibility for 
coercion or buying of said signal, and it'd also be difficult to 
reconcile the goals of both having it possible for a voter to verify if 
his vote was counted and making it possible for the voter to annul his 
vote. If the annulment makes the signature return "you didn't vote" or 
"your vote didn't count", then a coercer could attack the voter for 
having retracted his vote, whereas if it still makes the signature 
return "you did vote and your vote counted", then that might be used for 
fraud (mass retraction after the polls have officially closed).

> Incidentally, the cryptographic certificates attesting to the 
> correctness of the ballot-tallying process might be easier to create for 
> some election methods than for others - for example, plurality, range, 
> and approval voting are all easy to handle, but with ranking-based 
> methods it gets a little more complicated (b/c aggregated subsets of 
> ballots couldn't be summarized with just a single number for each 
> candidate).  It's still possible, but the certificates might get a lot 
> larger.

Would the certificates differ for different Condorcet methods? How about 
IRV, which is very sensitive to changes in ballots?

If the certificates are unmanagable for IRV, that may still not be much 
of a problem, though, since (in my opinion) IRV is not a very good 
system. Others who like IRV may disagree.

> But in any event, the site could still allow election organizers to 
> select from any of a number of interesting voting methods, such as those 
> being discussed on this list.
> 
> Anyway, I was wondering if the folks on this list think that such a site 
> would be useful - or has it already been tried?  Perhaps I can improve 
> in some way on what's been done.

I don't think it's been tried yet. I know of some sites that do election 
counting on demand, but none that have the sort of cryptography setup 
you're talking about.

As for that setup, I think that it would be fine for small or informal 
elections. For larger scale elections, the security doesn't suffice 
unless you find a way of dealing with the attacks from without 
(coercion, vote-selling, and impersonation). Even if you limit access to 
the site to polling place computers, you get the problem that the voters 
may not trust the machines or not know or care to verify their signatures.