I often say that election security is by far the hardest technical problem I've ever encountered. Why? Four reasons:
1) Contradictory critical requirements, particularly vote secrecy vs. transparency.
2) No truly neutral trusted third parties.
3) Election do-overs are generally impossible, so the ability to merely detect problems is insufficient. You have to reliably prevent them.
4) Much of the technology than can manage the complexity of elections is inherently untrustworthy.
The only good solution I know is to have a physical box, have everyone check that it's empty, have all the ballot papers put in the box by voters while everyone watches, then shuffle the papers, then take them out and count them while everyone watches.
Oh, it's an issue if you have to *move* the box.
Ideally the counting is actually done in the same room where the voting was done, with the watchful eyes of all the party observers and everyone else on the box the whole time. So no "seal" issue.
I mean you can still end up with problems if someone attacks the box physically during the voting process, or attacks the voters or vote counters, or the voters or vote counters start attacking each other. I have certainly read about this happening in countries with violent insurrectionist movements, but nothing can be entirely secure against that
@neroden @mattblaze @brainwagon
Not that this would work. But is there some statistical way to remove a fraction of the votes and still have confidence in the outcome? I know votes come down to coin toss and nobody would be happy. But, if you can’t trust all of the votes can you just increase the burden of knowing where to alter the outcomes….
Matt Blaze
Nathanael Nerode
Mᴀʀᴋ VᴀɴᴅᴇWᴇᴛᴛᴇʀɪɴɢ
david koblas