HcInfosecAug 20, 2023
@jeroen @mattblaze In general voting by going to a specific place inside the town where you live is cumbersome. If we can get a good system to mostly get rid of that that will likely increase voting turnout. Having elections with 40% turnup is much more dangerous to #democracy than it security risks, of course unless these lasts once are huge (which is possible)
Show threadMatt BlazeAug 20, 2023

@HcInfosec @jeroen Yes, and every technical expert who has seriously studied online voting as come to the same conclusion about the risks, because there are fundamental problems and requirements that preclude building an Internet voting system sufficient for civil elections.

It's not that scientists don't think Internet voting would be nice. Just as physicists don't think perpetual motion machines wouldn't be terrific. It's just that they understand fundamental reasons we can't make them.

Show threadMatt BlazeAug 20, 2023

@HcInfosec @jeroen You want an Internet voting system? You have two choices. One is to relax some of the basic requirements and civil rights associated with voting (at least in the US), such as the secret ballot. The other option is to have elections where we can never be sure who actually won, and that are vulnerable to disruption by anyone connected to the Internet.

Neither option seems great.

Show threadgigantosAug 20, 2023

@mattblaze @HcInfosec @jeroen there are cryptographically secure ways for a person to vote, where that person can go and validate the vote was counted, and nobody can see what this person voted, even if they see the proof that the person voted.

Here is one description of it: https://www.microsoft.com/en-us/research/publication/end-end-verifiablity/

End-to-end verifiablity - Microsoft Research

This pamphlet describes end-to-end election verifiability (E2E-V) for a nontechnical audience: election officials, public policymakers, and anyone else interested in secure, transparent, evidencebased electronic elections. This work is part of the Overseas Vote Foundation’s End-to-End Verifiable Internet Voting: Specification and Feasibility Assessment Study (E2E VIV Project), funded by the Democracy Fund. Opens in a new […]

Microsoft Research
Show threadMatt Blaze
@gigantos @HcInfosec @jeroen Not quite. There are cryptographic techniques for verifying, after the electon, that your vote was counted correctly, in ways that don't themselves reveal your vote. These systems do nothing to correct the problem if a software error or compromise caused your vote to be counted incorrectly, or to refute a claim that it was counted incorrectly.
Aug 20, 2023 at 6:21pmWeb
Show threadMatt BlazeAug 20, 2023
@gigantos @HcInfosec @jeroen In other words, e2e verifiable voting (the technical term for these cryptographic systems) does not provide software independence.
Show threadgigantosAug 20, 2023
@mattblaze @HcInfosec @jeroen but the voting machines used in the US does?
Show threadMatt BlazeAug 20, 2023
@gigantos @HcInfosec @jeroen Yes, optical scan paper ballot scanners (now used in the majority of US polling places) are software independent, because they retain a reliable artifact of the voters's choices.
Show threadHcInfosecAug 20, 2023
@mattblaze @gigantos @jeroen Being the ballot box I presume?
Show threadTorbjörn BjörkmanAug 20, 2023

@HcInfosec @mattblaze @gigantos @jeroen The ballot itself, as I understood it (back in the infamous year of 2000...)

For a reference of sorts, in Sweden all physical ballots are stored until the parliament elected by those ballots have voted to certify the next election (as the sitting parliament must do in a democracy, there really is no one else to do the job, once you think about it)

Show threadHcInfosecAug 21, 2023
@TorbjornBjorkman @mattblaze @gigantos @jeroen Well, you can also print paper while #evoting, why not (well trees). Even print it twice and sent one copy back to the voter. And then make software to compare it all for security
Show threadgigantosAug 20, 2023
@mattblaze @HcInfosec @jeroen but my understanding is that you would get some cryptographic proof to take home, and that it would be algorithmic, so you could have many different implementations able to both generate, store and validate the same data.
Show threadMatt BlazeAug 20, 2023
@gigantos @HcInfosec @jeroen That's not what software independence means. https://people.csail.mit.edu/rivest/pubs/RW06.pdf
Show threadgigantosAug 20, 2023
@mattblaze @HcInfosec @jeroen I'm also not saying this exists in a usable form today, just arguing it is not against the rules of physics to create such a system.
Show threadMatt BlazeAug 20, 2023
@gigantos @HcInfosec @jeroen You are free to believe and say whatever you want, whether you're correct or not.
Show threadgigantosAug 20, 2023
@mattblaze @HcInfosec @jeroen I'm also happy to be educated when I'm wrong
Show threadLou KatzAug 20, 2023
@mattblaze @gigantos @HcInfosec @jeroen Does "software independence" mean that the whole thing depends on the particulars of that instance of crypto implementation?
Show threadSteve BellovinAug 20, 2023
@lou @mattblaze @gigantos @HcInfosec @jeroen No. Software independence means that you can verify the result without using software. L
Show threadLou KatzAug 20, 2023
@SteveBellovin @mattblaze @gigantos @HcInfosec @jeroen ACK. Thanks
Show threadMichael KnudsenAug 20, 2023

@mattblaze @gigantos @HcInfosec @jeroen I think it is also important that voters understand the voting process and how votes are handled and counted. That brings trust, which has turned out to be kind of a big deal lately.

The list of people in society who are able to understand complex cryptography and how to apply this to voting and how this ensures that their vote is cast and counted correctly .. is short.