HcInfosecAug 20, 2023
@jeroen @mattblaze In general voting by going to a specific place inside the town where you live is cumbersome. If we can get a good system to mostly get rid of that that will likely increase voting turnout. Having elections with 40% turnup is much more dangerous to #democracy than it security risks, of course unless these lasts once are huge (which is possible)
Show threadMatt BlazeAug 20, 2023

@HcInfosec @jeroen Yes, and every technical expert who has seriously studied online voting as come to the same conclusion about the risks, because there are fundamental problems and requirements that preclude building an Internet voting system sufficient for civil elections.

It's not that scientists don't think Internet voting would be nice. Just as physicists don't think perpetual motion machines wouldn't be terrific. It's just that they understand fundamental reasons we can't make them.

Show threadMatt BlazeAug 20, 2023

@HcInfosec @jeroen You want an Internet voting system? You have two choices. One is to relax some of the basic requirements and civil rights associated with voting (at least in the US), such as the secret ballot. The other option is to have elections where we can never be sure who actually won, and that are vulnerable to disruption by anyone connected to the Internet.

Neither option seems great.

Show threadSebastian SylvanAug 20, 2023
@mattblaze @HcInfosec @jeroen we already sacrifice secret ballots with mail in voting (anyone in your household could watch you vote and even force you to vote how they want). Seems like we decided the pros outweigh the cons on that one. So if we remove that one, online voting seems plausible.
Show threadSebastian SylvanAug 20, 2023
@mattblaze @HcInfosec @jeroen also mail in voting is secure in practice but not in theory. Nobody has even once checked my ID either to apply for mail ballot or to vote. It’s based on signature verification of whatever I used to sign up. I haven’t signed my signature the same way twice in my entire life. It wouldn’t be too hard to outdo that in terms of aithentification rigor.
Show threadHcInfosecAug 20, 2023
@ssylvan @mattblaze @jeroen That's clever. They have a signature database apparantly.
Than they probably scan your ballot, and have a computer see what you voted for.
Notice, that computer at that moment knows and could log or communicate what you voted. So there is the same problem #evoting (e-voting or electronic voting) would have.
#democracy #voting
Show threadDan VeditzAug 20, 2023

@HcInfosec @ssylvan @mattblaze @jeroen

Typically you sign the outside of a sealed envelope. That is checked before it is opened and the unsigned ballot sent to be counted. If it's not opened mechanically (by a machine without a scanner!) then there will be observers to make sure people who see the signatures also don't stop to read ballots. They don't have time for that, anyway.

Election officials take their jobs seriously. Anything you think up off the top of your head will already be addressed by standards and best practices.

Show threadHcInfosecAug 20, 2023
@dveditz @ssylvan @mattblaze @jeroen Ah, that's indeed different. The signature is not on the ballot but on the envelope. Does open some attack surface of course.
Show threadDan Veditz

@HcInfosec
One advantage of polarized politics is that each side worries the other will cheat, so there are all kinds of controls, procedures, observers, and audits to prevent everything that anyone has ever thought up.

That's why the real battle is over who votes, not how. The "how" gets argued over because it makes voting easier for the wrong people or harder for the right people, and the arguers disagree on who those are.

Aug 20, 2023 at 8:06pmWeb
Show threadHcInfosecAug 20, 2023
@dveditz Yes, the whole world knows in the #usa the #gop has gone fascist and tries to block poor and colored people to vote. It's a pretty sad and also dangerous situation.