HcInfosecAug 20, 2023
@jeroen @mattblaze In general voting by going to a specific place inside the town where you live is cumbersome. If we can get a good system to mostly get rid of that that will likely increase voting turnout. Having elections with 40% turnup is much more dangerous to #democracy than it security risks, of course unless these lasts once are huge (which is possible)
Show threadMatt BlazeAug 20, 2023

@HcInfosec @jeroen Yes, and every technical expert who has seriously studied online voting as come to the same conclusion about the risks, because there are fundamental problems and requirements that preclude building an Internet voting system sufficient for civil elections.

It's not that scientists don't think Internet voting would be nice. Just as physicists don't think perpetual motion machines wouldn't be terrific. It's just that they understand fundamental reasons we can't make them.

Show threadMatt BlazeAug 20, 2023

@HcInfosec @jeroen You want an Internet voting system? You have two choices. One is to relax some of the basic requirements and civil rights associated with voting (at least in the US), such as the secret ballot. The other option is to have elections where we can never be sure who actually won, and that are vulnerable to disruption by anyone connected to the Internet.

Neither option seems great.

Show threadgigantosAug 20, 2023

@mattblaze @HcInfosec @jeroen there are cryptographically secure ways for a person to vote, where that person can go and validate the vote was counted, and nobody can see what this person voted, even if they see the proof that the person voted.

Here is one description of it: https://www.microsoft.com/en-us/research/publication/end-end-verifiablity/

End-to-end verifiablity - Microsoft Research

This pamphlet describes end-to-end election verifiability (E2E-V) for a nontechnical audience: election officials, public policymakers, and anyone else interested in secure, transparent, evidencebased electronic elections. This work is part of the Overseas Vote Foundation’s End-to-End Verifiable Internet Voting: Specification and Feasibility Assessment Study (E2E VIV Project), funded by the Democracy Fund. Opens in a new […]

Microsoft Research
Show threadMatt BlazeAug 20, 2023
@gigantos @HcInfosec @jeroen Not quite. There are cryptographic techniques for verifying, after the electon, that your vote was counted correctly, in ways that don't themselves reveal your vote. These systems do nothing to correct the problem if a software error or compromise caused your vote to be counted incorrectly, or to refute a claim that it was counted incorrectly.
Show threadMatt BlazeAug 20, 2023
@gigantos @HcInfosec @jeroen In other words, e2e verifiable voting (the technical term for these cryptographic systems) does not provide software independence.
Show threadLou Katz
@mattblaze @gigantos @HcInfosec @jeroen Does "software independence" mean that the whole thing depends on the particulars of that instance of crypto implementation?
Aug 20, 2023 at 8:33pmWeb
Show threadSteve BellovinAug 20, 2023
@lou @mattblaze @gigantos @HcInfosec @jeroen No. Software independence means that you can verify the result without using software. L
Show threadLou KatzAug 20, 2023
@SteveBellovin @mattblaze @gigantos @HcInfosec @jeroen ACK. Thanks