Could we create an app for people to use for voting in national elections? I did some work on electronic voting systems problems with Ed Gerck in the early 2000s. It was hard then, it’s arguably harder now. This gets back to what some people have lobbied for since the early days of the Internet: the “Internet driver’s license.” In the U.S., to get a voter’s registration card, you have to prove you are who you say you are, that you live where you say you live, and that you’re a U.S. citizen. That entitles you to be enrolled as a registered voter, which means that for any election in your jurisdiction, you can show up and cast your vote (or as is more commonly the case, to mail your ballot in or drop it off at a collection point).
For vote-by-mail, your ballot envelope has personal identifying information on it, and you must sign it, demonstrating that it was in fact you who voted the votes as recorded on the ballot. For vote-in-person, you’re required to sign your name to a ballot log on the spot indicated for you as recorded on the polls. That’s to make it possible to audit the election, proving that only the people who are authorized to vote actually voted, and that they only voted once. The contents of the ballot are completely opaque to this process—and must remain so to ensure the sanctity of the right to a secret ballot. On paper—that is, in an actual paper system—that’s pretty easy to do. At scale, electronically, it’s nearly impossible to do without it being possible to hack.
Now, you can argue that you can “hack” the paper system. And you can, to an extent. If you know for certain that a given person is not showing up to vote, you can have a “substitute” vote in their place. In theory, the structure of voting in small units called precincts is to deter this. If there are 1,000 people in a precinct, and the election judge is someone of note in the precinct, odds are pretty good that the judge will have personal knowledge that this person claiming to be “Betty Goodbody” is in point of fact an impostor. And even if the judge doesn’t dispute the identity of the voter, in an audit, the fraud may be discovered from signature comparison. And even if it skates, completely, imagine the difficulty in carrying out that sort of fraud on a very large scale basis. Even 100,000 “fake voters” would be a ridiculous amount of work.
Shift to an electronic format, and that’s all out the window. The best that can be come up with to date is the notion that every person permitted to vote be issued some sort of revokable digital certificate. At that point you’re talking about a large sale public key cryptography system which is something that in practice we know very little about implementing securely.
Full Article: Quora: Web-Based Voting Isn’t Plausible—At Least Not Yet.