When Hurricane Sandy hit in 2012, it threw New Jersey into an ad hoc experiment in online voting. … Had New Jersey’s experiment gone well, it would have been a major victory for advocates of online voting, who’ve long argued that the internet could be a valuable tool to protect the right to vote and increase dismal U.S. voting rates. It did not, however, go well at all: Email servers were overwhelmed, leaving voters unable to request or return their ballots. In an attempt to fix the situation, one elections official gave out his personal email address to voters to submit their ballot requests—and a security researcher discovered that his password recovery question was apparently his mother’s maiden name after looking at Hotmail’s password-reset form. The official says he was never hacked. … Security experts cried foul at the election, which saw an estimated 50,000 ballots cast electronically. They were concerned that voters’ personal data was potentially exposed, and were worried that there was an opportunity for ballots to go uncounted. “We don’t know how many of these votes were actually counted or shouldn’t have been counted versus lost, or how many people tried to use this system but were unable to get ballots,” Ed Felten, who was then the director of Princeton University’s Center for Information Technology Policy, told Al Jazeera in 2014. “We can’t measure it, but certainly there are indications of overflowing mailboxes, big backlogs and problems processing requests. So I don’t think you could conclude at all that this was a successful experiment.”
… “They’re pretending like voting is no different than buying a book on Amazon, and they’re completely, by virtue of ignorance or malice, ignoring the truth of the world,” said Joe Kiniry, a cybersecurity researcher. “The simplest way to check the veracity of their statements is to call up any security researcher in the world that you find online who has made public statements about end-to-end verifiable elections and ask them. And you will find that 999 out of 1000 will tell you that [the likes of] Everyone Counts, [other online voting venders], and Estonia are full of shit.”
One concern of cybersecurity experts is protecting both the anonymity of a voter, and allowing the voter to prove that their vote was actually cast. In an online purchase, both the merchant and credit-card company or bank attach the customer’s name to the purchase. Purchases are tied back to individuals—something customers want so that they can verify their purchases.
But an online-voting system would need to separate the two—a voter’s identity from their ballot—to protect voter anonymity. In that case, how can that voter be confident that their vote is counted at the end of the day?
Full Article: Why You (Still) Can’t Vote Online.