As a software engineer who knows very little about government security and voting security, can someone explain why you can't just build it like a regular web app (with very good security measures -- the usual HTTPS, database encryption, proper firewall rules to servers, etc.), and have the user enter their voter ID and social security and submit their vote via a web form?
From reading this article, it would seem that it satisfies the first 4 points, just not the 5th. Is that the main reason to have to use the blockchain, to prevent tampering from the inside?
Because whomever owns the server is now a dictator who can decide the result of the election. When it comes to democracy, "tampering from the inside" is your primary threat model.
Take it for someone who lived in a country where we had 70 years of elections with the same party winning each and every one. Tampering from the inside, when possible and hard to detect, becomes ubiquitous. We only started moving towards semi-fair elections when the election authorities begun to include representatives of all major parties. But in the server example, you would need very complex procedures to replicate that, and make sure there is not a single administrator that can tamper invisibly with the server. It is actually easier to build a tamper evident distributed system than a tamper evident single-node server.
The current level you're playing at is: protect against script kiddies, XSS, and drive by server attacks.
The level that system would play at is: protect against other nations with sophistication at the level of the NSA, protect against other nations that compromise an employee of said system, and to protect against large scale DDOS attacks during a critical time in our democracy
The presidential election would arguably be the biggest target of hackers. With the right hack you're essentially directing hundreds of billions of dollars where you want to if you elect the right candidate.
You need the voting system to be end-to-end verifiable.
The secrecy of the vote must be preserved, meaning that not even the servers can know, at any step of the process, that voter A voted for option X.
Voters must be able to verify that when they choose option A, option A is correctly coded into their ballot.
Voters must be able to verify that their ballot is included in the tally and that their ballot is unmodified.
Anyone must be able to verify the process of mixing/anonymizing, decrypting and tallying the ballots.
So it's not easy at all because the requirements are quite contradictory. But you can do it with mixnets, for example, using them in a similar fashion as Tor. That's the way Scytl or nVotes do it :)
From reading this article, it would seem that it satisfies the first 4 points, just not the 5th. Is that the main reason to have to use the blockchain, to prevent tampering from the inside?