I think a startup to fix voting would actually be a really cool (anyone here doing that already?), although I imagine it would be fraught with danger.
I think we need to step back to first principles here. In an ideal voting system, we need two properties:
1.) The vote must be anonymous (to remove the possibility of persecution)
2.) There has to be some way to detect if a vote has been tampered with.
Here's the thing... we can solve BOTH those problems with common cryptographic algorithms. Problem #1 can be solved with a hashed identity, problem #2 can be solved with a checksum.
Right now we try to solve that with a "paper trail". That's one solution, but it's very problematic. First, you're putting a lot of trust in the people doing the counting. Second, we can't trace those pieces of paper back to people to ask them "is this really who you voted for?"
I'm not claiming these are /easy/ problems to solve. There are a lot of considerations. But I will claim that we already have the required cryptographic toolset to make it possible, and that simple counting machines are entirely inadequate.
Paper ballots satisfy both of those properties. What problem are computerised ballots trying to solve? I've seen cost mentioned but haven't seen any evidence that it's cheaper. I imagine that it's mostly about getting the election results faster but is that really a goal of an election? Speed over accuracy?
You can get the speed of e-voting with paper ballots if you tally up the totals twice: once with a scanner when the ballot is put in the box (appropriate design of ballot and box required ofcourse), so you get immediate digital results, and once with manual counting to give the vote legal standing. The fact that only a manually counted result would have legal standing ensures nobody will see the point in tampering with the digital counter.
I would agree that there's no reason to have e-voting instead of paper ballots. The only possible excuse I might imagine for e-voting is that it lets people vote from home which enfranchises more voters, but that would just lead to a wave of vote selling so...
Accessibility is one area where paper ballots perform very poorly.
The Help America Votes Act, which spurred much of this new voting technology, specifically says voting places and ballots should be accessible by voters with disabilities such as the blind. This is very hard to accomplish in a secure, protected way without a machine. Some polling places have paper ballots for most, and machines reserved for the disabled.
That's not enough. You'd be trusting the compiler, the build environment, and believing that the hardware runs the binary code you expect. Tampering with the hardware is demonstrably easy, there are plenty of reports of people reflashing Diebold machines.
You're thinking of a very limited subset of cryptography (I assume: ciphers).
As a counter-example of having to trust the receiving end, consider zero knowledge proofs [1]. Even if you don't trust the prover, you become convinced of what they're trying to prove to you (if it's true).
The basic trick to proper cryptographic voting machines is zero-knowledge-proving that they are working correctly. Any tampering, whether it be in the source code or at the hardware level, will either not affect the tally or break the zero knowledge proofs.
Most protocols I saw did let you verify your own vote, but how can you check other's votes not knowing what they voted? You can't, and >90% of people wouldn't even know how to check their votes.
Everybody understands paper voting and there are several (more or less) trustworthy protocols for paper-based vote count.
Maybe I'm pessimistic, but I can't picture a near future where the populace understands computers enough to be able to trust e-voting.
But how can you check that their encrypted vote is not tampered with even if it's well formed? I can craft "virtual individuals" which replace the real people voting and you wouldn't even notice. The vote is cast and well-formed, it's just not their vote.
If vote is secret you just know that someone voted X. Who is that someone? Is he even real?
Since we need secrecy we need to know X, but not who is "someone", so we're blind there.
Every encrypted vote is linked to a voter registration. As with the current system, you can determine if someone has voted but not who they voted for.
If you can't prevent fake voters from registering, you've failed before the election even begins.
(Yes, this does allow you to coerce people with known preferences into not voting in order to affect the result. This issue, and many others, are discussed in the video.)
I think a startup to fix voting would actually be a really cool (anyone here doing that already?), although I imagine it would be fraught with danger.
I think we need to step back to first principles here. In an ideal voting system, we need two properties:
1.) The vote must be anonymous (to remove the possibility of persecution) 2.) There has to be some way to detect if a vote has been tampered with.
Here's the thing... we can solve BOTH those problems with common cryptographic algorithms. Problem #1 can be solved with a hashed identity, problem #2 can be solved with a checksum.
Right now we try to solve that with a "paper trail". That's one solution, but it's very problematic. First, you're putting a lot of trust in the people doing the counting. Second, we can't trace those pieces of paper back to people to ask them "is this really who you voted for?"
I'm not claiming these are /easy/ problems to solve. There are a lot of considerations. But I will claim that we already have the required cryptographic toolset to make it possible, and that simple counting machines are entirely inadequate.