[liberationtech] E-Voting

Rich Kulawiec rsk at gsp.org
Tue Dec 13 09:32:59 PST 2016 

On Sun, Dec 11, 2016 at 10:08:18PM +0300, Zacharia Gichiriri wrote:
> I still believe e-voting could substantially improve election outcomes [...]

You may, of course, believe whatever you wish.  But you are completely
wrong on this point: e-voting is a disaster for election outcomes.
I suggest that you study the issue in depth, with a focus on the
security issues, for a few years -- at which point I doubt I'll have
to convince you that you're wrong: you'll have convinced yourself.

Voting systems have certain requirements for privacy, security, integrity,
reliability, etc.   Unfortunately, the privacy, security, integrity,
reliability, etc. problems that are now pervasive throughout computing
and Internet operations are antithetical to those.  In other words, the
things that voting systems absolutely must have are just about exactly
the things that contemporary Internet computing environments are
terrible at.  And the situation is getting worse, not better [1] -- so at
this point in time there is no reason whatsoever to even put e-voting
on the table for discussion.  It's not just a bad idea, it's an insanely
bad idea.

A good place to begin learning about this topic in depth is this page:

	Douglas W. Jones on Voting and Elections
	http://homepage.divms.uiowa.edu/~jones/voting/

That page has a large number of links to articles, reports, essays, papers,
etc. on these topics -- and to many sites which contain still more.  It's
an excellent jumping-off point for enquiry into many aspects of this problem.  

---rsk

[1] It may get much worse over the next few years, if major governments
succeed in mandating hardware and software backdoors in devices and code.
If that happens, then some/many/most end-user devices will be pre-compromised
at the factory, which considerably lowers the bar for attackers: they don't
have to create a security hole, there's already (at least) one built-in.
All they have to do is figure out how to exploit it, which is usually
a much easier task.

And it WILL get much worse over the next few years, as myriad companies
eager for quick profits deploy IoT devices that have either (a) ludicrously
bad security or -- more likely -- (b) no security.  It's only a matter
of time, and a short time at that, until these devices are conscripted
into botnets and used to attack end-user networks from inside.

More information about the liberationtech mailing list