## Drawbacks of Online Voting

3

BBC has an article which asks if it is time for countries to adopt online voting. While, there may be many advantages of this, what are the principle drawbacks of online voting? It is possible that hacking may counter the advantages of online voting.

Question was closed 2018-02-01T13:00:32.520

3"It is possible that hacking may counter the advantages of online voting." Yes! Try hacking an offline vote on a large scale. Requires much, much more effort. Some things best remain under as many human eyes as possible. – Trilarion – 2018-02-01T10:10:27.167

1@Trilarion It depends if you are comparing to paper-based offline voting, or to US-style "electronic voting machines". The latter have many of the problems of online voting. – Federico Poloni – 2018-02-01T10:29:01.090

@FedericoPoloni With offline vote I really meant a pen and paper vote with manual counting afterwards, completely free of any electronic devices. The traditional way which works quite well if you ask me. I would have to read the linked article in order to know why anyone would want to switch. – Trilarion – 2018-02-01T10:31:07.907

10

One of the main problems is that in most countries voting is anonymous. It's hard to find a way that people can vote online, without authentication (because anyone can only vote 1 time) and assure that the vote is not bound to an identity.

Hacking is also a major drawback, as regular voting is highly decentralised in most countries. That makes it hard to manipulate on a large scale (especially from outsiders. i.e. not the government itself). If there is confirmed fraud on an online system (for example, more votes than citizens). All votes are invalid and should be redone. In regular voting only the affected district should be redone.

Also, it's nearly impossible to check if someone isn't forced to vote for someone. In most countries, you're forced to vote alone in some kind of box where you have privacy. Nobody can force you to vote for a candidate or check what you have done in the box. There could be someone with a gun on your head when you vote on your computer at home.

Regarding anonymous votes, I think (technically) it's not too hard to limit every person to one vote, but don't log the relationship between the voter and the vote itself. Check if the voter already voted? If not, his vote with only the information of who he voted for will be sent to the server. – Zure – 2018-02-01T11:59:43.700

2There is no problem to technically realise this indeed. The problem is that we as citizens cannot be sure it's programmed this way. In regular voting, it's clear that your identity is protected, you put your voting paper in a box with all other papers. – Mathias Maes – 2018-02-01T12:10:29.283

It is realizable by posting the code publicly and enforcing that it's the actual code used. For example private & verifiable voting has been implemented in Ethereum http://fc17.ifca.ai/preproceedings/paper_80.pdf . The caveat is that it scales really badly at O(n^2) and requires 100% participation. But more advances might be made...

– csiz – 2018-02-01T14:31:54.037

5

The main two problems are security-related.

### Auditability

Auditability (that is, the ability to recount votes when results get challenged) is the most important problem by far for elections that matter.

With physical ballots, you can always recount the results; and, in theory at least, the ballots get stored for years. With electronic votes, any amount of tampering could theoretically happen to the votes. Or, as happened recently in the US, the votes could get deleted.

You can use techs like blockchain to reduce the risk of tampering with individual bulletins, but even that offers little protection if bulletins get tampered with wholesale - e.g. on the fly as they are cast, or by overwriting all votes before the counting.

In practice the only real protection is printing the electronic ballot and having the voter vet and physically cast it. You can then use the electronic votes to compute the results. And if the result gets challenged, you can always resort to counting the physical ballots manually.

### Anonymity

Anonymity has multiple underlying problems that relate to preventing people from voting more than once. The latter is easy enough in theory: maintain a list of people who already voted, and prevent them from voting twice.

In practice it's less simple. At the physical level, timestamps can get in the way of perfect anonymity if the user-related tokens themselves aren't anonymous as well - but then you also need to figure out how to securely and anonymously deliver the token.

Also, you might want to allow voters to be able to change their votes just in case. Because they might want to correct a mistake, for instance. Or, like in Estonia, because you might want a voter to be able to verify that what they've voted is what's registered in the system.

In theory you could use a cryptographically secure one-way hashing algorithm to guarantee anonymity here, but that still leaves the door open to tampering - e.g. by hacking voting devices so it confirms you've voted on X while actually casting a vote on Y.

Note that, in practice, physical votes aren't a panacea either. Horror stories include:

• Ballot stuffing, e.g. when a ballot box is left behind during a (fake) fire emergency.
• Ballot theft, e.g. by intercepting votes sent by snail mail, by making a ballot box disappear, etc.
• Irregular votes, e.g. when someone votes for you using a fake ID (or indeed no ID at all, in countries where there's no such a thing), or when dead voters are mysteriously casting votes.

It's arguably difficult to scale any of this when physical ballots are involved, but the point here is that physical ballots aren't a silver bullet. Electronic voting, for all its problems, is not without merits in this sense.

As one who worked a bit in the field, I expect that what will triumph in the end is a combination of the two as hinted further up: electronic votes backed with physical ballots. It gives you the best of both worlds: quick counts and auditability. (It might simply take the shape of a sophisticated enough ballot counting machine.)

The last mentioned drawback of paper ballots affects digital ballots in exactly the same way since the problem lies in the method of authentication. In practice both digital and remote authentication carry additional challenges compared to manual and local authentication. – David Foerster – 2018-02-01T12:58:14.657

@DavidFoerster: Precisely. What I was trying to convey is that offline voting and electronic voting suffer from mostly the same problems. The only real difference between the two is the potential ease or difficulty of scaling an attack. – Denis de Bernardy – 2018-02-01T13:23:58.970

2

Transparency is one of the biggest arguments against online voting.

The more complicated the process by which votes are represented, the more expert knowledge you need to be able to trace the "route" necessary to transform the voters will into something countable and then into the actual result.

When you vote on paper you can "just" count - the "route" taken is physical, i.e. you can monitor the paper trail, it does not take much expert knowledge.

Whereas if you let people vote online, that puts more responsibility in terms of data security into the hands of the voter (which might be perceived as positive), but knowledge about how votes will be counted or how you would go about verifying that the voting process was not corrupted, requires more than just basic computer knowledge.

(1) While I can see an argument for the average non-IT layman agreeing with what you said, I'm hardpressed to agree with the assertion that humans are less prone to error than machines, in regards to counting votes. (2) how you would go about verifying that the voting process was not corrupted, requires more than just basic computer knowledge Knowing how a manual count is done (and knowing whether it was done correctly) also requires more than the basic skill of filling in a ballot. I don't quite understand what you're trying to point out. – Flater – 2018-02-01T10:41:07.533

@Flater 1) Less error prone was not my point, from where did you get that? 2) Understanding how the counting works for online voting and understanding it FULLY involves not only knowledge of cryptography, but also all other protocols involved in traffic and you still cannot vouch for the hardware the software runs on. If you want to fully understand how your mark on a paper gets to be counted in the results, just follow the paper. You do not need to know several pretty technical protocols and the medium (pen and paper) can be understood by pretty much everyone that went to elementary school. – DrCopyPaste – 2018-02-01T10:59:53.583

You're grossly oversimplifying. The manual counting process is not found on the ballot. Following the paper gets you nowhere. Someone counts the papers in their box, reports that number to their local head of office, who then contacts a regional head, etc... The counting process is a system, not a piece of paper. Even if they write the totals on paper every step of the way, that is not a guarantee that the system was applied correctly. Secondly, cryptography has nothing to do with the counting system. Cryptography is related to the security. Completely different. – Flater – 2018-02-01T11:05:05.487

How does it get me nowhere? I can sit infront of the ballot while voting is legal (e.g. 8am to 8pm) I can sit there and verify that only people who were allowed to vote handed in their vote. How would I ensure that with as low a technical expertise as possible if the vote was not physical? – DrCopyPaste – 2018-02-01T11:09:42.813

I pointed to verifying that the voting process was not corrupted, not only the counting, and security is part of the voting process. (Which obiously has to somehow be related to the counting process, if it weren't what would be the point? I of course assume we still want to vote anonymously) – DrCopyPaste – 2018-02-01T11:12:15.130

2

Drawbacks :

• User identity protection.
• Hacks to tamper the data.
• force voting

solution to drawbacks :

use bitcoin's base technology blockchain to secure the user identity. Most importantly it will be tamper proof. Main challenge here will be design the right architecture and flow. for force voting allow the voting duration for say 10 days and within that duration allow user to change their vote.

1How does that answer the question? "what are the principle drawbacks of online voting?" – DrCopyPaste – 2018-02-01T10:22:48.510

right. updated it . – Abhijit Gujar – 2018-02-01T10:27:00.030

1how would a public ledger solve the problem of user identity protection, i.e. anonymity? – Federico – 2018-02-01T12:03:54.157

2

One aspect easily overseen is that secret voting not only means "no one can observe my vote against my will", but also "no one can observe my vote even if I want to". Mail voting aside, this is an extremely important concept of traditional votes, as it makes it nearly impossibly to buy or blackmail votes. If someone gives me \$100 for my vote, how could I prove I voted for him? I am not allowed to share my vote with someone. In online voting, it's more like mail voting, which can only be tolerated for that reason if it's only a fraction of the votes.