Hacker News new | past | comments | ask | show | jobs | submit login

I just look at the state of internet "security" and that tells me all I need to know.



Can I assume you also have the expertise to comment on the physical security of current voting systems by comparison as well?


Yes, you can. Current voting systems are completely open to the public and simple enough for the average person to understand.


Exactly.

Most arguments given against online voting systems are equally valid arguments against in-person voting and especially against mail-in ballots.

Those arguments are the red herrings.


Not really. Whilst paper voting fraud is definitely possible - maybe even easier than online fraud - in an election, paper ballots are distributed across an entire country. They require "hacking" 1000's of people in order to corrupt a national vote. Computer hacking just requires breaking the security of one application.


You can't bribe open source.

I find it hard to believe that a modern identity infrastructure (which we don't have, admittedly) combined with basic cryptography can't get us where we need to be.

We might not be able to cryptographically prove anonymity, but all it takes is trusting the government to anonymize the data correctly and make it secure in transport.


> trusting the government to anonymize the data correctly and make it secure in transport

Large banks don't always succeed at that. The government makes huge mistakes all the time. What makes you think this is possible?

The issue is that perfect security is impossible either with physical or digital voting. All we can do is minimize the consequences of an inevitable mistake or breach.


You can still hack open source though. Some of the highest profile security projects like openssl get hacked. Sometimes it just takes a simple misconfiguration to get hacked, like with Debian a few years ago.

The point is, computers provide a single point of failure. Bribing enough of a country's electoral officials to shift a vote without being detected is immensely more difficult in comparison to finding a zero-day in some voting software.

The only guarantee that open source provides, is that we'll probably find the bug eventually. A malicious state actor that wants to influence an election has absolutely no incentive to let people know that they've found a vulnerability with any sense of alacrity.


> all it takes is trusting the government to [...]

Wait, what? All the system requires is trusting the incumbent government with the security of our vote?!

And the fourth Reich lasted forever.


The problem is harder than it sounds when you're talking about something as high-value as a national election (especially in the US).

Have you read "Reflections on Trusting Trust"?


Yes. And the recent paper on backdooring CPUs by adding individual transistors.

You have to make some higher level assumptions in practice or you won't get anywhere.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: