Electronic voting is an entire field of research. As with cryptography, do not come up with your own methods.
Here are some problems with your method: allows coercion (is not receipt-free), violates vote secrecy (attacker can just force voter to reveal password), allows ballot stuffing, allows partial results (no voting under equal circumstances), probably completely relies on server for "security" of passwords, salted hashing orly?, hash tied to voter by timing info, ...
There are voting schemes (the more sophisticated ones are cryptographic, but interestingly there are non-cryptographic voting schemes like Punchscan that have interesting properties) that address these. But it gets fairly complicated fairly quickly, and at some point normal voters won't be able to make sense of them. The cryptographic voting schemes also tend to get computationally unwieldy, e.g. by requiring huge mixnets.
Using interactive proofs you can know that the machine won't modify your vote, and using zero-knowledge proofs plus a distributed key you can decrypt and randomize, being certain that votes haven't been lost and without revealing whom people voted for.
Additionally with a public ledger like the blockchain, you can be certain that your vote is there (checking your signature), and when votes were cast.
Using something like colored coins you can ensure that no additional votes are created.
The problem that I do see with remote voting is that I could be right next to you when you vote and coerce you to vote for the person that I want
Natanael_L I just skimmed through it but will read it later today. I worked on a prototype earlier this year implementing the blockchain part, not secure yet, specially it doesn't implement the end-to-end encryption. Anyhow you can read about it here and there is a link to the video of the prototype https://medium.com/@jagbolanos/votosocial-org-towards-an-e-v...
Well we already have mail-in voting and coercion could happen at some shadier physical locations.
Would it be possible to add another vote that invalidates the first, but preserves anonymity? Then there's no guarantee that someone doesn't just revote.
You could make it anonymous - the unique combination of your vote, your key, and the election blockchain could produce a password unique to you. This would allow you to verify that your vote was counted, but would not allow anyone else to do so - if they coerced you, you could run your key, the blockchain, and the opposite vote and produce a different password and your attacker would be none the wiser.
But then if you find that your password has changed, how do you prove it? I don't think there's any way to prove election fraud without violating election confidentiality, even for paper ballots. How do you propose stopping election fraud with paper ballots? The current defense is merely "it is hard."
In the end of the day, my vote is signed, and any of the bailout checkers can discover who I voted for. Also, I can not total the votes and verify their result.
There are electronic means if you're a crypto-nerd, but for the general public, paper ballots suit. You know your vote is marked to your preference when you put it in the box, and no-one can make you prove it one way or the other. You should also be able to stick around (or get someone to stick around for you) and confirm that the box you used is included in the counting, should you desire to.
I've been talking with people involved in elections in Honduras and they explained a technique that is normally used for paper ballots. It's called "La Cadena" (the chain) and it works like this.
A person goes to the voting center and gets a ballot
That person goes to the booth and marks the ballot
That person skips entering their ballot and goes out
Shows the ballot to the coercer, verifying the vote
The coercer gives the ballot to the next person
The next person gets another ballot and has the previous one hidden.
That person introduces the new ballot, hides the old one and goes out.
And the chain goes on.
Apparently it's a common way to coerce votes in low income urban areas and rural areas. You only need distraction or complicity from a person from the voting table and it's hard to detect.
Another common issue is vote stuffing.
On the philosophical part, it is in the end a human problem, but with technology at least you should reduce the possibility of cheating
An interesting tactic, but that kind of coercion would also work with online voting - standover men forcing you to vote on their computer, where they can see and track you. I imagine this would be particularly effective in poorer areas with less access to computers.
Complicity is always going to be hard to work around (it's the primary fault vector of electronic voting), but it seems 'the chain' wouldn't be too difficult to detect - the standover men would have to farm the ballots from the outgoing people and get them back into the line going in (but again, complicity to look the other way...)
Vote stuffing is easy to workaround - have the ballot papers custom-marked as they're handed out.
> technology at least you should reduce the possibility of cheating
Technology also opens up lots of new avenues for cheating. It also has the problem of not being understandable by the layperson if they have to manage it in any way at all.
It's also trivially easy to defeat this. Here in Canada, your ballot has a counterfoil with a number on it. That number is only removed immediately before you deposit your vote into the ballot box. This ensures that the ballot you deposit is the same one you were given by the polling clerk.
Here are some problems with your method: allows coercion (is not receipt-free), violates vote secrecy (attacker can just force voter to reveal password), allows ballot stuffing, allows partial results (no voting under equal circumstances), probably completely relies on server for "security" of passwords, salted hashing orly?, hash tied to voter by timing info, ...
There are voting schemes (the more sophisticated ones are cryptographic, but interestingly there are non-cryptographic voting schemes like Punchscan that have interesting properties) that address these. But it gets fairly complicated fairly quickly, and at some point normal voters won't be able to make sense of them. The cryptographic voting schemes also tend to get computationally unwieldy, e.g. by requiring huge mixnets.