Comment Re:You can't win... (Score 1) 136
And either could be worked around.
Online voting, for utmost security.
Each voter gets a specialized browser install based on a normal browser with few key differences:
- Cache is flushed every 60seconds
- Only 1 SSL key is accepted
- Only 1 host with which communication is accepted
- All communication over HTTPS only
Then the webservice portion, and i'm basing this how things work in Finland. Here you can authenticate with your real life details using your bank account details.
So you login via your bank, which requires 2-factor authentication (password + rotating PIN).
Add RSA dongle which is given personally to every single voter (cost 10-20€ per voter)
So you have many forms of authentication before you are able to login to make absolutely certain you are who you say you are.
Absentee voting is not allowed. Only the voting right holder is allowed to vote.
Then just have a normal online poll type of solution, but with extra information, and extra steps to ensure the voter has given some thought to it.
Allow semi-anonymous commenting by different voters, ie. every voter is given a random "voter id"
In database the votes are saved by voter id.
the voter id to real life information data is only viewable for very precisely vetted small group of people, to basicly ensure every one is voting for themselves only, and everything is technically working.
Every one else will not see the actual identities, unless a voter expressly wants to reveal that (ie.in a comment has revealed his personality). A voter can be given a new pseudo-anonymous voter id at request as well.
Allow absolutely no one to log in as someone else. Databases are fully transactional only -> no modifying records directly etc. every single action against the database is logged. that way this database can be append only, and a cache database which can be at any time be rebuilt by following the log.
So this can be in extreme cases still traced to a specific voter, but i don't see why that is needed at all.
The biggest problem will be the people involved in this system, without making it technically impossible to manipulate the voting data even by administrators it will not be a sound system. Even government itself shouldn't be able to trace pseudo-anonymous voter id to voter at will and especially not in mass.