Excellent! It used to be that the tech community was the most vocal against any scheme to increase the use of tech in voting. That consensus seems to have weakened.
So to all the blockchain-proponents etc: remember that it’s not enough for elections to just be safe. They also need to be safe in a way that is obvious to non-cryptographers.
Many countries run elections on paper ballots and with public ally-observeable counting of votes. They do so in rural communities as well as cities with millions of voters. They rarely see voters waiting in line for more than a few minutes. And the costs are neglible in the grand scheme of things.
That is the gold standard for elections, and it’s actually damn easy to achieve.
> Excellent! It used to be that the tech community was the most vocal against any scheme to increase the use of tech in voting. That consensus seems to have weakened.
How? Here's the main conclusion from the report
> The monitoring group came into the conclusion that online voting should not be introduced in general elections, because the risks involved are greater than the benefits.
I was commenting on the impression I get from reading comments here, on Twitter, blog posts etc. When the topic used to come up, for example in response to the Florida fiasco in the election of 2000, the response was almost universally negative. That seems to have changed somewhat, with many more people willing to advocate complicated technical solutions.
This report, and others by professional organizations like the EFF still follow the old consensus, possibly because they are run by people socialized in that environment. But I’m worried what such reports will say in 2030 if the arguments I made above are not universally understood.
> Excellent! It used to be that the tech community was the most vocal against any scheme to increase the use of tech in voting. That consensus seems to have weakened.
What is excellent about this? Paper ballots, with multi-party observers are incredibly secure, auditable, and transparently fair ways of running an election.
Yes, you can have shitty ballot designs, and insane voting machines (Florida, 2000), and your entire electoral process may be infiltrated by Reptilians, who take the ballot boxes out into the woods, to use for kindling, but the same can be said for electronic devices. The UX, and security procedures for the Canadian elctions I have voted in was very simple.
Shade in the circle by the name of the candidate you want to vote for. Fold your ballot. Drop it in a box. At the end of the night, the box is opened, and the ballots get counted. There are eyes on the ballot box, for the entire duration of the process.
Adding a closed-source, opaque electronic voting machine to this process solves a non-problem that nobody has.
An alternative: Mark ballot, feed to scanner, which either
successfully scans a ballot, or returns it to the voter
to be re-marked (modulo write-in votes, see link). The scan
is the fast & easy result, and the paper ballot can be the
separate source of a reproducible result.
Also a note for international HN readers - elections
in the USA often have 20+ races on the same ballot -
we really like elective offices - and that makes
hand counting more difficult.
That's a complimentary tool, not an alternative. Most election integrity activists / experts are fine with precinct-based opscans used to tabulate paper ballots the moment the polls close.
The nice thing about scanning either by the voter or while the voter is present is that spoiled ballots - by stray, faint, or partial marks, or overvoting for too many multiple candidates -
are reduced to near zero, and are replaced by
fresh voter-marked ballots, which simplifies all later
tabulation, and reduces confusion and challenges about
mis-marked ballots, thus increasing voter confidence in
the whole election process.
Anyone who is interested in election processes should
volunteer to work an election, either helping operate a
polling place, or as a poll watcher, or similar. This
is one of those areas that looks simple, but has a lot
of difficult edge and corner cases. I've been a poll
worker and a registrar of voters, and it is not as simple
as most people would think.
+1 Emphatic agreement that everyone should work the polls a few times. A lot the silly rhetoric would be quickly mooted if the belligerents had direct experience.
Sorry to pendant, because I know you already know this: some jurisdictions have (selectively) disabled the second chance feature for spoiled (or unreadable) ballots, effectively disenfranchising voters.
Until recently, we opponents have been the vocal minority. Shouted down, arrested, ignored.
One newspaper called me "a sweaty paranoid kook" for having the audacity to explain, citing the procedures and rules, how central count works.
Even today, you'll still see some yahoos pitching Chaum or RSA or Pret-a-Vote (?) based whackadoodle solutions. Completely divorced from how real world election administration works. But someday Tinkerbell will fly, if we all just clap hard enough, so stop interrupting with physics, logic, experience, thank you very much.
The crew that played the long game, and moved the needle, are the various members of the Election Verification Network. Unlike me, who burned out early.
Observation of vote counts is only a 1 to 1 relationship. You can't know if the whole election at scale is safe based on watching one person count votes. Perhaps it might feel safe to some, but that doesn't mean it is.
Moreover, physical observation doesn't scale. Only a handful of people can observe due to the physical limitations of meatspace. A simple attack could be to "DDoS" the count observations by crowding them out with your agents.
In my country, there are 50,000 polling stations [1] and the ruling party has 100,000 members [2].
The polling stations are open 7am-10pm, so 15 hours, before being driven to a central location for counting.
Thus, many polling stations don't have observers from the party at all - let alone the 2-4 observers needed to keep a constant watch from the first vote to the count.
Polling stations aren't where the count happens, the ballot boxes are pooled at one site per constituency and counted there.
This is particularly noticeable at the spread-out constituencies like Na h-Eileanan an Iar, where the count has to wait for ballot boxes to arrive by boat or, if the budget is available, helicopter.
The ballot papers themselves are traceable, so if you're going to stuff the box you need to add the relevant number of ballots to the record and fake their issue to particular voters.
They're also in the custody of ballot officials; in the UK this is one area where I genuinely trust the ability of those people making up the system to operate genuinely according to the rules. We've even managed to hold fair elections in occupied Belfast.
Switching to e-voting would turn the whole thing over to known insecure consumer PCs and known suspect contractors like Diebold and Capita, all of whom I trust about as far as I can throw them; I trust the small army of ordinary people who make the paper count happen far more.
Maybe next election I'll volunteer as an observer.
The paper solution is not ridiculous, it's perfectly workable.
The electronic solution is the one where malicious actors can substitute key parts of the process and things may be vulnerable to attacks that nobody has thought of (Meltdown/Spectre passim).
You would presumably have to compromise a lot of ballot boxes in order to influence an election. This would require a coordinated conspiracy potentially involving thousands of people.
If you can pull that off you might as well say fuck it and take over the country with force.
There are currently 20 political parties in parliament representing vast ideological differences. They couldn't even agree on what pizza to order if their life depended on it lol.
the observers at polling places are not highly ranked party members making deals in smoky rooms. they're almost certainly residents of the tiny area being polled, or the polity conducting the count.
certainly shady deals between a couple of folks at the tops of parties is a possibility, but collusion between the thousands or tens of thousands of local volunteers of both parties?
You don't even know how votes are counted yet you're trying to argue about the subject. Guess what, you can't DDoS polling stations with your "agents" and competing parties do not collude. Collude to do what? Lose the election? This isn't a joke.
Each polling place only has about a thousand votes, making it a process that I can easily audit completely. The results for each polling place are reported online, so I can check a part of the process from beginning to end. If you have just ten people or so, each auditing one random polling station, you can easily get to a statistically meaningful assurance of the election’s integrity.
> it’s not enough for elections to just be safe. They also need to be safe in a way that is obvious to non-cryptographers
Not as much so in nations where people generally trust experts and government officials, and where conspiracy theories are mostly on the fringe (i.e. not the U.S.). Although I agree that it's preferable if non-techies can understand the mechanisms, and the downside of paper ballots plus mail-in is already pretty small.
Although I trust experts and, for the most part, the government, I see that sort of trust breaking in the society I live in (Germany), as well as others I follow (the US, Britain). The power of taking a conspiracy-minded neighbor to witness a transparent process to count the votes is breathtaking, and even a description of the process is a powerful argument.
It’s a really easy call in this debate, because the downsides of the process are neglible: the paper and pen process in my country produces results just as fast as what I see in the US.
Among the only substantive arguments I can think of is that US elections have a lot more items up for vote (ballot initiatives and the proverbial dog catchers), which makes hand-counting more cumbersome.
> Not as much so in nations where people generally trust experts and government officials
The election is where that trust is anchored at. Whether people trust the current government can change. If trust in the election result and thus trust in the next government's legitimacy depends on trust in the current government, you have no safe way out of a situation where trust in the current government is gone--which ultimately is the reason we have elections in the first place: As long as everyone is content with the current government, you don't really need elections at all. The whole point of having elections is that you can change a government that you don't trust, should the need arise.
I'm not advocating for e-voting because they don't seem to offer (yet) the same good qualities as regular voting.
But you need to take into account people transportation and opportunity cost (if I lose 1 hour going to vote, this time could have been directed at working, thus it cost me ten or twenty the price you just spoke about).
I'm inclined to believe many of these reports are biased and still pushing agendas, even if it is out of peoples on lack of understanding of how a blockchain solution would actually work. Largely, their inability to think creatively about technical solutions.
Current e-voting systems don't seem to offer privacy, and security.. (are they even open source ?)
But yes a distributed e-voting system based on blockchain or whatever could work and maybe much cheaper as it would only take a few minutes online to vote. The result could be that more referendums would be held more often.
Home PCs are too easily compromised for this to be really trustworthy, even if you issue all the voters with hardware tokens. It might be achievable with iPhones, but that's rather exclusive.
In other words, it's not the backend that's the worry so much as the frontend. (Leaving aside all the blockchain-specific issues)
There is no electronic voting system, real or imagined, which can guarantee both the secret ballot and the public vote count. Because there is no algorithmic equivalent to the secure one-way hash for dropping physical ballots into a ballot box.
Block chains record votes cast in order. Which correlate with the order those same ballots were issued (or received, as with postal ballots). Voila, no more secret ballot.
The proposal to fudge the time stamps (chunking, roundoff or jitter) does not work for real world USA elections. Because the smallest administrative unit is the precinct (from 0 to 1000 voters) and ballot casting is bursty (vs spread evenly over time).
How expensive? In my country, where we still use paper ballots dropped into sealed boxes, the whole budget for the election operations is less than 1€/citizen.
My only personal experience is in cities, but my home was never more than 20m on foot from my voting place. I also know that even villages with less than 300 residents have one.
We also have many thousands of voting booths, so waiting times are low. One hour is rare.
Here's an evaluation of the Estonian system (originally from 2014, I believe) by independent experts: https://estoniaevoting.org/
Money quote: "What we found alarmed us. There were staggering gaps in procedural and operational security, and the architecture of the system leaves it open to cyberattacks from foreign powers, such as Russia. These attacks could alter votes or leave election outcomes in dispute. We have confirmed these attacks in our lab — they are real threats. We urgently recommend that Estonia discontinue use of the system."
I expected some heavy vulnerabilities, but most of it is just FUD (and outdated in addition to that). But I agree that the e-voting system could be done better, with more auditing and etc.
According to some security professionals (see the link in a sibling comment) Estonia's system has vulnerabilities, but my guess is that complaints will continue to be ignored until there's concrete evidence that someone has falsified an election result.
> The monitoring group came into the conclusion that online voting should not be introduced in
general elections, because the risks involved are greater than the benefits.
I wish some countries would look carefully at this conclusion. I think I'll even send this to some "media influentiers". I think I'll send to some friends. I think I'm gonna cry a bit.
>A separate recount of votes to detect and correct mistakes that have occurred in the vote count is not possible in online voting... If a recount of votes was carried out in an online voting system, it would be based on the information produced by the system itself and would give the same result as the actual count.
It's an alluring proposition, though. The student who is just learning about computers and digital ways of doing things will see the problem of voting as 'solvable' and would be able to list a large number of advantages to an electronic voting system.
In that sense, I don't think anyone advocating electronic voting is trying to 'Change for the sake of change' (compared to, say, a police force trying to replace desktops with iPads). The naivety of it, though, is more the discussion that is being had.
One of the often cited advantage of online voting is that everyone can do it without needing to interrupt their day and thus more people would perhaps vote.
That 'advantage' might be revealing itself now as a liability now that we see what effect the lack of face-to-face time has on people, especially in political discussions.
Money transfers can be rolled back rather easily and unless that maniac has an offshore account, wants to be on the run for quite some time and get close enough to someone with enough money to actually make it worthwhile, it's hardly going to work out or be worth the trouble.
Being coerced into voting for a certain party is a whole different problem, with different actors. You're not going to run the election again when the spouse of someone pressured them into voting against their will. How would you even want to prove it had happened in the first place? There's not going to be a paper trail without giving up voter secrecy, which is yet another problem.
At least where I am from you must go and cast a vote privately alone on paper. So this can't be executed on big scale, you could only force couple people to cast a specific vote without getting kicked out or arrested.
Blockchain allows you to prove order in which some events happened and thus indirectly prove when such events happened (and in fact it is not some new technology, it is how really trusted timestamping authorities always worked).
For voting you don't need to order or timestamp anything, so blockchains are mostly irrelevant.
Well, you could take some kind of unique voter ID number and run it through a one-way hash. Then you could check your vote, verify that it was accurately recorded, and view how each vote was tallied. The current system is terrible and better solutions exist.
The current manual system works. Why is it terrible? Most results are available within 24-48 hours an electronic system may speed that up but for no appreciative benefit.
What's to stop you from selling your hashed voter ID to a vote buyer, before the tally is published?
He verifies that your hash corresponds to the vote he purchased, and pays you the money (or doesn't beat you up, fire you, etc. I'm using "sell" in the generic coercion sense)
For a paper ballot, it's much more difficult and risky to prove delivery, yet you are fairly certain it's been counted.
The grandparent proposes a perfect counting guarantee, at the cost of providing every voter and coercer a crypto proof of the ballot value, a very bad compromise.
It's easy to configure the voting booth to provide privacy for the voting itself, while making it risky to photograph the vote. You don't know the vote was actually delivered, ex. he might have gotten a fresh voting paper or punched/stamped excessive options to annul the vote. There is also an electronic evidence trail of the fraud - any caught vote seller will immediately cooperate with the authorities and rat on the ringmasters.
Real world security works on "just hard enough not to be worthwhile", not absolute guarantees.
Plenty of places make it illegal to take a photo in the voting booth (or polling station generally), and the voting booth is visible enough to election officials (albeit with your back to them and hence the ballot not directly visible) that it'd be very hard to do without arousing suspicion.
electronic devices and photographic equipment aren't even allowed in my local polling places. i had to leave a kindle outside. that is as it should be.
While paper voting being simple and reliable is valid point, what tech can bring (of course if costs, security, etc will be solved to trust it as much as we trust paper voting) much more granular voting options.
So instead of waiting for specific large event to put some question on a ballot, state could send push notification to cellphones asking to vote for specific proposition and quickly get response.
This would enable democratic process for much larger number of state projects instead of relying on elected officials and people hired by elected officials.
If we can bank online, why can't we vote online? In the clever separation of powers that most modern states have it seems like the part that determines voting procedures and election boundaries should also be separated. Otherwise the incumbents are incentived to maintain the status quo!
The report's conclusions are that there is not much to be gained by it, but significant risks. Banking online is a significant convenience, not having to go to a polling station once every four (or so) years is less of one. Also, as the report notes, the issue is mostly about legitimacy, not technology. How to you get people to feel safe that the secrecy of their ballot is kept and that the system isn't compromised and can be audited seem to be the big issues.
It seems weird that people would opt to not vote, because it's slightly convenient. Scandinavian countries have voter turn out in excess of 80%. I don't know about the rest of the Scandinavian countries, but Danish elections are always on Tuesdays, so the queues tend to get a little long after the work day ends.
It's my belief that people will vote, Americans included, if they think it matters. In Denmark fewer than 80% vote for the EU parliament, because very few actually care, even though the EU have a huge influence on our laws, it's just not clear to the public. Similarly I find it more plausible that the average non-voting American simply don't believe voting will have any real impact, rather than choice to stay home because they don't can't spare an hour every two years.
There's a number of things I personally believe the US should do before looking into online voting, if the goal is increase voter turn out. Losing the "winner take all" system for one. Having more parties represented in the congress and senate could help people feeling that they're better represented and that their votes actually matter.
A few comments about voter turn-out in the US...
1. For a large portion of the country, voting really doesn't matter. If you reside in a partisan district (heavily GOP or Demo), even if you are moderate/independent, your single vote might not matter. Since the early 2000s, the GOP has controlled many state governments and redrawn voting districts heavily in their favor. Some of these are being challenged right now (and several have been deemed unlawful by various courts), but it will take many election cycles to undo that damage.
2. In Presidential elections, #1 holds true. But, even worse, due to the electoral college, some states have outsized influence on the outcome. Voters in CA have less voting power than voters in North Dakota. This is due to each state having a minimum number of electors, but a fixed total number.
3. Even ignoring #1 and #2, at the national level, there aren't big differences between the GOP and Dem positions on the things that will impact an average person's day to day life. Elections always come down to "those guys kill babies" or "those guys like to arrest black people". This is less true at the local level, where property taxes, schools, etc actually do impact daily life, but for whatever reason, those elections are less interesting to most people.
4. Voting in the US is during work hours; it is not a holiday. Hourly wage-earners are frequently forced to forgo income to vote. The GOP deliberately understaffs polling places where possible to increase wait times and make voting as tedious as possible. They also regularly attempt to stymy voting through ID programs, misinformation campaigns, intimidation, etc.
5. 24-7 news cycle has many people worn out and frustrated with the system. There is a growing sense of "fuck it, let the whole thing burn" on both sides of the aisle.
Waiting outside on a cold night for hours[1] is more than just "slightly inconvenient," particularly if you have kids and work.
Also, if people are only voting once every 2 years, then they're still opting not to vote in a lot of elections (elections where there vote has a lot more impact).
In the U.S. it's often an intentional way to suppress the vote of certain groups (the same with voter ID laws[1]). That's the problem with efforts to increase turnout - there are plenty of people in power who want to decrease turnout because it helps them politically.
In Finland there is a period of time, before the election day, during which you can vote at all sorts of locations that have been set up in libraries, supermarkets and other locations people often visit. Pretty much the only reason not to vote is that you could not be bothered to, and I doubt online voting would help much with that.
That is certainly true. I considered mentioning it, but decided to sort of include it in the "not bothering" category, as I think it might be better to cast an empty (or otherwise invalid) vote to make sure your message is interpreted as such. A mistake, in hindsight.
If you want simplified, convenient voting there's the good old mail service for that. Nailed a decade ago or more in Switzerland. Details may differ by canton, but essentially here is how it works:
About one month before elections, or a referendum (ca. 3 times a year) you get a resealable envelope containing all voting materials.
You cast your votes and put the slips into a sealed envelope (which ensures confidentiality). Then you sign the voter eligibilty card (which also serves as the return address), stick it into the envelope in which you received the materials and drop it into the next letter box.
The materials are checked and the sealed envelopes are stored until voting day, when the votes are counted.
Inconvenience, even if you live out in the total sticks, is really no excuse for not voting in Switzerland.
Can the system be gamed? On a very small scale probably yes if you really, really want to and are really careful. Gaming it on a significant scale? i really don't see how.
The US already has problems with election integrity and parties attempting to force differential turnout. E-voting + removal of some polling stations could be a very effective way to keep poorer people from the polls.
Voting online will take away one of the biggest feature of a free and fair election: Lack of coercion. Voting must be done in a publicly visible manner (and yet, the ballot should remain secret) so that there is provably no coercion. Voting from home - will enable coercion by families, employers and goons.
> Voting must be done in a publicly visible manner (and yet, the ballot should remain secret) so that there is provably no coercion.
There can certainly be coercion even in countries that maintain secret ballots. In Russian regions, it is not unheard of for civil servants and teachers to be told by their superiors that they must vote the favoured party “or else”, and a mobile phone picture of their ballot might be demanded as proof that they did so.
Which is why it is forbidden in many countries to take such pictures. Hadn't there been a scandal with Trumps son-in-law (or son maybe) who posted a picture of his ballot?
In Germany, we have roughly this system (and I think that it is similar in US): the voting boxes are some rather tiny cardboard boxes which can be seen by the people running the election, they are rather open. You would need to be pretty sneaky to take pictures. As well, in Germany phones tend to not be able to switch off the clicking sound of the camera.
If I am able enough to tweak my stuff to take such a picture I'd be surely able enough to provide a fake picture. The attacker would need to provide the device which in turn does not scale very well. So, apart form husbands, this attack would not make much sense.
If that was to be done in scale, it'd be noticed fast. And people would ask questions quickly. That might be different for Russia, I admit. In US, no need for all that, you have electronic voting boxes, which are completely opaque to voters and counters.
So take the picture, dispose of the ballot and get a new one from the election officials. Fill the new one with your own choice, get it stamped and put it into the ballot box. A bit of a hassle to be sure, but it does not exactly derail democracy.
When a population has already lost faith in their authorities, and they think that their single vote counts for nothing and the results are probably rigged anyway, then most of them probably can’t be bothered to make the additional effort you describe.
You're already coercing people into voting your way. It'll be peanuts to coerce a person who works in the polling areas to jot down who came to ask for a ballot twice.
I also don't appreciate your arrogance in trying to shut down this discussion pre-emptively. Maybe try listening more in the future, you might discover interesting things even if they don't agree with your pre-set ideas.
The officials "represent" different different parties. They keep eye on one another, so anyone keeping a personal list of voters would probably be caught quite easily. Besides, the last time I voted, the ballots were handed out at the entrance - long before anyone wanted to know who I am.
You can be pressured still with paper voting: They can just ask you to take a picture of your voting card with your mobile phone. It's illegal but no one will notice because, guess what, you're in a private voting booth that no one should be able to see into.
There are ways to avoid being coerced when enabling online vote: have an online vote for a week, then a few days after the online vote ends, have one day of paper voting. If you were coerced during the online vote, you can still go to the paper vote later, at which point your online vote will be overwritten by the paper vote[0]. This is still not fool proof (i.e. one can force people not to go to the paper vote after coercing their online vote) but as explained above, neither is normal voting.
The real solution to the picture thing is to help forge those photos.
Create a booth where ballots aren't counted, and let people vote however they want there, and let them take pictures.
A picture then says nothing, because the coercer cannot verify the picture.
The biggest hole here is that the coercer might follow you into the polling station to see if you use the fake booth.
It's not about me checking the election, it's about the public to be able to. Our parties regularly send representatives to check.
It's like open source software. I am not able to check everything I use. But there are parts where I am capable enough to do so. For the rest I rely on others to do so.
You can't run a society without trust. It's about the ability to verify or have persons you trust to verify for you.
Honestly, postal voting already scares me from a coercion point-of-view (and this isn't entirely hypothetical: almost every election cycle we hear of people being coerced by their partners into getting postal votes because then they control their vote far more easily). I would much rather do whatever is necessary to make it possible for as close to everyone as possible to vote in person.
Because those two things are in the opposite ends of the privacy scale. Online banking works because there's a requirement that your every action is tracked, traceable and directly linkable to you as an individual. Voting require that you're confidant that your vote is counted, but in no way traceable back to you.
The hard bit of online voting is eliminating traceability of individual votes.
You can bank online because you (individual) and the bank (presumably a juridical individual) agree to it.
Online voting affects all the people at the same time. Your vote being tampered with or changed affects all the result. It is not your personal decision to vote online and it is not your personal risk.
>You can bank online because you (individual) and the bank (presumably a juridical individual) agree to it.
This is false. All banks are conducting their business electronically whether you like it or not. The global economy is run primarily on the transfer of electronic bits, not physical paper.
This comment chain originated by asking why should banks run their business online, because they are also prone to malfunctions and hacks have consequences (grave) on others.
In voting, the user needs assurance that the vote counts but is not connected to the voter. With banking, the transactions are supposed to be connected to the user. Very different cases.
This question is one of several that come up reliably in every discussion about electronic voting. The short answer is, the incentives and requirements for banking are very different.
I put a bunch of effort into explaining these issues as well as I could, and that's the result. I'm pretty happy with it and sometimes wish that it were required reading for people participating in discussions about electronic voting.
I assume that's part of your PHD thesis. Without having the time to read it in detail I admit that you've probably spent a lot more time than most here thinking about this and rather than try to repeat your many strong criticisms of purely electronic voting I'd encourage anyone else interested to read it too.
Perhaps you can enlighten me on this point:
> "Voting machines aren’t supposed to record video or keep any record that associates you with your votes, because your ballot is supposed to be secret"
Is this definitely impossible even allowing for (possibly impractical) secret-sharing schemes where you provide enough information to prove you're a valid voter and to check afterwards that your vote was counted, without giving away to anyone else how you voted?
I did. I didn't learn very much, as someone who has a casual interest in electronic voting. I think that pretty much everything he said was "this could never work because people would do it wrong". It's an important consideration, but I don't find it an ultimately convincing argument. I think that we can certainly construct an apparatus of trust based on existing ones (like banking and encrypted messaging) that would be sufficient.
We bank online and every now and then someone loses some money. It's not a big problem and banks handle it. Sometimes the bank is DDOSed. These would be unacceptable problems in voting.
> If we can bank online, why can't we vote online?
Because with online banking, all the problems - theft due to security problems, unauthorized access, the bank not giving access to an authroized user, etc, are all reversible and solvable.
With secret ballot voting, it's not. If some Martian hacker someone votes in your place, you have no recourse. If your vote gets eaten by the system, you have no proof, or recourse.
You can either relax the secret ballot restriction (Which causes a lot more problems), or use paper ballots.
> If we can bank online, why can't we vote online?
If someone breaks in to your online bank account, they can steal some money - at best it's insured and you lose nothing, at worst a single person's life savings are gone.
Now apply that to online voting. If it was in any way hacked or compromised it would throw the country in to turmoil - possibly even civil war.
The stakes are far greater for elections vs banking, so more caution is needed.
>If someone breaks in to your online bank account, they can steal some money - at best it's insured and you lose nothing, at worst a single person's life savings are gone.
You're framing this completely wrong. Hackers have the ability to break into much more than just "a single person's life savings".
So to all the blockchain-proponents etc: remember that it’s not enough for elections to just be safe. They also need to be safe in a way that is obvious to non-cryptographers.
Many countries run elections on paper ballots and with public ally-observeable counting of votes. They do so in rural communities as well as cities with millions of voters. They rarely see voters waiting in line for more than a few minutes. And the costs are neglible in the grand scheme of things.
That is the gold standard for elections, and it’s actually damn easy to achieve.