(Original post by CoffeeGeek)
Because it's not safe and it's very easy to rig an online ballot. I'm not quite sure where you're getting this from but it seems you're misinformed because paper ballots are more secure than online ballots.
My information mainly comes from working as a Technical Architect for a fortune 500 company. An online election run over a week with even a semi-competent dev team would be safe enough for this kind of election. The only real danger would come from social hacking or sabotage, nothing to do with the software.
(Original post by ns_2)
Regardless, my first point still stands - if someone has the conviction to vote in a ballot, they should also have the conviction to do so in person - and Tom Scott made an excellent video (which someone has already referenced) on the Computerphile channel on the issues with online voting; all of which could occur - with simple code injection into any website's underlying code, and someone could simply use other people's details to vote before they do so; altering the vote.
Electronic voting systems can be cheaper, more efficient and safer. It does also make it more accessible which I think is a good thing, but I think right-leaning people have a tendency to think life should be kept as hard as possible for trade unions to operate but easier for business to operate so I doubt I'll win that argument today.
The security fears shouldn't be an issue for people though. I've watched the video but most of his points are either irrelevant or miss the point. I'll try to address a few of the concerns from that video.
1: This would not be for a general election, so the stakes are lower. This means there is nowhere near as much financial or political gain to come from sabotaging it.Nobody would use opensource software for this, mainly for the reasons he mentions. It just wouldn't be needed 99% of the time. A medium-large dev team working with a Waterfall framework would work best. The only real security issue here is the one he mentions, trusting the people who design and load the software. You do that in the same way that we trust people to take our votes away, oversight. The code would be worked on by about 50-100 people, but getting one of those to sabotage it wouldn't be enough. You would need large groups of people across different areas of the waterfall to be complicit as they would need to review each others code. All of this is fairly standard practice anyway, you just sharpen things up because it involves a minor election.
2: He mentions how this issue is resolved himself. I would add in that in a real system where it is peoples personal computers doing the voting that all the security is actually on that part of the exchange. Once the vote has been received and validated by the server everything will be encrypted and run over secure connections as standard.
3: This is the part of the system we are actually talking about here. As I mentioned, all of these things are true, except in this case time is not the issue. Time is the real problem for programs. Firstly because dependencies get updated and changed, and updates to your own system can introduce unexpected bugs, especially when a new team works on that code, and secondly because any encryption can be broken with a brute force attack given enough time. In this case, a basic 64bit encryption would take longer to be cracked than the election would last.
The only valid security flaw is in social engineering and sabotage, but as I've shown this would be basically impossible, especially given the relatively low significance of the elections in question.