This RI is intended to enlighten anyone who is not privy to the fact that electronic voting is a terrible system. If you don't feel like reading this, watch this video, which is very accessible to laymen. It probably makes a better job than me explaining it.

My hope is that you will share these sentiments, and hopefully become vocal enough on the issue to delegitimize the terrible, awful idea of electronic voting in any form (whether it be electronic ballots, or, shudder, online voting)

This was reminded to me when I read this story of an employing hacking a random number generator in lottery machines a hack which passed a full source code audit. The cheater was caught being an idiot (eg. buying a 16.5 million dollar ticket himself on security footage).

There is no scenario in the current information security climate where electronic voting can be a good system. This is because attacks on electronic voting systems are inherently scalable (whereas attacks on paper ballot voting systems are not). We are exposing ourselves to a low probability event which can have devastating impact (whether it be producing false results for an election, ruining an election, or delegitimizing the voting process).

Remember the scandal around the 2000 Bush election in Florida? Imagine the entire country being forced to re-vote. This is one of the less terrible possible outcomes of a successful attack on an electronic voting system.

And remember: many successful attack scale across the system.

But how difficult is it to make a succesful attack on such a system, /u/VodkaHaze? Well I'm glad you asked.

When we are talking about the stakes of an election which can motivate trillions of dollars to go one way or another, you will attract the attention of people who are very serious about getting their way. For example, an undisclosed agency created a virus which infected 100,000 personal computers, to be transmitted to a programmable logic controller and stop it under certain conditions. This was done to ruin Iran's nuclear program, successfully.

This is the kind of sophistication we are talking about at this level.

First of all, the source code. Making source code that passes rigorous audits and yet is able to produce malicious behavior on command is a thing. This is exemplified in the lottery story above, and is an annual competition. Even if the code for electronic voting was open source (which it never is), we would have a hard time making it a probably secure system. Of course, I shouldn't have to explain why closed source code and third party private audits are an even worse idea.

Second, the counting. For the votes to be counted, they have to be transmitted from the voting machine to a database of some sort. You could count the votes by hand on each machine, effectively treating each machine as a (much less secure) ballot box.

The votes could be transmitted over the internet, which is often the case. In this scenario the voting is open game to any sort of man-in-the-middle attack. Also, that implies there is presumably an IP address out there which links to a network containing a database with all the votes in an area (or even country), which should make you uncomfortable.

Given the possible costs of an election being successfully attacked, there is no current implementation of electronic voting where the costs of such a system do not outweigh the possible (and meager) benefits.

Hopefully this was of use to some of you.