>Did any of you see this
>http://www.votehere.net/content/Products.asp#InternetVotingSystems
>
>that proposes to authenticate the voter by asking for his/her/its SSN#?
It looked like the idea for this part was to prevent double voting,
plus make sure that only authorized people could vote. It wasn't
necessarily SSN, it could be name/address/date of birth or whatever.
Similar to what is done when you go and vote in person.
There was also this idea of what they earnestly called a VERN, Voter
Encrypted Registration Number, which would be distributed in advance
to people who were authorized to vote. You'd provide your VERN along
with your authenticating info (DOB/SSN/whatever) to prove that you were
authorized.
Any voting system ultimately relies on real world proof like this.
Until we have a worldwide secure system of cryptographic credentials
for proving membership in various groups (like registered voters) you
aren't going to get away from this.
In something like Usenet newsgroup votes, you could still use this
but you wouldn't use SSN, you'd just use names/emails as you do now.
It's not perfectly secure against double voting but it is good enough
in most cases.
The real point of the protocol is to keep people from finding out HOW
each person voted, while assuring that the vote count is correct. There
has been a lot of work on crypto protocols for secure voting and this
appears to be what they have implemented.
Some systems in the literature involve encrypting votes in a manner such
that summing can be done with the encrypted data, without decrypting them.
Sounds like something similar is done here.
This looks like a good system although it would be nice to see more
details. It certainly sounds better than alternatives. With current
Usenet votes everyone gets to see how you voted. With this VoteHere
system you could be assured that your vote was correct (because it would
match the encryption you sent in), nobody else could see how you voted,
and yet you could be sure that the vote total was correct (by running the
sum operation on the encrypted data, and verifying that the decryption
of this is the claimed sum).
It certainly doesn't look like snake oil, rather an attempt to bring
these theoretical crypto protocols into the real world. It's always
tough to join theory and practice and so there may be some rough edges
at the interface. But it looks like the idea has significant potential.
Otherwise we're going to get "just trust us" electronic voting like some
areas are using already.
