Hmm what if you are monitored, given a paper and then checked that you don't have any extra on body? Seems like entirely possible via violence or blackmail to gain some votes...
This seems like a pretty ludicrous threat to make. You could just submit a blank ballot or vote for the opposing party and your hostage-taker would have no way of knowing.
Or coercion. If at any point your vote can be known, there is very high risk that someone forces you to vote like they want.
Only way to prevent this is total anonymity of which vote was by which person.
In France a strategy that was successfully used a while ago to cast extra votes undetected was to use dead people identities. Maybe something similar could be implemented in the UK, even more easily if no identity proof is required :)
There is nothing stopping those now as you could just have someone do the same for mail in votes. Also, if someone is threatening you they could also be forcing you to pull money out of an ATM or commit murder for them. It sounds mostly like a strawman argument. Being able to verify your vote counted as intended is IMO way more important than the possibility that someone is blackmailing you and that has also stole a hash or digital signature to check your vote.
I don't know how to make it work with in person ID verification. They could just give you a faked UUID. I'd put it on the ballots when they're generated, so it was just as untraceable as the ballot itself.
My assumptions are that 1) individual votes have almost no value on their own, so coercion or vote selling should be limited by low appeal, and 2) we still have a justice system, if someone forces you to vote a certain way, report it. Buying any significant number of votes would be exceedingly difficult to keep secret. Especially given how little compensation could be offered for them.
Those are problems with all voting systems. In the current system someone could Threaten/Bribe you to take a selfie with your ballet after it has been filled out.
(I fraudulently voted as someone else a long time back and he voted as me, as part of a bet on whether this was possible. Nothing stopped us, there was no ID check, no security, no one found out.)
They'd have to publish the ledger in real time and/or instantly show how those 10 to 20 voters voted, to the voter, for this to be effective. Otherwise whoever is paying or blackmailing that voter can ask the voter to mark their id and hand or transmit it to them immediately. They can later verify that the vote was given to the right choice once the ledger is published and take appropriate action for or against the voter. Voter cannot easily fake their choice, and in the case of blackmail, consequences for bad luck can be bad.
Edit: If you do show all 20 votes, you'd have to have votes for all candidates on them.
Also if someone is trying to manipulate a bunch of votes, they'd run into dupes and know one is lying.
Unfortunately this enables someone to coerce or bribe you into voting for a certain candidate, since the coercer would be able to demand to see your receipt and verify you complied.
If there are enough candidates, you can encode a unique ID in the pattern of your individual votes to prove who you are to somebody reading anonymous ballot papers. I've heard this is possible in Australia with a huge list of candidates and multiple votes.
Coercion by threat is only part of the problem; the bigger risk is buying votes. The threat of prosecution can be dodged by taking offers "off-grid", farming it out to people on the street who have no official connection to the campaign. And to those who are cynical about politics and/or struggling to make ends meet, getting paid for your vote would be mighty tempting.
I do believe secure and secret electronic voting is possible, but I have little faith in the current government-industrial complex to give a shit about getting it right. At least paper voting works, and has a lot of eyeballs on it to prevent fraud.
Vote selling/blackmail is possible by taking a picture of your ballot while in the voting booth. One way to reduce that threat is to allow people to create as many ballots as they want while in the booth.
And to restrict people from using their cameras while voting, so there's no way to connect it with the ballot actually deposited. (Yes, they can start recording while in the booth, but what happens before/after the recording period.)
At least two obvious ways to hack your proposed system. Hackers could just add phony UUID/vote pairs to the totals. Activists could claim their vote was stolen if their preferred candidate loses.
(We already saw a variant of the latter in 2000. Remember "I couldn't follow the arrow and accidentally voted buchanan"?).
Further, if a person's vote is verifiable, it also opens the door to paying people for their votes.
reply