Internet voting is insecure and should not be used in public elections

Original Article ↗ Hacker News Discussion ↗

Paper-based voting and international practice

  • Many commenters praise pencil-and-paper systems (Australia, Canada, UK, Spain, Mexico, parts of US) as scalable, auditable, and socially trusted.
  • Key strengths cited: simple rules, human-visible ballots, multi‑party scrutineers, and transparent chain of custody. Fraud tends to be local and noisy rather than silent and systemic.
  • Examples:
    • Australia: compulsory in‑person voting, paper ballots, central but independent electoral commissions, scrutineers from all parties, machine assistance only for counting.
    • Mexico/Spain/UK: local counting by community volunteers under party observation, results posted publicly at each precinct.
    • Brazil: long‑running electronic machines defended as layered and audited, but others distrust them as opaque Linux PCs without a paper trail.

Mail-in voting and coercion

  • Supporters: increases participation, especially for busy or disadvantaged voters; allows time to research candidates; systems link each envelope to a voter and reject duplicates; audits and signature checks exist.
  • Critics: easier household coercion (family, bosses), potential for ballot harvesting, filling ballots for incapacitated people, delayed counting windows that fuel suspicion. Some argue large‑scale fraud is logistically hard and would show up in data; others see the design as inherently “open to abuse.”

Secret ballot, receipts, and cryptographic schemes

  • Strong agreement that voters must not be able to prove how they voted to others, to block vote‑buying and intimidation (domestic abuse, employers, authoritarian regimes).
  • This conflicts with demands for per‑voter verifiable receipts. Several cryptographic systems (Prêt à Voter, Scantegrity, Benaloh challenges, Belenios, blockchain ideas) are discussed.
  • Proponents say they can give end‑to‑end verifiability and sometimes “fakeable” receipts; skeptics highlight usability, implementation risk, and the public’s inability to audit advanced crypto.

Internet voting vs other online systems

  • Core argument aligning with the article: internet voting compounds threats—malware on client devices, server compromise, large‑scale, silent manipulation, and opaque processes the average voter cannot understand.
  • Banking/passports are seen as poor analogies:
    • Financial/ID systems are not anonymous and are reversible/insurable; elections are anonymous and effectively irreversible.
    • Hacks and fraud in banking are frequent yet reparable; a single compromised national election is not.
  • Some insist a secure online system is technically possible, but many argue the larger problem is trust and explainability, not pure cryptography.

Electronic tabulation and audits

  • Distinction is drawn between internet voting and precinct optical scan / ballot‑marking devices.
  • Favored model: hand‑marked paper ballots, precinct scanners for speed, retained paper for recounts, and risk‑limiting audits comparing random samples to electronic tallies.
  • Others want full hand counts for maximum transparency, but concerns are raised about human error and scale.

Voter ID, access, and suppression

  • Debate over voter ID: some see photo ID as basic integrity; others note unequal ID access and historical US voter suppression.
  • Consensus among critics: if ID is required, it must be free, easy, and universally accessible, otherwise it functions as de facto disenfranchisement.
  • Physical polling logistics (location, hours, lines, holidays) are highlighted as powerful levers for either inclusion or suppression.

Trust, politics, and perception

  • Recurrent theme: the central property of an election system is not speed but broad, cross‑partisan trust.
  • Several note that in the US, partisan narratives already delegitimize results; no technical system, especially internet‑based, will convince those primed to see fraud.
  • Paper systems with visible, local counting and multi‑party observers are seen as best able to withstand both real attacks and bad‑faith allegations.