Obama would win even with the handicap of not having New Jersey so it's not worth anything.

So we're talking a blue light special?

Mostly. Scores below 5.0 are reserved for trolls of people that are too easy to troll, and therefore shouldn't count.

Not everyone CAN get to New Jersey and there's another computer security concept here.

When you have voting booths, your client machines (the voting machines) are trusted clients. This enables a whole lot of security procedures that would be utterly impossible with untrusted clients, which in the case of email voting, would be anyone's email address. I don't have time to go into a ton of details here but suffice to say that the security advantages of electronic voting booths vs online voting is tremendous.

Very small changes in who has access to a system can dramatically affect the security of something.

Admittedly it's not quite as outrageous as it sounds; you can request an absentee ballot via email and then send it back by email, but you have to print out a copy and mail it in also, so it's not really that different from absentee ballots (they do their overseas ones this way apparently). It's just, well, rather more of them...

The general consensus in the RIT networking & information security department is that e-mail voting is a stupid and horrible idea that should never be tried.

Okay. I'll defer to the experts on this just as I would defer to the experts on things like climate change.

If you pay attention to climatologists on what they know about, which is climatology, and not what they know nothing about, i.e. public policy, then you can learn a lot from them.

E-mail voting would only be reasonable if everyone had some kind of government issued PGP key or something. I'd have to think about how that would work but even then, bleeeech.

That would be awesome, until someone hacked the government PGP Key Repository.

Well, no, not exactly.

The way online voting would work, properly, is you get a copy of voting software from the government, preferably in person on a CD or something. When you pick up the CD you show your driver's license or something, and get a personal voting code. Then that software generates a public-private key pair. The public key is sent to the government. You enter your name, your personal voting code, and other relatively confidential information like your driver's license number, social security number, birth date, birth place, etc. into the application and it sends that data, encrypted, to the government voting server. It checks that information against your name and boom! You're authenticated. Then it lets you vote. All of this stuff is encrypted with the public-private key pair.

If you want it to be fully online there's other stuff you could do to authenticate but I don't think there's a way of making it as inherently secure.

I figure you get your special voting code when you register to vote.

edit: okay so to answer Snoopy's comment properly (which this post doesn't do), the reason hacking the government PGP thing wouldn't do anything is that it would only be storing public keys. The fundamental problem of course with the government handing out public/private key pairs is that doing that securely over the internet without an existing crypto system isn't really possible. The risk of the private key being intercepted is actually really huge, given the number of people who use unsecured or weakly secured wireless networks.

LMAO, no. Picking up and installing something is a non starter.

Of course it's a non-starter. But that's how I would do it, because in my mind it's the proper way of doing things

I don't want to think about how to actually do this entirely electronically. Also that system I described has some duplicate security factors which don't add much value.

Haha, you have a lot more faith in the government doing this properly than I do, hence my post. I fully understand how PGP works, but I don't believe the government would actually do it properly. For one, they probably wouldn't let you generate your private key yourself at home - you'd probably be assigned one. Hence where the database comes in.

Okay actually I don't know what I was thinking with the whole CD thing because you'd just use SSL.

And yes it's a virtual guarantee that the government would **** it up somehow.

Come to think of it, actually mailing you a PGP key, like through snail mail, would probably not be less secure than our current absentee ballot system in most states.

The way to stop vote fraud is for all votes to be made publicly via YouTube videos.