You can’t
Discussion
Can't and wont is two different things Semisol
You simply can’t at a large scale. In an online environment the threat vectors are much larger (the entire internet) and malware is near impossible to detect.
I think one can not make it 100% tamper proof. But it is possible to make tampering very resource intensive.
Having fully opensource clients to vote, have voting credentials expire after some time.
Push thread actors to the client side and protect the server side with high protection levels.
The client is weaker than the server.
True. Still one can make it hard to tamper it now with the Security Chips getting normalized inlnew hardware.
Before the security chip it is probably unlikely.
security chips are not a magic bullet, and it is not hard for a state actor to mass-phish or spread malware on user devices, especially Android and Windows due to their less restrictive design
Do you have proof of this? Or you just assume that massphishing is easy to do?
You can make something that every voter can check what they voted. So they can see, when a threat actor voted against their wil.
With the rise of AI, it would be much easier.
There are also nation states with 0-days and those can be problematic:
Yes AI is defnitly a great threat, since the human factor does probably not improve fast enough.
I still think digital voting will be a thing in the future. I can almost not imagine that it could also not come.
One could even develop a opensource verifier hardware, which has to be used for voting.
So one specificly developed piece of hardware and software, that serves as security infrastructure to vote electronically.
The simplest solution is airgapped voting booths, that do digital signatures + counting. This is a much more secure system (still has an attack surface) as you have a dedicated hardware and you could have each person’s ID card digitally sign votes.
Real time voting results require internet access + could harm anonymity (you could narrow down which voters voted at which time, and the changes in count)
Yes. I would not say that real time results are something of importance. I just say electronic voting. Results can still be updated only after certain time.
It would only matter to me, that it is reasonably secure, a free option to choose and still deliver an anonymous vote, where only the voter can make sure what he voted.