You don't. Anything done "online" simply verifies that "some human at a keyboard" has the requisite "secret" -- but cannot verify that the correct human who should legally have the secret is indeed the one entering the secret.
I.e. Bob gives Joe his "voting secret" and now Joe can log in as "Joe" and vote his legal vote, and also log in as "Bob" and cast a second vote, all while the online system believes "Bob" is casting that second vote.
Also, if you want to maintain the secrecy of the ballot then you simply can not perform online voting, because with the machines there can always be some trail to trace between "ballot X" and "Fred" to show who cast that ballot.
Some things that come to mind: - National voter ID card. Countries like Mexico and India have this for everyone. You can’t vote without it. - Fingerprint of some sort. Either retina or fingerprint scan to verify identity. This opens up a civil liberties can of worms but we would need to secure this somehow. - I’ve read of some startups looking to us blockchain, but not sure how that would work. - I read an article about a company called Unum ID that was looking to address this problem. You sign up, give an address, they mail you a card with verification of your address to put into their app. The app then has a unique QR code that gets scanned. Similar verification setup to Nextdoor or buying ads on Facebook. They verify your identity by mailing you a unique code that needs to be entered into an app or page to verify your address and who you are.
I think the key components are, verify the address of the person, confirm it, secure/uniquely store the identity in a service.
The biggest problem we face is fraud. Double votes, voting for others, voting as dead people. California had to purge their roster after being sued for the data being inaccurate. I think 300k names were removed or asked to verify. 300k wrong voters can swing a local or state election. That’s big.
- Every citizen is issued ID that includes a hardware embedded public/private key pair. A YubiKey essentially. This step is optional, but allows ballots to be assigned remotely.
- Election commission creates and maintains their own key pair.
- Ballots are assigned remotely to eligible voters by encrypting with citizens public key, or assigned in person. Ballots themselves are key pairs, and the commission throws away the private keys after assigning them. The list of ballots is published signed by commission’s key.
- Votes are the position + a secret encrypted by a voter’s private key, signed with the ballot. Votes sent to the commission and published.
Everyone can see which ballot voted which way, verified by the ballot public key. Voters can verify the commission didn’t keep the private key by verifying their encrypted secret. Votes are anonymous, cryptographically verified, and if a citizen ID system is used ballots can be assigned remotely so the entire election is remote.
No blockchain or specific applications are required for this system, just agreed upon key algorithms. The downside is keeping private keys secure is difficult compared to watching over physical ballots.
A system similar to this was used in the recent Hong Kong protest election, with the ballots issued in person.
Estonia’s system is insecure, relying on private closed systems to store, transmit, and tally votes. They have made changes, but AFAIK they don’t provide a way to publicly cryptographically verify votes or vote counts, and voting has to be done through a specific app.
If it is not in real time voting in person is not a problem. A secure room (phones and cameras not allowed) where no one can see what you've voted. (a bus would do fine)
4 separate systems with a 5th that checks if they all got the same vote from you. At the regional level the votes are counted continuously, if one of the 4 system produces a different result an investigation is triggered and huge prison sentences may follow.
We could immediately open this system up to every American with a small number of technical & legal changes.
Most of my thoughts about a more complex system are probably not unique, but thinking about this generated a few details that may be interesting.
The obvious final conclusion (for me) was that we could digitize our entire system in a few election cycles, without throwing out the entire system and starting over.
Just 1. Set minimum requirements federally for voter registration systems, 2. Create digital tools for creating and tabulating votes (form to PDF software, public ledgers), & 3. Allow everyone to cast a digital vote which can be converted to a normal paper ballot.
Then, at some point in time, you reverse the system, and make your digital ledger your source of truth, instead of your paper ballot counts.
A system in which all votes are fungible after a certain point only encourages fraud. As long as you execute it well you can have a high degree of certainty that you won't be punished.
[0] First, behind this requirement is the premise that political repression is to be expected. I'm sure that's true in some places, but you want to fix this in other ways. Second, you already don't have perfect secrecy in many systems and people don't seem to mind.
https://www.youtube.com/watch?v=w3_0x6oaDmI
Long story short voting needs to be secure and anonymous to be fair.
Hard to get all things at once.
So if I were building a system for voting online, I would audit that system and improve on any security deficiencies.
For example, at the end of the process the election counters release a file called "results.txt".
Inside that file is a data structure like: { huid: "123-456-789-ABC", vote: "Biden" }
Then you grep for the secret huid that you wrote on your paper ballot and that make sure that your vote was counted correctly.
This is a simplified concept without eg. PK crypto. Microsoft's ElectionGuard is an actual cutting edge implementation of how to do it well: https://github.com/microsoft/electionguard
But to take a stab, welcome blockchains ^_^