> Online voting could be done securely over the network and could be authenticated with a certificate associated with one's voter registration that's anonymized in a way that doesn't reveal any information about the voter other than whether they have already voted.
There's a lot of handwaving in this sentence about what can be done. We can't even secure computers when the fate of the entire world _doesn't_ depend on it. You think we can do a better job when control of a nuclear power with the world's largest economy rests in the balance?
> like you can do now with taxes
I'm not terribly worried about the consequences of someone filing my taxes for me.
> We can't even secure computers when the fate of the entire world _doesn't_ depend on it.
This is hyperbole at best. In most cases, international policy does not change all that much regardless of what major party member happens to be president of the US.
> I'm not terribly worried about the consequences of someone filing my taxes for me.
Unless you have taken the time to fine tune your payments such that you don't receive a refund or owe a significant tax payment, then someone else filing can effectively get your refund, or put information in there that can land you legal trouble or have you owe a significant payment when you actually do not. That said, we have been able to file taxes online for many years now. It would be nice if we could get with the times and do the same for voting.
That's a small problem, but not _the_ problem. _The_ problem is that, in our entire history of making networked computers, we have never successfully produced one capable of guaranteeing end-to-end security once someone starts poking at it.
The person you're replying to is wishfully handwaving away electronic attacks like we haven't been facing an endless cascading catastrophe of device security breaches since practically forever.
They further keep equating property theft scenarios, where you would easily notice that your money went to someone else, or personal harrassment scenarios, where your first consequence is a human individual audit not a national election outcome, with scenarios where you'd have no idea that your vote was changed unless you start implementing policies that would allow people to sell their votes, which is something that we don't allow for a reason. Paper ballots kept in small batches distributed among thousands of precincts that are counted by hand with opposition observers are hard to systematically rig. Bits in a cloud machine somewhere that lose all connection to your action are not.
They further handwave away the significance of stealing an election because catastrophic harm would only happen _sometimes_.
> The person you're replying to is wishfully handwaving away electronic attacks like we haven't been facing an endless cascading catastrophe of device security breaches since practically forever.
Which is why I mentioned using certificate based authentication (AKA, client-side TLS certificates). Not only does the client verify that they're connecting to the correct server via the server side TLS certificate, the server can verify the client though the client cert.
This also assumes that those who want to vote online have the knowledge to properly secure their private key.
> They further handwave away the significance of stealing an election because catastrophic harm would only happen _sometimes_.
Has our foreign policy towards Israel, Egypt, Saudi Arabia, Iran, North Korea, Cuba, to name a few countries, changed significantly depending on whether someone from the Democratic or Republican Party is president?
I would say that gerrymandering has done far more to disenfranchise voters compared to theoretical attacks against the personal devices of those who choose to vote online.
> Which is why I mentioned using certificate based authentication (AKA, client-side TLS certificates). Not only does the client verify that they're connecting to the correct server via the server side TLS certificate, the server can verify the client though the client cert.
"Software has no flaws" is not a strong position historically. I mean, the very fact that we're on TLS version 1.3 and not SSL 1.0 should be clue enough.
> Has our foreign policy towards Israel, Egypt, Saudi Arabia, Iran, North Korea, Cuba, to name a few countries, changed significantly depending on whether someone from the Democratic or Republican Party is president?
This is a strawman meant to distract. You should instead ask "Are there significant benefits and incentives to set up a puppet government?" The answer to that is a very obvious yes. You can then ask "Is doing that easier if you can flip votes easily?" The answer to that is a very obvious yes.
> I mean, the very fact that we're on TLS version 1.3 and not SSL 1.0 should be clue enough.
But we still conduct a lot of business online without issue. If we followed the line of reasoning that you're suggesting, then we would still be doing things as they were done prior to 1995. The fact that we're not is testament that these systems largely work. Voting is not a special case that requires us to not make use of tried and tested technology.
> Are there significant benefits and incentives to set up a puppet government?
This is an example of the "begging the question" logical fallacy. You're just assuming the conclusion is true when that's not necessarily the case.
There's a lot of handwaving in this sentence about what can be done. We can't even secure computers when the fate of the entire world _doesn't_ depend on it. You think we can do a better job when control of a nuclear power with the world's largest economy rests in the balance?
> like you can do now with taxes
I'm not terribly worried about the consequences of someone filing my taxes for me.