Dan Wallach strikes again, putting the Estonians on notice regarding their plans to go from bad to worse with mobile-phone-based voting. It’s fascinating to me how most of the world regards Estonia’s high-tech elections as further proof of how technologically advanced Estonia is, while most computer security experts are absolutely petrified. The gap is another reminder that it’s very tough to teach voting system design.
In his post, Dan Wallach references Helios, my web-based open-audit voting system. He is right on to point out that Helios does not protect from coercion, low-tech or high-tech. It’s not meant to. It’s built for elections where coercion is unlikely, e.g. your PTA board, your local church/synagogue/mosque, student elections, etc… I would never want to see Helios used in a government election, for example. A beefed up version of Helios with secured browsers on locked-down machines at in-person polling places with encrypted-receipt printers, sure.