Online voting is done in these steps:
Locate your voting-related files, specifically your voter registration
certificate and key, called register.usr
and register.key
unless
you renamed the files. Remember the passphrase for the secret key. When you
have these items all ready, make a signature for the registration certificate
by following the instructions for your operating system. (You may
vary the instructions, e.g. use different directories or a full path name, but
the form given is the easiest for beginners to follow.)
sign-prepended).
cd $HOME/votefiles
/bin/sh signfile.sh register.key register.usr
Send your Registration Certificate and the signature to the Registrar of Voters by using the form below. You will receive in return a script that makes a new secret key and Certificate Signing Request. Save this script to a file on disc (suggested name is vote.sh), with your other voting-related files.
In this form use the two choose
buttons to find and select your
Registration Certificate, typicalloy called register.usr
, and its
signature, called sign-register.usr
. On Microsoft® Windows® (Microsoft
Internet Explorer web browser) ypu can open the file finder and then drag
and drop
the file's icon from the folder display into the file finder. Try
it on competitor web browsers also; it's likely to work.
Remember to select whether you want a sample ballot, for testing if you can do the procedure, or a real one.
Save the Ballot Ticket script to a file on disc (suggested name: vote.sh). Then proceed to execute the script in Step 2.
There are two opportunities here for voters to cheat. First, if you have registered fraudulently, the payoff comes here when you get the Registrar of Voters to issue you a Ballot Ticket to which you are not entitled. Second, if you have stolen someone's voting-related files and cracked the passphrase on his secret key, here is where you get value from the exploit.
The Registrar of Voters also has a major cheating opportunity at this point. The Registrar promises to forget who the Ballot Ticket was issued to. But suppose some corrupt computer programmer breached trust and recorded the information in a hidden table, After the election anyone can download the ballots and count them. The corrupt programmer could deliver the table to his criminal employer, and if, for example, your vote had been bought (possibly by more than one candidate) but you did not vote as promised, an enforcer could visit you and discuss the error of your ways.
It is much harder to match up the ballot with the voter in a manual system,
which is an advantage in corruption resistance. If provisional ballots
are accepted, they are signed by the voter whose registration is disputed
and are kept separate, much like what InetVote does.
In this issue there are several competing values:
The Election Board could record with the ballot, not the Ballot Ticket number but its own unique key. Of course they could also secretly record the map from Ballot Tickets to unique IDs, but to make the exploit work, both the Election Board and the Registrar of Voters would have to be in collusion with the same criminal enterprise, not unbelieveable but considerably harder than corrupting just one agency.
As InetVote is presently designed, if your registration is disputed before the election, your Ballot Ticket number will be recorded, and if you are later found to be wrongly registered, your ballot can be found and removed. But this requires the actual Ballot Ticket to be kept with the votes, so they can later be found.
To keep the Election Board honest, there is a feature where the voter can specify his Ballot Ticket number and receive a copy of his ballot before the polls close. But this could also be made to work with a random ballot identifier.