An Internet Voting System Fatally Flawed in Creative New Ways
Andrew W. Appel, Philip B. Stark
TL;DR
The paper critically analyzes the MERGE internet voting protocol, highlighting its fundamental flaws and emphasizing that it cannot be trusted for secure elections without extensive legal, procedural, and technical reforms.
Contribution
It provides a detailed critique of the MERGE protocol, exposing its vulnerabilities and clarifying that it is inherently insecure for trustworthy voting without major systemic changes.
Findings
MERGE protocol has significant security flaws.
Implementing MERGE requires sweeping legal and procedural reforms.
Current technology and practices are incompatible with the protocol's trust assumptions.
Abstract
The recently published "MERGE" protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper ballots through the mail. In the MERGE protocol, the votes transmitted over the internet are used to tabulate the results and determine the winners, but audits and recounts use the paper ballots that arrive in time. The enunciated motivation for the protocol is to allow (electronic) votes from overseas military voters to be included in preliminary results before a (paper) ballot is received from the voter. MERGE contains interesting ideas that are not inherently unsound; but to make the system trustworthy--to apply the MERGE protocol--would require major changes to the laws, practices, and technical and logistical abilities of U.S. election jurisdictions. The gap between theory and…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting