7/10

Today, we have met at the Career Center, and Mr. Elkner has recommended that I research the Helios Voting, an online voting system that utilizes some Python.
https://vote.heliosvoting.org/

Straight from the project's website, it aims to offer two values in online elections: privacy and verifiability. The page's FAQ offers some deeper insight onto how it achieves these values. Helios uses something called the "Ballot Tracking Center" which ensures to each voter that his vote was both received and tallied.

This is apparently an issue in elections and voting in general that many have a problem with. There have been countless attempts to create a system in which voters might be able to have satisfaction that their vote went through without risking others knowing what they voted for. I've never actually considered this problem but I can see why others might be concerned about it. Voting is something that everyone needs to feel like they are a part of, no matter how small their role played was, and if you're unsure that your vote was even counted that can be an awful feeling to bear. (However, as stated before, I've never actually felt this myself.) The type of voting system that allows proof that the voter has actually voted but without giving outsiders a way to see who he voted for is called an end-to-end auditable voting system.

How Helios insures privacy is possibly more interesting. Instead of decrypting individual votes, Helios only does so when all the votes are tallied, through a process known as homomorphic encryption, meaning no one except for the individual who cast the vote sees what was written on the 'ballot.' In addition, Helios apparently allows the election administrator to assign 'trustees' that are responsible for collectively decrypting the tally, for extra security.
Finally, the way Helios encrypts is apparently 'smart.' Helios's encryptions are not just randomly generated numbers, but are unique based upon each individual vote. This is another step that Helios takes to allow verifiability.

Helios's site also has a page dedicated to privacy. This page addresses some concerns and loopholes with the service. If all of the assigned trustees worked together, they could technically collude and decrypt anyone's individual vote, but this is unlikely and can be prevented by either having at least three trustees with differing allegiances or having Helios itself serve as a trustee. In addition, to actually vote, credentials are required and can be presented using a username and password generated for each individual, or a Facebook, Google, Twitter, or Yahoo login. Some information based on votes may be available based on what the election administrator decides. If the election was made public, information such as who voted and what time people voted at are released to the public. This information is released to everyone who voted if the election is private. Finally, information from third party logins are only retained for authentication.

Helios is certainly a very interesting project. However, one aspect is particularly interesting to me. Helios itself states that it should not be trusted for public office elections, as the stakes are too high even for something as secure as it is. However, reading an interview from Harvard Magazine, the creator stated that he hopes the open-audit system becomes standard in 10-15 years. However, I do not necessarily agree with this. It is vital to public office elections that as many citizens as possible vote, and that there are as few barriers to voting as possible. I'm far from an expert, but it seems as though having to vote online might create arbitrary restrictions, even though the benefits the system might give are valuable. Helios is certainly useful for voting for other types of things, but I don't see online voting as viable for public office elections unless something changes drastically.

I created a test election with Helios, and it is fairly easy to both create and maintain an election, from what I have seen, although the one I made wasn't very legitimate.

In addition, today, Mr. Elkner requested that I set up an IRC username. IRC is, from what I've heard, a chatroom service created in 1998. Mr. Elkner's other students use this and I'm going to be working with some of them to test Helios.