We know how to conduct secure business on the Internet, especially with 2 Factor Authentication. Most of us have done banking or utility payments online, securely. I’ve been doing so for at least 20 years, so this is not a radical concept. At the user end, an online voter account experience would be very much like the experience of any other online account which requires extra authentication. Creating an online voting account would require an in-person application at a government office and verification of identity and residence. The accounts would be portable if the voter moves to a different precinct.
The server end of the online voting system would run on open-source software (which you can be sure would receive intense scrutiny). Political parties and other interested institutions would have real-time read-only access to the incoming data as completed ballots were submitted for tabulation, so they could maintain independent tallies.
The advantage to the voter would be the ability to retain a file showing their ballot choices, and the unique identifier of their ballot. That identifier could be used to look up the ballot online inside a published list of ballots, so the voter could find and verify their tabulated ballot anonymously.
The online ballot files would be downloadable so that anyone with a spreadsheet program could verify the tallies for themselves. If a week post-election goes by and virtually no reports come in from voters complaining their ballots were not tabulated, the confidence is high that all authorized votes were recorded.
Each completed ballot in the database would have metadata showing its unique number/ID, the precinct associated with the voter account, a timestamp showing when it was uploaded, and a timestamp for each time the ballot has been individually looked up anonymously. No voter PII would be attached to the ballot. The file connecting the unique identifier on the ballot to the voter would be accessible only by court order.
Other commercial and government databases would be periodically cross-checked against the database of online voter accounts, to identify and notify voters who moved without updating their accounts, became felons, or died. (Yes you should be notified if the system thinks you died, in case you didn’t) Voter accounts would expire after ten years unless the voter renews by making another in-person appearance.
Online voting would be an option not a requirement! Though I imagine it would become the predominant method before long.
There should be no such thing as an electronic voting machine! For someone who understands software and hardware hacking, the very concept of a voting machine is an abomination. Your only voting machine should be your fingers on the keyboard while securely logged-in, or your fingers marking a piece of paper at a polling location.
We move billion$ over the Internet each day without incident. We can vote that way too, securely.
I think you mean PKI. Two factor authentication is not secure, nor convenient. You are forced to keep your phone with you and type crap from the phone into the computer. Meanwhile someone can port your phone number and pretend to be you.
The advantage to the voter would be the ability to retain a file showing their ballot choices, and the unique identifier of their ballot.
Illegal and not desirable. People could more easily sell their votes.
Each completed ballot in the database would have metadata showing its unique number/ID, the precinct associated with the voter account, a timestamp showing when it was uploaded,
Not good. Experts could figure out individual voter's votes from that info.
Other commercial and government databases would be periodically cross-checked against the database of online voter accounts, to identify and notify voters who moved without updating their accounts, became felons, or died. (Yes you should be notified if the system thinks you died, in case you didn’t) Voter accounts would expire after ten years unless the voter renews by making another in-person appearance.
Ten years is way too long. But the suggestions there are good. In fact that is what we need to do and is missing from the OP's article. Also third parties need to have the ability to cross check, from both parties. The data must not include people's votes, but all other registration info needs to be given to third parties who can cross check across jurisdictions, other databases, etc.
Bruce Schneier, (who I don't particularly care for from a political standpoint) is an actual cryptographer who has written about the comparisons between commerce and voting rather extensively over the years. I still think this article is one of the better ones at outlining the issues. It was written in 2004, and is still relevant today.