Why can't Google Forms be used for elections?

Question

I have been looking into secure online voting systems for a fairly small-scale (though extremely important) leadership election (~1000 voters).
I have been researching End-to-End auditable voting systems and the such, but then I started to think about why can't something like "Google Forms" be used. It is easy to control voter identity and making sure voters only vote once as everyone eligible to vote has a company Google Apps account.
If I'm not designing say the presidential election, then why can I not use Google Forms?

Most elections are secret ballot. Google Forms is not secret. — schroeder, Feb 16 '16 at 04:53
@schroeder - That assumes that the OP intended it to be a secret. — Motivated, Feb 16 '16 at 06:43

score 3 · Answer 1 · edited Mar 17 '17 at 13:14

In general, we can't use a third-party vendor's website for public systems, since anything can happen beyond our control.

If we host a site similar to Google Forms and it was managed by us, we may conduct elections using a centralized system.

As far as usability goes, it would be good, but in terms of security, it's a bad option, since we can't trust the results beyond our control. Apart from that, anything may happen. For example, you may bribe Google to change the results or online voting usually suspects for cheating.

Kindly have a look at this answer, which describes many types of cheats which are good examples of how online voting can be misused.

score 1 · Answer 2 · answered Dec 24 '20 at 17:08

When we want to digitalize something, we should try to modelize what is required, then what are the interactions, and only then examine the possible solutions.

Speaking of elections, the common requirements are:

votants must be identified and you can control who has voted to prevent people to vote more than one time. It is common for voters to sign something to prove their identity
votes are normally secrets, so nobody (except the voter themselves) can know who has voted what.
candidates can have representants that control the whole process.

Here the hard points are:

legal identification. A mail account if of course unique, but email hijacking is a fact. We all know that fake ID cards also exist, but laws punishing their use also exists. Currently in most country, a simple email password is not legaly seen as a valid identification. In European countries, only a digital certificate on a tamper resistant device (smart card) is accepted as a valid signature
who will guarantee (and how) that votes are secret?
control of the process. Anyone can control that a human being with an ID card has put an enveloppe in a box. An anyone can later count (and count again) papers. Control of a Web application is not that easy.

In fact the technical points are not that hard and could easily be solved or worked around. In many countries, procedures allow sending votes by (physical) mail, or asking someone else to vote for you if you cannot. And law gives precisions on what can be done and how. Defining all those manual vote procedures took centuries, and we are still lacking in most country the legal infrastructure around digital votes.

score 0 · Answer 3 · edited May 03 '20 at 07:48

0

If you require emails from the voters, you know what each voter voted, so the elections are not secret.
If you do not require emails from the voters, you can still require that the voter will be logged in to a Gmail account and each Gmail account can vote only once, but if someone has more than one Gmail accounts, s/he will be able to vote more than once.

edited May 03 '20 at 07:48

Glorfindel

2,235
6
18
30

answered May 03 '20 at 02:26

Avi Blau

1

score 0 · Answer 4 · edited Dec 24 '20 at 14:42

I think you can do this with reasonable security for a small organization as long as the person administering the process is trusted and the risk of somebody wanting to hack it is small

I'm thinking of using Google forms for an election for the committee of a community organization.

To ensure that only eligible people would vote I would use a spreadsheet of voters and generate a unique code for each voter. Then email that code by mailmerge to give each individual voter their voting instructions.

The code would be entered on the voting form along with their choices and thus end up on the votes spreadsheet generated by the form.

After the votes are cast I would export the list of codes (not names) to the votes spreadsheet. After that, I would quarantine the original spreadsheet (in case it's needed to rerun the counting process) and then delete it when the election is over.

All votes can then be automatically filtered, only the first vote cast with that code would be eligible. The only person in a position to cross-refer the code with the name is me and I am taking steps to prevent it. I could get a colleague to observe the quarantine process (eg save the sheet to a stick and get a trusted person to hold it, then delete the original)

I'm experienced with using all the tools needed and can run a few dummy elections to test and debug the process. Doing it from scratch without that experience could be disastrous.

Why can't Google Forms be used for elections?

4 Answers4