Systems are currently being tested and rolled out to permit remote electronic voting. One of the main problems in the remote e-voting systems is that, contrary to voting in a voting office, they do not offer any protection against vote buying or vote coercion. Indeed, although the vote is secret as long as the voter does not collaborate, it is still possible for the voter to disclose his choice to a third person and at the same time to prove what he has voted.
In the system disclosed in U.S. Pat. No. 5,731,575, a user can covertly alert the system that he/she is under coercion by entering a false (Personal Identification Number) PIN. The system can then take action. However, it requires an extra organization that will have to detect and react upon the fraud. Also, this system does not protect against possible pressure coming from an organizing person such as the one having to respond to personal distress signals. Furthermore, it requires the voter to remember a different sequence of numbers be it easy to derive from his correct PIN.
In the patent application WO 00155940, a system is proposed to use the one-time pad in order to guarantee the secrecy of the votes. In this scheme, election codes associated with candidates are given to the user secretly and with authenticity. This code-candidate association is different for each voter so that someone tapping the communication between the voter and the authority will never know the vote. So, provided the credentials are distributed secretly, this system guarantees the secrecy of the vote unconditionally. But, the protection against coercion at the same level as in-booth voting is not provided here. Although the duress pin and the false code are mentioned, none of them is provided through a one-time in-booth secret action. Also, because the choices are pre-encrypted and the association code-candidate is displayed on the ballot, it is admitted that copying or photographing the ballot can provide evidence of how the vote was cast. Unless in case of a two part ballot, mixing parts between ballots would make the combination invalid. But the latter sentence presupposes that at least one of the parts is handed over secretly to the voter before each election, thereby strongly reducing the benefit of remote elections.
Another system is disclosed in the article of Magkos, Burmester and Chrissikopoulos “receipt-freeness in large-scale election” without untappable channels. This proposed system is using smartcards that use randomness from both the voter and the program on the smartcard itself to produce encrypted votes. The smartcard system proves to the user which encryption represents his correct vote before the vote is cast. Thus, the system avoids any use of untappable channels including the visit to a voting booth. But the problem with such a system is that, by forcing the voter to be merely an interface to the system for the coercer (the coercer chooses the randomness and verifies the encryption afterwards), coercion can take place. Also, this system does not intend to prevent the risk that the coercer would observe the voter while voting.