
Tell the Senate to Pass a Strong Election Security Bill - raleighm
https://act.eff.org/action/tell-the-senate-to-pass-a-strong-election-security-bill
======
diafygi
For the HN crowd, if you're looking for highest impact per unit time spent,
I'd recommend reaching out to your representatives and public offices
(including local city reps), and volunteering to come in for a lunch and learn
with the staff. There's an ocean of knowledge between the cybersecurity stuff
we discuss here every day and what most staffers (in frankly more powerful
positions than yours) have.

Spending an hour over sandwiches with staffers talking about what phishing is
and answering their questions about whatever they want is a great way to do
your part save the democratic process.

For example, I volunteered to do a lunch and learn with SF Dept for the
Environment. I covered really simple stuff like looking at the url and domain
before logging in and how to use a password manager.

I also said, "If you have a stupid question you've always wanted to ask, now
is your chance." Since you're not their curmudgeonly IT person, some feel more
open to asking things they've always wanted to ask but felt would be met with
a scoff.

These are the people who eventually will interview Zuckerberg. Help them out.

~~~
Fnoord
> "If you have a stupid question you've always wanted to ask, now is your
> chance."

There are no stupid questions, only stupid answers.

------
ililla
Okay, i have to say this. USA has a long history of meddling in other
countries elections[1]. Now that Russia allegedly interfered with US
elections, everyones losing it. No wonder my Non-US friends and many others in
other countries are cynical of USA.

[1] [https://www.nytimes.com/2018/02/17/sunday-review/russia-
isnt...](https://www.nytimes.com/2018/02/17/sunday-review/russia-isnt-the-
only-one-meddling-in-elections-we-do-it-too.html)

------
craftyguy
> A competing bill introduced by Sen. Ron Wyden

Oh FFS. My one of my senators does the right thing already and gives me no
excuse to write to them. (I wrote anyways giving approval)

I'm commenting on the last bit of this, linked to by the original article:
[https://www.eff.org/deeplinks/2018/08/if-it-doesnt-have-
pape...](https://www.eff.org/deeplinks/2018/08/if-it-doesnt-have-paper-
ballots-and-automatic-audits-its-not-election-security)

------
tropo
Nobody dares confront the biggest problem: absentee ballots.

~~~
diafygi
I'll bite. Why are absentee ballots the biggest problem?

~~~
masonic
By far the biggest vector for voter fraud.

------
tomohawk
It doesn't do any good to secure the voting machines if there is no
verification of identity of voters, or effective controls on people voting
multiple times. We have so little verification in this regard, and so little
transparency, that there's actually a debate as to whether this even occurs or
not and is a problem. Not really enough data to know.

It would also help if they made ballots non-ambiguous. There should always be
a "none of the above" choice so that a machine could validate correctness.
Currently, if a choice is left blank, you don't know if the person meant "none
of the above" or forgot to mark it, or tried to mark it but the marking
failed.

Adding a "none of the above" choice makes that problem go away, and makes it
so that the ballot cannot be submitted until it is correct.

Incidentally, if "none of the above" wins, then the election really should be
run again, with new candidates.

~~~
maxerickson
What's your favorite analysis illustrating that multiple voting is a real
problem?

I also wonder if you think there have been any good comparisons between states
with strict id requirements and states without them?

We should change our voter eligibility system though, from one where people
have to maintain a registration to one where the government just uses
information it already maintains to send everyone a postcard indicating where
they can vote.

~~~
tomohawk
This seems backwards. We don't wait to see if there is a problem, and then fix
it when it comes to financial matters.

We know there will be some fraud, so we design systems to verify who is doing
a transaction and ensure someone else does not impersonate them. Peoples money
is at stake.

What would we say to a bank that does not require a login to take money from
someone's account? Would it be ok for the bank to say, "first, you have to
demonstrate there is an actual problem that is widespread". Of course, they
control all of the data that would let you make your case. And, how would you
prove that it wasn't Joe who took money from Joe's account if there was no
authentication method for the transaction? It would be just having to take
Joe's word for it. "Honest, I didn't take that money from my account - it was
someone else".

That's exactly how voting is today. Its just worse, in that Joe may have died,
or stopped voting for some reason, or be in a care facility and unable to form
decisions, or not even exist, or live in another state and still be voting in
his old state (and his new state), or any number of other things. The person
voting for Joe would likely never get caught, and the problem would not ever
surface.

There are several examples of fraud in the past. There are also examples of
reforms that have been successful in reducing fraud. We have a ways to go,
though.

I'm not sure I'm up for the postcard for this same reason. I don't think I'd
patronize a bank that sent a postcard to an address it has on file giving the
bearer carte blanche with my account.

~~~
maxerickson
So check fraud is exactly what you are describing in a financial context and
still happens all the time.

As far as voter notification, you don't have to use a literal postcard and
there wouldn't be any need or reason for it to be a credential, it'd just
provide the voter with information about where to vote. The polling place
would do whatever verification was required separately from notifying the
voter of where they are eligible to vote.

