
Verified Voting - colinscape
https://www.verifiedvoting.org/
======
nickpsecurity
The consensus of both high-assurance security and top minds in general INFOSEC
is that voting shouldn't be done with computers or shouldn't exclusively rely
on them. They're black boxes connecting via black boxes with endless ways to
be attacked. I've noticed all the ways that protect them from that just make
the process more incomprehensible to both lay people _and_ technical people.
The paper ballots or hybrids where electronics spit out a human-verified one
are best schemes. Fewer forms of fraud that are easier to detect by massive
numbers of people. Better to just improve those systems.

Far as hybrids, the Scantegrity scheme was always interesting to me as the
human-visible steps are straight-forward:

[https://people.csail.mit.edu/rivest/pubs/CCCEx09.pdf](https://people.csail.mit.edu/rivest/pubs/CCCEx09.pdf)

Prior studies showed even it had usability problems. Someone interested in
secure voting might want to tackle those for it or other stuff in the related
work section.

~~~
amelius
It's not just a technical problem. With online voting, somebody can be forced
to make a certain vote, for example, at gunpoint. Or blackmailing, bribing, et
cetera.

Voting offices protect against this.

~~~
matt_kantor
What are your thoughts on vote by mail?

~~~
colejohnson66
You can always mail in the ballot, then go to a polling place and vote there.
IIRC, that overrides your mail-in vote.

~~~
greeneggs
How would that even work? They wouldn't be able even to start opening ballots
until after election day.

In California, you definitely can't do that. Ballots are separated from the
envelopes, for anonymity, before counting. The different counties even have
web pages where you can check that your ballot was received and counted. (Mine
was received 10/31, opened on 11/1, and counted on 11/2.)

~~~
gizmo686
Some states already allow people to change their votes if they voted early.

------
chongli
This all seems beside the point. So what if I can verify that my vote is
correct? How does that stop somebody with access to the software/machines from
tampering with the vote tallies?

I have worked as an election scrutineer for a political party. You just can't
beat having several people standing there -- each representing a different
political party -- watching each ballot be unfolded and counted, confirming
the exact count for each candidate, contesting any spoiled or rejected
ballots, recording an independent copy of the vote totals for all candidates,
and signing off on the official vote total.

The fact that each ballot box has multiple eyewitnesses and that all of the
counted ballots are sealed in a signed envelope makes the whole process very
transparent and easy to audit. None of this is true to anywhere near this
extent for electronic voting.

------
jdavis703
In California over half of ballots are sent in by regular, old fashioned,
snail mail via the USPS. I have no handshake saying my ballot was received, no
proof that someone at USPS or with easy access to USPS shipping infrastructure
(e.g. the mail trucks that don't get locked when the mail man goes out)
doesn't swap in a different ballot, or any assurances that again someone isn't
correlating my name and address with the ballot I mailed in. All these
problems are mostly solved just by using something like HTTPS.

Now the biggest problem is how secure people _perceive_ the voting process to
be. And since most people don't really understand how these things works there
will be huge room for conspiracy theories to arise about vote hacking. This in
turns undermines the democratic system. I've talked to many people who
actually feel more secure sending in their credit card details over the POTS
or by mail, not understanding that these systems are even less secure, even
after explaining to them the vulnerabilities.

------
pgz
I know very little about security but couldn't a system be created like git,
where for every vote the voter gets a sha of his vote?

That way she can later verify that in his section repository his vote is still
there and has been counted. Of course the mapping sha1 <-> voter will be
anonymous, but this way everyone can see all the votes.

This doesn't solve the problem of some hacker adding votes on top of the
legitimate ones though.

~~~
esrauch
There is a practical advantage to being unable to confirm your own vote: if
someone tries to buy votes people could just take the money and still vote
anyway they choose since there is no way to prove afterwards that you didn't
vote that way.

~~~
lswainemoore
What if when you vote you were given one real sha, which shows who you
actually voted for, and then one fake sha, which would show the opposite? As
long as only you (and the vote aggregator) knew which one was which, you could
produce "proof" to any vote buyer.

~~~
comex
But the fake SHA would have to not be counted, yet the purpose of the SHA is
to prove that your vote was counted. There are variations on the scheme, but
fundamentally, in a system where the voting machine gives you a real and fake
token, which have to be indistinguishable after the fact, what's preventing it
from swapping them?

------
ausjke
why can't the voting machine print a receipt with a unique random number for
each instance? why can't every voter get an alphanumeric-ID that has nothing
to do with his last/first names? This way the whole voting record can be
listed publicly, searched and verified by all those who voted just like a
lottery ticket to some extent. Technically there are so many ways to double-
check the election correctness but none is implemented, why? just a dumb
machine that my input is going to /dev/null without any way to check the
return/error code?

------
known
Right to vote should be restricted to those with knowledge qz.com/796962

~~~
owenversteeg
The US used to be an epistocracy [0], and the result was disenfranchising
racial minorities for decades. The testing system was deeply racist, and
basically prevented black people from voting. The battle to eliminate the
tests was long and hard and continued until a deeply divided Supreme Court
upheld the Congressional nationwide ban on literacy tests in 1970, in Oregon
v. Mitchell [1]. Although I dislike it when people cast uninformed votes, I
would fight for their right to do so if it ever again came into question.

Let me guess, although you say "[the] right to vote should be restricted to
those with knowledge" you did not have sufficient knowledge of the US's past
as an epistocracy. Which makes me smile; you definitely wouldn't pass _my_
knowledge test :)

[0]
[https://en.wikipedia.org/wiki/Literacy_test](https://en.wikipedia.org/wiki/Literacy_test)

[1]
[https://en.wikipedia.org/wiki/Oregon_v._Mitchell](https://en.wikipedia.org/wiki/Oregon_v._Mitchell)

~~~
yummyfajitas
Suppose everything you say is true, and every single supporter of epistocracy
is racist. It does not follow that epistocracy is bad. Consider the
possibility that epistocracy is racist but it _also_ produces better
governance - e.g., perhaps the racial groups being discriminated against vote
for bad governance.

(Define "bad" however you like, but strictly in terms of actions taken by the
government rather than how those actions were decided on.)

If that were true then the racist epistocracy you discuss would be a good
thing, in the sense that governments would provide better services to
citizens.

The main argument against this is that voting rights are a way to express
respect, membership and status to humans. But the solution to this conundrum
is to stop using voting rights as a status symbol.

Here's a nice article that discusses this idea in much greater detail:
[http://bleedingheartlibertarians.com/2016/09/expressive-
mean...](http://bleedingheartlibertarians.com/2016/09/expressive-meaning-
democracy-plus-philosophers-enamored-semiotic-arguments/)

~~~
owenversteeg
So, in my comment I never once said supporters of epistocracy are racist (or
that every supporter of epistocracy is racist.) [0] I said that epistocracy
itself was racist in the most literal sense: discriminating by race.

I said that it disenfranchised racial minorities for decades, which is
something that is factually true; some Southern states did not have laws
preventing black people from voting because epistocracy was the system by
which black people were stripped of their right to vote, i.e. literally
disenfranchising them by the dictionary definition - the first definition,
according to both the Merriam-Webster and Oxford English dictionaries.

At this point let's ignore the race issues and just assume two things to be
true: 1) epistocracy is the most effective form of government and 2)
epistocracy deprives every citizen (who is ignorant of X, whatever X may be)
of their right to vote.

Personally, even given these assumptions I would not be in favor of
epistocracy. In my opinion, a dictatorship would be the most effective form of
government. But do I want a dictatorship running the country? No.

Because I, personally, hold these truths to be self-evident: that all men are
created equal, that they are endowed with certain unalienable rights, that
among these are life, liberty, and the pursuit of happiness. And regardless of
the enticing Siren call of an effective system of governance - which sounds
all the more sweet with the modern political world of Trump, Clinton, Duterte,
Geun-hye to name a few - I would not deprive any citizen of this planet of
their rights, however dire the consequences.

[0] I do think that many or indeed most modern supporters of epistocracy are
racist and ignorant, but that's not relevant; I don't dislike something solely
on the basis that its supporters are racist or ignorant. I assume both Donald
Trump and I like pictures of cute kittens, for example. As an aside, it's very
obvious that almost every supporter of epistocracy was racist when it was in
place in America.

~~~
yummyfajitas
_Because I, personally, hold these truths to be self-evident: that all men are
created equal, that they are endowed with certain unalienable rights, that
among these are life, liberty, and the pursuit of happiness._

If a dictator (or epistocracy) protects these unalienable rights better than
50%+1 of the population does, your premises argue in favor of that
dictator/epistocracy/non-democratic government.

Voting rights are neither life, liberty nor pursuit of happiness. Voting
rights are something else: the right to have a nonzero probability of directly
influencing the use of (legal) violence against others. It's easily possible
for a person to have your three inalienable rights without this.

