
Did Little Bobby Tables migrate to Sweden? - Kafka
http://alicebobandmallory.com/articles/2010/09/23/did-little-bobby-tables-migrate-to-sweden
======
henrikschroder
Haha, I was contemplating posting this myself to HN, but since I don't have a
blog where I could do a writeup and collect some links, I decided not to.

For those that are confused, Sweden does not have electronic voting, and you
can vote for anything, not just registered political parties. There's no list
of parties where you are supposed to mark one, instead you get an envelope,
and put in a ballot paper that contains the name of the party you are voting
for. Normally you get a pre-printed one from the party you want to vote for,
but you can also take a blank one and write whatever you want on it.

Any ballot with something written on it is a valid vote which has to be
counted and becomes part of the official election result. Since a few years
back they started publishing these results on the website of the election
authority, you can see the 2006 results here:
<http://www.val.se/val/val2006/slutlig/R/rike/roster.html>

The list of votes for registered parties that did not gain any seats are here:
<http://www.val.se/val/val2006/slutlig/R/rike/ovriga.html>

And finally, the list of write-in votes for non-registered parties is here:
[http://www.val.se/val/val2006/slutlig_ovrigt/handskrivet/R/i...](http://www.val.se/val/val2006/slutlig_ovrigt/handskrivet/R/index.html)

So given this, it was just a matter of time before someone would use their
vote to see if they could do a pen and paper scripting attack. :-)

~~~
eru
Thanks for the information about the Swedish system.

> Sweden does not have electronic voting, and you can vote for anything [...]

That's not very connected. You could easily imagine a free form electronic
system. And the German system on the other hand is (or used to be?) completely
paper based: You got a ballot with the names of all the parties / candidates,
and placed a tick next to the name you liked. Any writing made the ballot
invalid.

~~~
henrikschroder
> That's not very connected. You could easily imagine a free form electronic
> system.

I can also imagine a multitude of ways electronic voting can fail or be
manipulated without anyone knowing.

Voter turnout was over 84%, and that number has been increasing over the last
few elections. We do not have an accessibility problem. For the type of
elections we have, the current system is a good fit. One person - one
envelope. When the polling stations close the polling clerks take all the
envelopes, open them, sort the ballots into valid and invalid piles, and then
count the valid votes by hand. It takes a few hours, but we get a pretty
accurate preliminary result on election night, and the process is completely
open, anyone can watch the counting.

After the preliminary counting all the ballots are sent in to the regional
election authority office where they do a second counting where they also add
in mail-in votes from Swedes abroad and other people who couldn't be there on
the voting day. The second counting is also completely open, anyone can come
and watch.

Yes, it takes a few days to get the final result, but the confidence in the
result is very high. Yes, there are occasional screwups, but it gets noticed,
it gets reported, anyone can notice them, you don't need to a software
engineer to have a chance at it.

~~~
eru
Sure. I am not a fan of electronic voting either. Paper based voting is fine,
because anyone can understand and audit it in principle. Auditing electronic
voting is at least as hard as debugging.

If the general population can understand the inner workings of democracy, they
are probably much more likely to embrace it.

(Though still, electronic voting and free form ballots are completely
unconnected.)

~~~
henrikschroder
Oh, you mean connected as in having with each other to do, not as in having
the results connected to some central authority for quick counting. Sorry, I
misunderstood you. :-)

~~~
eru
I guess we had a violent agreement.

------
miguelpais
I didn't get it. I'm assuming the majority of the people voted electronically.
So, are these votes the traditional ones? If so, why do they allow a text area
on it? Is the person supposed tho write the name of the candidate instead of
selecting it from the options available?

~~~
Kafka
No electronic voting in Sweden at all but the election workers had to type in
the hand written votes, not only, to be able to publish them online.

------
erikstarck
Also, the Pirate Party failed to reach the parliament. By far.

------
eru
Are those only the names of the candidates?

~~~
Kafka
No, it's hand written names of parties. Most of them of parties that doesn't
exist.

~~~
eru
OK. Do hand written names count in Sweden? That's interesting.

(I know that in Germany, every ballot that has anything but one or two Xs on
it, is discarded as invalid.)

~~~
Kafka
If it's an exact name of a party then it will be included. Almost all voters
use the pre-printed ballots though.

~~~
Muzza
To clarify: to be valid, a hand-written ballot needs to identify the party
without there being any confusion. Thus, a ballot saying "Fp" will be counted
as a vote for Folkpartiet, but "Socialmoderaterna" would be invalid.

~~~
dLuna
To clarify this further.

This is true if the party in question has ordered ballot papers from the
central voting authority. This is (strangely enough) a different thing from
being a runner in the election.

So "Donald Duck" and "DONALD DUCK" would count the same iff someone has
ordered official ballot paper for Donald Duck party (or similar). They would
(or at least should) count individually if not.

~~~
eru
Could I run as DONALD DUCK, if Donald Duck was already in the race?

~~~
dLuna
Don't know. You do need 1500 signatures or so to run though.

------
Locke1689
What's with the XKCD reference? SQL injection and XSS existed long before
Munroe made a half-decent joke about it. I see no reason why we should assume
the author reads XKCD.

Edit: Sorry, I meant author of the blog post. I know the HN title style guide.

~~~
InclinedPlane
Searching the internet existed long before google came along, yet "googling"
has become synonymous with web search much the same way as "little Bobby
tables" has become synonymous with certain kinds of sql injection.

~~~
Locke1689
Hmm, OK I guess. I wasn't aware that XKCD had attained that level of
representation of CS as a whole (or I guess a paper-based SQL injection, even
though simply naming someone a SQL injection string doesn't necessarily
require it be paper based).

~~~
noodle
you'd be surprised. i have a bunch of friends who read XKCD for some of the
generically geeky content, and to who i have to explain a lot of more
technical punchlines to. including the premise behind little bobby tables.
there's a lot of people whose initial exposure to a CS concept is through
XKCD, which solidifies that relationship into the future.

------
ZeroMinx
This is stupid. If these people had voted properly maybe we wouldn't have
racists in the Swedish government now

~~~
mahmud
What if their politics wear leaning towards the "Racists" to begin with?

