
Voting Machine Makers Claim Names of Entities That Own Them Are Trade Secrets - inflatableDodo
https://www.techdirt.com/articles/20190706/17082642527/voting-machine-makers-claim-names-entities-that-own-them-are-trade-secrets.shtml
======
mcv
So these companies basically admit that, if we knew who owned them, we
wouldn't be buying their voting machines? I think that by itself is enough
reason to avoid them.

It's bizarre how much of a wild west the US electoral procedures are. You'd
think this would be extremely strongly regulated, but instead it's a free-for-
all where the real interests are kept as opaque as possible.

~~~
ddingus
Right?

That opaque bit is the crux of the matter. By design, doing that is completely
unnecessary! We do not make votes personally identifiable, and that opens the
door for the rest of the process to be public, trusted, etc...

After a bit of research, done back when this crap started, I arrived at these
pillars for trustworthy elections:

Freedom: Basically, people can vote or not. This puts the burden of garnering
votes on those wanting to win elections. It's not a given votes will be cast.

Anonymonity: This is all about reinforcing freedom. No vote record = people
free to vote their minds with far fewer overall worries than there would be
otherwise. If we eliminate this one, electronic votes can make sense, but
there are consequences, implications. Not sure it makes sense, but I am open
to this discussion.

Transparency: It must be possible for any participant in the election to
follow their vote cast through the process to the final tally. Human readable
vote records, the law, means, methods, all available for anyone to understand.

Oversight: Needs transparency, but also the enabling force of law and norms.
Not only can people evaluate the elections, but they should do that! We all
live by the outcomes. It only makes sense that we all have an interest in
trusting the process, and understanding votes cast are legit.

I arrived at them being deeply bothered by the input trust problem. Prior to
voting machines, this never crossed my mind. We take it for granted.

(see my other top level comment)

Trustworthy elections embody those ideas to the maximum extent possible.

Notice secrecy is not in there? The only place where it is really needed is
when the voter casts their vote.

All these companies, and to a large degree elections people, and processes,
have conflated secrecy with security. Doing that is either a mistake, or
nefarious. Which is it?

~~~
mcv
These are exactly the reasons why Netherland stopped using voting machines.
Although interestingly, it was the fact that anonymity could be compromised,
that was the final nail, rather than the lack of transparency.

With paper votes, anyone is able and allowed to check that every step of the
voting process is done fairly. You can see the empty voting boxes before the
election starts, you can see that everybody puts their one vote in it, you can
be present when they're counted. Dutch law made an explicit exception to these
rules to make voting machines possible, and that that was even necessary,
should have been a massive red flag. And yet this obvious lack of transparency
was not enough to get them banned. Only when hackers proved that anonymity
could be threatened, were voting machines banned.

Personally I think transparency is more important than anonymity. Compromised
transparency enables much larger scale fraud than compromised anonymity, so
I'm surprised proving compromised anonymity was even necessary.

~~~
ddingus
Many of us, at least here in the US, are not that secure. Votes are very
highly politicized, tensions high, establishment vs people, social right vs
social left.

Here, we have fraud, but we have a high degree of anonymity. People don't seem
to really get it. I am confused as to why.

I am reasonably secure myself and could make the same trade off you did, but
an awful lot of my peers would not.

Super interesting observations. Thanks!

------
ddingus
The only voting machines that make any sense are those that can take human
readable ballots and count them. And even then that needs to be coupled with
audits and other basic means to verify that they function as intended and
required by law.

(Optical scan, basically)

The basic problem with voting machines casting actual votes is that they do
not make a record of voter intent. They make a record of what they think the
voter intent was. The actual record of voter intent walks out the building, or
is a grease smudge on a screen somewhere. Lost.

They are all votes by proxy.

Because we make votes anonymous, the chain of trust between the voter, their
intent, and the record of that intent, is super important. That record needs
to be used directly, or we've got issues with how trustworthy the process is.
That record is needed should there be issues too.

Electronic machines do not record voter intent, and that is the primary thing
of value in an election.

When a voter makes some mark on a physical ballot with a pencil, pen or some
other device, they can verify that record is accurate, in line with their
intent, and that means that they have confidence that their vote was correctly
cast. The vital chain of trust between voter intent and the record of said
intent is intact.

Follow that up by using that record directly, (optical scan or simple, human
count) and we've got a process, that if necessary can be hauled into a court
of law, or manually evaluated by humans, to ensure that we understand the
outcome of the election.

Paperless machines are so untrustworthy that nobody can even know who won an
election! No potential for review, oversight exists! (Looking at you South
Carolina)

When we provide input to a touchscreen, or via button press, or any other
simple means, the intent is expressed at that time mechanically, but the
electronic record isn't the same as a physical mark.

The truth is, the voter cannot see the vote record directly, because it is
electronic. It is just a temporary state. Enabling technology is required for
the voter to see the record. In this sense, the record of their vote is
isolated from them, and they are forced to trust the input and output of the
machine, again a vote by proxy.

This is fundamentally untrustworthy.

An example I have given to kind of simulate this involves a person in a secure
room alone. You the voter walk up to a window, and you tell them what your
vote is. They go make a record somewhere that you cannot see, and then they
verbally confirm your vote, or maybe hold up a card or something. The key
thing to understand is the voter has to trust that person, they don't see the
little invisible record off to the side, nobody does.

Essentially, there's no chain of trust between the voter and the record of
their vote. And no reasonable person would trust such an arrangement to be an
accurate election, a trustworthy one. That is basically what voting machines
do. They get between voters and the enduring record of their voter intent.

I struggle to communicate this in ways that ordinary people can understand.
It's really a problem. People see computers and all the magical things that
they do, and they want to trust them. And in a lot of places means and methods
they can trust them. Voting is different because it's anonymous, and we don't
link people to votes, which means those intent records really matter.

~~~
em-bee
this makes sense. i am wondering about technical solutions to this problem.
keeping the paper record is one.

how about taking a photo of the screen (not a screenshot, but an actual photo
with a separate camera) to record what the voter sees?

another idea is to enter the vote twice. like when we create new passwords. do
make sure the same result is recorded. do it on two machines side by side. if
there is a difference, start over.

~~~
ddingus
If the paper record is not used to compute the tally, the trust problem is not
resolved. Schemes to impact the election can fall under triggers to audit /
recount on paper. Secondly, why not just use paper then? The machine is adding
near zero value.

In the case of the photo, recording what the voter sees does not impact
whether the actual record used reflects their intent. At best, we can verify
they saw what they said they saw. The real problem is whether what they see
actually reflects the record used for the tally. Edit: Also, if we personally
identify votes, this could be used to reconstruct an election. Again, why not
just use paper?

Inputting a vote twice can improve mechanical to intent translation accuracy.
However, the actual record still requires enabling tech to read, is still a
temporary state, and is still not part of the chain of trust between voter
intent and the record of the vote used for the tally.

