
Ask HN: Could programmers convince society not to use software voting systems? - rossdavidh
I don&#x27;t generally expect society to listen if computer programmers tell them to do or not do something.  But, just maybe, they might listen if programmers said, &quot;don&#x27;t use software for this&quot;, en masse.  I feel like voting systems that have no voter-verifiable paper backup are a horrible idea and (in the literal sense) a threat to democracy.  Is it possible for programmers to somehow get this message across to the rest of society?  Or do most other programmers think this is not a problem and the security risks are overblown?
======
LinuxBender
Multiple engineers have testified before congress that they were ordered to
make systems easy to hack. This has been going on for decades and nothing has
changed AFAIK. I suspect everything will go fully electronic with no paper-
trail, despite my having a paper trail every time I fuel up my vehicle.

~~~
hsienmaneja
Citation?

~~~
LinuxBender
This isn't a college paper. I do not need to cite everything that I state. You
can find these on search engines and youtube easily enough.

~~~
AnimalMuppet
If you claim something that is not generally known, a citation is kind of
nice. If you are asked for one, a citation is even nicer - where one asks, ten
or a hundred others may have the same question. You want the asker to go
Google it, but you might save a hundred people the work.

------
rogerthis
Do you want horror story in this area, look for how elections are done in
Brazil. 100% digital, from voting to counting to totals.

------
itronitron
Software-only voting systems are a worse idea than paper-ballot voting
systems. Unfortunately, issues do come up with paper-based voting systems so
people think the system can be improved by throwing software at it.

At this point, voting by mail seems to be the way to go in places that are
going all in with software systems.

------
Chinmayh
I am not sure why Software should not be used. My solution would be

1\. Open Source software, which can be verified by everyone.

2\. Voting via an app with authentication as good as or through your bank
account.

3\. After Voting, We should be able to query and verify who our vote is with -
on a particular day of counting, and get whole history of our votes. An
individual persons vote is append only.

Please, do let me know drawbacks.

~~~
endisukaj
> Open Source software, which can be verified by everyone.

What makes you think that the open source software you verified is the
software actually loaded on the machine you are using to vote. What about the
software on the machine that counts the votes?

> Voting via an app with authentication as good as or through your bank
> account.

What about voter secrecy? Logging in and then voting defeats the purpose of
voting.

> After Voting, We should be able to query and verify who our vote is with -
> on a particular day of counting, and get whole history of our votes. An
> individual persons vote is append only.

If you can query to find your vote then anyone else can. Do you want everyone
to know who you voted for?

~~~
Chinmayh
Why do you think that paper ballots cannot be faked? Why do you think counting
paper votes is better?

You can't force people to declare their vote, If they don't want to. If the
country is totally lawless, then I don't think voting will change it anyway.

Just because we can query some info about ourselves, doesn't mean anyone else
can. That is clear malicious intent.

~~~
dragonwriter
> Why do you think that paper ballots cannot be faked? Why do you think
> counting paper votes is better?

Faking paper ballots is easy; getting any substantial number of fake paper
ballots into the count in a system with the kind of controls associated with
paper ballots virgin hg in the US, OTOH, is not.

> Just because we can query some info about ourselves, doesn't mean anyone
> else can.

Yes, it does. That is, it means that the information is permanently more to
your identity. It means it's subject to vote buying/retaliation, because
people can choose you into proving your vote and can reward or punish you for
it.

> That is clear malicious intent.

That doesn't mean it can't be done.

------
a-fried-egg
The part where regulation failed was when the engineers went before Congress
and not a Grand Jury to testify.

------
skillachie
Interesting enough, i just came across a project that is working on this using
the blockchain
[http://185.25.51.16/papers/VerusVision.pdf](http://185.25.51.16/papers/VerusVision.pdf)

------
theknarf
Why would you turn down the ability to hack entire countries democracy? Think
of the power! /s

------
squozzer
Most software people I know aren't particularly persuasive. One trait
noticeably missing among them is the ability to simplify a complex topic
without losing too much relevant information.

But even if some are, ways exist to undermine an expert's credibility about a
complex topic.

For example, when Robert Oppenheimer began warning people about the dangers of
nuclear war, the attacks came. Once the government felt comfortable enough
with Edward Teller, it could proceed with revoking Oppenheimer's security
clearance.

That said, not sure a paper receipt actually helps because it's certainly
possible for a voting machine to spit out a receipt, then change whatever data
the receipt was supposed to capture. And unless the change was drastic and
massive (e.g. Trump wins California) then it will probably go undetected.

~~~
rossdavidh
Good point on the average persuasiveness of software people.

On paper receipts, the idea is that it allows for recounts. Not that paper is
invulnerable, but the fact that more people understand how paper works than
understand how software works, makes it a better option, I think (speaking as
a software person).

------
gnulinux
Wow this thread is very depressing. I'm really sorry to say that this time I
strongly disagree with HNers.

I'm a previous human rights activist and I worked in a lot of past elections
in Turkey. I am very opinionated on this issue and I strongly believe the
future is software-only votes.

Naive reasons why we should use software-only voting:

1\. Humans can do mistakes. Machines can't do mistakes (unless humans who
programmed them did mistakes)

2\. It takes more time and resources to count votes compared to automating it.

3\. You'll use less paper, so better for environment.

Better reasons why:

1\. Voting is an entirely impossible-to-debug process. If you live in a
corrupt republic like Turkey of Russia you need to spend thousands of dollars
and people to ensure elections are held democratically. Because government
won't ensure that or they will actively work against it. Software can be made
debuggable.

2\. If you live in a country like Russia, government can attempt collect data
about your votes to estimate/learn which party you voted for. With
cryptography this can be made mathematically impossible (or equivalent to very
hard problems like PvsNP)

3\. Recalculating election results is very infeasible in real life. If you
store election data (so that it's impossible to find who voted what) and make
it open, everyone can confirm election results EVEN IF we find a bug in
retroactive computation script.

4\. With free software (free as in freedom) it is possible for experts
(computer scientists, cryptographers, law makers, attorneys etc...) to audit
the process of election. This is not possible in real elections: lawyers
cannot audit the election so it's possible some people make wrong decisions
interfering in people's votes (i.e. deciding a bad vote to be ok, vice versa)

Problems:

1\. Backdoors etc. Solution: use free software and pay experts to redundantly
confirm system works. Pay software engineers to maybe write parts of the
system in agda, idris, coq so it's provable. This is not terribly worse than
the space program etc.

2\. Not everyone can use computers. Solution: you can organize the exact same
election system, call people to special places to vote and use computer
instead of paper.

3\. What if we're hacked even after experts checking the system? Solution:
redundantly store the data, use parity bits RAID etc to ensure data integrity.
If there is some unrecoverable data loss, cancel elections.

~~~
decebalus1
> Humans can do mistakes. Machines can't do mistakes (unless humans who
> programmed them did mistakes)

That's an incredibly limited view of the issue. Machines can make mistakes
regardless of human intervention (albeit probably indirectly, because humans
have an unprecedented level of influence on reality). First, there are known
software glitches caused by unexpected bit flips. Second, software systems can
grow to a level of complexity where unless you invest orders of magnitude more
time in theorem provers for it you cannot guarantee that 'machines can't do
mistakes'.

Electronic voting is an interesting problem and I agree with you, it's
probably the future. But it's not a near future or not as near as you'd think.
Electronic voting is vulnerable to attacks which cannot be detected when they
happen. Armies of diverse human observers for paper ballots are much more
effective for detecting fraud.

------
Scarblac
Today's XKCD is on this as well:
[https://xkcd.com/2030/](https://xkcd.com/2030/)

------
AnimalMuppet
The way I could see doing it would be to hack several states' voting systems,
and totally mess with the results so that they are _clearly_ incorrect. Like,
Trump wins California and Massachusetts over Hillary by 99% - something
obviously, blatantly wrong.

Note well: I am _not_ advocating actually doing this. But that's what I think
it would take.

~~~
rossdavidh
I suspect you might be right, and I wonder how many not-clearly-incorrect
hacks will happen before the first clearly-incorrect one does.

But, if one were doing that, better to cause Mickey Mouse to win the state, it
is a more clear signal. But I'm not the person to send that signal, which is
why I was thinking about how else to communicate it.

------
meiraleal
Why would you convince them to discard something that is at least better than
the alternative? Manual voting systems are easily to hack and more difficult
to find who/when or even if it was hacked.

~~~
lev99
How would you hack a paper ballot?

You see your choices in paper.

You place the paper in a ballot box.

The ballot box is watched by people on both sides.

The ballot box is sealed and transparently transported to a counting facility.

The ballot counting is observed by people on both sides.

The counting facility counts the ballots twice, with both counts having to
agree. The counts are communicated to a central tallying location.

The counts for each counting facility and the total are publicly communicated.

~~~
rossdavidh
The most important feature of a paper ballot is that the general populace can
read them, and understand how they work. The worst feature of any electronic-
only voting system is that the general populace cannot verify that they work.
This is a bad thing even in the case where no hacking occurred, since it
reduces trust in the validity of the outcome by anyone who dislikes the
result.

~~~
krapp
The general populace can't really verify the results of paper ballots either,
that would mean letting anyone who wanted to do their own manual counts of all
ballots.

~~~
marshray
[https://www.eac.gov/voters/become-a-poll-
worker/](https://www.eac.gov/voters/become-a-poll-worker/)

~~~
krapp
A poll worker isn't the general public, though, that's still a limited number
of privileged individuals. The general public would be literally anyone off
the street.

And a single poll worker still wouldn't be able to verify _all_ of the votes
in an election. There's still an insurmountable trust issue where most of the
public has to accept the results from what amounts to a black box, which paper
ballots don't entirely solve.

~~~
flukus
> A poll worker isn't the general public, though, that's still a limited
> number of privileged individuals. The general public would be literally
> anyone off the street.

In Australia we have observers for the counting process and every party or
candidate can send representatives. Political parties are practically begging
for volunteers in this role. We also have a much more complex preferential
voting system but the manual counting process still shows results 30-60
minutes after polls close in all but the tightest races.

> And a single poll worker still wouldn't be able to verify all of the votes
> in an election.

Anyone cheating would have to involve a huge number of people around the
country and the people watching those people. Getting elected legitimately
would be far easier.

