
USPS Files Patent for a Blockchain-Based Voting System - seigando
https://heraldsheets.com/us-postal-service-usps-files-patent-for-blockchain-based-voting-system/
======
pgt
Maybe this is a dumb idea, but what if for each election we issued a ballot
containing a unique, random, sequential prime number to every registered
voter?

Then, when counting the votes for each candidate we display the running
product of all the primes counted for that candidate as a "checksum", or
"check product". This retains privacy while allowing individual voters to
easily verify that their vote was counted by simply dividing their party's
checksum by their prime ballot number and confirming that it is a factor of
the check product. By displaying a running product of votes, you can also
verify that your vote was not counted before you voted. Additionally, this
prevents double counting because the "checksum" for N primes must match
exactly N votes and no two candidates can share a factor. By issuing sequences
of primes to certain regions, you can get some metrics by state.

Then you institute a rule that if some % of primes dispute that theirs was
counted correctly, a recount is automatically triggered.

~~~
luckylion
It allows for verification not only by the voter but also by third parties,
doesn't it? That would make it possibly to sell votes (with proof!) or
threaten people with repercussions unless they vote a certain way.

~~~
pgt
This is only a risk if ballots are not issued privately.

~~~
lentil_soup
That is a great system, but there could still be coarcion to show your "prime
number" token to someone, say your employer. Probably not common in the US or
the EU, but in Venezuela for example there is a lot of pressure for employees
of state owned companies to vote for the government and they use many tactics
to make sure you do. I'd be worried about making it simpler for them. Maybe
there's a way of addding an extra layer of security?

------
barbegal
You could easily replace the word Blockchain in this patent application with
the word database and it would all still make sense.

Blockchains (I prefer to call them Merkle trees) were invented 40 years ago.
The interesting part about cryptocurrency based Blockchains that makes them
unforgeable is that they contain proof of work. The work to create an entire
Blockchain is equal to the sum of the work contained in each node. Without
proof of work Blockchains are easily forgeable.

~~~
sebmellen
I strongly disagree. This is a comment from someone who (I presume) is unaware
of the advances in Proof-of-Stake blockchains, and other consensus protocols
like the Stellar Consensus Protocol. Databases do not have a distributed way
to manage consensus - one of the main things that sets a blockchain apart from
a distributed database.

This consensus mechanism is what's important when something important (like an
election) hinges on the blockchain being an accurate representation of state.
This requires a Byzantine-fault-tolerant agreement. See
[https://medium.com/loom-network/understanding-blockchain-
fun...](https://medium.com/loom-network/understanding-blockchain-fundamentals-
part-1-byzantine-fault-tolerance-245f46fe8419).

~~~
hwillis
???

You absolutely do not want consensus anywhere near an election. Consensus is
not about agreeing on the total balance of transactions, it's about agreeing
on _individual_ transactions. It implies that multiple people know what your
vote was which is absolutely not what you want.

~~~
sebmellen
This is not true if the voting apparatus is separate from the identity of the
voter. There are two ways to accomplish this, and the USPS is proposing that
they ship voters a sort of "private key", which is fully anonymous, which has
no connection to their identity. This key is used once, with the right to cast
one vote.

In such a system, the whole blockchain will know what each public key voted
for. The difference is that there is no connection between this public key and
the vote of an individual. This would allow for a massively snd openly
auditable system, without sacrificing privacy or convenience.

I am not a proponent of this, as I think that in the near and mid-term
futures, there are too many technical problems to be worked out. If, however,
we end up giving every citizen digital ID cards as Estonia has done, and using
those as secure hardware used for voting, we could distribute the voting
process. Essentially, there would be no more vote-counting. There would only
be vote casting and the election results would be apparent to everyone,
immediately.

Consensus is absolutely necessary for such a system.

~~~
jlokier
I look forward to the national outrage in year 2075 when it is discovered that
90% of "voting citizens" were tokens stored in the basement of the White
House, and nobody noticed for 50 years.

------
sebmellen
My whole startup is built on blockchain, and I'm an Estonian e-Resident
(Estonia allows their citizens to vote digitally), so I find blockchain voting
fascinating. That said, there are some problems with it. This Tom Scott video
explains why:
[https://www.youtube.com/watch?v=LkH2r-sNjQs](https://www.youtube.com/watch?v=LkH2r-sNjQs).

But this is a very cool idea: combining the USPS vote-by-mail infrastructure
with a blockchain layer that sits on top, used mainly to provide anonymous
provenance. We'll see if this ever gets implemented, but I think it's a great
example of the non-hype uses for blockchains being explored.

~~~
amelius
Very nice video, though in the personally delivered sponsored message at the
end he seems to be contradicting himself. Why would you still trust a password
manager after seeing the video? And wouldn't it be incredibly stupid if an
entire nation put their passwords in a vault controlled by some company in
possibly another nation?

~~~
cheph
> Why would you still trust a password manager after seeing the video? And
> wouldn't it be incredibly stupid if an entire nation put their passwords in
> a vault controlled by some company in possibly another nation?

I think you should use a password manager, I do, and the people I know that
don't keep forgetting their passwords, keep reusing them, and generally just
practice horrible security.

As to which one, I would recommend an open source one like BitWarden, but they
won't fund YouTube videos on important issues because they don't have the
money.

I doubt Tom Scott would recommend that everyone in the world use this one
password manager, and it won't happen from him endorsing it. And I think that
integrity of elections are more important than the security of passwords, even
though I guess they are somewhat intertwined. For important things multi
factor auth should be used which won't be defeated by passwords only.

------
foepys
All blockchain (and electronic for that matter) voting systems are inherently
bad because they are not easy to verify.

Nothing beats pen and paper in verifiability and ease of use. If done right
with many eyes on the ballots, manipulation requires thousands of co-
conspirators. The only downside is the slow speed.

~~~
colordrops
You give one citizen one vote on the chain. They can personally verify that
their vote was counted because the chain is visible. Counts can't be rigged
because the entire chain is public. Voters can only vote by going to a
physical location where they use a multi-key signature, one by the voter, and
one by the local polling station, avoiding people selling off their keys. This
is anonymous, traceable, and the vote can't be altered.

~~~
galkk
As I see, the problem is not that the vote can be altered, but that the vote
can be bought and the fact that person voted in the right fashion could be
verified by 3-rd party much more easily (screenshots/whatever).

The privacy of voting booth could give at least some chance to change mind/lie
to the third party.

~~~
sebmellen
In theory, mail-in voting carries these same problems, and we're about to hold
the largest mail-in voting election ever. Not sure this is really an argument
against an electronic voting system.

In fact, with a blockchain-based system, the vote could be held in "limbo"
until the voter decides to cast it, or you could give the option of creating
fake screenshots to deter anyone "buying votes". You can't do this with a
paper ballot.

The real problem is compiler and hardware level.

~~~
M2Ys4U
>In theory, mail-in voting carries these same problems, and we're about to
hold the largest mail-in voting election ever.

And the president is - right now - conducting a denial of service attack on
it.

If that doesn't show that remote voting is vulnerable I don't know what
does...

~~~
dragonwriter
The only reason for a big mail-in election is a historic exploit of an
availability vulnerability of our in-person voting system, that it depends on
lots and lots of (in practice, mostly older) people willing to spend a day in
close contact with each other and other people for almost no pay.

> And the president is - right now - conducting a denial of service attack on
> it.

Or at least miming one, perhaps to provide political cover for Republican-
governed swing state legislatures, seeing the problems of in-person voting in
the pandemic and armed with the telegraphed disruption of vote by mail as
cover and polling data as motivation, to simply exercise their prerogative to
cancel public voting and assign a set of Presidential electors without it,
which the Republican control of the Senate can guarantee withstand any
challenge in the electoral vote count.

If he really wanted electoral chaos by disrupting vote-by-mail, there'd by no
reason to telegraph it; the reason to telegraph it is because he desires a
response that it either provokes or justifies, as much, more than, or perhaps
even instead of the disruption itself.

------
zelly
\- Won't work. People will lose their private keys. Apparently the key is
distributed to people on a piece of paper in the mail. That will get stolen--
or claimed to be stolen. It will be a mess.

\- What's the point of a blockchain here? Is USPS raising money with an ICO?
The use of digital signatures is enough. By having a "distributed public
ledger" now you open the possibility of getting Sybil attacked. But wait, you
say, USPS has their own canoncial version of the chain that they can force
everyone to rollback to in case of an attack--then what was the point of a
blockchain? You could just have a website that shows a list of public keys and
who they voted for. It would be totally auditable by anyone, just as a
blockchain would be, without any of the security risks of a blockchain.

------
Yetanfou
Did they also invent a system which protects against voter coercion? If they
did not, they might as well stop now since no matter how secure the voting
system is its relevance falls down to zero if it is possible for the local
gang leader to coerce voters to vote for 'his' candidate - "my man stands
behind you to watch you vote for candidate X, if you so much as twitch your
little girl gets whipped" (which works but doesn't scale that well) or "you
show me proof of you voting for candidate X or we'll burn down your house"
(which scales but depends on vote verifiability and as such is rather easily
foiled).

~~~
sebmellen
This is a ridiculous argument, because it could just as well apply to mail-in
voting as blockchain-based voting. I also think this fear is far overstated
(do we have _any_ stories of this happening in the US?) and the more
pernicious forms of voter suppression and misinformation are downplayed.

If blockchain systems allow 90% of the populace to vote unencumbered, with a
5% inaccuracy rate (which is far higher than to be expected), that's still
more democratic than only 70% voting.

EDIT: There are also ways to guard against voter coercion, for example by
allowing "fake votes" to be cast, which if not cast with a certain memo in the
transaction, will not be counted. This memo can be a PIN that the user is
given as their "legitimate vote PIN", without which the vote would be invalid.
When the user wants to appease their "mob boss", they would simply vote with
another pin, and the vote would show as having gone through.

This is a surface-level solution, but the technical architecture that can be
built to avoid voter coercion in a digital system is far greater than that
with mail-in voting. With mail-in voting, your "mob boss" just forces you to
tick a box, and put the sealed ballot in the nearest USPS drop box.

~~~
donaltroddyn
It's certainly not a ridiculous argument. Anonymity is a cornerstone of fair
voting systems, and any system that allows votes to be deanonymised increases
the risk of coercion.

The same type of risk applies to postal voting, although with less severity,
as with postal voting there is only one opportunity to check the coerced vote.
Blockchain based votes can be checked after the fact.

Still, for this reason, postal voting is rare, and most countries that allow
it do so only for citizens living abroad or who cannot travel to a polling
station die to injury or illness.

Countries like the UK and Australia that allow any eligible voter to do so by
mail are rare.

~~~
sebmellen
The results of blockchain-based elections can be checked after the fact,
that's true. But if the votes of the individuals in the electorate can be
checked after the fact, the system was badly architected. The USPS solution
linked by OP does not link the identity of a voter to their blockchain
identity, so coercion remains as much of a threat as in postal voting.

Blockchain-based voting systems can be either the least or the most anonymous
voting systems. Electronic voting allows the abstraction of many voter-
suppression tactics which are still in play in the US.

I may have misjudged the audience, because the postal voting argument is very
US centric, at a time when the prevailing media narrative is that postal
voting is an essentially _infallible_ system which should not be questioned. I
would find it hypocritical if people strongly supported mail-in voting while
not considering that blockchain-based voting carries similar advantages and
risks (which is why the USPS proposed this, I'm sure).

If you read my other comments in this thread, you'll see I'm not in favor of
implementing a blockchain-based voting system yet. I just think the above
argument was made from a fundamental misunderstanding of blockchain
technology.

~~~
donaltroddyn
> I just think the above argument was made from a fundamental misunderstanding
> of blockchain technology.

Which misunderstanding of blockchains/merkle trees do you believe has caused
the argument above to be incorrect?

The system as described in the patent provides no protection that I can see
against voter coercion, and in some embodiments, allows a voter to verify that
their vote has been counted as cast, which is significantly more ripe for
abuse than in-person or even postal voting.

I did read your other comments in this thread, but it seems to me that you
have a fundamental misunderstanding of blockchain technology and the problems
that it can solve. Your proposed right-to-vote token solution is worse in
every way than paper ballots cast in-person at polling stations with private
areas, counted by hand in publicly observable count centres.

~~~
sebmellen
To be clear, most of my other comments in this thread are solutions to
problems I took from the top of my head. I'm not suggesting we implement a
voting system off of my comments.

I also am not in favor of blockchain-based voting. Of course a "right-to-vote"
token is, at the moment, a far worse solution than paper ballots at polling
stations. Mostly, this limitation is pragmatic — we don't have good ways to
store private keys, low-level hardware and software is not easily auditable,
UX/UI issues, etc.

In the US, we are considering having the largest vote-by-mail election ever.
This is a politically charged issue, where Trump claims mail-in-voting will
lead to massive voter fraud, and the Democratic party claims otherwise. If you
suggest that mail-in-voting may be insecure, you're labelled as a Trump
supporter.

With this political landscape in mind, electronic voting vs. postal voting is
certainly a pertinent discussion. This comes especially as Trump has made
efforts to "DDoS" the USPS by kneecapping its throughput. This would,
depending on the system's design, be harder to do with electronic voting.
Estonia is a good example of how digital voting can be implemented securely,
with the approval and understanding of the populous.

But my main contention is that there _are_ ways that blockchain voting can be
fully anonymous, even if we don't have the implementation capability right
now. Zero-Knowledge proofs, combined with a system where the voter's real
identity is never mapped to their on-chain public key, allow for this. The
individual voter would receive a private key in the mail, or using a Monero-
like blockchain they would generate their private key and redeem one "Right to
Vote" token, which would be sent to their account. They would then vote with
this token, and using a "view key" would be able to audit that their vote was
cast for X party.

Nowhere in this system would real identity be mapped to blockchain identity.
The risk of "deanonymization" is therefore about the same as with mail-in
voting. A coercer could force you to show them the results of your vote
afterwards, true, but there are ways around this as well. Most simply, all
view keys could be revoked after casting a vote. The public "token balances"
of each candidate would be viewable, but the results of an individual vote
not.

------
todaysAI
Maybe they should maintain the postal boxes, have enough sorting machines,
maintain the necessary manpower/processes, and remain independent enough to
deliver the fucking mail.

~~~
ben509
Even if they did all that, all the states would need reliable mailing lists.
Oregon and Washington have been rigorously checking their lists precisely
because of this problem, while other states don't need to do that if the onus
is on the voter to show up at the correct poll.

It turns out that 17% of Nevada primary ballots had the wrong address.

If over 10% of votes are mailed to the wrong address, it would be a major
crisis in a hotly contested election.

[1]:
[https://publicinterestlegal.org/files/NV-2020-Primary-1P-1.p...](https://publicinterestlegal.org/files/NV-2020-Primary-1P-1.pdf)

------
ddingus
So, we are making all the votes a matter of public record?

It's either do that, or the voter is forced to blind trust whatever system is
used to record their voter intent.

To consider this problem properly, think about the problem a blind voter has
with a ballot. They cannot see the record of their vote, when it's made by a
mark. With a punch card, they cannot see the candidate associated with their
record either.

They have to trust whoever helps them cast their vote actually does cast it
correctly. There is no chain of trust between voter intent and the record of
vote cast.

Now, in the context of electronic voting, a person touches a screen gives an
audio input, whatever. They have to trust the system does what they intend.
There is no meaningful verification due to the fact that the system could tell
them anything.

When a vote is cast on media with a mark, and that mark and media are used for
the final tally, the voter knows their intent was recorded, and that intent
could be used directly to determine the outcome of the election.

(other corruption can happen, and is outside the scope of this comment)

Without a public vote record, voters have no idea whether they can trust the
election. Blockchain does not help with this problem, unless it's a public
affair, everyone sees how everyone else voted.

Banking gets around this by always having redundancies. Books are kept in many
locations and all must and can be reconciled.

Voting has no such redundancy, and due to that, electronic input has a basic
trust problem not being discussed enough in my opinion.

~~~
ihm
You can us zero knowledge proofs plus a blockchain to anonymize votes.

~~~
dQw4w9WgXcQ
This seems to be the tech underneath Algorand. If the USPS created a "Vote
Token" and it was truly anonymized, how would a central entity ensure that
people were not double-voting etc?

~~~
ddingus
Exactly.

------
atlgator
It's the illusion of safety. There is no facility for identity verification
baked into blockchain. You have integrity for the data allowed on the chain
but if you let Russian hackers write to it, it undermines the whole thing.
Personally I'd rather go with a PKI system that offers non-repudiation.

~~~
propogandist
what Russian hackers?

~~~
mhh__
Russians are to active measures what God is to sin.

------
Galanwe
What troubles me with this is that at some point in the system there will need
to be a mapping "real identity" -> "ID of voter in the blockchain".

What happens the day this mapping leaks?

~~~
sebmellen
In theory, this on-chain voter ID would never have to be "mapped" directly to
a voter. Rather, IDs are simply private-public keypair accounts, and all
that's provisioned by the holders of the election is the _right_ to vote with
one account. Then, the vote is cast by redeeming this _right to vote token_ ,
without the voting account ever being linked to a "real identity". Of course,
there are problems here too. Mainly with UX, and then at a low level the
hardware used (the general public is very easy to hack if you have nation-
state power).

~~~
marzell
How does this compare with Estonia and their use of public ID numbers? I just
know they don't consider their ID numbers secret the way SSNs are in the US,
yet they use them for everything. How do they prevent fraud and ID theft?

~~~
tpetry
Many countries have id numbers which are not a secret. In those countries you
simply can‘t do anything with the number. Creating a bank account by mail with
a ssn? Impossible you have to be at the department and show your passport. You
cant be at a department? The postal service in germany can verify your
identity if you are there, or there are some online webcam solutions where you
have to show your passport in the webcam, rotate it by instructions etc.

------
Ekaros
What is wrong with in-person paper-ballots? They have worked for centuries.
And continue to be the absolute best system from multiple criteria.

~~~
diffeomorphism
Covid? Waiting in long lines? Not having votes on a holiday like in civilized
countries?

~~~
Swenrekcah
All of those are solvable (and solved in most western countries).

Re. Covid, it would be a simple solution to spread in person voting out a few
days. It would be an inconvenience but no need to invent a new system.

~~~
Touche
You're assuming those in power want to increase enfranchisement.

~~~
Fjolsvith
So neither party wants to increase enfranchisement?

~~~
Touche
Parties want to increase enfranchisement when they are in a position to gain
from it. Once they've gained power they usually no longer need the help that
increased enfranchisement would provide (survivorship bias). This is the same
problem that prevents fixing many problems in government, like
underrepresentation due to the 2-party system. Those in power want to maintain
the status quo.

------
MrXOR
For peoples looking for the truth about blockchain voting:

[https://people.csail.mit.edu/rivest/pubs/PSNR20.pdf](https://people.csail.mit.edu/rivest/pubs/PSNR20.pdf)

------
kfrzcode
Electronic voting is a terrible idea.

Attacks on paper & pen ballot systems are much, much harder to scale.

Here's Tom Scott with a great explanation of the basics.
[https://www.youtube.com/watch?v=LkH2r-sNjQs](https://www.youtube.com/watch?v=LkH2r-sNjQs)

~~~
tdons
The same argument applies to the internet at large. Shall we move back to
filing cabinets because that makes data leaks more difficult?

I'm sure that at some point we'll crack the electronic voting nut. But yeah:
it's scary and the stakes are high. Then again, we've fixed electronic banking
and that runs pretty nicely without many problems -- right?

~~~
Swenrekcah
Electronic banking works prescicely because it isn't a secret semi-anonymous
blockchain thing. If credit card payments end up in the wrong account, someone
notices. If an electronic voting system assigns votes to the wrong candidate,
who notices?

------
diebeforei485
If you were creating a society on Mars, would you use a system of people
lining up in-person to vote? Probably not.

Rigged elections have been a thing for a very long time. The shenanigans in
Belarus is only the latest example.

Covid-19 will accelerate the inevitable. We're having a mail-in election this
year, people will get comfortable voting from home and it's only a matter of
time before people start asking why they can't just do it on their phone. I'm
excited for blockchain voting.

~~~
arp242
The vote in Belarus was rigged by the government: _" Lukashenko controls vote
counting, [and abused] a vast security apparatus and a noisy state media
machine unwavering in its support for him and contempt for his rivals"_. In
other words: it required a vast conspiracy with many people cooperating in
various ways to pull off. We've seen the same with rigged elections in Russia
and some other places.

Compare this to an electronic system where a very small group of people
(possibly even just one person) can potentially significantly skew the
election results.

------
giancarlostoro
There's already a few cryptotokens that allow voting on maintenance of said
cryptotokens (or affiliated ones) would these not invalidate such a patent?

Edit:

On another side, what if we did use Blockchain to supplement votes in a
different approach. I have not yet looked at how other Cryptotokens handle
voting on policies but say we distribute to each state enough tokens per their
legal citizen population, and voting places use a single token per voter,
maybe a code is attached to their ballot (maybe a district code, only
identifying their region?), this in turn pushes the vote into the blockchain
for a permanent record, then when all the manual / machine counting is done we
compare the blockchain results to see who screwed up, but it would also allow
for a slightly more live view of voting in real-time.

------
ycombonator
I received two separate ballots on two different people who resided in this
house in the past. What’s stopping me from filling both these ballots and
mailing them. The point is unless and until the voter roll integrity is
guaranteed there is always a possibility of fraud.

------
lixtra
The caltech voting project has a nice collection if papers about electronic
voting: [http://www.vote.caltech.edu/](http://www.vote.caltech.edu/)

------
60secz
Majority vote in a block chain isn't an election -- it's a 51% attack. Without
a consistent economic incentive, too cheap for bad actors to act badly.

------
anigbrowl
If you already have working electronic voting (for the sake of argument) you
don't need to elect representatives any more, you can just vote on issues
directly and set quorums and thresholds. For that matter you don't really need
ballots any more either, you can have the corpus of laws as a wiki and just
edit it.

------
mgualt
Was this patent filed before or after the head of USPS was installed by the
Dear Leader?

~~~
jacques_chester
Patents take several years to be granted. This is an application, it was filed
February 7, 2020.

------
jachell
I thought we made it past the era of every company having a blockchain patent.

------
naveen99
Regarding sale of verifiable votes. Why not regulate the sale and tax it ?

------
peter_d_sherman
Blockchain is important, but perhaps equally as important is the ability for
every user of the system to be able to audit every other user, that is,
vote/voter exact information transparency...

------
guenthert
Does that mean they can now further de-prioritize mail delivery? I'm waiting
for weeks on my EDD debit card. If only someone would have invented a way to
transfer funds electronically ...

------
graiz
A distributed ledger approach is a very bad idea because a foreign country can
launch a 51% attack on the ledger and has the resources to win and thus modify
the ledger.

~~~
ceejayoz
You can have a blockchain without a _distributed_ ledger.

------
nhumrich
Why does a government service provider need to file a patent?

~~~
Fjolsvith
To prevent another entity from hoarding the solution?

------
davidajackson
Isn't the bigger issue here that someone can file a patent for something so
blatantly obvious? Patents in software seem to do nothing good for innovation.

------
brainzap
It will all run on servers, where I am the administrator.

------
throwawaysea
How is this at all patentable? Can someone explain the line between new
innovation and application of existing technology?

------
yalogin
Why does the USPS have a group that thinks about blockchain? If it exists what
is this group ?

~~~
detaro
lots of enterprise-y companies and organizations get small groups to look at
buzzword topics, and blockchain has been hyped for a bunch of postal-adjacent
topics. Good chunk of the patent authors seem to be external consultants
too... Couldn't find anything specific about in what context USPS specifically
looked at that.

------
nathias
We should be experimenting with electronic voting for 30 years and innovate
solutions to its problems. Nobody thinks it doesn't have problems, but to just
stop at pen and paper voting just means to affirm the problems of pen and
paper which are IMO much worse. (scarce voting, batched issues)

~~~
fsh
Most european countries simply don't have any problems with pen and paper
voting. Turnout is typically much larger than in the US with its crazy mix of
electronic/mail-in/in-person voting. Probably this is due to automatic voter
registration for all citizens, having the elections on Sunday or on a holiday,
and (in some cases) not having a first-past-the-post system where a large
fraction of votes don't matter anyway.

~~~
nathias
Yes we do, everyone has them. There is an unimaginable difference between a
system where you can have a referendum on =X once per year and it costs 10mil
or a system where you can have a referendum every second and it costs ~0. We
can then vote for issues directly instead of having people that may or may not
(as is most often the case) vote in a way they signal they would before
elected.

~~~
mhh__
Referenda are a terrible way of governing.

Think about Brexit - bad faith arguing from one side, constant lying, no plan
about how to actually leave, and then a protest vote pushed it last 50% so now
we have to leave on a no deal because it's an impossible policy to do in a few
years.

A referendum is OK for deep constitutional issues, but policy should not be
decided by referenda especially vague ones.

Policy is also quite hard to undo, a direct voting system would like lead to
us living in a rent-controlled, capital punishment-ing, overtaxed reactionary
world.

~~~
sebmellen
And yet, the option to take part in a series of referendums works splendidly
in Switzerland [1]. This is also what I've anecdotally observed from living in
Switzerland.

Perhaps, if the option to vote on an issue were presented often, people would
have time to change their minds and would become more involved in the voting
process. The reason a second referendum on Brexit wasn't held was because it
was deemed infeasible. Not so with electronic voting.

1: [http://direct-democracy.geschichte-
schweiz.ch/switzerlands-s...](http://direct-democracy.geschichte-
schweiz.ch/switzerlands-system-referendums.html)

~~~
fsh
I would argue that the Swiss system only "works" because the people reject the
vast majority of referendums and let the elected parliament do the actual
policy work. In total, only 22 have been successful since 1891. Most of them
were on populist issues (often fueled by xenophobia) and had little to no
influence on everyday life.

~~~
sebmellen
That is simply not true. There have been hundreds of successful referendums,
many on non-xenophobic issues, and what's the problem with populism? The point
of a democracy is to be populist!

Take 2006:

\- Financial aid to new EU members, 2006-11-26, overall result: YES

\- Standardized extra pay for families, 2006-11-26, overall result: YES

\----

> How many referendums are successfully passed?

> The Swiss have been called on to vote around 306 times since 1848 for a
> total of 617 proposals. In total, 299 proposals have been passed while 334
> have been rejected.

From: [https://www.thelocal.ch/20190517/why-does-switzerland-
have-s...](https://www.thelocal.ch/20190517/why-does-switzerland-have-so-many-
referendums)

------
Exorus18
Obligatory xkcd: [https://xkcd.com/2030/](https://xkcd.com/2030/)

------
devin
For those commenting, I suggest looking into ElectionGuard.

------
solarkraft
Tom Scott: Why electronic voting is still a bad idea

[https://www.youtube.com/watch?v=LkH2r-sNjQs](https://www.youtube.com/watch?v=LkH2r-sNjQs)

------
naveen99
anonymous, verifiable: chose one.

I would chose verifiable.

~~~
halfFact
I'm with you. If someone votes for someone, they should also be held
accountable for their Politicians actions.

------
brundolf
There's an XKCD for this: [https://xkcd.com/2030/](https://xkcd.com/2030/)

------
aoowii
Am I the only one still against network-based, and to a lesser extent
electronic-based, voting?

It's near impossible to rig or suppress a physical election without a lot of
effort, but one person can DDoS an entire network and no one can vote and the
whole election needs to be scrapped.

Not even the strongest cryptographic or software systems are free from
exploits (especially over time) and there's no way to be sure the open source
code for the system is the same code actually being served on the system.

A lot of software has died by its own hubris by assuming their systems are
secure and then a single 17 year old on 4chan finds a bug and ruins it all.
You can't afford for that to happen in an election. Forget hackers, some
skilled social engineering gets you the votes of thousands, but you cannot do
that in person so easily.

I'm sure the problems have been discussed extensively but other niche problems
include lack of availability for rural areas (which has been a huge problem
even with paper voting). I think the only reliable voting system at scale is
in person.

~~~
atoav
You are not the only one. However I don't think security is even a relevant
concern, because there is one much more fundamental flaw in all electronic
voting systems:

The goal of voting is to produce _agreeable consent_ — so it doesn't really
matter _how_ you organise voting, as long as everybody afterwards can agree
who won, who lost and by how much.

So phrased differently, one of the most important properties of any voting
systems is that people afterwards can't just call the result into question.
This can only be true if _most people voting_ understand the mechanism, can
verify it themselves and manipulation on big scales is hard.

This is why I think any electronic voting system is problematic. Even a total
expert would have a hard time proving that _one_ machine worked as it should
on election day. If you then have some Autocrat who raises doubt about the
election result whom do you trust? That expert who tells you that manipulation
was mathematically impossible or that autocrat whose party you vote?

~~~
eloff
Wouldn't a blockchain voting system help here, if everyone can examine the
time, place, and votes in the history, and see that all the block hashes match
what's expected?

That gives much stronger guarantees than paper, and while the average Joe
can't verify it himself, there would be three million programmers in the US
alone who easily could.

Whereas with paper I can't count the votes myself, I have to trust the
authorities who did that.

~~~
BurningFrog
One very important thing most people forget:

If you can verify that your vote was correctly counted, your vote can't be
kept secret, and intimidation and vote buying becomes impossible to stop.

> _Whereas with paper I can 't count the votes myself, I have to trust the
> authorities who did that._

The way it works in my home country is that the paper ballots are handled in
an inspectable way and anyone can observe the counting process. You can't
check _your_ vote, but you can control _all_ the votes.

~~~
davisr
I'd never want electronic voting either, but this myth needs to die.
Intimidation can happen with absentee voting too, so it's not a valid concern.

~~~
Consultant32452
In most elections the number of absentee ballots is so small as to be
statistically irrelevant. I'm not even certain absentee ballots are always
counted because of this, winners are surely announced and concession speeches
are made long before absentee ballots are counted. So whatever
security/intimidation issues might be higher in absentee ballots aren't that
big of a deal due to the small number of them. That may be changing this
election with wide spread/universal mail in balloting.

~~~
the_snooze
> I'm not even certain absentee ballots are always counted because of this

This is a misconception. All ballots received according to the laws of the
state must be counted before the secretary of state certifies the results.

News networks will call an election as soon as they're certain it's gone one
way or another. If Trump is up 30% in Wyoming on election night with 500
absentee ballots outstanding, CNN will call it. This doesn't mean Wyoming
won't count those ballots. They have to in order to certify the results, which
happens a few days after election night. States maintain detailed election
results for historical and legal purposes. They don't throw away absentee
ballots just because they won't change the outcome.

States will, however, toss out absentee ballots that aren't received according
to their laws (i.e., some states require those to be received by election day,
while others merely require them to be postmarked), as well as those without a
verifiable signature on them.

This is a really common misconception. Absentee ballots absolutely count as
long as they're received correctly. States need accurate vote counts. Absentee
and provisional ballots aren't "lesser" ballots. They're just subject to some
scrutiny before they're counted.

~~~
aksss
What you’re saying about certification is true but the comment you’re replying
to was making the point that the volume is low enough that most elections can
be safely called without having completed the count, e.g. you have 5 absentee
ballots to count but one politician is up by 20 - doesn’t matter what the
absentee ballots say. So while intimidation with absentee ballots isn’t a
factor, that comment was saying the now material volume of mailed in ballots
creates a greater risk exposure than we associated with the absentee system.

------
shrubble
I never understood why voting remains such an issue.

Why not have the credit card companies handle voting? The cost of a card with
the chip is less than $2 isn't it?

The card is swiped into a reader, the ballot is displayed on screen, choices
are made and confirmed, a laser printer prints out a paper ballot which is
dropped into a secure box.

We would know within 1 hour of polls closing the accurate tally of every race.

~~~
violetyellow
Suppose I'm a bad guy with Trump, I command the credit card company to issue 1
million fake cards with names which are passed away in last century. Ask my
agents to sweep these cards and vote for me. How could you civilians prevent
these things from happening?

~~~
diebeforei485
Vote by mail is also vulnerable to this.

------
OliverGilan
A lot of issues being brought up with electronic voting seem to me to be
solvable via a blockchain technology like Ethereum.

> Even if the code is open source you cannot know that's the software running
> on the polling machine.

If the entire election happened on an Ethereum smart contract and every voter
was given an address to vote with they could verify that their transaction
cast a vote to the correct smart contract address and they could know what
function was called so they would know how it would behave. You wouldn't have
to blindly trust the system because you could verify that your vote went where
it was supposed to go.

> Social engineering/hacking an online voting pool This is definitely still
> possible. Any smart contract to handle this would need to be rigorously
> audited to make sure there are no vulnerabilities. As for social
> engineering, I do not think this is that big of a deal as long as you
> emphasize the importance of never sharing your private key.

I also do not think it's all or nothing. You could potentially have electronic
voting built on blockchain technology but still have it all done in normal
polling booths like we do now. The benefit to this is that you have the
reliability of in-person polling but the citizen can then also track their
vote to add a second layer of verification. Idk, what am I missing that makes
this obviously a bad idea?

~~~
throwaway936482
Because it's utterly utterly unnecessary and can be solved by the very simple
tick box, count ballot in public, let anyone watch or volunteer to do so
system. The existing problems with the American system of dodgy ballots,
hanging chads, OCR errors etc. are causes by too much technology. Get rid of
it all and use a wholly manual system. Treat postal votes the same way and
count them at the same time as other ballots.

