Am I the only one still against network-based, and to a lesser extent electronic-based, voting?
It's near impossible to rig or suppress a physical election without a lot of effort, but one person can DDoS an entire network and no one can vote and the whole election needs to be scrapped.
Not even the strongest cryptographic or software systems are free from exploits (especially over time) and there's no way to be sure the open source code for the system is the same code actually being served on the system.
A lot of software has died by its own hubris by assuming their systems are secure and then a single 17 year old on 4chan finds a bug and ruins it all. You can't afford for that to happen in an election. Forget hackers, some skilled social engineering gets you the votes of thousands, but you cannot do that in person so easily.
I'm sure the problems have been discussed extensively but other niche problems include lack of availability for rural areas (which has been a huge problem even with paper voting). I think the only reliable voting system at scale is in person.
You are not the only one. However I don't think security is even a relevant concern, because there is one much more fundamental flaw in all electronic voting systems:
The goal of voting is to produce agreeable consent — so it doesn't really matter how you organise voting, as long as everybody afterwards can agree who won, who lost and by how much.
So phrased differently, one of the most important properties of any voting systems is that people afterwards can't just call the result into question. This can only be true if most people voting understand the mechanism, can verify it themselves and manipulation on big scales is hard.
This is why I think any electronic voting system is problematic. Even a total expert would have a hard time proving that one machine worked as it should on election day. If you then have some Autocrat who raises doubt about the election result whom do you trust? That expert who tells you that manipulation was mathematically impossible or that autocrat whose party you vote?
Wouldn't a blockchain voting system help here, if everyone can examine the time, place, and votes in the history, and see that all the block hashes match what's expected?
That gives much stronger guarantees than paper, and while the average Joe can't verify it himself, there would be three million programmers in the US alone who easily could.
Whereas with paper I can't count the votes myself, I have to trust the authorities who did that.
Poll workers who do the count aren't "authorities" who lord over us. They are us. I volunteer to be a poll worker. You can too. Anyone who's an eligible voter can be part of the counting process and see how it's done. In my precinct, it's exactly what people see when they vote: they feed the machine their completed ballots and the machine spits out the count at the end of the night. If there's a problem, all the ballots are kept in sealed boxes and can be re-tallied independent of the scanner software/hardware.
If you think there's monkey business going on in your precinct, you're free to participate in the process and verify it for yourself.
2000 and Bush Gore. They had three official recounts. The number was always different, but not by much .. but it was still higher than a 1% margin of error. The FL ballot was pretty garbage and since then, most states have avoided punch-out/butterfly ballots. The Supreme Court ended up appointing Bush and the nation's voting commissions learned an important lesson.
But like OP said, volunteers could see the process. The recounts were actually pretty damn close; it was just the election was way too close for that to be acceptable.
In general the US system, as crap as it is (first past the post is garbage; no possibility for 3rd parties as with ranked or MMP systems), the electoral and state-based rules do mean that election fraud isn't too big a deal. New York will likely always go Blue. Tennessee will always go Red. Even if there is same fraud there, it doesn't matter that much because of the way votes are allocated per state. It's not fair, but that's the system the US has.
Fraud matters greatly in states were elections are close (Florida, Ohio, Arizona, etc.) and it will get even worse thanks to National Popular Vote Interstate Compact, if that gets triggered.
Potential fraud in swing states or NaPoVolIterCo are incredibly dangerous right now, because what we cannot have in America is loss of faith in the election system. That will be disastrous. We would not survive the 2000 Bush/Gore election today.
>The number was always different, but not by much .. but it was still higher than a 1% margin of error. The FL ballot was pretty garbage and since then, most states have avoided punch-out/butterfly ballots.
This shows that recount disputes almost always boil down to whether to accept a particular ballot one way or another. It's not fraud. You're just bound to run into ambiguity once or twice in a large election. It usually doesn't matter, but it can pop up when an election is really close.
> first past the post is garbage; no possibility for 3rd parties as with ranked or MMP systems
I'm guessing you watch a lot of CPG Grey. You should check out Cardinal Voting systems[0], specifically Approval[1] and STAR[2], as these better fix a lot of the problems. Fargo recently had great success with approval[3]
Whatever objections there may be to the (mostly) winner take-all system by state, one advantage is that it tends to contain disputed results/recounts to one or maybe two states which is generally a lot more manageable than if it were the whole country.
>You cannot argue much with a public algorithm doing public tabulation, where you can literally follow your vote.
But that also means the guy with the big wrench can follow your vote and so see whether you voted the way he told you or not, and that allows him to decide whether to smash your kneecaps in.
I have seen systems that allow for a real vote as well as a masked vote - so you get verified votes but have a fake vote to show if you want or need.
But consider: at this very moment, right above you is a comment with a picture of ballot that was filled out improperly and lead to a tied election. If we can’t teach people to fill in a circle properly, how in the world do we expect them to use or understand a system that guarantees verifiability as well as anonymity.
A system that was used in some counties in California a few years ago used a paper ballot that was marked by the voter,
and then fed by the voter into an optical scanner (made by Eagle, IIRC) which either
successfully scanned the ballot, xor returned it to the voter
in cases like: extraneous marks, votes for too many candidates in a multi-seat poll (like 4 candidates marked
for 3 city council seats among 11 candidates) and similar.
The voter could exchange their improperly marked ballot
for a fresh blank ballot and start over. The net effect
was that all ballots scanned by the voter needed no further
inspection - an effect that is sadly lost in vote-by-mail.
Is the problem "people not filling in circles properly" or is the problem that there are other errors. If I'm not mistaken you're referring to the hanging chad issue. The reason it was an issue is because it is hard to see the chad. We're in tech, this should be unsurprising that machines don't work with 100% efficiency. If your machine (human or computer) is marking a ballot it would be unsurprising if the mark is transposed or warped or incomplete. Instead we should design a system that accounts for these errors in a clear and concise manner.
Teaching people to use and trust an insanely complex system is. I’ve yet to hear any proposal for an electronic voting system that offers any advantages over current systems AND doesn’t require a PhD in mathematics to grasp.
I'm still mixed on electronic voting, but I do think it should be further researched.
The simple answer I've seen is giving people a hash or code that can be used to verify their vote in a database. Obviously you have to trust the database, but you also have to trust the people counting. I do think there are enabling technologies like zero-knowledge proofs and locally differential privacy that do help with many of the problems, but my understanding is that neither of these is mature enough for use in voting, yet.
But as to general advantages, I think there's two major ones I see. 1) Electronic voting better enables access to voting since people can vote in the comfort of their homes (especially relevant in a situation live covid). 2) Enables better research about candidates. I live in a state with mail in voting and how I vote is with my ballot in front of me while I research all the candidates. In fact, I spend several days voting (sure, not everyone will do this but it makes it easier). Links to official campaign pages or voter guides (we have this in my state with the ballot) would be helpful (and encourage candidates to create them! Because often they don't even have a website, at least on local levels).
As a minor advantage I do see having the ability to perform different voting testing and better answer questions to things like ordinal and cardinal voting systems (by participation not forced A/B testing).
Just because enabling technologies aren't there yet doesn't mean we should shutdown the conversation about how to solve those technological challenges.
>Instead we should design a system that accounts for these errors in a clear and concise manner.
We already have these systems in deployment. My precinct uses optical-scan paper ballots where any mark inside the bubble is valid. You can fill, dot, cross, check, whatever---the machine will count it as a mark. If you have a stray mark that results in an overvote, the machine will reject your ballot, then prompt you to either correct the overvote or override the error. The scanner will also accept ballots fed in any orientation as long as it's not folded or wrinkled.
Looking at that ballot for Newport News doesn't seem at all ambiguous to me.
The instructions aren't just for those filling it out. The reader should only have interpreted the properly filled in circle. The ones with marks through them are a near universal indication of "Don't count this," everywhere I go. I've also been known to either annotate, leave an instruction to th He reader, or say screw it and ask for a new ballot.
Given the significant other was completely flummoxed though when asked cold, I see your point.
What do you consider "very very small?" Tabuation is done at the precinct level, and there are many many precincts involved in an election.
Also jurisdictions can do risk-limiting audits (RLA) to spot-check that the electronic counts are in line with the results. "Following your vote" is dangerous because it opens up the possibility of at-scale voter intimidation or vote-buying. "Receipt-freeness" is a desirable property because it eliminates this risk. RLAs allow for aggregate verification while maintaining receipt-freeness.
Receipts (paper records received after voting) are OK as long as they don't reveal who you voted for. Confusingly, sometimes this is called "receipt-free".
If you can verify that your vote was correctly counted, your vote can't be kept secret, and intimidation and vote buying becomes impossible to stop.
> Whereas with paper I can't count the votes myself, I have to trust the authorities who did that.
The way it works in my home country is that the paper ballots are handled in an inspectable way and anyone can observe the counting process. You can't check your vote, but you can control all the votes.
You can make the vote anonymous with electronic voting, in a way only you can verify if you wanted. There are existing voting systems with that property.
But, if "you" can verify it, then "you" can also be coerced into revealing that verification in order to avoid physical punishment (guy with big wrench who /requested/ you vote for A lest he begin breaking knee caps mentioned in a sibling post).
There are ways to provide verifiability without that vulnerability. But since there's no way to prevent the wrench guy standing over your shoulder, I think you could only really solve that problem if you vote in person. If you're doing that I still think blockchain voting is great, but then you should also print out a paper trail and tally that separately. Then you have two overlapping systems with different trust properties and both must be in agreement for the election result to be valid.
There’s so much to be said for voting in person, the reason you stated chief amongst them. However, attending to the polling place on Election Day is very healthy for a community, IME. Also, there’s something virtuous in expecting people to get their shit together enough to walk in on Election Day, so long as early voting is there to accommodate those who cannot make it that day.
The rush to vote by mail (with risk of ballot harvesting, which I saw in my own city (a Republican incidentally) and online voting (with associated risks) seems foolish to me. The secret ballot, completed by oneself in guaranteed isolation, is the pillar of my confidence in our system. Pandemic be damned - it’s not a severe enough crisis (by the number of deaths) to warrant overhauling the system the night before. Feels very much like a useful opportunity to advance an erosion of faith in the electoral system. If I were Russia or China, I would be looking on at the discord with glee right now.
You can already be compelled to do that with your cell phone. People take pictures/videos of their ballots all the time (making it illegal doesn’t stop it).
Someone else mentioned a real/mask vote solution with blockchain so that issue could be solved by electronic voting.
In most elections the number of absentee ballots is so small as to be statistically irrelevant. I'm not even certain absentee ballots are always counted because of this, winners are surely announced and concession speeches are made long before absentee ballots are counted. So whatever security/intimidation issues might be higher in absentee ballots aren't that big of a deal due to the small number of them. That may be changing this election with wide spread/universal mail in balloting.
> I'm not even certain absentee ballots are always counted because of this
This is a misconception. All ballots received according to the laws of the state must be counted before the secretary of state certifies the results.
News networks will call an election as soon as they're certain it's gone one way or another. If Trump is up 30% in Wyoming on election night with 500 absentee ballots outstanding, CNN will call it. This doesn't mean Wyoming won't count those ballots. They have to in order to certify the results, which happens a few days after election night. States maintain detailed election results for historical and legal purposes. They don't throw away absentee ballots just because they won't change the outcome.
States will, however, toss out absentee ballots that aren't received according to their laws (i.e., some states require those to be received by election day, while others merely require them to be postmarked), as well as those without a verifiable signature on them.
This is a really common misconception. Absentee ballots absolutely count as long as they're received correctly. States need accurate vote counts. Absentee and provisional ballots aren't "lesser" ballots. They're just subject to some scrutiny before they're counted.
What you’re saying about certification is true but the comment you’re replying to was making the point that the volume is low enough that most elections can be safely called without having completed the count, e.g. you have 5 absentee ballots to count but one politician is up by 20 - doesn’t matter what the absentee ballots say. So while intimidation with absentee ballots isn’t a factor, that comment was saying the now material volume of mailed in ballots creates a greater risk exposure than we associated with the absentee system.
But with absentee voting, the votes are still counted by hand. That's the part that has to be the most secure. With any paper voting system, votes can be impacted by some criminal scheme, yes, but only one at a time and with great individual effort. You have to blackmail a LOT of people to swing an election. Whereas with an electronic election, one attacker can change millions of votes with a single bit of malware code, with nobody the wiser.
>But with absentee voting, the votes are still counted by hand.
The verification is manual, but the counting probably isn't. At least in California, absentee (mail) ballots are exactly the same ones you get at the polling place. You put them in an unmarked envelope, which you place inside another envelope with your information and signature.
The counting center verifies the information on the outer envelope and ensures you didn't already vote elsewhere in-person. If it's good, then the inner (unmarked) envelope is taken out and a machine processes the ballot as if you were in the physical precinct.
Nonetheless, there is a physical paper record of every vote that can be counted by hand, the machine is just for a quick estimate of the count. There are only 2 points of trust in a mail election: the vote itself which could be compromised by blackmail or whatever (low risk because only one vote can be influenced at a time), and the scantron machine (low risk because the ballots can still be counted by hand to verify).
But if your vote is just a byte getting added to a database on a server from your personal computer over the internet, there are a hundred high-risk trust points. You have to trust the user, but also the website, the browser, the operating system, the network, the hardware, the server, the software running on the server and everybody who has ever worked on it, the counting software, the people operating the counting software, and a compromise at any single one of these points could change millions of votes without any possibility of detection.
In other words, in a scantron election, the legal vote is the paper, the electronics are just convenience. In an internet election, the legal vote is the ephemeral machine-generated bits on a wire, and that's where the problem comes from.
Does it apply at the same level? I could see some ransomware that says if your vote doesn’t appear on the blockchain you are not getting your files back. Meanwhile to achieve intimidation with absentee voting, wouldn’t you have to check the physical ballot in person?
> If you can verify that your vote was correctly counted, your vote can't be kept secret
This is false. Votes (transactions) in Bitcoin are pseudonymous, meaning everyone can see what votes were placed, but nobody knows who was responsible for the specific votes. Only the owner knows, unless they choose to reveal to others.
Yes, that makes more sense and I think that's a valid point, thanks.
To be fair I thought you meant that it couldn't be kept secret from a global view - that anyone who wanted could look at the blockchain and attach votes to identities.
The overwhelming majority of the population doesn't have the capacity to understand what you wrote or why that is true. Even the majority of those who understand why it may be true, cannot say for certain that it is true without inspecting the codebase and its operation. That's a major problem.
I mean, you could say the same thing about current electronic voting or even about how aggregate paper voting is counted behind the scenes. Those things involve some level of trust.
I don’t think what I wrote is that difficult to understand. I think you’re underestimating people when you say “the overwhelming majority of the people do not have the capacity to understand what you said.” Really? Not even the capacity to understand?
In any case, the trust involved for a blockchain-based voting system with pseudonymity is much less than the other systems, because they can be 3rd-party audited, or even open source. And that auditing only needs to happen once rather than for each local vote collection method.
Explaining to the end-user is just a matter of communication. That’s not a “major problem.” People don't need to know how a blockchain works just like they don't need to know how UPS works. They just need to know that they're able to place a vote anonymously and verify themselves later if they want to.
In most democratic nations everybody can volunteer to be present at counting. This is in itself a control mechanism, as it would be highly unlikely that meaningful voting fraud would be carried out under the eyes of the observers from multiple parties without anyone making a ruckus.
This is an effective mechanism which apparently convinces enough people that the votes are legitimate.
With blockchain you would have to:
- have them understand blockchain algorithms
- have them understand computers (so they understand why blockchain might be safe here)
- have them understand networking technologies
- convince them all of that (and no more/less) is on the actual machines on voting day, for every vote
Have you ever tried explaining what an URL is to your parents? Or how passwords are stored? I am positively convinced that not an insignificant amount of the electorate would just say "there was some hack" when things didn't go their way. And they don't even need to show you proof, because you won't be able to proof the opposite because they won't understand it.
Ultimately to me the benefits of a blockchain system don't really show. It is far to complicated and has too many moving parts.
Yup. I'm pretty sure most software engineers don't even know how something as basic as hashing works. They just put lego blocks together, without much understanding of even how those lego blocks work.
When it comes to traditional voting, it's fairly easy to understand. You cast your vote, then someone counts them. You don't care how they count it, even if it's with an aid of a machine. You just care that you cast, someone fairly counts.
With a blockchain, there is no person involved and there is no counting. You vote and some piece of software that most software engineers don't even understand tells you who won. That is really not going to engender trust from anyone, not even software engineers.
I work on blockchains all the time and even I wouldn't trust that thing. Good luck convincing someone who doesn't even know how to reboot their iPhone.
No, because it violates this principle the GP pointed out:
> This can only be true if most people voting understand the mechanism, can verify it themselves
Most people, i.e., most voters, will not be able to understand the mathematics behind a blockchain system sufficiently to either "understand the mechanism" or to "verify it themselves".
Most voters can understand the paper ballot counting system:
1) turn over next ballot
2) count filled ovals/check marks/whatever it is on this particular ballot sheet that signifies a "vote"
3) add count to running tally
4) return to step 1
Observers can also watch the individuals doing the counting, and believe that they (the observers) are accurately following along in the process.
Blockchain does not provide for that transparency in the process of counting the votes.
> That gives much stronger guarantees than paper, and while the average Joe can't verify it himself, there would be three million programmers in the US alone who easily could.
I think the current US population that really understands blockchains is less than 1% of the population.
The average Joe doesn't want the nerds to pick the president.
Also, don't forget it's a secret ballot, and we do not have any good database of people with public keys in this country. What the hell am I supposed to make of a ledger with 100s of million anonymous public keys? Surely I cannot claim that relates 1-1 with the choices of real people.
I'm definitely opposed to 'electronic' voting, but the problem you are describing is easily solvable with asymmetric cryptography.
You'd have your private key on your 'voting card' (unsure how you call it in the US) with some pw and the machine would just scan it, ask your password. You just need the proof that someone having a private key associated with a public key on a public record has signed, not necessarily know to which public key it is associated.
But there would be so much problems with such a system that I would'nt even know where to start..
Right. It's not that anonymity is impossible, but that anonymity is one requirement we can remove and make the problem tractable again.
There may be other such "straws that broke the camels back", but IMO anonymity is one property that makes a cryptosystem far less intuitive even to me. It's the bridge I never advocate crossing unless people with more security knowledge than me go to great lengths to demonstrate otherwise.
This is America. Your social security number will make a perfectly fine secret key! It works so well as a secret for everything else in your life, after all. I'm sure nobody else has has it, or can acquire it for use in mass voter fraud!
> Your social security number will make a perfectly fine secret key!
Never in its history was it a secret key anymore than your drivers license number, it’s an ID number that can be used to look you up in a DB like a username would be.
The problem is, that despite everyone just instinctively knowing a username needs to be paired with a password (or ideally multiple factors, but that isn’t as universal in understanding yet), no such thing exists currently to pair with your social security number.
The first point is a strawman. The second is obviously something the system would have to be built for, and that would be arguably more verifiable than what we have now.
The OP was trying to point out that whilst you and I may understand the mechanism in order to trust it, others can't, because they won't be able to understand why it's trustworthy. My friends don't understand crypto, so they can only ever trust it if they trust me (or the person telling them it's trustworthy).
Imagine this, you rig a crypto-vote not through technical means, you just say you won even though the blockchain says you didn't. How many people in your country do you think will believe the experts over the politicians? My honest opinion about the US, is that the experts will lose.
It doesn't matter if you're right if no one believes you, and currently people believe the paper vote because they can understand how it would be executed fairly.
The fact is that currently, America's democracy is in danger because people are going to find it hard to trust even a paper vote during this election. No matter which way the vote swings, by planting the seed of doubt, the current administration has undermined the vote.
It won't matter in presidential elections in the US. It's the electoral college that picks. It's in the constitution. States aren't even required to let the citizens pick -- we vote at our individual states pleasure.
We can't even have nearly half the nation agree on mask wearing. People completely disregard what doctors and scientists think. What makes you believe they'll listen to some San Fran programmer??
And don't forget that the US operates on the Electoral College, which a shocking number of people don't even understand. Since each state has different rules about their EC delegates, popular vote does not necessarily equal winner...
Now try telling that to people when there's a big screen with "official" numbers that were all provided electronically an hour after polls closed...
Taiwan has the best way of counting votes. Ballot is hold in the air, the name is called out and someone in the back keeps the score. Everyone can see what is going on.
There are practical limitations that prevent us from doing that in the US. Specifically, our ballots tend to be long and complicated. A California ballot on a presidential year can have dozens of contests, from president to dog catcher to referenda. Reading out all ballots would be very time-consuming and likely very error-prone as poll workers are pretty tired by the end of the night.
This is why we have scanners to speed up counting paper ballots. And paper ballots are retained for targeted manual counts if there's a need for auditing or recounts.
I’m in the US and the weird mechanical machine that casts my vote is a black pen filling in a circle. That can be read quickly by a simple electronic machine or more slowly by humans if there is a question. It’s low tech and hard to influence on a non-trivial scale.
It is true that some places use much more complex systems and I don’t really understand the interest in those. It definitely don’t see any benefit to fully electronic voting, block-chain or otherwise. Voting doesn’t have to be efficient. It needs to be reliable, understandable, and believable.
I have like a 1-2 year old's level of Mandarin at this point, sigh, but I don't think there is a detail I'm missing once the process gets going. This is a good, accessible voting system.
..the study provides strong evidence that the introduction of EVMs led to (i) a significant decline in electoral fraud, (ii) strengthening the weaker and vulnerable sections of the society, and (iii) a more competitive electoral process.
Under the paper ballot system, polling booths would often be captured and ballot boxes would be stuffed, resulting in an unusually high voter turnout. EVMs helped tackle this risk by incorporating an important feature—registering only five votes per minute. Committing electoral fraud would require capturing polling booths for longer periods.
The success of the EVMs in India warranted a comprehensive audit mechanism to verify the votes cast. In 2013, the Election Commission of India formally incorporated Voter Verified Paper Audit Trail (VVPAT) machines in the electoral systems. The VVPAT—leaving behind a paper trail of the vote cast—acts as an additional layer of verifiability and assurance in the electoral process. A paper record ensures that the vote has indeed gone to the intended candidate and is recorded as such.
> So phrased differently, one of the most important properties of any voting systems is that people afterwards can't just call the result into question.
This is a solved problem with in person voting, I would say that is one thing where South Africa has gotten it down quite well.
There is voter ID at the polls with voter registers to ensure only citizens can vote and nobody can vote twice, vote boxes are sealed and only unsealed with observers present from all parties and international observers, there is also observers at the polling stations from all parties, overall there is nothing to dispute and even in one of the most corrupt countries in the world election results are not disputed because everybody knows it would be absurd to dispute.
Which is precisely the strength of such a system. People often complain about voting being slow — but being slow is a feature not a bug in this case. Better slow and right than fast and wrong.
Definitely, I would have it 10 times slower to increase integrity. I think people that have not lived under despotic regimes maybe don't understand the potential downsides of a loss in election integrity.
No, you're not. This is the consensus in tech. Well, at least in the infosec community, this opinion is held by the majority. For example, Bruce Schneier is an advocate of paper ballot for 20 years.
> There are lots of very smart people doing fascinating work on cryptographic voting protocols. We should be funding and encouraging them, and doing all our elections with paper ballots until everyone currently working in that field has retired.
You can't prove who you voted for today: that's a crucial part of the electoral system, not a minor feature. How are you thinking that you could you prove who you voted for?
(Keep in mind that you can always request a new ballot if you've "spoiled" your original one, so a photo showing your completed ballot could easily be faked. And my memory is that it's officially illegal to take photos in a polling place anyway, so if you tried to take a picture as your ballot was being fed into the machine, the poll workers would stop you.)
No, at least in my circles nobody thinks electronic voting is a good idea.
I think Tom Scott has the best argument: you can't build a system that requires you to have a PhD in computer science to fully understand why you should trust it. Every day people need to have faith in voting and not just because a group of experts say they should.
We put our faith into systems built by PhDs every day. People don’t have to understand why airplanes stay in the air in order for them to be the only practical means of rapid international transport.
I can watch an airplane fly and be confident that it's actually flying. I can watch election workers count and be confident that they're actually counting. I don't need to know why something works when I can personally observe it working.
But I can't observe the operation of an electronic voting system. All I can see is the result, and a fraudulent result looks very much like a legitimate result. I'm forced to understand it (which is likely impossible considering the complexity of modern hardware) or to trust people who have incentives to cheat me.
It's also inconsequential when people say that planes are a lie from the fake news media. Science works whether or not you believe in it. Elections, not so much.
If people just decide not to believe the results of an election, then democracy falls apart.
Because the fact that the maths add up to allowing for planes to fly doesn't need to be understood to be accepted. On the other hand, the process of electing a representative from a group must be understood to not be contested or misrepresented.
But people do have to understand at least at a high level why the announced result matches what the voters put in. The whole point of a voting system is not to pick a winner, but convincingly show that the loser(s) lost.
Undermining trust in the voting system is an old trick. Unless the voting system can show such allegations to be wrong, its results will remain disputed.
OTOH you have people who don't know how vaccines work, don't trust doctors, and have opted not to get them, jeopardizing public health. If such people can exist, just imagine what would happen if there was a misinformation campaign targeting the losing side, with the aim of convincing that the e-voting election was rigged/flawed/broken, and that they should stage an insurrection to remove the current "illegitimate" government.
Yes? The whole point is that paper voting works, and is still semi-provably secure. Ten year olds can understand how voting works with paper, with an electronic system you need to read papers just to understand it.
You also forget that you still have to put blind faith in the implementation of the electronic system - you've just moved the social aspect.
Also, with a aeroplane you can trust the engineering because the proof is in the pudding - they're safe as safe can be with flights every minute of everyday. With an election if something goes wrong you are almost literally fucked as a country.
Add to that, that the average person have a right to understand how voting works and how their vote is counted.
Trying to make voting electronic, regardless of it being block chain or something else, ensures that only a few people are able to understand the system.
Right now it easy to verify that count was done correctly, in theory you could go do it your self. Computers will back voting a black box system where verification is going to be almost impossible for all but a few.
Pen and paper works, it simple, easy to understand and the process is transparent in all steps except for the few seconds where the voter is in the booth.
>Trying to make voting electronic, regardless of it being block chain or something else, ensures that only a few people are able to understand the system.
This. Too many Internet/blockchain voting proponents tout their systems without appreciating the fact that people need to trust their elections. Trust comes from being open and scrutable. It's amazingly tonedeaf and elitist to insist that election systems need to be cloaked in cryptographic mumbo-jumbo to be trustworthy. It's also dangerous because the poll workers actually carrying out the election won't be able to tell when there's a failure.
Exactly. The other thing the current system does is that it involves LOTS of people. The people counting a specific polling place may only count 1000 votes. They know their count. They can talk to the other counters at other locations. So if your state or area all of a sudden miraculously goes blue/red, you can know it instantly and have the paper to prove it. This is the beauty of the system. It can't be hacked at scale and you have a hard time inserting fake ballots because each location can triple check their reported district counts.
That’s a good point. Based on that idea, do you think large scale mail in ballots would have similar issues to an electronic system? Normally I don’t follow the news cycle, but this makes it seem large scale mail in ballots would be more readily corrupted at scale?
Maybe, but it still involves doing various difficult tasks at huge scale.
The paper trail for fraud of that scale is enormous - think of the Watergate slush fund only way bigger and in the age of twitter. This is why paper voting works - you can maybe fraudulently gain a few votes but good luck doing it at a national scale (also an argument against FPTP). Look up granny farming for a more realistic election fraud strategy
No, you are in good company. There are those that believe technology would eventually be the solution for any problem, and those that have lived through this phase already and sobered up, eventually coming to the conclusion that technology is not some magic dust able to solve any problem you throw it on, but just a tool like other tools, each of which has its purposes. All of them, not just modern technology, are fascinating, but none of them is magic.
The Spanish government tried to suppress the Catalan succession vote, but they used IPFS to host the voting system to prevent DDOS and DNS blocking to successfully cast votes anyway.
Nope, it's an idiotic idea. In the UK we have an ENTIRELY manual process, no ridiculous voting machines, butterfly ballots or hanging chads and no OCR machines. Just marking a box with a cross, sticking it in a box and then a load of volunteers physically counting the votes while representatives of the parties and anyone else who wants to wander in watches. Postal votes are treated the same and counted at the same time in the same place. The system literally couldn't be simpler or less corruptible. There is no need for anything more complicated because the system works and can be understood by a five year old.
How many contests do you have on your ballot? Here's a sample ballot from Alameda County, California in 2018 (starting on page 12 going to page 25). That wasn't a presidential year, so this is a bit on the low side. https://www.acgov.org/rovapps/vig/236/38.pdf
Manual counts aren't practical in the US because our ballots can be crazy long with tons of contests and candidates. It would be very error-prone to do this manually.
1. If there is more than 1 contest going on at a time you have more than 1 ballot. Again this is a simple solution to a dumb problem, you have poorly designed ballots.
The ballots are designed to accomodate the governments we have in place. We can't easily change the structure of national, state, and local governments. In California, one-ballot-per-contest would mean a voter would get a stack of up to 75 ballots on a presidential year.
Whereas currently they get a multi page document. Seriously, as logistical problems go, print separate ballots is really not a hard one and would cut down on the number if people who accidentally vote for the wrong candidate for the wrong thing. Counting may take longer. It may stretch over a few days. Well, fine. Count the presidential ballots first, announce the results and move on down the list until you get to the dog catcher.
I'm not sure then what urgent problem you're trying to solve that warrants the cost of errors introduced by the manual counting of huge amounts of paper ballots. It would also be a logistical nightmare getting reams of paper to voters and getting them back and tracking them; at my polling place, we have to make sure that the number of ballots we issued out equals the number reported by the scanner (plus the number of spoiled ballots voters returned to us for disposal). I'm just pointing out that cost.
If you don't trust the tabulating machines, we have mechanisms to check them at scale. Basically, randomly sample the paper ballots and check them against the machine results. https://en.wikipedia.org/wiki/Risk-limiting_audit
If you don't trust the people running elections, you should know that polling places in the US are run by community volunteers. Literally anyone who's a registered voter can participate and see how the sausage is made. In fact, there's a shortage of these folks, so boards of election are thrilled to get more people participating.
This system relies on tens of millions of people trusting a few thousand people not to have been bribed. Seems entirely corruptible and you have no idea whether it has been corrupted or not. You're just left hoping it hasn't been.
A system based on math, software, and publicly available data would be accessible to independent audit and verification. And could still be backed by a physical system as well, for added security.
Citizens would be much better off not having to trust and be able to verify.
Oddly, even most people that work in technology are incredibly pessimistic about solving technical problems.But anyone doubts that internet voting will be commonplace and incredibly secure in the future is a level beyond pessimistic. The only open questions are when and how.
Nope, it relies on me being able to go to my local church Hall and watch the ballots being counted or take part in the count myself. All the parties in the election send their own representatives along to watch over the ballot and they also keep a running total. It is a process that I can verify is being carried out correct with my own eyes.
Saying "citizens would be much better off not having to trust and be able to verify" In an e voting situation is just wrong, since I can verify the current process by going and watching it or taking part in it, whereas in magical block chain land I am losing the ability to verify because i am replacing a simple process with one that relies me to trust a bunch of code written by and understood by probably a few dozen people. This requires much more trust than the current situation.
You can only observe a single ballot counting location, while there are hundreds or thousands to observe. Someone could be bribing people in dozens or hundreds of locations and there are lots of tricks to pull.
You're not really verifying much at all by watching the counting process. It's really just a false sense of security. You actually have no idea if all the ballots are being counted, if they're all real ballots, or if some have been tampered with, etc.
There are millions of programmers in the world, any number of them could decide to audit the code, and if they discover flaw, everyone could be told in an instant. There could be huge security bounties to incentive audits. We trust math and software to maintain all of civilization but for some reason it's impossible to make it work for voting? That seems incredibly unlikely.
Again, I can be one of the people doing the counting. Not being funny but if you have an already corrupt electoral system then your government is not going to adopt your magical, totally secure, block chain based, bug free system. They're going to adopt a compromised, proprietary, back doored e voting solution say "look, magical block chain verification as recommended by geeks" and then attack / arrest / kill anyone who questions it's veracity. You're trying to solve a social problem, a corrupt government, with a technological solution that the government itself will undermine or reject. On the other hand you can run free and fair elections by leveraging the powers of observers and volunteers in a war zone or with a corrupt government using paper, pens, boxes and locks.
> A system based on math, software, and publicly available data would be accessible to independent audit and verification.
So instead of trusting a few thousands (several thousands, in reality) and a system where you can literally walk in the place where they are counting votes and observe them, you'd rather trust a few tens of people to write the software and audit it? How does that follow?
And this doesn't even take into account the fact that a voting system, as it was mentioned, should be understood by the people voting. Good luck explaining to people what the software and the hardware are doing.
> ...you'd rather trust a few tens of people to write the software and audit it?
Of course not. All of the software should be open source, with multiple independent implementations, test suites, etc. And the data should be open to analysis by any number of people while preserving people's right to privacy (this is one of the hard parts).
Most people have no any idea how electronic voting machines work today, so why does it matter if laymen understand the internet voting system?
The point is that anyone that is willing and able could verify for themselves that the system does work as intended. Not that most people will actually put in the effort. Most will rely on trusting experts, but anyone is free to verify.
With paper ballots and a handful of officials involved, there is no way for a voter to verify anything, they are forced to rely on trust alone.
This is bull. You can be one of the people who does the counting or you can watch it take place. There should be no electronic voting machines involved, that's the whole point of having a manual system. That allows basically anyone who wants to, including a hypothetical five year old, to verify that the system is working as intended. Your system relies on me going out and getting a PhD in cryptography to verify that the system is working as intended. Your system requires basically everyone to rely on trust, a well designed manual system requires basically no one to rely on trust. I know which one I'd prefer.
You're trusting that all the ballots are present, that no fake ballots have been added, and none have been tampered with, that the officials are all acting in good faith, aren't making mistakes, haven't been bribed, etc.
Do you really think paper ballots have not been used to rig elections? Because that's absurd given the current situation in Belarus and the long history of ballot tampering going back thousands of years.
Paper ballot counting is security theater. A system based on math and software could be provably secure.
Of course paper ballots can be undermined. The point is that you can easily tell that they have been undermined by the big burly blokes following people into polling stations and threatening you if you don't vote for the preferred candidate, or the ballot boxes turning up in the swamp. You're asking us to trust a magic algorithm that, as I pointed out in another comment, is likely to be proprietary and back doored to hell and back because it is controlled and implemented by the sort of government that rigs elections. This opens up the possibility of subtle, undetectable election tampering, which is much harder to do with a properly run manual system that everyone can understand and participate in.
You rely on "magic" algorithms every time you fly in an airplane or drive a car. Because they're not "magic" at all but based in reality, on math and science.
1. Traditional paper ballots, manual counting are easy for voters to understand and increases trust in the system.
2. I also agree that traditional voting seems to increase the cost of substantial rigging (with multiple points of failure) compared to all electronic systems we have seen.
And yet: we all know the election rigging has always existed and will always exist and many times voters don't always understand how that is possible. I'm in a country where elections are considered by international standards to be fair: and yet, every election common people see reports and talk about rigging through various physical means (ie. Disappearing ballot boxes, stuffing ballot boxes, dead people voting). I agree that as a principle electronic voting seems to expose to rigging at lower cost and higher scale but I don't think it would be necessarily less trusted by the people.
Give everyone a random ID/password combination (in an unmarked envelope, so no one knows who got what).
To vote, you connect to the system, either through a website or even an old, DTMF-based phone system for rular areas, and you cast your vote.
After voting ends, a list of all IDs and their votes is published. If an ID didn't vote, it's marked appropriately.
There should be lots of separate lists, perhaps one per street/district/village, depending on population density. That way, it would be hard to add fake IDs, while still maintaining voter anonymity.
The system is easy for anyone to understand, works on paper as well as electronically, doesn't require complicated cryptographic implementations which might contain bugs, and is much easier to reason about, write and audit.
The only drawback is the ability to prove who you voted for, perhaps with a photo, but all current mail-in-voting systems and some in-person-voting system suffer from that problem too, and bribing voters isn't really that much of a problem.
This is still vulnerable to a DoS attack as the parent suggested. Not terribly difficult for an individual to tie up all the phone lines or overload the web voting portal.
I also agree with the parent comment re hubris about this stuff: the incentives are immensely high for someone to compromise a system like this, and it only takes a small oversight to cause a huge disaster. Everyone gets a random password? Better hope whoever is generating them used a good RNG and a proper source of entropy...
I'm against it for all your points and many more. We're stupid, electronic voting puts the onus on you to figure out so many things from why your operating system broke voting to why the apostrophe in your last name still breaks things.
No, and I just dropped a comment. E-voting of any kind, unless it results in a public record of the vote, has basic trust issues. Voters cannot know their intent was reflected in the final tally.
> Am I the only one still against network-based, and to a lesser extent electronic-based, voting?
I think that’s an extreme position that would be hard to argue keeping, in particular in the current situation.
I see it the same way we deal with money: what is fundamentally different that makes us accept electronic money transfers as core part of our life but argue there’s no way electronic voting could be possible ? Saying current proposed solutions are not good is different from being against it on principle.
>what is fundamentally different that makes us accept electronic money transfers as core part of our life but argue there’s no way electronic voting could be possible ?
The requirements aren't as strict for money as they are for civil elections. Financial transactions are frequent, so an error isn't that big of a deal in the grand scheme of things. All parties to a transaction know what everyone did; there's no requirement for strong privacy, so being able to roll things back is an achievable (and desirable) failsafe. Money also solves money problems, so you can insure transactions and mitigate losses.
Anonymity/privacy is only on the vote content, everything else needs to be traceable (who voted, where, when etc.)
And no, losing transactions is a big deal. Not receiving your house sale transfer when the sending bank emited the operation is a big deal, and you won’t solve it with a phone call. It can be repaired with money by the bank, but the system is heavily built to prevent it from happening.
Actually if the last mile issue is to have a paper in a box, you could connect a physical printer to a central secured voting machine.
To compare, election votes error margin is not small either, and those errors are mostly ignored as of now. I don’t see the status quo as some perfect state that should be preserve ad vitam eternam, and it is more and more preventing some people to vote.
Political people play all sorts of games with elections physically. Don’t underestimate the lack of good faith that people will act with. But the system itself works.
The scary thing about electronic voting to me is the centralized nature. It needs to be decentralized to protect the overall system. The current scenario where a trusted entity (the USPS) is being de-legitimized needs to be factored in to protect democracy.
You can read a some of my comments in this thread addressing various concerns. That said, I would still agree. At least for the next 5-10 years (until we have Starlink-level internet and advances in cryptography/UX), electronic voting systems are not feasible.
The nice thing about blockchains is you can avoid DDoS by only allowing people who are "authorized" to "talk to" the blockchain. This can be done by ensuring that "Right to Vote" tokens are only sent to those who would otherwise be participating in the election, and ensuring they can only submit one vote, and one transaction, by sending that token to a specific burn account. This way, with 300 million voters, you would have a cap of 300 million votes. No one else could "submit" a vote, because they wouldn't have permission to on the blockchain network.
This is how blockchains avoid DDoS attacks already, but open and public blockchains have the problem that anyone can buy their native currencies, and with enough money can spam the network. With a "permissioned" system for elections, this risk would be mitigated.
EDIT: I would appreciate if the downvoters engaged with me or explained their reason for downvoting.
My main criticism is that these systems don't address the actual challenges that elections face, and the introduction of networked technology likely introduces a lot of poorly-understood risks.
I'm a poll worker and a security researcher. Doing the former has really given me perspective on the latter. While a lot of blockchain voting proponents come up with all sorts of schemes to solve ballot-stuffing attacks, the reality is that we really don't care about that on the ground; it's just not a problem we encounter. The real problems come from more mundane things like power outages, being physically locked out of the polling place, poll worker exhaustion, out-of-date records used to verify eligiblity, and voters taking a bathroom break and subsequently walking away with their ballots unaccounted for.
Technology really doesn't solve any of that. In fact, introducing networked computers into elections only makes it less scrutable to the public. In my precinct, the first voter to show up gets to verify that the ballot bin is empty and that the scanner reports all zeroes for the count. Then they witness us putting security seals on the equipment and reporting the serial numbers to the county. Anyone from the voting public can understand this and do their part to keep us honest. Computers make this sort of simple check inaccessible to most people.
This is why I've also repeatedly stated in this thread that I am not in favor or blockchain-based voting, or even broad-scale mail-in voting (yet).
You're correct to an extent, but I believe with advances in cryptography (zero-knowledge proofs, quantum-secure encryption, etc.), these concerns will fall away. People regularly use their smartphones to do things that are high-risk and need to be secure. Take online banking.
Of course, elections carry an entirely different set of challenges, but to say they can't in theory be solved with careful encryption, analysis, and review, is (in my opinion) foolish. I will again bring up the example of Estonia, which has had massive success with its hybrid in-person / e-Voting system. Estonians have been educated by their government on how the technology works and how it is auditable. Every Estonian carries an ID card which they use to access their bank details, get healthcare, and vote.
I would also argue that technology does solve the problems you listed, and very well!
> Blockchain voting proponents come up with all sorts of schemes to solve ballot-stuffing attacks, the reality is that we really don't care about that on the ground; it's just not a problem we encounter. The real problems come from more mundane things like power outages, being physically locked out of the polling place, poll worker exhaustion, out-of-date records used to verify eligiblity, and voters taking a bathroom break and subsequently walking away with their ballots unaccounted for.
Except for power outages, none of these issues would occur in a remote, electronic voting system. A well implemented e-Voting system could expand voter rights and access to voting tremendously.
It's worth working on to be sure. Another thing I think is worth working on is educating people on what blockchain actually is (which it seems you are doing). I think paper voting works primarily because people know and trust how the votes are counted and how they get to the counters, for the most part. But personally I barely understand transistors and flip flops let alone blockchain and that makes me slightly worried about how it might be possible to exploit them.
I fully share your concerns. There is a massive amount of blockchain infrastructure which 0.0001% of the world population comprehends. Beyond further technical development and the creation of UX and UI libraries around blockchain internals (like https://blockstack.org is trying to do), we need more education.
I'd love to have more debates like this, but I'm trying to help researchers with simple to use blockchain-based tools (like https://assembl.app/chronos, our timestamping service for research outputs).
Paper voting is, in my opinion, still the most "secure" way to vote. This is mainly because any sort of voter fraud requires a lot of people and a lot of time, whereas flawed technology can be hacked by very few in a very short amount of time.
I'm interested to see how this discussion develops.
The requirements aren't as strict for money as they are for civil elections. Financial transactions are frequent, so an error isn't that big of a deal in the grand scheme of things. All parties to a transaction know what everyone did; there's no requirement for strong privacy, so being able to roll things back is an achievable (and desirable) failsafe. Money also solves money problems, so you can insure transactions and mitigate losses.
Keep in mind, network packets could be delivered by carrier pigeons.
I’m all for paper ballots and conventional signature based system based system but combine that with cryptographically secure techniques for distributed systems (on paper).
Aviation and elevators both run on software written by professioanl programmers so I'm not sure that comic makes a good point.
The problem with voting is that it's a distributed systems problem that requires coordination between not just many computers but people that cannot be controlled by code. An elevator can operate as a self-contained system without coordination with other systems. That's why it can be reliable while websites and apps cannot.
Our entire field is bad at what we do, because it's full of coders instead of engineers.
Think about it. Building airplanes reliably has been figured out by aircraft engineers, building elevators safely has been figured out by building engineers, and building software reliably has been figured out by software _engineers_ (the NASA kind, who landed a spacecraft on the moon).
However, this isn't the experience you have on your regular job. "Oh, oops, everything failed because I forgot to do X". Can you imagine if the moon lander crashed because some guy forgot to do that manual thing he's always supposed to do? Of course you can't imagine, because they put actual engineers in charge of that, not coders.
> building software reliably has been figured out by software _engineers_
This is patently untrue when it comes to security. OpenBSD is the closest thing I'm aware of to a "secure" widely used system, and I'm sure that OpenBSD machines are compromised every day.
The day that a network exploit is treated with the same seriousness as a commercial jetliner crash is the day I'll believe software security has grown up.
I hate to say it, but it looks like this has been the case for a while. Look at the history of gerrymandering.
What I see is something that could potentially change the basis of trust for elections in a positive way. It won't be perfect, it won't be without its flaws. But it could significantly reduce multiple forms of fraud, and enfranchise more citizens to vote.
Again, I've always viewed blockchain as a solution in search of a problem. And this might ... might ... be a problem potentially solvable by an appropriately designed/implemented system.
> It's near impossible to rig or suppress a physical election without a lot of effort
No, sadly, it's not [1][2][3]. As some of the texts note, the premise that fraud happens or not is highly politicized. People on one side believe it happens/happened. On the other side, they believe it to be impossible.
Though, curiously, those who believe it to be impossible also strongly believe in voter suppression, which would be a form of election fraud. See the Georgia US governor race from 2018 as an example of this dichotomy. Can't have suppression without fraud[4]. Can have fraud without suppression, as this would be one potential form of fraud. Suppression requires fraud. Arguments to the contrary aren't logical.
Right now the one I am most concerned with is the vote harvesting operations, which appear to be completely legal in California, despite the rather significant perception of impropriety that handing ones ballot to a non-election person has. I'd be much happier if all these people were non-partisan deputized election workers/officials, oath bound under pain of criminal code to serve the same function. Instead, we have a single party set of "volunteers" to collect votes, with a huge chain of control issue, that is apparently acceptable in one state.
Here in MI, I voted by "mail". I got my ballot, marked it, sealed and signed it, then dropped it off in the specific election drop box on the side of city hall. I would not ever hand it to a third party for any reason.
For blockchain, I think its been a solution in search of a problem. And I think that this might actually be a reasonable problem to solve, and this one might work.
For those worried about DDoS, this would simply require releasing ballots early, returning up to and including the official due date. By mail, electronic, in person via a phone app or similar. You can change your vote up to the end of election day. Only the final vote counts. No conditional ballots counted. Send official election people around to addresses that don't have votes on file starting a month before election day.
And it would (if designed/built correctly) enable chain of control, identity/citizen confirmation, etc. That is, it could provide better, more accurate, more complete, more engagement.
Or we can retain the mess we have now, with completely inconsistent voting across the states and territories, which is overtly suspect in a number of states, and in some ways, rigged.
This is a step in the right direction. It need not be perfect, and we need to take it.
[edit: fixed a mis-wording, and deleted a poorly worded sentence]
> the premise that fraud happens or not is highly politicized. People on one side believe it happens/happened. On the other side, they believe it to be impossible.
> Though, curiously, those who believe it to be impossible also strongly believe in voter suppression, which would be a form of election fraud.... Can't have suppression without fraud[4]. Can have fraud without suppression, as this would be one potential form of fraud. Suppression requires fraud. Arguments to the contrary aren't logical.
No, you're missing the point. There is a difference between election fraud (the election itself meddled with by those who administer it) and voter fraud (whereby US or foreign citizens not involved in the administration of the election nevertheless interfere by submitting fraudulent ballots / hacking / etc).
The correct statement is "the premise that VOTER FRAUD happens or not is highly politicised". Everyone agrees there is fraud, we just disagree about which kind:
The Republican party frequently claims that voter fraud is common. Everyone else (including historians and cryptographers) claims that electoral fraud is a more common and widespread problem. In recent years we have seen:
* voter registration purges
* shutting down of polling places
* refusal to provide voting infrastructure to native american reservations and other "remote" places
* extreme gerrymandering
* sabotage of the USPS
* misinformation spread through social media (advertising false election dates, etc.)
* inability of voting box manufacturers to make guarantees about security and dodginess when it comes to conflicts of interest (like investments/ownership by politicians or foreign entities)
All of the above are examples of electoral fraud, not voter fraud.
> No, you're missing the point. There is a difference between election fraud (the election itself meddled with by those who administer it) and voter fraud (whereby US or foreign citizens not involved in the administration of the election nevertheless interfere by submitting fraudulent ballots / hacking / etc).
No, I don't think I was "missing the point." I carefully used the word "fraud". Not "electoral fraud". Nor "voter fraud." Specifically, as I did not wish to set up a straw man argument.
Your statement of "the premise that VOTER FRAUD happens or not is highly politicised" is, quite literally, the straw man argument.
First off, fraud, of all forms occurs. Second, the nature of that fraud, who performs it, is who acknowledges it is the issue. Some groups do not believe in voter fraud. Yet, ballot harvesting, which falls clearly under potential fraud, occurs widely in some states, particular those with a strong political leaning in one particular direction. Some groups do not believe in suppression, yet poorly managed elections disenfranchising voters. Again, GA, MI, and others.
Insisting that one or the other doesn't occur is simply factually wrong, there is ample evidence, trivially searchable, that all forms of fraud happen in elections.
The democratic party erroneously thinks one form doesn't happen, and makes arguments like what you made. The republican party doesn't care about the other form, and allows it to happen.
Both parties are at fault here. No one more so than the other.
I think I should have been more careful with my "revised" statement, as I set up a straw man for my own position. You are absolutely right that both voter fraud and electoral fraud occur. We should take efforts to minimize both kinds. The divisive question is whether VOTER FRAUD or ELECTORAL FRAUD is currently a bigger threat to our government / society.
I maintain that it is important to clearly distinguish between voter vs election fraud. As your comments have shown, conflating the two risks confusion. I think the idea that "both sides are the same" is ignorant at best and intentionally misleading at worst.
I have so far seen no evidence that voter fraud has significantly impacted the outcome of any state or national elections. There is, however, overwhelming evidence that electoral fraud is widespread, and in most cases enabled by members of the Republican party, either through negligence or malice.
Again, assigning blame to a single party is simply incorrect. It shows bias. From today[1]. And previous reporting on this identifies the party[2]. Not the GOP.
Fraud occurs[3], and it is not only from one particular party or group. The idea is to simply reduce any potential impact from attempts at fraud. We aren't there yet. We need to be in order to have an election that people might accept.
I am, however, of the belief that no matter how this November 3rd goes, about 50% of the population will not accept the outcome. Just like in 2016.
Younger software engineers who grew up doing everything on their phones see this as something worth solving, because it would vastly improve access, end voter suppression, and people wouldn't have to take time off work to vote anymore. Universal mail-in ballots do address many of those points, but also have downsides (signature verification is tricky).
Older engineers on the other hand don't seem to want this to be solved.
I don't think that's fair. I'm young enough? And thing that given our current electoral systems and shoddy educations, paper voting is definitely better.
If everyone knowingly did some basic applied asymmetric key cryptography every day, and it was thought in grade school, that could change things.
If we voted far more often, so that the benefit of a single compromised vote was far less, that could change things.
I don't think first electrifying the vote, and then trying to bring about the above reforms, is a good strategy at all.
Meanwhile people have difficulty filling out paper ballots, because it's terrible UX. If you want to have a nice voting system like STV or even ranked-choice, shading ovals on paper ballots is not ideal.
Sometimes it feels as though existing problems get a free pass because of tradition, but new issues (even if addressed) are scary and so the entire thing should be stopped.
I think the right strategy is to pick a state, implement a voting system there for people to vote on their phones, and then see if it works out or not. Had this been done a couple of years ago, we would have been more prepared for covid-19 this election. And we're only going to have more pandemics and other disasters going forward.
> Sometimes it feels as though existing problems get a free pass because of tradition
In safety-critical systems, known problems are often tolerated because they are predictable. In these cases, mitigations are understood, and there's a well-defined upper bound on the amount of damage that can be caused if the mitigations fail.
> but new issues (even if addressed) are scary and so the entire thing should be stopped.
New issues are unpredictable, and do not have known mitigations. (Once they can be reliably predicted and mitigated, they are no longer "new".) There's also no known upper bound on the amount of damage these issues can cause.
As an added bonus, the quantity of bugs in a long-deployed system is generally well understood, while it's difficult to place an upper bound on the number of bugs in a system that hasn't been tested in production yet.
To make this concrete: Imagine finding a bug that causes several thousand phones to occasionally reboot unexpectedly. Pleased with yourself, you publish a patch and push it out to all affected devices.
One week later, a thousand of those devices power off and never power on again--they've been permanently bricked by your update.
Are your users angry because you refused to give the random reboots a "free pass" because of "tradition"? Or are they angry because you made drastic changes to a system that basically worked without taking the time to understand the consequences?
> In safety-critical systems, known problems are often tolerated because they are predictable. In these cases, mitigations are understood, and there's a well-defined upper bound on the amount of damage that can be caused if the mitigations fail.
Oh, voter suppression is well-understood and predictable. I disagree with you that mitigations have been effective.
> Meanwhile people have difficulty filling out paper ballots, because it's terrible UX. If you want to have a nice voting system like STV or even ranked-choice, shading ovals on paper ballots is not ideal.
I am 100 for voting with machines that spit out the cannonical paper which can be hand-reviwed. The point is not the paper UX, but the paper trail.
> Sometimes it feels as though existing problems get a free pass because of tradition, but new issues (even if addressed) are scary and so the entire thing should be stopped.
As somebody who has spent weird years pushing Haskell where it wasn't requested I know the feeling exactly, OK? :). It's just an unfortunately truth that the messy unprincipled systems today happens to involve using paper, which is in fact good in principle.
I would love if we had a 3 way discourse on 1) good paper systems 2) bad current hodge-podge 3) bad purely-electronic, in order to speak truths while avoiding status quo bias.
The general public wasn't informed about it, the app was from a company nobody had heard of, and evidently hadn't been tested well.
No, this should be an open transparent effort, with code published online (they need not accept PR's with code BTW). It should be trialled in a few states during an off-year election.
Signature verification only really matters if you have several ballots purporting to be from the same person.
Otherwise, they usually don't bother checking the signature.
How do you propose to do user authentication more securely on your phone? Keep in mind that several people may have access to this phone, including spouses and children.
I only bring it up because they suggested that they had a verification method in mind better than signatures.
A kid can access the paper ballot or the phone, for sure. The kid might be able to convincingly forge their parents' signature. They can almost certainly do whatever "e-verification" that diebeforei485 had in mind.
It's near impossible to rig or suppress a physical election without a lot of effort, but one person can DDoS an entire network and no one can vote and the whole election needs to be scrapped.
Not even the strongest cryptographic or software systems are free from exploits (especially over time) and there's no way to be sure the open source code for the system is the same code actually being served on the system.
A lot of software has died by its own hubris by assuming their systems are secure and then a single 17 year old on 4chan finds a bug and ruins it all. You can't afford for that to happen in an election. Forget hackers, some skilled social engineering gets you the votes of thousands, but you cannot do that in person so easily.
I'm sure the problems have been discussed extensively but other niche problems include lack of availability for rural areas (which has been a huge problem even with paper voting). I think the only reliable voting system at scale is in person.