Hacker News new | past | comments | ask | show | jobs | submit login
In Praise of Chris Krebs (lawfareblog.com)
49 points by DyslexicAtheist 4 days ago | hide | past | favorite | 33 comments

The interesting thing is, I'm a huge fan of End-to-End auditable voting systems [1]. There's a ton of great work by very intelligent experts on a variety of options with different tradeoffs.

I find it speaks volumes about motivations that nobody seems to have any interest in the topic. But really both sides should want it, the left should want it so there's even less basis for doubt in the future, the right should want it if they honestly believe there was irregularity.

1. https://en.wikipedia.org/wiki/End-to-end_auditable_voting_sy...

It needs to allow secret votes though:

  Because of the importance of the right to a secret ballot, some E2E voting schemes also attempt to meet a third requirement, usually referred to as receipt freeness:

    No voter can demonstrate how he or she voted to any third party.
Also, the more IT systems involved, the less people will be able to ascertain the process. Complex systems may have unknown and invisible weaknesses.

You don't need complex systems for all E2E voting systems. Scantegrity II [1] uses pretty simple systems. A particularly nice thing is that casting your vote just involves filling in a bubble on a paper ballot--no electronics is involved at all in the voting booth. Machine counting just uses the simple optical scan counters that are an old and reliable technology.

It also provides receipt freeness [2].

About half of all districts in the US already use the optical scan counters, which means if we switched to this half the districts would not need any expensive new equipment. All the mathematical/cryptographic magic is in how the ballots themselves are printed and in the pens used to fill the bubbles.

[1] https://en.wikipedia.org/wiki/Scantegrity

[2] https://eprint.iacr.org/2010/502.pdf

So that's referring to the fact that because you have objective proof of who you voted for, maybe somebody could coerce (i.e. use violence) you to show them that proof. That's a tradeoff.

I think the current election, or even just how screwed up elections are in other countries, show that it's probably an order of magnitude more important to have faith the process is objectively right, than to worry about the coercion scenario, which seems pretty contrived to me.

The concern isn't only coercion, it's also vote buying (which was very common at least in the UK before the secret ballot). If you can take the money and then vote for someone else, retail vote purchase falls apart.

The existence of postal voting has already cracked this one open a bit, though.

Large scale use of absentee ballots or mail in ballots also allows coercion of voters. Most of the E2E systems are designed so it's not possible for a voter to prove to a third party who they voted for.

Couldn't one just record a video of themselves voting to prove who they voted for?

These are the things a proper election process need to hinder actually.

You could still make the system more resilient to fraud, as well as easier to audit by introducing several levels of integrity protections. For example, it would cost next to nothing to capture pictures of all mail in ballot envelopes, and keep them for a few years. It would not cost much to release all voting data (both time series and totals) for free for statistical analysis in a uniform, machine readable format. Such data currently costs substantial amounts of money, and one of the most credible election integrity investigations (and the only one that yielded robust statistical evidence as far as I know) had to spend quarter of a million dollars to acquire it for several states. It would not cost much to capture the counting with a 4K webcam for future inspection and keep videos for a few years. It would not cost much to have uniform ballot mailing and arrival deadlines across states. It is also technically possible in 2020 to have voting systems that are not easily defeated after 1 minute intrusion by someone with the right tooling and a modicum of training. We have people on this site easily capable of designing such systems, as well as easily defeating the systems in use today. A lot of people (nearly all democrats) were interested in such things during Bush years, and demonstrated how easily hackable voting machines and systems are, only to promptly lose all interest and declare that everything is impenetrable the moment Obama was elected. Videos of their exposes are still on YouTube for everyone to see. For the record: I voted for Obama both times.

E2E is not a silver bullet. It doesn't solve the problem of ensuring only the people who are eligible to vote only vote once and people who are eligible to vote are not excluded.

It also possible for an E2E system to have design flaws. For example Scytl created an E2E system for the Swiss that had a cryptographic flaw that would allow a mix operator to modify votes in an election undetected.

So you're not in favour of improving election security because we can't magically make it 100% perfect?

Uh, it solves both of those. Let's take a trivial example from a non-expert (i.e. me)

You could publish hash(salt + SSN) = Vote for all votes on a website, and therefore if somebody voted twice they'd hit the same hash twice.

When you vote, you'd get a physical ballot, and a physical receipt, digitally signed by the booth. If what is published online Hash(salt + SSN) doesn't match your receipt, you'd have physical signed proof of tampering.

This list of SSNs is not guarantee to correspond to people who have the right to vote. What I'm trying to claim is the math part of E2E doesn't prevent someone from stuffing the electoral rolls or the SSN database with fake people or preventing eligible voters from being correctly registered.

Well my only contention is that there are practical answers to all the what-ifs you can come up with. If you want to know more you should probably read the academic papers on the topic.

I've read a few of these and, mostly OP is right. A lot of "we fixed voting" systems start with the premise that we know the information of everyone who's legally able to vote. We don't, and getting that information is very hard and at odds with making it easy to register, and subsequently vote.

If you don't have that list, then there's nothing preventing you from padding the votes with fake people. You can try and implement some way of tracing the votes back to people but, first of all see point 1 up there (oh your phone number/email address/home address changed/was misspelled/you're homeless/you're a nomad) and second, you very likely break secret voting.

FWIW there is no perfect voting system--that's the core problem w/ this discussion. We have to choose:

- Do we have a citizen ID (there's a whole ball of wax here, primarily what happens if someone steals or you forget/lose your ID)

- Do we think some people w/ a citizen ID still shouldn't vote (17 year olds, the incarcerated, etc.)

- Do we create a potential link between people and their votes

- Do we allow people to not vote

- Do we require people to register before voting

- Do we allow people to verify their vote was counted

- Do we allow people to verify their vote was counted correctly (unclear how this would work)

- Do we allow people to vote remotely

- Do we create a paper trail

- Do we allow people to fix problems with their ballots

- Do we require people to sign their ballots, and do we require signature verification

Many of these things are at odds with each other, and depending on how you flip the bits, different political interests will win out.

That's the second reason this is such a nerd snipe. It really, really feels like this is a technical problem but it isn't. It's political, cultural, and societal. You're not gonna fix this with an app or an algorithm. If/When we do fix this I'm sure they'll be involved but, the reason will be multipartisan, multicultural consensus that we need to move forward.

Well done on his part for taking a stand and asserting his organization’s beliefs. Disinformation and disenfranchisement in our election process is a quick ticket to an erosion of public confidence in an already tenuous electoral process. Whoever you voted for, whether they won or not should be decided within the constraints of the system, and it’s important for those in positions of power to respect that. I think improvements could be made with ranked choice, elimination of the electoral college, etc, but these institutions have served us fine so far. The voting system already has many levels of failsafes, and you can imagine that any opportunity for fraud or malfeasance would be exploited roughly equally by both sides.

> Well done on his part for taking a stand and asserting his organization’s beliefs.

They were not the "organization's beliefs", they were his. As David Frum observed: There are no institutions, only people.

As we've seen over the last little while, once well-respected organizations stayed silent in light of bad behaviour, and/or various institutions have been packed with ill-willed individuals which then did inappropriate things.

One of the authors of this piece, Susan Hennessey, was briefly interviewed on The Economist's "checks and balance" US politics podcast this week [1]. Discussion with Hennessy starts about 26:45 in.

As well as touching on Krebs' firing, Hennessy also discusses the difference between political appointees and career track public service roles, and efforts to "burrow" political appointees in career track roles where they could potentially persist after the current administration departs [2].

[1] https://open.spotify.com/episode/1sohQelvUPLRhADJnnXZm7

[2] https://www.lawfareblog.com/how-did-trump-loyalist-come-be-n...


Can anything of that be substantiated though, or is it just FUD (Fear, Uncertainty and Doubt)?

>Can anything of that be substantiated though

Sure, through the courts, just as was in 2000 and in many other elections.

There are no actual points of contention, just lies.

All of the claims about election fraud (including 100% of the affidavits submitted by Trump's campaign) were either invalidated by the courts or withdrawn by the affiants after they refused to testify to those statements under oath, meaning that lying (aka perjury) would result in criminal sanction.

On the other hand, the election workers, both Democrats and Republicans alike, were willing to testify under oath about the process by which ballots were brought in and counted. And there were confirmed and testified-to chains of custody for all ballots between all of the ballot collection sites (aka the polls) and the ballot counting centers. And in a number of the states at issue, the ballot counting process itself was video recorded and even live-streamed.

(Responding to dead commentator)

I would, except that the GOP redacted all names in the document so that nobody could actually verify whether the affiant was a poll worker, as claime, or even whether they exist.

But since they included the "Center" portion of the polling place and described the parking lot, it limits the locations where the supposed individual could have been a poll worker to literally none of the polling centers in Clark County. (There are no polling centers in Clark County that have both "Center" in the name and also have a narrow parking lot.)

Point 5. Is clearly false and demonstrates that affiant does not know the id requirements for Nevada voting. https://www.clarkcountynv.gov/government/departments/electio.... The DMV interim document includes appointment information but the point of the document is not the appointment date, it is that the DMV has verified on a preliminary basis that the person is who they say they are.

Point 7: this is okay fine since the activities were more than 100 feet from the polling place; the statement conveniently leaves out the part where the GOP also had tables in the parking lots of polling places.

Point 9: this is not how mail-in ballots work. Also, Nevada does not use "pink and white" envelopes for mail-in ballots. The white envelopes are the cover envelope sent to the voter that include the mail-in ballot and the pink reply envelope; the pink envelopes only contain the ballot. The white envelope cannot be reused once it is opened, and it would not fit in the small pink envelope. Thus, in alleging that ballots were placed in "white and pink envelopes" it is clear that the affiant is lying.

Point 12: this is clearly a lie, as noted above. Ballot reply envelopes were pink, not pink and white.

Point 13: this is allowed. Family members, for example, are allowed to drop off ballots for spouses, parents, etc.


So there must be evidence of this in the process, but it seems to just boil down to some people lying all the time. Just because someone repeats a lie, doesn't make it true.

I'm all for fair legal trials, and the cases are all dropped as nobody is able to mount any evidence, lawyers admit it was a lie before the judge, etc.

There should be no surprise that mailed votes have more votes for Biden, as Trump was supposedly all against mail-in voting, even though he used the same method himself. This means he's confident in the methodology, and just lies as usual.

Trump actually despises all the people following him. He only loves himself and would not think twice of hurting anybody to further enrich himself.

No point saying that unless you're going to link a primary source (i.e. no youtube videos citing other youtube videos citing a tweet, but rather the affidavit itself, or videos of the 100% Biden vote batches, or the video of the person alleging they saw 100% Biden batches).

I'm not sure why the parent got flagged for removal but for years voting irregularities have been reported on.


"In Georgia, primary election chaos highlights a voting system deeply flawed" - PBS

The parent got flagged because it alleged falsities about the vote in the 2020 election. And the quote you're referring to was about Georgia's old voting system. https://www.pbs.org/newshour/show/in-georgia-primary-electio...

The new system replaces the purely electronic older system with a hybrid: tablets that physically mark a printed ballot (similar to California's new system).

From the linked article:

"The state spent more than $100 million to supply every county with so-called ImageCast machines made by a Canadian company, Dominion Voting Systems. They are ballot marking devices, meaning voters make selections on a touch screen, and ballots are printed with choices embedded in a Q.R. code and listed in plain English.

The paper ballot is then scanned and counted."

Voter's selections are literally printed in English text on the ballot, so they can be independently verified in the event of an audit.

That's not at all what the parent said gamblor.

Can you please link to the documentation of the “100% Biden vote ballots”?

I did a bit of fact checking of some claims myself. The all fall into three categories.

1. Misreading a graph

2. Not knowing enough statistics to be able to make sense of something that can't easily be represented in a simple graph.

3 lying.

I checked about 10 claims and most of them were in category 1. Kinda depressing.

The claim that it is the most secure in history is very trumpian in nature. There were a lot unique challenges this year that impacted the integrity of the election. I don't see why he couldn't have made the weaker claim that there is no evidence that electoral fraud changed the result.

He can back up the assertion based on technicalities. It's all relative to earlier elections.

Anyways, it's not possible to respond to Trump without being dragged down into the mud.

Large scale absentee of mail in voting increases the opportunity for coercion and vote buying both which undermine the integrity of an election. The increase security from technical controls (more RLA, less DRE, etc) could be outweighed from the fundamental problems non-secret voting brings to the table. I don't think it is clear whether one outweighs the other and I think its optimistic to claim that this is the most secure election in history.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact