This post is confusingly mistitled - the word 'voting' does not appear anywhere in the article and the software is not involved in the process of actual voting which is done on paper. Gooogle translate seems to do a decent job of this
Governments everywhere: The response Maarten received from the CISO should be a model for security response. Everything else with the Dutch government may be a tyrannical horror (I don't know) but this published response was correct.
True. This software isn't voting software though, but if I recall correctly, the tabulating software used to report and collate the reported voting totals (which are hand counted). In the Netherlands voting is done on paper with a red pencil, after a flop with voting computers a decade or so ago, and this process too is backed by a paper trail.
Paper voting was reinstated because a pressure group called "We don't trust voting computers", formed of hackers and other knowledgeable people, sued the government and won.
I believe this is very true, which is to say that digital voting being 'safe' is really a fallacy. Digital media is, by its very nature, eminently falsifiable. All the way to the substrate and back again.
Voting can be assisted by digital technologies, but should not be impinged upon by them.
Having an auditable trail, with paper, means that when the lights go out, the count can still go on.
Always remember, none of this works without the grid. We have built extremely fragile, frangible society upon a highly specious assumption: that up (or down) always means on ..
Voting in the Netherlands is done with pen and paper. This software is used by political parties to generate their candidate lists. It's basically a paper form generator.
Strictly speaking you could use a red pen if you bring one, because a single box filled red is what is required, but almost all voters sensibly use the provided red pencil. Any other colour marks the ballot as invalid.
I don't agree. Estonia has online voting and I do not recall any fraud or interference. I actually think pen and paper would be a lot easier to manipulate or "miscount".
How so? I've volunteered to help run elections in two states in the US, and they both used optical-scan paper ballots. In both jurisdictions, the voter is the one who feeds their ballot into the scanner machine ("ballot box") to be counted. The machine makes a digital copy of each ballot and stores it in local memory. At the end of the night, we then report the number of ballots in the box and compare it to the number of ballots we issued out and the number of people who checked in at the registration desk. We call these numbers in, and the precinct chief hand-delivers the paper ballots, digital scans, and seal records to the county for legal and archival purposes.
In order to manipulate this, you would need the entire polling place staff to be in on the conspiracy, and they would need to cook up numbers and ballots that all match. All to mess with an election at a precinct with no more than ~1500 registered voters. Where those voters are likely of the same political persuasion as the poll workers themselves. High cost, low reward.
To manipulate digital votes you only need to hack one piece of software or bribe/social engineer someone involved close enough with it.
To manipulate paper votes you need to have presence in enough voting booths and influence the votes there.
With paper it might be easier to sneak in a handful of fraudulous votes, but it will be near impossible to commit fraud at a scale that influences the elections. With software it is harder to get that access (although the article shows that one mistake by a dev can make getting access a matter of one hour...), but much easier to then commit election influencing fraud.
The fact that you do not recall any fraud either means it didn't happen (let's hope for the best) or didn't get detected. The latter is obviously very scary.
There's btw more problems with online voting specifically. It's impossible to guarantee the secret of voting. This is not an issue when voting electronically in voting booths.
The key point is attack scalability, not that either voting system is inherently superior in terms of anonymity and transparency.
In Brazil, each voting machine is sealed off, air gapped. The only attack vector is in transit, when the votes for each machine are being transmitted to the regional electoral center, which then announces its results for the region. So it is possible to scale an attack if you somehow had the actor had access to the data in transit and was able to decode, tamper and sign the results again before reaching the regions servers. This for each region.
So yeah, while it is possible, I don't think this scales as well as people would think. No election in Brazil had any proof of tampering up to this day. Take that as you may, you can attack me personally, you can question the government's data, you can put in check how we even audit the system, but in decades of the system there isn't any hard evidence of large scale compromise of the electoral system.
Having said all that, I think all this talk serves more as a smoke screen for more pressing issues of large scale social manipulation through social media and fake news. My question then is why would anyone in their right mind attempt to compromise the electoral system itself if it is so much more effective to just manipulate public opinion by jeopardising traditional media trust, flooding message systems with fake news sources, use prominent political figures to spread anti-democratic ideas and leverage social media algorithms to radicalize voters?
What about before the machines are sealed off and air gapped? What stops tampering with the software in advance? As long as something about the configuration lets you know it's a real election, your payload can be triggered.
I think electronic OCR sorting machines are OK, where you put one pile of paper in and get multiple piles out, e.g. Republican, Democrat, Other / Errors. You can quickly flick through the piles and check they are all the right candidate. You can quickly see the size of the piles, so you can be fairly sure right away that the count is correct. If things are close, you can recount and verify the piles manually.
Anything that doesn't do that (even electronic counting of paper ballots) cannot be trusted.
A lot of places already use the best available technology for transparent, anonymous, and fully auditable voting. It's paper ballots with public observation and this set of technologies is in wide use.
Electronic voting systems are generally an attempt to get something faster and cheaper.
> A lot of places already use the best available technology for transparent, anonymous, and fully auditable voting. It's paper ballots with public observation and this set of technologies is in wide use.
As implemented nearly everywhere that is not fully auditable. I have no way of verifying that my particular ballot was actually included and counted correctly.
We can do much better, while still staying with paper ballots, as shown by some of the proposed system in this article [1].
Why do vote counts take so long these last few cycles? We used to get results the same evening, maybe into the wee hours, but except for Florida one year where they had recounts, it didn't take long to tally the votes. Now, with electronic voting the results sometimes take more time, what gives?
Meanwhile, Spain uses exclusively paper ballots, counted by ordinary citizens who were randomly selected for "election board duty" in their local voting sector (akin to jury duty in the US), and easily finishes counting more than 99% of the votes cast before midnight on the day of the vote. You can go to bed and expect no major upsets when counting is finished, other than the occasional swing of a single seat from one party to another when the d'Hondt assignment was very close.
And this is all for a country of 48 million people (23% more than California), counting votes to fill a 350-seat Congress composed of 50 multiple-seat constituencies of varying size, from 37 to 2 (plus 2 FPTP seats), as well as 208 Senate seats which are voted by check-box selection.
It is truly baffling how some US states manage to take so long to finish counting a handful of FPTP positions in federal elections: 1 president, a couple dozen representatives, and 2 senators.
Each place has a whole series of other offices up for election as well. They're all on one ballot, and staffing is generally done by a handful of senior citizen volunteers.
Futher, there are sometimes absentee ballots that can arrive up to a week or more after election day.
Closer elections means they can't call it quite as early, more mail-in ballots post-COVID (these cant be counted early even if they get delivered early), almost certainly some changes to how we consume the news or how the news presents the details.
Yes. Hand marked paper ballots counted by open hardware simple scanning machines not connected to the internet. Fully auditable, transparent, anonymous.
is it also understandable for the people voting? is it easier or harder to understand than a locked container of ballots being counted publicly? I don't see any reason to have computers involved in the casting of the votes
I believe GP is talking about paper ballots. So the answer to your question is no, it is neither easier nor harder to understand than a locked container of ballots being counted publicly.
I think there's a really serious communications challenge to a system based on sophisticated cryptography. It's hard to explain and get people to trust it.
No, we do not have this technology (unless this is a pencil and paper ballot). And we should not be duped into believing the technology exists to be "fully auditable and transparent, yet completely anonymous". It does not and it probably cannot exist.
> And we should not be duped into believing the technology exists to be "fully auditable and transparent, yet completely anonymous". It does not and it probably cannot exist.
It has existed for several years. Paper optical scan ballots, augmented by some printing using a special ink and a special marker used to mark them when voting, with some clever cryptography going into what to print on the ballots with that special ink.
Voting should be analog (paper), it should be open (i.e. not secret, and not anonymous), and absolutely auditable by any and sundry who consider themselves to be citizens, not just authorities.
Like, totally open society, man. If you can't stand and cast your vote among your peers in a public and 100% open form/manner, you're not doing your job, citizen.
Hey Jimmy, you remember to vote for our wonderfull Madam X, K? We would both hate for that lovely boy of yours to have an accident, right?
We'll make sure to check the public logs, hence you forget, which I'm sure you won't, right, Jimmy?
We could of course save us both the trouble. I"ve got your mail in ballot papers right here. Just sign on the dotted line and we'll post them for you, no biggy.
Well, we shall make it a penalty, in fact the maximum imposable by the state, to interfere in any way with a persons open, public, commons vote or .. data .. related to that action, in any way.
You enter the booth, the light goes on, anything you want to say will be recorded for posterity by the state, for the public sphere, and you state who you support. Its an open public record, and therefore also the right place to let the government know that you are under duress and need assistance with exercising your right to vote.
So it goes more like, "I'm Jimmy, and I'm being forced to vote for Madam X, I want my government to address this grievance", and so it does.
I mean, the point of this theoretical is to realize that we have the mafia shit-storm we have right now, because things are secret.
That secret veil, once removed and turned instead into 15-minutes of fame for everyone, because its your right to do so, means you're gonna have a lot more people interested in voting, buddy.
No matter how many chumps Madam X has on the payroll.
Because we have such a great track record of protecting the plebs from the powerfull, right? The secrecy of the vote is not the problem at all. What happens after with that vote is.
.. which is why what happens during the vote is important.
If it can be determined - by treating open, free and immutable communication as a public utility - that a significant set of voters made statements about corruption, or if this moment of protection of communication were available to whistleblowers .. we would have the forum we need to root out corruption.
Boss man: I noticed you voted for X. As you might recall from the last All Hands, we're not big fans of X. Unrelatedly, I was wondering how you see your future at this company?
Sure, play it out. Lots of things are currently illegal reasons for being fired or discriminated against at work -- eg "protected classes" such as sex, religion, race, national origin. Are you trying to argue that discrimination on that basis does not exist? If not, then we can agree that, whatever laws exist to prohibit it, discrimination based on voting would exist.
Given that, you're left with needing to argue that the societal benefits of non-secret voting would outweigh the harms of voting-based discrimination. To me, that doesn't seem like a close call, but I'm open to the counter-argument.
Do you have a publically verifiable, accessible record of your statements regarding your being discriminated against?
Because actually a lot of people might argue that not having this, in the first place, is why our societies are so easily corruptible.
The open society dogma, and I admit this is just a thought experiment, might very much include the fact that, when someones rights are abused, it doesn't just get lost in the noise.
Being able to vote - and address grievances for which I require government support - seems to me to be a way to complete the vote as a proper transaction, between the individual and the state.
Right now, you vote and get nothing back - well, you get the assumption that your government is still going to be, relative to the last one, livable (or else you'd be a refugee and potentially pursuing statelessness..) - but when you use your Vote Statement as a way of communicating something public - per your own free will and agency (and thus right) - this is also a responsibility that must be addressed by the next administration .. giving your vote even more relevance to the incumbents and challengers, alike ..
I'm not sure what you're talking about. You're not audio recorded when you vote. And voting doesn't provide a more publicly verifiable, accessible record than a court record does -- today, you can sue an employer and make statements in court.
I'll have to bow out of this convo at this point I think as we seem to be talking past each other, or at any rate you seem to be talking about something different than what I thought we were discussing.
I believe that having an open, verifiable public record of events - of communication about and for ones government, past and future - during the voting process, should be treated as a public utility.
With this function, a vote not only becomes a static erg towards ones favoured party - but a way for the future government to a) be sure it was voted in without corruption, and b) address any corruption occuring during that process, based on open, public, verifiable data.
Yes, this is just theoretical, and thanks for the time anyway .. it was just a thought experiment.
https://www.kiesraad.nl/verkiezingen/osv-en-eml