Hacker News new | past | comments | ask | show | jobs | submit login
Security Vulnerability of Switzerland's E-Voting System (schneier.com)
89 points by mikece 11 months ago | hide | past | favorite | 85 comments



Voting is one thing I don't think should ever be fully electronic. Hard to commit actions at scale with smaller paper ballots, in most places at least.


It might be theoretically possible to devise an electronic voting scheme that is reasonably secure against various threat models (possibly with slightly different tradeoffs than paper ballots), but so far, every scheme that has been used in practice seems to have been severely flawed.

Plus, even if such a "good" e-voting system existed, it would probably be almost impossible to explain to people how it works. With paper ballots, you can have people observe the process and verify that it was fair. With all the wild accusations of fraud that we have already, I don't want to know what the world would look like if people had to do operations on the blockchain or something to verify that votes were counted correctly.


In the US, we used to be able to tabulate votes in 1 day, fairly correctly, with little corruption. Where there were problems, we could manually audit quickly and effectively. Then we switched away from paper ballots to e-voting.


>In the US, we used to be able to tabulate votes in 1 day

Have we? Do you have a particular state in mind? As far as I know, all states have a post-election canvassing period of at least a week or two (if not longer) before official results are certified. Some states like California and New York are notoriously slow to certify. Election night results are always preliminary and subject to shifts, especially as mail and provisional ballots get processed.


Voting is a massively parallel process. Officials can count ballots, fill acts and seal the urns in the same day. In fact, elections in other countries, like Mexico, usually have at least 95% of votes certified by the next day, even if the last few percent drags their feet for some reason.

There's no sensible reason to wait weeks for voting results, just put more people to the task, for the sake of transparency and promptness.


>In fact, elections in other countries, like Mexico, usually have at least 95% of votes certified by the next day, even if the last few percent drags their feet for some reason.

I don't know what this means. "Certification" is when a state finalizes the official legally-binding results for elections. Votes aren't certified, election results are. It's when a state says "Coca-Cola got 832,992 votes and Pepsi got 902,311 votes" and enters it into its legal and historical record.

All US states take time to certify results precisely to make sure the process is carried out correctly. They do things like archiving paper ballots, electronic records, and signed affidavits in case of legal challenges, processing provisional ballots and same-day registrations, and cross-checking the number of registered voters who showed up with the number of ballots cast at each precinct.


As soon as the election closes, every urn is opened in front of the randomly-selected citizen officials, and voluntary party witnesses. Votes are counted, including invalid/nulled votes, an electoral "acta" (a written record) is filled, everything is sealed and delivered to the National Electoral Institute (INE) local office. This happens mere hours after elections closed, and it is simultaneous in all urns.

The INE gives preliminary results when they're statistically certain, usually the same night around 10-11pm. Even if the last percent of urns is delayed, they aren't enough numbers to affect the results, but anyway, the records get certified as they arrive, and the next day 100% of votes are accounted and the election is closed.

The system is pretty amazing, mainly becaue the INE is an independent civil institution. Unfortunately, our current president is making every effort to subvert it and return to the times where the government ran the elections in opacity.


First, final returns have never been available in one day. Results reported the night of and day after are preliminary, and the canvassing process (essentially the routine audit and resolution of abnormal ballots like provisionals) routinely takes weeks.

Second, the US has not switched away from paper ballots. Only a minority of states use DRE (direct-recording electronic) voting today, and a minority of those use DRE without paper trail (the number of these systems is decreasing with time as well). The most common voting system in the US is precinct tabulation, in which paper ballots are cast and counted on site, then retained for audit.

DRE voting was only really introduced to the US as a result of the short-timeline requirements of the Help America Vote Act of 2002, which required disability-accessible voting be available in all precincts. At the time, DRE machines without paper trail were the most affordable option that met accessibility requirements, and most states have very little money to spend on their voting equipment. In large part because of controversy around DRE machines, DRE machines with voter verifiable paper audit trail (DRE/VVPAT) and paper ballots with accessible ballot marking devices (BMDs) are now the norm for new systems. States still using DRE without VVPAT are generally only using it because they have not been able to afford to replace equipment.


> In the US, we used to be able to tabulate votes in 1 day, fairly correctly, with little corruption.

For your consideration, a high-profile paper ballot counting case you may have missed:

https://en.wikipedia.org/wiki/Bush_v._Gore

A brief summary of the timeline is that the vote counts took weeks (much longer than "1 day"), ultimately resulting in state and national Supreme Courts to get involved.


That summary is a bit revisionist, so the snark is a bit misplaced.

The initial vote count was reported November 8th (the day after voting, which was November 7th).

Since the margin of victory was less than 0.5%, an automatic recount was triggered, which resulted in an even smaller margin.

That, in turn, resulted in a month-long lawsuit, while both major parties challenged individual ballots during a manual recount. Challenging individual ballots and the legal process are what drew out final certification of the election.

It's not really fair to cite that case an example where either the votes were not counted in 1 day, not counted with little corruption, or not counted fairly accurately (the disputes were over fractions of fractions of a percent of all ballots cast in Florida).


> The initial vote count was reported November 8th (the day after voting, which was November 7th).

This is immaterial. The State did not consider that number as official, even though it had been widely reported. The official numbers are the only thing that matters.

> It's not really fair to cite that case an example where either the votes were not counted in 1 day, not counted with little corruption, or not counted fairly accurately

When talking about a legal process, it's pointless to ignore the statutes that govern the certification process (including automatic recounts and challenge windows), or the inevitable legal process around voting. These things happen. That's why election certification is not the day after voting in any state. Certified results are the only results that matter.

If it was reasonable to get final results in a day, then certainly there is a state that statutorily requires certification by (say) Thursday or Friday after the Tuesday vote? So which state is it?

Keep in mind that the country was much less polarized in 2000 than it is now, so it's entirely likely that paper ballots used in 2024 would see multiple state outcomes that looked like Florida in 2000.

In particular, close races like FL in 2000 may depend on ballots from e.g. overseas service members. Those are not required to be received by states until days after Election Day. Without changing the dates service members have to mail their ballots, there's no way to count all the votes until days after the election.

> That summary is a bit revisionist, so the snark is a bit misplaced.

The "snark" is warranted because the fiasco with paper ballots highlighted in Bush v Gore is a key reason we abandoned paper ballots.

EDIT: Also Bush v Gore would not have been "current events" for anybody younger than 35-40, so the reminder is important. (YMMV but I definitely was not following politics when I was in elementary school.)


Another reason your snark is completely misplaced is that punch ballots are not what people generally mean by hand marked paper ballots. The standard for HMPB is pen-marked optically scanned ballots with races and candidates clearly separated and bubbles directly adjacent on the outside edges.

The vast majority of states still use HMPB and the vast majority of states use hand marked paper ballots with optical scan and the vast majority have no problem counting ballots [0].

A lot of people opted to mail in ballots in 2020 when they could because of covid concern. Mail-in and drop off ballots shouldn't take much longer to count, but they do because of dumbassery in some states requiring counting on or after election dat. And also vilifying postmark-by causing a delay of approximately 3 days while absentee/mailin ballots are delivered. Postmarking works for official court documents but for some reason "they're stealing our votes!" when you're a losing and shrinking minority. Everyone should be aware that mail-in ballots are going to have a delay and none of the states vote counts are official the day of. That's how we always did it and it worked fine until some asshat decided to attack our elections before they even started.

Florida was a hole-punch system that was absolutely terrible. They fixed that.

[0] https://ballotpedia.org/Voting_methods_and_equipment_by_stat...


This was the claim to which I was responding:

> Then we switched away from paper ballots to e-voting

You are objecting to claims neither I nor the OP made:

> punch ballots are not what people generally mean by hand marked paper ballots

In particular, nobody said anything about how the paper ballots were marked.

Absolutely agree with your points that there is a concerted effort to make our elections look illegitimate by e.g. not allowing early/absentee ballots to be counted before Election Day, underfunding elections processes, designing elections so that some areas have incredibly long lines on Election Day, etc.


1) Florida did not switch to e-voting machines. They switched to what most people mean by HMPB - hand marked bubble fill, scanned optically and retained for audits.

Most importantly:

2) There is no problem with hand marked paper ballots optically scanned. And those aren't considered e-voting machines where votes are recorded electronically.

The whole point of whether hand marked paper is a problem depends on how they are marked (eg NOT punched) and to not acknowledge that is disingenuous.

I'm glad we are on the same page with improving efficiencies. Lack of polling places => long lines on election day is particularly egregious.


> The "snark" is warranted because the fiasco with paper ballots highlighted in Bush v Gore is a key reason we abandoned paper ballots.

Also a big reason why Florida is now allowed to count votes (ex. absentee ballots) prior to election day so that on election day they can be much further along on the count.


Was there an "e-" component in the Bush/Florida saga? I thought the "hanging chads" thing was from _mechanical_ voting machines, and electronic ones were introduced to stop that from happening again, or have I misremembered?


This false claim needs to stop. Was never true.


Let's also stop using electronic techonology for banking and do it manually because it's harder to commit actions at scale with physical bank notes.

This is a non sequitur, if we use it for banking (which is much more critical than voting), why is it a problem if we use electronic technology for voting?

Estonia has it and it's working well so far. Brazil has a complete different system and it's much more auditable and less prone to manipulation and vote output alteration from human error.

Edit: conclusion of the article is "lets switch back to paper because this system uses the internet". well, do you know that you can still have a 100% electronic voting system that - brace yourselves - don't use the internet? Take a look at Brazil's electronic ballots for example.

They aren't connected to the internet at all, everything is stored locally on a memory card that is collected by the authorities at the end of the voting period, then sent to Brasilia for counting at a special room where the machines that read the cards don't have access to the internet.


> if we use it for banking (which is much more critical than voting), why is it a problem if we use electronic technology for voting?

If a bank makes a significant mistake, the average person WILL notice and the bank can resolve it through extensive audit logs and other records. This isn't the case with voting where any audit logs are purposefully anonymized.

The average person can't identify electronic voting fraud or even honest mistakes/bugs while anyone can be present during ballot counts, re-counts and add up the numbers as long as they have a calculator. A process as fundamental as voting should be completely transparent, simple to understand for the average person and shouldn't require blind trust in "experts" and institutions.


>This is a non sequitur, if we use it for banking (which is much more critical than voting), why is it a problem if we use electronic technology for voting?

Banking as a use-case is far more fault-tolerant than elections. Bad transactions can be reversed and redone. You can insure transactions, and all parties involved have visibility into the amounts, senders, and recipients.

Elections are one-off events involving secret ballots. You can't have a do-over without throwing the whole system into question. You can't take out insurance for elections.


When you replace an existing technology you have to ask yourself the question what do i gain by replacing it and what do i lose? In this case if you go with these voting machines you lose the ease of auditing in my opinion. Usually in democracies parties can send out representatives to each voting area so they can check that the process gets followed.

But if you stand next to the machine you do not know if it does the job properly. This lack of easy transparency means that people will never trust it. Not matter how much cryptography and security you put in it, people will never ever trust this output because of the endless ways it can go wrong without anyone ever knowing.


When politicians can clean out your bank account for protesting, or simply sending money to a protest fundraiser, your vote matters more.

Canada.


Unless you happen to own the company that makes the machines, or manages them, or operates a significant number of them, or counts the votes. And even if those people can't, the public opinion is that they can, and that's just as bad.


Where I'm from, votes are hand counted by committee of multiple people in each voting district and anyone else can come and observe the process.

You can't commit large scale fraud this way. And the results are available within 12 hours of the closing thanks to massive parallelism.

There is no point in using machines other than enriching their manufacturer and enabling fraud.


>There is no point in using machines other than enriching their manufacturer and enabling fraud.

This is a shortsighted take. To be clear, "machines" can fall anywhere from direct-recording electronic (DRE) machines where people vote on touchscreens with no paper record, to optical-scan machines that process Scantron-style bubble-in paper ballots. The latter is a really good option because you get all the security and usability benefits of paper with the speed of machine counts. That's especially important in jurisdictions that do ranked-choice voting (like Alaska) or places with very long and complicated ballots (like California). If you don't trust the scanner, then a risk-limiting audit [1] will detect discrepancies between what the machine says and what the paper ballots say.

[1] https://en.wikipedia.org/wiki/Risk-limiting_audit


Even better than an RLA is a full machine recount from a different company to the one that recorded the votes in the first place. RLAs typically only count a small percentage of the total ballots, while a full machine Audit will count all ballots.

I'm biased because this is what the company I work for does, but I think it's hard to argue that not counting all ballots is as good as counting all ballots.


Empty box is opened in front of multiple witnesses

Voter comes along, name ticked off list of registered voters -- "this person has voted"

Voter given stamped piece of paper with candidates on in front of multiple witnesses.

Voter marks an X next to a name on a paper, folds paper, showing stamp, puts in a box in front of multiple witnesses

Box fills and is then sealed in front of witnesses. Number of votes inside (from the ticking the list) written on.

Box is then transferred to counting place.

Box is unsealed at counting location in front of multiple witnesses

Papers counted to confirm they have a stamp and the number of papers matches the number of votes on the box and accompanying paperwork

Papers transferred to counting table in front of multiple witnesses

Papers counted in front of multiple witnesses

Any confusing ballots set aside to discuss between candidates and the adjudicator

If the vote is close papers are recounted

Winner announced.

This works fine with elections with a turnout measured >30 million people in the UK, which means it works fine for the largest election in the US (California presidential election).

So it's secure, scalable, and cheap

At what point can you commit fraud to a scale where the effort to do it returns more than the effort to campaign for a few more votes?


>This works fine with elections with a turnout measured >30 million people in the UK, which means it works fine for the largest election in the US (California presidential election).

Not necessarily. California will literally have dozens of contests on the same ballot. Here's last year's non-presidential ballot in San Francisco. There are about 24 contests on this, and this doesn't appear to list ballot measures, a California favorite. It's impractical to hand-count California ballots under the procedure you describe given how very long they are.

https://voterguide.sfelections.org/en/november-8-2022-electi...


I'll note that France has a slight variant on that, where it's assumed that any identifiable marker of the ballot could reveal a voter's identity, bad in case of blackmail like "vote for X, and show it by having a stripe at at the top, or I [do bad things to family], I'll be checking the ballots").

To avoid this, no markers, but all possible votes are pieces of paper with printed text, grab N>2, go in the booth, put in one in an envelope.

This way your vote and any other vote look identical, and vote is voided in case of any identifying mark (even weirdly bent paper etc). No stamp needed, just number of votes/envelopes.


Much larger problems with voter intimidation in the UK through the postal vote system.

I've been to several counts in the UK, spotting a specific ballot, even if you know which box it's in, is impossible.

You've then got to be able to enforce that enough to make a difference. You'd have to have a unique mark for every person (at least at every station) you're trying to enforce, one that can be quickly spotted by one of about 5 people you can get at the verification stage.

Even then there's no guarantee you didn't just miss it.

Sure, you can write "WANK" next to everyone you don't like, and that's great, but again the number of votes you could affect in this way would be a tiny number.


In Sweden there are not separate places for the first count. The votes are counted once at the polling station and then moved and count again centrally by hand.


We have tabulation machines and hand verification, both cross checked, where I'm from. No systematic issues, obviously attempts at localised fraud but this has been caught. More fraud in postal voting.


I'm surprised nobody who's opposed to voting machines has set up a company to build/sell them yet. I assume people would buy them off your competitors if your pitch was "e-voting is bad, insecure, and has intractable problems. these machines are the cheapest and least-bad ones."

I was considering it for a while, calling them Expensive-Pencil machines or something, alluding to the paper they'd print out following your vote.


In the eternal words of DevOps Borat: "To make error is human. To propagate error to all server in automatic way is devops."[0]

Not everything in society has to be about maximum efficiency. Paper ballots aren't maximally efficient in terms of resources required to count, but has other desirable characteristics that we may prefer.

[0]: https://twitter.com/DEVOPS_BORAT/status/41587168870797312


Just this morning I wrote "to err requires a human, to really foul things up requires automation"


The Swiss e-voting system is currently being used in a trial in three (2.5 if you count the Swiss way) out of 20-odd cantons. It's real, but not deployed nationally yet. That doesn't change any of the arguments here, but it is context that I wish had been provided in the article.


They could also have mentioned that each time the system is tested, some serious security incident pops up, like [1]. Each vote counts and if a digital system cannot provide accuracy, then don't trust it at all. People wilm start with "but the system cannot lie" when in truth it did. The british postal office did that, and we know where that went...

[1] https://democracychronicles.org/swiss-post-e-voting-system/


From that page (which is from 2019):

> A second error in the Swiss Post planned e-voting system has been discovered as the public intrusion test phase comes to an end. The Federal Chancellery announced the need for action and confirmed a review of the e-voting certification and approval process.

I would argue that the whole point of a public intrusion test phase _before_ the system is ever used live, is to find and eliminate bugs like this. Flaws being found in this phase is surely the process working as intended?

It would be a very different matter if a verifiability bug was found in the live system in 2023 as opposed to the test system in 2019.


> Online voting is insecure, period

Starting like that the author saves our time by letting us know that

1. This is a biased take. 2. There will be no attempt to asses overall security, its weak and strong points.

But I still have read it to learn that the author says that paper voting solves security problems. Here’s the bonus point:

3. The author ignores security issues with paper voting.


Are there largely unsolved security issues with paper voting? Why can countries like Germany pull that normally off quite well (other than local ineptitude in Berlin, perhaps)?


Yes.

Voting under duress, when a voter is forced to vote in a specific way and make a selfie of them with the filled ballot as proof. It’s solved by allowing to cast the vote electronically as many times as you like until election ends.

Voter suppression. Voting day can be a workday, ballot box can be in a remote location: those factors together remove day workers who can’t take a day off from voting. Partially amended by mail voting, completely eradicated by electronic voting.

And the biggest issue: trust. The less democratic a country is, higher the chance that the electorate commission is dependent on government. There’s no way for a voter in paper based election to check if their ballot was counted in the end. Once again, can be solved with electronic voting.


You can bet money on the fact that when electronic ballots will have the similar tenure as paper ones, they will be equally secure.

I think Schneier, and possibly everyone else, is overlooking one simple thing, nothing needs to be perfect on the first try. Iteration on electronic voting is possible all the way up until you hinge serious stakes on it. A country level organization experimenting with technology to improve the experience of voting and lowering the bar for exercising one's citizenship rights should make us glad, not dismissive. The article series Schneier is basing his critique on is getting this right:

> The e-voting system currently being developed by Swiss Post has been significantly improved. However, further developments, some of them substantial, are still required.


I am not sure why anyone should switch to something different so that it can eventually be as secure as paper - maybe I misunderstand.

What experience needs improving in the paper ballots that needs to go beyond paper? What bar needs to be lowered and is that desirable?


The main downside of paper ballots is the slowness and contrivance of the process. I think it's a phenomenon that's present in most countries that don't have mandatory voting law to see very low participation, especially with the younger demographic.

Having to set aside a whole day to exercise your rights as a citizen is ridiculous in my opinion and we can do a lot better. (Seeing as the article is about Switzerland, I would say their mail ballot initiative is a step in the right direction but to me it also looks less secure than paper ballots).

Another one is speed. People in this thread complain that some regions in the US only had their final counts for the last presidential election days, if not weeks after the voting ended. How is that acceptable?

In my opinion, when voting is as easy as pushing a button in an application or on a website, the democratic process will have a wider reach and could be used for many more things than the very important ones, like presidential elections or referenda (again the Swiss already do this AFAIK).


Swiss people have been able to vote via mail-in vote since forever and there were never any instances of large-scale fraud that I know of.

It's true that in-person voting is safer. If you mail in your ballot, nobody can verify that you were truly alone and weren't coerced into giving your vote. And of course, it's not rare for e.g. a child to fill out the ballot for its senior parent etc. But it's still hard to commit large-scale fraud, as you'd need to be in control of the mail delivery.


Speed is not a paper thing, it can have results within hours in large countries.

Voting with paper also doesn't have to take all day - a few minutes at a polling station or even less by mail ballot (fraud isn't an issue of paper here).

Also, voting is more than a right, it is exercising authority and that might perhaps need at least some minimum of hurdle in it to get focus.

In terms of broader and more fluid democracy - perhaps, but need to be careful to maintain focus and not end up in something gamified.


> but need to be careful to maintain focus and not end up in something gamified.

Sorry, but why?

In my opinion _any_ method to get more people involved in the democratic process is a win.


Because exercising authority on not only one's own future but that of society isn't a game. If the way to get engagement is to hide away consequences and reflection then that is the wrong way to get people to exercise authority responsibly.


I don't agree. Democracy is a process that should involve _all_ opinions and all attitudes, including those of the people who think it's a game.

It looks to me that you're looking at matters with rose tinted glasses to think for one second that the the people handling the current democratic process feel the burden of consequences for it.


Not for one second do I believe that all the people are thinking about the exercise of authority and the consequences thereof when they cast a vote, hence I don't want to further such attitudes.

That aside, you seem to advocate a pretty broad change to laws restricting voting when you want all(!) opinions and attitudes to count. What do you see as template there on how to shape the franchise (e.g., what to do about minimum age, insanity)?


Sorry, I probably got carried away and ended up not making myself understood.

I'm fine with the rules as they are for determining who is recognized to vote.

My intentions were for increasing participation in the demographics which are currently legitimate but are being kept out by external factors (they don't have child minders, they can't take a day off work, ie. the poor), or choosing by themselves to keep out of the process (it's lame to vote, all choices are the same, I have better things to do, ie. the young). You can't have a true democracy if these classes of people are underrepresented in your vote.


Fair.

I just don't see how there is a causal link between these issues and paper ballots. Poor voting implementations could make participation difficult regardless of the voting method, for example. Similarly, political apathy of sorts isn't cured by abstracting away the politics.


Voting day should be a national federal holiday, that would eliminate most concerns about the poor, lack of 'child minders', day of work, etc.

The arguments some people are making in this thread that it -shouldn't- take a day, should only take a 'click', are misguided imo. There is value in slowing down collectively, participating in the process, and seeing the results of that collective action.

Reducing it to a task to be completed as efficiently as possible is horribly misguided -- but eliminating the barriers to participate collectively is conversely an admirable goal, which could easily be mostly solved via federal holiday.


Voting is a human trust problem. More people can understand voting with paper and pencil than computers. And this is mostly because everyone knows someone who's been ripped off online with no recourse. No one really trusts computers.

Pencil and paper solves the trust issue. And the issues of security around paper voting such as it's security, lots of guards, public counts etc, costing a bit more, are better understood than SSL, layer 1,2,3,4 securities, and verifiable systems.


I think you make a good point. Purely from the public trust perspective, paper and pencil seems so simple it makes people trust the system is secure. If the claim is it's cryptographically impossible for this system to be cheated, most of us would still have to trust the experts making those claims.

However, it's beyond simply the public needing simple systems; the number of experts that would be required to lie about the certainty of a system is low enough that you really do create a less secure system. Paper ballots are harder to cheat because the systems scale in a way that you require more people in on the heist, which is the hardest part of any scam.


Additionally, paper voting is easy to administer. Anyone can volunteer to administer a paper-based election and understand all the processes involved. The same can't be said about black-box cryptographic magic.

Scrutability and accessibility go a long way in establishing trust. Putting elections behind technical complexity does the opposite.


>And this is mostly because everyone knows someone who's been ripped off online with no recourse. No one really trusts computers.

Online scams are a human problem, not a computer problem. People also get scammed via telephone. If someone asks you for your CC number and you give it to them, then the medium is not that important.


Our current technology encourages human misunderstanding.

There’s nothing in the human evolution that would prepare us for nonstop phishing attacks.

It absolutely is a computer failure because we haven’t changed, they have.


I think what the author means is, that online/digital voting is more insecure than paper voting.

I don't think that is a biased take. An attack on paper voting is always going to be more complex thus making it more secure.


You just invented a moderate position that explicitly did not exist in the article.


>I don't think that is a biased take. An attack on paper voting is always going to be more complex thus making it more secure.

Until some genius figure teleportation, then cats are out of the bag ;-)

Anyone knows if Star Trek figured that one?


> > Like any internet voting system, it has inherent security vulnerabilities: if there are malicious insiders, they can corrupt the vote count

Malicious insiders can always corrupt the vote count. This isn't unique to e-voting systems.


The difference here is that they can do it with few people or alone, possibly hard do detect, and most importartly, at scale. Attacks on paper voting require many people in differet locations, can be re-counted, an they don't scale.


Exactly this. Paper voting has some really great properties, like being easy to understand, easy to administer, easy to examine after the fact, and hard to attack at scale or at a distance. It's not perfect, but as the National Academies of Sciences found in its review of election security research [1], it's the best option we've currently got.

Security is a "better than" game. Just because option X isn't perfect doesn't mean X isn't a worthwhile solution given all other alternatives.

[1] https://nap.nationalacademies.org/resource/25120/interactive...


> it's the best option we've currently got.

And if everyone continues with the kind of sentiment prevalent in this thread that's likely the best we're ever going to get.


I don't understand how people are completely fine with having their thousands and millions of dollars handled electronically but when it comes to something trivial as voting, they suddenly put on their tinfoil hats and say computers are insecure.


Because banks have financial incentives in keeping your transactions secure, and even then errors happen all the freaking time.

Government do not have this incentive, and how do you recover from errors once malicious actors have gained power ?


Because government handled billions and has armies? Sometimes even nuclear weapons. Does your bank habe that?


I think in the future, whenever elections are lost, blaming the electronic voting system is just too easy a scapegoat.

And, for any politician who does that... I can't say they are completely making stuff up. It might just be better if we acknowledge and accept that old technology isn't bad. Windows XP is perfectly fine for controlling CNCs and medical devices to this day, as long as it's not connected to the internet. Probably better for it actually, because it won't restart to install an update with modern Windows. I'm not in favor of "new for the sake of new."


But you wouldn't need to attack the paper voting; you can just attack the electronic reporting of a paper vote. That said, I'm pretty sure the issue is just that Fox News et al convinced a large portion of US that the election isn't secure while it actually was so it's just a perception problem and not a real problem.

Related [1] where the DNC refused to use correct caucus results and instead insisted on using the incorrect computations as they were a "legal document".

[1]: https://www.nytimes.com/interactive/2020/02/14/us/politics/i...


I agree, it's more easy to do at scale with e-voting. I wonder if you could mitigate this by having(in the US at least), county-local voting portals which are independently managed, and then collated into some larger vote bucket for state/federal elections.


The idea with a "count" in a British election is that so many people from all the different parties are wandering around (both counting by hand and observing) that it's difficult to get up to any funny business.

There is obviously always a gap but I'm not aware of anything practical being pulled off with such a system


E-voting generally replaces tens of thousands of often randomly picked volunteers that watch both the containers with the votes and each other. Messing with that takes a lot more than just flipping a bit in software.


People could already find information in libraries so we never needed Google.

One word: scale.


Google came after Ask Jeeves, Altavista, Yahoo,...

As for finding information on Google, maybe 20 years ago that was true, now I find mostly ad sponsored results.


I had thought about including an additional sentence in my comment that admitted that attacks on e-voting would scale more easily, but decided against it.

I'm taking issue with the way the article implies the insider threat problem is unique to an e-voting system.


Once the "install malware" card has been drawn, you can forget security. Hell, with his argument, you can't even be sure you read what he wrote.

To all experts here: Give it a shot!

https://yeswehack.com/programs/swiss-post-evoting

https://gitlab.com/swisspost-evoting/e-voting/e-voting


Considering my experience with anything digital made by (or for) Swiss government agencies, I can absolutely imagine that it's a horror show.

For example, we had a digital vaccination certificate application (before COVID, calm down tin foil hats). This application/website apparently had issues so bad that the government had no other option than to just close it down for good from one day to another. Essentially, f..d up beyond repair.

People couldn't even get their data out it anymore. It now seems that data rescue might be possible "soon"... 2.5 years after the platform has been taken down.

Basically, everything IT our government touches is doomed ;)

Source: I'm Swiss


Yep, that pretty much mirrors my own experience as well, and I am also Swiss.

Sadly, IT companies in Switzerland aren't serious about security. Even big, reputable firms have been shown to be sub par when it comes to it... One of such incidents involved a highly reputable firm in Geneva that had many federal contracts. They got a data breach and their dirty laundry got aired out in the open: passwords to client networks/accounts/... were stored in clear text, contracts and other confidential information barely protected...

So I'd say, while in Switzerland we do some things right, IT ain't it.


Then on the other hand, Scala was developed in Switzerland, and Pascal before that. :)


I wouldn't say everything. I find the SBB app quite usable, for example. Compare that to the German DB app...


Fair enough, I guess our public transport system is pretty good anyway, especially compared to others.

Of course it’s not everything. We also have great official geo mapping for example:

https://www.swisstopo.admin.ch/


They could simply advertise the instructions. Especially the correct server address. There's no need to panic. Sure a few voters would still be duped, but that's on par with the status quo. I don't see the issue.


At least they have an e-voting system to patch vulnerabilities in.

The US is so hung up on “this is the one system that should never be fully electronic” that we end up with absolutely terrible systems.


[flagged]


Not MAGA or a troll, but you sure are showing a lack of kindness to others with your comment. I’m sure it’s unintended, but I don’t think showing off your egotism or distain for Americans makes your point better or encourage healthy conversation.

Aka, I would love it if you could help me keep HN from becoming another Reddit.

I agree that I would have loved to have seen the ultimate truth come out. I don’t think that particular situation is the best example perhaps, but the voting systems in the US have been repeatedly obliterated at DEFCON year after year.

It’s more that you can make terrible systems and discharge the concequences with a settlement that I meant to refer to.

But the way in which it immediately made the whole conversation polarize around political parties is also the point I’m trying to make. It’s so difficult to discuss the failure of the system because of the insane politics. You’re not even American (presumably) but you’re jumping in with a judgement about political parties and voting systems. That’s some pretty intense social commentary about how messed up voting in the US is.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: