As an example, I worked with Michael Clarkson on an implementation of Civitas:
The problem is they are far too complicated to explain to voters which makes them unlikely to be adopted and unlikely to be trusted. Having a secure vote is obviously the primary goal, but having a vote that people trust is pretty important too.
This system was designed by a couple cryptographers, one of them Ron Rivest of RSA fame. For details on this and a couple other simple voting systems, see here:
'DOZENS' OF COLORADO ROMNEY VOTERS CLAIM MACHINES CHANGED VOTES TO OBAMA
Actually, he'd be much less credible than an anonymous 4chan poster without video.
The trick to these systems is there's some one-way hash done. This requires a lot of ballots, with enough hash collisions to ensure one's ballot gets lost within the herd.
Alas, elections in the USA are precinct-based, typically 1 to 1,000 voters in size. And our ballots are complicated. My ballot this election had 20 issues.
So combinatorially, it's very likely my ballot will be utterly unique within my precinct. Meaning my ballot is not secret.
Edit: Clarification at end.
The count needs to be verifiable, and needs to be simply comprehensible.
The paper process has the following check points:
* the ballot box is seen to be empty at the beginning of the process
* the turnout can be collected and collated by the candidates nominees during the day
* the first count is the ballot count which the candidate's nominees can check against the recorded turnout
* the papers are sorted for the second count, publically - and the candidates nominees do what is called 'a box count' from which we can predict the final result
* the ballots are bundled and tallied in public
* disputed papers are agreed by the candidates and the candidates representatives
* the candidates have an automatic right of recount if the margin is below a certain amount, and at the returning officers discretion otherwise
On top of that we have collected voter id information and Reading cards so we can estimate the result based on the marked register after the event.
What this means is that not only is the result verifiable, it is publicly verifiable by almost anyone with basic high school maths.
The reason this is important because I have worked elections with Nazi candidates - and I worked in Belfast when the civil war was on and the degree of trust across the political communities was very low.
The critical purpose of the public count is not to establish who has won the election, but to bind the losers, and their voters into the result.
If I had to stand up on a platform and the Nazi said "they used these machines to take away our vote" and my only response is to start talking about how there are some papers that show if you have hard to factor prime numbers you can generate some low-collision hash or some other random klingon space talk, then it is game over.
The proportion of the UK who withdrew their consent to be governed during the 30 years of the war in Ireland was less than 1% - rising to 10% of Northern Ireland. Making it easy for a tiny number of people to be pulled out of consent by political extremists is crazy, crazy, crazy.
The 2007 Scottish Parliament election in the UK had a crappy ballot (edited originally said 9% which was wrong an error rate 4 times higher than expected - think of Florida's hanging chads across the whole country). If 26 votes had gone another way in one constituency we would have had a Labour Government not a Scottish National Party one.
This ballot paper was combined with electronic counting and it was a total shambles.
As a tallyman on the night I could not endorse or verify the result at all - we had no idea what the result was - except what the machine said it was. Everyone was all geared up for legal challenges - but the leadership of the two parties got together and agreed that everyone should walk away and we would let the chips fall as they did.
I never want to see that again - and we don't hate each other in Scotland like you American's do.
Paper ballots, paper counting is the way to go. (Don't get me started on how your electoral boundaries operate - or the fact that you don't have an independent electoral commission).
I strongly agree with everything you said, and am thus interested in learning more. I had no idea the Scottish election was so ridiculously bad. Is there anyone campaigning against this in the UK I can donate money to, or lend my support to?
Paper ballet (and the process you outlined behind it) is important to prove beyond all reasonable doubt to the losers and their voters that the election was fair. The primary purpose of an election is to be seen as fair. Any reasonable doubt at all and legitimacy is quickly eroded and then you may as well not have bothered with democracy at all.
On reading it I see that I have misrepresented the figures from memory:
2.88% of regional/list ballots were invalid
4.075% of constituency ballots were invalid
1.83% of local government ballots were invalid
These were against a historical spoilt paper rate of about 0.66%
(I have edited the original post to correct it)
The regional and constituency ballots were on the same physical piece of paper and if you voted a full ticket (eg SNP/SNP or Labour/Labour) there was only one way to do it.
For small parties (Greens, SSP) which only ran on the regional list you had to split the ticket. And there was one valid way to vote Labour/Green and one invalid way - so the small parties were much more liable to get invalid votes. The number of independent/small party MSP's was lower than expected.
I'll weakly support ballot optical devices at poll sites in many USA jurisdictions, because our ballots can be quite complicated, until someone shows me that hand counting is generally feasible. With 30 issues on a ballot, sort / stack / count can get ugly.
Aside: Thank you for your work on elections. I wish more geeks would actually work an election, or at least observe, before spewing about how to fix voting systems.
I can speak for what happens in Portugal. We use the d'Hondt system with paper ballots, and it is not uncommon to have around 15 candidates on a ballot in certain elections, though we have no write-ins - only one checkbox per candidate.
In the last elections there were about 4,000 polling stations. Since about 6,000,000 people are allowed to vote, this is around 1,500 people per polling station on average (obviously, the distribution is not uniform). Turnout seldom exceeds 50%, so in practice the number of votes is much smaller.
Votes are counted by hand - no automation at all - at each polling station. Usually, within about 5-6 hours 99% of the votes have been tallied, with the remainder done with by the morning after.
I would say it is demonstrably workable to count votes by hand, even with a large number of candidates. I concede that write-ins may present a difficulty, but honestly: since (afaik) in the USA you can only vote on designated candidates, how difficult can it be to have all of their names appear on the ballot?
In the US, I think most places let you write in whoever you want. If they get enough votes, they win. Google "Lisa Murkowski".
The other problem is that unlike parliamentary systems, in the US we vote for multiple things and not which party/who your MP is. These are some of the things on the ballot:
1. President & VP
3. Congress Representative
5. Ballot measures
Unless each of these is on a different sheet of paper, counting them might be hard. Don't get me wrong though. I think that we should be using paper ballots. What does it matter if it takes 2 days instead of 1 to figure out who won.
Yes, I would imagine write-ins could complicate the situation considerably (thanks for the link, btw!) - though, if the proportion of write-ins is small, it probably won't matter much.
> The other problem is that unlike parliamentary systems, in the US we vote for multiple things and not which party/who your MP is.
This also happens in Portugal; we do use different pieces of paper (and different ballot boxes) for each of the positions we are voting for.
> I think that we should be using paper ballots. What does it matter if it takes 2 days instead of 1 to figure out who won.
Yes, I totally agree with you. There are more important things than a speedy count, and resilience to fraud is certainly one of them. And as far as costs go, they are probably dwarfed by the amount spent on the campaign. I really don't understand why anyone would be so eager to speed up the process, except for shady motives.
And, yes, we use one sheet of paper per election. On election day there are three separate elections (municipal, provincial, parliament) and optionally one or more referendums.
> I wish more geeks would actually work an election, or at least observe, before spewing about how to fix voting systems
Its the same every election - a hundred irrelevant cryptographically schemes...
I don't think this is true, since there's a massive correlation between ballot positions and they're not randomly distributed. Since the parties tend to take positions on amendments, bonds, and issues, that correlation extends to those as well.
There are certainly going to be unique ballots per precinct, and really tiny precincts like Hart's Location and Dixie Notch or whatever are subject to it too, but it's not "very likely" for the average US voter.