Voatz, for example, gives each voter an anonymized identification number that allows them to look up their votes as they were recorded on the Voatz server. This is probably essential for ensuring that votes are recorded correctly. But it erodes the sanctity of the private ballot, since people in positions of power could coerce voters into revealing how they voted.
I immediately think that this could be fixed by giving voters the opportunity to generate multiple ID numbers that lead to “proof” that the voter a different way. Maybe even different passwords that lead to only one voting record, in the event of someone forcing you to log in and show that you voted the way they told you. There are probably other attacks that can be performed upon this vague handwavy scheme of course.
Can’t fix the incredibly stupid name of “Voatz” though, I cringe every time I see them mentioned.
I've had the same thought. When you vote the system can generate "duress" key for other candidates on the ballot. So you can technically "prove" you voted for anyone, so only you can verify which key is real.
Online voting is hard because people are trying to solve a wrong problem. Now anonymity in voting is needed because a vote has too much value for the politician who is being elected (four years of power), and too little value for the voter (choice between two bundles of promises that almost certainly will not be kept). Because of this asymmetry there is a large risk that with non-anonymous vote people with power will force large number of people to vote for them.
But if we could vote on individual laws and policies instead of people there would not be such difference, and people would be able to use their vote rationally. And if they make mistakes they will not be stuck with the mistake for four years.
Not really sure I want to leave the country's future to the few people who can be bothered to pore over a bunch of a la carte laws and vote on each one.
While it sounds good in theory, you're leaving the country to the same sort of crazy on NextDoor who has nothing better to do but peer out their blinds during the day to report the suspicious activity of someone walking their dog.
I believe a core part of the idea is that you can delegate someone to control your vote unless you override them. Most people would choose someone whom they trust to make appropriate judgements and delegate their vote to them. So I think there would be a number of who specialize in evaluating these laws and it wouldn't be just a few crazy people.
I like the idea of having representation but being able to override my representative if I want. I really like that idea. We have the technology to implement it seamlessly now, if we wanted. I would find myself voting on a lot of issues I care about and ignoring the ones I don’t care about.
Some of the issue is that you're almost always still voting for people. People have to implement the ideas and make them happen. There's any number of policies that I'm in favor for if they worked perfectly, but I don't think they're feasible to implement or enforce using humans.
You see this a lot in local elections where often there are specific ideas on the ballot for local people to vote on. I want to vote for "more public transit options" but it's not as if I'm voting for specific train lines or bus routes.
That's before you get into the issue of who is coming up with the ideas to go on the ballot, how they word them, and how carefully they consider them. It's easy to make a lot of things sound good on the snippet you'll read on a ballot, but not prevent bad side effects that you wouldn't think about.
There is a big difference between picking someone to be your boss and decide what needs to be done, and picking someone to work for you and try to implement what you think needs to be done. You are not going to read the idea on the ballot, you read them on internet, or propose them on a site similar to change.org, and then you have lots of opportunity to give feedback during the implementation. There will not be an option to vote for "more public transit options"
Without the limitations of current voting system, there will not be useless votes like "more public transit options". Instead of that when you are stuck in traffic jam you'll create a proposal for a specific line, other people stuck in the same jam would support it, then your city will hold a competition with different companies proposing different solutions, then will be a vote to pick one of them.
Do you think that would be more likely than voting for socialists in the current system? I think the difference is that with direct voting when the endless subsidies ruin economy it will be easier to vote for something reasonable, instead of being stuck with someone like Maduro.
The issue is the same as letting someone spend his own money, he may end up spending all of it on something stupid (like alcohol), and some people indeed do that, but most people end up spending rationally.
> But if we could vote on individual laws and policies instead of people there would not be such difference, and people would be able to use their vote rationally. And if they make mistakes they will not be stuck with the mistake for four years.
People got what they voted for. The alternative here is some political cabal subverting the results. Your disagreement is with democracy itself, not a particular style of voting.
I never could understand the argument about republic vs democracy. Some people say republic protects rights of minorities because representatives are voting on laws, and there is a constitution. But if majority wants a law that is unfair to a minority, amending the constitution and electing representatives who dislike the minority is not much harder than voting for a law democratically. The only way this kind of argument works, is if representatives keep lying to get elected and then not keeping their promises. And from history we know this kind of lie never ends well. There can be systems where different people have different amount of votes, but the system of determining this should be known, and accepted by the people, to not cause instability.
Nope. GP is disagreeing with direct democracy, a very specific type of government which is not usually in favor nowadays. Most democracies in the world are representative democracies, where you vote for people who then vote on issues.
For the system to be a democracy the representatives have to represent the desires of the people who have elected them. In ideal case the results should not be different from the results of direct vote.
If there is no way to elect a representative that would support certain idea, then the system is not a democracy but something defined by the method which is used to restrict the pool of available ideas or representatives.
For most democracies in the world such a method was control of mass media, but now they have either to become real democracies or find another method of pretending to be a democracy.
> For the system to be a democracy the representatives have to represent the desires of the people who have elected them.
Not necessarily. It is very well possible for people to vote for representative they hold in high esteem even though they do not agree with them on several matters. It is very possible for representative to go against what is the current majority opinion, and even be reelected afterwards, because in the meanwhile theirs choices have bee proven right. That's why in representative democracies there are elections for a certain role only every several years, to decrease the relevance of immediate issues on the vote, and give more importance to other factors such as broader ideals and the trustworthiness of the candidate.
You can very well prefer direct democracy, but it is not the only, or the one true, kind of democracy.
For that to be democracy people would need to vote explicitly for that "monarch for four years" scheme, but people vote for campaign promises which are not being kept.
The question of whether part of UK's governance should come from Brussels is one that can only be answered by a referendum. To rule otherwise would be a breach of the peoples' right to self-determination.
Yes and no. Brexit encapsulates the problem of too much stuff being bundled into a single decision (and then administered by politicians). If the 10,000 administrative issues involved in Brexit were subject to distributed control then polities would be able to alter their relations in far more pragmatic ways rather than it being a matter of time bombs and clif edges.
not really, because being either "pro-brexit" or "anti-brexit" wasn't the real choice. there was a [3-choice condorcet paradox](https://blogs.lse.ac.uk/politicsandpolicy/brexit-condorcet/) and the voters were polled on the falsely binary choice of "in or out".
reducing complex trade-offs to a single vote for Team A or Team B is exactly what could be avoided with an issue-specific, liquid democratic system with a process for participatory, public discourse to achieve compromise
It's all speculative of course, but maybe Brexit would have never happened if the population had felt like they were being listened to. Same for Trump. We have no fine granularity in shaping the country. It is only choose between these two options that both misrepresent you in different but many ways.
While I'm very much in favor of voting on policies instead of people, I don't think that would make online voting more secure.
If voting wasn't anonymous, then wealthy people could pay people to vote in favor of the policies they want. Mobs could threaten people to vote the way they want.
Anonymous voting is important because it prevents people from verifying what you voted for. If people can't verify what you voted for, then it doesn't make sense for them to pay you or force you to vote for what they want.
With liquid democracy voting is not an one off thing, where wealthy person can buy a vote once, and then make up for it by corruption.
If wealthy people can keep paying half the country to keep the laws the way they want, and half of the country keeps accepting that, then maybe the laws are not that bad. It is a much better situation than politicians promising tax cuts or subsidies.
If country is in a situation when mobs can threaten people to vote certain way, then the same mobs can simply not accept the result of the secret vote. Moreover in a polarized society the secret vote is more likely to create mobs, because large number of people would think that no one of their acquaintances voted the "horrible way", and no decent human being could vote that way, and there was some fraud, or it is all done by hateful people from other cities and fighting is the only solution.
The situation is exactly same as with money, mobs can threaten you and take your money, fraudsters can scam you, but the solution is not for everyone to hide in bunker, and pretend that he does not have any money. The solution is for everyone to accept that threatening people is not allowed, and markets are good.
> Because of this asymmetry there is a large risk that with non-anonymous vote people with power will force large number of people to vote for them.
Why doesn't this happen today? Any politician can "force" someone to request an absentee ballot, sign it and hand it over to the politician's goons, who will fill it out and send it in with the politician's preferred vote choice. Why doesn't that happen?
I guess the usefulness of anonymity depends on the situation in the country. For instance in Armenia we do not have absentee ballots just for that reason. And before the 2018 revolution there was large percentage of bought/intimidated vote in all elections. There was a recording how owner of a supermarket chain held a meeting of all employees demanding from them a list of the ids and names of their relatives with promises to vote for him. With this kind of tactic their party ended up taking 68%, as many people were afraid that they could be found if they try to vote not the way they have promised.
Another thing to consider is that filling absentee ballots is a much more complex endeavor, than standing at the booth and making sure people vote the right way.
But in general i think in the situations when secret ballot can actually change the election result, there are much larger problems in the society, which secret ballot won't help to solve.
For instance in Rome secret ballot was introduced only at 139 BC and arguably made the following period of social troubles worse. After all every vote is a dry-run for a civil war, to see who would win without going into war, and it is useful only if it convinces both sides that war is not worth it. But if someone can't even openly say how he have voted, how he can hope to protect the result of his vote? So i think in Rome it ended up causing the civil war.
To a very good approximation, there are no people on Earth who could confirm that an online vote was correctly counted. Perhaps a few dozens of experts in cryptography, computer architecture AND security could truly understand and be convinced that the system was working as prevented. Regular people, like CS professors or Linus Torvalds definitely couldn't.
So, such a system would have to be blindly trusted by essentially everybody. Not a great basis for a democracy, I would say.
But why do we need cryptography if we are not trying to keep it anonymous? If we remove the requirement of anonymity then the task is not much different from counting upvotes on a video. Which is easy to implement, and easy to verify by different parties running the summation algorithm and by people checking their vote status on the site after the result is computed.
Anonymity is crucial to voting, so 'online voting would be easy if we gave up anonymity' would not hold up.
However, cryptography is not necessary just for anonymity, and the extreme difficulty of ensuring the system is neither rigged nor hackable is not just in understanding cryptography.
The way the current voting systems work, each party and many outside observers are going to collaborate on tallying votes in all voting places, and then collaborate in centralizing those votes in progressively larger centers, all the way to the national level. Parties have alternative counts, and they can check their numbers. Since this is a representative democracy, we can trust that the the people we voted for are either convinced the election is fair, or they are collaborating with their political opponents to cheat, which would mean that the election didn't matter anyway.
In an online system, we first need to check that the servers are running the code they claim they are running - not just once, but during the entire electoral process. We need to check that the database of votes contains all of the actual votes that were cast, and no votes that weren't cast, again, not just once, but during the entire process. We need to check that the database used to display results online is the same database used to tabulate the official result. Of course, we also need to make sure the system is highly-available and not prone to DDoS attacks. We need to ensure that someone cutting a few wires doesn't prevent a whole county from voting.
And of course, we need ways to fix all of these problems if and when they do appear. Say you have an entire county claiming their votes are incorrectly tallied. What happens next? How many people will have enough know-how to check whether there was a bug in the system or the people are lying? How long will it take to audit all of the code that ran (this is important because it is delaying the end of the election)?
Not to mention, you wouldn't really achieve that much. Voting will still have to be done from highly secure machines, so you will still have to go to a polling station (it would be absurdly easy to hack people's PC to have them cast the wrong vote). The same goes for checking the result of your vote.
Overall, an online voting system would be as difficult for people to use. It would take less time to tabulate the votes, but probably much more time to resolve disputes. It would be much, much more complex, and the number of people who could understand and check it would go down by at least 1000x. The attack surface would increase tremendously.
Imagine trying to protect your national voting system from the NSA and CIA. How many countries in the world would have the know-how to combat this very real threat? Especially while probably running US-made chips?
Why do you think it is crucial? It did not exist in USA until 1888, it did not exist in Rome until 139 BC, start of the end of Roman republic.
And in Rome the secret ballot actually have caused civil war, by encouraging the people to vote for laws they could not defend.
So voting have worked well without anonymity in the past, and you need better argument why anonymity is crucial, before starting to explore all the unnecessary complexity that it adds to voting.
Sorry, i have misinterpreted your comment, but reading it again i still do not quite understand it. If voting is open people can simply vote from their phones, everyone can check the status of their own vote, there can be two several independent servers running the software and checking each other, the list of voters will be verified the same way it is verified now. Also at first this will not replace normal voting, but augment it for voting on laws. All of this already works in voteflux which is open on github.
If your tap A on your phone, and your phone shows you that you voted for A, but you later check from your PC and you can see there that you voted for B, what do you do? What do the authorities do?
Imagine how easy it would be for the NSA/CIA/NKVD/etc. to deploy malware to infect hundreds of millions of computers to make all those people think that they've voted for someone else. If even 10% of them never bother to check from an uninfected device, the election is meaningless.
Also, who deploys the servers? Who controls physical access to them? Who is allowed to check the software running on them?
Sure, votsflux may have all their code on GitHub, but the real servers may be running slightly different code, which messes with the data in careful ways. I assume you can export all of the voter data to do the calculations yourself, so at least you can check that when the server says A won, you can check the numbers yourself. But what if they return a slightly altered list, such that if I check my own vote with the vote check API, it shows that I voted for B, but when the data table is exported, I appear to have voted for A, or I appear not to have voted at all? If they change the vote just a bit, odds are few people will ever find out the discrepancies.
And even if they can be found out, how long will it take? After the election is over, but before we can have confidence that the results are meaningful, someone needs to make sure that the votes of the vast majority (depending on the closeness of the vote, even 99%+) of people have been checked against the tables that the server produced. This may take days. Also, an adversary can attack this process - get many people to claim that the server incorrectly tabulated their results, that their phones were hacked etc. The authorities will need to spend weeks investigating just to convince themselves whether the results were true or not. And the investigation will have to be handled by trusted experts, who could be bought themselves...
Electronic voting is not feasible, and any state that attempts neither cares for its citizens right to vote nor does it understand the sophistication of state-level attackers.
First problem is ensuring that person is correctly authenticated and has right to vote.
It is same as entering trough door and giving your ID.
From that point the vote needs to be secret, so it cannot be traced back to the voter.
Solution may be simple as:
Voting software must be opensource on Github so it means that must be verifiable.
Open and publicly accessible monitoring of installation, appropriate build (version, hash...)
And same goes for hardware. Must run on server that cannot be spoofed or additionally monitored or traced.
If above is done, it is just simple case of decoupling recorded information.
And in regards of checking public ledger can have some kind of random code "R3DfCee" which will be there to make sure equal number between those who voted and issued codes. Each voter can go to public web site and look for his code ...
> Voting software must be opensource on Github so it means that must be verifiable.
This assumes the problem is merely making an accurate count, rather than making consensus.
"Verfifiable" doesn't just mean "an expert in the field can determine the system registers the votes/totals cast by individual voters." Because that means you still have the political problem of how non-expert citizens know they can trust someone's verification or expertise.
Verifiable in a democracy means that a layperson of average intelligence can observe and understand the process and participate in verification.
Or to put it in Python terms, "explicit is better than implicit."
We're not just making a count, we're making group confidence that a given vote count was correct.
If installation number is open and visible, any person without any knowledge can confirm that during vote, latest installation number was such and such and hash of build was of such and such. Before election day number can be publicly broadcast so everyone knows what needs to be checked.
Code wise that will allow that people in power will not try to manipulate or rig elections. If you have XX thousands of IT professionals that can check code it is surely better than "trusted" dedicated private contractor.
Consider that there is currently a huge bifurcation in which newspapers of record run by journalism professionals are to be trusted. Or even just outright distrust of journalism period, in some circles. Or distrust of university professors and other "elites."
It seems pretty likely that it's possible cultivate the same distrust of technical professionals. In fact, considering how little true technical expertise has gone into the voting systems that exist, it's probably inevitable and possibly in some cases accurate.
If you need an technical expert to verify your voting system or even your vote count, that itself is a vulnerability in what voting systems are for. This is not a coding problem.
> If installation number is open and visible, any person without any knowledge can confirm that during vote, latest installation number was such and such and hash of build was of such and such. Before election day number can be publicly broadcast so everyone knows what needs to be checked.
> Opensource and visible means same as for linux, code is visible to those that have knowledge and can quickly identify attempts of backdoor attempts like for instance this one: https://freedom-to-tinker.com/2013/10/09/the-linux-backdoor-...
> Code wise that will allow that people in power will not try to manipulate or rig elections. If you have XX thousands of IT professionals that can check code it is surely better than "trusted" dedicated private contractor.
"any person woth the knowledge" that's the issue you want a system where the most number of people with the least amount of specialized knowledge nessicary can verify their vote. Everyone can look at a pice of paper and see their vote before they cast it. Not everyone has the expertise to verify software was installed correctly and all the important cryptographic boxes where ticked.
> "an expert in the field can determine the system registers the votes/totals cast by individual voters."
When it comes to computers, there is no expert able to verify a system is really running what it's supposed to. Open source doesn't help, when even a single subtle bug could lead to exploits. Formally verified bug-free code doesn't help, when the compiler itself could be compromised. Verified compiler doesn't help, when the CPU could have backdoors. A compromised machine and a secure one look the same to all except an electron microscope.
Maybe someday we can have safe, reliable and transparent elections using smartphones and whatnot, but the attempts to computerize our elections over the the last 2 decades have imo been more problematic than beneficial.
Sometimes paper is the right technology for the job. Hand-marked paper ballots and post-election risk limiting audits is the best option we have at the moment.
So one problem I was thinking about: If someone stands behind your shoulder while you vote (because they want to violently coerce you, or because they are buying your vote), then it must be possible to make the system ignore that vote. Maybe by overriding it later, or by making it seem like you are voting even though your are not
In either case with such a ignore-vote function in place, how can you be sure that the mailman, or the official who gave you your authentication codes, that they aren't pulling this trick on you? By it's nature it must be undetectable that it is performed?
Is this a realistic threat? Mail-in and absentee ballots could also have theoretical coercion issues but in reality many states exclusively use mail-in voting without issue.
What does that happen to do with right now? Is your position that mail-in voting coercion is happening on a scale large enough to be a real threat or matter? What evidence to you have for this?
Online voting should never be the goal. Computers make things easier and more scalable, but that's not what you want for voting. You want a process that's as distributed as possible so the blast radius of any kind of interference with the voting process itself is as small as possible. It's way harder to change votes at large scale if they have been made on paper. Same with counting: I don't want a 32bit value somewhere counting votes. I want various people manually counting votes and have them observe process. Yes: All that is maybe more expensive than running some website or setting up magic machines, but that's a cost I'm more than willing to take.
Not sure how that computer related. In Germany all voting places are wheelchair accessible. Additionally for the blind, there’s a Stimmzettelschablonen that allows you to vote in secret. These issues can be solved without computers.
> Accessible... to people not able to get to a voting location or postbox.
A person doesn't have to be able to get to a post office themselves to cast an absentee ballot. They just have to be able to fill out the ballot and sign it. Someone else can mail it for them.
> They just have to be able to fill out the ballot and sign it. Someone else can mail it for them.
Right, so they have to be able to reliably receive mail at a location fixed at least a little time in advance, and either send mail or give it to someone to send mail, and then it needs to reliably get to its destination.
Not all of those things are always easy for all people's situations.
As a practical example - see the difficulty that homeless people have voting in many cases.
Voting online as an option would possibly solve them for some people.
Given the risks of online voting, I would rather put time and effort into making sure every voter who needs an absentee ballot can reliably receive one and reliably send it back. That seems like a better goal to shoot for.
In Germany you can request to vote by mail. Additionally you can get instructions on Audio CD, in braille or large fonts. As I said, this can and is all solvable without complex technology.
In Britain, we deal with this problem partly by allowing proxy voting, where you can expressly authorise someone else to vote (in person) on your behalf. I had to do this once when my wife had an unexpected business trip after the postal vote registration deadline had closed. It's obviously not ideal from a vote privacy point of view, but it does provide a useful solution to some of the corner cases preventing voting in person or by mail.
My local elections have each voting location team do home visits on election day for people who physically can't get to a voting location due to disability, severe ilness, etc - in the last elections it was used by the people home-isolating due to Covid. There aren't that many people like that, it takes some funding and effort to make an exception for them, but it is manageable.
The internal handling of votes should be harden as you explain, but helping more people to vote should be the goal. The reverse is also an attack on democracy, and we already see this at so many scales.
Like setting voting stations at places easier to access for a specific portion of the population (right next to churches on sundays, next to police stations, hard to reach by public transport places, etc.). Reliable online voting would alleviate these kind of issues.
Totally agree. I’ve voted in every election since I’m 18. So far all voting booths have been in walking distance. IIRC all have been on a Sunday, so it doesn’t conflict with work for most people.
If you want more people to vote, then just pass a law that mandates all citizens have to vote.
That's how it is done in Belgium.
Think of it. If your choice is ether vote or risk a fine, you'd rather go and vote. If you go and vote, you'll learn at least a bit about the choices you have to make in the ballot.
P.S. While Belgium got mandatory voting right, it completely messed up electronic voting. I remember being an assessor in a polling station with electronic voting.
People voted, then the head of the voting station took 3 1⁄2-inch floppy disks out of the machine, put them in an envelope and drove away to the district polling committee. There was not counting, no protocol to sign. Nothing. I was appalled.
This is ABSOLUTELY not what I want. I for one want voting to be extremely accessible. Everyone that wants to vote can. The goal isn't to make everyone vote but rather that everyone has the ability to vote. That you don't have to take time off to vote. That it is easy.
You could simply mandate that voting be done on a federal holiday. That won't help everyone, but it will help most people who are trying to vote physically.
People who has no business voting voting. Imagine how many people would vote - not from the informed voter perspective. They'll most likely vote for the candidate they remember in a positive light. Imagine how much more sway would a big ad campaign have.
I would be ok if a blank ballot would be the least effort option with no strings attached, but with a "wasting your vote" being a stigma and a part of the culture I see no need in any mandate. I just really don't want people who can't be bothered to go to a polling station on a holiday specifically made for voting to caste their vote to vote at all. Some times gatekeeping certain things is ok. There must be a balance.
Apart from literal children (and felons in the US, I suppose), there is no such thing as a citizen who "has no business voting".
That's the pesky thing about democracy, you see. If you want "informed voters" then you actually have to work to have an informed populace, not gripe about people's right to participate in the society they're a part of.
There’s no such thing as an informed populous. There never has been, and never will be. There was never a “golden age” of democracy, where everyone dutifully read their newspaper every morning that was filled with articles written by unbiased and objective journalists. It’s always been a shit show. Having some reasonable and well understood requirements for who does get to vote within a jurisdiction is a means to ensure that those who do are doing so with care. Perhaps that’s naive. But it’s no more naive than thinking “democracy”, broadly defined, would improve if we had 100% voter participation.
I know it seems utterly incomprehensible to Americans right now, but it actually is entirely possible to have a populace that is at large capable of participating in government with quite a bit more critical thinking than the bipartisan shitshow you currently have going on. Not having shitty education (especially when it comes to social issues) or a culture that's proud of its political ignorance/apathy would probably help.
Not everybody has to be your idea of an intellectual to be a part of a democracy. And not only is that okay, it's precisely the point of it being a "democracy".
> If you want "informed voters" then you actually have to work to have an informed populace
Yes, and the solution to this is not mandating that they vote. If they are uninformed forcing them to vote doesn't cause them to be informed. It makes the system more vulnerable to populism.
There is no griping about the right to participate on my part. I don't think it's fair for you to substitute a mandated voting for a right to vote like this to misrepresent my point entirely. A right is something you have to exercise yourself, any right is an option. When you force everyone to go to the polls it's different, because people who would've never chosen to exercise their voting rights otherwise end up checking boxes, and I don't want that. It's just like you have a right to be a candidate, but you also have to go and gather signatures to actually put yourself on a ballot - where I live we already have 3-4 pages of ballot in every local election. You can't let everyone just sign their name into the ballot without any filters. Same should be true for voters - people who wouldn't bother going to polling stations don't have any business voting by their own admission. You can force people to go to the polls, but you can't force them to care or to put even one thought into that said vote.
Now if you want to talk about polling being accessible and more convenient to those willing to cast their votes - I'm all for it. More station? Sure. Disability assistance? Sure! Where I live we do polling at schools, because these are what kids go every day to, and they are located in places everybody knows about and they distributed very sanely and fairly.
Because it is weird to force people to do things that they don't want to if it doesn't harm another person. In this instance, forcing a vote can actually harm others if someone votes randomly.
The idea behind freedom is not absolute freedom. It is a balance of the contract with society vs individual freedom. You want to maximize individual freedom, but for everyone (not a singular person). Clearly things like the "freedom" to murder someone doesn't outweigh that person's individual freedom to live and thus we make laws (and ways to enforce them). Mandating voting decreases individual freedom and has a potential for reduced societal freedom (while little to no real potential for increase. Much prone to populist candidates). So why mandate? Don't solve problems that aren't problems. If someone doesn't want to vote, how does that harm you?
As an Australian, I would argue nothing. I think it protects us from the extremes in political opinions that we see in the US and I hate for us to lose it.
If you go by the American-style "absolute freedom" mantra, I get where you're coming from.
On the other hand, casting a vote doesn't mean CHOOSING a candidate. It means that you can cast a BLANK vote. And that, in and of itself is an extremely important thing. It shows that you are NOT okay with either candidates, and forces them to actually adjust their agendas to suit the "public will", instead of falling back to what I believe is commonly called in the US as "ratfucking", aggressive districting, and voter disenfranchisement, which means they literally only care about getting enough voters to pass.
As for the doability, it's already done in Australia. Pretty successful, and basically and national holiday celebrated like 4th of july in the US.
The problem you are presenting is about protest voting and VSE. There are much better ways to address that problem, such as cardinal styles of voting like Approval and STAR. These also have other properties that help. I am perfectly okay with a "none of the above" option available as well.
Nope, spanning voting over several days makes it easy to hack the electoral process. In Belarus, they voted for 5 days and people are out in the streets for 5 weeks to reclaim their votes. Today is the last of three voting days in Rissia, and it looks like the results will be totally made up.
You can do it without the security issues of online though.
For example every election in Washington ballots are mailed out to every address on file, it’s very easy to print a ballot online if you didn’t get it in the mail, and until recently there have been no supposed issues with mailing ballots (postage is prepaid), plus there are dedicated dropoff boxes as well. And even with all that convenience turnout was 65% in 2016, though it is expected to be higher this year.
Reliable online voting is not hard, it's impossible. There is fundamentally no way that 99.99% of the population could be convinced that any online voting scheme is secure (this includes the vast majority of software engineers). And if voting and vote counting are not understandable to essentially everyone, then you're not living in a democracy.
Yes. And even for those few that are not, the representatives they voted for are, whether they won or lost, so it's all moot anyway (either the representative is correct, or the representative is playing their opponent's game, so it doesn't really matter who won).
In general, people don't trust elections because they don't trust their representatives to actually represent their interests, or they don't trust the rest of the political system to actually allow any meaningful change. These are very valid and correct criticisms, confirmed by many sociological studies (in the US at least, the opinions of the bottom 50% of the electorate by wealth have almost no influence on their representatives' agendas).
Voter suppression and vote buying/bullying are much more common, but those have little to do with the voting system (though India has an interesting and complex voting system designed to combat a history of systematic retaliation against entire groups of voters, such as de-funding entire regions that had voted the with the losing party).
But actual voter fraud is rare in most democracies. It's extremely common in authoritarian regimes that are mascarading as democracies, but an online system would make those cases especially trivial.
Adding screens and tech does not help people to vote, and does make untraceable hacking and distortion much easier. The fact that actual states like Georgia have apparently covered up real examples makes this part crucial.
Reliable on-line secret ballots do not exist for us yet and may never.
Agreed. Though I'd add that a digital copy from a standard, open system--with receipts--can help as a secondary means to verify ones vote was included.
Couldn't largely distributed digital systems also be designed? I think we should all sit down and define what the requirements of a secure vote are, regardless of taken in person or otherwise.
I see nothing inherently secure about physical paper as the voting medium. Whatever is written on that paper or how it's handled better also be provably secure somehow.
Putting your head in the sand won’t make it go away. Mail-in is a bad fucking idea. Trump suggested a way for his supporters to make sure their vote was counted and Twitter took the tweets down as “election manipulation”. Umm, what? So do mail-in ballots allow double voting or not? Twitter has also said they will remove any Tweets by trump if he claims victory “too early”. So that’s where we are now, huh? If Democrats were so damn confident they could win fair and square, why introduce this wild card?
Changing to mail-in at the 13th hour is not the same as continuing a 30-year tradition. Besides, as others have pointed out, it has led to nakedly corrupt elections in other states (Washington state in 2004). Whenever you introduce the possibility of people being able to ballot harvest or “lose ballots” and those same people are taught that they are stopping literally Hitler it’s no surprise they do what they do. This whole last-minute rush for mail-in ballots stinks to high heaven and even if you think your side will benefit from it, we all lose when trust in our democracy is undermined.
So no, I won’t just kindly shut up and let Democrats steal the election. Or Republicans for that matter. We should all be observing the ballot counting process but this god damn mail-in process means we can’t audit the process. That should scare you. If it doesn’t, you are way too naive.
Taking this seriously (which might be a bad idea), what level of mail in voting do you oppose? Are you 100% against it? What happens if someone will be out of their town/state/country for a few weeks around the election? Should they be able to vote by mail? What about students who are registered to vote at their parents address but live elsewhere? How about people who are sick and cannot safely make it to a polling station?
How many of these sorts of cases are you OK with? Less than 1% of the total votes? 10%? 50%?
Hell, just look at the article. It acknowledges the high costs of mail-in voting. Then engages in classic double-think to defend it:
>“Trump has repeatedly baselessly claimed mail-in voting will lead to a “rigged” election—despite mail-in voter fraud being extremely rare—and decried the fact that the vote could take longer to count, saying the nation “must know election results on the night of the election.”
>Facebook blocked videos of Trump encouraging North Carolina voters to vote twice—which election officials warned would be a felony—Thursday, but has not taken action on the president’s Facebook post making similar comments.“
Well which is it? Does mail-in lead to fraud or not? Trump’s allegations are apparently “baseless” but at the same time he got muzzled when he suggested his voters make sure their vote was counted. This is a fucking circus.
I fill out my paper ballot in my kitchen then put it in a tamper evident envelope and stick it in my mailbox or personally drop it off at a designated location where any member of the public can watch.
The ballot has a removable serial number on it which is detached before returning the envelope. I can use this to look up the status of my ballot online and see that it was counted.
The part where envelopes are mailed out en masse and are therefore trivial for fraudsters to obtain[0], and the complementary part where the envelopes are not properly delivered and are just dumped somewhere[1].
That only stops fraud if everyone knows how to and takes the time to do it. What about the tens of thousands of dead people still registered to vote[0]? How do they request a new envelope?
Do you have any answers for my 3 sourced statements other than naked assertions?
Unless it's right before the election. Or maybe your ballot left your house and didn't make it back to the counting location. These aren't theoretical concerns, they're happening today [1][2][3]. And we see in some cases, there is a political bias pattern involved in election-related mail getting "lost"[4]. People affiliated with both parties have been involved in wrongdoing.
In WA ballots are mailed out to voters a month before the election, giving plenty of time to request a new one. If a voter doesn't mail it in time there are in-person drop off spots (basically big dedicated mailboxes) all over town leading up to and on election day.
I was a voter in Washington during the 2004 Gregoire/Rossi gubernatorial election campaign, and what happened during the recounts[1] has proven to me that mail-in balloting is fundamentally flawed and should be banned.
For those unfamiliar with the story, in the 2004 election for governor of Washington, the Republican candidate (Dino Rossi) won the initial count by a very narrow margin (261 votes), triggering a legally-mandated recount. The recount closed the gap to Rossi only winning by 42 votes. A manual recount was performed, and during the manual recount election workers "found" a bunch of ballots; in arguments before the left-leaning state supreme court, the court rejected requests for applying the same recount methodologies in all counties (in opposition to Washington state law) and the "found" votes, mostly from D-leaning counties, put Gregoire into the lead. The Democrats in the state then successfully argued in court against any further recounts, and Rossi conceded without taking his complaint to the state supreme court. Gregoire took office shortly thereafter.
I don't know who should have won that election, but to an outsider it sure LOOKED like some fraud was occurring, especially since the "found" ballots didn't match the statistical distribution of the rest of the votes in the counties, and leaned D significantly more heavily than the counties' original ballots.
So THAT is why I oppose mail in voting. Mail in ballots introduce custody, integrity and identity issues, as well as enable vote-buying and selective vote harvesting, and so are amenable to fraud. We have seen all of these things happen; they aren't theoretical.
Thanks for sharing this. It was well before my time in WA.
I'm not sure how this relates to mail in voting though? If there was fraud and D ballots were being hidden where was that happening? Wouldn't it be during counting, not transportation? Would voting in person have changed this or made it impossible?
Thanks, I'll have to do some more research on how those absentee ballots differ from the current system. Do you recall if there were changes to mail in voting based on this election?
A manual recount was performed, and during the manual recount election workers "found" a bunch of ballots
This is exactly what happened with the Santa Clara County (CA, USA) transit tax a few years ago. It initially failed by several hundred votes (2/3 majority was needed). Over the next few weeks, they kept "finding" additional ballots, and every batch had disproportionately high Yes vote percentages on the measure (although all other races were unaffected). Then the second they reached the needed threshold, they conveniently stopped finding ballots.
It's possible for you to easily and reliably prove to a third party how you voted, by doing these things not in your kitchen but in a place and time of their choosing with them watching you put the vote in a tamper resistant envelope that they can collect and put in a mailbox. This enables buying or coercing votes, which has been a big issue historically. Ballot secrecy is a must-have feature - it's appropriate to risk it if (and only if) it's necessary to enable voting at all - e.g. the current practice in many countries, where you can vote in absentia if it's not possible for you to vote 'properly', but it's an exception forming a relatively tiny proportion of votes.
A goal there is to have absolute plausible deniability - that even if you absolutely wanted to show to someone that you voted for A, then we need to ensure that you could do that show even while actually voting for B. If you want to fill out a paper ballot and put it in a tamper evident envelope, then it's important to ensure that nobody can watch (current solutions include in-person voting, and for people who physically can't come, my local elections include an election committee visiting these pre-arranged houses and collecting ballots while ensuring secrecy, i.e. that it can't be filled by a family member). If you want to take a picture of a filled ballot, then we need to ensure that either you can very easily take a picture of a ballot filled differently than you actually voted, or that you can't take such a picture. In systems where you have multiple ballot sheets (e.g. one for each party) and put the one you choose in the ballot box, and the others (for whom you didn't vote) stay outside, then you need to ensure that either everyone can easily and anonymously leave with a set of ballots as if they voted for someone else, or either noone can leave with these ballots.
This is a problem with digital voting. For example, there are various schemes of digital voting you can verify that your vote was counted properly while still remaining anonymous without your cooperation. But it needs to ensure that the vote remains anonymous even if your cooperation can be forced or bought.
Right but you forgot the escape hatch, that you can vote in-person on Election Day to override your mail-in ballot. This gives you the ability to vote for B while appearing to vote for A.
It says you should bring in your mail-in ballot to the polling place, and if you don't then you can cast a provisional ballot "which will be counted after your county elections official has confirmed you are registered to vote in that county and did not vote more than once in that election." Based on that wording it sounds like if you already submitted a vote-by-mail ballot, then you would have already voted and your provisional ballot won't be counted.
You could fill out the ballot as you were instructed, take a picture, and ask for a new one which you actually cast. We could even give everyone two ballots by default since asking for a replacement would be suspicious.
Even before cameras, you could go in with a pre-filled ballot and go out with a blank one. All someone needed to verify paid votes was one ballot per polling station (or 2 if voters get 2 ballots).
The part where your reverend demands that everyone who wants to maintain good standing will bring their envelopes with them to church where they will be filled out, sealed, and mailed together. Failure to do this will lead to expulsion, and family shunning.
Expulsion and shunning would make the Rev seem mean. But you're exactly right, just that it will happen under the guise of a free Sunday BBQ feast. Got to bring your ballot if you want to eat though!
How are the serial numbers allocated? If I can predict the serial numbers used over a swath of land, I can replace a large number of ballots dropped in its boxes with my own that have the same serial number. Those I can't predict, I just deliver as-is.
Probably need the equivalent of poll watchers to pick them up from the drop box and deliver to the monitored counting center. I'll believe the tamper-evident nature of the envelopes when I understand the solvent or process required to remove the adhesive without tearing the cover.
The serial numbers are also tied to my address and name so you'd have to both decode the system used for generating the numbers and know the number the state assigned to me.
Do you know the system that encodes your name and address into the serial number? I hope it's a strong one-way hash in order to preserve your anonymity. I also hope it's valid, and not easily identified as one to discard in favor of the right one. Since the state generates the serial number encoded from your personal deets, it's not anonymous until the vote has been separated from the envelope without any association of its contents to your serial number. If there's any such association, your vote is no longer anonymous.
And a root of trust here is state IT systems. In addition to state actors (the nation-state type), we have the classic insider threats driven by both elected and career officials. Need to assume a higher level of competence at least than election commissions have deserved in the past.
The poll watchers are interesting. Do they watch each box from the time it's placed on the curb until the time its contents are entered into the counting system? (What's the overnight security like on them?, what's the transit security?)
> Couldn't largely distributed digital systems also be designed?
Probably, but it would probably be so complex that only a small subset of the population is able to understand how it works. For a vote that’s accepted by the general population you want a process that’s as simple as possible. Everyone understands how paper works.
> Whatever is written on that paper or how it's handled better also be provably secure somehow.
Here that’s largely solved by having lots of volunteers that do the counting. It should be pretty hard to compromise that.
I'm not super convinced that the public really demands to understand the whole system, as long as it's perceived to 'work' and isn't confusing in itself. As others have pointed out, we all use myriad important systems that we hardly understand.
The volunteers bit and generally very human process of counting votes actually seems like a huge attack surface for anyone to 'miscount' votes they don't like. Theoretically everyone's work can be double checked, but does this actually happen outside a recount? It's a huge amount of work in the first place, I wouldn't be surprised if there wasn't the resources for it.
What I'll give in-person voting is the human autonomy bit. In principle someone is physically looking at me and my ID, and I go into the booth alone. Even mail-in doesn't accomplish this one.
The crucial difference is that with the banking system you only really need people to trust that their accounts are correctly tabulated. For voting you need people to trust that everyone’s votes are tabulated correctly. It’s an entirely different problem
There are no do-overs in an election. If a system is compromised, either legitimately or through political gas lighting, there won’t be a paper trail to fall back on.
There’s also some theories that voting at home on something like your phone is far more subjected to coercion. This is why some states refuse to go 100% mail-in this year, even at the expense of public health. Sure, someone can always threaten you to vote a certain way, but polling places are designed to prevent that as much as possible.
Then there’s just us, the population. We live in an age that people doubt vaccines, or think the earth is flat, or that COVID 19 is a fake crisis manufactured by the Democrats to win the election. If 100% of votes are done digitally, some group will undoubtedly not believe the outcome of the election.
Sure there are, quite literally
Ordering a new election from scratch is a not-unheard-of remedy for election irregularities for which there is no other way to correct the irregularity.
> Do you have an example of a presidential election that was redone?
The (completely optional) popular elections for US Presidential electors don't generally have laws that would support a judicially-ordered revote as a remedy because they have a built-in after the fact legislative remedy, since the legislature ultimately decides the mechanism by which electors are assigned (and can simply do so itself), and can revise it's decision even after a public balloting has occurred (in principle, such an retrospective change removes the states electoral votes from the safe harbor provision that applies to procedures fully adopted in advance, but then the safe harbor rule itself is unenforceable and effectively a symbolic statement of intent.)
But that's a fairly special case, and a result of the peculiar design of US Presidential elections, not something general to elections.
This doesn't prevent a do-over, it just means that it wouldn't come from judiciary. It also means that the decision would be highly partisan.
While not about do overs (but potentially about legislative intervention in other ways), that's why the anti-mail-ballot propaganda (and Trump's double voting advocacy) is heavily targeting Republican-legislative-majority states that are polling close or leaning Biden.
Not a presidential election, but the 1974 New Hampshire senate election was redone in September 1975 following multiple contested recounts producing different winners [0]
Ordering a new election from scratch and obtaining an air of legitimacy requires either that the rules for that were written ahead of time, or that the winner of the disputed election ask for the new election.
In the US, I haven't seen any indication we have rules for a new election. We certainly don't have such rules for the president, except that the electors can be selected by state legislators and if the electors don't provide a result, US legislators can select the president.
Agreed. See the recent Austrian presidential election [1]--it was completely repeated because some irregularity in the mail-in ballots (which numbered enough to swing the outcome)
This article highlights the trade-off between the secrecy of ballots, and the ability of the individual voter to confirm their vote was correctly recorded.
But the other discrepancy relative to banking is that for elections, we want to also verify that no extra votes were snuck in. By comparison, while I require my bank to get my balance and transaction correct, I have no expectation that I'll be able to verify that balances for all other accounts were summed correctly.
While we don't do it individually, we have regulators who (are supposed to) control the money creation by banks. Just like we have semi-independent election boards that (again, are supposed to) verify the balances.
Finally an article pointing out that online banking is always "fixable", there's always a human that can look at a bunch of electronic transactions and decide if they're correct or not.
For voting, there's no such thing. Nobody knows what the result is, whatever comes out of the black box that is electronic voting is the result, for better or worse. You can't independently verify it, because that breaks the voter secrecy, and you can't allow anyone to override the results and "fix" it to whatever it "should" be, because that's outright voter fraud.
You’ve clearly never heard of homomorphic encryption. There exists a way to cryptographically secure a vote while also preserving privacy. It’s even individually verifiable. And as a bonus, you can’t sell it even though you can verify it. Do some research, there even exists a youtube video putting it in simple terms. The answer is homomorphoc encryption.
Fantastic, can you explain that to my 95 year old grandmother?
> there even exists a youtube video
She doesn't know what YouTube is.
You're showing the third weakness of online voting, and that is that because we have to trust whatever result the system produces, everyone in society also has to be able to understand the system. I'm sure I could understand your solution, but I'm a nerd, and you shouldn't have to be a nerd to understand it. It's hard enough to convince people that experts are right about trivial bullshit, why should anyone trust the experts about online voting?
The simplicity of voting through papers and envelopes and urns is its greatest strength. Everyone can look at the process, everyone is even invited to observe the process, and you can easily detect cheating or other irregularities. Everyone can be a poll worker, and that's a fundamental pillar of democracy, that we all build the voting machine together, so that we together can trust the result, even though we may have completely opposite political opinions.
Are you suggesting they just trust the designer? Most ordinary people aren't going to do that. They'll just say 'no thanks'.
A once-in-a-lifetime referendum in the UK in 2011 about a change to voting systems was solidly defeated because most people said 'I don't understand this it's too complicated' - and that was just AV.
Most ordinary people don't want or trust any kind of fancy voting idea at all. I don't see that changing either.
> Are you suggesting they just trust the designer? Most ordinary people aren't going to do that
That's quite literally what people do when buying stuff from amazon.
People are just afraid of change. In places where e-voting has been implemented people generally trust that the system works, just like they trust a lock symbol in their amazon shopping cart page.
> Receiving your goods doesn't guarantee you weren't a victim of a scam or id theft.
No it doesn't. People are frequently victims of scams and id theft because of the trust necessary to use online systems. This is something that is important to avoid in voting, or else your country collapses.
Sure. My argument is that it takes more than even people losing money (a pretty high bar already IMHO) for the trust in a system to be eroded beyond the point of outright distrust. For better or for worse, familiarity and trust correlate strongly, but technical security and trust don't correlate much (see people ignoring security warnings because kitten photos)
Take, for example, elections in Brazil. They've been electronic for decades and people trust its accuracy. There hasn't been a single known case of tampering even though the country has a notoriously corrupt political landscape (see every scandal and impeachment since the 80s)
I would even bet money that if the US rolled out nationwide e-voting somehow, within 5 election cycles the majority of americans would say they trust it in polls. Based on familiarity alone.
By that logic, everyone must also understand how CDMA/GSM works or we can't trust that that 911 call will go through correctly.
The reality is that americans have collectively decided that e-voting cannot possibly work, perhaps due to some irrational fear that their bipartisan side will be cheated out of a rightful win in some sinister movie plot. Never mind that e-voting has been around and working just fine in other parts of the world.
> By that logic, everyone must also understand how CDMA/GSM works or we can't trust that that 911 call will go through correctly.
No, they don't, because they can call 911 and have actual police and EMTs show up, so they know the system works even if they can't understand the technical details.
There is no similar way to check a computerized voting process.
Of course there is. If the green party gets elected all of a sudden, everyone will smell a rat.
On a more serious and technical level, auditable voting systems have both been developed already, and deployed/used. Just because you haven't seen them doesn't mean they don't exist.
Obviously the example is extreme, but it still applies in other scenarios since polls often predict outcomes.
Take Brazil for example. Presidential elections are about as high stakes as they come, they have been electronic for decades and election results pretty much always align with polls.
There are no known cases of tampering despite the high amount of chronic political corruption. Failure modes in the system are much more mundane: buying votes, manipulation of lower classes (so called "voto de cabresto"), smear campaigns and the like.
>> we all build the voting machine together, so that we together can trust the result
Seems like this logic could apply to any other digital or cryptographic solution as well? On that note, I doubt your grandma understands voting machines, or even what happens behind the scenes after you mail a ballot.
As in many things, I suspect all that matters is a general consensus that it's secure. For some that means experts agree it's safe, for others it means their friends, children, sheriff whatever sign off on it.
> I can't tell if you and OP are seriously suggesting we write our votes on a slip of paper and drop it in the slot.
Absolutely, yes! That's basically how voting works in several countries. Observers can see votes being cast, vote counters can see that number of votes in the urn correspond to the number of voters who voted, you get a paper trail because you always have all the physical votes, and the process scales horizontally super easy.
> "Public process" ultimately means a small handful of people can actually observe the process
No, anyone can come look at the voting or vote counting, why would you prohibit that? The whole point of having a simple and open voting process is because people should be able to observe the whole system.
> And as a bonus, you can’t sell it even though you can verify it.
How does homomorphic encryption keep me from selling my id and password to someone who will vote for me, or keep someone from standing over my shoulder and watching me vote?
How would you know that the servers are implementing the scheme that they claim they are implementing? How would you verify that they are not counting extra votes from people who don't exist? How would you verify that a cosmic ray didn't flip a bit in a count somewhere?
And the other side: if you claimed that your vote was improperly counted, how could I (as a law-enforcement officer) verify that claim? How could the election body trigger a re-count?
Of course, these fundamental issues are all moot anyway, because of the even more fundamental issue of intelligibility. I understand exactly how the voting system works today, how the integrity of the vote is assured, how fraud is prevented. So do my grandmother and my 16 year old niece. With a system relying on homomorphic encryption and resilient, secured hardware and software, do you think that there realistically exist 1000 people in the entire world who could be personally convinced that the system is secure end-to-end, from the mathematical models to the systems running the software that is claimed?
I love it. I came to this thread here expecting I will find many different ideas, instead I found: no, impossible, are you crazy, never, it will not fly, heads will explode :D ...
I would really like if I found even attempt of ideas, or even break down of problem to many points ... something along those lines ...
At Waterloo in Canada we're taught in our computer security class that paper can be more secure than a computer, especially in a voting system, and in fact that's the reason we don't switch like our southern neighbours. I'd say that every medium we use throughout time typically can never be replaced. We'll keep paper forever--just use it only when it benefits us over computers.
As if we have online banks. A couple counties have some national systems for APIs to bank with. But it's a wild west story everywhere else & this "online banking" we have is all a masquerade on an old barely working distinctly un-on-line batch processing shite system we've endured & been stuck with.
We should totally be open to online voting in some countries where politicians give a shit, run the programs with transparency & open source, & operate at smaller levels of scale than this sizable dis-federating mess (To the Union forever).
I mean the answer is pretty obvious. We don't care about problems with online banking; we force banks to care - if something (anything) goes wrong, the bank is on the line for any losses, worst case scenario is, a bank collapses.
With voting, whoever is the online voting provider (even if it's "the government" i.e. the bureaucrats and the party/parties currently in power), isn't really responsible... if some things go wrong, nothing happens... if too many things go wrong, the whole system collapses.
Online Voting is a very hard problem. In "political" online voting, you (voters) are adversary, everyone is adversary, everything is adversary. Your enemies are all APT groups around the world. You can't trust others, you can't trust yourself, you are alone.
Schneier on Security covering voting machines in 2004, a few years after the Year 2000 "hanging chad" debacle in Florida that kicked off the current "modernization" wave. The tl;dr is that online and electronic voting optimizes the wrong metrics during an election.
These issues exist for mail in voting as well. The main difference is how well the average Joe understands computers vs mail. There could be a secure opt-in system for online voting. Heck they could mail out the ballot and let you submit it online.
I tend to think the arguments in favour of the old paper system are flawed. They basically say that the paper system is easier to understand for everyone and easier to prove, and maybe cost more to corrupt.
But that is an illusion that could very well be shattered in a few weeks, for those who stick to American politics.
The advantage of the paper system is that people are familiar with it, and they think they know how it works. Much like you might think you know how accessing a website works, you actually don't know every detail in that stack. Do you really know how the light in the fibres get read? How virtual memory and TLB works? What about rendering the page in react? I can say I studied all these things and I still don't entirely know how the whole thing works, I am simply confident that certain abstractions are going to hold, so I don't worry about the nitty gritty of how semiconductors and lasers work.
In paper voting land, it is the same. Everyone who has voted has seen the interface: you get a piece of paper, you put it into a box, and in the evening someone is chosen to disappoint the nation for the next few years. You imagine that in between there are competent and honest people counting the votes, reporting their subtally, and totalling the numbers they get, up a tree to someone who ends up with the whole picture, which he then dutifully reports to the nation.
But what is holding this together? Essentially, just faith. There may be checks designed at various points to make sure nobody does a bad job of counting, but with enough contention this will break. The system might do just fine if one or two people forget a pile of votes, sure. But what if you have people complaining that they can't vote in the first place? What if everyone decides they need to contest the vote if their guy doesn't win? What if there are complaints about the aggregation?
There could easily be a situation where everyone thinks the system is just broken and will never work again with the current system.
What moving to electronic voting could give us is sacrificibility. You have a shit election, you blame the system, you make a new one. Paper voting isn't branded ("Accenture Voter System") and will remain stained by problems.
You are misrepresenting the checks in the paper system. There are representatives of all major parties and the state at the voting station. The representatives have competing interests, so you can trust that they won't collude. Plus the state rep has a legal responsibility to ensure there is no cheating.
You put the piece of paper in a locked box - a lock that was checked by all these reps. So, no wrong votes in the box. At the end of the day, all party reps watch as the state rep counts the votes. So the counting is also right. Then the counts are written on a final document, which is then signed by the state reps and party reps. At the main station, more party reps can check that all papers were collected and correctly added for the final tally.
Anyone who wants to mess with the voting has to corrupt all of these reps for a voting station, in order to probably move the votes by like <1%. Then repeat for many different voting stations to actually change the winner. As long as you trust the local party rep (hopefully you have interacted them) who is standing at the voting booth, you can believe at the emotional level that your voting booth got the right result.
>> You imagine that in between there are competent and honest people counting the votes
They don't have to be honest at all: you simply allow each competing political party to designate their own people to count the votes, so they keep close eye on each other. Of course you also allow people not affiliated with any party, independent international NGOs, etc.
The main advantage of paper votes isn't that they are completely unhackable, but that the hacks do not scale - you would need thousands of co-conspriators to influence something like US presidential elections.
What if voting were not so high-stakes (giving all your political capital in a given sphere to a single individual for 2-6 years)? We have the technology to edit our legal corpus directly, a sort of Wikilegia if you like. If governance were less of a black box many elected offices would not be necessary, and many popular disputes would be be obviated.
Of course, this would bring challenges of its own and be subject to other sorts of abuse, as we can see from influence campaigns on social media and indeed things like edit wars on Wikipedia. Nonetheless, a great deal of our political decision-making could be distributed and would have far greater legitimacy as a result.
I wonder if the low temporal resolution of current democracy contributes to polarization since the relation of vote to government decision is by proxy instead of being direct.
Maybe letting some person or legislature make decisions between elections is as outmoded as the electoral college.
Also, I’m not certain if it makes sense to vote in terms of making a decision for one thing or another, but vote in terms of how you think the majority of others will vote. That way people don’t vote for what they think is in their own interest but in what they think the community thinks is in the interest of the whole.
All the things that anyone thinks can go wrong with online voting are already features of the voting system today. Your votes are tabulated by online computers, who send votes electronically to other computers, all of them with bottom-of-the-barrel security, and the totals are reported as gospel (or manipulated, who knows). Bad actors can force people to vote as they wish. Everything is closed source and secret.
That's how elections are conducted today.
A proper online voting system could have maximal verification. Bruce Schneier could be handcuffed to the mainframe to verify it. Offer a $1 million bounty for every bug found. Make a system that has multiple independent watchdogs watching each other, and if the code on any is changed they all freak out. Every line of code could be scrutinized.
Electronic voting is a recipe for civil unrest because there is no way to demonstrate its legitimacy to the people who participate in it and are subject to the results. !remindme 2020-11-04
208 comments
[ 3.3 ms ] story [ 214 ms ] thread[0]: https://news.ycombinator.com/item?id=4771264
Your links address one, but not the other, and yet you label it a solved problem.
I can't see how online voting can provide the secret ballot we have today. "Privacy" is not the same as "anonymity."
I immediately think that this could be fixed by giving voters the opportunity to generate multiple ID numbers that lead to “proof” that the voter a different way. Maybe even different passwords that lead to only one voting record, in the event of someone forcing you to log in and show that you voted the way they told you. There are probably other attacks that can be performed upon this vague handwavy scheme of course.
Can’t fix the incredibly stupid name of “Voatz” though, I cringe every time I see them mentioned.
It’s far better than the clusterfuck we have today where up to 5% of ballots get “lost”.
What does "proof a vote was counted" mean here? If the proof doesn't verify that the correct candidate received the vote, what exactly does it verify?
3 ballot system does it [1]
[1] https://en.wikipedia.org/wiki/ThreeBallot
But if we could vote on individual laws and policies instead of people there would not be such difference, and people would be able to use their vote rationally. And if they make mistakes they will not be stuck with the mistake for four years.
Openness of the vote would also allow more flexibility in the way people delegate their vote https://en.wikipedia.org/wiki/Liquid_democracy or trade support for issues to reach compromise https://voteflux.org/
While it sounds good in theory, you're leaving the country to the same sort of crazy on NextDoor who has nothing better to do but peer out their blinds during the day to report the suspicious activity of someone walking their dog.
You see this a lot in local elections where often there are specific ideas on the ballot for local people to vote on. I want to vote for "more public transit options" but it's not as if I'm voting for specific train lines or bus routes.
That's before you get into the issue of who is coming up with the ideas to go on the ballot, how they word them, and how carefully they consider them. It's easy to make a lot of things sound good on the snippet you'll read on a ballot, but not prevent bad side effects that you wouldn't think about.
Without the limitations of current voting system, there will not be useless votes like "more public transit options". Instead of that when you are stuck in traffic jam you'll create a proposal for a specific line, other people stuck in the same jam would support it, then your city will hold a competition with different companies proposing different solutions, then will be a vote to pick one of them.
The issue is the same as letting someone spend his own money, he may end up spending all of it on something stupid (like alcohol), and some people indeed do that, but most people end up spending rationally.
Year 1: vote on idea
Year 2: vote on ratification of idea as well as the committee members to design the implementation
Year 3: we vote on which of the 3 - 5 design proposals the committee designed to implement as well as the executive team to implement the plan
That's how you get Brexit.
Nope. GP is disagreeing with direct democracy, a very specific type of government which is not usually in favor nowadays. Most democracies in the world are representative democracies, where you vote for people who then vote on issues.
If there is no way to elect a representative that would support certain idea, then the system is not a democracy but something defined by the method which is used to restrict the pool of available ideas or representatives.
For most democracies in the world such a method was control of mass media, but now they have either to become real democracies or find another method of pretending to be a democracy.
Not necessarily. It is very well possible for people to vote for representative they hold in high esteem even though they do not agree with them on several matters. It is very possible for representative to go against what is the current majority opinion, and even be reelected afterwards, because in the meanwhile theirs choices have bee proven right. That's why in representative democracies there are elections for a certain role only every several years, to decrease the relevance of immediate issues on the vote, and give more importance to other factors such as broader ideals and the trustworthiness of the candidate.
You can very well prefer direct democracy, but it is not the only, or the one true, kind of democracy.
reducing complex trade-offs to a single vote for Team A or Team B is exactly what could be avoided with an issue-specific, liquid democratic system with a process for participatory, public discourse to achieve compromise
If voting wasn't anonymous, then wealthy people could pay people to vote in favor of the policies they want. Mobs could threaten people to vote the way they want.
Anonymous voting is important because it prevents people from verifying what you voted for. If people can't verify what you voted for, then it doesn't make sense for them to pay you or force you to vote for what they want.
If wealthy people can keep paying half the country to keep the laws the way they want, and half of the country keeps accepting that, then maybe the laws are not that bad. It is a much better situation than politicians promising tax cuts or subsidies.
If country is in a situation when mobs can threaten people to vote certain way, then the same mobs can simply not accept the result of the secret vote. Moreover in a polarized society the secret vote is more likely to create mobs, because large number of people would think that no one of their acquaintances voted the "horrible way", and no decent human being could vote that way, and there was some fraud, or it is all done by hateful people from other cities and fighting is the only solution.
The situation is exactly same as with money, mobs can threaten you and take your money, fraudsters can scam you, but the solution is not for everyone to hide in bunker, and pretend that he does not have any money. The solution is for everyone to accept that threatening people is not allowed, and markets are good.
Why doesn't this happen today? Any politician can "force" someone to request an absentee ballot, sign it and hand it over to the politician's goons, who will fill it out and send it in with the politician's preferred vote choice. Why doesn't that happen?
I guess the usefulness of anonymity depends on the situation in the country. For instance in Armenia we do not have absentee ballots just for that reason. And before the 2018 revolution there was large percentage of bought/intimidated vote in all elections. There was a recording how owner of a supermarket chain held a meeting of all employees demanding from them a list of the ids and names of their relatives with promises to vote for him. With this kind of tactic their party ended up taking 68%, as many people were afraid that they could be found if they try to vote not the way they have promised.
Another thing to consider is that filling absentee ballots is a much more complex endeavor, than standing at the booth and making sure people vote the right way.
But in general i think in the situations when secret ballot can actually change the election result, there are much larger problems in the society, which secret ballot won't help to solve.
For instance in Rome secret ballot was introduced only at 139 BC and arguably made the following period of social troubles worse. After all every vote is a dry-run for a civil war, to see who would win without going into war, and it is useful only if it convinces both sides that war is not worth it. But if someone can't even openly say how he have voted, how he can hope to protect the result of his vote? So i think in Rome it ended up causing the civil war.
So, such a system would have to be blindly trusted by essentially everybody. Not a great basis for a democracy, I would say.
However, cryptography is not necessary just for anonymity, and the extreme difficulty of ensuring the system is neither rigged nor hackable is not just in understanding cryptography.
The way the current voting systems work, each party and many outside observers are going to collaborate on tallying votes in all voting places, and then collaborate in centralizing those votes in progressively larger centers, all the way to the national level. Parties have alternative counts, and they can check their numbers. Since this is a representative democracy, we can trust that the the people we voted for are either convinced the election is fair, or they are collaborating with their political opponents to cheat, which would mean that the election didn't matter anyway.
In an online system, we first need to check that the servers are running the code they claim they are running - not just once, but during the entire electoral process. We need to check that the database of votes contains all of the actual votes that were cast, and no votes that weren't cast, again, not just once, but during the entire process. We need to check that the database used to display results online is the same database used to tabulate the official result. Of course, we also need to make sure the system is highly-available and not prone to DDoS attacks. We need to ensure that someone cutting a few wires doesn't prevent a whole county from voting.
And of course, we need ways to fix all of these problems if and when they do appear. Say you have an entire county claiming their votes are incorrectly tallied. What happens next? How many people will have enough know-how to check whether there was a bug in the system or the people are lying? How long will it take to audit all of the code that ran (this is important because it is delaying the end of the election)?
Not to mention, you wouldn't really achieve that much. Voting will still have to be done from highly secure machines, so you will still have to go to a polling station (it would be absurdly easy to hack people's PC to have them cast the wrong vote). The same goes for checking the result of your vote.
Overall, an online voting system would be as difficult for people to use. It would take less time to tabulate the votes, but probably much more time to resolve disputes. It would be much, much more complex, and the number of people who could understand and check it would go down by at least 1000x. The attack surface would increase tremendously.
Imagine trying to protect your national voting system from the NSA and CIA. How many countries in the world would have the know-how to combat this very real threat? Especially while probably running US-made chips?
Why do you think it is crucial? It did not exist in USA until 1888, it did not exist in Rome until 139 BC, start of the end of Roman republic.
And in Rome the secret ballot actually have caused civil war, by encouraging the people to vote for laws they could not defend.
So voting have worked well without anonymity in the past, and you need better argument why anonymity is crucial, before starting to explore all the unnecessary complexity that it adds to voting.
Imagine how easy it would be for the NSA/CIA/NKVD/etc. to deploy malware to infect hundreds of millions of computers to make all those people think that they've voted for someone else. If even 10% of them never bother to check from an uninfected device, the election is meaningless.
Also, who deploys the servers? Who controls physical access to them? Who is allowed to check the software running on them?
Sure, votsflux may have all their code on GitHub, but the real servers may be running slightly different code, which messes with the data in careful ways. I assume you can export all of the voter data to do the calculations yourself, so at least you can check that when the server says A won, you can check the numbers yourself. But what if they return a slightly altered list, such that if I check my own vote with the vote check API, it shows that I voted for B, but when the data table is exported, I appear to have voted for A, or I appear not to have voted at all? If they change the vote just a bit, odds are few people will ever find out the discrepancies.
And even if they can be found out, how long will it take? After the election is over, but before we can have confidence that the results are meaningful, someone needs to make sure that the votes of the vast majority (depending on the closeness of the vote, even 99%+) of people have been checked against the tables that the server produced. This may take days. Also, an adversary can attack this process - get many people to claim that the server incorrectly tabulated their results, that their phones were hacked etc. The authorities will need to spend weeks investigating just to convince themselves whether the results were true or not. And the investigation will have to be handled by trusted experts, who could be bought themselves...
Electronic voting is not feasible, and any state that attempts neither cares for its citizens right to vote nor does it understand the sophistication of state-level attackers.
From that point the vote needs to be secret, so it cannot be traced back to the voter.
Solution may be simple as:
Voting software must be opensource on Github so it means that must be verifiable. Open and publicly accessible monitoring of installation, appropriate build (version, hash...) And same goes for hardware. Must run on server that cannot be spoofed or additionally monitored or traced.
If above is done, it is just simple case of decoupling recorded information.
And in regards of checking public ledger can have some kind of random code "R3DfCee" which will be there to make sure equal number between those who voted and issued codes. Each voter can go to public web site and look for his code ...
Maybe something along those lines?
This assumes the problem is merely making an accurate count, rather than making consensus.
"Verfifiable" doesn't just mean "an expert in the field can determine the system registers the votes/totals cast by individual voters." Because that means you still have the political problem of how non-expert citizens know they can trust someone's verification or expertise.
Verifiable in a democracy means that a layperson of average intelligence can observe and understand the process and participate in verification.
Or to put it in Python terms, "explicit is better than implicit."
We're not just making a count, we're making group confidence that a given vote count was correct.
If installation number is open and visible, any person without any knowledge can confirm that during vote, latest installation number was such and such and hash of build was of such and such. Before election day number can be publicly broadcast so everyone knows what needs to be checked.
Opensource and visible means same as for linux, code is visible to those that have knowledge and can quickly identify attempts of backdoor attempts like for instance this one: https://freedom-to-tinker.com/2013/10/09/the-linux-backdoor-...
Code wise that will allow that people in power will not try to manipulate or rig elections. If you have XX thousands of IT professionals that can check code it is surely better than "trusted" dedicated private contractor.
It seems pretty likely that it's possible cultivate the same distrust of technical professionals. In fact, considering how little true technical expertise has gone into the voting systems that exist, it's probably inevitable and possibly in some cases accurate.
If you need an technical expert to verify your voting system or even your vote count, that itself is a vulnerability in what voting systems are for. This is not a coding problem.
> If installation number is open and visible, any person without any knowledge can confirm that during vote, latest installation number was such and such and hash of build was of such and such. Before election day number can be publicly broadcast so everyone knows what needs to be checked.
> Opensource and visible means same as for linux, code is visible to those that have knowledge and can quickly identify attempts of backdoor attempts like for instance this one: https://freedom-to-tinker.com/2013/10/09/the-linux-backdoor-...
> Code wise that will allow that people in power will not try to manipulate or rig elections. If you have XX thousands of IT professionals that can check code it is surely better than "trusted" dedicated private contractor.
"any person woth the knowledge" that's the issue you want a system where the most number of people with the least amount of specialized knowledge nessicary can verify their vote. Everyone can look at a pice of paper and see their vote before they cast it. Not everyone has the expertise to verify software was installed correctly and all the important cryptographic boxes where ticked.
When it comes to computers, there is no expert able to verify a system is really running what it's supposed to. Open source doesn't help, when even a single subtle bug could lead to exploits. Formally verified bug-free code doesn't help, when the compiler itself could be compromised. Verified compiler doesn't help, when the CPU could have backdoors. A compromised machine and a secure one look the same to all except an electron microscope.
...
https://www.youtube.com/watch?v=PT0e9yTD2M8
https://www.youtube.com/watch?v=iit5WdLYwns
As mentioned in the arstechnica articles, attempts have been made in the US as well. Voatz and OmniBallot in particular.
https://www.youtube.com/watch?v=_FHHXJ1AVm4
Maybe someday we can have safe, reliable and transparent elections using smartphones and whatnot, but the attempts to computerize our elections over the the last 2 decades have imo been more problematic than beneficial.
https://www.youtube.com/watch?v=6PvXRwXyNEs
Sometimes paper is the right technology for the job. Hand-marked paper ballots and post-election risk limiting audits is the best option we have at the moment.
In either case with such a ignore-vote function in place, how can you be sure that the mailman, or the official who gave you your authentication codes, that they aren't pulling this trick on you? By it's nature it must be undetectable that it is performed?
> In Germany all voting places are wheelchair accessible.
There are accessibility concerns beyond just wheelchairs you know...
A person doesn't have to be able to get to a post office themselves to cast an absentee ballot. They just have to be able to fill out the ballot and sign it. Someone else can mail it for them.
Right, so they have to be able to reliably receive mail at a location fixed at least a little time in advance, and either send mail or give it to someone to send mail, and then it needs to reliably get to its destination.
Not all of those things are always easy for all people's situations.
As a practical example - see the difficulty that homeless people have voting in many cases.
Voting online as an option would possibly solve them for some people.
The internal handling of votes should be harden as you explain, but helping more people to vote should be the goal. The reverse is also an attack on democracy, and we already see this at so many scales.
Like setting voting stations at places easier to access for a specific portion of the population (right next to churches on sundays, next to police stations, hard to reach by public transport places, etc.). Reliable online voting would alleviate these kind of issues.
Not saying it’s easy, but we should at least try.
That's how it is done in Belgium.
Think of it. If your choice is ether vote or risk a fine, you'd rather go and vote. If you go and vote, you'll learn at least a bit about the choices you have to make in the ballot.
P.S. While Belgium got mandatory voting right, it completely messed up electronic voting. I remember being an assessor in a polling station with electronic voting.
People voted, then the head of the voting station took 3 1⁄2-inch floppy disks out of the machine, put them in an envelope and drove away to the district polling committee. There was not counting, no protocol to sign. Nothing. I was appalled.
This is ABSOLUTELY not what I want. I for one want voting to be extremely accessible. Everyone that wants to vote can. The goal isn't to make everyone vote but rather that everyone has the ability to vote. That you don't have to take time off to vote. That it is easy.
Universally accessible, not universally mandated.
That's the pesky thing about democracy, you see. If you want "informed voters" then you actually have to work to have an informed populace, not gripe about people's right to participate in the society they're a part of.
Not everybody has to be your idea of an intellectual to be a part of a democracy. And not only is that okay, it's precisely the point of it being a "democracy".
Yes, and the solution to this is not mandating that they vote. If they are uninformed forcing them to vote doesn't cause them to be informed. It makes the system more vulnerable to populism.
The idea behind freedom is not absolute freedom. It is a balance of the contract with society vs individual freedom. You want to maximize individual freedom, but for everyone (not a singular person). Clearly things like the "freedom" to murder someone doesn't outweigh that person's individual freedom to live and thus we make laws (and ways to enforce them). Mandating voting decreases individual freedom and has a potential for reduced societal freedom (while little to no real potential for increase. Much prone to populist candidates). So why mandate? Don't solve problems that aren't problems. If someone doesn't want to vote, how does that harm you?
On the other hand, casting a vote doesn't mean CHOOSING a candidate. It means that you can cast a BLANK vote. And that, in and of itself is an extremely important thing. It shows that you are NOT okay with either candidates, and forces them to actually adjust their agendas to suit the "public will", instead of falling back to what I believe is commonly called in the US as "ratfucking", aggressive districting, and voter disenfranchisement, which means they literally only care about getting enough voters to pass.
As for the doability, it's already done in Australia. Pretty successful, and basically and national holiday celebrated like 4th of july in the US.
For example every election in Washington ballots are mailed out to every address on file, it’s very easy to print a ballot online if you didn’t get it in the mail, and until recently there have been no supposed issues with mailing ballots (postage is prepaid), plus there are dedicated dropoff boxes as well. And even with all that convenience turnout was 65% in 2016, though it is expected to be higher this year.
In general, people don't trust elections because they don't trust their representatives to actually represent their interests, or they don't trust the rest of the political system to actually allow any meaningful change. These are very valid and correct criticisms, confirmed by many sociological studies (in the US at least, the opinions of the bottom 50% of the electorate by wealth have almost no influence on their representatives' agendas).
Voter suppression and vote buying/bullying are much more common, but those have little to do with the voting system (though India has an interesting and complex voting system designed to combat a history of systematic retaliation against entire groups of voters, such as de-funding entire regions that had voted the with the losing party).
But actual voter fraud is rare in most democracies. It's extremely common in authoritarian regimes that are mascarading as democracies, but an online system would make those cases especially trivial.
Reliable on-line secret ballots do not exist for us yet and may never.
More easy-to-access polling stations does.
IME, high tech voting makes changing one vote a little harder, but it makes changing the outcome much easier.
I see nothing inherently secure about physical paper as the voting medium. Whatever is written on that paper or how it's handled better also be provably secure somehow.
This FUD will be what leads to unrest, please stop spreading it.
Putting your head in the sand won’t make it go away. Mail-in is a bad fucking idea. Trump suggested a way for his supporters to make sure their vote was counted and Twitter took the tweets down as “election manipulation”. Umm, what? So do mail-in ballots allow double voting or not? Twitter has also said they will remove any Tweets by trump if he claims victory “too early”. So that’s where we are now, huh? If Democrats were so damn confident they could win fair and square, why introduce this wild card?
Changing to mail-in at the 13th hour is not the same as continuing a 30-year tradition. Besides, as others have pointed out, it has led to nakedly corrupt elections in other states (Washington state in 2004). Whenever you introduce the possibility of people being able to ballot harvest or “lose ballots” and those same people are taught that they are stopping literally Hitler it’s no surprise they do what they do. This whole last-minute rush for mail-in ballots stinks to high heaven and even if you think your side will benefit from it, we all lose when trust in our democracy is undermined.
So no, I won’t just kindly shut up and let Democrats steal the election. Or Republicans for that matter. We should all be observing the ballot counting process but this god damn mail-in process means we can’t audit the process. That should scare you. If it doesn’t, you are way too naive.
How many of these sorts of cases are you OK with? Less than 1% of the total votes? 10%? 50%?
Hell, just look at the article. It acknowledges the high costs of mail-in voting. Then engages in classic double-think to defend it:
>“Trump has repeatedly baselessly claimed mail-in voting will lead to a “rigged” election—despite mail-in voter fraud being extremely rare—and decried the fact that the vote could take longer to count, saying the nation “must know election results on the night of the election.” >Facebook blocked videos of Trump encouraging North Carolina voters to vote twice—which election officials warned would be a felony—Thursday, but has not taken action on the president’s Facebook post making similar comments.“
Well which is it? Does mail-in lead to fraud or not? Trump’s allegations are apparently “baseless” but at the same time he got muzzled when he suggested his voters make sure their vote was counted. This is a fucking circus.
The ballot has a removable serial number on it which is detached before returning the envelope. I can use this to look up the status of my ballot online and see that it was counted.
What part of this process is not secure?
[0] https://nypost.com/2020/08/29/political-insider-explains-vot... [1] https://newjerseyglobe.com/local/postal-service-finds-some-p...
Do you have any answers for my 3 sourced statements other than naked assertions?
[0] https://www.washingtonexaminer.com/news/more-than-20-000-dea...
[1] https://www.msn.com/en-us/news/politics/three-tubs-of-ballot...
[2] https://www.realclearpolitics.com/articles/2020/04/24/28_mil...!
[3] https://www.nytimes.com/2020/04/09/us/politics/wisconsin-ele...
[4] https://noqreport.com/2020/06/28/caught-on-camera-postal-wor...
For those unfamiliar with the story, in the 2004 election for governor of Washington, the Republican candidate (Dino Rossi) won the initial count by a very narrow margin (261 votes), triggering a legally-mandated recount. The recount closed the gap to Rossi only winning by 42 votes. A manual recount was performed, and during the manual recount election workers "found" a bunch of ballots; in arguments before the left-leaning state supreme court, the court rejected requests for applying the same recount methodologies in all counties (in opposition to Washington state law) and the "found" votes, mostly from D-leaning counties, put Gregoire into the lead. The Democrats in the state then successfully argued in court against any further recounts, and Rossi conceded without taking his complaint to the state supreme court. Gregoire took office shortly thereafter.
I don't know who should have won that election, but to an outsider it sure LOOKED like some fraud was occurring, especially since the "found" ballots didn't match the statistical distribution of the rest of the votes in the counties, and leaned D significantly more heavily than the counties' original ballots.
So THAT is why I oppose mail in voting. Mail in ballots introduce custody, integrity and identity issues, as well as enable vote-buying and selective vote harvesting, and so are amenable to fraud. We have seen all of these things happen; they aren't theoretical.
[1] https://en.wikipedia.org/wiki/2004_Washington_gubernatorial_...
I'm not sure how this relates to mail in voting though? If there was fraud and D ballots were being hidden where was that happening? Wouldn't it be during counting, not transportation? Would voting in person have changed this or made it impossible?
The found ballots were absentee ballots, which were the only form of mail-in balloting available at the time.
A goal there is to have absolute plausible deniability - that even if you absolutely wanted to show to someone that you voted for A, then we need to ensure that you could do that show even while actually voting for B. If you want to fill out a paper ballot and put it in a tamper evident envelope, then it's important to ensure that nobody can watch (current solutions include in-person voting, and for people who physically can't come, my local elections include an election committee visiting these pre-arranged houses and collecting ballots while ensuring secrecy, i.e. that it can't be filled by a family member). If you want to take a picture of a filled ballot, then we need to ensure that either you can very easily take a picture of a ballot filled differently than you actually voted, or that you can't take such a picture. In systems where you have multiple ballot sheets (e.g. one for each party) and put the one you choose in the ballot box, and the others (for whom you didn't vote) stay outside, then you need to ensure that either everyone can easily and anonymously leave with a set of ballots as if they voted for someone else, or either noone can leave with these ballots.
This is a problem with digital voting. For example, there are various schemes of digital voting you can verify that your vote was counted properly while still remaining anonymous without your cooperation. But it needs to ensure that the vote remains anonymous even if your cooperation can be forced or bought.
It says you should bring in your mail-in ballot to the polling place, and if you don't then you can cast a provisional ballot "which will be counted after your county elections official has confirmed you are registered to vote in that county and did not vote more than once in that election." Based on that wording it sounds like if you already submitted a vote-by-mail ballot, then you would have already voted and your provisional ballot won't be counted.
Sure, as long as you're fine with whatever retribution the guy you sold your vote to chooses to take.
Or even the part where I offer $10 per ballot.
Probably need the equivalent of poll watchers to pick them up from the drop box and deliver to the monitored counting center. I'll believe the tamper-evident nature of the envelopes when I understand the solvent or process required to remove the adhesive without tearing the cover.
The serial numbers are also tied to my address and name so you'd have to both decode the system used for generating the numbers and know the number the state assigned to me.
And a root of trust here is state IT systems. In addition to state actors (the nation-state type), we have the classic insider threats driven by both elected and career officials. Need to assume a higher level of competence at least than election commissions have deserved in the past.
The poll watchers are interesting. Do they watch each box from the time it's placed on the curb until the time its contents are entered into the counting system? (What's the overnight security like on them?, what's the transit security?)
Yes I sound like I'm trying to find problems...
https://archive.is/jx8Ey
Edit: fixed URL
Huh?
I stopped reading after the first sentence but did a quick search. The words "tamper" and "mail" don't appear in the article.
Probably, but it would probably be so complex that only a small subset of the population is able to understand how it works. For a vote that’s accepted by the general population you want a process that’s as simple as possible. Everyone understands how paper works.
> Whatever is written on that paper or how it's handled better also be provably secure somehow.
Here that’s largely solved by having lots of volunteers that do the counting. It should be pretty hard to compromise that.
The volunteers bit and generally very human process of counting votes actually seems like a huge attack surface for anyone to 'miscount' votes they don't like. Theoretically everyone's work can be double checked, but does this actually happen outside a recount? It's a huge amount of work in the first place, I wouldn't be surprised if there wasn't the resources for it.
What I'll give in-person voting is the human autonomy bit. In principle someone is physically looking at me and my ID, and I go into the booth alone. Even mail-in doesn't accomplish this one.
Where does this antiquated mindset of "omg, I need my votes counted by hand!" but "please transfer $1,000,000 using as many electronics as possible"
I trust SSL more than I trust human counting?...
Because that's a feature. You want something that's simple to understand and cannot be easily tampered with at a larger scale.
As they go into, it's not easy to explain to the public or other election officials how this happened, or even what happened at all.
I believe low tech is preferable, but I don't think this is the reason, unless I'm misunderstanding something.
There’s also some theories that voting at home on something like your phone is far more subjected to coercion. This is why some states refuse to go 100% mail-in this year, even at the expense of public health. Sure, someone can always threaten you to vote a certain way, but polling places are designed to prevent that as much as possible.
Then there’s just us, the population. We live in an age that people doubt vaccines, or think the earth is flat, or that COVID 19 is a fake crisis manufactured by the Democrats to win the election. If 100% of votes are done digitally, some group will undoubtedly not believe the outcome of the election.
Sure there are, quite literally Ordering a new election from scratch is a not-unheard-of remedy for election irregularities for which there is no other way to correct the irregularity.
In 2000 Bush vs Gore, the Supreme Court canceled the recount. That’s the closest I’ve seen to the courts stepping in to fix a mess.
The (completely optional) popular elections for US Presidential electors don't generally have laws that would support a judicially-ordered revote as a remedy because they have a built-in after the fact legislative remedy, since the legislature ultimately decides the mechanism by which electors are assigned (and can simply do so itself), and can revise it's decision even after a public balloting has occurred (in principle, such an retrospective change removes the states electoral votes from the safe harbor provision that applies to procedures fully adopted in advance, but then the safe harbor rule itself is unenforceable and effectively a symbolic statement of intent.)
But that's a fairly special case, and a result of the peculiar design of US Presidential elections, not something general to elections.
This doesn't prevent a do-over, it just means that it wouldn't come from judiciary. It also means that the decision would be highly partisan.
While not about do overs (but potentially about legislative intervention in other ways), that's why the anti-mail-ballot propaganda (and Trump's double voting advocacy) is heavily targeting Republican-legislative-majority states that are polling close or leaning Biden.
[0]: https://en.wikipedia.org/wiki/1974_and_1975_United_States_Se...
In the US, I haven't seen any indication we have rules for a new election. We certainly don't have such rules for the president, except that the electors can be selected by state legislators and if the electors don't provide a result, US legislators can select the president.
https://www.nbcnews.com/politics/congress/republican-candida...
[1] https://en.wikipedia.org/wiki/2016_Austrian_presidential_ele...
But the other discrepancy relative to banking is that for elections, we want to also verify that no extra votes were snuck in. By comparison, while I require my bank to get my balance and transaction correct, I have no expectation that I'll be able to verify that balances for all other accounts were summed correctly.
For voting, there's no such thing. Nobody knows what the result is, whatever comes out of the black box that is electronic voting is the result, for better or worse. You can't independently verify it, because that breaks the voter secrecy, and you can't allow anyone to override the results and "fix" it to whatever it "should" be, because that's outright voter fraud.
Papers and envelopes is the only way to go.
Fantastic, can you explain that to my 95 year old grandmother?
> there even exists a youtube video
She doesn't know what YouTube is.
You're showing the third weakness of online voting, and that is that because we have to trust whatever result the system produces, everyone in society also has to be able to understand the system. I'm sure I could understand your solution, but I'm a nerd, and you shouldn't have to be a nerd to understand it. It's hard enough to convince people that experts are right about trivial bullshit, why should anyone trust the experts about online voting?
The simplicity of voting through papers and envelopes and urns is its greatest strength. Everyone can look at the process, everyone is even invited to observe the process, and you can easily detect cheating or other irregularities. Everyone can be a poll worker, and that's a fundamental pillar of democracy, that we all build the voting machine together, so that we together can trust the result, even though we may have completely opposite political opinions.
A once-in-a-lifetime referendum in the UK in 2011 about a change to voting systems was solidly defeated because most people said 'I don't understand this it's too complicated' - and that was just AV.
Most ordinary people don't want or trust any kind of fancy voting idea at all. I don't see that changing either.
That's quite literally what people do when buying stuff from amazon.
People are just afraid of change. In places where e-voting has been implemented people generally trust that the system works, just like they trust a lock symbol in their amazon shopping cart page.
Similarly, You can't verify a paper ballot was counted correctly (see recounts and how the numbers don't match). Yet we're ok with these systems.
Clearly infallibility isn't a prerequisite for trust.
Besides, as I mentioned elsewhere, auditable e-voting systems do exist and have been used in various parts of the world.
No it doesn't. People are frequently victims of scams and id theft because of the trust necessary to use online systems. This is something that is important to avoid in voting, or else your country collapses.
Take, for example, elections in Brazil. They've been electronic for decades and people trust its accuracy. There hasn't been a single known case of tampering even though the country has a notoriously corrupt political landscape (see every scandal and impeachment since the 80s)
I would even bet money that if the US rolled out nationwide e-voting somehow, within 5 election cycles the majority of americans would say they trust it in polls. Based on familiarity alone.
Have you personally verified TLS? I have not, but I still use it.
The reality is that americans have collectively decided that e-voting cannot possibly work, perhaps due to some irrational fear that their bipartisan side will be cheated out of a rightful win in some sinister movie plot. Never mind that e-voting has been around and working just fine in other parts of the world.
No, they don't, because they can call 911 and have actual police and EMTs show up, so they know the system works even if they can't understand the technical details.
There is no similar way to check a computerized voting process.
On a more serious and technical level, auditable voting systems have both been developed already, and deployed/used. Just because you haven't seen them doesn't mean they don't exist.
https://en.m.wikipedia.org/wiki/End-to-end_auditable_voting_...
Of course, but that's not the most likely failure mode.
Take Brazil for example. Presidential elections are about as high stakes as they come, they have been electronic for decades and election results pretty much always align with polls.
There are no known cases of tampering despite the high amount of chronic political corruption. Failure modes in the system are much more mundane: buying votes, manipulation of lower classes (so called "voto de cabresto"), smear campaigns and the like.
Seems like this logic could apply to any other digital or cryptographic solution as well? On that note, I doubt your grandma understands voting machines, or even what happens behind the scenes after you mail a ballot.
As in many things, I suspect all that matters is a general consensus that it's secure. For some that means experts agree it's safe, for others it means their friends, children, sheriff whatever sign off on it.
That is an argument against voting machines.
"Public process" ultimately means a small handful of people can actually observe the process, so we're right back to trusting our officials.
Absolutely, yes! That's basically how voting works in several countries. Observers can see votes being cast, vote counters can see that number of votes in the urn correspond to the number of voters who voted, you get a paper trail because you always have all the physical votes, and the process scales horizontally super easy.
> "Public process" ultimately means a small handful of people can actually observe the process
No, anyone can come look at the voting or vote counting, why would you prohibit that? The whole point of having a simple and open voting process is because people should be able to observe the whole system.
I am. Why is that hard to believe?
> "Public process" ultimately means a small handful of people can actually observe the process, so we're right back to trusting our officials.
Where is that the case?
How does homomorphic encryption keep me from selling my id and password to someone who will vote for me, or keep someone from standing over my shoulder and watching me vote?
And the other side: if you claimed that your vote was improperly counted, how could I (as a law-enforcement officer) verify that claim? How could the election body trigger a re-count?
Of course, these fundamental issues are all moot anyway, because of the even more fundamental issue of intelligibility. I understand exactly how the voting system works today, how the integrity of the vote is assured, how fraud is prevented. So do my grandmother and my 16 year old niece. With a system relying on homomorphic encryption and resilient, secured hardware and software, do you think that there realistically exist 1000 people in the entire world who could be personally convinced that the system is secure end-to-end, from the mathematical models to the systems running the software that is claimed?
I would really like if I found even attempt of ideas, or even break down of problem to many points ... something along those lines ...
With voting, whoever is the online voting provider (even if it's "the government" i.e. the bureaucrats and the party/parties currently in power), isn't really responsible... if some things go wrong, nothing happens... if too many things go wrong, the whole system collapses.
https://www.schneier.com/blog/archives/2004/11/the_problem_w...
But that is an illusion that could very well be shattered in a few weeks, for those who stick to American politics.
The advantage of the paper system is that people are familiar with it, and they think they know how it works. Much like you might think you know how accessing a website works, you actually don't know every detail in that stack. Do you really know how the light in the fibres get read? How virtual memory and TLB works? What about rendering the page in react? I can say I studied all these things and I still don't entirely know how the whole thing works, I am simply confident that certain abstractions are going to hold, so I don't worry about the nitty gritty of how semiconductors and lasers work.
In paper voting land, it is the same. Everyone who has voted has seen the interface: you get a piece of paper, you put it into a box, and in the evening someone is chosen to disappoint the nation for the next few years. You imagine that in between there are competent and honest people counting the votes, reporting their subtally, and totalling the numbers they get, up a tree to someone who ends up with the whole picture, which he then dutifully reports to the nation.
But what is holding this together? Essentially, just faith. There may be checks designed at various points to make sure nobody does a bad job of counting, but with enough contention this will break. The system might do just fine if one or two people forget a pile of votes, sure. But what if you have people complaining that they can't vote in the first place? What if everyone decides they need to contest the vote if their guy doesn't win? What if there are complaints about the aggregation?
There could easily be a situation where everyone thinks the system is just broken and will never work again with the current system.
What moving to electronic voting could give us is sacrificibility. You have a shit election, you blame the system, you make a new one. Paper voting isn't branded ("Accenture Voter System") and will remain stained by problems.
You put the piece of paper in a locked box - a lock that was checked by all these reps. So, no wrong votes in the box. At the end of the day, all party reps watch as the state rep counts the votes. So the counting is also right. Then the counts are written on a final document, which is then signed by the state reps and party reps. At the main station, more party reps can check that all papers were collected and correctly added for the final tally.
Anyone who wants to mess with the voting has to corrupt all of these reps for a voting station, in order to probably move the votes by like <1%. Then repeat for many different voting stations to actually change the winner. As long as you trust the local party rep (hopefully you have interacted them) who is standing at the voting booth, you can believe at the emotional level that your voting booth got the right result.
They don't have to be honest at all: you simply allow each competing political party to designate their own people to count the votes, so they keep close eye on each other. Of course you also allow people not affiliated with any party, independent international NGOs, etc.
The main advantage of paper votes isn't that they are completely unhackable, but that the hacks do not scale - you would need thousands of co-conspriators to influence something like US presidential elections.
Of course, this would bring challenges of its own and be subject to other sorts of abuse, as we can see from influence campaigns on social media and indeed things like edit wars on Wikipedia. Nonetheless, a great deal of our political decision-making could be distributed and would have far greater legitimacy as a result.
Maybe letting some person or legislature make decisions between elections is as outmoded as the electoral college.
Also, I’m not certain if it makes sense to vote in terms of making a decision for one thing or another, but vote in terms of how you think the majority of others will vote. That way people don’t vote for what they think is in their own interest but in what they think the community thinks is in the interest of the whole.
That's how elections are conducted today.
A proper online voting system could have maximal verification. Bruce Schneier could be handcuffed to the mainframe to verify it. Offer a $1 million bounty for every bug found. Make a system that has multiple independent watchdogs watching each other, and if the code on any is changed they all freak out. Every line of code could be scrutinized.