65 comments

[ 3.6 ms ] story [ 47.1 ms ] thread
While we’re on it, I don’t want the internet on my stove or car either.
I live in an economy where people vote with pencils on paper in cardboard booths and at scalable cost, it just works. Obviously the cost also has to scale linearly for the 200+m voter economies, and time becomes a factor, but for community acceptance I still think paper and pen/pencil beats machine hands down.

(this is Australia. we have compulsory attendance at voting booths for eligible citizens, you can spoil your paper or walk away but we enforce with a fine, participation in the one obligation of citizenship)

-I have been offered voting remotely in elections for my home economy of the UK and I would have welcomed some kind of homomorphic encrypted, secured voting method, given I have done KYC with the UK government to get my pension paid, I don't see there is a problem with them knowing who I am online.

I therefore do not totally agree with the headline, but I'm willing to be convinced by the article, because comparing the land of hanging chad to my own, I think paper and pencil is just fine. BTW we have a senate election which demands ballot papers cut from A0 paper in long strips. Hundreds of boxes to be filled in. What we don't have is the vote for every judge, official, proposition on the table, we just elect representatives and senators, but we have a complex vote method. It just works. We do machine reading, but every single paper is reviewed by people, and parties have rights to monitor the vote, in secured spaces. We do not have a serious concern with the integrity of our vote, and the question is regularly asked and tested. (it's not just because we believe its secure and don't check)

Its a great list of signatories, includes people I respect. I would think that the prime question for americans is "how much worse or better than the current approach could this be?"

Tom Scott made a solid video on this years ago[0].

I would love to go back to paper elections, even with all its problems (hanging chads anyone?). Let's make attack scaling as difficult as possible.

[0] https://www.youtube.com/watch?v=LkH2r-sNjQs

The most important feature of public elections is trust. Efficiency is one of the least important feature.

When we moved away from paper voting with public oversight of counting to electronic voting we significantly deteriorated trust, we made it significantly easier for a hostile government to fake votes, all for marginal improvements in efficiency which don't actually matter.

Moving to internet voting will further deteriorate the election process, and could move us to a place where we completely lose control and trust of the election process.

We should move back to paper voting.

Estonians seem to have funny ideas on this. They're very VERY digital-forward.
I believe the piece we're missing is the government (citizen?) service which issues (manages, replaces, revokes) constituents' cryptographic tokens for use with such things.

Then our voting systems could be electronic, secure, open, verifiable, and mostly private; assuming effective oversight / this organization does not issue fraudulent tokens or leak keys or identities (big assumption, but I don't think it's impossible.)

Is this just an abstract and is there more to this post? I found it quite shallow.
You know, kind of an interesting test here. This was posted 13 minutes ago and the comments so far are mostly all supportive of not wanting internet/insecure voting methods, all supportive of pen and paper. I wonder if after an hour or two the propaganda hoses will have been turned on and all the top comments start to have the reverse messaging in them, saying internet voting is perfectly fine, and such initial comments downvoted into oblivion.
More important it should be a right first. Where i live it's not optional
* “all your money lives on the internet and it’s safe”

* “internet voting is insecure”

who wins?

So where is the thought on mail in these days? It’s what we have in Washington and I rather like it.
paper & pen has tremendous value as a recording mechanism. Although it's slower at counting and indexing, it is far better at reproducibility and durability:

* records last > 500 years with no electricity . corruption is obvious at first glance. ( bad records don't appear to be good).

* counting is easily distributed by number of workers

* readily visually inspected with no special tools . ideal for auditing

* records stay in order at rest.

* easy to detect & protect against tampering

* easy to train new users . CRUD tooling costs pennies per operator

* cheaper to scale writes & reads

TCO and risk-assessment for paper records exceeds digital on nearly every measure.

My state uses a system that I think is the best of most worlds. You check in at one table, they give you a "receipt" that you give to another table who trades that for a little card. The card isn't linked to you at all and it gives you access to a voting machine. You enter your choices into the machine, which prints out a paper ballot that you can review and verify before putting it into the box as you leave. So, your vote is recorded by the voting machine for quick tallying, but your vote is also recorded on paper that is human and machine readable for verifiable re-counts if needed.
I agree with the risks, the overall theme being it's much easier to potentially manipulate a million internet votes than physical. In other worlds, internet vote manipulation scales significantly more than physical.

But I could make the argument with any high trust internet system.

Let's take another high trust activity we do on the internet - banking. Internet banking gives a hacker the ability to steal millions while sitting across the world. This is the same argument the authors make about changing a million votes.

So it really comes down to the pros vs cons. That's the more important discussion imo.

Do the benefits of internet voting outweigh the cons?

To some extent, I think the cost of paper voting is almost a feature. It takes more work and effort to corrupt a paper voting system enough to change an electoral outcome, it helps more people gain familiarity with the electrical process and places an additional weight on the decisionmaking,
Which of these vulnerabilities do not apply to any other internet system? And yet all of everyone's money is accessible over the internet and that seems to be working fine. If they really care about security at this level then they should ban all non in person voting methods.
The thing about paper ballots is that the ways to cheat with them are well-known ("finding" ballots in the trunk of a car, "losing" ballot boxes on the way to the counting center, counting the ballots behind locked doors with observers not present, and so on), and have been well known for centuries. So the counters to them (ballot boxes sealed with an official seal once full, only sealed ballot boxes will be opened and counted, neutral observers present at all times when ballot boxes are being transported and/or counted, and so on) are also well-known. If those anti-cheating counters are in place, that gives you quite a lot of trust in the results. And if observers get thrown out and then ballot counting continues behind closed doors, you can have a reasonable suspicion that cheating is going on, and can make a stink and demand a redo of the vote.

With Internet voting, the ways to cheat are not all that well-known among the general population, and even among an audience like HN I bet we couldn't come up with all the ways to cheat. (That's not a challenge!) So there's going to be fundamentally less trust in the election process than with paper ballots, even if the Internet-voting system was actually made completely secure. (And I'm not persuaded it can be made completely secure, given that secret ballots are a fundamental requirement of the process).

So yes, paper ballots are very much the way to go.

I think this relies on the old argument that anything connected to the internet is potentially insecure. While it might have some truth, practically we all do very sensitive stuff securely while connected to the internet. The risk is there, always, but you put all the measures to mitigate it and even prevent it.

The idea that a malware could be on a phone “altering things automatically” feels like a 90s FUD cliche. If an online voting system existed, it won't be like a poll that you see on Twitter, for instance; it will be far more involved. For example, we can have blockchain as the network, and not just transparent to all, but even after you vote you can still check your vote and see if it was potentially altered, and a proper electronic chain of custody can also ensure that the vote was counted per the process, and all of that is visible to anyone who would like to check and even count ALL the votes yourself, again, just like how transparent blockchain is.

And saying paper voting is more secure isn't true at all, because these votes will be counted electronically at some point, either by a machine or just a simple Excel sheet, opening the same risks as the previous one except here, if it would happen, you will never know and you as a voter can't trace the vote from when you voted all the way until it was counted. The voting process should be designed in a way with zero trust in mind, just like how secure systems are designed now, like storage, encryption, vpn, etc., and voting should too.

I personally believe that we can build a very secure, robust, and trustworthy system that can be used for voting online, but I think no one wants that for all sorts of political purposes, either by actually altering the results that could go unnoticed, or at least keeping the window open to blame the results on a faulty system.

what about crypto voting schemes? zero knowledge and all that

if we assume the user connection is secure (ie, about as secure as banking), can we have secure internet voting?

(comment deleted)
It’s not that it’s impossible - it’s that the established players are already questionable. And any new entry would require more than any simple company could provide. Heavy investment and collateral is required.

Our livelihoods are increasingly (almost entirely) digital and endure great efforts to abuse. But banking and/or retail operate on a different spectrum. For one they make money. The costs associated allowing their business online may never make sense for a non-profit based activity like voting.

Do we have any examples of internet activity as tempting to infiltrate/pervert that is secure and doesn’t extract value?

Anyways it seems greater damage will be done before we even reach a provably secure system. So paper/pencil voting would be better.

But fear not - even if we abolish voting machines we aren’t out of the hole just yet. We have good company with concepts like Citizens United as well as activities like sweepstakes that try to sway the populace to throw away a vote for a chance at a million. Illegal - sure - but that won’t stop the ostensible infinitely wealthy from enduring a slap on the wrist - or more appropriately a verbal reprimand (which is all that happened last time) for their part in electioneering. And if that didn’t work we have an onslaught of reAlIty and bots that poison our conversations in order to form our world views.

I’m jaded. I’m overly pessimistic. I’ll go now.

Voting is one of those things that people care very little about but it's extremely important as it can determine who is the head of state (a position that has a lot of power an influence).

A single compromise once can have incredibly bad long term consequences for the majority of a ruling elite gain power indefinitely.

In person and by mail voting with a blockchain ledger-based receipt is how to prove one's vote is counted anonymously.

There must always be a paper trail and a blockchain ledger provides the most reliable and secure means to maintain integrity.

If we can’t create a secure online voting system why do we use it for passports, banking, medical records, drivers licenses, criminal and law record keeping.

This is just an attempt at control using the majority of cases that most websites and applications are insecure. If enough effort and time is invested of course we can create a fairly robust and secure voting system.