[nxc182]

This is why we absolutely do not need electronic voting (or electronic vote counting) in any way.

Paper voting (with polling locations distributed to balance load) with hand counting and verifiable addition operations to get the final vote counts is what is needed.

Having voted in person at town hall, and then having helped count the votes, I know that it is doable - just like any other laborious task is doable with enough people involved. Electronic voting just doesn't buy you anything more than risk - all at the cost of verifiability.

The other advantage to hand counting with a neighbor nearby is that there is a strong penalty for manipulating the election - your neighbor will notice. These machines make it way too easy to manipulate elections at mass scale without detection.

[grzm]

I agree that a system that only has electronic records is very problematic. However, a system that includes a physical component (such as a paper ballot receipt) can be used as part of an electronic system to permit something that's auditable and verifiable.

https://en.wikipedia.org/wiki/End-to-end_auditable_voting_sy...

[Graphon1]

ok, a receipt. How is this supposed to facilitate a recount? Not all voters will retain their receipts. Not all voters will retained receipts will re-present them in the event of the need of a recount.

Are you saying a recount will be unnecessary if E2E is done properly?

I read the linked article but didn't get it.

[grzm]

I misspoke in saying "receipt". You're right that we can't rely on voters keeping their receipts for a recount. I meant a paper record of the vote kept in addition to the electronic record.

I'm not sure where I might have given the impression that a recount would not be necessary. A paper record makes a recount possible and the election system auditable.

The linked Wikipedia article on end-to-end auditable voting systems provides an overview and links to different methods of making voting systems more trustworthy. There's a lot of thought and details that go into it, and if it's something you're interested in, I suggest following up on some of the links and spending more time. I know it's taken me reading a lot of different articles and implementations, and I still need to look up different parts of it.

I did find this slide deck from Ron Rivest helpful:

"Auditability and Verifiability of Elections" ACM-IEEE talk March 16, 2016

https://people.csail.mit.edu/rivest/pubs/Riv16x.pdf

Were there particular areas that didn't make sense to you?

[58]

It seems pretty simple to me. Have the machine print a receipt that shows your info and who you voted for, have the voter check it over and sign it, and then have the voter hand it in before leaving the voting station. The receipt is really no different than a paper ballot at that point.

That's not to say that other security precautions can be ignored. Ideally I'd think there should be mature open-source software running on secure intranets for each voting station, and transparency at every level of the process, including better transparency in how those physical receipts are transported, handled, and stored.

[melse]

Bear in mind that by requiring each voter to sign their ballot slip, you're reducing the anonymity of the election, since it's potentially possible to prove that you voted in a certain way to sell your vote.

[VLM]

The gold standard, which has been deployed where I live for a couple decades now, is to skip all the e-voting network touchscreen foolishness and simply fill out an optical scantron sheet like the tests you probably filled out in school.

The last step of voting is inserting the ballot into the scantron machine. Valid ballots are eaten, invalid are kicked back out at you.

Theoretically the machine can output running totals at any time, and if you've never seen an optical scanner in action you'll be surprised how fast it can scan and grade a classrooms worth of multiple guess tests, less than a minute to scan and process perhaps a hundred tests, so a thousand people living in my voting district is not exactly a data processing challenge. The votes can obviously be counted by hand of course, they're just custom printed multiple guess test sheets.

Optically scanned paper tapes and punch cards were contemporary in the 60s and optical scantron machines appeared shortly after. I'd estimate my state converted from mechanical voting machines and mimeograph machines to scantrons and photocopiers about the same time, lets say 1980 although maybe as late as 1984 or earlier in the 70s. I distinctly remember watching my parents vote one last time on an old fashioned voting machine when I was a little kid, probably voting for Nixon, may have been Reagan but I'd have been too old by then, I think. Old fashioned mechanical voting machines were cool and steam punk ish in appearance.

Its such a simple, cheap, reliable system that it almost leads credence to claims that elections are being intentionally rigged. Its hard to explain otherwise why something so cheap simple and logical is being covered up and so few people know about it. Ironically I live in a non-swing state in a gerrymandered district so my vote has never mattered and never will, but at least if I ever get a chance to influence politics via voting, its pretty obvious my vote would be counted fairly.

[waxim]

Two systems. One assigns a unique a temporary code to you on arrival at the polling station, much like those "take a number" queues at places. Then another unconnected voting system with printable receipt.

Step 1) You queue, get a "Temporary Voting Id"

Step 2) Enter the booth, enter your "TVID"

Step 3) Vote

Step 4) The Machine prints your Receipt with your vote clearly visible and your TVID as local proof its you and your vote is right.

Step 5) You fold your printed ballot and put it in a box.

Step 6) You fold your ID Receipt and place that into a "Validation Box" as you leave.

Step 7) All machines keep and print a "Tally" used as the count.

Step 8) All ballots and validation id's are saved in boxes and shipped ready for recounts if needed, ID's can be matched to ballots to validate attendance and votes anonymously.

Bonus Step) ALL vote machine should produce a "Vote Audit" when asked that will show a full history of votes (without times and in random order) and the ID's used and ALL id generation machine should produce all vote id's generated (again without times and in random order)

[zelos]

Not that I'd hold the UK up as a good example of democracy, but here there is a unique ID on each ballot paper that is noted down on a list next to your name when you vote. The ID/name list is kept securely, but can be used to find a voter's ballot paper later in the case of a dispute over the result or fraud.

[AimHere]

Receipts are retained by the guys holding the election, not the voters. A physical record of which way a vote was cast would be an excellent way of enabling bribery of voters, and no sane system would allow it. That's also why photographing a ballot paper is usually banned in polling stations.

[kwhitefoot]

Giving a receipt for a vote is illegal in many places because it enables vote buying.

[24gttghh]

Which implies the ability to present your receipt to a third party for compensation of your vote?

[talmand]

Does anybody make the argument that the lack of a receipt prevents vote buying?

[ebalit]

If you can claim to vote in a way when you voted another way, then no one is going to bribe or force you to vote in a given way.

That what the voting booth and envelopes are for. Its not a random thing. Our voting systems are low tech, but it's well designed.

[talmand]

That's simple, if I were to engage in such deceitful practices then I would say payoff requires my candidate winning.

[gm-conspiracy]

Please explain any benefit to electronic voting?

[grzm]

Electronic voting can mean different things as computers can plan different roles in the voting process. For example, just in terms of recording votes, we have

- internet voting

- touch screen voting

- optical scan voting

Computers can also be used in other roles, such as voter verification, vote tabulation, and results transmission, result verification, and auditing.

With only paper ballots, arbitrary vote verification is likely to be a tedious process, if possible at all. Cryptographic methods such as homomorphic tallying can ensure vote secrecy and vote verifiation. This can also provide stronger guarantees of chain of custody integrity by verifying voter receipts or cast paper ballots are included in the final tally. With only paper ballots, trust that a given cast ballot is included in the result relies on trust in those doing the tallying and the chain of custody of the ballots themselves.

One could imply from the phrasing of your question that you have reservations about any benefits electronic voting might have. What's your take?

[gm-conspiracy]

I fail to see how the benefits outweigh the added complexity and lack of trust.

Optical scan is the only above mentioned method that can be verified by laypeople.

Also, although a tedious process, paper voting has worked for quite some time. Centuries?

Chain of custody will always be a problem, whether it be source code to a compile runtime, or paper ballots.

However, the potential for abuse seems less likely for a more manual process.

A voter signs in to vote, so we know how many voters to reconcile to the same number of ballots. If we have more ballots cast than signed in votes, we have a problem.

Additionally, ballots are serialized, though not associated with any particular individual. So we know what ballots were used and unused. If we find multiple ballots with the same serial number, we know there is a problem, too.

Voting should not rely on a blackbox algorithm. The majority of the voting public can count pieces of paper, but can they understand and verify code running on a device?

Who cares if it saves time, particularly at the cost of transparency and trust?

My question to you is, what problem did electronic voting solve (as implemented in the US), that needed solving?

[closeparen]

The process of collecting receipts is identical to the process of collecting paper ballots.

[Houshalter]

I hugely support electronic voting. Electronic voting makes it possible to implement superior voting methods, like condorcet systems. These systems are difficult or impossible to implement by hand, but trivial to do with a computer.

Properly done, a voting machine doesn't need to do anything more than count and tabulate. You press a button, and it adds a new vote to it's table. The vote could be printed out on paper. It could even be done via punch cards first, and then fed into the voting machine (which makes the process more inspectable by humans.)

The voting machine need not know what each candidate even is, what party they are, just assign them numbers. And it doesn't need to receive updates, or have any method of input other than reading punched cards or a voter pressing a button. It certainly doesn't need to be based on windows XP and have usb inputs. It certainly shouldn't send votes over wifi.

[pjc50]

What would you prefer, a Condorcet election which nobody believes is fair or FPTP election where everyone can count the ballots?

I think pushing for "superior voting systems" is really allowing the best to be the enemy of the good here. STV is perfectly doable by hand. AMS is only fractionally more complicated than FPTP. But most US elections (and the UK parliamentary ones, although none of the other kinds of election in the UK) are FPTP.

Let's not allow the desire for better voting systems to be tied to untrustworthy technology.

Edit: the barrier for getting a system adopted has to be "can you explain this to a partisan of the opposing faction with a high school education, and get them to agree that it's fair?"

[Houshalter]

If you read my comment, you see I don't believe these are mutually exclusive at all. There's no reason a voting machine could be made reasonably tamper proof. Or at the very least, air gapped and uncaring of the names of the candidate. It literally only needs to be a tabulating machine for punched cards, or something similar.

I really dislike instant runoff voting and similar systems like STV. They are better than FPTP, but not by much. One big issue is discussed here: https://www.youtube.com/watch?v=7Q7rzqJ0YS8 But my main concern is they might tend to elect more extreme candidates, because they quickly drop candidates that don't have enough first votes, even if they are everyone's second vote.

[pjc50]

Ideal election system > paper count with representatives of the party > actually existing electronic voting.

The problems of actual existing electronic voting are a microcosm of bigger problems. We get insecure, ineffective voting machines because procurement is difficult and tends to be captured by lobbyists.

Condorcet superiority seems not all that important in practice: http://www.fairvote.org/why-the-condorcet-criterion-is-less-... , and if you have suitable multi-member constituencies for STV then you tend to end up with a couple of "extremists" and a large group of moderates in the middle.

Again, let's not let the best be the enemy of the good.

[Houshalter]

The article you linked to goes on and on about the exact issue I mentioned. IRV tends to select for extremist candidates. Condorcet methods tend to punish them. The article tries to defend this, but I see this as a very bad outcome. Extremist candidates can do much more harm than good. Centrist candidates are more rational and tend to be less likely to do crazy things. Condorcet methods ensure the winner will be the best possible compromise, IRV gives very inconsistent behavior but can favor extremists, but can also punish third parties (IRV still suffers from vote splitting in many cases, see video I posted.)

[Houshalter]

@hellbanned user, that's a good idea and seems to solve the problem. The voting machine just producing punch cards for a separate counting machine allows for easy human inspection of votes and auditing. I think such a system would be pretty secure.

Don't throw the baby out with the bath water. Just because current electronic voting is bad, doesn't mean it has to be.

[eli_gottlieb]

Approval voting has nice theoretical properties and is simple as dirt to do by hand.

[Houshalter]

Approval voting is hugely vulnerable to tactile voting. Otherwise it seems OK.

[ClayShentrup]

Ludicrous. Bayesian Regret results for instance show Approval Voting doing quite well even with 100% strategic voting.

http://scorevoting.net/BayRegsFig.html

There is even a theorem that, under plausible models of voter strategy, Approval Voting will tend to elect Condorcet winners (i.e. candidates who beat all rivals by a head-to-head majority).

http://scorevoting.net/AppCW.html

Clay Shentrup Co-founder, The Center for Election Science

[kwhitefoot]

Of course it is doable, it is how most of the world does it.

[ralmeida]

One method of avoiding fraud in electronic voting systems is double-voting. It goes as follows:

- Wait until all electronic ballots are set up in their zones in election day. - Randomly (this can be even done in a public, audited draw) select a few ballots to test. - Remove those ballots from use and replace them with spares. - Now, somebody publicily double votes on the tested ballot: they publicily vote for candaidate X in the ballot, and on paper (although just showing the vote allows any observer to keep count indefinetely). - At the end of the test, print the count from the tested ballot and verify that it is accurate to the publicily counted votes.

What do you think about this?

IMO, while not totally fool-proof, this brings the cost of manipulating electronic elections rather close to paper elections, if the following assumptions hold:

- The draw is fair, so a malicious actor could not program only the selected ballots to be fair; - The chain of custody of the ballot is solid (easy to do if there are party auditors that never lose sight of the ballots), or that the ballot is not moved out of the sight of the public instead; - There's no available method to make the ballot know it's being tested, and change its behavior (like in the VW emissions scandal).

The last point is tougher, although auditable source code, code-signing, and reproduction of as many 'true' conditions as the real election (same duration, same time, same voting frequency, etc, maybe going as far as to randomly select normal voters to participate in the process).

[Klathmon]

My question is why? Why is everyone so eager to replace paper ballots? What problem does electronic voting solve?

Paper votes work, and they work well. Besides the obvious downside of needing to wait for them to be counted, they are safe, open, they don't break down, they can't be hacked, anyone can verify them, and they are 100% anonymous.

At worst, you'd need many people to collude to stuff a single ballot box in a single district, and even that can be thwarted by a single person watching the ballot box all day.

So what's the gain with electronic?

[philipov]

If we presume that the promoters of the idea are intelligent and understand the consequences, then why is it not reasonable to think that the ability to affect elections or otherwise weaken the electoral system is the gain they seek?

[Klathmon]

I feel that misunderstanding and ignorance is more to blame than malice.

Many programmers know about the "beauty" of encryption and secure voting algorithms. They know that open source works, and it's really tempting to try and think up a system that is "perfect" and can't be gamed by anyone.

But this is an instance where messier and less "perfect" is better, because the absolute worst case scenario of being able to actually change the election is so much harder with paper, and anything less than that worst case scenario doesn't change anything (and still has all of the risks and downsides).

[nightcracker]

I personally am eager to replace paper ballots with electronic in a vastly different voting system. But it would have to be a cryptographically sound electronic voting system that runs as open source on the users machines and is publicly verifiable.

The reason I want this is because it allows much more fine-grained voting. My ideal democracy is a direct democracy where every voter can, if he/she chooses, to vote on arbitrary issues, but _delegate_ their vote to someone else by default. As an example: "I politically align with Bernie Sanders, so I want by default my vote to delegate to whatever he's voting for, but for issue X I vote Y."

In an ideal world you could even delegate votes based on "tags", e.g. for Internal Affairs you choose X, and Economy Y, etc. But that seems fairly easy to manipulate by whoever is assigning the tags to issues.

[Freak_NL]

There are a lot of unresolved issues around the notion of direct democracy. Referenda prove this point — e.g., the Brexit referendum and the EU-Ukraine association pact referendum in the Netherlands. In both cases media and pressure groups hijacked the process of forming an objective informed opinion, and in the Dutch case most people didn't even fully grasp what they were voting for — they just voted against out of discontent.

I am sure that there are ways to improve citizen participation in the democratic system, but directly voting on issues is not going to give us the sensible behaviour you might hope for. Representational democracy exists in part to prevent minorities from abuse by any majority — with direct democracy you eliminate that protection.

[nightcracker]

I am aware of the issues of direct democracy, but my hope is that the "defer by default" prevents most of the issues. On top of that there'd have to be education that makes people wary of others that try to convince them to specifically vote for issues that they didn't have a strong opinion on before.

[Houshalter]

Electronic voting makes superior voting systems like condorcet methods possible. Paper ballots are only really best at first past the post, which is by far the worst system of voting.

[Xylakant]

germany has no first past the post election system and elections here work perfectly fine using paper ballots. On a regional level, elections can actually get quite complicated with options to strike candidates and add multiple votes to a candidate.

It's certainly more work to count those votes, but on the other hand, everybody is entitled to go check the vote count and everybody can do so with no technical knowledge needed. Any system that requires the observer to be firm in a given piece of technology is not a superior system since it removes peoples ability to exert their right to check the public vote.

[Houshalter]

I was wrong, you can implement some alternative vote systems with paper ballots (and more work for the vote counters.) I don't like those systems personally, as I mentioned in the above comment. I don't think it would be possible to implement a system I do like, like condorcet voting, without mechanically counting votes.

[kwhitefoot]

Mechanical counting is not the same as electronic voting.

[AimHere]

Nonsense. There are plenty of fairer voting methods that can, and do, use paper ballots. STV, Additional Member systems, Party List systems. These are in use throughout the world for national elections.

[Houshalter]

All of those would require changing the constitution and the structure of congress (basically impossible), and wouldn't work on things like presidential elections to begin with.

I also have other issues with them. Like runoff voting systems drop a moderate candidate that most people would prefer in a 1 on 1 election, but isn't listed as enough people's second vote. Resulting in more extreme, less liked, candidates getting elected. It's better than FPTP, but not by much.

[58]

> they can't be hacked

Not so sure, the paper ballot system may been hacked in 2000 US election. The other criminal activities of the Bush family make it more suspect, IMO.

[rocqua]

If I understand this correctly, you want to randomly force some-one to make their vote public.

This makes voter intimidation real easy. Just say: "if anyone's vote is made public and not for candidate X, I will murder them and their family". That basically turns voting for candidate Y into gambling with the life of your entire family.

[ralmeida]

The votes in the tested ballots are not counted in the election itself. A member of the public can secretly vote for their preferred candidate, and vote for an entirely different candidate in the auditing.

[VLM]

There's a strangely convoluted yet simpler solution where half the ballots are filled in by a poll worker rolling DnD dice and half are filled out by the voter. Voter puts their two ballots into random two piles. Then count and publish a random half the ballots and shred the other half stack. Each voter knows and can prove to anyone that at least one of two known votes was correctly counted but can't prove if the ballot was filled out by voter or poll worker using dice. Assuming the DnD dice the poll worker used are fair, the result of the election will not vary especially in our highly gerrymandered non swing states. You'd need some statistical math to prove if half the votes are purely random and the results are 50.0001 vs 49.999 then you need (or don't need?) to rerun the election. Very few peoples votes matter and in those district they might have to rerun a couple times to get statistically verifiable results.

This helps with ballot stuffing, if 200 voters in the district verified their vote and election monitors counted about 200 people walked thru the door but the corrupt system published half the ballots online and theres 500 of them implying 1000 voters, well, someone faked an extra 800 voters.

The problem is complicated and you can't actually use DnD dice because most disenfrancised voters fill out straight ticket ballots and are therefore not part of the decision making fraction of the population, so someone could pay or punish based on votes exactly half their victims who don't have a ballot that looks like it was made by a purely random dnd dice roller. So you actually have to figure the percentage of people last time around who voted like whatever logical scheme, then make the poll worker fill in ballots that look like a reasonable ballot from last time around. "VLM you get serial number 200 and I as poll worker fill out serial number 201 and looks like your "random" historical voter for 201 is straight ticket R"

Also you can't let the voter pick the ballot he fills out because then Mr bad guy can kill any odd serial numbered voter for Trump because he told his employees or students or whatever they must select and vote the odd one never the even one, so half the random ballots being odd means trouble for half the voters. Face down pick one might be OK.

Note that under this scheme it might be safe to even publish the name of both ballots, just so long as a random half get shredded.

Any individual poll worker with a photographic memory could theoretically sell a list of ballots he filled out vs the voter filled out but its purely he-said-she-said and the poll workers memorization job will be hundreds of times larger than a voters memorization job so I think it incredibly likely the voter will be trusted to lie as best serves him rather than the poll worker be trusted to tell the truth.

How the random half get shredded is likely going to be a sticking point. It has to be visually enforced the entire voting period that each voter puts one ballot in one pile and one in the other and when polls close the observers do a coin flipping cryptographic protocol and immediately shred one random stack. You can't shuffle them all and then shred or whatever. Someone putting both ballots in one pile will screw things up. There are trivial ways to enforce this of course.

A list of all my historical published votes would after decades provide a random signal and a pattern of my own voting. However my own voting makes a random signal for some other dude, and today any goofball who wants to discriminate can pull the district records and know the couple hundred of us who vote here always vote about 80% R so although discrimination would be possible it wouldn't be any easier or more effective than it is today anyway. Go ahead, knowing nothing other than I live in an 80% R district take a guess what I usually vote...

Technically this scheme disenfranchises a completely random half the population. Well, since only half the population votes you only disenfranchised a quarter. Only half the population votes anyway is a good justification for tossing out a random half the actual votes and replacing them with cryptographically strong noise. I suppose to satisfy dumb people who don't understand statistics you could run two elections and tell the dumber people that half their votes got tossed each time so ta da now all your votes got counted once across the two, but thats numerically unethical.

[rocqua]

Another interesting thing I cam across is [ThreeBalot](https://en.wikipedia.org/wiki/ThreeBallot). It has some non-obvious but solvable issues with non-binary votes (essentially like your system).

A weakness I see in both your system and ThreeBalot, is the need to trust in some decision maker to act correctly. You need the poll worker to actually work randomly (and not have awesome memory), ThreeBalot needs a way to confirm ballots are entered correctly.

I think the biggest sticking point with your system is the random aspect. We are essentially introducing noise into the votes. The noise might be negligible, but it impacts people's perception massively. There is also the challenge issue, because you'd need some arbitrary cut-off on the probability of the noise being to large. After all, the chance is technically nonzero that all random votes went the same way, and only the random votes were counted.

[noonespecial]

Any electronic voting system needs one simple feature. While it may be impossible to hand check all of the voting machines, it must be possible to hand check any given voting machine with absolute certainty.

[dpark]

I'm not opposed to electronic voting but our systems seem to be really broken. There are a number of ways to handle this, all of which require strong transparent auditing.

The main reason I want to get sane electronic voting is so we can vote online from home. Given the inability of democrats and republicans to come up with any acceptable method of handling voter ID, though, I'm pretty confident that it won't happen for decades if ever. In the meantime at least my state does vote by mail.

[DamienSF]

Systems aren't broken, they are set-up to enable corruption. The article points to a clear intent of enabling election fraud.

[devopsproject]

We trust computers to:

* Count and record our money

* Operate and monitor medical equipment

* Monitor and control planes, trains, ships, and cars

* etc

To think that we cannot use a computer to record votes is insane.

[closeparen]

Banks, hospitals, airlines, rail systems, and automakers are all on the hook - if their system does the wrong thing, someone will notice the unbalanced books, bodies, or wreckage (other banks, Treasury, NTSB, NHTSA), and the institution will suffer serious harm.

How will you know if an electronic voting system produces a wrong result, except by running a paper voting system in parallel?

Do municipalities choosing voting machine contractors have incentives aligned to promote election integrity? Can they critically evaluate security properties of what they're being sold?

I don't think so.

[devopsproject]

> the institution will suffer serious harm

The republic is experiencing significant harm. If it was not, people would not be talking about it.

> How will you know if an electronic voting system produces a wrong result, except by running a paper voting system in parallel?

Audits? Open Source? Checksums? Hashes? We have many tools to verify the integrity of electronic data (I also never claimed it had to 100% digital)

> Do municipalities choosing voting machine contractors have incentives aligned to promote election integrity? Can they critically evaluate security properties of what they're being sold

If the choice is federally verified company A or federally verified company B, then yes.

[DamienSF]

The article doesn't conclude "computers can't count correctly" but instead it says "voting machines are set-up to enable election fraud".

[talmand]

>> Count and record our money

I think recent history has shown this hasn't worked out quite that well in many cases, and that in other cases was easily manipulated for purposes of fraud. There are entire sections of various law enforcement agencies that focus on this very topic.

>> Operate and monitor medical equipment

What would be the benefit of manipulating this?

>> Monitor and control planes, trains, ships, and cars

What would be the benefit of manipulating this?

I would second guess anything that uses a computer to keep a record of something that someone would have a direct benefit if manipulated. It's not a matter of whether it works or not, it's a matter of how easy is it to manipulate for a particular goal.

[devopsproject]

> What would be the benefit of manipulating this?

Killing people. Imagine a StuxNet type attack that targets medical equipment or an attack that can drop planes from the sky (https://www.wired.com/2015/05/feds-say-banned-researcher-com...)

> I would second guess anything that uses a computer to keep a record of something that someone would have a direct benefit if manipulated

Then you better move to the woods. Basic economic principals (scarcity) mean that every resource has value to an interested party.

[talmand]

>> Killing people.

I can only see the benefit of a targeted assassination for a very specific subset of a subset of a subset of people, not large scale killing of people. Warfare maybe? For fun? Not as obvious as fraud for monetary gain, there is a scale issue to consider.

I worry more over bugs that kill people on the operating table or in the air as opposed to someone manipulating the equipment for some unknown benefit.

>> Then you better move to the woods.

I think you're exaggerating just a bit.

[devopsproject]

> Warfare maybe? For fun? Not as obvious as fraud for monetary gain

Wars are extremely profitable for some.

> I think you're exaggerating just a bit.

I think you are being myopic. We trust computers with thousands of important tasks. If we can't trust them for voting, we really have to reconsider their usefulness.

[talmand]

>> Wars are extremely profitable for some.

That is an excellent point.

But, reading back over the posts I see that I introduced the concept of warfare even though the original points I questioned did not. So, back to my first questions; who benefits from manipulating medical and aircraft equipment on a large enough scale to be compared to potential financial fraud?

Wait, targeted assassination that starts a war... That's been done before, but unlikely.

>> If we can't trust them for voting, we really have to reconsider their usefulness.

It's not that I don't trust the computers, it's that I don't trust people.

[int_19h]

> with polling locations distributed to balance load

Better yet, do mail-in voting. It works fine for several states already, and all of them see strong correlation with voter participation, unsurprisingly. It's also cheaper. And keep a few basic polling locations around as a fallback for those unable or unwilling to deal with mail.

[toomanybeersies]

Mail in voting can disenfranchise those without a permanent address though, which is an issue to be considered.

And then there's the cases of voting papers being dumped rather than delivered to constituents. And the possibility of tampering with the votes in the mailing system. It wouldn't be hard for malicious actors to toss out papers in majority Republican or Democrat areas to attempt to sway the election.

And having "a few" polling stations would mean that they are further apart and less accessible for people, especially poorer people who don't have the same means and time for transport.

[VLM]

"all of them see strong correlation with voter participation"

Yeah I bet. Your boss will trade your mail in ballot for your paycheck this week. Turn it in with your calculus exam for 5 bonus points. Don't forget to take your ballot to Bible study group this Sunday, we're going to fill them out together to make sure we do it correctly. If you're in a nursing home just hand it to your favorite nurse, after all she's in charge of your medication so you have motivation to keep her happy. Your postman will simply toss it out if he doesn't like your vote but he does have a bid out for $5 if you'd like to sell, because one of the local parties is buying from him for $10 per ballot. On the other hand the gas station clerk down the street is offering $9 because his margins are lower and he paid off the cops like he paid off the health inspector and he's easier to get in touch with.

I suppose if all the dollars are concentrating in ever fewer hands, we need some kind of paper currency, and if they'd allow early voting up to perhaps 3 years and 364 days before the next election... Its possibly the only way we'll ever see the government getting a form of currency into the general public's hands to boost economic activity rather than just bailing out the bankers as usual.

Mail in is fairly banana republic tier. Its kinda like drug legalization, yeah that stuff isn't good for you, but at least if its above board and semi legalized then at least we can observe and track it, kinda, rather than underground and out of control. Actually its more like a red light district, the only way to make it worse would be to drive it underground. At least looking at vote totals we can tell how corrupt an election is based on level of mail in voting rather than knowing its bad but not how bad in total.

[int_19h]

Your boss doesn't need to ask you to trade in your ballot for that. They just need to tell you to take a photo of your filled ballot, inside the booth, before you go and stuff it into the box. Which is exactly what they do in countries where it's a problem.

At the same time, I'm not aware of literally a single complaint about this kind of thing in US states that practice mail-in voting...

And drug legalization is "banana republic tier", really? No. It's a recognition that "this stuff isn't good for you" is not a sound basis for passing laws, for one thing - and for another, it turned out that a lot of "isn't good" was just plain out lies and misdirection.

I mean, seriously, are you saying that WA and OR are banana republics?

[alistairSH]

How do those states that use mail-in ballots deal with the delay that introduces? Must the ballots be post-marked in advance of the election to count? Or, do they defer calling elections until days after the election?

[int_19h]

It varies. In Oregon, any ballot that is received by the post office by the cut-off date (8pm election day) is counted. In Washington, it's as you've described - any ballot postmarked by election day are counted, so it takes a few days to fully count everything.

[drewrv]

I think an electronic system that prints a paper receipt which gets stored separately would provide the best of both worlds.

[dpark]

I think that helps, but only if there's a system in place to audit at least some percentage of the votes. When I voted in Mississippi, the voting machine wrote my results onto a roll of receipt paper. I have little confidence that anyone ever audited that paper.

[ralmeida]

As a sibling comment mentioned, the mere potential for auditing increases the cost for a malicious actor to perform manipulations, since the chance of getting caught is higher, and the penalty for getting caught is potentially disastrous.

[grzm]

While it may not have been audited, it at least has the potential to be audited, say, if there are questions regarding the validity of the outcome. That said, it would boost confidence if there some verification/auditing going on.

[DamienSF]

If you can't verify that the printed results have been counted correctly, it does not bring more guarantee. At least, the paper ballots should be kept and audited which is not the case in many States.

[24gttghh]

So instead of preparing paper ballots starting a month in advance, we try to print paper receipts for the millions of people who vote all on one night?

[Anderkent]

Well, the question is whether the increased safety (assuming your neighbour doesn't share your voting preference - I don't know if vote counting is usually done by two people from different parties, or something) is worth the increased cost. It seems unlikely to me.

[nxc18]

It might be possible for aligned individuals to conspire, but it's unlikely.

When the community is sufficiently engaged, either you have differing political views and thus don't have to worry about conspiracy, or everyone has the same opinion and the conspiracy would just reinforce the true outcome.

Regardless, the possibility of that conspiracy is another great way to encourage participation. Republicans and Democrats both have an interest in the other side not tampering - combined that turns into a pretty strong interest in removing tampering altogether.

[tedmiston]

And yet we trust software to do things like run our credit card transactions and withdraw money from our bank accounts.

The resistance [from several in the industry not just your comment] to making voting happen via software really concerns me.

[nothrabannosir]

That's significantly less important than voting. And the incentives are properly aligned: the bank is responsible for making its systems secure, and if they lose your money they have to refund it. Voting? Not so much. Lost ballots? "Woops :) sorry."

If the voting machine vendor executives faced actual personal serious jail time for botched counts, I might be more inclined to trust it. Then again, I bet you a tenner they'd suddenly have a lot more fail safes in place.

Aligned incentives is absolutely, 100% required for anything to work in our society. It's what we're built on. Otherwise you will always be swimming upstream.

[csallen]

> Aligned incentives is absolutely, 100% required for anything to work in our society. It's what we're built on.

I wish more people understood this simple fact of human psychology. It's astonishing how often people will support some system that incentivizes bad behavior, and then act surprised when people behave badly.

What's more, when faced with this situation, these same people will resort to shaming the bad actors rather than fixing the broken system.

[Ntrails]

Aligning incentives properly is hard. I think a good example is about how to best incentivise General Practice medical care centres (UK NHS system). Patients seen? Patients in catchment area? Mortality/Morbidity rates? Patient outcomes (how you measure these is a rabbit hole of perverse incentives)...

Each and every idea has a logical optimum strategy for the trust to maximise income, and all of them aren't quite what you're trying to achieve. So you really want to blend some of these (and others) together in just the right mix, but without creating hundreds of hours of admin just to support the metrics.

[colejohnson66]

> If the voting machine vendor executives faced actual personal serious jail time for botched counts, I might be more inclined to trust it.

Even with a threat like that, they'd probably still walk free by just using the DMCA to silence the security researcher

[Animats]

Which Diebold tried. They lost.[1]

[1] https://en.wikipedia.org/wiki/Online_Policy_Group_v._Diebold....

[audeyisaacs]

Banking systems are publicly verifiable. If your balance suddenly changes, you're going to know about it.

With electronic voting, any method of verifying your vote is incompatible with the principle of a secret ballot.

(edit: additionally, with paper ballots and adversarial scrutineers, every vote will certainly be counted properly as the people who stand to benefit(the politicians) can raise an issue if a ballot is being counted the wrong way. It's much less likely that every individual would verify their own vote).

The resistance for voting via software may really concern you, but the push for it really really concerns me...

[dpark]

Part of the problem is that the incentives are skewed. Visa has incentives to have a strong auditing trail and to perform constant audits because they bear part of the cost for fraud. Merchants are also heavily incented to carefully manage credit card data, because they are responsible for bearing much of the cost of fraud.

What are the incentives for voting machine manufacturers to do a good job? Engineering a trustworthy system is tough, and it's expensive. If the machines cost twice as much, no one will buy them and it won't matter if they're more secure. And the market itself is unhealthy. If you spend 10 million on voting machines, you won't replace them the next year even if a bunch of security issues surface. You'll "demand" the company fix them, they'll issue some half assed patch, and you'll go on using the junk you bought.

[colanderman]

That's not the same at all. Credit card transactions are auditable; just compare with the receipt. The same is not true of electronic voting machines with no paper trail.

[colejohnson66]

What if the voting machines printed out a paper copy listing who you voted for that you could compare with a copy online listing who you voted for? It doesn't solve the problem of hacking electronic voting; that can only be solved by using paper votes. Sadly, until there's a mass voter fraud scandal, the majority of the public won't know or care about how vulnerable electronic voting is.

[Animats]

The machines San Mateo County uses do that. After you've made all of your selections, your votes are printed on a paper roll which appear behind a window, with a big bar code at the bottom. If you approve, the paper is wound out of view so the next voter can't see it. You can reject the printed version and go back, in which case the paper is marked with CANCELLED or something similar.

At the bottom of each voter's paper roll entry is a big bar code. This allows quick recounts by running the paper roll through a machine that reads the bar codes. A full manual check is also possible, but slow. The system goes through miles of thermal paper for each election, but works OK.

[belovedeagle]

Voters should not be able to prove whom they voted for; enabling them to do so opens up the door to several kinds of fraud (vote buying, coercion, etc.).

[bajsejohannes]

There are some pretty neat solutions to this. One of them involves a double layer ballot+receipt. When viewed on top of each other, they spell out the vote, but alone the receipt will just give you enough information to see if your vote is counted or not:

https://people.csail.mit.edu/rivest/voting/papers/Chaum-Secr...

Not sure it beats paper ballots and hand counting in terms of practicality, though :)

[VLM]

Another scheme is giving away fake receipts in addition to or instead of "I voted" stickers.

OK VLM your boss needs a Trump receipt, your communist college professor needs a Clinton receipt, you need another Clinton receipt for facebook and github or they will delete your accounts, that'll be one R, three D, would you like any complimentary green party receipts? OK here's all your receipts thanks for voting see ya in 4 years!

Heck hand them out with the bake sale goods. Have a free set of pre-printed fake receipts for ALL the candidates with some delicious chocolate chip cookies that fund this schools PTA. "Could I interest you in this cageless chicken egg gluten free organic soy oil brownie with a complimentary fake green party receipt?"

[dpc59]

People steal identities to withdraw money from bank accounts and credit cards every day though, the consequences of fraud really aren't the same. It's easy to go back and fix the numbers in a bank account, and it's also pretty easy to notice there are transactions you didn't make and money is missing from your bank account, it's much harder to notice fraud when it just results in extra votes.

[colejohnson66]

If a national ID (like your SSN) were implemented correctly with multiple verification steps, identity theft wouldn't be a problem. I know that's a fantasy that will never happen, but identity theft shouldn't have to be something people have to worry about. I shouldn't have to think about identity theft protection. Heck, it shouldn't even be a thing. If someone steals my identity, all they did was convince a clerk they were me. That's the business' fault, not mine.

[paulsutter]

We can see the transaction history and balance in financial accounts, and when there's a mistake we can and do get it corrected.

Don't forget that Wells Fargo was able to open millions of accounts without consumer authorization. So maybe financial accounts are less secure than you think.

I'm also surprised by blanket assertions that electronic voting is inherently bad. But I'm equally surprised by assertions that electronic voting is inherently good.

[vilhelm_s]

Bank accounts are verifiable: you can look at the list of withdrawals and check if there are any unexpected transaction, and whether the computed account balance corresponds to the sum of transactions. The concern with electronic voting machines is how to provide a way to check their work.

[NikolaeVarius]

Those systems are made by massive companies with a hugely vested interest in NOT screwing up because screwing up would massively screw up their revenue.

Voting systems do not have that.

[tomohawk]

In credit card transactions a certain percentage of theft is expected and accounted for. It's built in to the price of using credit cards and buying goods.

There's no way voting for candidates can account for vote theft in the same way.

[DamienSF]

The resistance isn't about the use of electronic systems for our elections but about the poor reliability and lack of transparency of the current systems. The vote count should be reliable and transparent. Is it to much to ask?

[dstroot]

This is why we need a national electronic system using open source code. Each citizen of the republic should be assigned a citizen identification number and a second factor (password or fingerprint). We all go to a web site to vote. Voting opens for seven days, and closes at midnight PST the final day. Results are announced immediately afterword. It's time for the electoral college to be retired.

[Klathmon]

I completely disagree.

Anyone can count along with a ballot box. Anyone can stand there all day and watch the box to ensure there is no tampering, they can count, recount, and recount again. Anyone can do this. Plumbers, programmers, doctors, the unemployed, the elderly, and even the illiterate. It can be counted by one person, or 100.

But when things go electronic, the number of people that can even understand it is cut down to programmers. And the number of those that could accurately vet the security of a program is even smaller. And even a perfect electronic system needs loopholes (you can't just disenfranchise voters because they forgot their password or don't have a computer), which means the ability of fraud is still there.

Paper works, and takes a LOT of resources to sway even one precinct (even just the fact that it requires purchase of physical materials ups the amount of cover up required), let alone a county, state, or the federal levels. And because of the number of people involved, if someone did try the chances they would be found out is pretty damn high.

[Animats]

The original claim for electronic voting was that it provided better support for handicapped/blind people.

[pjc50]

Voting on home PCs is just handing the election to the candidate with the best phishing team supported by Russian hackers.