[extra88]

Voter coercion is something to be concerned about but the scenario you describe won't keep me up at night. The number one problem is it's hard to scale up to a level that would actually sway an election. It only takes one hero to call the police while they're at the polling station or after their family is released and the sequence is broken. There's no need for the victim to actually submit the pre-filled ballot, they can throw it out or do something to it to make it invalid then come back with the blank one. The ballots where I vote are on a heavier stock paper that are not trivial to conceal bringing in and taking out; most could do it but one victim slips up and the scheme could fail.

Where I vote, my paper ballot in no way identifies me. I identify myself upon entering the polling station, they find my name on the list of registered voters and mark it. When I'm turning in my completed ballot, I again identify myself and my name is marked on a separate list. So there's a record that I voted but not for whom I voted. How would an electronic voting machine improve upon this?

BTW, where I vote, the paper ballots are the bubble scan kind and the voter feeds it to the machine themselves. This provides very fast tabulations with a paper record for security and recounts.

[Zombieball]

> How would an electronic voting machine improve upon this?

I am just theorizing here: Someone now takes the box of paper votes and runs it through the scanner machine. And passes this number along to someone. What is stopping them from tampering at this step? I think this is precisely what my co-worker was describing. There is an inherent trust that your paper ballot is scanned and recorded in a fashion that matches your vote.

An electronic voting machine could potentially communicate votes in real time over a secure connection. Or in the case of Brazil's machines, I believe stores it locally, encrypted, with a verifiable cryptographic signature of some sort.

I'm sure we all know the multitude of other attack vectors this introduces. I guess I am just not convinced that paper makes things more secure.

[rbanffy]

I worked on the 2002 model. It stored the signed voting data on a removable CF card which was under a tamper proof seal. After installation the machines were kept physically secure and, during the election they are never under the supervision of a single person. After the election the machines are returned to local elections authorities (if they are too late, they are invalidated) where the memory card is read and totalized.

We designed a vote printer that would allow the voter to see a paper copy before storing it, but it was never used.

[grzm]

There are many steps along the chain that have to be secured in both electronic voting (which has a variety of meanings) and paper ballots. Paper ballots enable audibility, which is a separate issue that's also important for voting.

Given the number of comments you've made on this thread, it seems this is an area of interest to you. I encourage you to look though the previous HN discussions on this topic. Here's a list of some of those from the past month or so:

https://news.ycombinator.com/item?id=13032743

[Zombieball]

Thanks!

[jacobush]

Depends, different places have different problems. Consider: it only takes one hero to call the police, get beaten to a pulp by the responding LEO, for the chain to continue. Depends who is friends with who and how "civilized" the corruption is.

[dmichulke]

While I fully agree with your take:

Doesn't scale is a concept that only developers and entrepreneurs understand. Sadly, that makes it an invalid argument for the other 98% of the population.