[cmiles74]

The vote processing chain is lengthy, it is inevitable that a computer system will be inserted somewhere in that chain. Right now the push is to have these systems right at the front, facing the voter, but that isn't the only time the votes are processed electronically.

In my district we vote by coloring in little circles with a #2 pencil, we then feed that directly into an electronic machine that tallies the results for my district. While the paper I handled is stored in the machine, I am sure that the results are transmitted to the next link in the chain through some computer system.

With so many links in the chain, it's my opinion that it's unreasonable to expect them all to be processed by people. It won't scale and I'm not convinced that it's that much safer anyway. It would be my preference that the pieces of the system that perform this processing are backed with open source software.

At the very least, if there is a case where tampering is suspected, officials of the court can compare the software on the machine with the software in the repository. This would prove in a clear and straightforward manner that tampering has occurred.

As painful as it is, I think we all need to trust the state, to some degree, to do the jobs that are the responsibility of the state. Once the votes have been tallied for a district, isn't it possible to tamper with them as they are transmitted up the chain to the next link in the processing? Or when regions of the state send their votes up to whatever the next link might be? I think that is possible, the best we can hope for is to push for as much transparency as possible and hope that, if it comes to it, we have enough data to detect such tampering.

[TeMPOraL]

> With so many links in the chain, it's my opinion that it's unreasonable to expect them all to be processed by people. It won't scale and I'm not convinced that it's that much safer anyway.

I think the main argument for physical voting is that it's much safer precisely because it doesn't scale well - and so attacks against it don't scale well either. The manpower requirements buy you security.

> As painful as it is, I think we all need to trust the state, to some degree, to do the jobs that are the responsibility of the state.

I agree, but I think it does not apply to elections - simply because it's the one place where both the ruling party and competing groups have very strong incentives to mess with the process.

> Once the votes have been tallied for a district, isn't it possible to tamper with them as they are transmitted up the chain to the next link in the processing?

Yes, but again, the argument goes, the less scalable and more manpower-intensive the whole process is, the more difficult is to hack it.

> I think that is possible, the best we can hope for is to push for as much transparency as possible and hope that, if it comes to it, we have enough data to detect such tampering.

I agree with the call for transparency, but I also agree with the people who point out that inserting electronic systems destroys that transparency (too easy to hack, too complex for general population to inspect).

[wiz21c]

>>> I also agree with the people who point out that inserting electronic systems destroys that transparency (too easy to hack, too complex for general population to inspect).

Spot on. Democratic process means "owned by people". So the voting system must be able to be run in the hands of the people. Hence the necessity to have it in the form of a simple technology such as pen/paper.

Moreover, having the votes counted in some hours instead of a night doesn't make a big difference, considering the time that is needed for example, to form a government once the vote is closed.

I love computers, but it's not the right tool for this job. It's not much different than free software : the problem here is political rather than technical.

[toyg]

> having the votes counted in some hours instead of a night doesn't make a big difference, considering the time that is needed for example, to form a government

Yeah, in the US it takes 2 months to get the new President actually in the White House, no matter how quick votes are counted. They can easily spare a day or two to count everything three times over, the country will not go to the dogs in the meanwhile.

Ironically, timings are much more imperative in Europe, where electronic voting is less popular. Maybe because multi-party governments often require weeks of haggling, so a few extra hours counting votes are not particularly important.

[roywiggins]

And we didn't know the result of the 2000 election until December (when Bush v Gore was decided) so the country isn't going to descend into anarchy if counting takes an orderly couple of days.

[deelowe]

Your entire premise is based on there being a long complicated chain, which I think is a bit of a red herring. Voting happens in districts. The totals for those districts are already posted publicly. There's no need to validate the entire chain when the lowest level is already open and free to be audited by anyone. Additionally, for the districts I'm familiar with, polls are staffed by volunteers and anyone is free to stand around and watch the whole process.

A paper ballot system where local volunteers from the district count the votes at the polls in a manner that can be observed would absolutely work for the US. It would be pretty easy to just write down what the volunteers counted and then check later whether that matched up with the nationally posted numbers. No long chain to decipher, no obscure software to worry about. And, as a bonus, there are places where this is already done this way, so really nothing needs to change policy wise (other than eliminating the other methods).

[bluGill]

Electronics isn't a problem. The problem is electronics that you cannot personally verify. Every step can be electronic and things be just fine. However if someone decides to cast doubt on any point in the chain it needs to be possible to verify that link actually was done correctly.

With your system I can cast doubt on the entire chain, and there is no problem because you can remove all doubt by taking those paper ballots and counting them all by hand. With several hundred million ballots to count it is obviously expensive (in man-hours), but you can see how to verify that counts. Note that the above verification is something your average idiot with no knowledge of computers can understand and trust.

There exist systems that are all electronic: the voter pushes a button (on a touch screen) and from there on we only have the count. As a programmer I can think of many ways I can make the voting system change a few votes and there is no way to know that the machine's count is wrong.

Part of what make this hard is anonymous votes are important. There are cases in history where someone was forced (with a gun) to vote for someone they probably wouldn't have voted for otherwise. We have solved this problem by having watchers at the polls (from all sides) ensure that nothing funny happens at the polls, and once you leave the booth nobody has any way to know who you voted for.

The above is why I think absentee voting needs to be restricted to those who physically cannot get to the polls on voting day (I'm fine with a voting week or month)

[JumpCrisscross]

> While the paper I handled is stored in the machine, I am sure that the results are transmitted to the next link in the chain through some computer system

I've worked with the New York City Board of Elections [1]. We have what I consider to be best in class: electronically-scanned paper ballots.

When a voter walks in, their name is checked against the rolls and the stub number on the blank ballot they're given is recorded. The voter marks the ballot in confidence and then inserts it, themselves, into an optical scanner. The scanner increments a "public count" by one and drops the ballot into a locked box.

At the end of the day, the public count is compared to the count at the beginning of the day. (These counts are publicly recorded for each machine and do not increment down over the life of the machine.) The aggregate votes to each candidate are then printed to a tape and posted publicly.

The machine also uploads these data to a USB drive, which is taken to a computer at the poll site for electronic transmission to the Board. Before transmission, anyone may compare those numbers to the tape or pubic count. (The scanner workers have to certify the electronic transmission before it's sent.) The NYPD then collects the machines, paper ballots and tapes.

Throughout the day, anyone may see the public count at each scanner. At the end of the day, anyone may review the publicly-posted tapes. Stub numbers for the paper ballots issued and public counts recorded are reconciled, with multiple poll workers certifying the reconciliation.

It's a messy system, but it's robust. The public count means you'd have to compromise everybody at a poll site to add or destroy ballots. (Or, you'd have to predict who won't vote and manually commit fraud.) To tamper with the votes, you'd have to compromise machines before they print their tapes. You'd then have to hope the Board's random audits don't attempt to reconcile the paper ballots with the compromised tapes.

[1] http://www.vote.nyc.ny.us/html/home/home.shtml

[zAy0LfpBZLC8mAC]

> While the paper I handled is stored in the machine, I am sure that the results are transmitted to the next link in the chain through some computer system.

How can you be sure about that?

> With so many links in the chain, it's my opinion that it's unreasonable to expect them all to be processed by people. It won't scale and I'm not convinced that it's that much safer anyway.

The point is that if you are not convinced, you can go and observe the process. The point is to remove as much trust as possible. The point is not to just have some human in the loop, but to make sure that people who distrust each other can personally make sure that the correct procedure is being followed.

> It would be my preference that the pieces of the system that perform this processing are backed with open source software.

The problem is that you have no way to verify that what is actually processing your vote is the open source software that you hope it is.

See also Ken Thompson's classic "reflections on trusting trust":

https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thomp...

> At the very least, if there is a case where tampering is suspected, officials of the court can compare the software on the machine with the software in the repository.

No, they can't. The only way to check what software is running on the computer is to use software that is running on the computer, which is thus also suspect. That is, short of decapping each and every chip in the one computer that you are trying to check and extracting all the circuitry and all storage bits in it.

> As painful as it is, I think we all need to trust the state, to some degree, to do the jobs that are the responsibility of the state.

But ensuring trustworthiness of elections is not one of those. Elections are the anchor that all the other trust that we put into democratically elected governments is anchored at, it's the one lever that we have to remove governments that turn out to not be trustworthy. You cannot trust the government to remove itself in case you want to have it replaced.

> Once the votes have been tallied for a district, isn't it possible to tamper with them as they are transmitted up the chain to the next link in the processing?

If the election is run properly: No.

Represenatives from each party will be observing the election process at every polling station, and the general public can usually also observe if they wish to, from opening until the votes are counted. Also, election results should generally be published broken down by polling station, so each of the observers can check that what they observed at their polling station actually matched what went into the total.

There is absolutely no place for trust in elections.