[d0lph]

> (1) The software is not doing anything nefarious

Open source

> (2) The software toolchain is not modifying the software in (1) to cause it to do something nefarious

Use open source toolchains and hash the result.

> (3) The software loaded onto the machines is actually the software verified in (1) and compiled by the verified toolchain in (2)

Maybe some kind of cryptographic puzzle, question/response, you need to make a hash with the program, and make the HDD not large enough to contain more than that. Or maybe read only storage. Even a combination.

> (4) The machine doesn't have any kind of hardware/firmware-based defeat device to trick you into falsely confirming (3)

Your voting results are confirmable on the blockchain, but not specific, you can check that your vote hasn't been changed, but not the vote itself.

[henrikschroder]

For people to have trust in their vote being counted, the voting machine needs to be understandable by everyone, not just software engineers specializing in cryptography.

A counting room full of people counting paper ballots is a machine, and it's a transparent machine where everyone inside it and outside of it can understand how it works, and trust that it's working properly.

But the biggest argument against electronic voting is that you're not solving any problems, you're just adding problems and decreasing the trust in the elections massively. And for what? To get election results a few hours faster? That's ridiculous.

[d0lph]

If the only question left is whether or no it's easy enough, I think we're good and can find a solution for that problem too.

> A counting room full of people counting paper ballots is a machine, and it's a transparent machine where everyone inside it and outside of it can understand how it works, and trust that it's working properly.

I agree with this 100%

Electronic voting must be cryptographically secure, and increase trust and security. I think this should be the first rule.

[henrikschroder]

> must be cryptographically secure, and increase trust and security.

Those two goals are mutually exclusive.

Everyone understands how a room full of people counting paper ballots works, without having to explain it. Everyone understands that the process is transparent, and that by having people of different political persuasions working together, you ensure that the result is fair.

There is also immense value in having the voting "machine" being made up of actual humans, so that everyone in society can take part if they want to, and feel like they're doing their part to defend democracy.

And none of that can be replicated in software. You and I might be able to understand and trust the software, but everyone? Not gonna happen.

[d0lph]

I personally don't understand how hashes work, I know _what_ they do, but not really how, just that they are not mathematically reversible. I should probably learn how exactly it works, since they extremely common.

I think most people know their passwords are encrypted, but they don't know about hashes at all, they just assume the domain experts have figured it out.

Security in e-voting would probably look similar. You would know there are smart people somewhere who understand the complexity, and ideally you would have ample opportunity to learn.

[beat]

If you want to know what the general public thinks of "smart people" doing stuff they don't understand, just look at the reaction to scientific consensus on global warming.

I find it hard to imagine a plausible scenario where a complex, blockchain-driven election model is met with trust and comfort by a broad cross section of voters. It practically begs for anti-science paranoia.

[roywiggins]

I trust hashes and I wouldn't trust a vote carried out On The Blockchain either. How many billion dollar Ethereum contracts have had bugs again? How many people have had their money stolen because their endpoints were pwned, thereby avoiding the entire crypto stuff and just keylogging?

[d0lph]

The public already has placed trust in bitcoin, which has a fair bit of complexity.

And there are people that don't have a lot of trust in our current voting methods. Can't stop conspiracy theorists really. I think with global warming there is a degree of uncertainty due to the varying environmental factors. This will be something where you can pretty simply explain what's going on, or at least say this part is encrypted with X algorithm and people are happy. The public is willing to trust encryption, specifically there have been cases where the government's efforts were thwarted by strong encryption.

[beat]

The blockchain voting idea, among its numerous flaws, is philosophically grounded in hyperindividualism. I care about the integrity of my ballot, and mine alone.

But elections are not about my vote. They're about everyone's vote. I care about not just the integrity of my own ballot, but the integrity of every other voter's ballot as well. And, given a system where most people will never do a complex blockchain verification of their ballot, or have a mechanism to be certain that no additional machine-generated ballots were added to the results... blockchain isn't solving the actual problem.

Don't be in love with technology when looking for actual solutions to actual problems.

[d0lph]

> people will never do a complex blockchain verification

People don't verify their vote now, so this is unimportant.

> have a mechanism to be certain that no additional machine-generated ballots were added to the results

This should only require a hand full of people to check.

[scj]

Theoretically correct and practically correct are two different things... Kind of like cryptography. Is it reasonable to expect best practices to happen? Especially when observable things like Gerrymandering are so blatantly done?

Consider the apocryphal story: "NASA spent millions of dollars developing an 'astronaut pen' that would work in outer space, while the Soviets solved the same problem by simply using pencils."

Why go for the complicated solution when the simple one works?