[caseysoftware]

I'd love to hear the steelman - what's the argument in favor of using a proprietary electronic system?

There have been legit complaints about closed sourced voting systems for ~20 years and DEFCON has done a "Voting Village" for ~10 years demonstrating numerous issues, some of which were not addressed by the next elections. Transparency doesn't appear better either.

Is it speed to tally? Cost? Easier to screw with results?

[rayiner]

It’s cheaper in the short term because these are COTS products. But that’s not a good reason. Voting security should be “zero trust.” We should count votes the same way the Taiwanese, without reliance on technology: https://youtu.be/DUZa7qIGAdo. Voting should be

[jfengel]

You must have missed the 2000 election. We hung for weeks on the vagueness of paper ballots. Both sides filed motion after motion to exclude some batch of ballots or other. There was a huge number of extremely unlikely votes in a place with a badly designed paper ballot.

The system right now is a security nightmare, a bad implementation of a bad idea. But anybody who lived through 2000 remembers that as even worse.

[wahern]

Florida was using a punch-card system, thus the infamous hanging chads. Fill-in-the-bubble scantron systems are much faster and less error prone; not as fast as purely electronic voting, but you get a reliable paper trail that is more transparent and much easier to audit.

[tzs]

> Fill-in-the-bubble scantron systems are much faster and less error prone; not as fast as purely electronic voting, but you get a reliable paper trail that is more transparent and much easier to audit.

An even bigger advantage of scantrol systems is with two simple changes to how ballots are produced and marked you can greatly increase the security and audibility of them.

The two simple changes are:

1. When the ballots are printed you print some alphanumeric codes on them in an invisible ink, and

2. The voter fills in the bubble using a special marker provided at the polling place that turns the invisible code visible.

The scanning machines themselves do not require any modification. Voters vote the same was as before, and can ignore the code that becomes visible in the bubbles they fill in if they way.

By combining the clever chemistry used for the invisible ink and marker with some clever cryptography in how those codes are generated you can overlay and end-to-end auditable voting system on the scantron system. And end-to-end auditable voting system (also called and end-to-end voter verifiable system) has these properties:

• Individuals can verify that their ballot was included in the final count and they vote was attributed correctly.

• Any third party can verify that the ballots were counted correctly. The candidates, the parties, news organization, civil rights groups, and anyone else can check.

• Voters cannot prove to third parties who they voted for. This is called coercion-resistance.

Such a system was developed by several cryptographers, including David Chaum and Ron Rivest. It is called Scantegrity II [1] and has been used successfully in a few elections.

Here are links to a paper by its creators explaining it, in HTML [2] and PDF [3]. Here's a paper [4] showing that it is coercion-resistant.

With this system after the voting is done the election officials can publish all the codes that were revealed. A voter who wants to know if their vote was counted can check that list to see if the code that was revealed to them for that candidate is in the list.

The election officials can also publish some more information that along with the code list allows anybody to verify that the totals for each candidate were right without this revealing the mapping from codes to candidates.

With this we get all the pluses of paper system including hand recounts, plus fast machine counting that can be done with a simple single purpose machine that has no software that could be hacked, yet with the kind of end-to-end auditing that the electronic voting systems promise.

And it inexpensive to implement and operate. Around half of the districts in the US already are using the scantron machines.

[1] https://en.wikipedia.org/wiki/Scantegrity

[2] https://www.usenix.org/legacy/event/evt08/tech/full_papers/c...

[3] https://www.usenix.org/legacy/event/evt08/tech/full_papers/c...

[4] https://eprint.iacr.org/2010/502.pdf

[caseysoftware]

I paid close attention.. and agreed that that particular approach was broken.

My question was: what's the argument in favor of using a proprietary electronic system?

[jfengel]

I think just the fact that it was the first thing on offer that wasn't the thing they were already using.

There are better alternatives, and if legislatures were designed to come up with optimal solutions, we'd probably have use one of them. Instead we have inertia, because the Sainted Holy Founders thought inertia was good for a country, so they optimized legislative branches to be useless.

[xethos]

This is entirely unrelated to your point, but as you brought up the sanctity some Americans hold their founding fathers to:

How do some assume the American founding fathers thought ahead, and had it all planned out, with good solutions (instead of merely solutions),

...while also being aware of the Flynn effect?

[mcculley]

As a Floridian, I apologize for the 2000 election. But we have a much better system now. We have paper ballots that are scanned. We have an auditable fallback for untrustworthy machines. There is no reason other states cannot have the same.

[js2]

> both sides

https://en.wikipedia.org/wiki/Brooks_Brothers_riot

Gore probably won that election. I can't help but wonder about an alternate history where he became president and there was no 9/11 due to smoother handoff between administrations.

[TimorousBestie]

> there was no 9/11 due to smoother handoff between administrations.

It’s an interesting counterfactual but I don’t see the mechanism. The hijackers were mostly in country by inauguration day. While it’s true that they weren’t really operating covertly prior to the attack, I don’t envision a Gore administration that could within months ratchet up FBI/CIA natsec awareness to a level that would change the outcome.

[rayiner]

WaPo did a recount many years later and found that Bush would have won with further counting. (EDIT: It was a CNN meta-analysis, not WaPo: https://www.cnn.com/2015/10/31/politics/bush-gore-2000-elect...)

Gore attempted stochastic cheating in that election. There were a large number of uncountable votes because of incompletely punched out cards. That wasn’t a problem because, statistically, the errors would be randomly distributed between the candidates. But Gore requested hand recounts in only a few counties he had clearly won. The mathematical effect of that was to bias the recount in favor of finding more Gore votes. For example, if the county had gone 60% Gore, then for every 10 votes countable by hand that couldn’t be counted by machine, 6 would be Gore votes. Stochastic cheating.

There were also lots of shenanigans where precincts were adding partial recount numbers (where some precincts had finished counting and some had not) to the totals. There is a reason that the Supreme Court ruled 7-2 that Gore’s recount plan was unconstitutional. (The 5-2 part was only about the remedy.)

[tzs]

What about the butterfly ballots? The errors those likely caused would not be randomly distributed.

[rayiner]

When I say “errors” I mean votes the punchcard machines couldn’t read due to the chad not being punched out all the way. Those were the ballots that were at issue in the litigation (“undercounts”).

The butterfly ballot would have resulted in votes for Buchanan or double votes (ones for Buchanan + Gore if the person tried to go back and correct). Gore never actually tried to get those counted in his favor. And how could you know?

But the whole recount thing is stupid. It’s designed by people who don’t understand statistics. Any counting is a statistical process that’s going to have some measurement error. The Florida vote was almost certainly within that margin of error. The correct outcome then would have been re-voting, not a recount.

[TimorousBestie]

You either misremember or misrepresent WaPo’s reporting.

> In all likelihood, George W. Bush still would have won Florida and the presidency last year if either of two limited recounts -- one requested by Al Gore, the other ordered by the Florida Supreme Court -- had been completed, according to a study commissioned by The Washington Post and other news organizations.

> But if Gore had found a way to trigger a statewide recount of all disputed ballots, or if the courts had required it, the result likely would have been different. An examination of uncounted ballots throughout Florida found enough where voter intent was clear to give Gore the narrowest of margins.

So on this basis, GP has the right of it: Gore probably won that election.

[rayiner]

I was actually thinking of a much later CNN retrospective looking at various studies: https://www.cnn.com/2015/10/31/politics/bush-gore-2000-elect... (“Taken as a whole, the recount studies show Bush would have most likely won the Florida statewide hand recount of all undervotes. Undervotes are ballots that did not register a vote in the presidential race.”).

The studies showed that Gore only would have won if counting over votes, which his team never pursued: “The studies also show that Gore likely would have won a statewide recount of all undervotes and overvotes, which are ballots that included multiple votes for president and were thus not counted at all. However, his legal team never pursued this action.”

Maybe if Gore had asked for a statewide hand recount the result would have been different. But instead he tried to stochastically cheat through selective recounts, which burned a huge amount of time on a process that was fundamentally unsound.

[matheweis]

I’m not sure that what’s happening right now in California is any better.. even Nate Silver is crying foul and this point.