Hacker News Comments on
Why Electronic Voting is a BAD Idea - Computerphile
Computerphile
·
Youtube
·
31
HN points
·
83
HN comments
- This course is unranked · view top recommended courses
Hacker News Stories and Comments
All the comments and stories posted to Hacker News that reference this video.Machines of any kind have absolutely no place in any voting system:
“Wear gloves.”Longer explanation: https://www.youtube.com/watch?v=w3_0x6oaDmI and https://www.youtube.com/watch?v=LkH2r-sNjQs
Obligatory Tom Scott videos:Why Electronic Voting is a BAD Idea - Computerphile | https://www.youtube.com/watch?v=w3_0x6oaDmI
Why Electronic Voting Is Still A Bad Idea | https://www.youtube.com/watch?v=LkH2r-sNjQs
It's not about tallying digits, it's about maintaining the secret ballot, and making it really hard to commit election fraud. (As opposed to voter fraud, which is an insignificant problem.)It's such a bad idea that Tom Scott has not one, but two videos on it:
https://www.youtube.com/watch?v=w3_0x6oaDmI (Computerphile channel)
https://www.youtube.com/watch?v=LkH2r-sNjQs (his channel, more recent)
And also, if 20 people can handle ballots from 1000 people (no clue if that's realistic but it doesn't matter), then if you add another 1000 people.
Well... since you added people and the resource you need to count is people it's a self scaling solution. Sure you might need larger facilities, but we're not exactly running out of schools (another thing tied to the population).
The only reasons to make voting electronic are:
* To make money
* To commit election fraud
which is why I said there are no "good" reasons. :)
https://www.youtube.com/watch?v=w3_0x6oaDmI elaborates on that point, and has some other useful points against electronic voting
⬐ specialistThe gold standard is Australian Ballot -- private voting, public counting -- cast at poll sites, immediately tabulated when polls close, then results posted publicly.Just a TLDR. There is so much more. Election administration is pretty involved.
Electronic voting breaks the Austalian Ballot in two ways.
Whereas a ballot box protects voter privacy by being a secure one-way hash (physical shuffle), all electronic systems record the order ballots are issued then cast (necessary for auditing).
Electronic voting also obliterates the physical chain of custody.
FWIW, to protect privacy, postal ballot processing has to properly batch (by precinct) before opening. Your jurisdiction probably doesn't do this, due to cost and timeliness.
⬐ gabrielsrokaFrom 2014⬐ ratsmack⬐ karmakazeAnd it is even more applicable today than it was then.⬐ max1ccWhy Electronic Voting Is Still A Bad Idea (Dec 2019): https://www.youtube.com/watch?v=LkH2r-sNjQsTL;DR - all the reasons that make computers efficient makes efficient corruption more possible.i.e. the inefficiency of the manual, physical process is a feature--being harder to corrupt/DDoS.
⬐ imtringuedWell, the problem is that you have to verify the entire voting process and electronics makes it harder for voters to verify the process. Thus, your voting system should be as simple as possible. A symbol on a piece of paper is the simplest verifiable system possible. The only thing that might be simpler is if the ballot card already had your choices printed on it. E.g. a voting machine only prints out a receipt of your vote and the receipt is then counted.
I think Tom Scott's video about e-voting couldn't be more relevant today: https://www.youtube.com/watch?v=w3_0x6oaDmI
⬐ 0x456There is also the Emmy Nominated HBO Documentary "Hacking Democracy", from 2006.⬐ greypowerOzi still refer people to this also. He neatly summarises the core issues. People watching other people count marks on dead trees works great.⬐ smt88⬐ seanalltogether> People watching other people count marks on dead trees works great.They did this twice in Georgia and it didn't get the conspiracists to shut up or change their minds.
I like Tom but I think he's wrong to dismiss vote machine + paper receipt as an "expensive pencil". You get the best of both worlds with this option. The benefits of the voting machine give voters more screen real estate to view the candidates for a single race, more chances to correct their vote, and even the option to randomize candidate placement. You also get faster vote tally by doing it electronically. In addition if you produce a paper receipt you now have a physical backup to verify individual machines or precincts as a whole. You could craft policy to automatically do audits on say 30% of the machines before actually releasing the tally, with the option to do a full audit if needed.⬐ ricardobeatThe Brazilian design for voting machines addresses most of those concerns in a nice way. I couldn’t find a full description in English but Wikipedia has a few bits: https://en.m.wikipedia.org/wiki/Electronic_voting_in_Brazil⬐ greypowerOz⬐ enaaemrespectfully, that article simply repeats variations of scenarios tom brings up in his video;)pick any part of the process in that article and ask "how do you know that the black box is trustworthy?" , in the context of assuming that some nation states have a vested interest in messing with the process...
⬐ treesprite82It sounds like the random selection of machines for the parallel "mock election" is intended to help with that issue.⬐ ricardobeatUnfortunately that article is weak on the actual security mechanisms. Each step adds a layer of security. To affect the results of the election you need to compromise multiple of them.Here’s a translated page that goes into detail: https://www-tse-jus-br.translate.goog/o-tse/escola-judiciari...
Taiwan has the best vote counting procedure. Inefficiency is feature. Ballots are hold up, choice is announced and score is publicly tracked.⬐ 8noteThe Canadian birch bark and pine cone system is pretty good.You just look at how big the piles are at the end
Guess it's time to link that Tom Scott video again: https://www.youtube.com/watch?v=w3_0x6oaDmIUse paper and pencil. Anything more is for failures.
⬐ mseidlVoting should never , ever be electronic...If you wanted to sway an election with electronic voting you would just have to hit a few points versus going through the hassle of voting in person... Or even voting by mail.
Plus, the problem is lazy, stupid humans. You could have the most secure system on the planet, but if the password is password then it's worthless. Social engineering is a HUGE thing. Look at defcon videos where they "hack" via pretending to be someone in the company and make a phone call. It happens so fast(minutes). Also, there's a video on electronic voting , it might be a vice video or jon Oliver... districts left voting machines easily accessible, not under lock and key, no cameras, nothing...
America should do what Germany does with voting make the ballots easy to read/use, none of this stupid chad shit. There are big circles on our ballots to mark the vote, it's simple/clear.
The xkcd comic sums it up perfectly too.
Here is a great video from Computerphile about why this is a hard problemhttps://www.youtube.com/watch?v=w3_0x6oaDmI
Long story short voting needs to be secure and anonymous to be fair.
Hard to get all things at once.
I think you're missing a few things: Votes should never be identifiable and the count should be verifiable.First of all: using somewhat public things like SSN, "numbers in your street address" and a credit card number is a terrible idea. All of those have been leaked and are present on things you present to identify yourself or pay. Also requiring a credit card or home to vote would almost certainly be unconstitutional.
Getting a "receipt" is also problematic: You should never be able to prove you voted A over B or vice versa since that opens up ways to intimidate people to vote one way and coerce them to prove it.
I'm not saying it's impossible but there are so many problems with electronic voting that I don't even know where to start. At least with physical ballots we can manually recount if we need.
And that's before we even start talking about how current systems are basically swiss cheese for hacks, just look at the voting village for the last couple of defcons.
Related (and amusing) links:
https://www.youtube.com/watch?v=w3_0x6oaDmI
⬐ jjeaffI'm not talking about using SSN or other identifiers to validate voter identity, that would already be done at the polls or however we currently validate mail in ballots (should be something better than forensic signature comparison, though).The identifiers would simply be used so that the individual could check and validate that their vote was counted and counted correctly. But perhaps those identifiers wouldn't be necessary since you could simply assign a random uuid after the person votes that they can then use to look up.
⬐ TwisellWatching these links is really recommended if you don't yet see the issue with e-voting.PS: Well at least the first two, third one being the mandatory xkcd meta-reference :D
⬐ wavefunctionThe ballot itself could be a zk-SNARK written to a blockchain signed with a private key owned by the voter.⬐ SahAssar⬐ totonySorry, I'm not well versed enough in zk-SNARK, can you explain how it solves the problems above?If it does do you think that you can make the general public trust/understand it enough to run a election?
⬐ wavefunctionSorry can't reply to your reply but... Making the ballot a zk-SNARK[0] would allow it to be queried for validity of certain assertions like "Did this ballot contain a vote for Candidate A or Proposition B" without leaking the identity of the voter. The voter's private key could decrypt the entire ballot perhaps for the voter's verification or even as another verifiable assertion that the ballot was signed with the specific key. Perhaps there would be a key provided by the voting authority body as another verifiable assertion that would allow the voting authority body to verify the user for their purposes if required.I agree that the more difficult part of this would be encouraging adoption and supporting use. There are hardware keys like yubikeys or hardware crypto wallets that can be populated with voter-generated keys to be used in the voting process, and these hardware keys could be populated in a process similar to getting a driver's license perhaps, except not waiting for it to arrive in the mail. Perhaps you go into your local clerk's office and they have a one-time key generator that populates your hardware key. I definitely haven't fleshed this idea out beyond some basic musings.
⬐ kelnosDoesn't that still allow for vote-selling and vote extortion? Like if my employer threatens to fire me unless I vote a certain way, they'll accept me giving them my receipt saying I voted the way they wanted. Now, they can't prove that the receipt actually belonged to me, but it's certainly harder to procure someone else's receipt (from someone who voted the way the employer wanted).>Getting a "receipt" is also problematic: You should never be able to prove you voted A over B or vice versa since that opens up ways to intimidate people to vote one way and coerce them to prove it.Your receipt does not have to mention who you voted for in a way that's verifiable by a third party. But this problem is also a problem for mail-in ballots.
>using somewhat public things like SSN, "numbers in your street address" and a credit card number is a terrible idea.
Agreed, this does not mean that it is not feasible. You could use some zero-knowledge based proof that ensure that the person is allowed to vote and has voted only once without knowing his identity. Mail-in ballots are also problematic in that regard.
I dislike that people say evoting is a bad idea when we already have things like mail in ballots which are analogous to a poor e voting system.
>Also requiring a credit card or home to vote would almost certainly be unconstitutional.
But don't you need a registered address to vote?
⬐ SahAssar> But don't you need a registered address to vote?I'm not 100% sure here but I thought homeless could vote?
> mail in ballots which are analogous to a poor e voting system.
I think it is mostly about scale. It is hard to impersonate 10000 people it requires physical objects, it is easier if it is digital. One of the videos deals with this, timecode here: https://youtu.be/LkH2r-sNjQs?t=140
⬐ totonyThat timestamp is talking about physical voting. I'd posit it's easier to impersonate 10k mail in ballots of the same state than (let's say) crack 10k private keys or whatever is used for that system. I agree though that a new system will bring about exploits vectors that are unknown, but I'm not convinced they are as bad as what is implied in that video and this thread.
Has it just been decided by Twitter now that the truth is that mail in ballots are 100% secure and anyone questioning our election integrity is just spreading dangerous misinformation? Seriously?It seems like a really open-ended thing to fact check.
I wish we had asked more questions about election integrity before 2016. I think it is better that we have a robust discussion about this NOW, before the election.
The most important thing about elections is that they be trustworthy by the majority of the population. Without sufficient transparency and oversight, actual security is meaningless. The Computerphile did a two great videos about the dangers of electronic voting:
https://www.youtube.com/watch?v=w3_0x6oaDmI
https://www.youtube.com/watch?v=LkH2r-sNjQs
It seems like mail in ballots re-create the same problems with electronic voting, except that we are just adding an extra layer to it.
But, I know that countries like Germany and Switzerland have instituted some fairly robust means of securing mail in voting -- none of which we are considering. Simple things, like having the affidavit be on the same piece of paper as the ballot, and having ensuring chain of custody of the ballots by only having postal workers pick them up directly from voters.
Are we allowed to express our concerns about this? I for one do not want to make things worse this time around. Is the discussion about this really ending because Twitter decreed it so?
Summary of why e-voting is bad:https://www.youtube.com/watch?v=w3_0x6oaDmI
A newer video basically reiterating the points:
No, they really are not. Incrementlisim is a very old social manipulation tool.
⬐ CivBaseNot sure I buy the slippery slope here. Should we also stop using computers in cars and planes? What about stocks and payment systems?Election results should be backed by multiple, independent records including (but not limited to) a paper trail. Those records should be thoroughly audited for accuracy and consistency. It's perfectly fine to use computers as a quick-and-easy record as long as it's backed by more robust solutions.
Everyone talks about electronic voting vs paper as though it has to be one or the other. It should be both!
A strong password is recommended, but it's not a substitute for 2FA. In the same way, a robust, highly-auditable voting record is recommended, but it's not a substitute for redundancy.
Tom Scott: Why Electronic voting is a BAD idea: https://www.youtube.com/watch?v=w3_0x6oaDmI
⬐ tareqakThis is not electronic voting. This is relaying the results of the caucuses electronically, or by telephone as a backup.⬐ jakeogh⬐ LycakeLOL brilliant. You made my day.Cite: "Votes in transit" (Scott 2019).
⬐ gdubsIt’s still using an unvetted app in the critical path of an election, so in this case it feels like a distinction without a difference.This was 2014. You might think with newer technologies this isn't a problem anymore. He also made "Why Electronic Voting Is Still A Bad Idea" last month: https://www.youtube.com/watch?v=LkH2r-sNjQs
https://www.youtube.com/watch?v=w3_0x6oaDmI hopefully they don't prove Tom Scott right.
The market for voting machines is broken because it should not exist.Voting machines are a bad idea.
Same reasons: https://youtu.be/w3_0x6oaDmI
https://youtu.be/w3_0x6oaDmI
I like this video by Tom Scott explaining why electronic voting is a terrible idea. https://youtu.be/w3_0x6oaDmI
Obligatory video from Computerphile and Tom Scott on why electronic voting is a terrible idea:
Nope. You never can audit most of it. Especially the hardware and firmware at vote time.And that's a false arg anyway, even if you could "audit" it (ask the hardware nicely to not lie to you:), it's still a (really) bad idea: https://www.youtube.com/watch?v=w3_0x6oaDmI
⬐ darawk> And that's a false arg anyway, even if you could "audit" it (ask the hardware nicely to not lie to you:)If individuals can audit their own votes, the hardware cannot lie.
⬐ jakeoghYou then have a trivially broken voting system.⬐ darawkI know why you think that is so. But I have already explained elsewhere in this thread why you're wrong. So why don't you look into it a little for yourself.⬐ jakeoghNothing you wrote negates the requirement of incoercibility. In all instances, the check can lie to you OR the vote system is broken.Electronic (aka proxy) voting is a requirement on the checklist to skip physical presense.
I thought it was nonsense when I first heard it, but the traditional paper system is actually more secure than a completely digital system. Here is a really good video explaining it: https://youtu.be/w3_0x6oaDmI
⬐ EGregIt’s not about it being more secure but about convenience of voting from your phone.Look, going to the bank is more secure. So why do we have banking apps? What if all your money is stolen?
Seriously, I find the knee jerk downvotes every time someone questions “just use paper” to be pretty ridiculous.
Per usual, here's the video from Computerphile on why digital election systems are a terrible, terrible idea:
Ideally, yes, but there are so. many. things. that could go wrong:https://www.youtube.com/watch?v=w3_0x6oaDmI
From silent malware changing votes on voter's machines, to an authoritarians manipulating the servers, to inability to verify what is actually run on the servers, to hacking of air-gapped servers like Stuxnet did, etc. etc.
Perhaps a smart contract on a publicly verifiable blockchain could alleviate the black box concerns. Privacy issues remain. Most democracies see it as absolutely vital for the population not to disclose who they voted for, so whatever smart contract we come up with, it has to be blockchain analysis-proof.
> These virtuous behaviors are a better way to live and make life better for everyone.Sure, until something abuses the power to control those behaviors.
> I should note that Western countries had their own large-scale nearly universal social indoctrination and social credit systems—organized religion.
And religion in the West is slowly dying by the right and will of the people. What happens when people want their social credit system to die? They won't have a choice in that matter.
This debate reeks similarly to the one about the use of electronic ballot systems, which are not better than paper ballots: https://www.youtube.com/watch?v=w3_0x6oaDmI
The greatest lie were being told is that technology is democratizing our lives. It does until it reaches network effects, which it then hits an inflection point and gives power to very few.
Very related: Why Electronic Voting is a BAD Idea - Computerphile:
⬐ MrStonedOneno its not.⬐ suprfnkCare to elaborate?⬐ YokoZarThe system for verifiable receipts in the article does not require electronic voting in either the vote-casting or vote-counting process. It's an explicitly paper system.⬐ afioriso> no its not.
As in not related not as in not a bad idea.
Electronic voting isn't a solution, it's an attack. https://www.youtube.com/watch?v=w3_0x6oaDmI
⬐ YokoZarThis isn't an electronic voting system.> ElectionGuard provides a complete implementation of end-to-end verifiable elections. It is designed to work with systems that use paper ballots, supplementing today’s tabulation process by providing a means of public verification of the accuracy of reported results.
⬐ jakeoghDigital tabulation is electronic voting.Incrementalism is a powerful technique.
What you are proposing it to "recount" when the electronic voting does not match expectations. It's a awful idea, and is equivalent to electronic-only voting since recounts are expensive and get challenged in court.Why Electronic Voting is a BAD Idea: https://www.youtube.com/watch?v=w3_0x6oaDmI
Electronic voting isn't a solution, it's an attack. https://www.youtube.com/watch?v=w3_0x6oaDmI
Cool that they do this although fundamentally subscribe to the point of view advocated by Tom Scott in "Why Electronic Voting is a BAD Idea" https://www.youtube.com/watch?v=w3_0x6oaDmI which argues that it's hard to scale up an large-scale attack against paper-based systems among other things.
⬐ lepprIt may be a bad idea for a vote so important that it happens only once every 5 years and citizens have no recourse in the periods between.But if we want to scale Democracy to the modern world, where today tens of thousands of important decisions are taken without any citizen input during those 5 years, electronic voting is a necessity.
⬐ kartan⬐ anoncake> tens of thousands of important decisionsI think of myself to be a well-informed person. I will not be able to cope with that level of decision making. Probably makes more sense to scale it up slowly, adding more and more issues to be voted as the citizens learn the consequences of their vote and are able to keep themselves informed.
But, I do not think that ever we will be taking tens of thousands of votes. That also looks like a very centralized system where all decisions are made from one place. If an issue is local it should be delegated locally.
⬐ saagarjha⬐ nohillsideExactly. This is why we developed republics instead of direct democracy: nobody has the time to weigh in on every decision.⬐ Tade0I've been thinking about this: people are generally eager to jump into pointless political flamewars.What if it's just a question of having a platform to express these opinions?
⬐ thegabrielePerhaps it's not the only case, but Italy's M5S party has built exactly that kind of platform as a mean to differentiate from the other political groups. Somehow it workded and now they're governing the country (along with other forces). From a democracy point of view, the result is a mixed bag but i think it's a start.Switzerland manages to hold state-wide votes four times a year, usually combined with local topics, with a paper/ballot based system quite well. Voting more often than every 4 or 5 years is not a reason to introduce eVoting.But then, for grown-up democratic countries with a stable political system, hardly anything is a reason to introduce eVoting :-)
⬐ anoncakeWithout a secret ballot, you cannot have democracy. Instead, you have a rule of those who bought the most votes.If voting does not happen in public, you cannot have democracy either. Instead, you have a rule of those who are best at manipulating the vote.
Electronic voting is either not secret or not public. You cannot use it to scale democracy, it destroys it.
⬐ currymjyou can definitely have cryptographic schemes where individual votes are secret but the result is publicly verifiable.i don’t necessarily think it’s a good idea because it’s better to have a low tech system that people can understand, even if it’s a little cumbersome and expensive. but it is possible!
⬐ dogma1138Like others have mentioned it’s easy to develop a cryptographic system which would provide both vote assurance and and vote anonymity the problem is that unlike paper ballots people can’t understand those systems and people don’t trust what they can’t understand and democracy doesn’t work when there is no trust.Everyone can count paper ballots having 10 crypto experts that given that they are experts wouldn’t say that a system is 100% foolproof isn’t the same thing.
But if you solve this problem which is trust in something you can’t ubdsrstnsd, you can definitely scale it and have it both being secret and verifiable.
⬐ gpmI wonder if this is just a case of preferring the devil we know."Without regular (daily) votes you cannot have a democracy. Instead, you have a series of temporary dictators selected from those with the connections, charisma, and budget to run campaigns and get put in charge."
Experimenting with something as important as our form of government is really scary, but it's not clear to me that it's more likely to destroy it than improve it.
Why do you think it's cool that they do something that is a bad idea?⬐ harryf⬐ orthoxeroxI think it's cool they make a public call for people to attempt to hack the system they built, even if I don't think e-voting is a good idea.Most African countries and Russia have managed large-scale attacks on their own paper-based systems just fine. Crypto-based vote-counting systems must protect the voters not from evil outside hackers, but from electoral commissions themselves.⬐ harryfYes... but most people are aware that those elections are a farce. I doubt there's many people that would agree to the statement "Putin was legitimately elected".
Why Electronic Voting is a BAD Idea: https://www.youtube.com/watch?v=w3_0x6oaDmI
Physical paper voting wins no matter what.
[Computerphile - Why electric voting is a bad idea](https://www.youtube.com/watch?v=w3_0x6oaDmI). No hacker can hack paper.Don't be triggered, but I still haven't seen any real evidence of "Russian Hacking" of the Election. Until now it has only been a political game to discredit Wikileaks. You can find some reasonable neutral info on https://original.antiwar.com/
But there were some actual hacking reports like plugging USB-sticks in voting machines. The most recent one I found is an [alleged failed hack in Georgia](http://archive.is/d9d4a). These are all cases that I want to be looked at, but I do not see that in the news.
There are plans by Homelands security to take over the election infrastructure. If you trust them it is ok. If they start to plant their own votes, we may never know. That makes some people afraid that it is the patriot act for elections.
The simple and cheap solution is to have no computer voting without a clear paper backlog and registration. Let's make recounts standard (and put those pensioners to work). No computers, no hackers, no cheaters, no problem.
A more direct problem is corruption due to too much power and money in politics. Organisations like http://represent.us may stop that.
Anyway be friendly to humans that think differently than you, and vote for what you think is best.
⬐ akiselevYour source for "reasonable neutral info" is a nonsense conspiracy rag. I clicked on one of the articles and one of the opening sentences included "the Deep State amalgam that includes foreign intelligence agencies as well as Trump’s domestic opponents." It's right wing crap.Read the indictments: https://www.justice.gov/file/1080281/download
⬐ shard972⬐ patagoniaTo believe there is no such thing as the deep state to me is pretty unbelievable.You would have to be seriously naive to believe that in such a divided country that everyone who works in the government is completely neutral in their politics and would never act upon them within their positions of power.
⬐ r00fusThe right wing has a whole lot of psychological projection going on.The GOP is rife with documented examples of back room deals that would easily qualify as "deep state" (eg the Iran hostage deal).
However it's the right wing that claim that Trump's enemies are "deep state".
⬐ hannasanarionYour conjecture that individuals can be biased under prezsure is not evidence of a vast plot to undermine Republicans and put Jews in power.Ballot-box stuffing? A “hack” can be perpertrated utilizing non-computational methods...⬐ hannasanarion⬐ zyxzevnA single person can only stuff one ballot box.A single person can write code to change ten million votes.
Which would you rather be vulnerable to?
⬐ patagoniaNeither.But that really isn’t an option.
My point wasn’t to say ballot-box stuffing was worse than electronic versions of voter fraud. I was disagreeing with the comment:
“No hacker can hack paper.”
Yes. Paper can be hacked. That’s pretty straight forward. We know it’s happened.
Hacking elections is so 2000... https://www.bitchute.com/video/4JV7r2In40A/⬐ TazeTSchnitzel> Don't be triggered,This type of puerile language is not conducive to reasonable discussion.
⬐ cwkoss<tinfoil hat> I think domestic criminal "Political Interest Groups" may be attempting to hack US elections and are fanning flames on Russia Hacking stories because it makes for useful cover </tinfoil>⬐ ImprovedSilenceIt's neither of the above. The goal is not to actually hack a system and change votes(and thus leave a trace) but to cast doubt onto the integrity of the vote as a whole. Thus cuing <tinfoil> any reason to throw out results of an election. I'm not going to speculate on the actors or their motives behind this though, and it could be many layers deep... But I promise you, that's the long play currently underway.⬐ cwkossWe may both be correct. I think there is likely a diverse set of nefarious actors constantly taking often-conflicting self-serving actions.
There's a good video on why any computerised or electronic elements in the voting process are a bad idea here: https://www.youtube.com/watch?v=w3_0x6oaDmI
> - A central authority(government) can control issuance of new keys and maintain the association between keys and personal information. [...]This means that you can tie a vote to a key, thus a person?
That's not how voting should work. Any vote cast must be secret. Or what's to prevent any one group from blackmailing you (or any other voter)?
> Voting app
You mean that a thug could coerce me into casting my vote from home?...
> There's also a question of the integrity of the voting app, but that can/should be open-sourced and audited.
+ constantly verify that the machine was not tampered with (evil maid) + make sure the hardware was not compromised (supply chain attacks) + ... on TONS of devices?...
> We obviously have the tech and the capabilities to create very effective e-voting solutions.
No, clearly we don't! The current paper ballot model has been battle-tested since elections became a thing. See https://www.youtube.com/watch?v=w3_0x6oaDmI
⬐ crypt1d> That's not how voting should work. Any vote cast must be secret. Or what's to prevent any one group from blackmailing you (or any other voter)?Fair point, but they do not have to maintain the association with the voting keys. Derivative keys can be signed without it imho.
> You mean that a thug could coerce me into casting my vote from home?...
Dont be naive, things like this happen already even with paper votes. See https://en.wikipedia.org/wiki/Bulgarian_train
> + constantly verify that the machine was not tampered with (evil maid) + make sure the hardware was not compromised (supply chain attacks) + ... on TONS of devices?...
I agree that's a problem that needs consideration, but we've solved many such issues before. There are quite a few ID, banking, authentication, etc. apps running quite fine and well on consumer devices.
E-voting is a general term that describes methods of voting that involve electronics. While some solutions are indeed terrible, that doesn't mean all are.
⬐ moviuro> Dont be naive, things like this happen already even with paper votes. See https://en.wikipedia.org/wiki/Bulgarian_trainThat's weird. I don't understand that "filling" paper ballots. In France, we get to pick N papers with only one candidate's name printed on each. We then discard and seal in the envelope the papers we want once we're in the "isolation room".
> I agree that's a problem that needs consideration, but we've solved many such issues before.
No, we never had the entire destiny of any one country rely on a single piece of tech running on untrusted devices. Banks can contact any individual if their logins were leaked or if their money transfer appear suspicious; but as votes cast must be kept secret, you can't do anything similar with voting.
> E-voting is a general term that describes methods of voting that involve electronics. While some solutions are indeed terrible, that doesn't mean all are.
Still waiting for a viable solution - so far I don't know of one.
Go back to manual count, have people count the votes, and citizens check over their shoulders, as it should be. It's still the case in e.g. France (larger voting pop than any one US state).There should be zero trust in an election. Citizens don't have to trust the party or any machine.
⬐ JaruzelThe UK is the same.No-one here seems to be asking 'WHY' there's even a need for electronic voting machines? Paper and pencil manual voting will always be safer as it's almost impossible to game the system when there's 10,000+ unpaid volunteers double checking each others counting.
Electronic Voting is a solution looking for a problem. It's only advocated by the losing parties, as they are convinced that making it 'easier' to vote (really? It's not like it's hard) will get more bums off seats and into polling stations, which will increase their chances of winning said election.
NASA spent millions on a space pen, that never worked properly; The Soviet Union just used a pencil.
⬐ TeMPOraL> NASA spent millions on a space pen, that never worked properly; The Soviet Union just used a pencil.Someone has to, might as well be me. The reason you want a pen in space instead of a pencil is that graphite can chip off, and cause lethal danger to electronics and (consequently) crew.
⬐ maxericksonIt's just a silly urban legend anyway. Fisher developed the space pen independently.https://en.wikipedia.org/wiki/Writing_in_space
Grease pencils and felt tipped markers were among the early alternatives.
⬐ JaruzelI knew it was. I forgot to put the /s sarcasm on my post!
I love [this video](https://www.youtube.com/watch?v=w3_0x6oaDmI) from Tom Scott in which he explains quite well why e-voting is inherently bad. I am very happy that here in Switzerland, even if we have to vote several times every year, we still do it the old fashion way :).
⬐ ben_utzer..and then you see people on Facebook bragging with more than one voting form/letter in their hands..Not the best example of "unhackable" system...
⬐ marcyb5st⬐ moviuroStill, having few people casting two or more votes is much more secure of potentially having a successful attacker changing votes for thousands or even millions. We are talking about several orders of magnitude in difference. So yes, I take the paper system every day.⬐ tlamponiHere in Italy you can only vote in the commune you're registered at (main residency), once you have the required age you're automatically on the list, if you go voting you will get an entry in the list, no other voting is possible (there are always 3 people + two law enforcement helper. One of the three election helpers have one job only, write exactly down what happens, who came in, who got an voting form and ensure that the voter handed it back after coming from the voting cabinet (located in the same room).You can only have one main residency, you cannot possibly be on two lists.
If you register for voting per snail mail you get pulled from your community list, if you come to vote the will know you mail voted and will be questioned by law enforcement.
If you want to show up twice law enforcement will get you out, if needed.
This is in a commune with ~1000 people, so it may be a bit different in bigger ones (but AFAIK, there's a certain limit to voter count at any voting point).
You effectively would need to corrupt >= 8 people (three election helpers are working any time, but they work in shifts, in total there 5 to 6 election helpers), as often outside law enforcement comes in this is particular hard to do. Also you get a fixed number of voting forms and all protocols are checked against by other gov. parts, so to pull this off without any notice would be close to impossible, IMO.
At least way easier to do this on proprietary, known error prone, voting machines... Get them open source, let them be verified and looked close upon by the public and some good pen-testers/security researches and you'd would have a really good system going....
⬐ bvmIsn't that incredibly illegal? Like years-in-prison illegal?⬐ XorNot⬐ moviuroWhich is why it's garbage. Because of they actually did it, then they just confessed to federal crimes against their real identity.Sort of similar to all the Republican shills who get caught trying to commit in person voter fraud while "proving" how easy it I'd to commit.
⬐ ben_utzerCan't find the original source I've read it on. Here is an italian version translated by google: https://translate.google.com/translate?sl=auto&tl=en&js=y&pr...He was indeed convicted and he also didn't believe it was bad to show off like that.
For those who don't know, Switzerland sends all the material at home, you then can go to the ballot and post it or send it by post if it's not an important votation (if i remember correctly).
Depends how it's done. In France, we register only once in the country, in our "voting neighborhood".Once you enter the voting building, you give your ID, sign the register, go to the voting cell, put your vote in an envelope, give your sealed envelope to be counted in a sealed box that has a mechanical counter for each envelope it gets.
Unhackable, because anyone can check the counter, count the signatures, and participate to the closing count of cast votes.
The real issue is if you can get inscribed on two different voting neighborhoods though... is that what you describe? (which shouldn't happen, given how long it takes to get your name on one voting list, since the gvt probably crosses your name out of all other voting neighborhoods when you do)
⬐ carry_bit> you give your IDThat's racist. (According to some in the US)
EDIT: So how would you design a system where you don't need an ID to vote (like many places in the US)?
⬐ mikeashHow would you design a system where you do need an ID to vote without unfairly disenfranchising a lot of people?This is not an impossible question by any means. You can absolutely design such a system. But the differences between that hypothetical system and the real systems used in the US are important and instructive.
⬐ scrollawayThe US is not France. GP specified France.⬐ infimumIt is racist, when you make it exceedingly difficult for some minority populations to get an id.⬐ polyphonic01No it's not racist, it can easily be implemented in the US today without issue.Don't be so patronizing to minority groups, they are just as capable as everyone else and already have to get ID for numerous other activities.
The US is less racist than most other countries on Earth, yet somehow it is the US that couldn't properly implement voter ID cards?
Racism in America has dropped dramatically in the last 50 years according to multiple lines of research, the perception that racism is on the rise is false and misguided.
It's a shame voter ID can't be implemented on a nationwide basis in the US just because people have concerns that are longer valid.
⬐ pjc50⬐ rdtschttps://www.nytimes.com/2017/05/15/us/politics/voter-id-laws...Unusually, this links to the actual court result: https://www.nytimes.com/interactive/2016/07/29/us/document-A...
The bill was specifically and deliberately amended to choose only those specific forms of ID that African-Americans were least likely to hold.
⬐ None⬐ lozengeNoneRepublican politicians and lobbying groups are literally on video admitting their political and racial motivation for the voter ID laws. Do you think they're lying?⬐ mikeashDon’t be so ignorant about the motivations and techniques behind American voter ID laws. The people writing the laws have literally studied the demographics of who possesses which kind of ID so that they can write the laws to accept forms more likely to be held by white voters and reject forms more likely to be held by minorities. And then they’ll shut down or limit the hours of ID offices in minority areas to make it more difficult for them to remedy the situation.We absolutely could properly implement voter ID. We just don’t.
Edit: I would encourage skeptics to look up the history of voter literacy tests. How can a literacy test be racist? Are you implying that minorities can’t learn to read? And yet they were highly effective at suppressing the minority vote for a long time.
⬐ SiliconWalliesReally don't have faith in minority groups do you? Liberals think they have to protect the world. Stop race baiting and virtual signalling - if you're so worried about it go babysit some 'minorities' and be their protector.⬐ mikeash⬐ polyphonic01Did you read my edit? Did you look at the history of literacy tests?How do you know what work they've done in creating these laws? Show me recent evidence to back up your claim.All Americans are capable of getting whatever ID they need to get. There are no recent instances of someone being barred from getting a driver's license or other form of ID due to race. The notion that it's racist to require a certain form of ID when it's eminently possible for all groups to aquire such ID is ridiculous.
⬐ acct1771That last part is true, and should be fixed before implementing voter ID laws.We should make it exceedingly easy it seems instead of just saying well we won't have it at all?If anything just to avoid the time and energy spent insinuating things and discussing if IDs are racist or not.
A country like India with more poverty and issues like open defecation somehow managed to get everyone an ID but here it this insurmountable problem, that everyone talks about yet nothing is done about it.
⬐ themikesantoAt best, voter ID is a solution to a problem that has not been shown to exist. At worst, it is a tool to limit the number of people who are able to vote on election day. It's really as simple as that.Obligatory XKCD: https://xkcd.com/2030/⬐ marcyb5st⬐ andrewlaYES!⬐ kwhitefootOne of his best! I especially like the tooltip.It's worth noting that this article is not about e-voting in the sense that the video seems to be presenting [1]. This is about the machines that tabulate the results, often from paper ballots manually filled in by voters.The report itself [2] goes into more detail on the exact nature of the vulnerabilities.
[1] I admit I didn't watch the whole video; I find video to be an extremely tedious medium for transmitting information like this, but from skimming bits of it it seems that the speaker is more focused on distributed systems for voting and online voting systems, which are both horrifying ideas; although Oregon and Washington have made a good go at absentee-only voting.
[2] https://defcon.org/images/defcon-26/DEF%20CON%2026%20voting%... (discussion at https://news.ycombinator.com/item?id=18112172)
sigh https://www.youtube.com/watch?v=w3_0x6oaDmI
⬐ rohit2412Lot of generalizations and stupid assumptions in that video, like where he argues that of course the ballots will be uploaded over the internet without any authentication/checksum.I don't see why a digital counting machine which is kept completely offline and is transported physically cannot be used, specially if we can verify it's counting functions by randomly verifying a few of those machines (also keep paper ballots, just use the machine to count ballots), or statistics, and use an external randomization/derandomization module.
⬐ moviuro⬐ rectang> over the internet without any authentication/checksumAs if the totally secure communications over Internet problem had been solved. Why are we seeing SO MANY issues with TLS, VPNs, hardcoded root passwords everywhere, ssh issues even!...
⬐ rohit2412⬐ mdorazioI am advocating a glorified digital calculator with printed out ballot copies. What's called VVPAT. Not online voting.Hang on. You want to use a counting machine, and then physically transport it around to avoid security issues instead of just using proven human counters and physically transported ballots because....???? Why? Just why? What problem is this solving? Does getting your results a few hours sooner make a single bit of difference to merit this madness?⬐ hvdhh7Perhaps because counting tens of thousands of near-identical pieces of paper is exactly the sort of repetitive, robotic task we've entrusted machines to perform more accurately than humans since at least the 1940s.⬐ monocasa⬐ rohit2412You realize that the article in question is about hacks against vote tabulating machines right?⬐ hvdhh7I do.But a non-hacked vote tabulating machine will still do the job better than non-hacked humans.
Add a high enough percentage of random hand audits of the machine but counts to ensure they're functioning correctly, and you should get a reasonably high confidence that you have the most accurate count.
⬐ monocasaBut why? The number of humans to count votes scales linearly with the number of votes cast.⬐ moviuro> Add a high enough percentage of random hand audits of the machine but counts to ensure they're functioning correctly, and you should get a reasonably high confidence that you have the most accurate count.Defies the purpose of electronic machines completely. Why use machines + lots of auditors, when just more counters (worth less than auditors) could do the same job, with a much higher cost to corrupt?...
Because paper ballots are easily subverted. In my country (India) it was not uncommon to have goons take up a polling booth and slid hundreds of fake ballots in, or throw in ink in the ballot box. Digital counters stop such attacks.This video is about electronic voting. The article is about a device used to count paper ballots.⬐ moviuroPaper ballot counting happens to be mentioned in the video at ~4:20⬐ rectangIt would have been helpful if you had noted that in your original post. Just pointing to a opaque video URL without summary is inconvenient for the rest of the readers. Therefore, I posted quickly (without watching the entire video) in an attempt to spare others from having to waste their time.
This numberphile video does a good job explaining why electric voting is a terrible idea. https://youtu.be/w3_0x6oaDmI
> Is it really impossible though?Yes, it really is:
⬐ AvamanderI'd love actual proof/research instead of an Youtube video, plus it doesn't differentiate between e-voting (with machines mentioned in the video) and i-voting (with public key crypto, like in Estonia) which further reduces the video's trustworthyness.
please watch this: https://www.youtube.com/watch?v=w3_0x6oaDmI it has a good list of reasons why software voting is a terrible idea.also the secret ballet is very important to maintaining the fairness of elections.
Perhaps the most important political message I have seen on XKCD. Related Computerphile episode: https://www.youtube.com/watch?v=w3_0x6oaDmI I guess that some computer-powered elections are coming in the US, EU ?
⬐ freeone3000https://voatz.com/ is going to power remote voting in West Virginia, according to https://www.engadget.com/2018/08/07/voatz-mobile-voting-west... .⬐ martythemaniakWhen Reddit kicked out some hate groups, they setup their own website called "voat.co". I thought this was something associated with them.⬐ rhencke⬐ NoneThat isn't how Voat was created at all.⬐ NadyaIf people repeat a lie enough it becomes the truth. That's the goal when misinformation like this is spread. Even better when ignorant people with only secondhand knowledge begin to spread the message.Voat had existed for just over a year before the mass subreddit ban on Reddit. The timeline is easy to look up on their Wikipedia page [0]. It was already a trollfest 4chan-like-community version of Reddit before the users of banned subs joined.
[0] https://en.wikipedia.org/wiki/Voat- Founded as WhoaVerse in April 2014 - Subreddits banned June 2015None⬐ mikestewWith that domain, I thought it was your half-assed attempted at a joke, or maybe something you found on 4chan. Then I clicked the first link.There is no way in hell I'm trusting my enfranchisement to an application called "voatz" (or an application, period. But especially not...). Bonus points for the fact that they've got that blockchain bullet point covered: https://blockview.voatz.com/
⬐ jandreseIt's pretty incredible that the state government is going to send retirees a notice that tells them to install the "voatz" app on their phone. Might as well call it xXxl33t v0+exXx. It doesn't look like an official government anything.
Obligatory why electronic voting is a bad idea: https://www.youtube.com/watch?v=w3_0x6oaDmI
⬐ rmetzlerObligatory "I rigged an electronic vote" video: https://www.youtube.com/watch?v=DzBI33kOiKc
There were concerns, there has been several inquiries into it, right after the vote happened. And it's been known for has long as democracy that we shouldn't mechanize voting.That video is from 2014 well before the 2016 US election was a thing : https://www.youtube.com/watch?v=w3_0x6oaDmI
edit : interesting how in the recent comments under this video there's cryptoblockchain enthusiasts who have completely missed the point about lack of trust.
Just show him or her this video https://www.youtube.com/watch?v=w3_0x6oaDmI
Just spare a couple minutes of your time to watch this excelent video by Computerphile: Why Electronic Voting is a BAD Idea [1]
⬐ bo1024Good summary. The video is mostly about electronic voting machines up but also talks about online voting from home toward the end.The additional problem with online elections, not covered in the video, is loss of anonymity (or deniability).
⬐ Y_YI did. I didn't learn very much, as someone who has a casual interest in electronic voting. I think that pretty much everything he said was "this could never work because people would do it wrong". It's an important consideration, but I don't find it an ultimately convincing argument. I think that we can certainly construct an apparatus of trust based on existing ones (like banking and encrypted messaging) that would be sufficient.
Why Electronic Voting is a BAD Idea - Computerphile: https://www.youtube.com/watch?v=w3_0x6oaDmI
⬐ deathhandIf you prefer to read:https://www.theverge.com/2012/11/6/3609506/voting-machine-el...
⬐ toomanybeersiesI think that electronic voting as the single source of truth is a bad idea, but electronic voting as a method of making the process more efficient is not a bad idea.Voting machines should print off a receipt of your vote, which you can then confirm and seal in an envelope, like you would a paper vote, and put in a box of paper votes. The machines will also need to have a method for voters to correct an incorrect vote somehow.
If there are irregularities, or a recount is needed, the paper votes can be counted. There should also be an option for a normal paper vote, if the voter so choses, like how in an airport you can choose an Xray or a pat-down.
Upon saying that, I don't see what's wrong with paper votes. Elections don't happen very often, and paper voting scales perfectly fine with population.
⬐ jakeoghYou don't necessarily know if there are irregularities. Many elections are quite close anyway. Just count the paper by default, it's not that hard.
Nobody sane would want e-voting. It has exactly the same problems as voting machines and in addition to that is heavily vulnerable to DDoS attacks and ID theft.Tom Scott on electronic voting: https://www.youtube.com/watch?v=w3_0x6oaDmI
In the video below, Tom Scott explains why paper ballots are intrinsically more secure than electronic voting. If you're reading this and don't think that electronic voting is a terrible idea, I urge you to spend the next eight minutes of your life watching it.
In case you haven’t seen this breakdown by Tom Scott about why electronic voting is lunicy, here it is: https://m.youtube.com/watch?v=w3_0x6oaDmI
Slightly off-topic, but a great video on why Electronic Voting could be a bad idea: https://www.youtube.com/watch?v=w3_0x6oaDmII've wondered before why the UK doesn't have e-voting, and after watching it is sort of seems obvious. With traditional voting, it can easily be changed on a small scale, but is very hard to do in a meaningful way. Whilst with e-voting, its almost just as much effort to change on a small scale as a bigger scale, with much fewer people being involved.
I particularly like the idea that the reason we use pencils is as a protection against somebody replacing pens with ones with invisible ink. Not sure if this is true though.
I'd like to reference Tom Scott's video[0] here. There is no need for an electronic voting system, paper ballots work perfectly.
⬐ TeMPOraLThis video is absolutely an amazing summary. Thanks for linking it!⬐ warcodeUntil you want to scale due to using rapid direct democracy. Paper ballots will still WORK perfectly, but the workload will be massive.⬐ specialist⬐ fredleyThe gold standard is paper ballots cast at a precinct, counted the moment the polls close.In the USA, average precincts are 500 voters. Totally doable. In fact, that's how many jurisdictions did it.
⬐ zythonWhich is something you can justify IMO for a direct, just, free, equal and confidential election.Depends on what your need is. If you need to alter votes, it's an extremely good system!
The obligatory video from Computerphile and Tom Scott is obligatory.Describes all the problems with electronic voting and why it's an awful idea. It's short for what it is, a fantastic eight minutes.
Tom Scott has a very educational video[0] on why electronic voting is a really bad idea.
Having open source voting systems is a great thing, but electronic voting is inherehently flawed and is a terrible idea. There's no way to prove the checksum of your software is real unless you have root access to the voting machine and are assuming the OS is not compromised.Decentralized electronic machines that print paper ballots for you (which you can physically verify), and submitting to a tabulator seem to be the safest option. But your paper ballot can be compromised in transit by a worker. I have also heard talks about using a blockchain-esque system for voting and verifying it online with a hash code.
Here's a great video by Tom Scott: https://youtube.com/watch?v=w3_0x6oaDmI
⬐ rattrayThanks! Edited to clarify that it's still a paper ballot system. But you're certainly correct that there are many shades of gray here, with varying degrees of hypothetical and real danger of compromise.It's important to have skilled engineers play a part in the design of the system to help identify and avoid these problems.
The city is putting together an Advisory Committee as we speak for this very purpose. I'd encourage anyone interested to apply.
⬐ thaumasiotes> electronic voting is inherently flawed and is a terrible ideaI see this expressed a lot. But the argument always seems to actually be that electronic voting doesn't play nicely with anonymous voting.
It's possible that either might be a better choice than the other.
If you give people a way to prove that they voted a certain way, then the election is robust against rigging, but you've also allowed vote-selling as a side effect.
⬐ eru⬐ pkdMy main objection against electronic voting and in favour of paper voting is as follows:Any village idiot can go and observe and verify paper voting. But it requires an expert to observe and verify electronic voting, if it's possible at all.
⬐ mixmaxthe vote-selling side effect is much larger than you'd like.In Denmark someone made a study and found out that when voting changed from public (everyone could see who voted for who) to anonymous the workers parties gained votes to the tune of double digit percentages.
Presumably what happened before is that the landlords, owners and managers would tell the workers who it would be "best" to vote for if they'd like to keep their job or apartment. If I recall correctly this was around 1910 or so.
⬐ thaumasiotes> the vote-selling side effect is much larger than you'd like.> In Denmark someone made a study and found out that when voting changed from public (everyone could see who voted for who) to anonymous the workers parties gained votes to the tune of double digit percentages.
Is that a good thing in itself? How much of one?
⬐ jacobolusAre you asking whether it is a good thing for people to be able to vote their conscience vs. voting however someone with social/economic leverage over them would prefer?⬐ thaumasiotesDid the change make people better off? By how much?I don't see "the workers' parties get more votes" as a worthwhile end in itself, but maybe you're different.
⬐ jacobolus⬐ jack9If the most powerful people in society can bully everyone into voting for their preferred candidate under threat of forceful personal retaliation if they don’t, what’s the point of voting at all?How do you define “make people better off”? Is political self-determination an end in itself, or is the whole political system just a means to material success for the ruling class?
Personally I think having a wider distribution of power in the society is itself a goal worth fighting for. In the long term it tends to make the society more just, more stable, and more prosperous, and bring the political process more into alignment with solving concrete problems affecting the citizenry.
⬐ thaumasiotesWould the world be an even better place if the workers' parties got even more votes? Why stop here?⬐ thaumasiotesI guess I'll expand a bit. There's no limit to how finely we can grade the amount of electoral power given to which groups. If you think the purpose of elections is to produce good outcomes, it is vanishingly unlikely that an ironclad one-man-one-vote system is close to the best we can do, no matter what your idea of a "good" outcome is.If you think the purpose of elections is to realize the inherent moral virtue of voting your heart, I don't see why I should be encouraged to vote my heart when it tells me that it wants Robin Williams to be president, but not when it tells me that it doesn't really care whether John McCain or Barack Obama is president, but it does want ten dollars.
⬐ jacobolus“Good outcomes” is a bit vague, depends on ideological preferences, and is hard to measure even when we can agree on criteria.In my opinion the purpose of elections is to make the political system beholden, responsive, and accountable to the populace; to give the political system legitimacy so that it will be popularly supported; and to guarantee peaceful transitions of power and general political stability.
Those goals are undermined when a small number of powerful people can intimidate, cajole, or trick the public into voting how they prefer (usually against the interests of members of the public, and the nation’s interests in general). For this reason, I believe in constraints on campaign financing, election-season advertising, and believe that free, fair, and accessible elections should be a political priority in my country, alongside robust public education with instruction in civics and critical thinking, and a healthy independent media ecosystem.
I have no idea what “the inherent moral virtue of voting your heart” means. Feel free to vote for Robin Williams if you want, but realize that in most countries (including the USA) write-in votes for dead Americans are invalid.
> vanishingly unlikely that an ironclad one-man-one-vote system is close to the best we can do
I have no idea who you’re responding to, or what your point is. Nobody in this thread ever said anything about an “ironclad one-man-one-vote system”.
"Good thing (tm)" is not a qualitative metric.The problem with that video is that it assumes that that the internet is involved at some stage. In India, that isn't the case.EVMs are not internet enabled, neither are they "programmed" by sticking a USB in them. They come in huge sealed boxes to the centres, and are carried back the same away. The data never leaves these machines. If my knowledge is correct, the data can only be accessed by a high ranking election official called the RO.
Paper ballots were the norm in India for over 40 years before EVMs were introduced. Election fraud has been non-existent since then.
⬐ roystonvassey>Election fraud has been non-existent since then.Can you provide a source for this please?
⬐ pkd⬐ divs1210I think it's disingenuous to ask for the proof of non-existence of something so obvious that if it existed, it would have caused a huge uproar.There has been no proof of election fraud in Indian elections since EVMs were introduced, apart from the usual whining of the leaders who expectedly lost.
⬐ roystonvasseyWell, there is currently a huge uproar in India about exactly this so I'm not sure if it's all that disingenuous.Moreover, even a cursory search of electoral frauds in India throws up a huge gamut of complaints, ranging from 'ghost voters' to missing ballot boxes (and EVMs). Parking aside an another unsubstantiated claim that leaders who lost are just 'whining', I will still contest the claim that 'there have been no electoral frauds' since EVMs were introduced, as your original comment implied.
There were allegations of evm tampering recently. It's still unclear whether they are true.http://www.livemint.com/Politics/fIKiRvhaDSieYz25Lm8vRM/EVM-...
⬐ r00fusNon existent or completely hidden?⬐ pkd⬐ mixmaxI would be very surprised if it could be "completely hidden" given the political partisanship that exists in India.⬐ HaoZekeConsidering that the media is always howling about how the results have been tampered with.. Election fraud in India with evms is like hiding a tree in a forest, no-one would know for sure with all the allegations flying around.As Tom Scott points out in the video you're just moving the problem. They may not be connected to the Internet, but surely someone has programmed them. Who? And how do you know noone has changed the software? If they've been programmed at one point they can be programmed again.It's Pandora's box.
This won't take long.Obligatory Computerphile/Tom Scott video on why voting machines are an awful idea; if you haven't seen it, it's a great watch: https://youtu.be/w3_0x6oaDmI
⬐ kefkaIn all honesty, I like the implementation Estonia is doing.In effect, your identity card allows you to vote as many times as you wish. You cannot see your vote, but the newest vote overwrites the previous vote.
This means, that if you are coerced to vote a certain way, you can simply make another vote and wipe out the previous one.
The only downside is this would require a national ID program, which many religious extremists are very much against.
⬐ aianusYou just have to coerce them near the end of the election. Or, even better, take their smartcard and hold onto it until after the election.⬐ badsockEstonia's system is absolutely hackable. Anything that runs on commodity hardware or a commodity OS is. See my rant in the main thread.⬐ devnonymous...but doesn't that remove the anonymity of the vote? IIRC political voting is by and large a secret ballot.⬐ KarunamonMany not-religious-extremists are against it too. Given the abysmal security record of the federal government, putting all the things in one database instead of having it distributed among 50 just makes it a bigger target.That, and knowing the federal government, such a system would cost a ton, be an overwrought mess of spaghetti code created by some Enterprise Software(c) firm, barely work, and most importantly, be rolled out primarily to benefit the government, rather than the citizens paying for it.
No thanks.
⬐ icebrainingHaving a smartcard and having a single database are two completely orthogonal issues. In my country, we have the former without the latter - in fact, we still have different IDs for different services¹. The smartcard serves as a single authentication device, much like you can have a single SSH key for many servers.¹ Using a single ID for each person is forbidden by our constitution, in the article regarding the usage of IT.
⬐ KarunamonFair enough, but that still doesn't obviate the cost and competence concerns. Knowing the state of fed IT, it would probably wind up being a 5-year-old RSA dongle variant that uses RC4 or some such.
Because people move, and you need to be registered to vote in the right constituency and polling station (and those need to be well positioned/balanced so that too many people aren't voting in once place - which could mean some are unable to vote due to queues).Being able to vote anywhere is not an option - it would required digital voting, which we do not want.[1]
⬐ braghI wish that you could explain that in Estonia. Around here, anyone doubting e-voting is viewed as part of the fifth column and mocked like a 9/11 truther even by fellow techies, who really ought to know better.
Obligatory Tom Scott/Computerphile video on why electronic voting machines are awful.
relevant Tom Scott video on E-voting https://www.youtube.com/watch?v=w3_0x6oaDmI
https://www.youtube.com/watch?v=w3_0x6oaDmI
I'm not a conspiracy theorist at all. But HN has story after story about how vulnerable voting machines are: https://hn.algolia.com/?utm_source=opensearch&utm_medium=sea... The more I look into the issue the more horrified I am. One place had voting machines that ran windows XP and sent votes over wifi, and were hacked with a default administrator password. This computerphile video goes into a number of problems with the concept: https://www.youtube.com/watch?v=w3_0x6oaDmIThe fact that the polls were off by such a huge amount is concerning to me. States that weren't supposed to be even close somehow ended up going for Trump. It's known that Russia supported Donald Trump's campaign and had targeted voting systems, which is terrifying. Overall the election seems to be very close in terms of popular vote, and many swing states were won by very small margins or just a few counties. A small amount of fraud targeted in just the right places could perhaps have changed the outcome.
How concerned should I be about this? The fact that the election wasn't close in terms of electoral votes is comforting (if you are rigging an election, it's best to try not to overdo it and draw suspicion.) It would be nice to know that results are consistent across states and counties that use different kinds of voting machines or paper ballots. I don't know if that has been tested yet.
Why Electronic Voting is a BAD Idea - Computerphile: https://www.youtube.com/watch?v=w3_0x6oaDmI
Pretty much the same arguments against e-voting apply to this I think https://www.youtube.com/watch?v=w3_0x6oaDmI
I can, and it isn't. It cannot be.First of all, I wrote above you in this thread, regarding smart cards for government ID:
> That's not really a good solution either, though, because that requires trust in an essentially unverifiable system and the entity producing it.
So, maybe you want to address that instead of just pointing out that people are in fact using a system that obviously has this problem that I already mentioned.
As for why electronic voting or electronic counting of votes is a terrible idea (I would have thought everyone on here knows that by now): It's impossible to audit. Elections are the failsafe of a democracy that has to be able to remove a government from power that tries to prevent being removed, and they are about the control of huge amounts of recources. Therefore, you cannot have trust in a small minority as the basis for its reliability, you have to have a system that is very hard to corrupt even by the government. A government server counting votes is the exact opposite of that.
See also: https://www.youtube.com/watch?v=w3_0x6oaDmI
The fact that, so far, noone has seen any problems is completely missing the point. First of all, the whole system is set up such that it's really difficult to find out if something went wrong/was manipulated (that's just the nature of electronic voting). Secondly, most elections aren't all that problematic. In times of peace and prosperity, there usually isn't much contention over the results of an election. What makes a voting system good is when it's able to stay reliable and trusted in times of political unrest.
⬐ markdownThank you. I appreciate you taking the time to explain your view.Further, I concede that you are correct as far as voting goes. That doesn't mean the card is useless. It serves other purposes quite well, even if imperfectly.
⬐ zAy0LfpBZLC8mACWell, but does it? How do you know?Voting obviously is the biggest problem, but other uses have similar problems. Especially in terms of how you could ever figure out if it's actually not working well. You say that it serves other purposes quite well--how do you actually know that? Is it just because noone has demonstrated yet that, I dunno, the smartcards have a backdoor that is actively being used to sign stuff in other people's names? How would you know if that were the case? How would you convince a judge that you didn't sign some document when they ask you to explain how it comes that their computer tells them that you signed it?
⬐ markdown> How would you convince a judge that you didn't sign some document when they ask you to explain how it comes that their computer tells them that you signed it?How would you convince a judge that someone was holding a gun to your head as you signed a document?
How would you convince a judge that you didn't sign something when they ask you to explain how it comes that the signature on the document matches yours exactly?
⬐ zAy0LfpBZLC8mACThe thing is that both of those scenarios are things judges can be expected to understand perfectly well, and have some clue how to approach evaluating the claim, and also, in both cases, there generally is a reasonable risk that any such attempts leave some form of evidence, deterring people from even trying it.With a smartcard, there is nothing of that sort. It's just a bunch of electronic numbers and "the blackbox says you signed it!", there isn't really anything there to investigate, plus judges can in general be expected to not have even the slightest clue how to evaluate claims about IT security, so more than likely you'll end up with a situation where judges simply accept the government-mandated assumption that what the blackbox says is to be trusted.
It's the same fundamental problem as with electronic elections: The actual process is necessarily completely removed from human perception/observation, and therefore ultimately must be trusted blindly if it's not to be rejected outright.
The more people insist such verification is possible, the less you should trust them, they don't understand the issues[1]. It might be possible to come up with some provably verifiable scheme but they are very sophisticated and revised often because people still come up with ways to skew them[2].[1] https://www.youtube.com/watch?v=w3_0x6oaDmI
[2] https://evoting.bismark.se/verifiable-electronic-voting/
⬐ onestoneThat YouTube video is full of logical fallacies and wrong claims.And even if such a verification is impossible, I don't think we should reject incremental improvements just because the result is not yet perfect.
⬐ vladimirralev⬐ pdkl95This video is a highly cited source on the issue, admittedly aimed at less educated viewers, but quite accurate. There have been no rebuttals since it was posted and there are serious computer scientists putting their name on it. If you want to write a substantial rebuttal, I am sure it will be huge news in the community.Even the simplest verifiable voting system is so complicated normal people will be confused how to use it and take advantage of it.
⬐ bozho⬐ onestonehttp://techblog.bozho.net/why-all-the-fear-in-electronic-vot...⬐ vladimirralevWell this article throws a bunch of different things out there suggesting that, first, Bulgaria will adopt verified electronic voting, and second, that electronic voting is sound enough and ready for deployment. Both of these points are false or unclear at best. Then the blog seems to suggest there is some sort of middle ground between verified voting and non-verified voting and it's OK to make some half-assed step in this direction, which is exactly what the video warns against.When people talk about electronic voting, typically this means the US-type of voting. And when someone talks about verifiable electronic voting, then they should start by making it clear that this is orders of magnitude more ambitious, it hasn't been deployed anywhere and Bulgaria will be the first country in the world to do it. This is a project of historical scale including the known practical difficulties with the current methods. It should not be advertised like a proven system working in EU and US like it is now. And like I said even if Bulgaria really adopts any sort of verifiable voting there will be so many confused people due to the nature of the process it will skew the results.
Finally, again as the video explains paper vote counting may not be perfect, but it does require more people to involved in the fraud. This is a very important point. Results are available per area and each party makes sure the sum makes sense at least from a small sample.
A couple of examples from the first minute of the video:- A ridiculous example of "electronic voting" is presented - voters download ballot papers, fill them, then email or fax them back. This obviously sucks in multiple ways. Therefore, all kinds of "electronic voting" must be broken.
- Physical voting is very old, therefore it must have become solid and tamper-proof by now. This is not true. Physical voting is vulnerable to all kinds of manipulations, and they do happen on large scales.
The wrong claims continue forward. Just because that dude sounds smart doesn't mean his clip has any value.
⬐ vladimirralevThis "ridiculous" example is very real and famously practised to this day MASSIVELY in many countries [1]. It is the prime example of what most people understand as e-voting. He does address other types of voting as well later, including the "open-source bullet-proof machines".The guy explicitly says physical voting can be compromised easily too, but it requires much more people and it will exhibit patterns such as location stats, violence or outbursts of whistleblowers and it is more or less contained unless the whole country is on it in which case - good for them anyway. While with e-voting, you could technically be a very small group of people and you can model your fake results to be statistically plausible much better with no patterns.
[1] https://travel.state.gov/content/passports/en/abroad/legal-m...
While I love Tom Scott's videos, Andrew Appel (CS Prof. at Princeton) has a much better explanation[1] of the history of voting and why electronic voting is a terrible idea.We have hundreds of years of experience learning how to secure paper ballots. Complexity creates attack surface, and usually fails to provide all of the security features provided by a simple paper ballot that is hand counted in view of all parties.
Why Electronic Voting is a BAD Idea - Computerphile
Tom Scott has done a very good video on the dangers of e-voting [1]. Good watching for me and also entirely suitable for my mum.
⬐ drdeadringerI've watched this video several times now.Is there any balance to this enthusiastic laundry list of "here's another negative reason why this is a Very Bad Idea"?
⬐ BuildTheRobotsSometimes a bad idea is just entirely bad o_0
I can't see how that in any way can be anywhere near secure enough. Online voting for anything important, is a bad idea.
⬐ baucElectronic voting of any kind is dangerous, it's amazing how much trust is used in any voting but how little can be afford when it's electronic (online or in person machine based).⬐ alexd415They are describing a system that can't be hacked by a single individual because there would be a third party with a record of every vote.The video you cited uses a poorly planned and executed example of an online vote.
The US voting systems are also a poorly planned and executed set of systems.
Computerphile: Why Electronic Voting is a BAD Idea https://www.youtube.com/watch?v=w3_0x6oaDmI
⬐ idrismI'm convinced.⬐ burkamanThis is about voter registration, it has nothing to do with electronic voting.⬐ jakeoghI realize that, but all to often bad ideas are implemented incrementally. Online registration is an obvious step along the way. Next up: Internet ID (for "secure" online registration).⬐ burkamanWell there are a bunch of comments from Debra Cleaver in this thread that make it clear that she doesn't trust online voting yet. But yes, this is an obvious step along the way. Eventually we will get to a point where online voting is practical and safer than physical voting.⬐ jakeoghThat's the point, it wont be safer. Software and it's hardware are inherently buggy (or worse) and that's not going to change any time soon.Hand counted paper ballots are by far the safest. http://www.handcountedpaperballots.org/documents/requirement...
⬐ burkamanBut eventually, it will. I don't think we really disagree here, unless you think that widespread online registration will somehow cause online voting to inevitable happen too early. We tried electronic voting already, it didn't work very well, most states stopped doing it. When the technology gets better we will try again.Self-driving cars recently became a safe idea even though software is inherently buggy. Someday the same will be true for voting.
⬐ jakeoghNo, I really am saying electronic voting is fundamentally a bad idea, hence the the video explaining why.
"Why electronic voting is a bad idea"
Why Electronic Voting is a BAD Idea - Computerphile: https://www.youtube.com/watch?v=w3_0x6oaDmI
Hopefully never: https://www.youtube.com/watch?v=w3_0x6oaDmI
TL;DR - let Tom Scott explain why electronic voting is a shockingly bad idea: https://www.youtube.com/watch?v=w3_0x6oaDmINo, electronic voting should never exist. Seriously, stop trying to add terrible amounts of complexity to a solved problem.
We have hundreds of years of experience with how to solve simple paper ballots. They work. They can be trivially easy to understand[1]. Any complexity added to this
As for not having a hard copy backup - do you seriously trust
1) the computer hardware, OS, and other standard parts,
2) the software designer (no mistakes allowed),
3) the probably rushed implementation (bug free software?),
3b) if Diabold was involved, an easily modified MS Access DB with no audit trail and an open data port,
4) the collation process process good luck finding a device that uses crypto or signing, and
5) that all of the above will somehow stay secure from attack when run by numerous volunteers, defending against regular attempts to fix the results or otherwise modify the results.
In a perfect world, electronic voting would work. In reality, electronic voting is guaranteed to fail far more often tan simple hand counting paper ballots. Even worse, the complexity of electronic voting allows damage to amplify. There s only so much damage someone can do to a paper ballot or local group of ballots. Once you involve networked computers, there is the risk that an attack to affect the entire system.
What is the benefit, anyway? Very slightly faster results? Do we add all that risk, cost, and complexity so the media can have their show a bit earlier? The supposed benefits are not important.
Electronic voting should be met with extreme suspicion. Like the con artist that tries to distract you with numbers and extra movements, electronic voting is almost certainly a sign that someone is trying to fix an election.
[1] Canada gets ballot design[2] right - just make a mark next to your choice. Doesn't really matter what kind of mark, and no "hanging chads" or other mechanical nonsense that can fail.
[2] http://blogs.northcountrypublicradio.org/allin/files/2012/11...
Obligatory link:Why Electronic Voting is a BAD Idea - Computerphile https://www.youtube.com/watch?v=w3_0x6oaDmI
⬐ nickpsecurityThat's a really good explanation and fits American attention span. He's covered most critical stuff within 3 minutes. I'm keeping it. :)
>One no longer has to setup physical voting booths, deploy thousands of election officials, physically tally votes and so on.Computerphile actually has a pretty good argument why we shouldn't use e-voting. https://www.youtube.com/watch?v=w3_0x6oaDmI
I feel the need to share this video again:
Uh, no: https://www.youtube.com/watch?v=w3_0x6oaDmI
I love Tom Scott's computerphile videos. His frustration grows over a few videos; his videos about the difficulties of internationalization[1] and the problems of electronic voting[2] are even crazier.
⬐ iamlolzThanks, these are great.
Brady Haran and Tom Scott made a great video about just a few of the ways electronic voting is a horrible, rotten, no-good idea:
⬐ hodgesmrInteresting points, but I think these are all solvable problems. More appropriate title: "Why Electronic Voting Is Hard".