The leak does increase the risk of a single trusted insider messing with the system, though.
Based on previous reports on the security of devices like these, I wouldn't be surprised if a quick flash dump of the NVRAM is enough to crack the password in seconds already. Perhaps voting machine manufacturers have finally made it too difficult to disassemble these machines in a short amount of time, but that's historically not been very difficult.
I would reckon the access time needed to hack+access the BIOS lies in the area of "a few minutes, twice", not the kind of prolonged physical access you'd need to brute force the password.
That's not exactly "someone posing as a voter could hack the machine", luckily, but then again apparently at least one hacker at DEF CON found a vulnerability in voting machines this year that won't be fixed before the upcoming American elections, so who knows if there's an exploit like that lying around.
Do you know of a vulnerability that allows someone to access the bios password hash but can't also be used to hack the election without bothering with the bios password?
The US voting machines are just waiting to be hacked, just a matter of when, not if.
We need results in as short a time as possible, ws have about 100 crore registered voters, of whom about 70% on average vote, meaning that the ECI must process 70 Crore votes, in under 10 hours.
Making that happen in a free and fair way is a logistical challenge, one that we undertake every 5 years.
One more large advantage of EVMs is making booth capture very expensive (because EVMs have a inbuilt rate limit, but a ballot box does not).
At any rate, with VVPAT being there, it adds another layer of security.
Why do you need the result in under 10 hours?
You forgot about 2000. Also, the main reason for the delays are mail-in ballots, which could be delayed for days/weeks, depending on how lenient the deadlines are.
By law the mail-in ballots have to be in by election day.
Ranked choice voting is essentially doing multiple elections at a time, having to recount portions of votes every time a candidate drops out. That's a lot easier with computers.
I think the totals from every precinct could be made public in a way that they are verifiable from a central database, where the numbers add up to the total for the state and eventually federal count.
This is probably already happening, but people don't seem to think so.
I agree that for voting systems other than FPTP it is more work and may take longer - but it’s not an intractable problem.
The US 2000 election was a fiasco of the failures of paper ballots. Officials spent weeks scrutinizing ballots and to this day nobody thinks they got it correct to within the margin of error.
That's when electronic machines came in. They are not necessarily better, but nobody who lived through that nightmare thinks fondly of the clarity of paper ballots.
I lived through that, it wasn't that big a deal, and I still think fondly of the clarity of paper ballots. No system is perfect, but paper ballots work and work well.
As an Indian citizen I see the casual lack of security mindset in large swathe of things implemented by both public and private actors. Many things get better only though iterative failures and corresponding reactive fixes.
What type of failures and improvements have happened here, or instances of demonstrated hardness against those with motivation and access to machinery.
There was an interview with one of the Profs who designed the EVMs here.
The Electronic Voting Machines (EVMs) do simple counting of key presses and keep tally of the totals.
The machines are not reprogrammable, run on alkaline batteries and have no WiFi/Bluetooth, USB or ethernet.
I have some distrust in the American voting system, first with the computerized systems, but also that federal elections are run at the state level. With so many states and jurisdictions, I can't help but feel that fraud is happening. If the federal elections process was truly federalized, and funded if it is not already, managed and controlled by the federal government, then I think there could be greater control and security.
The chaos that would ensue from this is staggering.
And your proposed resolution means someone could DoS an election by copying their ballot and submitting it.
Colorado ballot envelopes already have a bar code - essentially your "serial number".
I feel like I'm taking crazy pills because everyone who thinks there's widespread election fraud seems to not know anything about how elections work.
Does your knowledge imply the system is perfect? Is there more than one type of voter fraud? Do we mean just one or two particular federal elections or all elections at every level? What about internal party elections, have those all been extremely fair and above board lately?
There's obvious advantages to perpetrating this class of fraud. Historically we know this fraud has interfered in all types of elections at all levels. Why would this not continue to be a target?
I mean, even in your link, Step 1 includes mailing ballots in. Even recently we've seen the simple flaws in this insecure mechanism. How could you have such a level of confidence in this system? The fact the smart and well meaning people do is all the more reason to engage this subject more rigorously.
Perhaps a more generous interpretation to people making these claims is to understand that we are still not doing a good enough job at making our elections secure, easy, free and fair. For Hacker News this should easily be understood to be a technical challenge and one that the USA has yet again completely failed to succeed at.
I do agree that America is failing this test.
It's literally that easy in Colorado.
Further, if the person the ballot rightfully belonged to actually wants to vote, they'll either request a new one or vote in person - either one of which would invalidate the earlier mailed ballot.
You need to present an election system that will convince Joe Q. Public, who is almost certainly not as tech-literate as this forum, is probably not even white-collar or university educated, and likely also suspicious of globalisation. "Tamper-proof Indian system-on-a-chip" does not have that property. Otherwise you get increasingly unhinged arguments over the election results until something breaks.
Ref.: https://www.brennancenter.org/our-work/research-reports/hand...
Indeed! I've volunteered at polling places where this is done.
I think one reason polling places have gravitated towards the "use paper ballots for everything, which are then scanned" option is because you're likely going to have something like that anyway, for mail-in ballots. It does bring problems, but you still have the paper to fall back to.
That's not exactly what happened in Florida 24 years ago.
In principle I don't really disagree, but just saying the problems run rather deeper than just hand-counting vs. electronic voting. The one time a recount actually would have been useful it was stopped for highly legalistic reasons that are hard to explain to a normal person. Not only that, it's highly likely – perhaps even probable – that Gore won Florida, although we'll never know for sure.
I see no reason it would play out any different today. We all saw what happened during the last election.
Not only that, with the full-on cult of Trump and the perceived victimhood of his supporters, I'm not really sure to what degree hand counts can always be trusted. Given the very small margins in some states, even a very small error rate (malicious or otherwise) can really matter. Perhaps this is paranoid, but I fully expect Trumpdroids to try to cheat. Any idiot can cheat a handcount "by accident" (prove it otherwise), but actually tampering with voting machines is operationally much more complex, and not something any ol' yahoo can easily pull off (need not just technical knowledge, but also physical access).
tl;dr: it's all pretty fucked no matter what.
Which is one of the reasons why the Help America Vote Act[0] was passed two years later.
> The one time a recount actually would have been useful…
I understand things are stressful, but please avoid resorting to hyperbole. There are other times in American history when a recount has changed the result. For example, see the 2004 Washington State gubernatorial election[2].
> Not only that, with the full-on cult of Trump and the perceived victimhood of his supporters, I'm not really sure to what degree hand counts can always be trusted.
> tl;dr: it's all pretty fucked no matter what.
Be an observer.
Seriously: Be an observer. For example, Orange County (California) has their public notice[2] inviting "the public" (that's you!) to observe election operations. Tomorrow, assuming you're in a place that allows early voting, go to a polling place or vote center (or whatever they're called there) and observe. On (and after) Election Day, go to your county's registrar of voters (or whatever they are called where you are) and observe the tally. Learn how to call out when something is wrong, and learn how to "observe the observers" to call out if they say something is wrong (assuming you think their call is BS.
[0]: https://en.wikipedia.org/wiki/Help_America_Vote_Act
[1]: https://ocvote.gov/sites/default/files/elections/gen2024/Pub...
[2]: https://en.wikipedia.org/wiki/2004_Washington_gubernatorial_...
Appropriately documenting these occurrences should not be hard. Appropriately archiving them would be moderately difficult but would serve as the evidence of the final tally. The final tally of all precincts could then be calculated by any number of independent organizations.
There can't be any hard to understand computer voodoo, deleteable audit logs, or single vendor reporting the final tally. No one should trust that anyways.
We talk a lot on HN about people's beliefs being a reflection of the systems they're placed under— you show me the incentives I'll show you the outcome— and the incentives are clear as day. Democratic voters have two nice properties that are being exploited, Democrats are generally concentrated in major metro areas, and Democrats vote early and by mail. Being concentrated makes those counties easy targets for lawsuits hoping to tie up the process with vague nothingness and rule-lawyering to try and turn away voters. Attacking mail in voting very cleanly affects almost entirely Democrats. And pre-undermining the election results act as a hedge to explain away a loss. Because this is a must-win election for Trump's GOP, two losses in a two risks pushing the "MAGA" faction of the party into irrelevancy.
And so that's what you see, it's a narrative that has been pushed hard designed specifically to carry out the exploit. It's genuinely clever and once it reaches critical mass the people who are tricked into actually believing it outnumber the original concern-trolls so it's naturally self-perpetuating.
So look, I have no expectation that you'll change your stance, I just hope at least that if you really bought into it that going forward you'll at least do it on purpose and be in on the game.
The US election system is very distributed and fragmented - there is virtually no standardization.
Even in the tightest margins for something like President you'd need to have seriously good data to figure out which random municipality voting system(s) you'd need to target to actually affect the outcome.
Totally standardised, coordinated, and decentralised. But fragmented (structuraly) or incoherent.
But agree would be a million times worse with a single electronic system
As you said, no standardization, which means all precincts reports on wildly different time intervals, if you can interfere with just tallying during or after the fact, and you can get the information on other precincts before any other outlets, you could easily take advantage of this.
It's essentially the Superman II version of interfering with an election. Just put your thumb on the scale a little bit everywhere on late precincts all at once.
The fact that so many states let a simple majority of their state take _all_ electors actually makes this possible. If more states removed the Unit Rule and went like Nebraska and Maine this would be far less effective.
There is standardization within all precincts of a county. And from my past experience as a poll worker, I can tell you why precinct reporting times can vary wildly within a county.
(Note things I say here are specific to the county where I worked.)
Anyone in line to vote by 8PM is allowed to vote. We (the other poll workers and I) could not start closing the polls until every voter had voted. If the local community did not trust vote-by-mail, then that polling place will likely see delays in closing due to lines.
One polling place often covered multiple precincts, so you'll see multiple precincts delayed simultaneously.
After that, boxes go from one queue to another, with multiple queues consolidating into one or two. So, a one-minute delay in dropping off your box to a collection point, may mean a two-hour delay in that box being processed.
> if you can interfere with just tallying
First off, that would require a remarkable amount of fraud. Second, that's why there are observers. It doesn't matter if it's 2AM on the Wednesday after election day: If tabulating is happening, you are allowed to observe.
Anyways, you would walk into it and throw a big mechanical lever that would close a privacy curtain behind you. Then you would have to manually turn an individual mechanical switch for each choice. When finished voting, you would throw the big mechanical lever back to the original position. Moving the lever back would cause all of your votes to be counted, reset all voting switches, and open the privacy curtains. There were mechanical counters for all possible voting options. Then, when the polls closed the votes would be read off the counters (and presumably verified by multiple individuals) and then reported to the whoever they reported the results to.
This was before the internet, but the same machines could (and should) be used in the internet age. There's nothing to hack into electronically as the voting machines contain no electronics (at least for communications, for sure).
The only big downside is that the machines have to be stored somewhere and they take up a sizable space. Also, they incur expenses to be moved from storage to polling places (and back).
Someone will bring up voters with disabilities, but there were voters with disabilities back then too. I'm sure there was a protocol for accommodating voter disabilities.
All in all, I think it's a sensible and pragmatic solution to thwart hacking and hopefully garner more confidence in voting integrity.
Everything else is a scam.
It would mean no secrecy of vote, but I think that secrecy of vote is for places that are new to democracy.
It could be anonymised to a point a clever system of personal certificats, but the idea is that in a 100 people district, the citizens should be able to count themselves and check if their real votes are correctly registred.
If the list is public, everyone got a proof of vote and can confirm that the global list is correct localy, then there is no way to hide cheating.
If someone is scared that his position will be known and still do it only because there is some fakely advertised security in place, you may ruin that person's life againt their will.
I prefer a system where people know how things work, take risks and are responsible. For what do we need a democracy if people are so scared of their family, neighbours and coworkers political views. The way we do democracy should me more mature after all this time. Probably the only place in the world trying to do it right is Switzerland, per example they have frequent local votations accomplished by raising one's hand.
I don't know any big change in the past, anywhere, like a big social progress, a regime change, a revolution or a coup that was enabled by a mass or anonymous voters. I think that if you look into it, you will find that it's always with a large consent or when a group of people takes action openly to push for it.
What? There are people in America who live under this threat today, and yes voting can actually change important parts of their lives.
Women under threat of their spouse beating them to death for voting "incorrectly"? Can you link to some examples of this? Like testimony of women who came forward fearing their spouses, not just in general terms but on this specific issue of voting?
What parts of the country have you lived in?
I suspect you can't answer that question directly because the answer is self-evident and destructive to your case.
Anyway, here are a few anecdotes: https://restlessnetwork.com/domestic-abuse-is-a-voter-suppre...
Inb4 "those are anecdotes!" And then subsequent refusal to answer the point blank question of whether you believe it happens or not, for aforementioned reasons.
I would not make an assertion either for or against it in the absence of data. I would not put forth such a hypothesis without at least anecdotal indicators of a problem. I appreciate you linking to something; even anecdotes help to paint a picture for potentially additional research/analysis, so thanks for that. Now, in response to the linked anecdotes:
The author mentions emotional gaslighting in 2009 and in 2017. There's no indication that she or the other woman was at risk of physical abuse (which is what you suggested was the issue) in either case.
So I would agree with and endorse the statement "Some men use emotional abuse and gaslighting to control how their spouses vote" but still disagree with the extreme position of "women are at risk of being beaten to death for their voting positions" as that remains unsupported hysteria.
This is the most charitable take I can make from your link. There's some real nuggets sprinkled in her writing which lead me to paint her as a completely unreliable narrator and discount/disregard anything she says. If she's foolish enough to stay in a relationship with a delinquent, drug-abusing, alcoholic emotional abuser....hey, that was her choice, and her competency as a responsible adult is questionable at best. If one of my junior male Marines walked came to me with the same sob story (and I've had Marines with bizarre relationship problems before), he'd get a pretty stern talking-to, some life advice...and we'd probably be questioning his decision-making and level of responsibility he can handle moving forward.
"Life is hard....it's even harder when you're stupid."
The quote is about her in a war setting with a rifle of her own.
Maybe 'Battle Royale' or 'Hunger Games' as an execution but that is kinda far fetched.
Since when do people facing firing squads get issued a rifle of their own? How do you explain this language he is using?
To me it's clear he meant "put her in combat facing a squad of adversaries" (US Army squads are 9 men, USMC are 13), essentially calling her a coward/chickenhawk.
About the best I can come up with is a QR code displayed on the screen and on a printout that you can compare with a third party phone app. Machine results are tabulated, and the QR code sheet is put in a lock box separately. This at least provides some way to compare what the computer says you voted versus the QR backup ballot for audits. I'm sure there are holes in my idea.
That's definitely not secret. If you can audit it on your phone, baddies can force you to show your phone to verify that you voted "correctly".
And what happens if baddies come to your house before the election, and say that after election day they'll check up on you, and if you don't they'll beat you up?
The secrecy on individual votes has a good reason to exist. Votes are already bought based on per-section public results, imagine what would happen if individual votes were public.
Moreover, people under any sort of threat (communities dominated by drug dealers, employees of a dishonest, politically engaged business owner) would be in big trouble.
How about having the voter verify a printed copy of their electronic vote before the machine casts the ballot and then counting the paper ballots afterwards to verify the tally with the machine. Two way verification. Problem solved.
Since 2016, with the help of activists over the country, NJ and many otther states switched to electronic machines with paper records validated by the voter. Unfortunately the part about counting the paper ballots afterwards varies between states.
I don't think most states hand-check every single ballot, but I'd be shocked if there are any that don't perform random audits where some sampling of the receipt are hand-checked.
[1]:https://ballotpedia.org/Voting_methods_and_equipment_by_stat...
I am not a fan of Optical scan either. In NY back in 2019 I was a volunteer for a local election that was super close and we discovered that the machines rejected a bunch of votes. We then had to challenge the election and do a manual hand count. For the votes rejected by the machine that were not fully legible we had to find the voter who cast the ballot. I recall some ballot were rejected for stupid reason like there was a mustard stain on the ballot(this is in NYC ha ha). In the end I think we lost by 60 votes or so.
A good system in my mind is what NJ has moved to (although it seems like they have not moved to this system statewide which is a shame): DRE with paper trail. Essentially, the voter votes, the machine prints a paper record and shows it to the voter so they can verify. Once they verify, the vote is cast and the paper is deposited into a sealed box.
Unfortunately they only go back and count the paper for close races but they should really do it for all races.
There is no evidence of voting systems in the US being "scams".
This monster under the bed mentality is getting tiresome.
Neither of these claims is right. Personally, I doubt the election was stolen. I know of a handful of cases of voter fraud both anecdotally ("My mom [in a retirement home] told me to vote for McCain, but I know she really wanted to vote for Obama, so that's what I put.") and numerically[1].
I would not be surprised if one or two of the very razor thin House district elections in 2020 experienced enough fraud to flip the decision. This doesn't mean that I believe all of the Dominion voting system hack nonsense or anything like that. I just think only a Sith deals in absolutes.
1: https://apnews.com/article/ohio-voters-citizenship-referrals...
Most secure in history is (in my state) is correct. There are more pointless safeguards than have ever existed. If you were willing to go with the results of any election pre 2020 then you should be overjoyed at how much more "secure" the process is. That's the point that's being made, the amount of provable voter fraud that bypasses the checks and is only discovered after the fact is nil
The article you cited is literally the system working. There's 11 million people in Ohio, the number of illegal registrations is several orders of magnitude less than the lizardman constant and they were nonetheless caught.
Source? I thought all the election fraud lawsuits/investigations for the 2020 election basically went nowhere?
Opinions aren't formed on court cases. That's why in 2020, more than half of Democrats thought the election was irregular. It's remarkable to me because this is one of those issues where polling says voters of both parties agree, but the media insists that there's nothing there. That's crazy
???
https://en.wikipedia.org/wiki/Bush_v._Gore
>That doesn't mean we can't look at the videos of observers being banned, the facts of now-declared-illegal extra-legislative policy changes, the timings of various ballot drops etc.
My impression is that there were a bunch of "this seems sus" allegations, but all the popular ones have been discredited. What are the most credible examples (ie. of actual malfeasance going on, rather than merely "this seems sus") that you can provide?
The accusations are always vague as well since each time you zoom in on one it’s completely anodyne but you need the distance to keep up the specter of something nefarious.
What precisely happened here? Can you specify which ruling you’re talking about and why you think it’s so significant?
Existing state law meant ballots had to be received by 8 p.m. on Election Day in order to be counted. The Democratic Party filed a lawsuit to extend that deadline and the Pennsylvania state Supreme Court (not SCOTUS) made a highly controversial ruling that extended the deadline to the following Friday. This extension would have helped Biden (given his party filed the lawsuit to force the change), and given they barely won the state (Biden had 50.01%), there is a good chance it affected the outcome.
It's a strong term but there is no denial. I'm not even sure why people are so against calling out the obvious. Biden probably would have won a legitimate contest
> Biden probably would have won a legitimate contest
That’s why you’re getting pushback: he did a legitimate contest. The language you’ve been using has implied otherwise, which is implicitly throwing in with the convicted fraudsters.
To me this situation felt like a manipulation of the election process that is outside of the norms, especially for it to happen so late. That was a few years ago but it is an example situation that causes many to still feel the election was “stolen”. I think lots of people use that term to also include actions that are technically legal but feel unfair.
Of the state? Maybe. Of the election? No. Biden won 306 to 232 [1]. Pennsylvania only has 19 EVs. It wasn’t the tipping-point state.
[1] https://en.m.wikipedia.org/wiki/2020_United_States_president...
1. what happened in Pennsylvania?
2. why did a SCOTUS with 6-3 majority of republicans decide to side with Biden, of all people?
3. you haven't answered my previous question. what specific "irregularities" lead to you to not believe the official election results?
As I've said elsewhere, it's as if I put a ballot box outside my house, got enough votes based on my own rules, and then declared whomever got enough votes in my contest the winner. That's great, but for it to be a legitimate election, the law has to be followed.
Again I'm hardly alone in this. Polling shows widespread bipartisan belief that the election was irregular. I'm honestly shocked at how different the mainstream media views are from the everyday person you talk to.
>Again I'm hardly alone in this. Polling shows widespread bipartisan belief that the election was irregular.
The implication here seems to be that because the election was "irregular", that it wasn't legitimate. But what does "irregular" mean, and should the irregularities be the basis for overturning/ignoring the results of the election? For instance, the election happened in a pandemic. That's arguably pretty "irregular", and probably had a material impact on the results. Should the results be tossed on the basis of that alone? In other comments you mentioned other objections, like counting votes that turned up late, but it's not clear that tossing out those votes would make the election more legitimate. What's more irregular, sticking to the letter of the law exactly, and letting all the pandemic disruptions affect campaigning/turnout, or adding accommodations?
These were not mistakes. The secretaries of state announced that they were going to ignore election law. That should not be tolerated. It's an attack on democracy of the highest order.
I get that this is a privileged take because broadly speaking the more people vote overall the better Democrats do but it's really hard to fault throwing out fewer ballots. Like turnout is already so low and a person took the time to make their voice heard. People already feel like their vote doesn't matter, dqs for arbitrary reasons aren't helping.
The majority of the cases relating to that election were dismissed for various technicalities, not on merit. As in the judges didn’t laugh them out of the court based on the ideas in those cases. Of course they may have also been rejected on merits but we won’t know.
There’s a good list here, and it makes it clear that these cases were simply not going anywhere. The rulings aren’t technicalities like “you filed at 12:01 and the deadline was 11:59” but the failure to provide evidence of a problem even occurring in real life.
https://en.wikipedia.org/wiki/Post-election_lawsuits_related...
There is a lawsuit right now in Georgia over the decision by some locations to accept ballots over the weekend without GOP observers present. Counting without bipartisan observers happened frequently in 2020.
Also "observers" weren't mentioned in my original post. Just because someone watches a count is irrelevant to my original points.
There's just no moral defense of rule-lawyering to throw out valid ballots or turn away voters, and judges in red and blue states alike aren't having it.
Additionally, the sides have completely flipped. Utterly bizarre.
Politics has become trench warfare. Everything is a battle to the death to keep the other side from gaining an inch anywhere. And, as is often the case in warfare, truth is a casualty. Both sides will say absolutely anything to keep anyone from thinking that the other side has a valid point.
It's advertising, but without any truth-in-advertising laws. Or, if you prefer, it's propaganda. Any relationship to the truth is purely accidental.
Even the Brits don’t take anything at face value anymore.
But I think any attack on an American force will get you a quick lesson on our credibility, which, as an American, is all I really care about.
Similarly economically, good luck not participating in the American markets.
e.g. In Hanoi, American officials, diplomats, and executives are rushing to wine and dine people who literally celebrate the defeat of ‘American force’ in public, on the record, every year.
They treat even a random third secretary for some party committee 100km from Hanoi much much better than the 90th percentile upper middle class American household in the Bay Area…
Edit: And I’m not even going to talk about Eastern Europe or the Middle East, it’s really too harsh to put into writing.
Like, the Vietnam War. I don't even know where to begin.
Why would I be ‘salty’ about anything anyone does in Hanoi?
It seems clear that many people in Hanoi are benefitting enormously, which is pretty much a total positive, except for some possibility of inducing corruption elsewhere.
I read that as that your are implying that the American diplomats should take the Vietnamese celebrating their independence as an insult versus the American diplomats.
This further implies that the American diplomats should be salty concerning the Vietnam War, to not lose face or something.
Also, site guidelines call for charitable interpretation. When someone asks you to clarify, assume they need it clarified.
Since the comment in question doesn’t have a negative score currently and some time has elapsed, passing readers combined have already decided in a more credible way than a single individual can.
The Cold War ended almost 30 years ago. I don't live in the past. I look forward to a glorious future, where we can even work with dirty commies. If the people of Vietnam don't like their government, they should feel free to overthrow it.
It’s not some fanfiction story I made up while reading a novel…
And with one party transformed in the Monster Raving Loony Party, the other one can't do anything else but push its own agenda through when it can, so compromise becomes rarer and rarer. And it's not just Trump – remember the madness and obstructionism of the Obama years?
And yes, there have been times the Democratic party could have done better. No doubt. But it's absolutely not a "both sides" issue.
More generally: In the current election, Harris isn't the firehose of lies that Trump is. She isn't a shining beacon of truth, either.
The core of the other side is outright lies and fraud, rooted in nothing more than one person's narcissism.
Equating these two is just bizarre. "Murder, arson, and jaywalking". Or something like that.
And "both sides will, and have, claim election fraud when they lose" is just not true. There have been a few disagreements over the decades of course, some more reasonable than others, but nothing like 2016 has happened in recent history, from either party.
Agreed. There were 60+ court cases, but not evidence of fraud.
> The core of the other side is outright lies and fraud, rooted in nothing more than one person's narcissism.
Also agreed.
> Equating these two is just bizarre.
I wasn't.
> And "both sides will, and have, claim election fraud when they lose" is just not true. There have been a few disagreements over the decades of course, some more reasonable than others, but nothing like 2016 has happened in recent history, from either party.
I presume you mean 2020, not 2016. Yes, nothing like that has happened in recent history... until next week.
But speaking of 2016, I remember a large number of people (including Hillary) saying that Hillary "really won" because she had more votes than Trump did, as if the Electoral College was not a thing. I recall seeing it, here on HN, over and over, for months, that Trump wasn't "really the legitimate president".
No, nobody actually tried to do anything. Obama didn't tell states to send fake electors to the House for the vote. He didn't have a "demonstration of love and respect" or whatever Trump is currently trying to paint January 6th as. So that's better. Months of talk is better than 60 court cases, fake electors, and attempting to physically prevent the vote in the House.
Since you seem to keep mis-reading me, I'm going to say that again, more clearly: The two are not comparable.
And yet... the "it's not legitimate because our person lost" was still there as a definite idea. The idea wasn't election fraud - it was that the Electoral College had thwarted the will of the people, and therefore the election was somehow illegitimate. Never mind that we had rules in place, and we followed the rules, and under the rules that were in place, Hillary lost. But no, "it's not legitimate".
Nobody ever took it as far as Trump did. But both sides de-ligitimatize the other side's victories, if only verbally. (Again, "only verbally" is better than attacking the Capitol. But it's not as close to "we'll see you in four years" as I would wish.)
There are a lot of us. I don't really relate to the Bush GOP at all, and am not even sure what they have in common with the modern one other than some vague tax cuts (democrats do that too every once in a while though, so this is hardly some great conservative idea). I'm happy to see the Bush GOP completely gone. Today's GOP feels much more like the democrat party of the 2000s, which is what I grew up in. Much more working class. More 'rough' around the edges. Anti-corporate, etc (most fortune 500 companies and workers support the democrats, based on donation numbers)
For me the big national issue has always been a refusal to fight unnecessary wars. I admire that Trump started no new wars or engagements (he continued the existing ones, including some escalations, but I'm not a radical pacifist). For me, that alone seals the deal. I just don't believe in fighting stupid wars. I don't care about threats and I don't care about targeted military intervention. I'm not fighting forever wars, where they send boys my age to die (most of whom happen to lean conservative anyway). What a grift. If the Cheneys in the world want to fight wars, I recommend they grab their guns and go!
Did Republicans anywhere try to "secure elections" in a way that didn't involve curtailing voting rights? Improving voting machines, systems, counting, etc. in a way that partisan leadership couldn't mess with?
Georgia, I predict, will be a shitshow this year.
It's going to be insane here.
This week alone we've had Bill Clinton, Bernie Sanders, and Tim Walz stumping here.
https://newrepublic.com/article/187597/pennsylvania-election...
It’s a laughably depressing system. I think (without any supporting evidence) the national election system was designed to fit to the standards of transportation and communication 200+ years ago. It was actually feasible to vote per state then send one dude on horseback to DC to cast the vote for the whole state. That’s an OK system for the time.
But the fact that each state is given an approximate weight for its vote (electoral college system), is evidence to how we are trying get to something that looks like a nationally counted winner take all election. We’re just doing it terribly.
If we fixed these issues then election campaigns couldn’t just focus on swing states and ignore everyone else. The game theory would then shift to just needing to convince a majority of all voters to vote for you.
Besides, in your example, neither of those states matter anyway. Why should Pennsylvania be so important, merely because the electorate seems evenly split between the two major parties?
Note that the Bush/Gore election issues were not allegations of fraud or any intentional shenanigans. The issue there was a badly designed ballots and/or badly designed voting machines that let to a large number of spoiled ballots due to people voting for more than one candidate or not marking any candidate, and in one major county led many voters to mark a candidate other than the one they intended to mark.
All the controversy there after the election was how to resolve those problems. Some, like the infamous "hanging chads" could in some cases be resolved by hand examination of the ballot, but there would often be some ambiguity so that would not be without controversy.
Others, like the "butterfly ballot" in Palm Beach County did not lead to any physical problem with the ballot but the design of the ballot led many voters to vote for a candidate other than the one they intended to vote for. That was a completely novel failure mode and the system had no procedure for dealing with it.
Prior to Trump, it was afaict an accepted fact among software people that closed source electronic voting machines were sitting ducks ripe for hacking.
We went from "don't trust Diebold" to "how dare you question Dominion."
Whether or not an election has actually ever been hacked at the voting machine level is a separate conversation.
We didn’t, you’re just grossly over-simplifying a couple decades of history. In the 2000s, there were some very bad electronic voting systems which did not maintain paper records or printed receipts which which were never validated. That lead to tons of criticism – and better designs.
In 2020, nobody said “how dare you question Dominion” because the whole point was that we _don’t_ trust Dominion and use systems which are designed to be verifiable and the results had been independently checked multiple times.
If 'one side' break the silent understanding of 'do not criticize our complex, convoluted and arcane election process', well, bad luck if 'the other side' defends it instead of agreeing there is a need to do something about it.
I don't like how about every question becomes some sort of thrench warfare around strawman extremes.
I know correlation doesn't mean causation, but I also know that where's there smoke, there's usually a fire.
When you see a system more complex than paper ballots, know that the additions are not there on your behalf.
There are currently many heads of household voting for their entire families, and even aside from mail-in ballots, there are people watching and photographing other family members voting within polling places, and uploading the photographs to social media with parental pride. In many places, this is not even criminal anymore.
Paper ballots, with voters having no method to prove who they voted for (no-receipt), in a private booth.
https://www.cnn.com/2023/08/06/us/oregon-drivers-pump-own-fu...
Don't know about Colorado but many other states have been sending ballots to dead people as well as people who are not resident anymore. The potential for fraud is huge
https://apnews.com/article/2022-midterm-elections-voting-gov...
https://www.rmpbs.org/blogs/news/colorado-noncitizens-deceas...
Is your claim that the social security administration sends a death notification to the deceased person's voter registrar?
“we get information when Coloradans pass away from two spots… the Department of Public Health and Environment and also the Social Security Administration.”
https://www.brookings.edu/articles/how-widespread-is-electio...
Not to mention, you can do the opposite: you can destroy your "wrong-minded" family member's ballots to prevent them from voting.
You can always still go vote in person at a polling center, even with all-mail voting they always keep a few open just in case someone loses or spoils their ballot.
They'll record the vote provisionally just to make sure you're not trying to vote twice, and once it's clear no mailed-in ballot arrived it gets counted.
https://www.brookings.edu/articles/how-widespread-is-electio...
Are you able to cite any evidence for this sort of conspiracy, or is this mainly conjecture? My search came up short. While one can certainly imagine it taking place, particularly in smaller groups, I expect there are both federal and likely also state laws that would make such activities illegal. At the very least, it would seem hard to hide at scale.
That's a felony isn't it?
Is there any basis in reality for this?
They could, though there are some problems with that:
(1) It is generally illegal to ask people to do that,
(2) Voters could “comply” with such a demand and simply mark a ballot the way the church wanted, take a picture, tell poll workers they had made an error marking their ballot and needed a replacement, have the ballot they photographed discarded, mark the replacement with their honest preferences, and cast that ballot.
Of course, (1) applies to the proposed scenario with mail-in ballots, and why large groups that aren’t already tightly-knit cults where they wouldn’t need to worry about defectors with secret ballots anyway would do it – it only takes on defector to get the whole group busted.
In Sweden you can vote by mail, but it has to be done in a private booth on a post office. You have to show ID, of course.
That means everybody votes secretly, even when voting by mail.
The fact that this is rarely discussed probably means that it rarely actually happens. Political beliefs between husbands and wives are usually quite correlated, I'd imagine.
The issue of maliciously voting for you elderly grandparent may happen, but is probably very very rare.
Firing people for not cooperating with something that is a crime under both federal and state law is a strategy that…doesn’t work very long for the criminals.
(Giving a large group of people who you don’t trust to vote your way that kind of criminal leverage over you in general is a pretty self-defeating strategy even without the intense incentives produced when you pile termination of employment on top of it.)
Also, near-universal mail-in voting isn’t some novel untested practice. Oregon has been doing it for more than two decades, Washington and Colorado for a decade, and even more states have adopted it between 2019 and 2022.
Where is the line of accepted risk?
(Side note: I also believe that hand-counting of ballots can be tedious, and humans performing tedious, repetitive tasks are prone to error. See [1].)
[1]: https://www.brennancenter.org/our-work/research-reports/hand...
I would expect one ballot paper per vote (based on rare occasion of doing two at once) to ensure the count is simple and accurate.
They make the ballots different colours to ensure you put them in the correct boxes iirc
Plus US Senate, federal congressional district, state assembly, state Senate, 7 judges, and 6 paragraph-long ballot propositions.
Not only your postcard idea wouldn't work, manual counting 3 pages (!) of a giant ballot would get prone to errors and be expensive rather quickly.
I think the current electronic plus storing the paper ballot for future audit if needed offers the best of both worlds.
In Denmark all ballots are hand-counted. It takes about 6 hours from polls close to every precinct reporting a preliminary result. Wanting it faster isn't really necessary, other than to feed the 24/7 news machine.
So the incentive to automate things are bigger here.
I've been in voting where we had a dozen ballots per person (referendums) so this would be more than the total paper ballots in the US, it works fine.
Minor miscounts happen but nobody has ever seriously questioned the overall vote results.
Hand counts are actually not all that time-consuming for large groups. Voting districts are already broken down enough whete each polling station only has a few thousand ballots.
As a result, there are a whole lot of separate elections conducted on the same ballot in the US, more than is typical elsewhere. This increases the tabulation load.
Where's the problem with waiting? This is not some customer service to optimize for profit, there's no harm in waiting a bit.
Paper ballot have the advantage of being robust against e.g. power failures. They are also trivially to scale up - just need small secluded space for people to fill them and an additional pen - much shorter waiting lines. There is not BIOS, there is no software to be rolled out or computer to be procured, installed, secured and finally put in secure storage or securely disposed.
Being a country with compulsory voting helps, because the system has to make it possible for everyone without a valid exceptional circumstance to be able to vote (would be unfair to be fined for not voting if you were still waiting in line to vote when the polls closed), and also they can quite accurately predict the kind of numbers they're going to get at the polling places.
* This password list has been public for a long time, and is easy to access: hidden excel column on a public spreadsheet.
* BIOS access means the intruder can change boot devices, boot their own OS, infect the BIOS with a virus, change boot devices back, compromise the vote host OS.
* Keycard security isn't tight security. Any amature physical penetration tester would just use a primitive attack on the door to get around it. E.g.: Grab the handle from under the door with a wire. Youtube has a ton of examples.
* This could have been done months ago, and over a long period of time.
* The intruder could clean up logs and any other traces of their actions.
Where am I technically wrong here? I'm sure I'm missing something obvious. It sounds like what you would do with BIOS passwords if you wanted to do something nasty. I haven't seen these questions addressed anywhere.
I hear some people say "but we use paper ballots". Then why do you have a BIOS password? If it's all paper where does the computer fit in? All of this is honest curiosity, I'm not sure how the voting system works.
Not sure about Colorado specifically, but in many jurisdictions voters mark paper ballots, which go into a machine to be tabulated, and are finally deposited into a box for safe keeping/future recounts.
How is it any different than traditional voting, where you drop your ballot into a black box and trust the poll workers would count it correctly?
You can do random spot checks select boxes to make sure the machine is tabulating correctly. If they're all correct, you can be reasonably sure the others are correct as well, unless your adversary has incredible luck.
Moving ballots, machine counting, etc are all relatively modern inventions — and seem to greatly weaken the consensus mechanism for little benefit.
With a voting machine that wasn't verified by a hand count it'd be relying on who-knows-who, who-knows-where with an uncertain risk profile.
You are saying that you just trust some people not to manipulate the votes?
Why not use a Merkle Tree or a Blockchain to verify that your vote was included in the total ?
They were invented to remove trust in middlemen. Mutually distrusting parties can maintain the vote tallying. That’s how elections should be done.
Elections around the world do not match this optimistic characterization. If they did, we’d all trust the outcomes of:
Belarus’ election of Lukashenko
Venezuela’s election of Maduro
Crimean 2014 referendum
Kosovo’s independence referendum
(Note you probably think the last one was a lot more reliable than the first three — a lot of it has to do with living in a certain part of the world and believing the national media, which is only possible because the voting system and results can be so untrustworthy as to not allow regular people around the world to check anything, so propaganda is given free reign. Science and reliable knowledge usually doesn’t work this way.)
In fact, let’s be clear… the “dictators” WANT the elections to have many ways to corrupt them, they WOULDN’T want a blockchain or merkle tree, that should tell you a lot
And the “war hawks” in countries like USA who oppose their geopolitical rivals also want the elections and referendums to not be secure and clear, so they can cast doubt on them (eg Crimea) while at the same time claiming others (like Kosovo) are completely legit and justify unprecedented actions .
As an aside, the vast majority of both Crimea[1] (94%) and Kosovo[2] (99%) that turned out to vote in referendums in 1991 voted for independence, so we all pretty much know what the public wanted later too, but it doesn’t affect the spin put on the later referendums and conflicts anyway
If elections were secured by cryptography, the People around the world would have far more confidence, rather than listening to their own media propaganda spin the ambiguities, and the wars might even be avoided.
1. https://en.wikipedia.org/wiki/1991_Crimean_autonomy_referend...
2. https://en.wikipedia.org/wiki/1991_Kosovan_independence_refe...
This is funny because as a CS grad, I cringe about 75% of the time when blockchain enthusiasts make pitches that are oblivious to the workings of blockchains, the tech underneath, and their alternatives.
If the blockchain community can't understand blockchain, it's going to be nigh impossible to convey comprehension to the general public.
The general public generally just wants the authorities whose job it is to manage voting to do so in a competent manner. It's worth noting that there's really only been one candidate for national election in modern history who has called into question the fairness of our elections. (And then only when he lost.)
Most of us understand that the folks who work for the Secretaries of State are generally doing the best they can with the resources we provide, and we don't want to provide more resources so they can do a "better" job.
And all this work doesn't then help you ensure that another machine in a different jurisdiction, even one that is the same make and model, is also secure. Plus, every single person that cares about the vote has to put in this work for themselves: you can't "trust the experts" when the stakes are so high.
I think this pretty clearly goes beyond what you could do teach a high-school setting.
You don’t need a Ph D or inspect code to know that your vote is included in a Merkle tree.
And you can verify that the vote total matches what is in the Merkle tree for your district, and the national Merkle tree of districts.
You can also verify that each voter was issued a unique token, which went through a mixer.
About the only thing you can’t verify is that the agency giving out the token hasn’t been corrupted and gave a lot of voting tokens to fake people, or multiple voting tokens. That part (preventing sybil attacks) is why Voter ID laws exist throughout the world.
But reducing the attack surface to widespread corruption issues involving voter registration, is much better than having those AND problets merely counting the ballots by hand, as when eg Al Gore lost to George W Bush in 2000.
The other thing you can’t verify is that other people’s vote wasn’t tampered with — unless THEY report it. Which is why the voting system should require voters confirming votes from multiple devices that verify your cryptographically signed choices, eg vote on a laptop then scan QR code from that laptop with your phone and approve, just as you would with a web payment request in your bank app, crypto wallet or WhatsApp sign-in request. Because voting is not as valuable to people as securing their bank account, this requirement must be enforced on all voters. This way one company eg Google or Apple can’t spoof the interface.
Furthermore, if you check and find out that your own vote was incorrectly counted, you can't actually do anything about it, unless voter anonimity is not guaranteed: if you can't prove to an outside party what your real vote was, you can't pursue any legal action, you just know for yourself that the vote was rigged. And if you can prove to an outside party what you voted, that opens up a whole host of other attacks.
So no, this is not even close to an acceptable solution.
I'll also note that the Bush V Gore election issues were not caused by hand counting, but by machine counting as well. So, they should be taken as further proof that simple ballots and manual counts are the right way to conduct an election.
You then replied essentially: “well since you still have some problems, you can’t trust the election… the paper way is the only right way”.
Some people might be wilfully misunderstanding because it’s “cool to rag on blockchain” or whatever. People who always repeat a refrain like “this is simply the only right way to do things” are trying to convince not by arguments but by pushing a dogma. And most skeptics of technologies have been wrong, including skeptics of airplanes, computers, etc.
Estonia for example is already doing secure elections online for years, explain that https://e-estonia.com/how-did-estonia-carry-out-the-worlds-f...
The hand recount took too long and the Supreme Court stepped in and “just picked a winner”. Which later counts showed to have been the wrong result. Citing the machine counting alongside it doesnt really help your case because the machine counting was all kinds of ad-hoc and hybrid things (including the dreaded silly “butterfly ballots”) which is exactly what people advocate for, when they try to argue for avoiding a fully consistent and uniform electronic system. They want all the little variations and manual counting “so no one can hack the whole thing”. So yes it’s a perfectly valid argument to point out that delays caused by this led to the wrong outcome (and had consequences like ignoring Bin Laden, allowing 9/11, the invasion of Iraq, clamping down on civil liberties in USA, raiding Social Security etc.)
All the problems you cited above are present in the current system — including having to prove how you voted to challenge the results. Except in the current system there are far more problems, including not even being able to physically show up at the polling place (because it is too far), or proving that the poll workers corrupted your vote, added extra ballots, literally anything. Out of sight out of mind I guess.
And across the world, elections are done even worse. Consider the recent election of Lukashenko in Belarus. People in districts where he got 80% were trying to ask around who voted for him and complained that very few had said they did. It’s all arguments based on hearsay. That is the flip side of not being able to prove how you voted. In fact if they wanted to know how you voted, in your manual system, they could just take a camera outside the booth and look at timing to know when you voted. Or just put a camera in the booth. But in fact it’s far worse than that, the voter databases include driver’s licenses and addresses and social security numbers, in most US states, AND party affiliation is 94% correlated to how you vote so all this paper ballot “security theater” to prevent “being ABLE to prove how you voted” gets you nowhere: https://ballotpedia.org/Availability_of_state_voter_files
And oh yeah… in the system I described you can anonymously challenge the results because you have cryptographic signatures but your own private key came out of a mixer, so you don’t need to identify yourself to prove your vote didnt match what’s in the system. Enough complaints and we ALL know which districts were corrupt, and very quickly.
Wide-scale voter fraud of this kind is simply impossible in a paper system. The only times it happens is like in Belarus, where it's not "an election", it's a public show that looks like an election, but where the result is pre-determined. The Merkle tree would show the same thing there: it's a mock election to make it look like a mock democracy. Lukashenko wouldn't have stopped leading the country even if miraculously the election would have shown he lost. Or, it can happen in other more complex and more discoverable ways, such as busing voters around to physically vote multiple times in multiple (preferably far away) polling places.
As for Estonia, they'll come to regret this system sooner or later. It can work for a while, but there is no doubt that the system will get hacked, or the losing party will be able to convince enough people that it got hacked even if it didn't. Someone will accidentally publish private keys, like in this Colorado case. The system will go down on election day because of a bug. Who knows which one will be first, but it'll end their experiment. The rest of the world will continue with paper voting and not face such problems.
No, 99.99% of “you” go home and “trust the system” to some poll workers, many with major bias and incentives. Many of “you” don’t turn out to vote or are disenfranchised by simply living too far from the polling place or not being able to take time off work, when you could have just voted from your app.
Certain parties even rely on suppressing turnout. (Can you guess which party does that in USA? Hint: it’s the one that closed 1600 polling stations right after the Voting Rights Act got neutered, and then got mad about mail-in ballots ruining their carefully laid disenfranchisement plans during the pandemic.).
In fact, if you want the election to be “secured by multiple distrusting parties”, that is exactly what byzantine-fault-tolerant cryptographic protocols (which power many blockchains) are designed to do.
(how do you fix an error in the Merkle tree, even if everyone agrees it happened?). Even if you have an extremely corrupt county, that doesn't generally matter in the grand scheme of things; and its extremely unlikely, as any citizen in that county can stop the corruption by simply participating in the process themselves.
You are literally arguing from a double standard. In a paper election, somehow “any citizen” by themselves can stop the corruption… by simply participating in the process.” Yeah sure one guy exposes the entire corrupt county, with no ability to prove how anyone voted, why didn’t a single Belarussian and Venezuelan think of that? LOL” And on the other hand, when you have tons of anonymous irrefutable proofs by participants submitted publicly, you throw up your hands and say “what can we do to fix the merkle tree, even if we all knew it was corrupt?” The point of the trre is to catch errors, prove them and publish the proofs widely. As a society, you then have the proof nexessary to fix errors the same way you’d normally do it — by identifying the corrupt districts, and having a recount or revote just there. And bringing those responsible for tampering to justice.
If you stop conflating all the things and unpack them, you’ll see that adding cryptography makes things strictly better:
1. You have more chances to catch if there have been extra votes cast because the private keys are coming from tokens handed out at registration. In a paper election you might have corruption at registration AND all manner of ballot stuffing later too.
2. Everyone can check their vote and report a discrepancy. Not just the volunteers at the polling places. And all because they can prove how they voted and do it anonymously!
3. Everyone can see exactly which districts are corrupt in giving out fake voter registrations, and where there’s smoke, there’s fire. They can do an audit and guess what, the cryptographic signatures are helpful for creating a PROVABLE trail that implicates the system.
4. The attack surface reduces to pretty much just the voter registration sybil attacks. Eliminating a whole class of problems on actual election day.
5. The results are reported to everyone reliably and quickly, or even in real-time (though the latter is “too good” because it might affect how later voters vote).
There’s practically not a single problem that adding cryptography creates, which wasn’t already present in the paper system. And you know all this because if you honestly asked yourself whether dictators, who want sham elections, would want to do their next election with cryptographic signatures and merkle trees or not — what would be your answer? Be honest. And think about what that means for your argument.
And the reason you can fix this at the polling station level is simple: as long as the entire state is not captured by a single party (in which case no real elections are happening), the rest of the state can come in and fix the bad locations.
Related to your points:
1. If there are more ballots than registered voters, this is easy to check. It's even better than a private key system, as extra registrations can also be caught on the day of polling, if people actually come in and vote again, whereas extra private keys being handed out will not see an election official again.
2. There is no way to actually "prove anonymously how you voted". To move the needle in any way, you have to come out personally and say "I know I voted like this, but the system shows me as voting like that, here is what it shows when I present my private key". And either way, this is actually a weakness of the system, as it allows trustworthy vote selling.
3. I don't understand how this is supposed to be any easier than in the current system. You still won't know how many people were legally allowed to be registered in that district, so what are you comparing against?
4. No, the threat surface is the entire electronic system. Someone can attack the system and prevent voters from getting private keys, issue corrupted keys, allow more keys than were registered, present the results differently from what is stored in the merkle tree, use side channels to decrypt private keys, exfiltrate data about individual voters, and who knows how many other ways. Plus, if you can vote from anywhere, you can be coerced, especially by family or caretakers, to vote in their presence, or disclose your private key so they can vote in your name themselves.
And all this assumes the system is an actually secure Merkle tree. In reality, it would just be a computer program that takes your vote and shows you some data. What is actually running on the server is impossible for you to know unless you are given access to the hardware and software.
5. Sure, this is a clear advantage.
You are severely underestimating the risks of an electronic system, and only looking at the purely theoretical logical core. All of the systems around it, through which you interact with the core system, and all of the human factors around using the systems, are a huge attack surface. For example, would you trust this system and issue your vote from a phone or PC which you know is infested with malware? If not, then you have to agree that every device is part of the attack surface of this system.
Finally, in relation to your challenge, elections held by dictators are only meant to look like elections in more legitimate countries. So, if most countries hold paper elections (which is by far the majority), then the dictators will put on a show like that. If the majority of countries used electronic voting, dictators would also get electronic voting machines. Still, I don't know of any dictator that bothers to make a show of how free and correct are their elections.
1) Easy to check by whom? With paper, it’s a bunch of people yelling to the news they saw discrepancies. In USA, we have probably the most expensive election in the world and we heard it all in 2020 from sour Republicans. To this day many people believe the election wasn’t secure and was “stolen”, including with physical ballots being shipped in, etc. On the one hand you have people yelling and on the other side you have people saying it’s all fine. Just like after a Venezuela or Belorussia election or the Crimea referendum. None of that would be the case if the elections could just have a standard way to be run, same as we now have electronic standards for DNSSEC or certificate PKI the EVM or IEEE standards. We can do things at scale because of standards. We could remove most of the uncertainty.
2) You don’t have to come out and reveal your PII, in order to publish a complaint as a voter. You’d just have to reveal that you know the private key, here is your receipt signed by the vendors in the system, and here is the actual result the UX vendors reported. The reputation of the vendor would be PROVABLY destroyed, all those receipts would be entered as evidence and they’d have to pay reparations in lawsuits. All because people were forced to double-check from 2 devices. The UX vendor would face chilling effects far larger than currently, for tampering with an election. None of this requires PII of the claimants.
3 and 4. You say it’s the whole system but proceed to list only things related to registration. Which, I already said, remains an issue, but the actual voting can be done on a phone. All your concerns could be also done with a banking app etc. where far more money is at stake than a single vote, yet people use them all the time.
I am not sure how you are supposed to impersonate a person unless you steal their phone, and then force them to open the voting app and enter their biometrics, just for a lousy vote — and you’d have to do this all across town at scale? Nan.
If you’re saying that a bank can “roll back a transaction” if you report losing your app, and somehow the election reaching finality (like a blockchain transaction) is a negative, then you’re saying that
As for people losing their private keys or phones or maybe so poor they can’t afford to have a computer or whatever, they can register to vote in person. If they failed to update their registration, though, before the election, and they can’t vote from their phone, it’s the same issue as if they didnt register at all. So they didn’t vote. But on net there is a much bigger turnout.
5. Okay we agree here. And this isnt an academic point — Al Gore would have been president if they could have counted the votes faster, we could have probably avoided the entire Middle East being on fire, the rollback of US civil liberties, maybe even prevented 9/11 with NORAD, and finally could have avoided the current disastrous wars in Ukraine etc. since Bush was the one to push them into NATO back in 2008 when the Ukrainian public strongly opposed NATO membership until 2014, but he worked with Yuschenko to do it anyway (https://www.pewresearch.org/global/2010/03/29/ukraine-says-n... and https://en.wikipedia.org/wiki/Referendums_in_Ukraine)
I think we both know that a corrupt government would not want to secure elections with merkle trees and publish them online. Too much chance of being caught, and they’d have no way to fudge the results reliably. By making decision-making cheap, the public in every country would be welcomed to hold regular referendums on topics (like California Proposition XYZ) and the governments would be MORE accountable to the people. (Personally, I think provably random polling is superior to voting, due to turnout issues, but that’s another story).
You can say whatever you like but when the rubber meets the road, corrupt officials and their detractors overseas (the war hawks looking to cast doubt on any way to figure out what, say, the actual people of Crimea or Donetsk want) both prefer paper ballots and the effective inability to cast absentee ballots when you fled the country or were internally displaced. While cryptocurrency allows you to take your money with you while fleeing a war zone, the crypto-voting would let you vote from anywhere as long as you had registered as a citizen back before being displaced etc.
It’s literally technology you can add to secure things and corrupt governments avoid it, war hawks across the world hipe they don’t use it, and you are arguing that even adding it makes things less secure and less reliable.
Except he did not "push them into NATO in 2008". 2008 was the year that Ukraine's membership application was formally rejected by NATO, and there it has sat, in the doghouse, ever since. But Putin invaded anyway, because the NATO noise was never the reason he invaded in the first place.
The most significant consequence of the Bush presidency was probably the criminally insane invasion of Iraq -- which arguably did encourage Putin to go into Ukraine, on equally vacuous and fraudulent pretexts. "If they can get away with it, then why can't I?" was apparently his thinking.
https://www.reuters.com/article/world/bush-to-press-for-ukra...
Saakashvili of Georgia (who is now in jail for corruption) also had two breakaway republics at the time — Ossetia and Abhazia — and he engaged in a war with them and kept hoping NATO would come. Back then Putin wasn’t even president, it was Medvedev. Anyway, the same exact war started happening back then, with Russia invading Georgia with tanks moving slowly to the capitol, Tbilisi. Their goal was to intimidate them into agreeing to stop shelling the two breakaway republics and leave them alone. (Georgia and Armenia, in turn, had been protected by Russia from Ottomans, much the same way).
The difference in that war was that it ended in a week, because Nicolas Sarkozy (the French president) negotiated a peace agreement successfully. Since then Russia hasn’t invaded Georgia further, simply protected Abhazia and Ossetia, in fact Georgia has been normalizing relations with Russia and opened up direct flights and tourism last year etc. A great outcome for all civilians, compared to what could have been a senseless war. I was in Georgia last year and saw it firsthand.
Meanwhile, after the regime change revolution in Ukraine in 2014, the CIA had 8 years to build up weapons and paramilitaries etc. Same exact playbooj that ravaged Afghanistan w the mujahideen (Arabic for “jihadists”) and Afghan Arabs, masterminded by Zbignew Brezhinski. This time it was CIA in Ukraine: https://news.yahoo.com/cia-trained-ukrainian-paramilitaries-...
So in 2022 when Russians tried the same playbook (intimidate Kyiv into not shelling the two breakway republics) they didn’t expect the Ukrainians to walk away from the negotiating table. They waited for them in Belarus under Lukashenko (where they had signed the Minsk accords years earlier, endorsed unanimously by the UN security council) but the Ukrainian negotiators kept delaying and venue shopping, and the SBU (Ukrainian KGB) even killed one of them as “a traitor” for being too eager to negotiate, a man appointed by the President himsdlf and who the Ukrainian state department called “a hero”.
I personally spoke to David Arakhamia (the guy w the hat) on Facebook Messenger in the first days of the war, he had many Ukrainians on his FB wall begging him to make a deal and avert the war. I tool screenshots and the pleading posts are still there. He privately told me he agreed w me. But when the negotiators entered the room they left after 2 hours. We don’t kmow what happens in closed rooms — whether Baker promised “not an inch” to Gorbachev, or whether the Ukrainian or Russian negotiators ever negotiated in good faith. But the civilians, the people deserve better representation. The war continued, and the tanks found themselves around Kyiv and major firefights in Bucha vs Azov and other armed groups with RPGs shooting at tanks. Kind of like the red triangle videos of Hamas vs Israeli tanks. It’s really unfortunate and was avoidable. Russia expected it to go like the last war, it didn’t.
Naftali Bennett was the Israeli PM and he could have played the role of Nicolas Sarkozy did with Medvedev (Russia) and Saakashvili (Georgia). He has a tell-all interview in Hebrew about how he had negotiated peace DIRECTLY between Putin and Zelensky, and had them both make major concessions — eg Ukraine wouldn’t join NATO, and Putin promised not to kill Zelensky. In his interview he said that Zelensky double-checked this and then came out to record his famous video “I am not afraid, I am here” and saying he needs ammunition, not a ride.
Why did Bennett not succeed? He said he “coordinated everything to the smallest detail” with the US and UK, he “doesn’t do as he pleases”, and they told him he MUST stop the peace deal. He said he “thought they were wrong” and still does. That peace is worth a shot. But he didn’t continue, and the war didnt stop 2 weeks into it.
https://www.youtube.com/watch?v=0yma0LxyVVs
Erdogan luckilh WAS able to negotiate a year-long grain export deal in the midst of a war, which likely saved millions of lives — Yemen had been very dependent on Ukrainian grain and had a famine from yet ANOTHER proxy war (this one between Iran and Saudis w US weapons, same kind of war but with roles reversed). But no one seemed to care about Yemenis, despite millions being in far more dire hunger conditions than Ukrainians ever were.
The world is complex, but Bush had started the stupid push into NATO, even as NATO members were slowwalking him. My guess is he was angry at Putin’s Munich speech in 2007 NATO, calling out USA for invading Iraq and violating international law. Back in 2001 Putin was the first president after 9/11 to call Bush and offer condolences and they made a joint anti-terrorism initiative. Putin wanted to join NATO back in 2001, he asked the NATO heads but was always rejected. Since 2002(!) Russia tried to stop the invasion of Iraq in the security council and every other way it could but Bush couldn’t be stopped. That is when I think Russia realized that after Kosovo and Iraq, that NATO isnt purely defensive and USA isnt going to be constrained by international law. Putin’s speech in 2007 made Bush want to flip Russia’s neighbors (about which every ambassador said it was a red line for anyone in Russia, “not just Putin”) so the result was predetermined:
https://theconversation.com/ukraine-war-follows-decades-of-w...
As for why Bush did it — I will let Bush say it in his own words: https://www.youtube.com/watch?v=MTX5uvZWu3Q
As to the other tangents, briefly:
(1) No, the Georgia conflict was not "the same exact war". It bears a certain surface similarity, but for what should be obvious reasons, the analogy stops there. In particular Putin's attitude toward (and obsession with) Ukraine is in an entirely different universe from his attitude toward Georgia (the former he sees as basically a part of Russia; the latter merely as a buffer territory).
The situation in Georgia's breakaway regions is also entirely different; the violent aspects of these conflicts there go pretty far back (to the early 20th century, with major flare-ups beginning immediately after the dissolution of the USSR, and major atrocities inflicted by both sides).
There is, simply put, no analogy to be made with the situation with the regions of Ukraine that Putin is attempting to annex - which never saw any violent separatist conflict prior to Putin's invasion via proxy forces in 2014.
In short, there are huge, categorical distinctions between the two conflicts -- describing them as "the same exact war" is really quite silly.
(2) Re: Arakhmiya - your spin here is that the Ukrainians could have just walked away by making basically symbolic concessions (like agreeing not to join NATO), and all would have been well; and that we just don't really know happened because it was all behind closed doors.
This is a false characterization. By now we do have a pretty good idea of what happened, because the proceedings were quite famous and have been thoroughly investigated (for example in the Foreign Affairs article linked to in the thread below). In a nutshell, the concessions the Russians were demanding were not purely symbolic; rather they were demanding not only those, but drastic reductions in force that would have effectively left Ukraine without viable security guarantees of any kind. Against this backdrop there were also the atrocities happening on the ground in Bucha, Irpin and Mariupol, which in addition to providing a certain chilling effect, persuaded the Ukrainians that relying on Russia's good word for their security would not be in their best interest.
https://news.ycombinator.com/item?id=41812302
(3) There's no analogy between the Ukraine's paramilitaries and jihadists of any kind; that's just scare rhetoric. Once Russia invaded in March 2014, all bets were off -- and any help provided to Ukraine after that date was purely defensive, by definition, end of story.
You could argue Brzezinski and CIA arming the mujahideen was also “purely defensive”, or Soviets arming the PLO a decade earlier was “purely defensive”. Both are nonsense, of course!
https://washingtonmonthly.com/2021/09/01/how-jimmy-carter-st...
https://www.counterpunch.org/1998/01/15/how-jimmy-carter-and...
And of course, after Yugoslavia and Libya we know that NATO isn’t a “purely defensive” organization, and its member states like USA sometimes form coalitions to go invade other countries, like Iraq or Afghanistan, and occupy them for years just like the Soviets.
You must not know the history of cold war proxy wars very well to ignore all the parallels and the patterns that repeat and repeat.
Isn’t it a bit silly to just say “period, end of story” and just deny it? This is how people solve problems — by looking at similar situations around the world. You don’t fix a refrigerator by refusing to look at every other refrigerator and treating it as a special snowflake. Same here.
One could, but it'd be silly as you already know, and no one is doing that.
Hence, no analogy here.
CIA training paramilitaries against Russia/USSR
Increasing the chances of Russia invading
Giving ever more weapons to the "freedom fighters"
Country ravaged and destroyed by war
Lots of dead combatants & civilians (needlessly)
It's also a war in which Russia invades a country in an attept to bring it to the negotiating table to agree to permanently stop shelling two breakaway republics, very much like with Georgia, so we can see what happened in Georgia (i.e. Russia didn't continue to take over the country, at all) rather than invent fantasy scenarios that Russian orcs want to genocide all Ukrainians, or will go and take over the rest of Europe if they succeed in Ukraine, etc. It is quite reasonable to look at similar situations to infer what the motivations were. And it's NOT reasonable to say "it's all Putin" when every US ambassador said every Russian leader (including Medevedev with Georgia) would react the same way to the "red lines". 73% of the Russian public supports the Ukraine war just like 73% of the US public supported the Iraq war. Public support wars. Similarities matter, and they matter most of all because they help us understand how to prevent and end wars.
https://en.wikipedia.org/wiki/Russo-Georgian_War
For example with Georgia, despite all the similar motivations, and nearly the same actors in similar circumstances, the motivation to say "there is no analogy AT ALL, period, end of story" is that you can then claim Russia will be emboldened and continue its rampage further, if a peace agreement was reached. Most civilians want peace, and don't want carnage, so to justify continued carnage (resulting in 2 million dead civilians in Afghanistan, for instance), you need a narrative that is even worse than sending people to die in wars. So people bring up all kinds of claims (Russia will invade Europe if not stopped here etc.) So if a counterexample is brought up (e.g. Russia didn't continue past 1 week in Georgia) you have to shut it down very quickly. But the analogies are there, and the public's reactions on both sides is similar too:
https://www.reddit.com/r/toronto/comments/szfl96/when_the_so...
In the case of Ukraine -- OSS training of partisan forces against the Wehrmacht would be an infinitely closer analogy.
The thing is, you seem to assume axiomatically that the CIA's training of stay-behind forces (a.k.a. "paramilitaries") in Ukraine after 2014 was intrinsically offensive, i.e. was done just to get up Russia's backside, for whatever nefarious purpose.
Well, I don't buy that axiom, the simple reason that after 2014 Ukraine had every right to defend itself, and creating stay-behind forces is just a standard way of doing that. Just as France, Italy, Poland, Yugoslavia, Greece and all the other countries in Europe had a perfect right to resist occupation by Nazi Germany via whatever means necessary and available to them, including the development of partisan forces.
as US CIA did with far-right paramilitaries in Ukraine.
Which "far-right paramilitaries" are you referring to? You seem to be confusing the stay-behind forces described in the article with quasi-independent militias like Azov. The two are entirely different, sharing nothing in common other than the slightly scary-sounding keyword "paramilitary" you keep latching onto.
Yet in your mind, they've fused into one and the same entity. Why is that?
It's also a war in which Russia invades a country in an attempt to bring it to the negotiating table to agree to permanently stop shelling two breakaway republics
Again, the Ukrainian regions on Putin's smash-and-grab list were never "breakaway republics" in the mold of Ossetia and Abkhazia, as has already been pointed out. There was no violent "conflict" of any kind in those regions until Putin's little green men began arriving in March 2014. There's just no analogy here. Doesn't matter how often you attempt to simply repeat it.
Nor did the 2022 invasion have anything to do with "stopping the shelling" in those regions -- that's just another talking point that people read somewhere and keep repeating and repeating, with no idea of what they're talking about, because there's simply no substance to it. In any case, it's definitely not why Putin launched the full-scale invasion.
Rather than invent fantasy scenarios that Russian orcs want to genocide all Ukrainians,
It's a fantasy scenario in your own head, because no one has ever suggested that Russia intends to "genocide all Ukrainians". That's just a straw man, with simply no substance behind it.
With that, I'm going to have to bow out, and let you figure this stuff out on your own. It's one thing to have different viewpoints about what these big awful governments and their respective agencies are up to. But we're nowhere near that kind of discussion. I just have the sense that you're extremely careless in your research, or are reading from very propagandized sources, or just not pausing to think critically about whatever stuff it is that you do read.
1. You cast your vote using the private key
2. This gets registered on a server, it remembers "this person voted for X"
3. When you ask the system "who is my vote registered for?" the system tells you "X"
4. When computing the totals used to decide the election, the system returns 90% Y, 10% X, regardless of the actual votes cast.
Now, this very simplistic scheme would be easily defeated by asking them to publish the whole database of votes. But that would just break the anonymity guarantee of the election, so it is a no-go. And if they destroy the relationship between your vote and your private key, then again you can't confirm anything.
By the way, because you were citing Estonia's e-voting, I read up on it a little: they have all of these problems, and more. For now, people choose to trust the government, I assume and hope rightfully. But their e-voting system relies entirely on secure client devices, it relies entirely on trust that the servers are running the published source code, it relies on the proprietary closed-source client app being trustworthy. And people have even hacked their own vote to show that it's possible, which their supreme court found is not a problem with the election, since it was still their own vote. They barely even have some form of verifiability, and even that is relatively new.
I have no doubt that if a pro-Russia party had a realistic chance at winning (such that the populace and the incombent government would accept the results of an election where they won), Russian state actors would hack their systems and seek to get their people elected (whether they would succeed is of course hard to say). As would the USA if, say, a Latin American state used electronic voting and had an election where the decision was important enough. Or China in Africa, or Israel in the Middle East, etc.
> I think we both know that a corrupt government would not want to secure elections with merkle trees and publish them online. Too much chance of being caught, and they’d have no way to fudge the results reliably.
I think you seriously don't understand what a sham election is, what people know about it, and why it is done. Sham elections don't use semi-sophisticated means of voter fraud that could be thwarted by a better voting scheme. They don't have corrupt officials surreptitiously changing or adding a few votes.
They are entirely ceremonial affairs, where both the people voting and all of the officials know what the results will show beforehand. Often there aren't even options on the ballot. Even if there are, people choosing the wrong option will be threatened, possibly arrested for political crimes, etc. Everyone in countries with sham elections is well aware their vote doesn't matter, or it only matters in so far as the wrong vote can be like wearing an "I hate Big Brother" hat out on the streets in 1984.
The purpose of a mock election is to have some semblance of a normal electoral process to have a minimum of plausible deniability to facetiously claim you are following a democratic process. If people overall believed that the right way to do elections is electronically and by publishing a Merkle tree of the results, corrupt governments would hold sham electronic elections and publish made up Merkle trees.
You'll then have stories from journalists going and asking for people to compare their votes against the public tree, and seeing their votes are different. Just like today you have journalists coming back with stories of entire villages voting for the dear leader when local villagers say they didn't even enter the polling station. And it will matter just as little: the ritual of the election is the only thing that matters.
The anonymity is done between registration and voting. There is a cryptographic mixer like Tornado Cash that is responsible for the unlinkability, by “tumbling” the tokens to anonymize them while still making sure that each person voting legitimately had registered. (Never mind for a moment that the IP address of the voter can be tied to their address, that can be fixed too.)
So yes, ALL the votes are stored and published in the Merkle tree, and ANYONE can challenge the election, not by hearsay allegations but actual PROOF that anyone can verify. Because the public keys of the UX vendors are published along with the Merkle Tree and are caught red-handed signing conflicting votes. Either the corrupt districts or the UX vendors would have to risk literally ANYONE producing a smoking gun. It is that chilling effect that keeps them all honest, and why we have checksums for things in general. Having everyone in the world see proof of fraud is very different than a bunch of villagers claiming to a journalist locally that they hadn’t even voted.
So given this description, tell me directly — doesn’t it ADD a lot of security and reduce the attack surface and make elections standardized, cheaper and far more trustworthy - don’t you see the value in that?
Think about it — this scheme alone allows some great integrity features for elections. The “election Luddites” are essentially claiming that this has ZERO VALUE and shouldn’t even be tried, shouldn’t even be ADDED TO the existing paper systems even if you lost nothing, because it adds NO SECURITY. That is quite a claim given the properties I listed!
More generally, this is how Smart Contracts work and why they are valuable. Thousands of independently run nodes get to check the data and operations, which are public. The entire community benefits, and in fact the results of voting (eg how much UBI to give out) can be used on-chain. By lowering the cost of collective decision-making, blockchain technology enables a whole new level of efficiency (much like red lights enable better traffic flow), making things like elections or large marketplaces available to everyone without “offchain” corruption-peone mechanisms like surety bonds and reliability ratings (remember Lehman Brothers?)
Check out https://intercoin.org/applications — I would love to hear your thoughts on the other applications too.
This is not anonymity, it is pseudonimity, if the system then records "person in control of key K voted for X". Sure, it may be impossible to tell who is that person, unless they come out. But that person can prove to anyone they want that they voted for X (assuming the system were trusted, see more on that below), so they can be forced to show someone who they voted for, either through direct coercion or as a condition for receiving money for their vote. In contrast, once you put a paper ballot in the urn, it is impossible for anyone to tell who you voted for.
> So given this description, tell me directly — doesn’t it ADD a lot of security and reduce the attack surface and make elections standardized, cheaper and far more trustworthy - don’t you see the value in that?
No, it only gives a false sense of security, which is worse. Everything you are describing relies on trust in the people that build these systems, trust in the people that invent the algorithms, trust in the people that invent the maths, trust in the chosen parameters of the cryptographic systems, and so on. Literally none of what you are describing works if you don't trust in all of these people to be (a) honest, and (b) really really good at what they're doing.
It's infamously easy to screw up an encryption implementation, even given a well known and accepted algorithm. It's even easier to screw up a market system and end up with perverse incentives which were not apparent when the system was put in place (like the infamous, though possibly apocryphal, cobra farms).
I asked you before as well: would you be happy to issue your vote from a PC that you know is infested with malware the CIA/FSB/etc controls? If not, then you must admit that the cryptographic guarantees are only a small part of the security of the process, and the whole thing, from client to network to server, needs to be perfectly secure or the election can be stolen.
And you are proposing to add this to a paper based ballot system that is (a) dead simple; (b) almost universally used; (c) proven secure enough in many thousands of elections.
I'll also note that, as always, the blockchain part is not adding anything to all of this. You can just as well have the encryption guarantees and an open protocol with government-run servers, WWW style; that would have all the same problems, but at least it wouldn't also require some bizarre proof-of-stake (what would even be the stake here???) or wasteful proof-of-work scheme to depend on for security.
Finally, I'll come back to this point:
> not by hearsay allegations but actual PROOF that anyone can verify
Nothing you are describing can prove anything. It all still relies on your claim that you were trying to vote X, but the system registered you as voting Y. It's your word against the system. You can be convinced yourself, but you can't 100% convince anyone else.
Edit: note, I am the same person as tsimiones, just posting from a different account from my work computer; not trying to make it seem like multiple people are taking my position or anything like that.
Now it's getting a bit silly. Imagine saying about all the technology infrastructure we use daily, such as electricity and computers, that since they require "trust in the people who built these systems, trust in the people who invent the algorithms, maths, and parameters of the curves etc" therefore they are giving a "false sense of security". No! The math isn't just arbitrary, the people aren't just cobbling together a computer I happen to buy. There are literally standards bodies, scientific literature, audits and much more. There are entire ecosystems for error-correction. Otherwise, throw away your technology, you're trusting phone and computer vendors, you're trusting mathematicians with math, and scientists with science... and that's actually worse than living in a world where you fetch water yourself from the river. What? No, it's not.
If you're down to those kind of arguments, I and people like me would conclude that you're out of good ones, and we have a good solution after all.
A paper ballot system isn't great at all -- it is far too slow and expensive and frustrating to run an election, and voter turnout is low for traveling and standing in line -- and certainly it is not "proven secure enough in many thousands of elections". Many elections around the world are disputed, contested, insecure, and the ones you think are secure, are also contested (e.g. the 2020 election, the 2000 election, the 2016 election). You dismiss it in cases you like (US elections) and are happy for your politicians dispute it in cases you don't like (Venezuela) etc. Even if the Supreme Court of Venezuela weighs in, you wouldn't trust it. It's a canvas on which everyone can paint their own outcome, and claim the other side "stole" the election (as if their side didn't engage in similar shenanigans to cancel it out).
If we switched to electronic systems, verification would be so cheap that anyone could do it (as it is for, say, verifying files you downloaded from the Internet with a checksum, which wasn't always the case with previous technology such as analog-to-digital MoDeMs without cryptographic security) -- not only that but it would enable so many more applications. Imagine using Git version control without a SHA1 checksum, and just "trusting the system" to never flip a bit. Imagine not being able to use Merkle Trees for downloading files, verifying their integrity, etc. These things not only improve security and reliability at almost no cost, but enable a whole class of things that would be impossible with pen and paper. Seriously you don't see a difference between, say, BitTorrenting movies and Roman scribes copying into a clay pad? Oh, but we're trusting people who discovered electricity, invented general-purpose computers and the hash algorithms, what if they're trying to trick us and will finally rugpull us all in 2025? Alan Turing and John Von Neumann will have the last laugh as we'll all download the RickRoll files instead of the ones we want.
Nothing you are describing can prove anything. It all still relies on your claim that you were trying to vote X, but the system registered you as voting Y. It's your word against the system. You can be convinced yourself, but you can't 100% convince anyone else.
Not at all. If someone was able to record a signature that their voting gateway signed vote for X as vote for X, but then later that same service claimed they voted for Y, they are caught red-handed cryptographically signing with the private key two conflicting votes. You're equating that to some villagers telling some journalist on camera that they never voted. Ugh. One can be verified by anyone, the other is just hearsay by some journalist.
Not to mention, elections are the only situation where trust in my government is not fully possible: the current government has too much incentive to steal votes secretly. So, unlike the electrical grid, roads, financial infra and so on, I can't rely on implicit trust in the government to trust elections.
> If someone was able to record a signature that their voting gateway signed vote for X as vote for X, but then later that same service claimed they voted for Y, they are caught red-handed cryptographically signing with the private key two conflicting votes.
If. What if instead my voting app is showing me that my vote was correctly registered, and that key verification succeeded while the polls are still open, but once the polls close, it shows me that in reality the server registered the opposite vote? How do I prove to anyone else that I voted for X and the app was showing me I voted for X, but now the system shows I voted for Y, and that is what is recorded in the official counted results?
This doesn't even require anyone breaking the encryption: the app can just show me a lie, or some malware can intercept the display info and show a different result, etc. To not leave any trace, the malware even deletes itself from the system as soon as the election timeout expires. Or maybe I am just lying and nothing wrong happened: I voted for Y, the system recorded I voted for Y, and now I'm just trying to cast doubt. Same as a paper based election, anyone can claim anything, and it's exactly as impossible to prove one way or the other.
Plus, again, only a very very very small group of people can actually confirm for themselves that all of these complicated crypto algorithms actually do what they promise to do. Especially when looking at the end to end system. I for one am certain I couldn't verify for myself that all steps of such a system is secure. I would bet you can't either. If, say, Ron Rivest (of RSA fame) came out and said the cryptography used in the election is broken, while Adi Shamir (same) said it isn't, I would have no way to be certain which is right, and even if I tried to verify the math myself, I wouldn't trust myself as much as either of them.
First of all, blockchains are a third party ledger, which is maintained by many independent nodes are the large ones are infeasible to corrupt by a nation-state. The attack could only happen at the point where you sign transactions for the smart contracts.
Voters are required to use at least 2 devices, such as scanning a QR code on their laptop (which runs Chrome) with their phone (which runs Safari).
The QR code contains (or points to) a vote that is cryptographically signed by one gateway. The website or app on the phone checks this QR code and displays the same result back to you, and you confirm it on eg your phone’s screen.
On both gateways (call them Services A and B) you indicated your preference, and digitally signed it, not just with your own key, but there is attestation by the device’s own private key, which is derived from the vendor’s key, meaning the vendor stands behind what their device or app does.
Let’s assume absolutely every signature service cannot be trusted, including all your crypto wallets, incouding Apple’s secure enclave, everything is designed to be sleeper agent to mislead you on the day of the election. They just really want to change everyone’s vote. You can still prove which services were corrupted!
Let’s say that you got signature Service A and Service B to sign two different candidates during the same chain of QR code confirmations. The proof is there that at least one of the services was corrupt. Even if it happened only once, with one voter. The indelible proof is on a blockchain and replicated so nation states can’t hide it. So no Service would agree to volunteer such a blatant proof of its own corruption, given the cost to its vendor. It would only happen if the Service would be hacked by an employee of the vendor, and that would only hurt the vendor, not the election. The vendor would try to eliminate this possibility as much as possible.
However, if service A one lied to you, and you found out after scanning the QR code with Service B, then you wouldn’t want to submit your faulty vote with service B when it revealed that to you. But the service B would already would have provable dirt on service A. Not conclusive, since the voter could after all be someone who would rather complain about a non-faulty system than vote. I won’t speculate on chances of many registered voters not wanting to vote but simply make up fake complaints about the system, but I don’t think regular users should face penalties for lying, so I’ll just accept this as a serious possibility. All I will say is, these people are similar to those who stay out and don’t vote now. It’s an issue of “turnout”.
But even in this scenario (of a malicious voter rather than malicious service), Service B would then be required to do the reverse — process your other vote, and sign the transaction, then anonymously submit it to Service A to be signed. Service A would have to either refuse to cooperate with Service B, or sign it. After that, you’d be given a QR code presented by Service B, and verify it with Service A.
Of course there could be far more than just a of Services A and B. There could be 100 services (eg web-based) and voters could be required to go through a chain of 3 of them, as determined from a random oracle (ie they don’t get to pick who to collude with). You’d get the list of 3, and an honest service would simply redirect you to the next one as you bounce between two devices via QR codes.
Service A on Laptop
Service B on Phone
Service C on Laptop - done
You see, there is a huge difference between actors/nodes simply voting between some arbitrary choices A and B, and nodes voting while also following cryptographic constraints amd creating a trail where cheating at any step can be caught and proven later. The latter is much harder to pull off and, given costly enough consequences, creates chilling effects and strong incentives to be honest. This is what many BFT algorithms get wrong and why they fail in the presence of over 33% malicious nodes.
1. I open my laptop, and I say I want to vote for Alice. It presents a QR code.
2. I open my phone and scan the QR code. It says I'm voting for Bob.
I repeat this five times and the same happens. What do I do next? Assume I'm also afraid of publicly admitting I'm voting for Alice. Assume this only happens for a small part of the electorate, say 1-2%.
Here is another scenario: I have a sophisticated malware on both my phone and laptop.
1. I open my laptop, and say I want to vote for Alice. The malware connects to a voting server and asks it for a vote for Bob. The voting server replies with a QR code that proves I voted for Bob. The malware on my laptop then prints a QR code that says "hey, phone malware! this person thinks they voted for Alice, and here is the validation for their vote for Bob".
2. I open my phone and scan this QR code. The malware on my phone tells me "Yup, this is a vote for Alice". I press "Vote", and it sends the information from the Bob vote to the validation server. I'm happy that I voted for Alice, but the system has recorded that I voted for Bob, with all necessary signatures.
3. Even if the system includes the ability to check your vote, I can't prove to anyone else that I was trying to vote for Alice.
Now, if this happens to a huge number of people, the election may be contested and re-done (in a functioning democracy; in a dictatorship, it was the whole point). But what if it happens to a small minority, enough to only steal 1-2% of the vote? What if it's additionally well targeted to people that aren't generally trusted by their peers, so that they will be easily written off as cranks?
Also, what if I come out claiming this is what happened to me, but this didn't actually happen? What if I'm a celebrity, or a well-known scientist? What if I'm actually Alice herself, shamelessly lying to my voters that the election was stolen?
Another scenario that defeats this scheme, that I haven't even touched on before:
I am coerced, defrauded, or payed to share my private key with a third party. They vote in my name from the comfort of their own home, with every single system you described attesting that my vote was cast legally.
Try to prove that I shared my key, while still preserving the anonymity of private key <-> individual person association.
And this doesn't even get into how the private keys are given to every single person in a country without revealing them to a third party in the first place, but also without generating valid private keys for people who aren't entitled to vote.
In the first scenario, to answer your question, if service 1 kept being faulty (saying you vote for Bob when you voted for Alice) then you'd simply increment your nonce and try another VoteChain that starts with service 52. The VoteChain determines which 3-4 services out of the 100 are consulted, and in what order. You have a few nonces, up to 10. If you claim ALL random services you've tried are faulty, then yeah, go ahead and sit out the vote, you're probably just a liar and complainer. They don't know who you are, so the chances of them being good for 100 other people and specifically not good for you, 10 times in a row, are very small. And even if it was true, that's 1 vote out of many. Now if this happens more frequently, then these services could be dropped from the 100, pending investigation -- which is easy since the services don't know who is voting, could be the police. So why would the services risk being on the hook for this?
In all your examples, you're begging the question.
In 1 and 2 in the second scenario, you assume that your own phone AND your own laptop AND all the servers all have malware and are undetectably malicious. In that case, you have much bigger problems -- they can, for example, steal money from many people, send messages to ruin relationships and reputations, and much more. In your example, large swaths of people can't trust any of your devices. In that case, society as a whole is cooked. It's not quite as paranoid as "not trusting the cryptographic algorithms and math", but it's close.
Let's assume that the Trusted Computing Base isn't compromised. Because if it is, then you may as well also distrust all the poll workers as being corrupt, and the media as reporting the wrong result, etc. After all, this system is being added ON TOP of the existing system, so it can only ADD security.
Regarding giving out private keys without revealing them to a third party, I have already said that's a strawman. They'd be giving out tokens that are used to prove that you have 1 vote, and they are put through a mixer by the people, like pulling numbers out of a hat. On the other hand, the public/private key pairs are generated by the person on their own devices (e.g. in the secure enclave). You can't steal these keys so easily, unless you steal the person's phone AND coerce them to enter biometrics when voting. But then you could just make them do a wire transfer or anything else.
Look, about this constant refrain about "coersion, defrauding, etc" this happens already. Voter intimidation can happen already, preventing you from going to a polling place, or simply disenfranchising you making it too inconvenient or far to go. It's a much BIGGER problem now, that would be REDUCED if you could vote from your phone, and on net you'd have an improvement.
Also, since in the USA you don't need to present ID while voting, a person could tie you up in your basement and go vote as you. Since in your hypopthetical world, illegal coersion and force and defrauding has no consequences apparently, then that would mean in CURRENT voting schemes, people could just vote as others.
Heck, in Australia, I could even get someone in trouble by voting AS THEM. Their name would appear twice. In Australia, they fine you if you didn't show up to vote. So without IDs, you can get in trouble either way (if you don't show up, or if you supposedly voted twice).
I'm telling you, the same people who claim IDs are totally unnecessary for voting, are the same people trying to find attacks on cryptographically secure voting. But many of these "rubber hose attacks" are already doubly possible in today's "physical" voting schemes, along with all the other downsides (the cost, the speed, the scandals, as you can see with uncertainty in elections around the world).
30% of the USA thinks that the 2020 election results were illegitimate. You can't wave that away as "well, our paper elections are great, they're just partisan hacks/deluded". I bet you with cryptographic elections, that 30% would be far less, and elections / referendums would also be cheaper and easier to do all the time. You wouldn't need to do it once every 4 years and spend billions AND it would be more reliable.
In 2, I explicitly said that it is only my devices that are infected, not the servers. My devices communicate to the servers exactly as if I had voted for Bob, but they show me that I'm voting for Alice.
In scenario 1, it could be either one. If it's my own devices that are compromised and refusing to let me vote for who I want is to add, then it doesn't matter which of the many vote services I connect to, the result will be the same. It's just a simpler variant of 2, in this case.
Also, this is all not "added on top of" the existing system, because poll workers today only need to know how to count votes. To handle this enormously complex system, they have to know a HELL of a lot more, even to help voters. So, you need entirely new people in all of this, replacing the dead simple system that even an illiterate person can successfully volunteer for, with a system that requires IT people and others.
And if you'll say "but you can always fall back to the paper polling system", that means we're adding a bunch of cost, so it makes the bar even higher to prove so much extra effectiveness for this. Plus all the insecurity now compounds - the security of a system is equal to the security of its weakest component, so adding a strong security component on a weak system has no effect. And if I'm right and the e-voting system is more easily attackable, then we've actively worsened the security of the whole vote by adding it on top of the old system.
For the "tokens" that you're giving: those are either private keys (in which case, whoever gave you the token might be holding on to a copy), or they're not (in which case, they don't play a part in the cryptography). I can generate a private key all I want, but someone needs to take the corresponding public key if I am to participate in the system. With Bitcoin, this is not an issue as we're not trying to enforce one man - one wallet, quite the opposite.
In all the talk about the intimidation issues with the current system, you've ignored the core difference: in the current system, I may be able to dissuade you from voting, but I can't vote in your stead. Even if I try to, I am generating video evidence at every polling station that I do it. And it doesn't scale: the more places I go to, the bigger a chance that I'll end up being caught.
But with home voting, I can collect private keys (and tokens, whatever those are) from 100k people and vote through all of them however I like. I am not going anywhere official, so at worse I have to hide my IP so it's not like too many votes are coming from a single place.
I'll be fair and note that this is also a problem for mail-in voting. It's a big reason why I'm not a supporter of mail-in voting either, and am happy that my country doesn't do it. By the way, the fact that the USA doesn't require ID to vote also seems crazy to me. I understand the reasons for it, but the fixes are so simple (but take a lot of time) that it's amazing to me that they are not even discussing implementing them.
And related to distrust in the current voting system, particularly in regards to the 2020 and the 2000 elections: most of the distrust was actually focused on (a) voting machines [hanging chads in 2000, "Venezuelan" voting machines in 2020], or (b) voter registration issues. Moving to an entirely electronic system as you describe makes (a) MUCH worse, and doesn't improve (b) in the slightest (as you still need to register just the same).
I even took a class from a professor who regularly testified to congress on the topic.
Paper ballots all the way.
Not really. Generally if you want to privately check something like this, you encrypt it for the recipient (government), and sign it with something that only you know. So the contents are hidden from everyone and nobody knows anyone's signature, but you can prove that your item is in the list, unmodified, and is therefore counted.
And then the chain would provide a quick way to check for "has not been modified since I checked", without needing to do the full check again.
E.g. have your signature data be a class of values based on vote possibilities, but have all produce the same final signature. You could produce anything for anyone that way. I'm not sure if that'd be "forward secrecy" or "deniable encryption" or what, but there are a variety of systems that do similar things.
I am not a cryptographer and I don't know any concrete implementations that would have all the properties I want, but pieces of pretty much all things you could reasonably want in a voting system do already exist. And pretty often they can be layered together. The bigger problems in practice seem to be "people won't trust it" (which is defensible), "some of the fancier crypto is too new and not thoroughly proven" (which is very true, e.g. zero-knowledge proofs), and "implementers so far have been stunningly incompetent" (undeniable).
(edit: or I guess more easily, just sign the data after encryption, and throw away your encryption key. then you can claim whatever you like - it's encrypted, they can't know, and you can still show that it wasn't changed)
(Or, equivalently, use something like CBC mode with a random i.v.)
I mean sure, if someone can come up with a workable blockchain-based system that would be good, but I don't think that is an in-practice option on the table right now.
But honestly, I think the whole idea of being able to prove how you voted being dangerous is overblown. The same people who say you don’t need an ID to vote because it’s a non-issue then come up with fantasy scenarios of masses of people being forced to prove how they voted, or bribed to do it LOL.
Would you believe that in some households, the husband considers his wife's vote as his property? And that there are lots of households like this?
It doesn't have to be a singular mass of people being coerced by a single entity. Lots of wives being coerced by lots of husbands is also corrosive to elections.
Well you’re wrong.
Simple. They’re wrong.
Voter ID is simply not something that will add security to the voting process but it will disenfranchise voters.
ID is already verified when registering and names are recorded when submitting ballots. Anyone seeking to cast ballots in the name of registered non-voters would need an army of individuals that won’t be recognized by poll workers and perfect knowledge of who is registered and not voting.
If a single registered voter name tries to cast two ballots that will trigger an investigation that will unravel the conspiracy. It doesn’t scale. It’s a problem made up by people who want to disenfranchise voters and is eaten up because it sounds “common sense”.
People who don’t think anonymity in voting is important lack imagination and historical knowledge. Fear of retaliation from the government, political fanatics, your family, or friends is perfectly rational and is why voting must be anonymous. This is an especially reasonable concern in an election where one of the candidates refers to voters as “the enemy within”. Consider voting for a Communist when Senator McCarthy was on his witch hunts. People are right to be scared of retaliation.
My point was — when it comes to challenging things you agree with, you write long explanations with nuance.
But when it’s things you disagree with, you say they’re “simply wrong”. That’s what I was getting at.
You need to have a consistent standard for discussion, and clearly the latter approach isn’t very helpful or productive.
> You need to have a consistent standard for discussion, and clearly the latter approach isn’t very helpful or productive.
And yet you just did what you accuse me of.
This is a very real problem with a well known history. Even in the USA, gerrymandering is facilitated by this kind of information. If votes were mixed during counting so that you didn't have information about vote counts in each polling place, it would have been considerably harder to come up with the crazy districts being used today in many places. Having personal identification of each voter would definitely have creative uses as well.
And as for bribing, in this very election we have Elon Musk publicly announcing he's giving out money to people who essentially pledge to vote (with some attempts at plausible deniability for committing this federal crime). I'm sure smaller and less loud election influencing is being attempted all the time - but it's hard to do if people can outright scam you and vote differently than what you paid them. Having an online proof of your vote would open up the floodgates to this at a massive scale. And there are plenty of people poor enough to see this as a lifeline.
I doubt it, and I suspect if you try to point at a specific system to implement you will find that that none exist even in theory. I can verify I voted with zero knowledge, yes. But I can't verify who I voted for. So I can put candidate A into the machine, it switches to candidate B and we can all prove I voted in the election.
Conversely, if I can prove who I voted for then the scheme is vulnerable to the well known after-election issues because I can prove it to others. If I can only prove something with plausible deniability note that I probably can't tell if the machine switched my vote around. There might be something that can be done in the space, but it is a tricky one to resolve.
> But honestly, I think the whole idea of being able to prove how you voted being dangerous is overblown.
If you check you may well find it in a reasonable-worse-case scenario it is a matter of life-and-death. I think maybe literally zero government electoral systems make the voter's vote public (ie, we have near universal secret ballots [0])? There is a reason for that. If we wanted people to sign their name on the vote slip that'd be great for auditing - but we don't because that would set the system up for some really horrible failures. The one that leaps to mind is "if you don't vote for me and I get in, I will do [insert blank] to you" strategies.
[0] https://en.wikipedia.org/wiki/Secret_ballot#Chronology_of_in...
In most US states I can get a voter’s database and “party affiliation”. I was shocked that thus info is publicly available, and all the people’s addresses and driver’s license info are also stored there (and can be leaked)
And make no mistake, these databases are regularly leaked / hacked: https://qbix.com/blog/2023/06/12/no-way-to-prevent-this-says...
In fact there is a law for states to create and maintain this information. https://ballotpedia.org/Availability_of_state_voter_files
The “party affiliation” is a very good (around 95%) proxy to how they’re going to vote when they show up, as long as the two-party system dominates, which is why I say the whole “ability to prove your vote” thing is overblown, since your party affiliation at registration is already known, even publicly:
https://www.pewresearch.org/politics/2023/07/12/voting-patte...
Explain how Estonia is able to reliably and securely do online elections, if only paper elections are secure:
https://e-estonia.com/how-did-estonia-carry-out-the-worlds-f...
Many times, people claim that technology would never be able to do a good job at what humans do manually — and almost always this has been proven wrong after a while: https://www.coindesk.com/tech/2020/03/12/in-defense-of-block...
Crypto (by which I always mean cryptography) can help secure a lot of things that normally are just “trust in a middleman”
But to fight corruption you need more transparency and to increase the costs of conspiracies, ie, to head in the opposite direction of voting machines.
Voting in my area is managed by my county. There's 1.1M people in my county and it's not even the biggest in my state. I'm supposed to personally know all of the few hundred people working the election out of 1.1M spread across 2,200sq km?
I've worked in elections in Sweden, and all elections are recounted at least twice, by different people.
Each with their own rules, whether or not ID verification is mandatory or literally illegal, style of voting (mail vs in-person), ballot design/UX, what languages the ballots are in (are ballots in Sweden in anything but Swedish?) and mutually incompatible equipment. There are thousands, if not tens of thousands, of ballot designs in use for the current election.
When viewing this at a macro level for electing the office of the President, it seems absolutely insane.
Instead of having to compromise a single system, you are forced to compromise dozens or hundreds of systems run by people with opposing ideologies
You need to know an every single system and you can't look for discrepancies what would be obvious in the environment with a standardised system.
As such getting the count absolutely correct isn’t necessarily as important vs more systemic biases like gerrymandering or voter suppression. The vote may be rigged before people started casting ballots, but that doesn’t make voting useless. It’s the strongest signals that are most important and that’s still preserved.
This is also a good argument in favor of decentralized voting management, as much of a shitshow as it may be. Centralizing the management of voting under the authority of the people voting intends to kick out of power is potentially self-defeating.
History lesson: The 2004 Washington state governor's election was decided by a mere 129 votes, and only after multiple recounts and repeatedly "finding" boxes upon boxes of supposedly uncounted ballots in the weeks following election day kept altering the totals and overturned the original result. The election was extremely controversial and not decided until two days before Christmas. Due to these irregularities, many people did not accept the results for years afterward.
https://en.wikipedia.org/wiki/2004_Washington_gubernatorial_...
Even more bizarre, the election closely shadowed the plot of the movie Black Sheep, which was released 8 years before.
The explanations given in the wikipedia article seem pretty plausible.
https://en.wikipedia.org/wiki/2004_Washington_gubernatorial_...
I don't see how it's any different what happened in the 2020 election, where Trump appeared to win at first, but a bunch of mail-in ballots (which were counted later) turned it around. While I can see why it might seem superficially suspicious, such phenomena is inevitable if the pool of mail-in (or other forms of voting liable to get delayed/incorrectly rejected) ballots lean one side.
God help us that Pennsylvania mandates mail-in ballots can only start being counted on election day.
Its also worth noting that just because the central government could run one standardized election process doesn't mean that the election is easier to secure. Ultimately polling places would still be local. Maybe it helps a bit if everyone uses the same system, but that's more about consistency than security.
How are you going to have 5 digit numbers of fraudulent voter registrations ready to deploy in all of the critical areas, but also ready to enjoy intense public scrutiny before and after the election. Voter registration databases are public, more or less, so you need to figure out how to fool the people running the election as well as the third party watchers, statisticians, academics, journalists and the veritable army of people who could have their entire career made by uncovering fraud.
> and are finally deposited into a box for safe keeping/future recounts
It's completely different from a machine count. Humans have human failure modes, which are easily accounted for. Machines have random failure modes, and complex ways of being attacked. And all of the machines can be wrong in one direction at the same time, which is impossible for human counters.
Even random spot checks don't work for machines if the machine has some way of detecting it is being checked.
That's theoretically a possibility, but it's trivially defeated by choosing which ballot boxes to spot check after the machines have finished counting.
The electronic voting system issues in the 2000 elections motivated the Help America Vote Act of 2002 under which voter-verified paper records for audit purpose required for all voting machines (this requirement became effective in 2006); effectively, “voting machines” add ballot marking machines that may also be involved in convenience tabulation, but are always audited against hand counts of paper ballots, which are the ultimate authority.
As to how the votes on the ballots are tallied - if those machines are compromised seems like a definite problem -- though there is at least the option to hand count the ballots to compare against ...
I absolutely hate that fact. I am a human, I cannot read barcodes without a computer. Therefore, I cannot tell if the important part of what was recorded is correct.
Not sure if Colorado's are the same...
Says who? Also, what does "accurate" here actually mean?
Speaking as someone who actually understands computers and machines: I agree with the commons (who are simpletons with regards to computers and machines) that machines cannot be trusted to be "accurate" (whatever that means) or even trusted in general.
Especially when a simpler, confirmable-by-anyone method exists: Having someone count paper ballots by hand in the presence of anyone and everyone. That includes mistakes and errors. The value here is anyone and everyone can and will immediately understand (and thus accept) what is going on.
Also, why are we even putting the integrity of the very foundation of our democracy on the table in exchange for convenience and cost of all things? Are we serious? It should be a good thing we are taking precious time and money to make sure our democracy is working properly. I thought democracy was actually fucking important.
I've written some code at a previous job to simplify data entry. The previous method was adding numbers from a stack of papers, with a calculator. I trust my code to add up the numbers on the computer over a human reading them from a printout and entering them in a calculator.
Humans make mistakes. A lot.
To put some numbers on this, from my experience.
Health insurance manual claims processors (who usually average ~5 years of experience) can do 95+% accuracy, at speed (a few minutes), at scale. That's counting and verifying multiple things against processing rules.
General data entry, from less trained folks, tends to average around 85% accurate (i.e. 15 mistakes + 85 entries correct, out of 100 entries).
I agree with GP. Transparency is more important than precision in democracy.
Good engineering is about choosing the right technology, not just the more recent one. Sometimes the right technology is paper.
Plus, you have the extra layer of public perception: it's much easier to convince a chunk of the public that all the machines in some area are miscounting, than it is to convince them that all human vote counter in those areas are miscounting, and all in the same direction.
And you can send observers that can watch the entire process.
"Entire" is the keyword here.
Any programmer worth their salt knows that it's practically impossible to vet that what is executing is 1:1 the code that someone at some point in time audited somewhere, or that the code is worthy of trust from the commons in the first place.
Anyone and everyone can watch someone count paper ballots, noone can watch a computer count electronic ballots.
What?
There are entire systems built around doing exactly that. Embedded, military, high-trust.
It's never state of the art performance or mass deployed, because most people would rather have performance and cost optimized over assurance, but it exists and is in production use.
You verify hardware, chain of custody from production to delivery, track every deployed piece of hardware, then lock the firmware and enforce restrictions on anything that executes after that.
It's not easy or cheap (or foolproof, as anything can be exploited), but it's also not impossible. And substantially hardens security.
And for simpler systems with lower performance requirements, completely achievable.
F.ex. voting machines don't need to be running 16-core, hyperthreaded CPUs running multi-process operating systems
There is no way to demonstrate that what is executing is the source code unless you're compiling at execution time from a local vetted copy of the source code. Is the guy who vetted the source code vetted? Who vets the vetter? Is the compiler actually compiling the source code? Is the compiler compiling as generally expected? What about bugs in the compiler? Is the source code even what it claims (binary blobs!)?
What about the hardware? Are there any black box enclaves? Bugs? Does it actually crunch as would be generally expected of a number cruncher? Does it even have the vetted software?
All this complexity and anyone would be fully within their right to say "I don't and won't trust this."
Meanwhile, someone counting paper ballots by hand can be immediately understood by anyone and everyone. It's simple and it's brutally effective. So what if the process takes time? Good stuff usually takes time, what's the rush? So what if the human counter(s) screw up? Human errors are inevitable, that's why you count multiple times to confirm the results can be repeated.
The most secure, most hardened, most certified ballot counting machine cannot compare to a simple human counting paper ballots in witness of anyone and everyone.
Still, in the interest of a conversation, some brief answers. Please ask in detail about any you're interested in (but realize I'm going to balance the time I spend answering with the time you spend researching and asking).
"Is the guy who vetted the source code vetted?" Yes, because he or she was assigned a key and signed the code with it.
"Who vets the vetter?" Whatever level of diligence you want, up to and including TS+SCI level.
"Is the compiler actually compiling the source code? Is the compiler compiling as generally expected? What about bugs in the compiler?" This is why you test. And it's pathological to believe that well-tested compilers, that have built trillions of lines of code, are going to only fail to successfully compile election code.
"Is the source code even what it claims (binary blobs!)?" See test and also dependency review and qualification.
"What about the hardware? Are there any black box enclaves?" Yes, by design, because that's how secure systems are built. And no, the enclaves aren't black boxes.
"Bugs? Does it actually crunch as would be generally expected of a number cruncher?" Testing and validation.
"Does it even have the vetted software?" Signed executables, enforced by trusted hardware.
> Meanwhile, someone counting paper ballots by hand can be immediately understood by anyone and everyone. It's simple and it's brutally effective
No, it's not. Because people are messy, error-prone entities, especially when it comes to doing a boring process 100+ times in a row.
You're not comparing against perfection: you're comparing against at best bored/distracted and at worst possibly-partisan humans.
Human counts rarely match exactly, because humans make mistakes. And then they make mistakes in the recounts intended to validate counts.
If you can't envision all the ways humans can fail, then I'd reflect on why things never fail at your work because of people, and everything always runs smoothly.
>you're not thinking about this very hard
Yes, because the commons will not think very hard about a complicated "solution" when a much simpler solution already exists.
>If you can't envision all the ways humans can fail,
Yes, humans fail. It's also not important. Any election worth its salt should be counting multiple times using a variety of counters and witnesses to demonstrate repeatability of the vote.
Again: Humans failing is not important.
What is important is the ability to verify immediately and simply how the vote is being tallied. Machines can and will fail (or more likely be corrupted) like humans, but we can immediately see when the human screws up whereas it's impossible to see when the machine screws up.
It's baffling I'm having to argue this to FOSS people of all peoples, you guys should know better than anyone else that vetting source code and binaries and hardware is a fool's errand for something as important as counting votes.
Nothing beats the brutal simplicity of hand counting paper ballots while everyone watches.
This is a completely different thing. In those systems, the organization doing the vetting is the one that protects itself through those systems; the good of the organization is presumed to be aligned with the good of the end-users by the threat model. That is, the threat model is purely external to the organization: we are protecting the army's computers from an enemy army or a rogue soldier. An end-user of such a system (say, a low rank soldier sitting in a tank that includes remote-controlled components) can't really trust that those things are used in their best interest. For all they know, the devices are listening to every conversation looking for signs of treason/incompetence - this is still perfectly allowed by an embedded, military, high-trust system. It's the generals that trust the system, as it were, not the individual soldiers.
In contrast, in an election, what we care about is not that the sitting president trusts the results; we care that every individual voter trusts them. And the individual voters are not the ones that have the power to control the way procurement, hiring, vetting, verification, and everything else is done. In fact, the relationship between the electorate and the voting organizers is normally modeled as partly adversarial. The true test of a democracy is whether the populace can easily vote down the people currently in power, the ones that are organizing the election, when they would like to maintain their power.
So yes, I agree that if I am building a system that I want to trust with voting, and I have enough money, I can build an electronic system that I can trust. And you can build one that you can trust. But I can't build one that you can trust, unless you already trust me.
That "unless" is the whole problem. And it's not just if a third party gets involved, it can well be from the builders or the current operators of the machine who are the ones actively exploiting it as well.
While I think of it, the USA and UK should both stop holding votes on working days. That is nuts! Do what Australia does and vote on a Saturday and make it compulsory.
The Tuesday law was passed in 1845. Instead of changing it, many legislators are pushing in the opposite direction: trying to selectively suppress their opponents' votes further. If it hurts them more than us, it's a worthy goal!
Here is a similar example: https://www.volksfreund.de/imgs/scaled/28/1/8/3/7/5/7/5/0/5/...
The vertical columns (labelled as Group A to E in screenshot) divide up the political parties. The Greens will be one column, Labor Party another, Liberal Party another column and so on.
There are two horizontal rows separated by a thick line.
You can choose to either vote "above the line" or "below the line" but not both methods.
Above the line is used if you would like to vote based upon the wishes of a political party and below the line is used for "finer grained" voting for individual persons.
For example the Labor party might have 3 Candidates "Fred", "Mary" and "Bob" if I vote above the line I can put a 1 next to the Labor party and then the Labor party's wishes will determine how my vote is distributed.
Or if I Vote below the line I must number 12 different people in the order I want them to be chosen. So I could number Bob from Labor first, Peggy from the Greens second, then Fred from Labor third and so on and I exert exact control over how I want my preferences to be distributed.
edit: Our elections are staggered, The State parliament is elected on different day to the Federal Parliament, which is different to Local City Council elections.
But in terms of communities it might be that voting is looked down upon for certain members of that community not the community as a whole.
In broader terms while marking people who have voted may not reveal who they voted for it does reveal that they did vote. This is less private than the election authorities maintaining the record of who has voted.
(Taking a bit more pointed tone than I usually would, because of the amount of misinformation around this general topic and because of annoyance at people putting less effort in than election workers, from secretaries of state down to volunteers, and casting shade from the laziness of their armchair. Thank you to all the people spending their time trying to secure elections!)
Did you try searching for "colorado voting audit"?
There's a page on their SOS site... https://coloradosos.gov/pubs/elections/auditCenter.html
Which even has a YouTube video on the process... https://m.youtube.com/watch?v=oKgSKh4utNo
The presence of the barcodes doesn't do anything to reduce the trustworthiness of the system
Tell me this: what is the advantage of a barcode, over a scantron-esque system where I can see which item I chose because a dot is filled in?
The scantron-esque system is still efficiently machine readable; we've had scantron since I was a kid. The difference is, I can verify with my own two eyes that the information is encoded correctly on the ballot I submitted if it's done scantron-style.
I cannot do that with barcodes.
It adds another layer of safety. Do we still have to be able to trust the rest of the system? Yup. But I cannot trust anything at all if I cannot even verify that my vote was submitted correctly in the first place.
JMHO.
It's about the ability for the voter to determine that their own part of the process -- the recording of their own vote -- is done correctly in every respect.
Each step of the system has to be verifiable as correct for the system to be trustworthy. As it stands right now, I cannot visually verify that my own vote produced a correct printed ballot. I have no way of doing that.
This removes one of the most critical safeguards. If something in the software (malicious or otherwise) records an incorrect barcode, I have absolutely no way of knowing.
That's a problem.
Garbage in, garbage out.
To me, this seems like the only part worth worrying about, and any solution to it should satisfy your concerns as well.
Every ballot should have a UUID that the voter takes with them (or make it a hash of their voter registration number or something). As soon as the ballot is processed, the results are posted to a public place. Voters can then confirm their ballot was recorded accurately.
This still doesn't tell you that all the internal variables were incremented correctly, but you can separately aggregate the publicly posted results and compare with the aggregate reported by the machine.
The problem this still doesn't solve is electronically stuffing in fake ballots.
Opening the door for vote bribery or voter intimidation.
$1,000 for every tag proving you voted for my candidate.
If you don't prove you voted for my candidate, expect some retaliation!
This doesn't happen today because it isn't scalable and is easy to get caught and prosecuted. Electronic manipulation is more appealing because it does not require interacting with people.
Most people aren't going to try too hard to undermine or outsmart the gangster. Which is why, again, the perpetrator doesn't even need validation of how people actually voted. Vague threats will work just fine. In fact the gangster will still beat up a random sampling of the voters anyway.
If the gangster is just going to hurt a random sampling of people anyways, you might as well just vote however you want to vote. They may or may not commit violence against you regardless of how you vote, its completely disconnected. If you know they can validate it, you're probably going to be less brave.
Just put yourself in those two situations. One where the ballot is absolutely secret, and one where it can be trivially looked up. Someone says you better vote for X or I'll hurt you. You really don't want to vote for X. In the first instance, do you vote for X? In the second, do you still vote for X knowing the thug will be able to know for sure how you voted?
I'm not suggesting nobody would do an illegal thing, obviously I acknowledge people would do illegal things. I'm just pointing to that as why taking a photo of a ballot is illegal in many areas.
I don't disagree that it's strictly better, but the improvements in security are marginal. Any audits/recounts would be done by looking at the human readable part of the ballot, and would therefore be unaffected. Moreover, regardless of whether there's barcodes or not, you'd want to conduct proactive recounts to mitigate any risk for tampered/broken machines. In that case, getting rid of barcodes wouldn't add any security in practice.
Seems a pretty substantial difference to me.
When was the last time you had a printer print the wrong thing? Moreover, if an election is close enough that a few votes matter, there's definitely going to be a manual recount, so any advantage is purely academic (eg. knowing that candidate A won by 51.704% rather than 51.703%). Point is, either the error is big enough that it's trivially detected with spot checks, or the margins are so close that a manual recount is performed automatically.
A collection of dots and a collection of bars are the same to me in terms of trusting the computer actually read it right.
I'm fine with it so long as the choices are also printed in a human readable way at the bottom. If it was just a giant bar code or whatever I wouldn't like it.
Googling around I think colorado banned ballots with qr codes / non human readable machine encodings .. or at least banned use of them for tallies
https://securitytoday.com/Articles/2019/09/18/Colorado-Becom...
Either way it smells extremely fishy to me.
I have never used such a machine but the UX could be a lot clearer than the analog filp-and-punch machines used in Florida in 2000.
I don’t love software in the voting process but printing the choices is verifiable and reduces ambiguity in the voting process.
He could have continued the challenge and drawn the process out, throwing in throwing in the towel to allow the process to end was his choice, it wasn't stolen.
It went to the Supreme Court. The SC made two rulings. First, in a 7-2 vote, they ruled that Gore couldn't recount just in specific spots - if they were going to recount, they had to recount everywhere. Second, in a 5-4 ruling, they ruled that they couldn't keep recounting - they had to meet the December deadline with what they had.
That second ruling is what people are talking about when they say the election was "stolen".
Personally, I think the SC was right. Recounting only where you'll gain is cheating - you're trying to win, not trying to have an honest count. And if Florida had missed the deadline, and Gore had won because none of Florida's votes counted toward the Electoral College? That would have been stealing the election. It also would have been a violation of the Voting Rights Act and a bunch of other things.
I don't actually remember hearing people describe the election as stolen at the time. I know people weren't happy about it, but either I just lost that memory over time or "stolen" is a newer description of 2000 now that its become so commonplace today.
Either way, I have a hard time seeing an election that was recounted and challenge GED all the way to the Supreme Court as stolen. Contentious for sure, but that sounds like the system working as intended rather than theft.
You can be unhappy with a result, and maybe even see a path towards changing it, but at some point politicians owe it to their country to support its core democratic institutions.
Clearly and publicly accepting well-audited voting results should be first requirement for presidential candidates.
(Said as someone who has thoughts about the 2000 election, but respects what Gore did as a patriotic choice)
https://www.resilience.org/stories/2004-11-05/electronic-vot...
Bonus points for also casting doubt on electronic voting machines :)
A further reference from 2012 has the "stolen" language: https://nymag.com/intelligencer/2012/06/yes-bush-v-gore-did-...
https://www.cnn.com/2015/10/31/politics/bush-gore-2000-elect...
My main takeaway is that this was within the margin of error so we shouldn’t go crazy trying to play what-if scenarios and getting distracted from blaming Florida for having a bad system which produced high error rates. Once you’re in the noise like that, you’ve guaranteed that someone will be unhappy.
1. It was the Bush campaign that asked the Supreme Court for a stay.
2. The initial recount was triggered automatically because of the narrow margin. It was not requested by Gore. He did still lose it but by a much smaller margin than before. It turns out that 18 counties in Florida didn’t carry out the recount, although Gore never challenged this.
3. Candidates are allowed to request recounts in individual counties. Gore exercised that right in four traditionally democratic voting counties. Bush had the same right.
4. Later analysis showed that Gore would have lost the counties he requested recounts in but if Florida had properly counted ballots in the first place he would have won.
5. The Supreme Court controversy comes from Florida’s requirement to certify results within 7 days. Several of the counties that Gore requested said they couldn’t complete the recount in that time. The Florida Secretary of State didn’t extend the deadline for certification but did allow counties to continue recounts and amend their results. The Supreme Court stepped in and stayed these recounts, forcing Florida electors to accept the initially certified results and blocking any amended results.
At least so blatantly visibly explicitly and shamelessly.
Idk I think something was stolen from over half the voters.
[1] https://www.cpr.org/2022/07/13/colorado-counties-begin-audit...
My preferred machine would be one that did not use integrated circuits, but was simple enough that the entire board and circuit was visible - with no software beyond the circuitry at all. You just need a very simple sensor and tally wheels that mechanically advance, like those used for measuring wheels etc. No need for memory. Keep automation to the absolute bare minimum.
Neither did you have the opportunity to also vote for the other color of the uniparty and cross check the ballots to see they printed identically and according to selection
CO mails paper ballots to everyone* about a month before election day. You can choose to vote in person, or mail in/drop off your paper ballot anytime prior to election night.
My understanding is what while the ballots are paper, many (all?) are tabulated digitally. It certainly appears to be laid out in a way that benefits digital reading, and i believe that is what the machines in question are responsible for.
* for some definition of "everyone"
I’m an overseas Colorado voter. They lump me in with the military voters so my voting process is super easy (I’m sure certain groups would love to make this harder, but not for the troops). I get an email that my ballot is ready, I go to the CO website, authenticate with my SSN (fucking yikes), fill out my ballot online, print a copy to pdf, slap a digital signature on there, and email it back to the SOS who presumably prints it out and throws it in with the rest, and then get an email saying my vote has been counted.
It’s amazing how easy voting can be when we want it to be.
Even this isn't secure now, because everyone can just photograph their voting card within the booth.
You're proposing that secret vote-buying conspiracy is going on and thousands of people are all keeping their mouth shut in order to keep getting that... $10, $50, $100 bribe?
Vote buying also does not appear to be a problem in the US electoral system, as another commented pointed out: in order to make a difference in the election, you’d have to buy enough votes that someone would be bound to tell on you.
It's not just about vote stealing per se, it's about any third party infraction of individual voting rights. It may not matter on a large scale, but it matters to individuals.
Not only that, but it matters that bosses can't coerce workers into voting for someone, or an abusive spouse, or any third party who might have an interest in swaying an election. It often doesn't take much to sway an election.
It becomes very problematic when a victim is unable to vote for someone who would stop abuse. For example, Russia decriminalizing spousal physical abuse. That same thing could happen anywhere, and then you'd have every asshole abuser at home forcing their family to vote for their choice.
Not having secure voting is a real problem, and one that is now unsolved thanks to smartphones.
With my remote voting, I can generate as many ballots as I want. If I want to make a dummy ballot that says I voted for any given candidate in order to fool someone it is easier than ever. Now instead of 1 physical ballot, I can generate multiple ballots, and do as I please with them.
There are checks to ensure votes aren't fraudulent, that's actually very easy and already done. You can send as many ballots as you want, but they need to be legitimised against a person. That's not such an easy grift. I believe
If you don’t want it to be possible for people to buy or sell votes, then you need to make sure every citizen is engaged and cares about casting their own vote, and you need to make sure the government has a stable and trustworthy system of checks and balances. And why not just make it illegal with massive fines to buy votes and post a huge bounty for anyone tattling on a vote buyer that gets prosecuted? It doesn’t seem that complicated to disincentivize vote buying in a way that eliminates any concerns about the method of voting.
Oh, hey, look: vote buying is already illegal in the US. https://www.law.cornell.edu/uscode/text/18/597
As I understand that article, BIOS access requires two passwords, and the list only provides one of the two passwords. So, instead of "password list" I would say "partial-password list".
The list also misses "There is 24/7 video camera recording on all election equipment." Of course, you can raise concerns and failure modes about video recordings, but that all brings up the question "Were those recordings compromised?" You should not assume that they were.
It’s interesting that she made excuses for herself but previously had no quarter for someone who landed in similar position.
The only reason you've left out the details that Tina Peters actually facilitated physical access to voting machines with both required passwords, while this current leak was not even sufficient for someone to repeat Peters' actions, is that it would be absolutely devastating to your entire argument.
But right now I feel like we are stuck, with one half the country having doubts about the process and the other half insisting that it is absolutely perfect. It isn’t enough for the process to be either correct or trustworthy. It has to be both.
Chesterton’s fence.
In this case it is clear we don’t have verifiable elections - you don’t need to understand anything deeply to know this, since it is apparent with your own ballot. So instead let’s design for something better.
Are you giving up the secret ballot in your scheme?
It's not correct that one half of the US insists that the election process is absolutely perfect. There have been countless investigations, inquiries etc. and the process is being continuously reviewed. One half of the US insists that the process shouldn't be changed to the detriment of minority groups without any actual evidence that problems exist (as the investigations etc. did not result in such evidence), yet the other half still insists that the problems occur and the evidence is just hidden too well, and the process must be changed without ensuring that minority groups aren't affected more than other groups.
This is not a situation with two equal sides.
This trope that minorities are affected by voter ID laws doesn’t pass the slightest scrutiny. It’s also just plainly offensive and racist to assume minorities can’t show the basic competency to obtain ID when you already need it for so many things. Where were these complaints when everyone, including minorities, had to show documentation around their vaccination status for various things? Why isn’t this issue in every other country that does require ID to vote in elections?
> without any actual evidence that problems exist (as the investigations etc. did not result in such evidence)
A system not designed to generate data for such investigations will not turn up evidence. Just like with poorly designed software systems.
It is well-supported by actual research (e.g. [1]) AND by simple logic. Every single point you brought up has a clear counter argument - why didn't you respond to any of them? Have you simply never heard anyone mention them?
> It’s also just plainly offensive and racist to assume minorities can’t show the basic competency to obtain ID when you already need it for so many things.
It's plainly offensive and racist to ignore studies (e.g. [2]) that prove a higher percentage of minorities owns government issued photo ID compared to non-minorities. I'm not assuming anything, I'm only looking at statistics, at real people and data. You're instead attempting to move the conversation away from data.
> Where were these complaints when everyone, including minorities, had to show documentation around their vaccination status for various things?
First, such complaints did exist back then as well. Second, both vaccination and frequent testing were subsidized by the government, with extra investments towards minorities. Why don't advocates of voter ID ever make similar suggestions? Why not propose a program that allows any minority to acquire a government ID without any downsides, and once that's done propose voter ID?
> Why isn’t this issue in every other country that does require ID to vote in elections?
Because in pretty much every other developed country:
- there exist standardized, government issued IDs that are distributed to every citizen during normal government interactions (e.g. in Germany you must own government ID)
- poor people (a group that minorities make up a disproportionately large part of) have more free time and are in far less precarious positions regarding job security, and consequently health care
- poor people have a far easier time getting to government buildings (e.g. cities are less car-reliant, better public transport, better coverage of government buildings)
The US is in a very different position compared to most other countries. It’s just plainly offensive and racist to introduce additional barriers to basic rights while fully aware that the average person from minority groups will have to spend more time and effort to clear them.
I'm not going to spend time digging up research for every claim I've made unless you're willing to do the same for your positions. But since you've now been made aware that this "trope" does pass the slightest scrutiny, I'm looking forward to your response! Just to summarize, you'll have to explain how the disparate impact of additional barriers to voting isn't "plainly offensive and racist" given that:
- non-minorities are much more likely to own a government ID than minorities
- non-minorities on average have an easier time acquiring such ID
- non-minorities on average face fewer potential repercussions regarding work and health care acquiring such ID
[1] http://ippsr.msu.edu/research/voter-identification-laws-and-...
[2] https://www.voteriders.org/wp-content/uploads/2023/04/CDCE_V...
I think the concern with not requiring ID is that it could allow non-citizens to vote. Making it illegal for non-citizens to vote also disproportionately affects minorities, but that doesn’t justify changing that.
Do you know any minorities personally who have struggled to get an ID? Most minorities I know would be pretty offended by that implication.
Come on, you can't mean this in good faith as a response to my previous comment. It's a fact that minorities are less likely to have government ID, and that it's on average harder for them to acquire it. This is not "a minimum requirement", this is a requirement that - in the current system - deliberately shifts power by disenfranchising voters.
> I think the concern with not requiring ID is that it could allow non-citizens to vote. Making it illegal for non-citizens to vote also disproportionately affects minorities, but that doesn’t justify changing that.
It is already illegal for non-citizens to vote, but I'm sure you know that. You also know that there is no comparison between the two things.
The worst part is: non-citizens voting would be a valid concern if there were any evidence for this happening beyond a handful of cases per election. But there isn't, because non-citizens generally don't want to risk being caught for one single additional vote. And it's not for a lack of looking - the GOP has spent millions upon millions of dollars to find anything, and they have not been able to procure evidence of non-citizens voting in any meaningful capacity. Yet apparently the rules must be changed anyway, no matter the cost to democracy.
> Do you know any minorities personally who have struggled to get an ID? Most minorities I know would be pretty offended by that implication.
Do you have anything meaningful to contribute to this discussion? Any response to any of the points I've already brought up? I don't need to bring up anecdotal evidence when this topic has been broadly researched, and basic logic leads to the same inevitable conclusion.
I sincerely do, I don’t know what else to tell you.
> It is already illegal for non-citizens to vote, but I'm sure you know that.
In many states, non citizens can vote in state or municipal elections just not the federal. In states without Voter ID, a non citizen could easily register with an electric bill. It would be illegal, but it would be very hard to prosecute.
> Do you have anything meaningful to contribute to this discussion?
I think you bring up great points in a challenging and partisan topic. I’m just outlining some of the concerns that people have with not requiring Voter ID. You can dismiss them as invalid if you want! But I think you would have more luck trying to prevent the disenfranchisement of minorities if you wouldn’t dismiss all of these concerns out of hand.
Again, you’ve made a fairly strong case that voter ID disproportionately affects minorities, but you haven’t made the case that wide swaths of voting citizens are actually disenfranchised, nor have you made an argument that justifies abandoning the concept of election security altogether.
Let's play this scenario through. You're a non-citizen and risk being found by registering to vote. You get a provisional ballot (since you can't have registered properly before, as that would have been validated and found). This provisional ballot will be counted once your registration is validated, which it won't be, since you're a non-citizen. So what is the exact danger here?
> I think you bring up great points in a challenging and partisan topic. I’m just outlining some of the concerns that people have with not requiring Voter ID. You can dismiss them as invalid if you want! But I think you would have more luck trying to prevent the disenfranchisement of minorities if you wouldn’t dismiss all of these concerns out of hand.
Thanks, but I'm not dismissing them out of hand, I'm asking for evidence that these things actually happen. If that evidence exists I'll gladly agree that election security must be improved.
> Again, you’ve made a fairly strong case that voter ID disproportionately affects minorities, but you haven’t made the case that wide swaths of voting citizens are actually disenfranchised, nor have you made an argument that justifies abandoning the concept of election security altogether.
Of course I haven't made an argument that justifies abandoning the concept of election security altogether, because who would want that? I want elections to be secure, just like everyone else.
I think I've made a pretty good case that enough voting citizens would be disenfranchised. Why does it have to be wide swaths? Why should you be allowed to disenfranchise even a small percentage of voters, even though you have no evidence that your security concerns are actual issues?
There was someone using the Michigan voter file (which has a line in it for each change to the voters record, so repeats voters) to claim that someone was voting dozens of times. They weren't airing a legitimate concern about the voting system, they were sowing discord by lying about how it works.
Your framing of the situation is reductive and cartoonish.
It has a surprisingly(?) low view count for how riled up everyone is about all this.
If you want more insight into this system, here is a test plan from August of this year on the Election Assistance Commission's website:
https://www.eac.gov/sites/default/files/2024-08/ClearVote%20...
It also has a list of bug fixes like:
> Changed the ClearCount API to require authentication before uploading files (such as ballot images and tabulation results) to the server.
And software details like:
- MySQL 8
- Ubuntu 20
- Windows 10 IoT Enterprise LTSC 2021
- Windows Enterprise IoT 21H2 release
- Python 3
- CIS SCAP Ubuntu 20.04 revision 1.1.0
Here is a summary of an audit done on a previous version last year:
https://elections.ny.gov/system/files/documents/2023/10/clea...
https://archive.ph/smlSQ (capture of https://electionnexus.com from earlier today)
The ADL has a database full of “hate symbols” that nobody uses or some random person on the internet used one time. It’s a joke and the ADL uses it to bully other groups and people into silence.
https://www.walmart.com/ip/President-s-Choice-The-Decadent-C...
I don't think Lindell is a nazi, but I also don't feel sorry for him for having to fend off such accusations, since he is an enthusiastic trafficker in conspiracy theories in his own right. He could make the non-troversy go away any time by changing the price to some similar number, but probably sees it as free advertising.
This is an intended feature, and it's exclusively a feature of one political party. The elections are always rigged, this one is rigged, the voting process is rigged, just don't ask me to present evidence in a court of law...
I’d say this was a fluke if the GOP hadn’t spent the last umpteen months pushing all this non-citizen voting nonsense.
You'll know what to do.
I worked a total of eleven elections, from primarily elections to general elections. I even worked a special recall election where the recall was the only thing on the ballot. I was a volunteer for all of them. I worked as a "Polling Place Inspector", which means I was 'in charge' of a single polling place: I did the setup & teardown, reached out to the other polling place's poll workers to confirm they'll be there, and scheduled breaks etc..
I worked in Orange County, California, which is the county between Los Angeles and San Diego. At the time, it was very right-leaning. It may be so today, but that doesn't matter for this post.
Fun fact: In Orange County, poll workers are the only people who are allowed to question (or "challenge") a person's right to vote. The general public are not. How do I know that? Because it's one of the things I was taught during training. You can see it mentioned in [2], on page 11, under "What Are Observers NOT Allowed To Do?". (In the document, "precinct board" means "the poll workers".)
Now, three situational "pop quizzes" related to the situation from the article. In all three, you are a poll worker. Note that I will refer to procedures that were in place in Orange County, CA, not Fairfax County, VA:
Pop Quiz #1: Someone has arrived to vote, and you do not believe they are eligible to vote, what do you do?
Answer #1: You are challenging a voter. You have the voter vote provisionally. Their ballot would be sealed in the envelope, and their information (plus an explanation of why you're having them vote provisionally) would be on the envelope. The challenged voter would take a receipt with them, giving them a phone number to call, should they want to check up on the status of their vote after the election.
Fun Fact: Challenging a voter without probable cause is a felony in the State of California. How do I know that? Because it's in the instructional handbook that every poll worker gets, when they go through training. You can find Orange County's handbook for the 2018 election at [1].
Pop Quiz #2: Someone at the polling place, who is not a poll worker, is challenging peoples' right to vote. What do you do?
Answer #2: Call the dedicated polling place helpdesk, letting them know about the incident. Depending on the person's behavior, you may ask them to leave, or you may skip directly to calling the police. Your polling place inspector would have already looked up the phone number of the nearest police station, or you could just call 911.
Fun Fact: As part of polling place supplies, I received a county mobile phone. I was specifically instructed to charge it up in advance of election day. They were always chunky Nokia phones, which felt like they could be used as a weapon in an emergency.
Finally, to address your question…
Pop Quiz #3: Another poll worker is challenging a voter, and you believe the challenge is unlawful. What do you do?
Answer #3: If you are not able to dissuade the poll worker into allowing the voter to vote normally, then you have them vote provisionally. The most important thing is to get the voter through the process, and their provisional envelope into the box. Once that is done, you reach out to the polling place helpdesk, letting them know who did what.
Indeed, quoting from the article you linked, "After the [polling place] manager intervened, Burrell-Aldana was allowed to vote." The article does not say, but I expect the polling place manager was already planning on how to communicate the incident back to headquarters, and was keeping an eye on that poll worker.
If you had volunteered for this election, and you happened to be in the situation from this article, then you would have known what to do. :-)
[1]: https://ocvote.gov/fileadmin/user_upload/elections/gen2018/T...
[2]: https://ocvote.gov/election-library/docs/Election%20Observat...
> “Governor Youngkin has been clear: every eligible Virginia citizen who wants to vote can do so by Same Day Registering through Election Day—that’s what our law says,” said Youngkin spokesman Christian Martinez.
> A “final failsafe,” Martinez added, is the ability for residents to use same day registration to vote early or on Election Day.
[0]: https://www.cnn.com/2024/11/02/politics/us-citizens-caught-i...
How do you reconcile that with:
Senate Republicans block border security bill as they campaign on border chaos ( May 24, 2024 )
Nearly every GOP senator, along with six Democrats, voted to filibuster a bipartisan bill designed to crack down on migration and reduce border crossings.
The vote caps a peculiar sequence of events after Senate Republican leaders insisted on a border security agreement last year and signed off on a compromise bill before they knifed it. Democrats, wary of their political vulnerability when it comes to migration, had acceded to a variety of GOP demands to raise the bar for asylum-seekers and tighten border controls.
FWiW I'm not American, and it seems pretty clear that US Republicans vastly overhype the risks associated with the southern border, campaign hard on fear mongering, and tank any efforts by the Democrats to address those problems.
Politically it's a common conservative tactic having been used in Australia, the UK, and elsewhere.
What's curious is how people seem to fall for this and just accept what they're fed w/out looking into details.
Much like the "Inflation Reduction Act" which was a clean energy bill that had nothing to do with inflation, the bill did the exact opposite of what it claimed.
- It funded billions of dollars for the NGOs which were aiding illegal immigration
- It normalized and allowed historically high illegal levels of immigration (10x normal)
- It removed the standard process for adjudicating asylum by judges and made it part of the federal ICE
- Required the US to fund lawyers for all people who were charged with illegal immigration (12 million in the last 4 years)
- It gave $60 billion to Ukraine, 3x more than border security [1]
- It gave $14 billion to Israel, $10B to Gaza, $2B for conflicts in the Red Sea, $4B to Taiwan
During this period where 12 million (3.4% of US population) people have crossed the border for residency illegally, many of which have been flown in by the US federal government, the federal government has sued Texas repeatedly while they are trying to build a border wall. They have flown in percentages of whole populations to US swing states to try to build voters. And illegal immigrants count in the census which determines US electoral votes.
The reason the GOP voted against it is because it was a wishlist for the Democratic party. There is nothing more complicated about it than that. If the GOP was such fear mongers, as you say, they'd vote for a bill that ameliorated their concerns.
[1] https://www.reuters.com/world/us/us-senate-unveils-118-billi...
https://www.congress.gov/bill/118th-congress/senate-bill/436...
I'll bet money that none of the changes are grouped into any sort of easy-to-digest format with cross-referencing and other mechanisms to make it easy for people to introspect it.
I am happy to see that the entirety of responses are effectively 'lol, actually read the law it is a disaster'.
My heart grew 1 size today.
"What's curious is how people seem to fall for this and just accept what they're fed w/out looking into details." Pot, meet Kettle.
This whole system is easy to maintain if you've had it in place. However, it's very hard to emit ID cards for a whole population that hasn't had one before. I'm not suggesting this is an easy fix for the USA, even beyond the cultural issues that would arise if trying to do a federal ID for every citizen like this.
This is where it gets confusing for me because your comment makes me think that people can’t agree on whether it’s a more serious mistake to allow an ineligible person to vote or whether we end up stopping (hopefully temporarily) an eligible voter from exercising their right.
If just an ID is used, how do they confirm someone is a citizen? Can you only get an Illinois ID if you are eligible to vote?
In the case of a state without voter ID, there is no check — you literally just have to bring an electric bill. A non citizen could easily vote. It would be illegal, but the odds of being caught are slim to none.
If there was a suspicion that the voter was illegal, a poll worker could have them cast a provisional ballot. In places like California, it is a felony to require a provisional ballot without evidence.
But, as I've noted elsewhere, while this is an option in VA, it isn't in all states (the same-day reg part - they all have some form of provisional ballot). And it creates friction and uncertainty among the electorate. If your state sent you a letter that said you were ineligible, would you jump through hoops to prove them wrong, or would you punt this cycle and fix the issue later? The latter is what the GOP hopes will happen, effectively disenfranchising a specific group of left-leaning voters (most immigrant groups lean left to some extent).
Edit to add - states that have RealID implemented (not sure if they all do yet), all the paperwork required to get the RealID stamp on your DL would prove your citizenship as well, so that's on record with the state. In the case of the 1600 voters in VA, they all have pre-RealID licenses (and many have naturalized in the time since their DL was issued). But, quite a few were selected erroneously based on scant evidence.
Over the last 20 years there's no record of a non citizen voting in VA.
As a poll worker myself, there's nothing we would check election day that was that wasn't already checked during registration. Asking me to "verify" day of, beyond what we already do, isn't really feasible.
Recommend you work the polls and educate yourself on how your particular locale operates.
If a state is allowing intelligible people to register to vote that's a much, much bigger issue and one that can't be solved by poll workers.
And purging them within 60 days of the election is illegal per federal statute.
Youngkin and the GOP are flat out wrong here. The courts have said as much so far. And yet here we are again having to explain all this to somebody who watches too much Fox News.
There are plenty of folks who think illegal aliens* should be allowed to vote.
* not sure what the political correct term is now tbh, double-plus-unnaturalized maybe, ha?
Non-citizen voting is illegal already. We don’t need new laws re-banning it.
The numbers of non-citizens voting is small so any effort to purge them is as likely to disenfranchise legitimate voters as remove illegal voters. That’s a net negative.
~7 million with no ID ~29 million without an up-to-date DL
"In addition to the Department of State Employees and in coordination with county clerks, these employees will only enter badged areas in pairs to update the passwords for election equipment in counties and will be directly observed by local elections officials from the county clerk's office.
This is not an election where we can afford doubt.
Edit: i was out of the loop but apparently bezos decided to throw his chips out the window for little benefit to himself (or anyone). Just goes to show the wealthy are just as capable of being morons as the rest of us
1. didn't know how Colorado already does it 2. doesn't know how hard it is to get humans to count without errors 3. doesn't know how expensive having that many temp staff count ballots is.
Tale as old as time
But also, the idea of a president or prime minister is dumb. In fact, nobody needs a federal/national government. We should just have a mayor for each city or region and if they need to decide on something which affects the nation as a whole, the mayors of all cities/regions should just get together vote for it.
When is something truly a national matter? Almost never. In those extremely rare cases, representatives can get together and vote.
With a globalized coercive system as ours, we're headed for a mass extinction event.
Ballots printed by Fort Orange Press are failing through the scan reader. This is annoying, and small counties appear not to have rehearsed the combinations of paper and scanner. There will be a lot of hand counting, which requires party-appointed poll workers.
A notable but insignificant number of ballots in Mesa county failed to authenticate signatures and when contacted, those voters said hadn’t voted yet. Once the signature matches, the ballot becomes part of a large box, indistinguishably. This describes something like 3 ballots.
E.g. this article has information in it that refutes the idea that the voting process in CO is fundamentally broken; it describes aspects of their security-in-depth which show how a single vulnerability doesn’t lead to compromised election results. (Not to mention the auditing process which would also have to be fully compromised for the results of even fully hacked voting machines to be accepted.)
https://www.cpr.org/2022/10/17/colorado-elections-ballot-cou...
Importantly there’s always an audit in which auditors verify random samplings of ballots. This audit process is overseen by judges from the Republican and Democrat parties.
So even if all the voting software was compromised the audit would still catch any manipulation in the vote entry.
All other developed countries make this work, what are Americans lacking?
The system is just: - Keep a list of citizens allowed to vote
- Print paper ballots with the names of the candidates
- ask for a proper ID with photograph
- collect the votes
- count them by hand with the oversee of representatives of the candidates
That’s it, that’s all there’s to it and we count 99% of the votes in less than 6h.
It can be difficult to get on the list of eligible voters; different places count different things as a proper ID. If you are poor or marginalized in other ways, getting a proper ID can be a challenge. The US has a long history of trying to prevent substantial populations from voting; it’s even designed into the Constitution.
Just this week, the Supreme Court ruled that votes in Pennsylvania that don’t have the date written on them (properly) but were mailed in don’t have to be counted. That has nothing to do with the intent of the voter, but political factions think it affects their chances one way or the other. In some states, you can’t give water to people while they wait in line to vote.
Also the photo ID part is different in the US, since there's no uniform governmental ID that every citizen is expected to have. Minorities are less likely to have such ID compared to non-minorities, and (since minorities are disproportionately more likely to be poor) on average face larger issues acquiring such ID.
Are you trying to say that the process doesn't work fine in Germany?
So what is your point?
Arguments that you need voting machines, or extensive mail voting, or pre voting, or not check a valid photo ID to be able to carry out the process in due time, are completely against what the reality shows in all other developed countries.
Additionally, you seem to be willfully ignoring the differences regarding photo ID between the US and most other developed countries. Why?
However there is another more cynical thing going on, which is that in recent times the pro-voting-rights Democratic party has also benefited electorally from the increased turnout resulting from looser voting rules. This has made any changes to voter ID laws impossible to pass federally (where they are currently set).
This situation is changing now though because polling and the last election suggest that increased turnout currently benefits Republicans. Many commentators believe that within a year the Democratic party will actually be agnostic on voting ID laws, and already in this election you can see that "getting out the vote" is not much of a Democratic talking point.
> - ask for a proper ID with photograph
Computers add cost for acquiring the computers and training the staff. Computers add complexity and complexity usually reduces the reliability of a process. In a process like voting, that also reduces confidence in the process. This and the cost alone make it unclear why anyone would want to spend the money to electronicize vote casting and counting.
People have been voting without benefit of electronics for thousands of years.
In the vast majority of countries where paper ballots are used and counted by hand, the count is almost invariably completed the day of the election.
Conversely, in the US, where we spend lots of money to acquire, maintain and operate computers to “assist” in voting and vote counting, now we have many jurisdictions who say that they cannot complete counting on Election Day.
It boggles my mind that anyone still supports involving computers in vote casting and counting.
Counting by hand makes sense when each ballot paper has one race; when each ballot has 25 items, using robust optical scan systems common in testing makes sense. Electronic systems also open new options for improved accessibility, as long as all systems produce a physical record, ideally that is counted as itself, rather than a receipt for an electronic count.
Parliamentary systems are the only democratic systems I’m aware of that ever features more than 2 parties in a FPTP system as well.
Or we could invert a lot of the races. I am college educated but never involved in law, how can I reasonably pick a judge or DA? What I want is my representatives to choose one, and then have a very low threshold for a special election to fire (“recall”) the person if they do a bad job. And only need that because my representatives have shown that they won’t.
Any sort of non-in-person voting is a security nightmare. But I am very sympathetic to the people who want to make it easier. I think we should vote on a Saturday or Sunday instead of a weekday, we should make it a federal holiday in order to close as many businesses as possible, and I think that employers who stay open should be required to give paid time off to vote, that doesn’t count against vacation or sick leave.
In US elections, any alternative voting system would essentially require computers. With all the complexity, problems and mistrust that they bring. Also those alternative systems are subject to gamification as shown in recent elections in Alaska and France. No fraud or illegality, but the will of the people was arguably thwarted by introduction of confounding candidates.
Re: parliamentary vs US representation
US was designed to have a true republic (not a democratic republic) but with a democratic lower house as a counterbalance to a non democratic upper house. The 17th amendment screwed us as it made sure that all the drama from the lower house spread to both houses, and now our congress is entirely captured by lobbyists as every legislator now has to worry about financing campaigns. It wasn’t supposed to work that way.
The US was not supposed to be one big country with uniform laws. It was supposed to be N number of mostly independent states with a common currency + a common defense + a safeguards against states taking advantage of each other. The basic assumption is that most laws are not one-size-fits-all, and that each state should be largely autonomous and figure out the laws that work best for that state’s citizens.
The more people you try to put under the same set of laws, the more likely it is that the weak will be taken advantage of by the strong. Take California water management- the populous cities, in true democratic fashion, determine what farmers can do with the water on and under their land, and special interests can contribute to campaigns for favor and end up getting water rights to water on your land, because democracy!
But all these are the “why” of the US election system, which is kinda orthogonal to how we vote and count.
That's a pretty rose-tinted description. The 17th amendment came about because the Senate was cartoonishly corrupt under the previous system. It should tell you something that it was ratified by the very state legislatures whose power it diminished.
I lived in a country which did away with many of the small elections, only to have the positions filled by toxic empire-builders.
We went back to elections, where a scandal was handled by electors, not union rules.
Parliamentary democracies are usually accompanied by competent, autonomous civil services. That’s not something America has.
That's a bold claim. The federal system can be incompetent and isn't autonomous. But lower level local ones tend to be especially if far away from politically contentious topics until you get to counties that are really small. Representative elections are both about accountability and about representation so I don't have to worry about minutia. As long as rules are followed and you have systems that remove influence peddling (not so much appointments as above-board job interviews with many candidates), then you can let failing to follow such rules be a scandal that takes out the politician that tried to corrupt the system.
You can say this with a straight face about the presidential election because it's a statistical tie. But it's laughable at the municipal/county level. Even at the state level it's often not true-- e.g., in Ohio were savvy enough to reject a marijuana legalization referendum (which they overwhelmingly wanted!) because it would have given a tiny cartel control over growing it. That caveat wasn't in the text of the referendum IIRC, so somehow a majority of Ohioans defeated it using their "absolutely zero knowledge" of the inner workings of that proposed law.
> So then they turn to their favorite voting guides which just shifts the power to unaccountable political groups instead of making the single representative you elect responsible for figuring it out.
There's a human web of trust lots of voters use to navigate the complexity of voting. The more local you get the more effective it is. At the municipal level there's a chance you're web includes the people directly involved in an issue, in addition to people who can help you judge the veracity of those people!
> And there’s too many elections - non presidential year elections give the power to a motivated and vocal minority which is not what you want because it lets shit stirrers seize control when no one is paying attention.
Sounds like you're hedging here-- what exactly does "give the power to" mean? If you're saying that special interests have more power to slip in corrupting legislation or install lackeys during an off-year, that's definitely not true. The worst stuff gets passed through when there's a lot of noise to cover it-- like presidential elections or national disasters.
- Counting machines should be dead simple, and should be one per ballot style. We should go back to precinct-only voting and forget county-wide voting.
- Reconciliation is an absolute must -- as it's always been, but we seem to have stopped doing it in many places.
- Every day of early voting should be treated like election day: with results published for each day. This would reduce the risk of ballot stuffing after hours because one the ballots are counted for the day there are no ballot boxes to stuff.
I realize state of the art, modern, high-performance systems are incredibly complex... but that doesn't mean all systems have to be incredibly complex.
Simple computerized systems are incredibly accurate and reliable, easily moreso than humans.
And critically, it's feasible to perform attestation on electronic systems: something that's completely impossible with humans. You have no idea if Joe or Sally are randomly slipping in a few miscounts (or the people auditing them, or the people auditing them). If you're careful, you can be sure that only specific code is executing.
I'd be fascinated to get a breakdown of trust in computerized voting systems, from programming professionals, by programming speciality. I have a suspicion you'd get different answers from firmware/RT folks vs js front-end, to pick a couple of examples.
Such systems are better enough that businesses handling cash use them to count paper money.
Next to voting, or perhaps ahead of it, people surely value reliable accuracy in their money. So why not ballots?
pretty easy if your company produced the machines
I know a guy who did this for a job for a company that produced food
https://en.wikipedia.org/wiki/Estimated_sign
his entire job was to allow the company to push up as close to that line as possible without going over when checked randomly
saving them tens of millions a year
Teachers and students understand how this all works, so it has a lot of trust.
Sure, we use a computer to produce a paper ballot (computers DON'T count or keep counts). The voter has a voting id that is hashed/encrypted/processed in such a way that the number is verifiable as a valid ballot hash (maybe using some sort of public/private key pair) so hashes can't simply be randomly generated.
So the computer UI produces the ballot. The voter is told to check their ballot reflects what they wanted to vote for. The ballot is scanned with a scantron.
They will run with it. You can explain the details of computer security all day, and how one password doesnt matter.
They will not listen. They are not looking for details or a reasonable explanarion. The voting conspiracy people only look for confirmation.