"American Elections Will Be Hacked" https://news.ycombinator.com/item?id=12921967
"Maryland will audit all votes cast in general election" https://news.ycombinator.com/item?id=12885396
"Cylance Discloses Voting Machine Vulnerability" https://news.ycombinator.com/item?id=12883356
"In Pennsylvania, Claims of a Rigged Election May Be Impossible to Disprove" https://news.ycombinator.com/item?id=12790247
"Votes could be counted as fractions instead of as whole numbers" https://news.ycombinator.com/item?id=12841178
"Demographics, Not Hacking, Explain The Election Results"
http://fivethirtyeight.com/features/demographics-not-hacking...
That aside, we should, of course, work on securing the vote.
I added these links here because the same points get hashed and rehashed in every thread, rather than building on the work that's already been done and figuring out what the next steps should be. (I admit that rehashing is a pet peeve of mine.)
As you note, securing the vote is important. A secure vote and trust in the election process is very important to a democracy, and something that continues to come up for a variety of reasons, and something that can easily be supported by anyone interested in democracy, regardless of party affiliation or political persuasion.
In the UK we turn up, go into the booth with the paper slip, and tick our choice with a pen. Then we fold it and post it into a container which later gets shipped off to the counting room. I just can't understand why you guys have to physically turn up if you are just going to select your answer on a computer anyway.
In California we were able to vote at home with a mail-in, paper ballot and I much prefer that.
This system just begs for being manipulated.
I guess you trust the mail service and the people on the receiving end to properly record your vote.
I prefer the day of (also in CA), where you get to put it into the counting machine yourself—at least then I know it was counted at my polling place.
I was listening to something specifically talking about California counting mail-in ballots. They said California took longer than most states because it's big, it has liberal laws about eligibility (counting provisional ballots) and citizens are pretty sloppy about filling in mail-in ballots. They described coffee and spaghetti stains obscuring the choice. They will fill out "clean" ballots in pairs with their best guess. I'm sure that's a small number of ballots.
When I've voted in person they deliberately have me feed my ballot into a machine to confirm it was valid.
It was a knee jerk reaction by Congress to the 2000 presidential election recounts in Florida. They passed a bill that funded the purchase of new voting machines called the Help America Vote Act[1]. It provided a fat pile of federal funds to states for the purpose of replacing voting equipment. Of course, throw a mountain of money in front of federal contractors, and several will rush out poorly designed systems quickly to claim the prize. Secure voting was the last thing on their minds. Diebold actually sued the state of Massachusetts for "wrongful purchase" of competitor systems.[2] Slashdot covered the fiasco generated by HAVA for years. Just search for Diebold or Sequoia in relation to their domain.[3]
[1] https://en.wikipedia.org/wiki/Help_America_Vote_Act
[2] https://yro.slashdot.org/story/07/03/26/1431258/diebold-sues...
[3] https://duckduckgo.com/html/?q=diebold%20site%3Aslashdot.org
One common scheme electronic voting machines help prevent is forced votes. A bad guy gets their hand on a single empty ballot and writes the name of the candidate he wants to win on it. He then comes to you and threatens you and your family. Says hand in this pre-filled ballot and bring me back your empty ballot, or else... You comply, he fills out the empty ballot again, and repeats.
The electronic voting machines protect your identity. They allow you to vote anonymously. They provide data integrity that is harder to spoof than paper voting methods. I explicitly asked why they don't just vote on paper ballots like they do in Canada (or the UK as you describe). His response was that we take for granted the inherit trust our societies have to allow us to vote in such a fashion without it being tampered.
Where I vote, my paper ballot in no way identifies me. I identify myself upon entering the polling station, they find my name on the list of registered voters and mark it. When I'm turning in my completed ballot, I again identify myself and my name is marked on a separate list. So there's a record that I voted but not for whom I voted. How would an electronic voting machine improve upon this?
BTW, where I vote, the paper ballots are the bubble scan kind and the voter feeds it to the machine themselves. This provides very fast tabulations with a paper record for security and recounts.
The problem I have with this particular scenario is that it imagines a reality in which someone can afford to collect votes one by one with impunity but can't force these same bunch of people (and one or two simply aren't enough to matter) at the voting station itself.
I don't know if this is the current case (or perhaps your scenario is one of the reasons for the current procedure), but they can just put a serial number on the stub so that the poll worker can verify that the ballot that was handed out was the one just filled out.
I am sure there are many reasons to prefer electronic voting, but that just seem logistically impossible when you are talking about millions of people. No way that wouldn't go unreported or undetected.
Whereas, with voting machines, if compromised has much more reach and would be difficult to detect.
I'm not saying this scenario is plausible for swaying the outcome of a presidential election (which is what I am sure is on many of your minds right now). But for locally elected officials? Seems at least plausible to me.
At the end of the day I imagine electronic voting is all about speed. A quick wiki search brings up the following anecdote:
> The voting system has been widely accepted, due in great part to the fact that it speeds up the vote count tremendously. In the 1989 presidential election between Fernando Collor de Mello and Luiz Inácio Lula da Silva, the vote count required nine days. In the 2002 general election, the count required less than 12 hours. In some smaller towns the election results are known minutes after the closing of the ballots.
Or, alternatively, spend tons of money on electronic voting machines that allow the bad guy to game the system on a more massive scale without having to threaten as many people.
I'd be willing to bet money that this scenario has never, ever happened.
I voted on paper and it was put in a box to be counted in a central location. This takes forever and they just now are finishing up counting.
Electronic voting is a lot quicker and cheaper to count. I'd argue that the best system is one in which you vote on paper but it's counted electronically at the polling booth. That way there's a paper trail that can be audited and also quick counting.
Our population is only 1/6th yours, IIRC, and you subdivide more heavily into states already.
That's how we do it around me, and it seems like a strictly superior approach. What am I missing?
https://www.theguardian.com/notesandqueries/query/0,,-1051,0...
Which is a shame, because it's a fairly effective way to push money back into the economy, at least when a manual system is used.
Second electronic machines are popular because they speed the election counting and are cheaper to run because the election board doesn't have to print tens to hundreds of thousands of ballots. A good electronic voting machine reports the vote 2 ways digitally to some vote tabulator local to that voting place and with a paper record that can be audited. The paper print out their having printed in this video is the end of the night tally that'll be reported to the county/state board of elections to be combined with the rest of the results.
Third doing it on a centrally located machine instead of over the internet adds a lot of security to the process. Trying to properly secure single purpose hardware like a voting machine that can be kept in a monitored location is a much simpler task than trying to find a way to ensure the Joe/Jane Voter's computer isn't compromised when sending the data to their counties board of elections. Not to mention that by accepting votes over the internet you're opening yourself up to everyone being able to remotely attempt to exploit the system. At least with a voting machine only connected to other election hardware attacks are limited to someone that's physically at the voting location. It's also tricky to prevent double voting while maintaining complete anonymity.
The only benefit is that you have a paper record that can be corroborated if there is evidence of hacking later. But we could do a printout paper record on voting machines too.
You'd be surprised how many of those paper ballots don't get recognized when they are counted. Because the checkmarks don't fill up the box enough or because of optical/scantron error.
In the UK's 2014 elections for the European Parliament, a Scottish voter wrote against the four parties/candidates listed: "wank"; "wank"; "good guy"; "wank".
The vote was deemed valid as the voter had expressed a clear preference.
(Source: https://twitter.com/JamieRoss7/status/473068708441894912/pho...)
There are pictures and a description here: http://www.bbc.com/news/election-2015-england-32533064
The difference is that the voting machine makes it possible to hack the paper trail.
The american voting system is actually very secure.
It's highly decentralized, machines are not connected to the internet, implemented in many different ways, which means that they would have to do many attacks many different places without being discovered to even have an effect.
75% of them have paper trails which would require an even bigger achievement to change enough off as it's again highly distributed and decentralized, and it would require mostly physical presence to do it. And thats just a few of the things that makes this more or less impossible.
A bigger concern is access to the actual voter databases but what they can there there is mostly creating chaos which would obviously be horrible but have no effect on voting.
The biggest problem is actually when examples like these spread without the above consideration as that can trigger the population to loose faith in a system that is probably as safe as it has ever been.
P.S. I am highly supportive of whistleblowers like Snowden but this is missing the point.
You don't have to manipulate many votes to have an election-deciding effect.
Moreover, you have to ask; How could the Simon Bar Sinister have known prior to the election that these three states (and probably one or two counties in each state) would be the decisive counties to hack to manipulate votes and win the election? He can't.
Or modify the program loaded on the machines before they're distributed. It's probably easier than you think.
Was YOUR vote counted? (feat. homomorphic encryption) - Numberphile : https://m.youtube.com/watch?v=BYRTvoZ3Rho
It's actually quite a good thing that we start to speak openly about threat-models against all voter sentiment measuring tools, especially the official ones.
There are different sets of issues with both categories of polls. If anything, I believe the issue is not a measurement issue as much as it is educating the public about what the different types of polls are, their limitations, and their usefulness.
Correction: Actual total was 126M votes for the presidential election not 160M votes as I stated. But the question remains.
In extremely dishonest countries where the local courts, police, and election officials are all corrupt, a large mafia-style presence could coerce a lot of people into voting a certain way. But if any of these are at all trustworthy, it seems difficult to coerce anyone. And even then, the mafia abusing too many people(>5%) would cause them to riot.
The reality is, people have no choice.
That doesn't exist. See this[1] talk by Andrew Appel (CS Prof. at Princeton) for a very nice overview of the technology in the traditional pre-printed secret ballot and an why electronic/internet voting cannot be secured from all of the known threats.
TL;DR - Adding anything that can be used as an identifier enables vote buying or coercion. Adding computers introduces "Trusting Trust"-style problems where you never know what is actually running (hashing/verification only pushes the problem around).
The question is how (in)secure is the system. In this case, the voting protocol doesn't provide a means of verification.
Secure voting protocols have been around for quite a few years. jjuhl left this comment above https://news.ycombinator.com/item?id=13032602
Dan Boneh's Crypto 2 coursera course (https://www.coursera.org/learn/crypto2#) covers the concept.
There are voting protocols that use the same foundations as public-key crypto to allow for vote verifiability - you can validate that your vote has been taken into account in the tally without sacrificing the privacy of your vote. There are solutions for voter fraud too.
The technology is there but I don't think there is any incentive to make it happen.
The only problem that I can see is that we cannot be certain that any e-voting technology will survive future information security research and as a result the design needs to factor continuous upgrades.
I can't believe we still rely on trust for this kind of thing.
How do you verify that your vote is actually "taken into account?"
You may be shown that your vote matches what you intended, but then it can be manipulated or discarded somewhere else in the process, beyond your ability to verify. It's like reading open source code without validating the operating system or physical machine it runs in - the entire environment contains the potential for hostility, and it's too complex for one person to comprehend in its entirety.
Also, any such system, assuming it works as intended, may also give interested third parties a way to spy on someone's voting habits. Historically, knowledge of a person's vote has been used by governments and employers to coerce votes and to retaliate against political opponents or supporters of unpopular causes.
Wikipedia page on End-to-End Auditable Voting Systems https://en.wikipedia.org/wiki/End-to-end_auditable_voting_sy....
Ron Rivest slide deck from March 2016. Auditability and Verifiability of Elections https://people.csail.mit.edu/rivest/pubs/Riv16x.pdf
