The inefficiency of in person paper voting is a feature.
It means that large scale fraud is extremely difficult due to the labor required. This is a good thing. Hundreds of thousands of dispersed voting locations means that to pull off a “hack” you’d need to hack thousands or perhaps 10s of thousands of locations all with their own details.
In a digital voting system, you’d need perhaps to find a flaw in 1 system. The centralized one.
I don’t want digital voting. I want anonymous, and inefficient in person voting where the issues are small and localized.
This 100%. I'm French, and I always volunteer to count votes after the ballots. Honestly the system is really robust, it's probably very very hard to cheat without being noticed, everything is done twice, with everyone being able to watch the whole process. No way we can have something even close in term of confidence with something digital.
If we really want to use new technologies to make things even safer, we could film and broadcast everything so anyone could check that there was no cheating (and I assume some people would record it so we could check also after the fact)
You could even still have a counting machine: stick the papers in it, it scans the vote, it spits out the paper and humans do their own manual count. Compare the numbers of the unbiased but hackable machine and the biased but unhackable humans.
Not sure it's a step in the good direction, too easy to remove the humans some time later, but if we want to use technology to make counting more secure there's definitely easy ways
The Australian Ballot is private voting, public counting.
The gold standard implementation is ballots cast at poll sites, tabulated on site, the moment the polls close, all results immediately shared publicly.
For better or for worse, many postal balloting implementations are as bad as touchscreen voting, election integrity wise. Much care is needed to preserve voter privacy and ensure physical chain of custody.
For example, many jurisdictions process ballots daily, image both signatures and votes, using image processing to recognize votes, and adjudicate voter intent (manually override errors) in the database. One side effect of daily processing is the running daily total. What you and I would call tabulation, but admins claim only the final report is the tabulation.
The trick is that by using the Dhondt method and gerrymandering you have to manipulate way less votes than one would actually expect. In my country of 5 million people last week 11 votes decided whether someone went into parliament and there were 11 excesss votes at one station which were then deleted and guess whose those were
If the difference is only 11 people, it doesn't seem too much of a stretch to say the result doesn't matter, both candidates got the same number of votes within a very small margin of error (which will never be zero).
Either you decide the two candidates were both good and there was no clear decision to elect one over the other, or you set up a voting system where such close races result in some totally different outcome, such as both people enter parliament for a shorter time, having a tie breaker of some kind, etc.
This assumes that voting in the US is a form of collective decision making, that’s the effect sure, but because politics are so tribal it’s actually a game of taking territory. Within a party equal votes implies what you suggest but that doesn’t hold in the actual elections.
Good question. If it's a US style political system with only two viable parties, you could award near-ties alternately to each party. After all, if 50.1% of people vote for for party A every time, it is nonsense that party B with 49.9% never spends one day in office.
While an interesting problem to try and solve (in theory, not in practice!), one has to be very much aware of where those 11 votes had to be injected for the “hack” to work.
You basically need to have a somewhat precise picture of the proportionality before you could do it I a non-obvious way (= small margin victory).
While polling gives you something close to that, I don’t believe that it’s precise enough.
At the same time you have parts of a country that actively suppress votes. For example, in many deep south counties that are turning blue, the long standing majority would make up the election commission staff and other election related positions. Organized fraud is hard, but if enough people agree that fraud is neccessary, fraud will happen at a large scale.
I am not saying digital election is better, but I would like to see a formal securirty/risk assesment of both options against known voter hostile counties.
With mail-in ballots for example, what if small groups of mail persons(1-5) manipulate absentee ballott mail when sent to and collected from voters, how does that risk compare to say insecure network connections and poor authentication with digital voting systems. A formal threar model for both approaches and risk assesment that is. Both methods are not secure, as a techie, the vulnerabilities of digital systems is glaring and obvious but they mean little in terms of risk wihout applying a threat model.
You said paper ballots make mass fraud hard, that is because of the threat model you had in mind. The chaos of the 2000 presidential election shows a slightly diffrent threat model where organizing large number of people was not needed. Bad guys will always find a way, what I like to do is to take an empirical approach at making thier mischief harder to pull off.
People joked after the Florida disaster, when George W. Bush was elected, that maybe the US needs international election observers. You know, like developing countries.
> the long standing majority would make up the election commission staff and other election related positions.
This is the problem. Part of the voting system is dictating who has the right to manipulate the votes at every point in the process, and ideally, after the ballots are sealed, that group should consist of everyone who has an interest; membership in that group should be self-defined. Practically, most people will be happy with a representative rather than showing up personally, but if everybody wants to watch, everyone should be allowed to.
If you abandon this principle, no technical solution is possible. It's like trying to make a computer perfectly safe against physical compromise; the only way to do it is to destroy the computer.
Honestly, the main problem with digital voting for me is only obliquely related to that objection - there are not enough qualified code auditors for everyone to have an auditor they trust, and massive, system-breaking changes can happen with the change of a semicolon. So the provenance of an individual vote from the voter to the commingled pile of votes is impractical to depend on. It may be possible to get it to the standard of a paper system, but it would be extremely expensive.
But this same lack of efficiency allows governments to make it harder to vote. Eliminate voting locations in regions where those who vote against your party are more likely. Move voting to days that the less-powerful can't take off from their jobs. Paper votes "go missing" because there's reason to believe the box of them contained too many that those in power didn't like.
Making voting hard makes the system ripe for abuse, and that's exactly what we see happen all the time.
What we need is a system that is efficient and safe. There are cryptographic voting systems in which the government publishes the entire result; everyone can see that their own vote (only) was counted appropriately; anyone can see that the overall vote was fairly counted; empowered auditors can randomly audit to ensure all votes are real. That is far superior to the existing, corruptible system.
Edit: adding some conditions on the crypto voting systems.
There are a couple points I don't think you've considered.
1. From my experience working in the lower class service industry (restaurant worker), Tuesday (federal elections) is usually a pretty easy day to get off. Weekends or government holidays that the middle class gets off, are the days where everyone has to work. My understanding is that this applies to retail as well.
2. You need non-technical people to trust the system. This isn't a technical problem, it's a political problem. Having one person from each party in the room while paper ballots are counted is actually a pretty good solution for this. Showing people who haven't done any advanced math pages and pages of whitepapers and equations that mathematically prove that the system can't be hacked doesn't really give you this. The system will be completely accurate, but rumors will fly and the government is quite likely to lose legitimacy anyway.
I'm a German that used to live in the US. In the US , voting sucks.
There is no "registering for voting" here. Ever citizen gets a piece of paper they bring to them to their assigned voting location(the room is assigned also, if you vote in person you have to go here). The voting places are always reasonably close. Like minutes by walking. You can opt to get a mail in ballot, if you want. Voting is always on Sunday when most things are closed. The vote turn out is over twice as in in Germany. The US has one of the lowest voter turn outs.
But our ballots are big and easy to read/mark. No stupid "dangling chad" crap like in FL in 2000.
Early voting is available over the weekends in many places. A weird amount of people don't realize it's a thing and believe they have to go on election day.
> Hundreds of thousands of dispersed voting locations means that to pull off a “hack” you’d need to hack thousands or perhaps 10s of thousands of locations all with their own details.
No, all you need to do is play with the distribution of those hundreds of thousands of locations such that "your" voters have an easier time getting to them, on average, than your opponents' voters.
Your threat model isn't quite right. A deliberate third party attempt to fabricate votes isn't the only attack vector. You need a system that is robust against untrustworthy insiders too.
Really, really smart people, even in technology, who should know often cannot see this. It seems like one of those magic eye pictures https://www.magiceye.com/stwkdisp.htm
If you don’t see it, you don’t see it.
Also - not sure about the implications of Corona virus and social distancing. The in person requirement becomes a potential to die or potentially spread a deadly disease.
Just voted yesterday: distancing rules in place, the gentleman runnung it didn't touch my driver's license, gloves available, masks required, and one older gentleman wore a face shield. Fairly safe and quick, though I imagine it might be more difficult and crowded on election day.
They are still counted through a central authority and your vote can't even be tracked. You basically just have to "trust the system" today even though there has been a lot of strange things happening for decades with votes.
That is not really a problem. The count from all voting stations are public, and they are checked by the people that counted the votes. And it is of course trivial to check that the totals are correct.
I don't think to any appreciable extent unless you go nuts restricting people to a particular polling place and limit their size severely.
In the most recent federal byelection in Australia, 114,000 voters were able to cast their votes at any one of the 86 different polling places, where the votes were counted locally.
The smallest polling place had 110 people vote at it, I'm not even sure you could reasonably deanonymise the votes in that. How would you do it?
tbf with an electorate of just 110 people casually acquainted with each other, it might not be too difficult for some to guess who cast the Fringe Party vote. But yes, you're not likely to deanonymise them all.
You can guess, but you can guess before you know how they voted - you can narrow your error bars, but it seems very unlikely you can out someone that you couldn't already out. Say you see all the votes, one is for an extreme party, there's going to be plenty of people whose politics you don't know in depth - people (IME) will either keep secret their allegiances or be very vocal. Those who are vocal won't care that you "know", those who're secretive ... did it help?
Knowing that somebody in your village definitely voted for the Fringe Party is a piece of information you wouldn't otherwise have. There's a big difference between having your suspicion about someone's voting intent supported by data and not having your suspicion supported by data.
This matters if said community is liable to alienate people based on their assumed view; the fact it isn't 100% accurate doesn't make things better...
I don't think there's a big difference between: 'there was one person out of 20,000 [smallest electoral ward in UK] who voted this way' and 'I think this person will vote this way'.
If you were going to beat them up you'd do it either way, I'd expect?
I'm not sure why you've changed the subject from "an electorate of just 110 people casually acquainted with each other" in the Australian local example I addressed in my OP to UK electoral wards which are 200-1000x the size, and obviously far beyond the scope of people being acquainted with everyone eligible to vote. I believe that's the reason the Electoral Commission doesn't collect results at polling station level and distribute that data despite the theoretical capability to do so.
And no, I don't think witch hunts are as likely to take place if people aren't informed of the presence of a witch.
Point of order: the electorate is 114,000 people who can vote at any one of the 86 booths. Or by mail. Or absentee somewhere else. The booth itself had 110 people vote there. I’ve since found another with only 98!
I personally think your fears are misplaced. If a small community is going to go after people for their votes they know each other well enough to go after each other with proxies for their vote instead.
This isn’t really an electoral problem at this point, it’s a regular small town rumour and innuendo problem.
Sure, if there are other voting options available to voters in that locality that don't involve using that station and the records of which station eligible voters voted at aren't widely accessible, that eliminates the ballot secrecy issue - thanks for the clarification.
The problem with people going after each other based on perceived ethnic/religious/education/wealth divides or things they've actually said may exist in politically fractious small towns regardless of electoral design, but very small voter pools means your identifiable fringe minority's chance of being on the end of a reprisal is linked to how/if you actually vote. And that really is a ballot secrecy issue.
Ok, suppose the ward is 3 people (you, Alice, Bob) you're still operating on a hunch. Or Alice is overtly fascist, so you assume she voted that way .. but it's her overt political stance that you're directly operating on. If you're going to coerce/vilify her do you care that you could be wrong? Mathematically it's different, socially/operatively I'm not convinced it would change your actions in a significant way.
A lot of people coercing and vilifying don't care that they might possibly be wrong, and a lot of retrospective vote analysis can be made based on demographics or things other than overt stances. Alice might stand out in sufficiently small groups simply by not being an overt liberal, whilst Bob might stand out in a much larger group not for his quiet avoidance of discussion about politics but because it's pretty damn unlikely that the white church attendees in the village voted for the Nation of Islam
It's pretty obvious that the degree of comfort someone in Bob's situation has in voting for something associated with his highly visible minority status is closely linked to the size of the electorate relative to the size of his minority. The secret of his radicalism would be entirely safe if votes were tabulated at state level, and certainly exposed if it's tablulated at polling station level and he's the only black guy there. And the world has no shortage are stark divides and identifiable groups who are tolerated a lot more when they're not perceived as politically active or at least not in that way. Some of the political causes that can be problematic for some voters when ballots aren't secret enough aren't even that ugly or that fringe...
The same goes for fairly quite and much less visible Alices. The three people who voted against continued British sovereignty over the Falklands Islands [turnout: 1518] successfully kept their secret from a population which had its fair share of outrage. Wouldn't have been very likely they would have succeeded, or necessarily felt safe to vote in the first place, in the hypothetical event it would be reported that all three came from the Port Howard [Population: 20] polling station.
The one person voting for the fringe candidate isn't the real worry. In a close election the 10 who you will shoot if they don't vote for you is the real worry. Those 10 can turn the election, the fringe voting guy doesn't, and you probably want him because it shows the election isn't rigged in some minds.
This isnt so correct. If no ones names are on the papers, everyone is ticking, or numbering boxes and using supplied stationary then there's not much you can differentiate on to de-anonymize the system.
The last step would be to encourage everyone to fold their ballot and place it in the box that get's tumbled a few times before counting in public.
It's an easy risk to control. And if you use a centralized voting roll you can enable people to cast votes from any place they like.
As an example, In Australia I have three places to vote that are about 1, 1.5 and 2.5km from where I live. Each election I usually walk with my wife down past each to figure out which cake stall I'm going to spend money at. It's a big day of choices.
The larger the conspiracy, the harder it is to keep secret. Ballot counters across multiple states is a pretty wide net, and really only one person needs to defect for the whole thing to unravel
If it's only personally verifiable with 'something you know' (by being present, see my other post here) would that suffice? You'd have vote verification (that you voted, not how), the system would know your list but not who you chose, but you could check the list was recorded - you could still lie about who you voted for, just as you can now.
(This is not a working, nor complete idea, I'm scanning around for inputs. Thanks.)
> Since 2018, as part of a program called Defending Democracy, Benaloh has been working on voting software that attempts to solve the problem of trust in secret-ballot elections.
No. Stop. Listen, it's possible to write secure voting software that a domain-expert software engineer understands, and a general software engineer can understand. That's not the problem.
But for voting, that is not enough. The entire voting system has to be easily understandable by everyone in society, in order for society to trust the system.
Where I'm from, all voting is done with papers and envelopes and urns and seals, and with people having eyes on the process at all times. And the most important thing to realize is that this process is infinitely parallellizable, so getting election-night preliminary results isn't hard, even though every single vote is manually counted. You just need enough people to count the votes.
This, plus the inherent blessing and curse of computers -- if you can do something one time, it's usually very easy to do it 1000 times. If you want to tamper with one precinct or one county, you have to write some exploit. If you want to tamper with all of them, still, one exploit.
However, if you want to tamper with a whole state of paper ballots, you have to stuff a thousand ballot boxes. The chances of getting caught are far higher.
It's the same reason why voting via mail is very hard to exploit. Voting functions as a secure handshake (register to vote via mail, government sends confirmation, government sends ballot, you send ballot back, government sends confirmation of vote) and requires you to sign it with some identifying information like a signature.
There might be some individuals trying to cheat the system at the family level, but trying to cheat it at a larger scale requires you to do so at a point of collection. It also becomes very easy to find this sort of tampering by sending voters a way of confirming who they voted for.
One of the most egregious incidents of proven voting fraud in recent American history may have been by Leslie McCrae, a hired political operative: https://www.npr.org/2019/07/30/746800630/north-carolina-gop-... He exploited the absentee (mail-in) ballot system.
OTOH, he was caught precisely because to exploit the system he had to directly or indirectly expose himself to many people in the county--the people whose absentee ballots he was fraudulently collecting. Eventually someone put 2+2 together and the scheme was discovered.
OTOOH, apparently he had been doing it for many years before he got caught.
A more traditional voting system would have the same problem. He'd instead just put himself at a polling location and do the same trick there.
The fact that he had to pay people to collect individual absentee ballots means this sorta fraud is very hard to scale, easy to beat with some basic education and easily identifiable. Of course a lot of this goes out the window if you're doing it to help a party and that party has zero integrity but at least if one voting individual brings up an issue it can cause a ripple effect.
Part of the problem is also that we don't seem to take absentee ballots as serious as we do when we have full vote by mail.
I'm under the impression that computerized voting systems are in no way standardized nation-wide (USA, at least). But your point still stands that it seems easier to hack a computerized voting system to commit large-scale fraud than to fraud with paper ballots.
Yes this is true: federalism being applied to control of elections is probably good for election security. But there’s only a small handful of vendors and if an attacker was able to crack one of them they might be able scale the attack to many deployments of that vendor’s systems.
With paper ballots you must make sure that most people at the voting stations are part of the conspiracy, which is tricky because all major parties will have representatives on each station. It’s possible you will get away with it in a few small places, but even that is hard.
I'm a pretty technical guy. Given enough time I'm confident that regardless of what technology stack/language you wrote the voting system in I could have reasonable confidence it was error-free enough and probably not deliberately backdoored.
Do I have that kind of time? No.
Am I going to give more than a cursory glance at open source voting software? No.
Am I going to catch 100% of accidental bugs? No way!
Even if I do, am I going to catch 100% of deliberate and obfuscated bugs? Hell no.
Even for me, a very technical person, purely electronic voting is fatally flawed in terms of trust.
Don't you need a large group prepared to enact revenge on people for voting "wrongly" for non-anonymous voting, in general, to be a problem? That seems like it's not a problem until you've got a large group of fascists/totalitarians already?
It doesn't matter, because a single postman or a single ballot box being tampered with isn't enough (in virtually all cases) to swing any major elections.
Any coordination to defraud paper ballots on a scale large enough to change the result of a major election would require so many individuals that it would be implausible for them to all keep a secret.
Massive election-changing widespread fraud of an electronic system could in theory be completed by a single individual acting entirely alone.
Carefully. Singapore just went through a general election, ~2.5M votes cast at 1,100 polling stations. Citizens were assigned a polling station and a 2-hour window to go vote. Masks required, distancing enforced, sanitizer and disposable gloves provided.
(Not a citizen so I can't comment on how it actually all went down)
> Where I'm from, all voting is done with papers and envelopes and urns and seals, and with people having eyes on the process at all times.
And it doesn't always work. I assume you're German, so I'm inclined to remind you of Bremen's election 2015 where a group of students change votes to advance one party. When you have a very politicized election, you're going to need more than trust in procedures.
I don't know that some software will help there, but "we're doing it on paper" doesn't solve the problem.
Ah, one case out of how many elections? It would also be nice to explain what happened and how. The AfD insisted, together with more right leaning media, on a recount. The happened and gave, initially, one additional seat. The SPD, who lost one seat, challenged that. It went to court, all 33k vote were recounted, roughly 500 corrections were necessary. 13 votes were lost. The AfD lost one seat (they failed to gain more than 5% of the vote). The election was deemed legit, not reelection was necessary.
So yeah, we are doing it on paper pretty much solved that problem.
Imagine you have a single majority party that controls all the branches of the government. For them paper voting is a solved problem:
- restrict the rights of observers
- on every polling station where there are no observers, stuff the ballot boxes or just write the "right" tallies
- on polling stations with observers get rid of them using the police or just use at-home voting with mobile ballot boxes to commit fraud
- if any single instance of fraud is uncovered and goes to court, use every nitpick possible to dismiss the case
- finally, a single polling station results overturned do not change the result of the election
The problem is solved all right. Of course, letting them implement e-voting doesn't solve anything. But if the Evil Party is ousted from power by the Good Party via, I don't know, a revolution, there's nothing in the system preventing the Good Party from using the same well-tested vote manipulation processes to start winning every election.
But if the Good Party for some reason is forced to implement an end-to-end auditable e-voting system they will have a much harder time manipulating the results.
One prominent case that was _not_ caught by election officials and analytical measures. We have no way to tell how many others didn't get caught because nobody challenged them and our general systems failed.
I'm not arguing that it's a catastrophic failure of the election system. The point is that paper ballots aren't protecting you from manipulation. Had they not challenged the election, the fraud would've gone unnoticed.
And, importantly, it doesn't require coordination, there's no huge conspiracy required for this kind of fraud (and this specific instance also wasn't discovered because one of the perpetrators "spilled the beans"), so "large conspiracies are impossible to pull of" doesn't really apply.
A quick Google search showed alleged voter fraud, always claimed by our right wing AfD. And every time these allegations were investigated, it turned out everything was in order. Last case 2019, Thüringen and Sachsen.
So how many cases are there, in your opinion?
EDIT: You do know, that there was no voter fraud involved? After an investigation and court rulings one year after the election?
Right, at that point we're getting into semantics. If the votes aren't counted correctly, and a group of people are doing it somewhat systematically, I consider that fraud. Given that they were students (and the overall result did not change dramatically), judges were lenient and basically said "mistakes happen, no hard feelings".
I have little doubt that it would have been quite different, had the situation been reversed, but I don't care enough to argue about it with you.
Man, courts mandated a full recount. The only mistake they found was 13 missing votes. Which the court deemed to be within expected margins (don't ask me, I have zero experience with that). The result was a lost seat for the AfD, and an election deemed legitimate. So no fraud whatsoever.
And no, I have zero doubt the judges would have enforced a result that gave the AfD a seat at the expense of another party, if that was what the recounted result said. Only that it didn't.
This was a legal question, one that was answered. What you or I deem fraud or not became irrelevant at that point.
I find it hard to believe that a democracy is unable to create a law that gives their voters a day off for voting every four years. Realistically speaking, even half a day off would suffice.
Personally I make it a habit to vote first thing in the morning, before going to work. Lines are negligible, and I've never had an employer complain about me showing up a few minutes late wearing an "I voted" sticker. But YMMV.
Are you able to vote early or via mail? Wouldn't one of those count your vote? I vote early in almost all elections, and that takes care of this issue for me.
> Texas, for instance, is one of the four states that hasn't expanded access to mail ballots in response to the pandemic, and Republicans there are engaged in high-profile court battles to keep it that way.
> Texas Attorney General Ken Paxton has said in statements that "fear of contracting COVID-19 does not amount to a sickness or physical condition as required by state law." He also said that his office would prosecute people for voter fraud if they use a mail-in ballot in a matter he said is improper.
Your link points to an expanded reference of the 46 states who have expanded access to mail in ballots!
Regarding, your second point, take a look at the Texas Secretary of State's page on Absentee Ballots. https://www.sos.texas.gov/elections/voter/reqabbm.shtml. The AG that was quoted is absolutely correct, according to the listed reasons.
The AG doesn't make law. The Texas legislature makes law. So, what was your point in quoting that scare article?
Instead of repeatedly posting links to scare articles, do you have a link to an actual person who has (not expects to) already experienced voter suppression?
Ask the cleaning staff, security, or any blue collar workers at your company if they are allowed to leave to vote. You might not be the target for disenfranchisement.
You replied to a question I wrote, not a statement. I'd like to know under what conditions an actual real person has suddenly become disenfranchised and was unable to vote early, on regular poll days, or via mail.
> And nearly 56,000 of them re-registered within the same county, according to the AJC/APM Reports analysis. If their registrations hadn’t been canceled, they would have been able to vote without having to re-register.
> More than half, almost 30,000 Georgia voters, re-registered too late to participate in the close 2018 election for Georgia governor. It’s impossible to know how many of them attempted to vote, but those who tried wouldn’t have had their ballots counted.
> Hourslong waits, problems with new voting machines and a lack of available ballots plagued voters in majority minority counties in Georgia on Tuesday — conditions the secretary of state called "unacceptable" and vowed to investigate.
> In the 2014 midterms, only 33 percent of eligible voters cast a ballot—setting the record for the lowest turnout in any national election of any advanced democracy (except Andorra) since 1945.
> In 25 states, employers are not required to give their employees paid leave to vote; in 19 states, employers are not required to let their employees leave work to vote.
Do you comment or just Google? This is the last one of your Google sessions I will reply to. If you actually have a comment, I would be happy to discuss.
> And nearly 56,000 of them re-registered within the same county, according to the AJC/APM Reports analysis. If their registrations hadn’t been canceled, they would have been able to vote without having to re-register.
And 0 of those had voted in several prior elections, which is why the law was followed to remove them from the registered rolls.
> More than half, almost 30,000 Georgia voters, re-registered too late to participate in the close 2018 election for Georgia governor. It’s impossible to know how many of them attempted to vote, but those who tried wouldn’t have had their ballots counted.
It doesn't sound like they are active participants. They didn't vote for some time, then they said they registered too late to vote. It's best not to use them as people who are being denied a vote. It is their choices not to have voted for a long time.
> Long lines and malfunctioning voting machines marred statewide primary elections in Georgia, renewing attention on voting rights there.
These voting machines are almost 100% a laughingstock. The very article said that! They have to do with the rush that happened a few years ago to institute voting machines - not with voter suppression but the exact opposite.
> Hourslong waits, problems with new voting machines and a lack of available ballots plagued voters in majority minority counties in Georgia on Tuesday — conditions the secretary of state called "unacceptable" and vowed to investigate.
From the same article you quoted: "Georgia’s secretary of state, Brad Raffensperger, blamed local officials in Fulton County, which includes most of the City of Atlanta, and said there were few issues elsewhere, while by midafternoon counties outside Atlanta had begun extending voting hours to account for time lost tending to the new machines."
If everyone else could do what needed to be done, outside of Atlanta, then Atlanta should be investigated - not invisible suppression from the rest of the state onto Atlanta.
You show me your receipt, I verify that you voted the way I wanted, and you get money. Or, if the receipt shows you didn't vote like I told you to, I punch you in the face.
It has some criticism, but IMO this is a very simple and effective method. And there are better ideas out there too.
I think we can even build a mechanical machine (like out of buttons connected to stamps/ink) that can create valid threeballots. That way you don't have to explain the instructions.
True. But where I'm from you can vote by mail and in person, and if you do, your in-person vote cancels your mail-in vote. This means that even if someone coerces my mail vote, I can still override it on election day by showing up in person and vote in secret.
...and if whomever is coercing you to vote a certain way can also prohibit you from voting in person, you have bigger problems that border on kidnapping and illegal captivity.
> ...and if whomever is coercing you to vote a certain way can also prohibit you from voting in person, you have bigger problems that border on kidnapping and illegal captivity.
Nonsense. You have whatever problems made your vote susceptible to coercion in the first place, no more and no less. It's not necessary for the other party to physically prevent you from voting in person. All they need to do is observe whether you do, and punish you accordingly.
> All they need to do is observe whether you do, and punish you accordingly.
Yes, but this doesn't scale, and again, it's bordering on illegal captivity. One person can maybe prohibit a couple of others into not going to vote in person, by living with them.
Whereas if you have paper receipts that show what you voted for, one person can easily validate thousands of those, and punch everyone in the face who voted "wrong".
It does scale of course. The one example you mention is couples. Perhaps men prefer one candidate over women and pressure their wives to vote a certain way. How is that not scaling?
Another example is unions. Perhaps the union and many colleagues prefer one candidate - if you sneak off to the voting booth you risk ostracization.
It’s secret but not private. I really don’t care if my name is attached to my vote in a way that the gov’t potentially knows how I vote but it seems a lot of people do.
Historically, there are a lot of cases were this turned out to be a huge problem. A lot of the German system, voting and otherwise, is influenced by the Nazi regime and it rise to power.
That's why we have things like the 5% margin for parties to get seats in parliament. During the Weimar republic, one of the reasons why it was close to impossible to form stable coalitions was the high number of parties with seats. And the list goes on.
There are cryptographic schemes where you can verify that a vote was counted but not how it was actually cast. Physical ballots going through an optical scan machine sometimes have an id stub that gets detached before they go into the counting pile -- imagine that it wasn't possible to add a stub to the "counted" list without also adding a ballot.
> The entire voting system has to be easily understandable by everyone in society, in order for society to trust the system.
Can you tell me how current voting systems work, because it is a black box to me and I can't even verify that my vote counted for the person I picked. From what I can tell, the local election officials can tally the votes however they want.
I'm not an US citizen, I've never voted in the US, I have no idea how your shit works or not.
But I know how my country's system works, and it's super fucking easy. On election day, I got to my voting place for my voting district. Each district contains a couple of thousand voters. For each election I'm participating in - national, regional, local - I place one piece of paper with the name of the party I'm voting for in an envelope, secretly.
I then go to the election officials, identify myself, and they look me up in their voter roll, which is simply a printout of the couple of thousand voters who should be voting in this place. We all check that I'm in there, and that I'm not already marked as having voted. Then they strikethrough my name in the roll, and put my envelopes in the corresponding urn. I am now certain that my secret vote went into the right urn, and everyone else can be certain that I've only voted once.
Once the voting ends in the evening, election officials in each voting place opens their urns, and opens each envelope, removing the vote inside. Then they simply sort and count the individual pieces of paper that are the votes. You count the total number of votes, you count the total number of voters crossed out in the voter roll, and make sure it all matches up. And this gives you a preliminary vote count for each political party in each district, so you only need to report a couple of numbers to the election authority.
Anyone can watch this process! I can go and watch it. You can come and watch! And it's so simple to count pieces of paper that anyone can do it. And with observers from the various political parties, you can't cheat.
After the preliminary counting, you take all the votes and your voter roll and put it in a sealed box and send it to the regional voting authority where they do a final control count, and archive the votes for history.
I am one of the 1160 voters out of the 1363 eligible, I can see that the party I voted for got at least one vote, so I can be fairly certain that my vote was counted, while what I voted for is still a secret.
Compromising this system is incredibly hard, because it is parallellized and distributed. And the paper trail will always be there. Somewhere in a vault, there are 6,535,271 pieces of paper representing the 2018 vote for the national parliament. You can't accidentally erase that or lose that.
Fair, I know that US elections are more complicated because there's so many elected positions to make a choice for.
I'm all for technology to help create ballots. You can have a touch-screen system that walks a voter through all the choices and prints a correct ballot, as long as the voter then manually takes this piece of paper, verifies that it says what he thinks it should say, puts it in an envelope, and observers watch him place the envelope in an urn.
I'm all for OCR systems that can rapidly scan and count a large number of ballots, your voter ballot creator machine can put OCR codes that make it easier to count as well, I don't care. As long as there's no identifying info on the ballot, it is human readable, and as long as the preliminary vote count is done manually. Later on you can send all your ballots to a central counting facility and OCR the crap out of it for every single elected position, that's fine.
The majority of them which happens to also be “enough of them to catch any widespread attempted fraud by printing ballots different than what the user picked”.
Force a time delay that’s long enough for a typical user to validate their picks before proceeding and you might bump the figure some.
That, and have an UNOFFICIAL digital count as well, the one that's done quickly for the news and everyone making planning, with the official, double-counting verified recount reaching the same numbers as the electronic and previous hand count (within a very small % for human error).
If there's a disagreement the human counts are repeated until within 0.001% and then they're official.
Except we are lazy and will come to rely on the digital system, then we will never care to recount unless there's a lot of pressure, and even then it might take so long that we will probably not wait. Already a US presidential election was decided on the wrong count, when the proper count came out it was too late.
e.g. you transmit your digital results, on a per-machine level, at t+1 minute to the central precinct. at t+5 minutes the central precinct sends back a random request to have X% of the machines audited by hand. If there is a significant abnormality, we move to a larger recount and withhold electronic results. If things match up, we announce the full electronic results around t+1 hour.
How are mail-in ballots protected from fraud? I keep hearing that fraud is not a problem, but I'm wondering (a) how do we know there is little fraud; and (b) what mechanisms make it safe from fraud?
Mail-in ballots are linked to a voter permit (outer envelope) which serves the purpose of maintaining the pollbook, that is, ensuring that each voter casts only one vote. This prevents ballot stuffing.
Mail-in ballots are sealed in a tamper evident fashion inside of the permit, to prevent modification. Because opening the envelope would probably damage it, a duplicate enveloped (forged permit) would need to be produced to modify the ballot. In most cases a duplicate ballot would also be needed, which presents its own obstacle, although ballots are not generally intended to be protected against forgery.
The postal service is backed by a particularly strong set of criminal laws which generally make a felony to interfere with the mail. This is of course on top of laws protecting the voting system from tampering.
The outer envelope (permit) is a sworn statement and signing for someone else's ballot would be perjury, a felony, in addition to other laws around voting that likely exist in the state.
None of these measure are perfect, but combined they make vote-by-mail fraud difficult to achieve on a meaningful scale. Remember that, to be effective, voter fraud needs to be successfully committed not once, but many times. The difficulty of each case and general history of harsh prosecution of small-time fraud creates a significant disincentive to try.
Fraud isn't impossible, just difficult to do on a scale that would matter in most elections. In NC, an election had to be redone because someone working for the GOP candidate had fraudulently collected absentee ballots (from registered Democrats I think), preventing those ballots from being counted or possibly tampered with them, and it was a close race.
So obviously the voter needs to be careful to place the mail-in ballot correctly into the USPS and then the USPS has to be trusted to deliver the ballots correctly.
Beyond that, the mail-in ballots are checked against the registered voter rolls. So the state has to maintain clean voter rolls.
But this is not much different really from in-person voting. In theory, I could go to my local polling location and claim to be one of my neighbors, sign their name, and take their vote. They'd only notice if they showed up to vote later. But I'd likely get caught if they'd already voted. Or maybe the poll worker would recognize me. There are lots of scenarios you could imaging getting away with a handful of fraudulent votes. But it would hard to be able to do anything significant enough to affect the outcome of most elections.
One thing I really don't get is the voter registration thing in the US. All European countries I know of simply require residents to register their primary and secondary residencies. You get voting papers to your primary residency. That's it. No registration as a voter, no party affiliation. You can be a party memebyer, but that information isn't public.
Same in Europe. With the notable exception of local elections, like mayors and so on. Thing is, you cannot purge a voter role, as the voter role is the residents role. But then we have ID requirements.
"Bored mailman convicted for altering 8 ballot request forms" suggests that they are secure. Even if he wasn't caught, there should have been time for the ballots to be replaced.
Those claims have been shown to be largely incorrect, with even the foundation retracting the article. An unreturned ballot does not mean fraud, the registered voter may have chosen to vote in person or not vote in that election. Several states send ballots to every registered voter, and that's how the number reached 28 million.
Ballots don't need to be secret, they just need to be anonymous. If you get rid of the secret constraint, it becomes fairly easy to produce a trustworthy voting system:
1. Immediately before identifying at the polling location, each voter takes a nondescript strip of paper out of a large container of numerous strips of paper, each with a unique identifier printed on it. (No one but the voter knows which identifier they took. No one can force a specific identifier.)
2. The voter fills in the identifier on a Scantron-style paper ballot. (Easily digitized, with a paper trail.) The ballot box scans the unique identifier and spits back out out any ballot with an identifier that wasn't generated for that polling location. (Ensuring no one can force a specific identifier.)
3. A list containing the entirety of every ballot is published publicly, including the unique identifier. (The voter can look up their ballot later. It becomes difficult to coerce a voter because they can say any one of the published ballots is theirs.)
4. A list of names of people who voted is published publicly. (Registered voters who didn't vote can check if a ballot was cast in their name. This is already done in many places.)
You can also have mail-in ballots with user-generated statistically-unique identifiers (requiring only several rolls of a die, so anyone can do it at home), but you can't prevent voter coercion that way.
> The voter fills in the identifier on a Scantron-style paper ballot.
The voter will mess this up a disturbing fraction of the time. It will be rejected. The voter will try again, possibly have it rejected again, give up, and go on Twitter to complain about the new system.
Also, I can go to vote, surreptitiously take two strips of paper, use one, pocket the other. I coerce my spouse into using that one, and pocket the one they took.
> It becomes difficult to coerce a voter because they can say any one of the published ballots is theirs.
Maybe for simple ballots. A question including e.g. a ranking of ten candidates has about 3.6 million possible configurations -- more if undervotes or other ties are permitted. The voter can be coerced to fill this out in a specific way to self-identify, and then vote in a prescribed way on another question.
edit: Of course, this vulnerability already exists: the voter could be given that same instruction. An observer of the ballot counting process can tell if the correct ballot was cast.
Good points, though they're rather at odds. If you assume voters will mess up their ballots that frequently then the voter being coerced can just find a ballot that's close to what they were coerced to do and say they messed up the rest.
No way to prevent surreptitiously taking more than one strip of paper comes to mind. Someone should be observing the voters take the strips of paper to ensure only one is taken, but that doesn't prevent sleight of hand. But if there are mail-in ballots, you've already basically given up on voter coercion anyway.
What you describe is the ballot-permit system currently in use in many jurisdictions (terminology varies, and the permit may be called an application to vote, voter authorization, or similar). The difference is that the ballot information is not published. There are two reasons for this:
1) Current election systems, with few exceptions, do not retain per-ballot voting information, only tallies. This is in large part a practical matter, ballots go through various channels of handling including exceptional cases (e.g. hand entry of damaged ballots) and many of these paths become much more complicated if you need to electronically record the individual selections on each ballot.
2) The risk of re-identification of voters to ballots is high and extremely difficult or impossible to satisfactorily resolve. There are many, many potential ways to establish which specific ballot was cast by a given voter. This is especially important considering that in many elections the number of voters per ballot style (which may be equivalent to a precinct in your area, the exact combination of questions which appears on the ballot based on voter location and potentially party affiliation) will often not be very large, even in densely populated areas, because of course as the area becomes more densely populated the electoral precincts become smaller.
Finally, your step 2 is quite unnecessary for current purposes, the physical possession of both the ballot and permit are sufficient to prevent overvoting. One permit entitles an individual to cast one ballot. In the case of mail-in voting the ballot is sealed inside of the permit in a tamper-evident fashion (the outer envelope serves as permit). It also presents a more complicated and worse privacy proposition than the existing system, as the ballots can be post facto linked to the permits and someone could have (likely did) observe the voter take the permit. In current practice ballots cannot be linked to permits after they are physically separated when the voter casts their ballot. This protects the voter by reducing the time period during which their ballot can be identified.
For point 2, you could put the very local questions on a separate ballot with a separate unique identifier per voter. It would be mildly inconvenient though.
Someone should be observing the voter taking the strip of paper, but it would be done in a way to prevent them from observing which one was taken by the voter.
If you want a system based on Scantron-style paper ballots that allows cast ballots to be published, allows anyone to verify that the count was correct, and allows voters to verify that their vote was counted correctly without being able to prove they voted for a particular candidate, see this [1]. It's been around for several years, and has been used successfully in a few elections.
Like with a lot of political things in the US I strongly believe that none of the decisions makers really want to have a system that works impartially. They just want to have an advantage for their side because it’s about “winning” at any cost no matter how destructive it is for the country.
Otherwise I can’t explain the problems this supposedly developed country has. I am from Germany and have never heard anybody having doubts about the integrity of the system there. If the US wanted to have a system that works they could look around and see how it get countries do to. But it seems they don’t want to have such a system.
"VotingWorks is a non-partisan non-profit building a secure, affordable, and simple voting system. Our vote-by-mail solution lets you scale vote-by-mail quickly and affordably. Our risk-limiting audit software ensures votes cast on any paper-based system are correctly tabulated. Our voting machine creates paper ballots that voters can directly verify. Our source code is available on GitHub. You can help by making a tax-deductible donation, joining our team, or reaching out."
As others have pointed out, digital voting systems can be hacked, exploited, or otherwise derailed from centralized location. They also can contain subtle software errors.
Paper ballots can have problems like we saw in Florida (hanging chads).
When I was growing up, we had big mechanical voting machines. I have no idea how common (or uncommon) these were in different parts of the country. The machine opens up and has a set of retractable curtains. You walk through the open curtains and then pull a big lever that closes the curtains behind you. Then you vote by flipping mechanical switches for the candidate (or yes/no for policy ballot). When you're done voting, you reverse the big lever. This action increments the machine counters based on your votes and opens the curtains for you to exit. Once the polls close, the polling folks simply sum up the counters across all the machines in the polling station.
The downside is that the machines are big and heavy to store and move. I'm sure they're not cheap for the initial purchase. However, they're efficient for tallying yet very difficult to hack. In my opinion, they're the best overall voting mechanism.
If I sign a vote with my private key, and my public key is used exactly once, and is registered with the electoral body, and a list is printed of signed votes by candidate, I can validate that my key was used to sign a vote for the person / issue I voted for, and we can also know that everyone only voted once.
Key distribution could be based on the current registration system we have in place now, and you could use the key they send you to change your key pair so the state can't forge your vote. One could even automate this, even with an open source app we could all inspect.
1. The way in-person voting works where I live, no. Mail-in ballots naturally require trust that the inner envelope will not be correlated with the outer envelope.
2. It's not, aside from that it is more easily automated. "Helping" certain voters fill out their mail-in ballots is already an easy way to manipulate an election.
> Can’t the state already know who voted for what right now? That seems like a nonissue.
No. That is one of the most fundamental features of our system. In the secrecy of the voting booth, you can make your voice heard with no consequences to you.
You can actually put the ballot in the box. You or someone you trust can stay as an observer until the voting is done. You or someone you trust can watch as the ballots are removed from the voting box and counted.
I think it has been recommended before, if you want to see this, sign up to be a poll observer. You will get to see the whole process.
Thousands of issues of voter fraud, and these are only the instances where they got caught. Polling officials are usually the ones that are responsible for mass voter manipulation, just look at what happened in Iowa and Georgia.
Poll watchers are appointed by political parties. It is not something anyone can sign up for and get to do. Monitors also do not directly prevent electoral fraud.
No they can not. I put my ballot in a locked box filled with other ballots. It's not like I hand my ballot to a person and ask them to please record my vote.
The Oregon vote by mail system lets you get a notification when your ballot is received by the counting center. I'm not sure exactly how it works but the counting might be observable from that point.
I haven't voted in Oregon, but the vote-by-mail I have done has a two envelope system. The outer envelope has identifying information, and that can be used to give you a notification. It is then separated from the inner envelope, which goes to the counting.
Observers are present to ensure nobody correlates the the information with the ballot or tampers with the post-opening process.
Oregonian here! My signature is on file with the state, and both an OCR system and a human look at my signature on the ballot to make sure it matches. Additionally, my ballot has a barcode on it and a security weave, so that a "counterfeit" ballot and envelope would have to have come from inside the ballot-production system; loss-prevention techniques can be used to track down any stolen envelopes. Finally, the attack would have to come from inside the postal system as well, because only post officers and voting officials touch my ballot. In my specific case, I can even drop my ballot directly at a ballot box and not have to post it.
If you have any evidence of widespread voting fraud in Oregon, please show it. Otherwise, no, we're not interested in your attempts to denigrate a convenient and reliable voting system; it reeks of antidemocratic sentiment and I don't see why we should tolerate it.
"Even in Oregon, where VBM processes and integration
with the postal service are well-tuned, over 1,000 ballots were
lost in a January 2010 election." - http://iiisci.org/Journal/CV$/sci/pdfs/HPA468KX.pdf
Your first two links are for Alaska and Wisconsin. I'll agree that the latter is clearly not experiencing fair voting; their legislators need to step up and be better. The third, the survey, is quite interesting. It shows two problems: First, people are filling out other household members' ballots; and second, ballots get lost in the post, usually on the way out to voters.
There's nothing that can be done about that first problem. Being pressured to vote in a certain way is as old as voting, as are laws against pressuring others. The survey claims about 5% of voters are so pressured in Oregon, which is a dreadful but realistic number. Worse, though, it says that about 2.5% of ballot signatures are forged. We could do better at detecting forged signatures, but since stylometry is already such an imprecise art, it's probably not great to rely further on signatures. Ultimately, though, forcing people to the polls doesn't solve this problem at all; it just hides the problem behind layers of people telling each other behind closed doors to vote in certain ways.
Edit: Oh, right, and this survey's source doesn't work. They link to KVAL, a real news station in Eugene, but their link is dead and has never been seen by the Internet Archive. I have no problem believing that humans are so horrible to each other that the rate of voter intimidation is over 5%, but hard data would be nice.
That second problem, though, where ballots are lost on the way to and from voters? That's easy to fix. Just have a notification system that tells voters when their ballot has been posted. And that brings us back to the top of the thread; in Oregon, one can sign up to get text notifications about ballots. Checking my phone, I have notifications going back to 2016, in pairs; the first message is along the lines of:
> This is Multnomah County Elections, your ballot for the Month Year General Election has been sent, look for it soon in your mailbox!
And the second is like:
> This is Multnomah County Elections, your ballot for the Month Year General Election has been accepted and will be counted.
If I don't receive my ballot within a few days after that first text, or I don't receive that second text within a few weeks of voting, then I know that something is wrong and I can go to the elections office to try again. This hasn't ever happened to me personally. Note that, because voting by mail takes place over several weeks, there is time to remediate missing ballots!
I hope this was enlightening. And if you don't trust this system, then you can always go to pick up and hand-deliver your ballots or go to a poll. But on the whole, I'd just as much rather that you didn't vote in Oregon at all; if you don't live here, then politely leave us alone and let us vote in our preferred style.
> if you don't live here, then politely leave us alone and let us vote in our preferred style.
I don't live there. However, since Oregon VBM topic was brought up in an international forum, I assumed (incorrectly by your standard) that it was open for discussion.
If you want discussion, then discuss things. So far, all you've done is make a couple snide remarks, one about how Oregonians must suffer so much voter fraud, and one about how Oregonians must not be fairly represented if they're not electing Republican governors; as well as throw some links into the mix and wait for others to try to figure out what you meant.
You don't really seem interested in discussion, but in taking cheap shots at cultural practices of which you neither understand nor approve.
I agree that designing an objectively reliable online voting system is very difficult. But at the same time I think that in principle it can be done. However, in my opinion the current unavailability of such a reliable system is not the largest issue with online voting.
Instead, it is its potential for giving the people with power more ability to control and enforce the voting behavior of the people over which they have some kind of influence.
For example, a boss can offer a bonus to employees who would verifiably (e.g. under supervision) cast an online vote according to the "company's recommendation". Or a landlord can say that the rent will be raised next month unless the tenant votes under the landlord's supervision and according to the landlord's preferences.
Such practices probably exist today as well. But the difference is that in the physical voting system, even the people who are being pressured to vote in a certain way are in the end required to be alone and behind a privacy screen while casting their vote. So, even if they have been forced to promise to vote in a certain way, they eventually have the freedom to vote as they like without having to fear that their actual voting behavior will be revealed.
That freedom originates from the requirement to cast a vote in private. Availability of online voting removes such a requirement.
Then the system should be designed to let you avoid such demands:
- you vote once under supervision and another time later in private. Only your last vote counts
- you are given multiple private keys and only one of them is real. If you vote using any other one, the system behaves as if your vote was recorded, but actually doesn't count it
Yes, that would help in theory. But in practice it would only change the way how the people inducing the pressure would verify that the votes have in fact been cast according to their preferences.
For instance, if voting multiple times is allowed and only the last vote counts, they would require the people to vote during the last 10 minutes of the polling period and afterwards they would withhold their ID card with the signing capability from them until the polling is closed.
If there are multiple private keys to choose from, they would require people to at first prove which one is usable for this particular election by checking it with the issuing authority. The owner must have been given this information in some verifiable form at some time, so the demand will simply extend to include that information as well.
But in practice, the availability of postal voting is limited. For instance, in my country you can only vote via mail in country-wide elections that do not have the second round. The reason is that it would be impractical to print the ballots for the second round and send them out all around the world in the time between the rounds, which is typically 2 weeks. Also, the destination at which you can receive the ballots must be abroad. There is no support for in-country postal voting. As a result, the potential for larger-scale influence-based misuse is significantly reduced.
German physicist Werner Heisenberg's uncertainty principle states that the more precisely the position of some particle is determined, the less precisely its momentum can be predicted from initial conditions, and vice versa.
(Edited Definition from wiki)
I want to posit that secrecy and security have the same relationship as the uncertainty principle ascribes to electrons.
It means that large scale fraud is extremely difficult due to the labor required. This is a good thing. Hundreds of thousands of dispersed voting locations means that to pull off a “hack” you’d need to hack thousands or perhaps 10s of thousands of locations all with their own details.
In a digital voting system, you’d need perhaps to find a flaw in 1 system. The centralized one.
I don’t want digital voting. I want anonymous, and inefficient in person voting where the issues are small and localized.