Public Trust Demands Open-Source Voting Systems

Paper still needs a system to verify ballots aren't forged, and that system should be robust and transparent too.

Other countries get preliminary election results the same day even with hand-counted paper ballots. So even that isn't impossible.

There is too much power at stake and too many dollars in the mix for this to work. Take a look at how expensive it is to break electronic voting machines then compare that to the billions of dollars that flow into an election cycle.

> I don't think those problems are insurmountable.

As soon as you try to be more clever than electronic counting of paper ballots, yes they are.

You can either audit the count by replaying the input event stream, or you can't.

The absolute number of people doesn't matter. If you have more people voting, you can have more people counting. If you have more people, you have more polling stations, you can keep the size of them constant no matter your total population.

Other countries do paper ballots and manual counting without issues. The US isn't that special or unusual.

it’s called distributed voting centers, there’s this many people so there’s plenty of people available who can count their block’s ballots, there’s no motive of convenience in using electronics for voting that could ever surpass the motive for simplicity and trust, it’s just not that hard of a thing, there was no new problem that suddenly emerged when electronics became available for this, this notion should inform you of the various motives of why someone started to market them to decision makers

Maybe the solution is to have no software at all. Software can't be really audited at scale, human actions can

I prefer paper ballots. I'm in a country that uses paper ballots exclusively. I didn't make that argument here because the topic was voting machines.

These system used for voting means that humans don't hand tally hundred of millions of votes. They tally those in a voting district only. Those them get aggregated with other districts and so on until the whole states and then the country is counted.

The problem with the accuracy assumption of electronic voting is that a) its all coded without errors and b) someone hasn't deliberately but code into manipulate the vote numbers.

User name checks out.

Human tallying is a source of errors, but it typically doesn't affect the outcome in major ways. This is more of an argument against large scale winner-takes-it-all election systems, as they have the least resilience against this kind of error.

The main benefit of manual tallying is that election tampering at scale becomes a rather labor-intensive and physical process that is more likely to leave detectable traces. Compare that to the the last US presidential election that has statistical oddities in machine-tallied voting results of kinds that have historically been shown to correlate with election fraud. If this was indeed caused by fraudulent voting software, it happened without leaving any other obvious traces of tampering.

I've counted paper ballots for multiple presidential elections in my country.

People who think it's not safe should really spend some time learning how it works. It's impossible to cheat at scale. Each ballot is verified to be correct my multiple eyes. A person is reading, one is writing down the name, one is verifying and some other things I don't remember.

To cheat you need to have everyone in on it. A whole town involved to cheat and to at best win one polling station. It's safe because anyone can attend the counting, so each party can send someone to check no shenanigans is going on.

So the more votes you want to be winning by cheating the more people must be brought in the conspiracy. That's impossible to be unnoticed at the scale of a city, much less at the scale of a country.

You can introduce procedures to minimize the error to a point that it’s not significant anymore.

Having a paper trail and an observable counting process is worth a small error margin.

>Humans are actually quite bad at hand-tallying hundreds of millions of datapoints.

Humans just need to be able to separate a few hundreds of ballots into a couple of piles. When introducing double checking this makes an incredibly rigorous process, which can be open to the public. This is the case here in Germany.

Everything after that can be done by computers as all the data after that is published.

Haven't watched it, but to summarize what I imagine someone aligned with me would say: A ballot's entire lifecycle can be watched as it goes from the stack to the booth to the dropbox to the counting pile. Poll watchers are vestigial as soon as voting machines are involved; it becomes the honor system, which is not trustworthy enough in a system where the parties do not trust each other. The best you have is 'we have found no evidence of widespread voter fraud', a carefully couched statement from media organs you don't necessarily trust either. You, a (Democrat/Republican), can trust a system with paper ballots, because people from your party will observe all relevant details of the process everywhere the process occurs.

This isn't a technology problem, really. It's a problem of corruptible humans. In US elections, there are billions and even trillions of dollars at stake. Observe the grifting being done by the current administration. Thus, humans are extremely incentivized to corrupt the process. Technology just makes the corruption easier. Technology enables the grifter.

First video:

Arguments against electronic voting: 1) one person can change millions of votes 2) vulnerable even outside the country 3) even if you audit the software, it's hard to verify that the audited software is what is actually loaded on the machines 4) even if you check hashes of the software, how do you check the software that checks the software (this is a restatement of the Ken Thompson Hack) 5) proprietary software 6) USB sticks are insecure 7) final computer tallying everything is owned and located in a single place 8) XSS attacks on e-voting pages.

Arguments for physical voting: 1) centuries old, many attacks have already been tried and failed 2) no identifying marks on ballot = no opportunity to pressure voters to change their vote 3) multiple people involved in each stage of the process

I realized after typing that out that YouTube has a "Show Transcript" function, so try that for the second video.

Too easy to cheat.

In addition, and I think the punch line, if you take measures to decentralize and audit every single part of the digital process, you have just made the most expensive pencil and it'll not perform that much better against manual voting to begin with.

I wouldn't trust any democracy that uses electronic voting. It is not possible to secure voting machines and make them democratically accountable.

If you can independently verify the election result, then it does not matter if any of the counts were made using proprietary software.

If you can not independently verify election results, what good does published source code do?

Elections are a process, not a result.

Candidates drop out, die, or become ineligible in all kinds of ways. Paper is not strictly better and can create costs and complications on the day of the election itself.

Electronic voting is fine. Why can't we just have a printer in the polling booth? I run my ballot, then hit print, then I can manually verify it, and then drop the printed ballot in a box.

Literally the easiest thing to do.

> I agree that paper ballots are better,

You didn't define how paper ballots are better. Given that many electronic systems print paper ballots, I'm not sure how they could be said to be universally better.

Electronic ballots can be much better than paper in two ways. Firstly, they are faster to count. I'm not sure why that matters, but it's true and seem people seem to think knowing the outcome quickly is important.

Far more importantly to me: they are easier to use. In Australia we have compulsory voting. A lot of attention is paid to how many votes are invalid. It currently runs at 5%, but ranges up to 10% in areas with lower education levels or non-English speaking. Voting machines can tell you verify if the vote is valid, help you if they aren't, provide information from the candidates if you want to know more.

One the downside, a poorly designed voting machine can be far less secure than out current paper system. Sadly, I don't think I've seen proprietary voting voting machine that didn't have significant design flaws. Making the situation worse is the voting machine companies like to keep their flaws well hidden (flaws aren't good for sales). In Australia, we've had examples of the Australian Electoral Commission perusing academic researchers in the courts for revealing flaws. [0] Mandating open source mandate is a solution to that.

https://www.unimelb.edu.au/newsroom/news/2019/november/flaws...

One of the few things I was happy with Texas legislation this year was moving all to paper ballots. They still use the "bubble counter" machinery though and not human eyeballs. But it's not like it still relies on honest people and a government that is neutral when it comes to counting votes. That's starting to look like it is less and less possible with the current regime's banana republic chaos.

I agree insofar as ensuring all e-voting implementation attempts are open source will enable us to more comprehensively prove that it is a fundamentally bad idea.

there are even ways that paper ballots can fail. there needs to be a better process that has proper controls and checks regardless of the format used.

Placed 56 and 41, respectively, on the Democracy Index.

Haha no. Voting machines caused absurd amounts of political instability here in Brazil. It's essentially become wrongthink to question the system.

Our elected representatives have tried to add a paper trail to the machines twice now and it was ruled unconstitutional for total bullshit reasons. Our former president was banned from future presidential races because he questioned the machines. We have a judge loudly proclaiming that the machines are UNQUESTIONABLE with such unwavering pride you'd think he'd have the balls to start a billion dollar bug bounty and post it here on HN. He only allows you to "audit" the system by appointment behind closed doors and the only tools you're allowed to bring with you is a pen and a piece of paper. People found issues even with these restrictions. There are people protesting to this day, laymen asking for source code, completely unaware of the existence of supply chain attacks and the fact the source code would prove nothing and serve only to humiliate them. We have former US president Biden's top CIA guy telling our former president to stop questioning the machines, wouldn't be surprised if they had access to this shit.

Germany did it right: voting machines are unconstitutional because citizens do not understand it. Elections must be fully auditable by the average person. This is the correct stance.

Umm.. I wouldn’t say fine.

https://www.bbc.com/news/articles/cj9w43p7741o.amp

Things have always been iffy. No one knows for sure.

Edit: That link is the most recent example. Googling for voting machines themselves would bring more examples. Every election cycle we go through reports of malfunctioning, no audit, audit not matching, extra machines appearing, machines being taken around by politically connected, even things like pressing any button on the machine voting for the same party…etc., but ECI has been pushing it aside and refusing to open up. This recent one became an issue because the manipulation (allegedly) went a layer deeper into the voter rolls themselves and they are public data.

We don’t know what’s up with the machines.

How do you know? How can their citizens know?

They don’t have stellar democracy grades from The Economist’s index: https://en.wikipedia.org/wiki/The_Economist_Democracy_Index and both seem worse off in the last ten years than the ten years before.

Are they using only the electronic version or the mixed version? We used the mixed version in some elections here in Argentina. The paper trail is harder to fake, and the electronic part close a few problems of theonly paper version.

> The cost of human labor to count all ballots by hand will be enormous

In Taiwan, this is how it's done. Every ballot is counted by human. It's completely public: you can just walk in any polling station during the counting process and watch they count.

The cost of human labor? Maybe US-exceptionalism is peeking through?

In actually democratic countries the elections are done on holidays(Sunday) and the polling stations are in where you live.

It is your vote you silly. It is your democratic duty, right and responsibility to guard it if you don't trust the observers by becoming one. Everybody should be able to watch the process and the count!

Losing one day of revenue would not hurt. Especially on a holiday.

I'm much less concerned about automated vote counters, as long as they are not connected to the Internet, enough ballots are hand-reviewed to make sure that the values from the machine don't seem way off, and the specific type of counting machine isn't uniform across the whole election.

A single polling station usually only has a few thousand voters. During the day, polling officers at the station processed (signed/stamped/tore/etc) every single ballot that went into the boxes. They also verified every person's ID. When polling closes, why is it enormous human labor to count the votes, but all the processing during the day is not?

Chile has a very good election system and there's basically no machine input in the process.

What's important is being able to segment the population in enough voting places so that each voting place is maneaganle just by a small number of people. The Chilean system is scalable because you can always just add more voting places as the population grows.

Usually these voting places are civic centres, stadiums, schools.

It's a good system and generally for a presidential election we get the results in about 4 hours after voting ends.

If your paper ballot are counted by simple, airgapped machines - that's both a vastly reduced attack surface, and is easy (if laborious) to physically audit.

Australia hand-counts. In a federal election, a voter will typically cast a preferential vote for the lower house, and a more complicated proportional vote for 3 senate seats. Rarely, they'll vote on 1 or 2 propositions ("referenda"). This seems comparable to a federal US ballot (first-past-the-post votes for house/senate/president).

The US casts 10 times as many votes - so it seems reasonable for the US to hire 10 times as many poll workers? Hand-counting is O(n) i.e. constant per-capita, and it scales horizontally.

Local and state ballots in the US can feature tens of elected positions and propositions, I could imagine hand-counting them to be quite expensive.

>We need to do everything possible to increase participation in the democratic process

Do we? Participation should be made easy for those eligible and inclined to do so, but I don't see the benefit of encouraging participation from people who can't be bothered to put some effort into it, or are ignorant of the issues and candidates and are easily swayed by trashy campaign ads. I've seen the statistic thrown around that less than half of americans can even name the 3 branches of government, and if that's true I think those people have a civic duty not to vote.

> Posting those links without any insight from your side is just quoting dogma

It would certainly be exhausting to share an opinion on every single resource you want to share with someone.

Voter rolls are public information in the US; there are several watchdog groups that perform verification services and have done so for decades; and to date, none have uncovered the kind of large-scale voter fraud that would necessitate doing anything differently from what we do now.

In fact, I'd argue that having 50 different voting systems with 50 different ways to prove eligibility makes our elections more resilient to large-scale voter fraud, even if it makes it more difficult to verify voter rolls wholesale.

Cryptocurrencies don't need to do things like make sure that no human gets more than one vote, only humans (no bots) from a specific part of the world get a vote, and keep votes secret. Blockchain is not the solution.