Looks like we're about to have the same voting/election discussion we've had at least 5 times over the past month or so. If anyone's interested in reading what's already been discussed, here are links to the previous threads:
Why do Americans use voting machines exactly? I mean, it just prints out their choice at the end right? What benefit do they actually gain from having pressed buttons instead of using a pen? It just seems to fuel the hacking conspiracy every time a president is elected.
In the UK we turn up, go into the booth with the paper slip, and tick our choice with a pen. Then we fold it and post it into a container which later gets shipped off to the counting room. I just can't understand why you guys have to physically turn up if you are just going to select your answer on a computer anyway.
Hi Hacker_9. In Texas, where I vote, the machines don't even print paper. We just have to trust that the machine correctly recorded our vote. The reasons for the machines are, 1. cost cutting over manual counts, 2. profiteering by well connected companies, 3. And potentially making sure only the "right" votes count, although that part isn't proven.
In California we were able to vote at home with a mail-in, paper ballot and I much prefer that.
It was a knee jerk reaction by Congress to the 2000 presidential election recounts in Florida. They passed a bill that funded the purchase of new voting machines called the Help America Vote Act[1]. It provided a fat pile of federal funds to states for the purpose of replacing voting equipment. Of course, throw a mountain of money in front of federal contractors, and several will rush out poorly designed systems quickly to claim the prize. Secure voting was the last thing on their minds. Diebold actually sued the state of Massachusetts for "wrongful purchase" of competitor systems.[2] Slashdot covered the fiasco generated by HAVA for years. Just search for Diebold or Sequoia in relation to their domain.[3]
A former co-worker of mine wrote software for voting machines in Brazil. He described to me a few reasons why electronic voting machines are important. To be honest I forget the majority, but one story that stuck with me:
One common scheme electronic voting machines help prevent is forced votes. A bad guy gets their hand on a single empty ballot and writes the name of the candidate he wants to win on it. He then comes to you and threatens you and your family. Says hand in this pre-filled ballot and bring me back your empty ballot, or else... You comply, he fills out the empty ballot again, and repeats.
The electronic voting machines protect your identity. They allow you to vote anonymously. They provide data integrity that is harder to spoof than paper voting methods. I explicitly asked why they don't just vote on paper ballots like they do in Canada (or the UK as you describe). His response was that we take for granted the inherit trust our societies have to allow us to vote in such a fashion without it being tampered.
Every state in America (and even different counties within states) vote differently.
I voted on paper and it was put in a box to be counted in a central location. This takes forever and they just now are finishing up counting.
Electronic voting is a lot quicker and cheaper to count. I'd argue that the best system is one in which you vote on paper but it's counted electronically at the polling booth. That way there's a paper trail that can be audited and also quick counting.
There's a bunch of reasons, probably starting with the voting there being so much more complicated - there are a lot more positions being elected than in the UK. It's hard to say if the machines are really cheaper, but there seems to also be a lack of willingness to adequately fund the process, judging by the queues in many places.
Which is a shame, because it's a fairly effective way to push money back into the economy, at least when a manual system is used.
So there's a couple thing to unravel here. First, each county in the US runs their elections separately so within a single state you might see a couple different systems. Some places like my area in North Carolina use a system like what you describe except the ballots are scanned through an optical scanner then stored in case there's the need to do a recount. There's no central board above the county level that the ballots would be sent to for counting.
Second electronic machines are popular because they speed the election counting and are cheaper to run because the election board doesn't have to print tens to hundreds of thousands of ballots. A good electronic voting machine reports the vote 2 ways digitally to some vote tabulator local to that voting place and with a paper record that can be audited. The paper print out their having printed in this video is the end of the night tally that'll be reported to the county/state board of elections to be combined with the rest of the results.
Third doing it on a centrally located machine instead of over the internet adds a lot of security to the process. Trying to properly secure single purpose hardware like a voting machine that can be kept in a monitored location is a much simpler task than trying to find a way to ensure the Joe/Jane Voter's computer isn't compromised when sending the data to their counties board of elections. Not to mention that by accepting votes over the internet you're opening yourself up to everyone being able to remotely attempt to exploit the system. At least with a voting machine only connected to other election hardware attacks are limited to someone that's physically at the voting location. It's also tricky to prevent double voting while maintaining complete anonymity.
You are still using a voting machine, but you've just introduced a shitty paper input that needs to be scanned into the machine. The counting machine is a voting machine. It can be hacked.
The only benefit is that you have a paper record that can be corroborated if there is evidence of hacking later. But we could do a printout paper record on voting machines too.
You'd be surprised how many of those paper ballots don't get recognized when they are counted. Because the checkmarks don't fill up the box enough or because of optical/scantron error.
The american voting system is actually very secure.
It's highly decentralized, machines are not connected to the internet, implemented in many different ways, which means that they would have to do many attacks many different places without being discovered to even have an effect.
75% of them have paper trails which would require an even bigger achievement to change enough off as it's again highly distributed and decentralized, and it would require mostly physical presence to do it. And thats just a few of the things that makes this more or less impossible.
A bigger concern is access to the actual voter databases but what they can there there is mostly creating chaos which would obviously be horrible but have no effect on voting.
The biggest problem is actually when examples like these spread without the above consideration as that can trigger the population to loose faith in a system that is probably as safe as it has ever been.
P.S. I am highly supportive of whistleblowers like Snowden but this is missing the point.
Beyond the actual security of the voting machines, the other challenge in any hack is making it match the demographic make up of a state. People talk about "red" and "blue" states but the reality is that states are not homogeneous. It would stand out if a traditionally red county suddenly went blue and vice versa.
> It's highly decentralized, machines are not connected to the internet, implemented in many different ways, which means that they would have to do many attacks many different places without being discovered to even have an effect.
Or modify the program loaded on the machines before they're distributed. It's probably easier than you think.
It's interesting to view recent events in the US as a crisis of measurement. The news media measured the voting public with polling samples, we then measured the voting public with a vast government apparatus. Clearly, the measurements did not agree. Logically there are three possibilities: the media was right, the polls were right, or neither were right.
It's actually quite a good thing that we start to speak openly about threat-models against all voter sentiment measuring tools, especially the official ones.
The last polls before the election put Trump at a 30% win chance. Trump winning is a completely normal outcome in that situation and doesn't signal polling problems.
There are two different types of polls we're talking about here. One are polls conducted during the campaign to capture potential voter sentiment and perhaps predict the outcome. The second are exit polls attempting to measure the election outcome based on what voters say they cast. (Nearly?) all complaints about polls I've seen have been about the former.
There are different sets of issues with both categories of polls. If anything, I believe the issue is not a measurement issue as much as it is educating the public about what the different types of polls are, their limitations, and their usefulness.
This headline massively misconstrues Snowden's role and technical capacity in any such voting machine hack. Snowden merely said that it could be done, and pointed to a video published by Cylance.
Have you checked out Krugman's Twitter recently? The man has lost the plot after the election. And now he's pushing even more bullshit conspiracy theories. Sad.
Why exactly would Putin prefer Trump? Honest question as both Hillary (as SoS) and Bill Clinton have been rather soft on Russia - Trump favoring domestic oil production, etc seems would be less preferred. Look how aggressive Russia has become in the past 8 years.
Why hasn't some state used a hash to allow trustworthy online voting? They could add a unique id on the back of your driver's license and then allow you to use your unique id to generate anonymous/one time use id's. They could then have a publicly accessible server that at all time displays a column with anonymous id, vote and every person can verify that their personal vote is correctly displayed.
In general, any process that allows an individual to verify their vote after the fact will enable coercion over voting. For example, in your proposal, an unscrupulous boss could make a demand before the election: "You must tell me the one-time ID you're voting with. If you choose not to, or if that ID doesn't show up in the registry having cast a vote for <candidate>, you're fired." I think that, no matter what the process is, if I can check how I voted I can also be made to check how I voted while someone watches over my shoulder and threatens consequences.
That doesn't exist. See this[1] talk by Andrew Appel (CS Prof. at Princeton) for a very nice overview of the technology in the traditional pre-printed secret ballot and an why electronic/internet voting cannot be secured from all of the known threats.
TL;DR - Adding anything that can be used as an identifier enables vote buying or coercion. Adding computers introduces "Trusting Trust"-style problems where you never know what is actually running (hashing/verification only pushes the problem around).
If everyone can verify their votes, then they can sell their votes. E.g. A knows A's hash, and A can show X that A's hash voted for X, so that X will give A $20.
E-Voting can be easily solved with ID cards combined with something similar to the blockchain so that you can verify your vote if you need to.
The technology is there but I don't think there is any incentive to make it happen.
The only problem that I can see is that we cannot be certain that any e-voting technology will survive future information security research and as a result the design needs to factor continuous upgrades.
The problem is that if you can verify your vote you can be coerced into voting in a certain way. There would need to be some sort of plausible deniability built in.
> Wouldn't a voting system that let people confirm that their vote is taken into account be trivial to implement?
How do you verify that your vote is actually "taken into account?"
You may be shown that your vote matches what you intended, but then it can be manipulated or discarded somewhere else in the process, beyond your ability to verify. It's like reading open source code without validating the operating system or physical machine it runs in - the entire environment contains the potential for hostility, and it's too complex for one person to comprehend in its entirety.
Also, any such system, assuming it works as intended, may also give interested third parties a way to spy on someone's voting habits. Historically, knowledge of a person's vote has been used by governments and employers to coerce votes and to retaliate against political opponents or supporters of unpopular causes.
[+] [-] grzm|9 years ago|reply
"American Elections Will Be Hacked" https://news.ycombinator.com/item?id=12921967
"Maryland will audit all votes cast in general election" https://news.ycombinator.com/item?id=12885396
"Cylance Discloses Voting Machine Vulnerability" https://news.ycombinator.com/item?id=12883356
"In Pennsylvania, Claims of a Rigged Election May Be Impossible to Disprove" https://news.ycombinator.com/item?id=12790247
"Votes could be counted as fractions instead of as whole numbers" https://news.ycombinator.com/item?id=12841178
[+] [-] Natsu|9 years ago|reply
"Demographics, Not Hacking, Explain The Election Results"
http://fivethirtyeight.com/features/demographics-not-hacking...
That aside, we should, of course, work on securing the vote.
[+] [-] asp_hornet|9 years ago|reply
[+] [-] hacker_9|9 years ago|reply
In the UK we turn up, go into the booth with the paper slip, and tick our choice with a pen. Then we fold it and post it into a container which later gets shipped off to the counting room. I just can't understand why you guys have to physically turn up if you are just going to select your answer on a computer anyway.
[+] [-] Procrastes|9 years ago|reply
In California we were able to vote at home with a mail-in, paper ballot and I much prefer that.
[+] [-] danjoc|9 years ago|reply
It was a knee jerk reaction by Congress to the 2000 presidential election recounts in Florida. They passed a bill that funded the purchase of new voting machines called the Help America Vote Act[1]. It provided a fat pile of federal funds to states for the purpose of replacing voting equipment. Of course, throw a mountain of money in front of federal contractors, and several will rush out poorly designed systems quickly to claim the prize. Secure voting was the last thing on their minds. Diebold actually sued the state of Massachusetts for "wrongful purchase" of competitor systems.[2] Slashdot covered the fiasco generated by HAVA for years. Just search for Diebold or Sequoia in relation to their domain.[3]
[1] https://en.wikipedia.org/wiki/Help_America_Vote_Act
[2] https://yro.slashdot.org/story/07/03/26/1431258/diebold-sues...
[3] https://duckduckgo.com/html/?q=diebold%20site%3Aslashdot.org
[+] [-] Zombieball|9 years ago|reply
One common scheme electronic voting machines help prevent is forced votes. A bad guy gets their hand on a single empty ballot and writes the name of the candidate he wants to win on it. He then comes to you and threatens you and your family. Says hand in this pre-filled ballot and bring me back your empty ballot, or else... You comply, he fills out the empty ballot again, and repeats.
The electronic voting machines protect your identity. They allow you to vote anonymously. They provide data integrity that is harder to spoof than paper voting methods. I explicitly asked why they don't just vote on paper ballots like they do in Canada (or the UK as you describe). His response was that we take for granted the inherit trust our societies have to allow us to vote in such a fashion without it being tampered.
[+] [-] an_account|9 years ago|reply
I voted on paper and it was put in a box to be counted in a central location. This takes forever and they just now are finishing up counting.
Electronic voting is a lot quicker and cheaper to count. I'd argue that the best system is one in which you vote on paper but it's counted electronically at the polling booth. That way there's a paper trail that can be audited and also quick counting.
[+] [-] DanBC|9 years ago|reply
https://www.theguardian.com/notesandqueries/query/0,,-1051,0...
[+] [-] neffy|9 years ago|reply
Which is a shame, because it's a fairly effective way to push money back into the economy, at least when a manual system is used.
[+] [-] rtkwe|9 years ago|reply
Second electronic machines are popular because they speed the election counting and are cheaper to run because the election board doesn't have to print tens to hundreds of thousands of ballots. A good electronic voting machine reports the vote 2 ways digitally to some vote tabulator local to that voting place and with a paper record that can be audited. The paper print out their having printed in this video is the end of the night tally that'll be reported to the county/state board of elections to be combined with the rest of the results.
Third doing it on a centrally located machine instead of over the internet adds a lot of security to the process. Trying to properly secure single purpose hardware like a voting machine that can be kept in a monitored location is a much simpler task than trying to find a way to ensure the Joe/Jane Voter's computer isn't compromised when sending the data to their counties board of elections. Not to mention that by accepting votes over the internet you're opening yourself up to everyone being able to remotely attempt to exploit the system. At least with a voting machine only connected to other election hardware attacks are limited to someone that's physically at the voting location. It's also tricky to prevent double voting while maintaining complete anonymity.
[+] [-] Aldo_MX|9 years ago|reply
[+] [-] rhino369|9 years ago|reply
The only benefit is that you have a paper record that can be corroborated if there is evidence of hacking later. But we could do a printout paper record on voting machines too.
You'd be surprised how many of those paper ballots don't get recognized when they are counted. Because the checkmarks don't fill up the box enough or because of optical/scantron error.
[+] [-] ThomPete|9 years ago|reply
The american voting system is actually very secure.
It's highly decentralized, machines are not connected to the internet, implemented in many different ways, which means that they would have to do many attacks many different places without being discovered to even have an effect.
75% of them have paper trails which would require an even bigger achievement to change enough off as it's again highly distributed and decentralized, and it would require mostly physical presence to do it. And thats just a few of the things that makes this more or less impossible.
A bigger concern is access to the actual voter databases but what they can there there is mostly creating chaos which would obviously be horrible but have no effect on voting.
The biggest problem is actually when examples like these spread without the above consideration as that can trigger the population to loose faith in a system that is probably as safe as it has ever been.
P.S. I am highly supportive of whistleblowers like Snowden but this is missing the point.
[+] [-] rpearl|9 years ago|reply
You don't have to manipulate many votes to have an election-deciding effect.
[+] [-] onewaystreet|9 years ago|reply
[+] [-] naasking|9 years ago|reply
Or modify the program loaded on the machines before they're distributed. It's probably easier than you think.
[+] [-] jjuhl|9 years ago|reply
Was YOUR vote counted? (feat. homomorphic encryption) - Numberphile : https://m.youtube.com/watch?v=BYRTvoZ3Rho
[+] [-] javajosh|9 years ago|reply
It's actually quite a good thing that we start to speak openly about threat-models against all voter sentiment measuring tools, especially the official ones.
[+] [-] vehementi|9 years ago|reply
[+] [-] grzm|9 years ago|reply
There are different sets of issues with both categories of polls. If anything, I believe the issue is not a measurement issue as much as it is educating the public about what the different types of polls are, their limitations, and their usefulness.
[+] [-] theoh|9 years ago|reply
[+] [-] quinndupont|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] dmfdmf|9 years ago|reply
[+] [-] Jerry2|9 years ago|reply
[+] [-] gedy|9 years ago|reply
[+] [-] ajf3|9 years ago|reply
[+] [-] twright0|9 years ago|reply
[+] [-] emiliobumachar|9 years ago|reply
[+] [-] erichocean|9 years ago|reply
[+] [-] pdkl95|9 years ago|reply
That doesn't exist. See this[1] talk by Andrew Appel (CS Prof. at Princeton) for a very nice overview of the technology in the traditional pre-printed secret ballot and an why electronic/internet voting cannot be secured from all of the known threats.
TL;DR - Adding anything that can be used as an identifier enables vote buying or coercion. Adding computers introduces "Trusting Trust"-style problems where you never know what is actually running (hashing/verification only pushes the problem around).
[1] https://www.youtube.com/watch?v=abQCqIbBBeM
[+] [-] tntxtnt|9 years ago|reply
[+] [-] xrd|9 years ago|reply
[+] [-] _pdp_|9 years ago|reply
The technology is there but I don't think there is any incentive to make it happen.
The only problem that I can see is that we cannot be certain that any e-voting technology will survive future information security research and as a result the design needs to factor continuous upgrades.
[+] [-] destructaball|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] miguelrochefort|9 years ago|reply
I can't believe we still rely on trust for this kind of thing.
[+] [-] krapp|9 years ago|reply
How do you verify that your vote is actually "taken into account?"
You may be shown that your vote matches what you intended, but then it can be manipulated or discarded somewhere else in the process, beyond your ability to verify. It's like reading open source code without validating the operating system or physical machine it runs in - the entire environment contains the potential for hostility, and it's too complex for one person to comprehend in its entirety.
Also, any such system, assuming it works as intended, may also give interested third parties a way to spy on someone's voting habits. Historically, knowledge of a person's vote has been used by governments and employers to coerce votes and to retaliate against political opponents or supporters of unpopular causes.
[+] [-] grzm|9 years ago|reply
Wikipedia page on End-to-End Auditable Voting Systems https://en.wikipedia.org/wiki/End-to-end_auditable_voting_sy....
Ron Rivest slide deck from March 2016. Auditability and Verifiability of Elections https://people.csail.mit.edu/rivest/pubs/Riv16x.pdf