The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.

Election security, e-voting, and voter registration systems

OrcaOrca Registered User regular
edited July 2018 in Debate and/or Discourse
Maryland's voter registration vendor has been purchased by Russians. The FBI reports that the DNC was hacked by Russians.

5 states currently use e-voting systems only with no paper trail; more use a mix of systems with and without a paper trail.

This thread is for election security, be it of the voter registration sort, or the e-voting sort, or the "tossing paper ballots into the lake" sort.

It is a continuation of the discussion started here.

Orca on
«134567

Posts

  • This content has been removed.

  • discriderdiscrider Registered User regular
    I mean, yes, I would want that.
    So depending on what we want electronic voting for, this could be completely out of the question.

    So What do we want electronic voting for anyway?

    - To vote from home!
    No, you do not want this.
    You can't have people voting from their home PCs without also having other attackers voting from their home PCs.
    Postal votes aren't necessarily great either, but at least they're somewhat easier to control.
    Best thing would be to keep the voting booth open for more than a day.

    - To ensure someone can only vote once!
    If you have a central electoral roll that's updated by every voting station, then it's likely that the roll could be updated by other attackers to prevent people from voting at all.
    You could potentially have a separate electoral roll per voting station, and then cross-check them after the election, but that's not much different to having a phonebook of all the residents and checking them off. It might be quicker, but it might be easier to corrupt.

    - Quicker vote counting!
    I assume that's what a scantron is? It counts physical votes by scanning them?
    Either way, having a physical copy of the count allows cross-checking, even if there's an electronic copy.

    - Quicker result repoting!
    So supposing that the people manning the voting station can't be trusted to pick up the phone and give the result, then having encrypted channels set up before the day could ensure the correct result makes it back to the central voting authority.
    Otherwise if you can trust the people manning the vote station, a phone is easier.

  • edited July 2018
    This content has been removed.

  • Jebus314Jebus314 Registered User regular
    discrider wrote: »
    I mean, yes, I would want that.
    So depending on what we want electronic voting for, this could be completely out of the question.

    So What do we want electronic voting for anyway?

    - To vote from home!
    No, you do not want this.
    You can't have people voting from their home PCs without also having other attackers voting from their home PCs.
    Postal votes aren't necessarily great either, but at least they're somewhat easier to control.
    Best thing would be to keep the voting booth open for more than a day.

    - To ensure someone can only vote once!
    If you have a central electoral roll that's updated by every voting station, then it's likely that the roll could be updated by other attackers to prevent people from voting at all.
    You could potentially have a separate electoral roll per voting station, and then cross-check them after the election, but that's not much different to having a phonebook of all the residents and checking them off. It might be quicker, but it might be easier to corrupt.

    - Quicker vote counting!
    I assume that's what a scantron is? It counts physical votes by scanning them?
    Either way, having a physical copy of the count allows cross-checking, even if there's an electronic copy.

    - Quicker result repoting!
    So supposing that the people manning the voting station can't be trusted to pick up the phone and give the result, then having encrypted channels set up before the day could ensure the correct result makes it back to the central voting authority.
    Otherwise if you can trust the people manning the vote station, a phone is easier.

    Disagree about voting from home. All you need is a password/pin. Shift the authentication of your citizenship/residency to when you register. That is when you prove you are you, and at the end of it you select a 6 digit pin or a password. Then when you go to vote you just authenticate with your password.

    Now someone is probably going to argue that the above setup can be used to disenfranchise people (what if you forget your password?) but that isn’t much different than what we have now in a lot of places. If we are going to overhaul the voting system anyway then we would need rules in place no matter what the system to ensure ease of access and readily available assistance.

    Also, I think no matter what we do there should be easier verification of our actual vote. With electronic voting there would hopefully be some way to access what your vote was after the election, as well as a way to report errors.

    "The world is a mess, and I just need to rule it" - Dr Horrible
  • Jebus314Jebus314 Registered User regular
    While we are at it, since you are probably using your social security number when updating your registration, let’s just tie the password/PIN number to the social security number. Then require any company (irs, credit checks, ect...) that uses your social security number as an identifier to also use the new password for authentication before allowing anyone to use your identity. Less identity theft, and since you use the password more often, less likely to forget it.

    "The world is a mess, and I just need to rule it" - Dr Horrible
  • tyrannustyrannus i am not fat Registered User regular
    I would never ever trust any electronic voting system.

  • Jebus314Jebus314 Registered User regular
    tyrannus wrote: »
    I would never ever trust any electronic voting system.

    Why not? Presumably you trust electronic banking. And there has to be just as much incentive for hacking there.

    Stealing your identity can also be done mostly electronically, maybe requires some phone calls?

    Apparently much of the voter registration data has already been digitized.

    I feel like the ship has sailed on keeping the important information offline.

    "The world is a mess, and I just need to rule it" - Dr Horrible
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    No OECD country is yet at a level of sophistication, partly in terms of technological infrastructure but mostly because of general technical illiteracy among the electorate, to have reliable e-voting from home.

    Japan, Singapore, some northern European countries might be able to get there within two or three generations, if they make an organized effort to educate their population on good cybersecurity habits starting from childhood.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • tyrannustyrannus i am not fat Registered User regular
    Jebus314 wrote: »
    tyrannus wrote: »
    I would never ever trust any electronic voting system.

    Why not? Presumably you trust electronic banking. And there has to be just as much incentive for hacking there.

    Stealing your identity can also be done mostly electronically, maybe requires some phone calls?

    Apparently much of the voter registration data has already been digitized.

    I feel like the ship has sailed on keeping the important information offline.

    Because I have back-ups, statements, etc that let me back into or tie back into my individual account balances. It's a lot easier to reconstruct what my cost basis is on investments than it is to say, have to get everyone to re-affirm that they voted and who they voted for to test the system.

    I just don't trust the black box.

  • VoodooVVoodooV Registered User regular
    paper voting provides so much more of a forensics trail across many disciplines in case of tampering (physical seals would have to be broken, signatures faked or fake registrations created, numerous people would have to be in on it). whereas electronic tampering would be relatively easier to leave no evidence.

    I think it's inevitable that we will have electronic voting...but that day is not today.

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    tyrannus wrote: »
    I would never ever trust any electronic voting system.

    I would if and only if there was a serialized paper record and I had the opportunity to compare my serialized paper record to what the election authority has in it's database.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • Jebus314Jebus314 Registered User regular
    tyrannus wrote: »
    Jebus314 wrote: »
    tyrannus wrote: »
    I would never ever trust any electronic voting system.

    Why not? Presumably you trust electronic banking. And there has to be just as much incentive for hacking there.

    Stealing your identity can also be done mostly electronically, maybe requires some phone calls?

    Apparently much of the voter registration data has already been digitized.

    I feel like the ship has sailed on keeping the important information offline.

    Because I have back-ups, statements, etc that let me back into or tie back into my individual account balances. It's a lot easier to reconstruct what my cost basis is on investments than it is to say, have to get everyone to re-affirm that they voted and who they voted for to test the system.

    I just don't trust the black box.

    I mean I don’t think anyone is saying make it a black box. I literally added to my original post that some kind of verification, or alternative recording method is needed. Just as we need extra rules or verification steps for paper ballots. I just don’t think the issues with electronic voting are so vast as to make it outright dissmisable.

    "The world is a mess, and I just need to rule it" - Dr Horrible
  • Jebus314Jebus314 Registered User regular
    Just had a thought. What about early electronic voting, that is followed by a paper voting card being mailed to each person who voted. If everything looks good then you do nothing. If there is a mistake then you vote in person and in person votes always override electronic votes.

    "The world is a mess, and I just need to rule it" - Dr Horrible
  • tyrannustyrannus i am not fat Registered User regular
    edited July 2018
    Jebus314 wrote: »
    Just had a thought. What about early electronic voting, that is followed by a paper voting card being mailed to each person who voted. If everything looks good then you do nothing. If there is a mistake then you vote in person and in person votes always override electronic votes.

    These are called negative confirmations and they, as an auditor, have a historically shit rate of granting any assurance because they require people to speak up when there's something wrong. We discourage their use, typically, in higher risk areas.

    tyrannus on
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    There are many reasons why electronic voting and electronic banking are not analogous. Here are two important ones:

    1) If your bank account gets compromised, it doesn't affect my money. I can take a number of evidence-based measures to protect my banking profile: use a completely randomized password with a high level of entropy, use two-factor authentication, avoid phishing attempts. I have no confidence that the majority of voters would do these things.

    2) Suspicious activity on a bank account can have it temporarily suspended. This is an inconvenience to me, but ultimately not a disaster. Imagine, though, that suspicious activity across e-voting profiles resulted in temporary suspensions that just happened to coincide with early voting week.

    Also, it is very easy for people like us - mostly nerds who enjoy posting on an Internet forum about video games - to overestimate the familiarity that the general populace has with Internet banking.

    About 20% of American households are underbanked - meaning they either have no bank account at all, or they have a basic deposit account but heavily rely on non-banking instruments like prepaid cards and payday loans. About one-third of Internet users do not use online banking on a regular basis; and I've seen some similar factoids around that suggest that about one-third of bank account holders do not use their online tools on a regular basis either, preferring to do their banking at retail branches and their budgeting using paper statements.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    tyrannus wrote: »
    Jebus314 wrote: »
    Just had a thought. What about early electronic voting, that is followed by a paper voting card being mailed to each person who voted. If everything looks good then you do nothing. If there is a mistake then you vote in person and in person votes always override electronic votes.

    These are called negative confirmations and they, as an auditor, have a historically shit rate of granting any assurance because they require people to speak up when there's something wrong. We discourage their use, typically, in higher risk areas.

    It also means overturning one of the principles of American elections: that who you voted for is a secret.

    It is a public record whether or not you voted in a given election but our polling authorities are not supposed to maintain records of who you voted for.

    If it's possible to snail mail you the results from your own ballot, then that means there's a database somewhere where your name and address is linked to your voting history.

    That may or may not be a problem. I'm not arguing that this would be bad. However, it would be incompatible with the way the US does voting right now.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • IncenjucarIncenjucar VChatter Seattle, WARegistered User regular
    Banks have ways to undo damage, too. I don't know that our system allows for action after proof of fraud unless it's discovered immediately.

  • KetBraKetBra Dressed Ridiculously Registered User regular
    Problems with tampering with voter registration databases are ameliorated by having sane voter registration laws.

    Being able to register the day of with the use of a witness, ID, or bill works pretty well.

    Automatically updating voter registration through coordination with other agencies that deal with people more regularly helps too.

    KGMvDLc.jpg?1
  • SanderJKSanderJK Crocodylus Pontifex Sinterklasicus Madrid, 3000 ADRegistered User regular
    The problems with electronic voting:

    1. If any flaw exists, it is impossible to know how big the influence of the flaw is. If a vote can be changed, so can 1000. Or 1000000.
    If a single person can change a vote, he may be able to change all of them with the same ease.

    This means a single person can totally invalidate a vote.

    2. It may be impossible to know if the system has been tampered with.

    This means you can never be sure if the outcome of an election is valid.

    3. Any kind of logging votes to mitigate 1. or 2. de-anonymizes votes.

    The combination of these 3 problems is disastrous. No digital vote can be legitimate and anonymous at the same time.

    The reason votes are inherently different from banking is that with voting there is no perfect information, no final ledger to be referred to afterwards.

    Interfering with handcounted paperballots is possible, but requires a lot of physical action. You need people at different voting boots, corrupt officials, no neutral observers....a relative laymen can be a pretty decent neutral arbiter.

    The code of a voting computer is not parseable to 99.99% of people. And even hardware exploits can be done.

    The Netherlands has moved away from all electronic voting in 2009, after both the security of the software, the security of the hardware (Someone found out where the machines were stored and got access to them) as well concerns about the EM radiation given off as the machine processed a vote may be read at distance hit in close succession.
    And that was some ancient offline tech.

    After a decade of paper ballots, the government is going to run a test on modified ballots that can be machine counted. (This runs into the problem that Dutch ballots are large, typically holding 300-500 names because all members of each party appear on the ballot)


    Steam: SanderJK Origin: SanderJK
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    SanderJK wrote: »
    The problems with electronic voting:

    1. If any flaw exists, it is impossible to know how big the influence of the flaw is. If a vote can be changed, so can 1000. Or 1000000.
    If a single person can change a vote, he may be able to change all of them with the same ease.

    This means a single person can totally invalidate a vote.

    2. It may be impossible to know if the system has been tampered with.

    This means you can never be sure if the outcome of an election is valid.

    3. Any kind of logging votes to mitigate 1. or 2. de-anonymizes votes.

    3 isn't entirely true. Consider the following process (similar processes are already in use in some countries and US states but none that are precisely identical):

    E-voting still happens in a polling place.

    When you vote, the machine spits out two paper records. They are anonymous but have a unique, pseudorandom serial number that is also recorded in the database record.

    They show the entire ballot and all selections. They're identical in every way except one paper is clearly marked "TAKE ME HOME" and the other is clearly marked "PUT ME IN THE BALLOT BOX.

    Most of the vote is counted electronically, but election officials can do spot checks to compare a subset of paper receipts to their corresponding database records.

    One benefit of this system is that the voting machines can interactively prevent common forms of ballot spoilage due to voter error: double entry, hanging Chad's, incorrectly marked bubbles, etc.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • ClipseClipse Registered User regular
    Jebus314 wrote: »
    discrider wrote: »
    I mean, yes, I would want that.
    So depending on what we want electronic voting for, this could be completely out of the question.

    So What do we want electronic voting for anyway?

    - To vote from home!
    No, you do not want this.
    You can't have people voting from their home PCs without also having other attackers voting from their home PCs.
    Postal votes aren't necessarily great either, but at least they're somewhat easier to control.
    Best thing would be to keep the voting booth open for more than a day.

    - To ensure someone can only vote once!
    If you have a central electoral roll that's updated by every voting station, then it's likely that the roll could be updated by other attackers to prevent people from voting at all.
    You could potentially have a separate electoral roll per voting station, and then cross-check them after the election, but that's not much different to having a phonebook of all the residents and checking them off. It might be quicker, but it might be easier to corrupt.

    - Quicker vote counting!
    I assume that's what a scantron is? It counts physical votes by scanning them?
    Either way, having a physical copy of the count allows cross-checking, even if there's an electronic copy.

    - Quicker result repoting!
    So supposing that the people manning the voting station can't be trusted to pick up the phone and give the result, then having encrypted channels set up before the day could ensure the correct result makes it back to the central voting authority.
    Otherwise if you can trust the people manning the vote station, a phone is easier.

    Disagree about voting from home. All you need is a password/pin. Shift the authentication of your citizenship/residency to when you register. That is when you prove you are you, and at the end of it you select a 6 digit pin or a password. Then when you go to vote you just authenticate with your password.

    This is a staggeringly naive view of cybersecurity. First: even if a small percentage of the population pick terrible passwords/PINs (eg "password", 1234, etc.) it opens the door for rampant hijacking of election accounts very easily -- you can try to allow fixes to this, but I don't see any way that wouldn't basically result in potentially millions of people needing to have their vote invalidated because of "hacking" every election cycle, which is a fucking disaster. Second: even people who use competent or semi-competent passwords (let's not even address PINs, because what the fuck were you even thinking there?) can fall for phishing attacks and so on, leaking their credentials to attackers. Third: compromised computers could easily MITM this and alter your vote choices before submission without you knowing -- again, there are ways you could remediate this issue, but the cost would be (eg) keeping a database of who everyone voted for, which is fucking disastrous.

    Seriously, any "vote from your home PC!" type system needs to be secured against fucking state level actors! The shit you've proposed isn't secured against the teenager next door who's good with computers. Jesus Christ.

  • evilmrhenryevilmrhenry Registered User regular
    tyrannus wrote: »
    Jebus314 wrote: »
    Just had a thought. What about early electronic voting, that is followed by a paper voting card being mailed to each person who voted. If everything looks good then you do nothing. If there is a mistake then you vote in person and in person votes always override electronic votes.

    These are called negative confirmations and they, as an auditor, have a historically shit rate of granting any assurance because they require people to speak up when there's something wrong. We discourage their use, typically, in higher risk areas.

    Also, you really don't want the ability to prove you voted a particular way, because then people can sell their vote, or be pressured into voting a specific way.

    tyrannus wrote: »
    I would never ever trust any electronic voting system.

    Lets talk about trustability. One foundational element of democracy is that once the ballots have been added up, the losing party will acknowledge that fact and leave power peacefully. If the losing party instead says that the ballots are wrong, and they actually won, things turn bad very quickly. Even assuming electronic voting was perfect, it doesn't have the level of trust that paper ballots do, and a ballot system that a lot of people don't trust is not a good ballot system. (And that's before any reputable incidents of electronic vote tampering have occurred.)

  • PolaritiePolaritie Sleepy Registered User regular
    Here's my proposed ideal analog election system:

    1) Early/absentee ballots up to a month prior to election. Available to anyone who asks for it.
    2) Voting at the polls uses machine-readable paper ballots.
    3) Voter registration can be done at the polls
    4) The physical polls are open for a few days minimum

    Now, if you want to propose an electronic voting system, go for it, but I expect you to be able to argue why it improves upon this system for cost or convenience without sacrificing security.

    Steam: Polaritie
    3DS: 0473-8507-2652
    Switch: SW-5185-4991-5118
    PSN: AbEntropy
  • tbloxhamtbloxham Registered User regular
    Electronic voting from home offers no meaningful convenience advantage over the vastly more secure postal voting from home. So there's just no need for online voting.

    No paper record ballot machines offer no needed advantages over ones which do have paper records, so no need for them.

    Machine counting is fine provided that 10% of precincts are recounted at random by humans. And those humans never ever ever get to appeal any decisions after the recount is done. God, remember that guy who appealed the election based on the fact that he thought he threw put the wrong vote... That guy is a disgrace.

    "That is cool" - Abraham Lincoln
  • edited July 2018
    This content has been removed.

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Paper record + database > paper only because it offers fast, accurate recounts and resiliency against paper ballot loss/destruction/theft.

    Properly implemented, the vulnerabilities it introduces are minor and easily mitigated. But, of course, IT systems are rarely properly implemented.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • This content has been removed.

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Orca wrote: »
    Feral wrote: »
    Paper record + database > paper only because it offers fast, accurate recounts and resiliency against paper ballot loss/destruction/theft.

    Properly implemented, the vulnerabilities it introduces are minor and easily mitigated. But, of course, IT systems are rarely properly implemented.

    If it's broken more often than it's not, is it still beneficial? Speed isn't (or shouldn't be) of overriding concern here.

    Consider that we only did a partial recount in Bush v Gore because a full Florida statewide recount would have taken longer and been more expensive.

    Had we been able to perform a statewide recount (without the hanging chad issue) we might have had President Gore.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • CelestialBadgerCelestialBadger Registered User regular
    Feral wrote: »
    No OECD country is yet at a level of sophistication, partly in terms of technological infrastructure but mostly because of general technical illiteracy among the electorate, to have reliable e-voting from home.

    Japan, Singapore, some northern European countries might be able to get there within two or three generations, if they make an organized effort to educate their population on good cybersecurity habits starting from childhood.

    People can't even deal with using *keys* safely and they've been around for centuries.

    *hides spare set under flowerpot*

  • ClipseClipse Registered User regular
    Feral wrote: »
    Paper record + database > paper only because it offers fast, accurate recounts and resiliency against paper ballot loss/destruction/theft.

    Properly implemented, the vulnerabilities it introduces are minor and easily mitigated. But, of course, IT systems are rarely properly implemented.

    I'm not sure it does offer "fast, accurate recounts" though: the computer is never going to come to a different count (one hopes!), so any actual recount would still be the standard sort of fighting over individual ballots affair we're all familiar with. Resilience against loss/destruction/theft is mirrored by susceptibility to false records being placed -- if you trust the database over the paper record, the database is intrinsically a target for anyone who wants to influence the election. And if you don't trust the database over the paper record, why bother with it?

  • evilmrhenryevilmrhenry Registered User regular
    Clipse wrote: »
    Feral wrote: »
    Paper record + database > paper only because it offers fast, accurate recounts and resiliency against paper ballot loss/destruction/theft.

    Properly implemented, the vulnerabilities it introduces are minor and easily mitigated. But, of course, IT systems are rarely properly implemented.

    I'm not sure it does offer "fast, accurate recounts" though: the computer is never going to come to a different count (one hopes!), so any actual recount would still be the standard sort of fighting over individual ballots affair we're all familiar with. Resilience against loss/destruction/theft is mirrored by susceptibility to false records being placed -- if you trust the database over the paper record, the database is intrinsically a target for anyone who wants to influence the election. And if you don't trust the database over the paper record, why bother with it?

    The reason you do paper+electronic (through scantron or whatnot) is so that you need fewer volunteers to do the ballot counting.

  • ClipseClipse Registered User regular
    edited July 2018
    Clipse wrote: »
    Feral wrote: »
    Paper record + database > paper only because it offers fast, accurate recounts and resiliency against paper ballot loss/destruction/theft.

    Properly implemented, the vulnerabilities it introduces are minor and easily mitigated. But, of course, IT systems are rarely properly implemented.

    I'm not sure it does offer "fast, accurate recounts" though: the computer is never going to come to a different count (one hopes!), so any actual recount would still be the standard sort of fighting over individual ballots affair we're all familiar with. Resilience against loss/destruction/theft is mirrored by susceptibility to false records being placed -- if you trust the database over the paper record, the database is intrinsically a target for anyone who wants to influence the election. And if you don't trust the database over the paper record, why bother with it?

    The reason you do paper+electronic (through scantron or whatnot) is so that you need fewer volunteers to do the ballot counting.

    In what sense, though? Either you trust the scantron's initial count or you run things through the scantron again and get... exactly the same count. There's no point in storing a database, because that reinforces the issue: you'll never get a different value for a "recount", and therefore any so-called "recount" is ultimately just for show. Why would you ever run the same ballot through a scantron twice and expect a different result? If the machines are not reliable we shouldn't use them in the first place, and if they are reliable they will always return the same result! The meaningful recount comes in at the edge cases, the shit that scantrons reject and that need to be counted by hand -- and a database will not fundamentally ease this task.

    Edit: Oops, sorry, I just realized you meant for the initial count. I'm perfectly fine with using a scantron or whatever to do the tallying for the initial count provided we aren't using it as some sort of gold standard for recounts! Again, I don't think a database adds anything to this situation, except insofar as a very very simple database is maintained on the scantron machine during scanning.

    Edit 2: I feel obligated to also say fuck anyone who is concerned with cost-reduction when it comes to running elections, we spend shitloads of money on the stupidest shit imaginable and elections are the absolute core of any government that wants to call itself a democracy. Our elections cost very little in the grand scheme of things, and attempts to reduce cost that also reduce security should be roundly rejected.

    Clipse on
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Feral wrote: »
    No OECD country is yet at a level of sophistication, partly in terms of technological infrastructure but mostly because of general technical illiteracy among the electorate, to have reliable e-voting from home.

    Japan, Singapore, some northern European countries might be able to get there within two or three generations, if they make an organized effort to educate their population on good cybersecurity habits starting from childhood.

    People can't even deal with using *keys* safely and they've been around for centuries.

    *hides spare set under flowerpot*

    Ideally, e-voting would use two or even three factor authentication. Some highly secure systems use password + app/token-generated one time code + client SSL certificate.

    You could even expire the SSL certificate on a yearly basis so it's only good for one election cycle.

    The problems there are A) maybe 1% or 0.5% of the electorate could handle that without their pants ending up on their head, and B) it's more vulnerable to back-end tampering than ballot box systems.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • CelestialBadgerCelestialBadger Registered User regular
    Feral wrote: »
    Feral wrote: »
    No OECD country is yet at a level of sophistication, partly in terms of technological infrastructure but mostly because of general technical illiteracy among the electorate, to have reliable e-voting from home.

    Japan, Singapore, some northern European countries might be able to get there within two or three generations, if they make an organized effort to educate their population on good cybersecurity habits starting from childhood.

    People can't even deal with using *keys* safely and they've been around for centuries.

    *hides spare set under flowerpot*

    Ideally, e-voting would use two or even three factor authentication. Some highly secure systems use password + app/token-generated one time code + client SSL certificate.

    You could even expire the SSL certificate on a yearly basis so it's only good for one election cycle.

    The problems there are A) maybe 1% or 0.5% of the electorate could handle that without their pants ending up on their head, and B) it's more vulnerable to back-end tampering than ballot box systems.

    I was definitely thinking of A) as the reason why it's not going through.

    If we did, we'd get a technocratic genius as a President, though, as only people who delight in technology would be able to figure it out.

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Clipse wrote: »
    Feral wrote: »
    Paper record + database > paper only because it offers fast, accurate recounts and resiliency against paper ballot loss/destruction/theft.

    Properly implemented, the vulnerabilities it introduces are minor and easily mitigated. But, of course, IT systems are rarely properly implemented.

    I'm not sure it does offer "fast, accurate recounts" though: the computer is never going to come to a different count (one hopes!), so any actual recount would still be the standard sort of fighting over individual ballots affair we're all familiar with. Resilience against loss/destruction/theft is mirrored by susceptibility to false records being placed -- if you trust the database over the paper record, the database is intrinsically a target for anyone who wants to influence the election. And if you don't trust the database over the paper record, why bother with it?

    A) Ballot counting isn't done all at once, even in an electronic system, as long as paper mail-in ballots are a thing. So you could, for example, do an election night electronic count to see if there's a clear victor, then do spot audits of the paper receipts plus counts of mail in ballots as they come in. You'd have better accuracy and faster results across the whole process. It isn't technically a "recount" but it serves the same purpose: verification of the electoral process over time.

    B) it isn't a question of mindlessly trusting paper over electronic or vice versa. That's an oversimplification. It's more about having redundant systems (paper and electronic) where you only suspect one or the other when inconsistencies appear. Then you judge which record is more accurate based on the nature of the inconsistency and any relevant information that emerges during the investigation.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • ElJeffeElJeffe Registered User, ClubPA regular
    There are two things I care about as regards election systems. First: is it secure? Second: is it accessible? That's about it.

    I don't give a shit about how fast it is to count. If we could maximize the two things above, but it means determining the results takes a week or two? I'm fine with that. Faster vote counting is nice, but democracy does not hinge upon catering to our impatience.

    I don't give a shit about convenience, except to the extent that it affects accessibility.

    The problem with electronic voting is that it doesn't maximize either of the things I consider important. The things it improves upon are bells and whistles that do not affect the functioning of our democracy. And it seems like people like it just because it's high tech and cool sounding and everything is better when the internet is involved, right?

    Pretty much every argument for it i'm seeing in this thread consist largely of ways to solve problems that don't exist if we just stick with machine-counted paper ballots overseen by representatives from various political parties.

    The mechanics of voting systems strike me as a solved problem, and the only issue is preventing certain groups (*cough* Republicans) from trying to disenfranchise people, something that I don't think electronic voting really addresses. Basically, we need a combination of mail ballots and polling places open for a couple weeks before election day. Boom, done.

    I submitted an entry to Lego Ideas, and if 10,000 people support me, it'll be turned into an actual Lego set!If you'd like to see and support my submission, follow this link.
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Clipse wrote: »
    I feel obligated to also say fuck anyone who is concerned with cost-reduction when it comes to running elections, we spend shitloads of money on the stupidest shit imaginable and elections are the absolute core of any government that wants to call itself a democracy. Our elections cost very little in the grand scheme of things, and attempts to reduce cost that also reduce security should be roundly rejected.

    A properly implemented paper+electronic system would both reduce costs and improve security from what we have now.

    But, as I said above, IT systems are rarely properly implemented.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • This content has been removed.

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Orca wrote: »
    I still have yet to see anyone articulate both an electronic system and a means of securing said system such that it's superior to what is already possible with paper + machine counted + human verification.

    I maintain that it's solving the wrong problem. Speed is not critical in this domain. Money is not critical in this domain. Security is, as is accessibility.

    Use the electronic goodies to secure the physical ballots. Store them in bank vaults if you like. Chain of custody for physical artifacts has well-known ways of being secured since it requires local actors and you can't strike from halfway across the globe.

    Paper ballots routinely go missing. You can get ample examples from just googling "lost election ballots." Here's just one example from my region that I found from a lazy Google search.

    This happens across multiple precincts in every election.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • ClipseClipse Registered User regular
    edited July 2018
    Feral wrote: »
    Clipse wrote: »
    Feral wrote: »
    Paper record + database > paper only because it offers fast, accurate recounts and resiliency against paper ballot loss/destruction/theft.

    Properly implemented, the vulnerabilities it introduces are minor and easily mitigated. But, of course, IT systems are rarely properly implemented.

    I'm not sure it does offer "fast, accurate recounts" though: the computer is never going to come to a different count (one hopes!), so any actual recount would still be the standard sort of fighting over individual ballots affair we're all familiar with. Resilience against loss/destruction/theft is mirrored by susceptibility to false records being placed -- if you trust the database over the paper record, the database is intrinsically a target for anyone who wants to influence the election. And if you don't trust the database over the paper record, why bother with it?

    A) Ballot counting isn't done all at once, even in an electronic system, as long as paper mail-in ballots are a thing. So you could, for example, do an election night electronic count to see if there's a clear victor, then do spot audits of the paper receipts plus counts of mail in ballots as they come in. You'd have better accuracy and faster results across the whole process. It isn't technically a "recount" but it serves the same purpose: verification of the electoral process over time.

    B) it isn't a question of mindlessly trusting paper over electronic or vice versa. That's an oversimplification. It's more about having redundant systems (paper and electronic) where you only suspect one or the other when inconsistencies appear. Then you judge which record is more accurate based on the nature of the inconsistency and any relevant information that emerges during the investigation.

    Fair enough, I was reading more into database+paper than you meant, I think. I'm basically fine with this in theory.

    Edit: Grammar fail.

    Clipse on
Sign In or Register to comment.