Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Could programmers convince society not to use software voting systems?
28 points by rossdavidh on Aug 8, 2018 | hide | past | favorite | 46 comments
I don't generally expect society to listen if computer programmers tell them to do or not do something. But, just maybe, they might listen if programmers said, "don't use software for this", en masse. I feel like voting systems that have no voter-verifiable paper backup are a horrible idea and (in the literal sense) a threat to democracy. Is it possible for programmers to somehow get this message across to the rest of society? Or do most other programmers think this is not a problem and the security risks are overblown?



Multiple engineers have testified before congress that they were ordered to make systems easy to hack. This has been going on for decades and nothing has changed AFAIK. I suspect everything will go fully electronic with no paper-trail, despite my having a paper trail every time I fuel up my vehicle.


Citation?


This isn't a college paper. I do not need to cite everything that I state. You can find these on search engines and youtube easily enough.


If you claim something that is not generally known, a citation is kind of nice. If you are asked for one, a citation is even nicer - where one asks, ten or a hundred others may have the same question. You want the asker to go Google it, but you might save a hundred people the work.


I've done a cursory search and all I can find is articles on the dangers of EVMs and EVM manipulation; nothing about engineers testifying that they were forced to make them vulnerable. Perhaps there is information on this but it isn't immediately obvious based on a Google search. Additionally, while leaving out a citation where it's due is a common and normal occurrence, actively becoming hostile when asked to provide one is a great way to destroy any sense of credibility.


Probably OP is referring to this testimony [0] from Clint Curtis [1] which went viral around 2016.

[0] https://www.youtube.com/watch?v=G0qivPudp6U

[1] https://en.wikipedia.org/wiki/Clint_Curtis


you say that like fueling up your vehicle isn't important to society. /s XD


(sigh) I fear you are correct.


Do you want horror story in this area, look for how elections are done in Brazil. 100% digital, from voting to counting to totals.


Software-only voting systems are a worse idea than paper-ballot voting systems. Unfortunately, issues do come up with paper-based voting systems so people think the system can be improved by throwing software at it.

At this point, voting by mail seems to be the way to go in places that are going all in with software systems.


I am not sure why Software should not be used. My solution would be

1. Open Source software, which can be verified by everyone.

2. Voting via an app with authentication as good as or through your bank account.

3. After Voting, We should be able to query and verify who our vote is with - on a particular day of counting, and get whole history of our votes. An individual persons vote is append only.

Please, do let me know drawbacks.


You still need a way to verify that the code used everywhere in the system from receiving your ballot to announcing the final vote tally was the exactly correct version of the open source software.

Querying and verifying your vote doesn't guarantee that it was included like that in the count, just that your real vote is stored somewhere.


> Open Source software, which can be verified by everyone.

What makes you think that the open source software you verified is the software actually loaded on the machine you are using to vote. What about the software on the machine that counts the votes?

> Voting via an app with authentication as good as or through your bank account.

What about voter secrecy? Logging in and then voting defeats the purpose of voting.

> After Voting, We should be able to query and verify who our vote is with - on a particular day of counting, and get whole history of our votes. An individual persons vote is append only.

If you can query to find your vote then anyone else can. Do you want everyone to know who you voted for?


Why do you think that paper ballots cannot be faked? Why do you think counting paper votes is better?

You can't force people to declare their vote, If they don't want to. If the country is totally lawless, then I don't think voting will change it anyway.

Just because we can query some info about ourselves, doesn't mean anyone else can. That is clear malicious intent.


> Why do you think that paper ballots cannot be faked? Why do you think counting paper votes is better?

Faking paper ballots is easy; getting any substantial number of fake paper ballots into the count in a system with the kind of controls associated with paper ballots virgin hg in the US, OTOH, is not.

> Just because we can query some info about ourselves, doesn't mean anyone else can.

Yes, it does. That is, it means that the information is permanently more to your identity. It means it's subject to vote buying/retaliation, because people can choose you into proving your vote and can reward or punish you for it.

> That is clear malicious intent.

That doesn't mean it can't be done.


You can't have the ability to verify who you voted for, because that would eliminate the secret ballot.


By that logic, you are saying that everything in my bank account is public information.

If there is an incentive to get to know who a individual person has voted for, then it would be with all parties.

And if you think there is just one party that is much stronger as compared to others. Then, it doesn't matter if you vote or not. They are just being nice by letting you vote.


Your bank statement is available to somebody who's threatening you, because it's available to you. That's the problem with being able to verify your own vote, somebody else can force you to show them who you voted for, so they can threaten you to make you vote for who they want. It's the same reason you can't take a photo of your ballot.


> If there is an incentive to get to know who a individual person has voted for, then it would be with all parties.

Buying votes is a thing. If it's easy to verify that you voted for X party then it's very easy to sell your vote.


And if selling vote becomes possible, it's also possible to be forced to "sell" it for an unfair price.


please watch this: https://www.youtube.com/watch?v=w3_0x6oaDmI it has a good list of reasons why software voting is a terrible idea.

also the secret ballet is very important to maintaining the fairness of elections.


The part where regulation failed was when the engineers went before Congress and not a Grand Jury to testify.


Interesting enough, i just came across a project that is working on this using the blockchain http://185.25.51.16/papers/VerusVision.pdf


Why would you turn down the ability to hack entire countries democracy? Think of the power! /s


Most software people I know aren't particularly persuasive. One trait noticeably missing among them is the ability to simplify a complex topic without losing too much relevant information.

But even if some are, ways exist to undermine an expert's credibility about a complex topic.

For example, when Robert Oppenheimer began warning people about the dangers of nuclear war, the attacks came. Once the government felt comfortable enough with Edward Teller, it could proceed with revoking Oppenheimer's security clearance.

That said, not sure a paper receipt actually helps because it's certainly possible for a voting machine to spit out a receipt, then change whatever data the receipt was supposed to capture. And unless the change was drastic and massive (e.g. Trump wins California) then it will probably go undetected.


Good point on the average persuasiveness of software people.

On paper receipts, the idea is that it allows for recounts. Not that paper is invulnerable, but the fact that more people understand how paper works than understand how software works, makes it a better option, I think (speaking as a software person).


Wow this thread is very depressing. I'm really sorry to say that this time I strongly disagree with HNers.

I'm a previous human rights activist and I worked in a lot of past elections in Turkey. I am very opinionated on this issue and I strongly believe the future is software-only votes.

Naive reasons why we should use software-only voting:

1. Humans can do mistakes. Machines can't do mistakes (unless humans who programmed them did mistakes)

2. It takes more time and resources to count votes compared to automating it.

3. You'll use less paper, so better for environment.

Better reasons why:

1. Voting is an entirely impossible-to-debug process. If you live in a corrupt republic like Turkey of Russia you need to spend thousands of dollars and people to ensure elections are held democratically. Because government won't ensure that or they will actively work against it. Software can be made debuggable.

2. If you live in a country like Russia, government can attempt collect data about your votes to estimate/learn which party you voted for. With cryptography this can be made mathematically impossible (or equivalent to very hard problems like PvsNP)

3. Recalculating election results is very infeasible in real life. If you store election data (so that it's impossible to find who voted what) and make it open, everyone can confirm election results EVEN IF we find a bug in retroactive computation script.

4. With free software (free as in freedom) it is possible for experts (computer scientists, cryptographers, law makers, attorneys etc...) to audit the process of election. This is not possible in real elections: lawyers cannot audit the election so it's possible some people make wrong decisions interfering in people's votes (i.e. deciding a bad vote to be ok, vice versa)

Problems:

1. Backdoors etc. Solution: use free software and pay experts to redundantly confirm system works. Pay software engineers to maybe write parts of the system in agda, idris, coq so it's provable. This is not terribly worse than the space program etc.

2. Not everyone can use computers. Solution: you can organize the exact same election system, call people to special places to vote and use computer instead of paper.

3. What if we're hacked even after experts checking the system? Solution: redundantly store the data, use parity bits RAID etc to ensure data integrity. If there is some unrecoverable data loss, cancel elections.


> Humans can do mistakes. Machines can't do mistakes (unless humans who programmed them did mistakes)

That's an incredibly limited view of the issue. Machines can make mistakes regardless of human intervention (albeit probably indirectly, because humans have an unprecedented level of influence on reality). First, there are known software glitches caused by unexpected bit flips. Second, software systems can grow to a level of complexity where unless you invest orders of magnitude more time in theorem provers for it you cannot guarantee that 'machines can't do mistakes'.

Electronic voting is an interesting problem and I agree with you, it's probably the future. But it's not a near future or not as near as you'd think. Electronic voting is vulnerable to attacks which cannot be detected when they happen. Armies of diverse human observers for paper ballots are much more effective for detecting fraud.


Also if one goes with a private-blockchain you could reuse the existing infrastructure. Make all the polling places run their own nodes. Being a programmer, sysadmin or whatever, is such a common occupation nowadays.


Today's XKCD is on this as well: https://xkcd.com/2030/


The way I could see doing it would be to hack several states' voting systems, and totally mess with the results so that they are clearly incorrect. Like, Trump wins California and Massachusetts over Hillary by 99% - something obviously, blatantly wrong.

Note well: I am not advocating actually doing this. But that's what I think it would take.


I suspect you might be right, and I wonder how many not-clearly-incorrect hacks will happen before the first clearly-incorrect one does.

But, if one were doing that, better to cause Mickey Mouse to win the state, it is a more clear signal. But I'm not the person to send that signal, which is why I was thinking about how else to communicate it.


Why would you convince them to discard something that is at least better than the alternative? Manual voting systems are easily to hack and more difficult to find who/when or even if it was hacked.


How would you hack a paper ballot?

You see your choices in paper.

You place the paper in a ballot box.

The ballot box is watched by people on both sides.

The ballot box is sealed and transparently transported to a counting facility.

The ballot counting is observed by people on both sides.

The counting facility counts the ballots twice, with both counts having to agree. The counts are communicated to a central tallying location.

The counts for each counting facility and the total are publicly communicated.


The most important feature of a paper ballot is that the general populace can read them, and understand how they work. The worst feature of any electronic-only voting system is that the general populace cannot verify that they work. This is a bad thing even in the case where no hacking occurred, since it reduces trust in the validity of the outcome by anyone who dislikes the result.


The general populace can't really verify the results of paper ballots either, that would mean letting anyone who wanted to do their own manual counts of all ballots.


In France, anyone can show up and participate to the manual counting.

It is done onsite so there is no risk of tempering.

If you wanted, you could stand next to the transparent ballot box the entire day and then count yourself.

The results are available a couple hours later. I can't think of any downside.


https://www.eac.gov/voters/become-a-poll-worker/


A poll worker isn't the general public, though, that's still a limited number of privileged individuals. The general public would be literally anyone off the street.

And a single poll worker still wouldn't be able to verify all of the votes in an election. There's still an insurmountable trust issue where most of the public has to accept the results from what amounts to a black box, which paper ballots don't entirely solve.


> A poll worker isn't the general public, though, that's still a limited number of privileged individuals. The general public would be literally anyone off the street.

In Australia we have observers for the counting process and every party or candidate can send representatives. Political parties are practically begging for volunteers in this role. We also have a much more complex preferential voting system but the manual counting process still shows results 30-60 minutes after polls close in all but the tightest races.

> And a single poll worker still wouldn't be able to verify all of the votes in an election.

Anyone cheating would have to involve a huge number of people around the country and the people watching those people. Getting elected legitimately would be far easier.


They can verify the results of their individual vote on their paper ballot. They cannot do that with an electronic system.


Unless it's a situation like 2000, and the infamous "hanging chad" issue. It sure looks like you voted, but whoops your ballot just isn't counted because of a physical failure.


I really think a hybrid solution is the best option.

You vote electronically on a machine and it prints a paper vote.

You verify the paper vote is what you entered and then place it in the ballot box.

The machine can give an "unverified" counts in real-time to tally up results.

The votes can be verified later on using the manual method of counting paper votes. These can be cross-checked with what the machine has said.


I prefer the paper first, scan into box and then it is electronic.

Makes it fairly easy to identify a box and verify if needed and identity a possible suspect machine and etc.

I does the best job of preserving the voter's clear choices made by them, filtered by nobody.


How quickly we forget the year 2000. Between butterfly ballots, "lost boxes of votes" and general tom-foolery an entire presidential election was stolen.

The current system is broken, and it seems like folly to stick your head in the sand and reject all attempts to fix it.


> How would you hack a paper ballot?

Right, we started to have rigged elections after eletronic voting. /s




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: