* This password list has been public for a long time, and is easy to access: hidden excel column on a public spreadsheet.
* BIOS access means the intruder can change boot devices, boot their own OS, infect the BIOS with a virus, change boot devices back, compromise the vote host OS.
* Keycard security isn't tight security. Any amature physical penetration tester would just use a primitive attack on the door to get around it. E.g.: Grab the handle from under the door with a wire. Youtube has a ton of examples.
* This could have been done months ago, and over a long period of time.
* The intruder could clean up logs and any other traces of their actions.
Where am I technically wrong here? I'm sure I'm missing something obvious. It sounds like what you would do with BIOS passwords if you wanted to do something nasty. I haven't seen these questions addressed anywhere.
I hear some people say "but we use paper ballots". Then why do you have a BIOS password? If it's all paper where does the computer fit in? All of this is honest curiosity, I'm not sure how the voting system works.
>I hear some people say "but we use paper ballots". Then why do you have a BIOS password? If it's all paper where does the computer fit in? All of this is honest curiosity, I'm not sure how the voting system works.
Not sure about Colorado specifically, but in many jurisdictions voters mark paper ballots, which go into a machine to be tabulated, and are finally deposited into a box for safe keeping/future recounts.
I voted early in person in Colorado a few days ago. Use a machine to entry my votes. Votes were printed onto a piece of paper. I checked to make sure the marks on the paper matched what I entered into
the machine and then dropped it into the ballot box (not a machine just a box that collected the ballots). It was pretty sane and didn't seem like there was a lot to worry over related to the electronic entry system.
As to how the votes on the ballots are tallied - if those machines are compromised seems like a definite problem -- though there is at least the option to hand count the ballots to compare against ...
In my locale there is a header on the physical ballot that contains a bunch of barcodes, presumably to make your votes machine readable. It then prints the votes in text below.
I absolutely hate that fact. I am a human, I cannot read barcodes without a computer. Therefore, I cannot tell if the important part of what was recorded is correct.
I believe the idea is that random audits check whether the barcode matches the human-readable part, and in the extremely unlikely even problems are found they simply hand-recount _all_ the ballots ignoring the barcode.
Can you find any website or document that validates that these "random audits" are done? By whom and on what cadence? I've not been able to find anything like this. Just hand-waving, assertions that "someone does something," and so on.
If you don't trust risk-limitjng audits, you're never gonna trust any voting system. Someone has to administer the system, do the counting, sum up the totals, etc.
> I've not been able to find anything like this. Just hand-waving, assertions that "someone does something," and so on.
(Taking a bit more pointed tone than I usually would, because of the amount of misinformation around this general topic and because of annoyance at people putting less effort in than election workers, from secretaries of state down to volunteers, and casting shade from the laziness of their armchair. Thank you to all the people spending their time trying to secure elections!)
Did you try searching for "colorado voting audit"?
The value of absolute transparency is why nothing will beat paper ballots written and marked in plain English counted by hand with anyone and everyone who cares about election integrity watching the process.
I was mostly thinking people in coercive relationships.
But in terms of communities it might be that voting is looked down upon for certain members of that community not the community as a whole.
In broader terms while marking people who have voted may not reveal who they voted for it does reveal that they did vote. This is less private than the election authorities maintaining the record of who has voted.
I mean, if you're willing to spend that much, and it'll be very expensive, then sure. It's just technophobia - machines are going to be more accurate than a human (who also can make a mistake!).
Almost every democratic country on Earth today does it like that, and all democratic countries have done it like that for the last 100-200 years. Counting paper ballots is just not that hard. Machines are infinitely more complex and exploitable.
Plus, you have the extra layer of public perception: it's much easier to convince a chunk of the public that all the machines in some area are miscounting, than it is to convince them that all human vote counter in those areas are miscounting, and all in the same direction.
Any programmer worth their salt knows that it's practically impossible to vet that what is executing is 1:1 the code that someone at some point in time audited somewhere, or that the code is worthy of trust from the commons in the first place.
Anyone and everyone can watch someone count paper ballots, noone can watch a computer count electronic ballots.
> Any programmer worth their salt knows that it's practically impossible to vet that what is executing is 1:1 the code that someone at some point in time audited somewhere, or that the code is worthy of trust from the commons in the first place.
What?
There are entire systems built around doing exactly that. Embedded, military, high-trust.
It's never state of the art performance or mass deployed, because most people would rather have performance and cost optimized over assurance, but it exists and is in production use.
You verify hardware, chain of custody from production to delivery, track every deployed piece of hardware, then lock the firmware and enforce restrictions on anything that executes after that.
It's not easy or cheap (or foolproof, as anything can be exploited), but it's also not impossible. And substantially hardens security.
And for simpler systems with lower performance requirements, completely achievable.
F.ex. voting machines don't need to be running 16-core, hyperthreaded CPUs running multi-process operating systems
> There are entire systems built around doing exactly that. Embedded, military, high-trust.
This is a completely different thing. In those systems, the organization doing the vetting is the one that protects itself through those systems; the good of the organization is presumed to be aligned with the good of the end-users by the threat model. That is, the threat model is purely external to the organization: we are protecting the army's computers from an enemy army or a rogue soldier. An end-user of such a system (say, a low rank soldier sitting in a tank that includes remote-controlled components) can't really trust that those things are used in their best interest. For all they know, the devices are listening to every conversation looking for signs of treason/incompetence - this is still perfectly allowed by an embedded, military, high-trust system. It's the generals that trust the system, as it were, not the individual soldiers.
In contrast, in an election, what we care about is not that the sitting president trusts the results; we care that every individual voter trusts them. And the individual voters are not the ones that have the power to control the way procurement, hiring, vetting, verification, and everything else is done. In fact, the relationship between the electorate and the voting organizers is normally modeled as partly adversarial. The true test of a democracy is whether the populace can easily vote down the people currently in power, the ones that are organizing the election, when they would like to maintain their power.
So yes, I agree that if I am building a system that I want to trust with voting, and I have enough money, I can build an electronic system that I can trust. And you can build one that you can trust. But I can't build one that you can trust, unless you already trust me.
There is no way to demonstrate that what is executing is the source code unless you're compiling at execution time from a local vetted copy of the source code. Is the guy who vetted the source code vetted? Who vets the vetter? Is the compiler actually compiling the source code? Is the compiler compiling as generally expected? What about bugs in the compiler? Is the source code even what it claims (binary blobs!)?
What about the hardware? Are there any black box enclaves? Bugs? Does it actually crunch as would be generally expected of a number cruncher? Does it even have the vetted software?
All this complexity and anyone would be fully within their right to say "I don't and won't trust this."
Meanwhile, someone counting paper ballots by hand can be immediately understood by anyone and everyone. It's simple and it's brutally effective. So what if the process takes time? Good stuff usually takes time, what's the rush? So what if the human counter(s) screw up? Human errors are inevitable, that's why you count multiple times to confirm the results can be repeated.
The most secure, most hardened, most certified ballot counting machine cannot compare to a simple human counting paper ballots in witness of anyone and everyone.
The questions you're asking make it seem like (a) you're not thinking about this very hard, (b) you're trying to reach the answer you've already decided on, or (c) you're not familiar with high trust systems.
Still, in the interest of a conversation, some brief answers. Please ask in detail about any you're interested in (but realize I'm going to balance the time I spend answering with the time you spend researching and asking).
"Is the guy who vetted the source code vetted?" Yes, because he or she was assigned a key and signed the code with it.
"Who vets the vetter?" Whatever level of diligence you want, up to and including TS+SCI level.
"Is the compiler actually compiling the source code? Is the compiler compiling as generally expected? What about bugs in the compiler?" This is why you test. And it's pathological to believe that well-tested compilers, that have built trillions of lines of code, are going to only fail to successfully compile election code.
"Is the source code even what it claims (binary blobs!)?" See test and also dependency review and qualification.
"What about the hardware? Are there any black box enclaves?" Yes, by design, because that's how secure systems are built. And no, the enclaves aren't black boxes.
"Bugs? Does it actually crunch as would be generally expected of a number cruncher?" Testing and validation.
"Does it even have the vetted software?" Signed executables, enforced by trusted hardware.
> Meanwhile, someone counting paper ballots by hand can be immediately understood by anyone and everyone. It's simple and it's brutally effective
No, it's not. Because people are messy, error-prone entities, especially when it comes to doing a boring process 100+ times in a row.
You're not comparing against perfection: you're comparing against at best bored/distracted and at worst possibly-partisan humans.
Human counts rarely match exactly, because humans make mistakes. And then they make mistakes in the recounts intended to validate counts.
If you can't envision all the ways humans can fail, then I'd reflect on why things never fail at your work because of people, and everything always runs smoothly.
The point is that humans counting paper ballots by hand in the witness of anyone and everyone is and always will be more credible than any voting machine ever. You can certify the digital chain of trust as much as you want, it will not beat human hands counting paper ballots as anyone and everyone watches.
>you're not thinking about this very hard
Yes, because the commons will not think very hard about a complicated "solution" when a much simpler solution already exists.
>If you can't envision all the ways humans can fail,
Yes, humans fail. It's also not important. Any election worth its salt should be counting multiple times using a variety of counters and witnesses to demonstrate repeatability of the vote.
Again: Humans failing is not important.
What is important is the ability to verify immediately and simply how the vote is being tallied. Machines can and will fail (or more likely be corrupted) like humans, but we can immediately see when the human screws up whereas it's impossible to see when the machine screws up.
It's baffling I'm having to argue this to FOSS people of all peoples, you guys should know better than anyone else that vetting source code and binaries and hardware is a fool's errand for something as important as counting votes.
Nothing beats the brutal simplicity of hand counting paper ballots while everyone watches.
Human counters can be biased, and they're definitely more inaccurate. Machines, unless actively exploited by a third party, will always do the same thing, time after time. I don't believe it's worth the extra expenditure to hire tens of thousands of counters (again, human counters adds manual counting into the process, meaning another place for it to go wrong/be manipulated) when machines do the same thing with no fuss.
> Machines, unless actively exploited by a third party, will always do the same thing, time after time.
That "unless" is the whole problem. And it's not just if a third party gets involved, it can well be from the builders or the current operators of the machine who are the ones actively exploiting it as well.
The disconnect is that in most of the world we only vote for one or two candidates on a ballot. In America you vote for everything from the president to the dog catcher on one ballot.
While I think of it, the USA and UK should both stop holding votes on working days. That is nuts! Do what Australia does and vote on a Saturday and make it compulsory.
Are you sure? The last time I voted in Germany they gave me five ballots (EU, state, county, city, district), some with dozens of candidates - per party. I had dozens of votes to give.
I'm Australian, that screenshot is from the State election in South Australia, it is an example of how the Upper House ballot paper looks, it is similar in my state New South Wales.
The vertical columns (labelled as Group A to E in screenshot) divide up the political parties. The Greens will be one column, Labor Party another, Liberal Party another column and so on.
There are two horizontal rows separated by a thick line.
You can choose to either vote "above the line" or "below the line" but not both methods.
Above the line is used if you would like to vote based upon the wishes of a political party and below the line is used for "finer grained" voting for individual persons.
For example the Labor party might have 3 Candidates "Fred", "Mary" and "Bob" if I vote above the line I can put a 1 next to the Labor party and then the Labor party's wishes will determine how my vote is distributed.
Or if I Vote below the line I must number 12 different people in the order I want them to be chosen. So I could number Bob from Labor first, Peggy from the Greens second, then Fred from Labor third and so on and I exert exact control over how I want my preferences to be distributed.
edit:
Our elections are staggered, The State parliament is elected on different day to the Federal Parliament, which is different to Local City Council elections.
Believe me, we've been aware that this is a non-bug feature for a long time.
The Tuesday law was passed in 1845. Instead of changing it, many legislators are pushing in the opposite direction: trying to selectively suppress their opponents' votes further. If it hurts them more than us, it's a worthy goal!
We do it in the UK
Volunteers count the votes because they want to see a fair election (and there are ways of checking if someone partisan slipped some votes into the wrong pile).
I agree with GP. Transparency is more important than precision in democracy.
Good engineering is about choosing the right technology, not just the more recent one. Sometimes the right technology is paper.
Says who? Also, what does "accurate" here actually mean?
Speaking as someone who actually understands computers and machines: I agree with the commons (who are simpletons with regards to computers and machines) that machines cannot be trusted to be "accurate" (whatever that means) or even trusted in general.
Especially when a simpler, confirmable-by-anyone method exists: Having someone count paper ballots by hand in the presence of anyone and everyone. That includes mistakes and errors. The value here is anyone and everyone can and will immediately understand (and thus accept) what is going on.
Also, why are we even putting the integrity of the very foundation of our democracy on the table in exchange for convenience and cost of all things? Are we serious? It should be a good thing we are taking precious time and money to make sure our democracy is working properly. I thought democracy was actually fucking important.
Machines are amazing at counting things without losing their place. I'd trust an ATM's counted stack of bills over a human's (for sure if they only each got one try).
I've written some code at a previous job to simplify data entry. The previous method was adding numbers from a stack of papers, with a calculator.
I trust my code to add up the numbers on the computer over a human reading them from a printout and entering them in a calculator.
If the technical problem was solely about counting then obviously everywhere in the world we would be using machines by now. But we don't. Because the technical problem is trust, not counting.
Health insurance manual claims processors (who usually average ~5 years of experience) can do 95+% accuracy, at speed (a few minutes), at scale. That's counting and verifying multiple things against processing rules.
General data entry, from less trained folks, tends to average around 85% accurate (i.e. 15 mistakes + 85 entries correct, out of 100 entries).
Let's say they get rid of the barcodes and only show the human readable text. How does that prove any better or worse that the machine counted the vote the way it says it did on the slip?
The presence of the barcodes doesn't do anything to reduce the trustworthiness of the system
It starts with being able to tell that the information was encoded correctly when I submitted it.
Tell me this: what is the advantage of a barcode, over a scantron-esque system where I can see which item I chose because a dot is filled in?
The scantron-esque system is still efficiently machine readable; we've had scantron since I was a kid. The difference is, I can verify with my own two eyes that the information is encoded correctly on the ballot I submitted if it's done scantron-style.
I cannot do that with barcodes.
It adds another layer of safety. Do we still have to be able to trust the rest of the system? Yup. But I cannot trust anything at all if I cannot even verify that my vote was submitted correctly in the first place.
>It adds another layer of safety. Do we still have to be able to trust the rest of the system? Yup. But I cannot trust anything at all if I cannot even verify that my vote was submitted correctly in the first place.
I don't disagree that it's strictly better, but the improvements in security are marginal. Any audits/recounts would be done by looking at the human readable part of the ballot, and would therefore be unaffected. Moreover, regardless of whether there's barcodes or not, you'd want to conduct proactive recounts to mitigate any risk for tampered/broken machines. In that case, getting rid of barcodes wouldn't add any security in practice.
With a scantron voting system every single voter becomes an auditor. That’s orders of magnitude more auditing than will ever be achieved by randomized barcode audits and it will catch far smaller discrepancies. Even if a machine made only one mistake ever, it would stand a chance of getting caught. Not so with barcodes.
>That’s orders of magnitude more auditing than will ever be achieved by randomized barcode audits and it will catch far smaller discrepancies. Even if a machine made only one mistake ever, it would stand a chance of getting caught. Not so with barcodes.
When was the last time you had a printer print the wrong thing? Moreover, if an election is close enough that a few votes matter, there's definitely going to be a manual recount, so any advantage is purely academic (eg. knowing that candidate A won by 51.704% rather than 51.703%). Point is, either the error is big enough that it's trivially detected with spot checks, or the margins are so close that a manual recount is performed automatically.
But how do you know what position 5 option 2 is set to the person you voted for on the tabulation machine for a bubble fill? It's not like the counting machine is OCR'ing the choice to figure it out. In the end the pattern of dots on a scantron to what the computer thinks the ballot was is just as illegible as a collection of bar codes. It's practically the same thing.
I'm fine with it so long as the choices are also printed in a human readable way at the bottom. If it was just a giant bar code or whatever I wouldn't like it.
Pretty sure GP is saying a scantron-style one can still be flipped or offset at the destination. They use position on the ballot, not OCR, to determine what the vote is.
It's not actually about how the ballot is interpreted by downstream hardware and software. That's a different issue.
It's about the ability for the voter to determine that their own part of the process -- the recording of their own vote -- is done correctly in every respect.
Each step of the system has to be verifiable as correct for the system to be trustworthy. As it stands right now, I cannot visually verify that my own vote produced a correct printed ballot. I have no way of doing that.
This removes one of the most critical safeguards. If something in the software (malicious or otherwise) records an incorrect barcode, I have absolutely no way of knowing.
>It's not actually about how the ballot is interpreted by downstream hardware and software. That's a different issue.
To me, this seems like the only part worth worrying about, and any solution to it should satisfy your concerns as well.
Every ballot should have a UUID that the voter takes with them (or make it a hash of their voter registration number or something). As soon as the ballot is processed, the results are posted to a public place. Voters can then confirm their ballot was recorded accurately.
This still doesn't tell you that all the internal variables were incremented correctly, but you can separately aggregate the publicly posted results and compare with the aggregate reported by the machine.
The problem this still doesn't solve is electronically stuffing in fake ballots.
> Every ballot should have a UUID that the voter takes with them (or make it a hash of their voter registration number or something). As soon as the ballot is processed, the results are posted to a public place. Voters can then confirm their ballot was recorded accurately.
Opening the door for vote bribery or voter intimidation.
$1,000 for every tag proving you voted for my candidate.
If you don't prove you voted for my candidate, expect some retaliation!
You can already do that today by having people take a photo of their ballot. Or just buy their signed but otherwise blank mail-in ballot and complete it at gangster HQ. Or give them the money and don't require proof at all, because most people will just do what they agreed to do.
This doesn't happen today because it isn't scalable and is easy to get caught and prosecuted. Electronic manipulation is more appealing because it does not require interacting with people.
Taking a photo of the ballot is illegal. Also, one can just always strike the ballot before putting it in the
machine after having the completed ballot. In some places of mail in ballots it's possible to cancel the mail in ballots and vote in person after.
And bribing people to vote is already illegal in the first place. Do things being illegal stop the behavior or not? You're arguing both sides of the coin at this point.
Most people aren't going to try too hard to undermine or outsmart the gangster. Which is why, again, the perpetrator doesn't even need validation of how people actually voted. Vague threats will work just fine. In fact the gangster will still beat up a random sampling of the voters anyway.
There's far less incentive to actually pay bribes or hurt specific people if there's no reliable proof of the vote. Even with people taking a photo of a ballot, one can still just strike that ballot and vote again after taking a photo. It's an immense risk that will likely not do you any good, because there's no way to actually know those people voted. The people you're paying and who voted for you would have likely voted for you anyways and you're just otherwise paying people to not bother voting at all or voting against you, while you face immense risk.
If the gangster is just going to hurt a random sampling of people anyways, you might as well just vote however you want to vote. They may or may not commit violence against you regardless of how you vote, its completely disconnected. If you know they can validate it, you're probably going to be less brave.
Just put yourself in those two situations. One where the ballot is absolutely secret, and one where it can be trivially looked up. Someone says you better vote for X or I'll hurt you. You really don't want to vote for X. In the first instance, do you vote for X? In the second, do you still vote for X knowing the thug will be able to know for sure how you voted?
I'm not suggesting nobody would do an illegal thing, obviously I acknowledge people would do illegal things. I'm just pointing to that as why taking a photo of a ballot is illegal in many areas.
1. If all the machine does is mark who you voted on paper than what is the point of the machine over a pencil?
2. If it does more (for example count your vote) then how did you know that it actually did that?
It seems like quite a stretch to say the 2000 election was stolen. There were definitely ballot issues, but Gore challenged it and ultimately decided of his own accord to concede.
He could have continued the challenge and drawn the process out, throwing in throwing in the towel to allow the process to end was his choice, it wasn't stolen.
He didn’t “decide of his own accord to concede”. The US Supreme Court decided for him by ending any further path to count votes in Florida so Gore conceded when be had no other options.
Probably a technicality, but he did still decide to concede. The Supreme Court only ended his specific bid for a recount, they didn't call the election winner or end his campaign.
Definitely a technicality, and interesting only because he chose country over personal ambition. The Supreme Court slammed the door in his face. He could have kept fighting but every available path was even more ugly than what he and the country already endured.
When the Supreme Court rules the outcome instead of the voters, and even goes so far as to stress that their actions can't ever be used as precedent in any other matter, it's a uh.. yeah.
Idk I think something was stolen from over half the voters.
It's a bit more complicated than that. Gore lost the initial vote count in Florida. He wanted to recount. That was fine. He lost the recount, but it was closer. Then he wanted specific recounts - to recount the precincts where he thought he would gain the most votes in another recount, and to not recount the ones where Bush would gain votes. Also there were calendar issues - the December date where they have to cast their Electoral College votes was coming up.
It went to the Supreme Court. The SC made two rulings. First, in a 7-2 vote, they ruled that Gore couldn't recount just in specific spots - if they were going to recount, they had to recount everywhere. Second, in a 5-4 ruling, they ruled that they couldn't keep recounting - they had to meet the December deadline with what they had.
That second ruling is what people are talking about when they say the election was "stolen".
Personally, I think the SC was right. Recounting only where you'll gain is cheating - you're trying to win, not trying to have an honest count. And if Florida had missed the deadline, and Gore had won because none of Florida's votes counted toward the Electoral College? That would have been stealing the election. It also would have been a violation of the Voting Rights Act and a bunch of other things.
1. It was the Bush campaign that asked the Supreme Court for a stay.
2. The initial recount was triggered automatically because of the narrow margin. It was not requested by Gore. He did still lose it but by a much smaller margin than before. It turns out that 18 counties in Florida didn’t carry out the recount, although Gore never challenged this.
3. Candidates are allowed to request recounts in individual counties. Gore exercised that right in four traditionally democratic voting counties. Bush had the same right.
4. Later analysis showed that Gore would have lost the counties he requested recounts in but if Florida had properly counted ballots in the first place he would have won.
5. The Supreme Court controversy comes from Florida’s requirement to certify results within 7 days. Several of the counties that Gore requested said they couldn’t complete the recount in that time. The Florida Secretary of State didn’t extend the deadline for certification but did allow counties to continue recounts and amend their results. The Supreme Court stepped in and stayed these recounts, forcing Florida electors to accept the initially certified results and blocking any amended results.
The really interesting thing was that Bush likely would have won following Gore’s recount of only undervotes but lost if they’d recounted both under and over votes:
My main takeaway is that this was within the margin of error so we shouldn’t go crazy trying to play what-if scenarios and getting distracted from blaming Florida for having a bad system which produced high error rates. Once you’re in the noise like that, you’ve guaranteed that someone will be unhappy.
Thanks for the added detail, that's roughly what I remembered as well but definitely a better timeline.
I don't actually remember hearing people describe the election as stolen at the time. I know people weren't happy about it, but either I just lost that memory over time or "stolen" is a newer description of 2000 now that its become so commonplace today.
Either way, I have a hard time seeing an election that was recounted and challenge GED all the way to the Supreme Court as stolen. Contentious for sure, but that sounds like the system working as intended rather than theft.
I was in High school at the time, I definitely remember a feeling that the election was stolen and that Bush was not rightfully elected. I don't remember the general feeling going away until after 2001. There was a large partisan divide at that time.
The difference between then and now was that Gore put the country before himself and conceded.
You can be unhappy with a result, and maybe even see a path towards changing it, but at some point politicians owe it to their country to support its core democratic institutions.
Clearly and publicly accepting well-audited voting results should be first requirement for presidential candidates.
(Said as someone who has thoughts about the 2000 election, but respects what Gore did as a patriotic choice)
Interesting, I was a year out from high school and remember it being really contentious. I just don't remember the phrase "stolen" being thrown around, but that would have been very easy for me to not notice at the time or forget since then.
If it was compromised, it wouldn't flip all the votes, it would flip just enough to change the result while staying credible. So the question is how many people double check the paper ballot. Because if it randomly flips, say 1 ballot out of 15, and the paper ballot is consistent with the tally, it could very well go unnoticed.
Not with a randomized audit, such as this one for the 2022 primary [1]. If it flipped just one vote out of 100, and you drew an audit sample of just 1000 votes, the probability of detecting it would be 99.996%.
What do you audit if both the tally and the paper ballot are consistent? The only check possible is the voter checking themselves before they hand over the paper ballot.
The problem stated was that the marker machine lies 1 out of 15 entries. The paper would contain an incorrect selection occasionally. So, yeah, it would require no one noticing during the act.
Indeed, and the math is the same. If out of 3 million voters, just 1000 double-check the printout, they will detect a 1/100 flip with probability 99.996%.
Of course it's important that enough people check their ballot and say, "hey this isn't what I meant" it triggers a formal audit. Not just letting those 1000 have a redo and chalk it up to human error.
Sure, but 1000 is just 1 in 3000 voters. In practice it's going to be way more than that, probably 2 or 3 in 10. Thats hundreds of thousands of voters, many of whom are going to be punctilious people. Of all the suggested fuckery methods, this would be caught the fastest IMO.
And yet somebody who voted said far above in this thread that the machine reads a barcode on their ballot, so they have 0% chance of verifying if their vote was entered correctly. And there is always the added problem of a dieselgate style obfuscation: The machine counts votes differently when in verification mode than in actual vote counting mode.
My preferred machine would be one that did not use integrated circuits, but was simple enough that the entire board and circuit was visible - with no software beyond the circuitry at all. You just need a very simple sensor and tally wheels that mechanically advance, like those used for measuring wheels etc. No need for memory. Keep automation to the absolute bare minimum.
And I guess you didn't sign the paper or in any way had means to ensure it wasn't printed with the opposite candidates vote in the next room.
Neither did you have the opportunity to also vote for the other color of the uniparty and cross check the ballots to see they printed identically and according to selection
FTA: “Colorado voter votes on a paper ballot, which is then audited during the Risk Limiting Audit to verify that ballots were counted according to voter intent.”
How is it any different than traditional voting, where you drop your ballot into a black box and trust the poll workers would count it correctly?
You can do random spot checks select boxes to make sure the machine is tabulating correctly. If they're all correct, you can be reasonably sure the others are correct as well, unless your adversary has incredible luck.
The issue in the US is compounded further as running elections is left up to not only the states, but the individual municipalities in those states and typically run at the county level.
Each with their own rules, whether or not ID verification is mandatory or literally illegal, style of voting (mail vs in-person), ballot design/UX, what languages the ballots are in (are ballots in Sweden in anything but Swedish?) and mutually incompatible equipment. There are thousands, if not tens of thousands, of ballot designs in use for the current election.
When viewing this at a macro level for electing the office of the President, it seems absolutely insane.
At that point it doesn't matter whether the voting system is centralized or left up to localities. If the election comes down to a few thousand key votes in one or a few localities you are left with a very small number of election systems to keep a close eye on whether that's the central one or a few local ones.
Its also worth noting that just because the central government could run one standardized election process doesn't mean that the election is easier to secure. Ultimately polling places would still be local. Maybe it helps a bit if everyone uses the same system, but that's more about consistency than security.
The point of voting is to kick people out of power when they piss off a clear majority thus keeping the system honest.
As such getting the count absolutely correct isn’t necessarily as important vs more systemic biases like gerrymandering or voter suppression. The vote may be rigged before people started casting ballots, but that doesn’t make voting useless. It’s the strongest signals that are most important and that’s still preserved.
> getting the count absolutely correct isn’t necessarily as important vs more systemic biases
History lesson: The 2004 Washington state governor's election was decided by a mere 129 votes, and only after multiple recounts and repeatedly "finding" boxes upon boxes of supposedly uncounted ballots in the weeks following election day kept altering the totals and overturned the original result. The election was extremely controversial and not decided until two days before Christmas. Due to these irregularities, many people did not accept the results for years afterward.
>and only after multiple recounts and repeatedly "finding" boxes upon boxes of supposedly uncounted ballots in the weeks following election day kept altering the totals and overturned the original result.
The explanations given in the wikipedia article seem pretty plausible.
I don't see how it's any different what happened in the 2020 election, where Trump appeared to win at first, but a bunch of mail-in ballots (which were counted later) turned it around. While I can see why it might seem superficially suspicious, such phenomena is inevitable if the pool of mail-in (or other forms of voting liable to get delayed/incorrectly rejected) ballots lean one side.
> While I can see why it might seem superficially suspicious, such phenomena is inevitable if the pool of mail-in (or other forms of voting liable to get delayed/incorrectly rejected) ballots lean one side.
God help us that Pennsylvania mandates mail-in ballots can only start being counted on election day.
> The point of voting is to kick people out of power when they piss off a clear majority thus keeping the system honest.
This is also a good argument in favor of decentralized voting management, as much of a shitshow as it may be. Centralizing the management of voting under the authority of the people voting intends to kick out of power is potentially self-defeating.
How are you going to have 5 digit numbers of fraudulent voter registrations ready to deploy in all of the critical areas, but also ready to enjoy intense public scrutiny before and after the election. Voter registration databases are public, more or less, so you need to figure out how to fool the people running the election as well as the third party watchers, statisticians, academics, journalists and the veritable army of people who could have their entire career made by uncovering fraud.
In traditional voting, there is a pretty decent chance you know the person who does the counting or can find someone in your community who can personally vouch for them. Living in my small town at one stage, I knew several of the tabulators personally and all of them by reputation. That is an extreme case, but even in a city these people are somewhat known quantities.
With a voting machine that wasn't verified by a hand count it'd be relying on who-knows-who, who-knows-where with an uncertain risk profile.
What do you do when you live in North Korea and are worried about an elections integrity? At some point the answer is you survive as best you can.
But to fight corruption you need more transparency and to increase the costs of conspiracies, ie, to head in the opposite direction of voting machines.
> In traditional voting, there is a pretty decent chance you know the person who does the counting or can find someone in your community who can personally vouch for them.
Voting in my area is managed by my county. There's 1.1M people in my county and it's not even the biggest in my state. I'm supposed to personally know all of the few hundred people working the election out of 1.1M spread across 2,200sq km?
The advantage of just counting in public and having other people vouch is that it is easily understandable by everyone. If you use the blockchain, how many people can be convinced that the election was stolen with some techspeak? Do you think the average citizen understands enough cryptography to validate that the election was legit?
This has me wonder if highschools should start teaching the basic concepts of cryptography so that we eventually do end up with a common understanding of blockchains, password managers, passkeys, or any other technologies that we end up using in our day-to-day lives for crucial tasks.
This is funny because as a CS grad, I cringe about 75% of the time when blockchain enthusiasts make pitches that are oblivious to the workings of blockchains, the tech underneath, and their alternatives.
If the blockchain community can't understand blockchain, it's going to be nigh impossible to convey comprehension to the general public.
The general public generally just wants the authorities whose job it is to manage voting to do so in a competent manner. It's worth noting that there's really only been one candidate for national election in modern history who has called into question the fairness of our elections. (And then only when he lost.)
Most of us understand that the folks who work for the Secretaries of State are generally doing the best they can with the resources we provide, and we don't want to provide more resources so they can do a "better" job.
It probably wouldn’t hurt, but you can’t really rely on Highschool education for election security. There are many people that don’t go to Highschool, and those that do probably forget half the stuff after a year. For an election, you want it to be basically obvious how it works in my opinion, anything that takes longer than 5 minutes to explain makes it easier to create doubt in the election.
That wouldn't help for this case. Even a PhD in cryptography and computer science doesn't help you in any way be convinced that a particular machine is securely counting your votes. If you want to be convinced of that, you have to audit the code and the hardware specs and the network code and everything in between to ensure that the system: (a) implements the claimed algorithms, (b) does so correctly and free of side-channeled attacks, (c) doesn't implement other things that can weaken the security after the fact, such as remote code download, and (d) has adequate physical protection to prevent hardware interference. And probably other things I'm not even thinking about.
And all this work doesn't then help you ensure that another machine in a different jurisdiction, even one that is the same make and model, is also secure. Plus, every single person that cares about the vote has to put in this work for themselves: you can't "trust the experts" when the stakes are so high.
I think this pretty clearly goes beyond what you could do teach a high-school setting.
I have a PhD in CS, with peer reviewed publications on using cryptography, and all I learned in my studies is that it’s practically impossible to build a secure voting machine.
I even took a class from a professor who regularly testified to congress on the topic.
You don’t need a Ph D or inspect code to know that your vote is included in a Merkle tree.
And you can verify that the vote total matches what is in the Merkle tree for your district, and the national Merkle tree of districts.
You can also verify that each voter was issued a unique token, which went through a mixer.
About the only thing you can’t verify is that the agency giving out the token hasn’t been corrupted and gave a lot of voting tokens to fake people, or multiple voting tokens. That part (preventing sybil attacks) is why Voter ID laws exist throughout the world.
But reducing the attack surface to widespread corruption issues involving voter registration, is much better than having those AND problets merely counting the ballots by hand, as when eg Al Gore lost to George W Bush in 2000.
The other thing you can’t verify is that other people’s vote wasn’t tampered with — unless THEY report it. Which is why the voting system should require voters confirming votes from multiple devices that verify your cryptographically signed choices, eg vote on a laptop then scan QR code from that laptop with your phone and approve, just as you would with a web payment request in your bank app, crypto wallet or WhatsApp sign-in request. Because voting is not as valuable to people as securing their bank account, this requirement must be enforced on all voters. This way one company eg Google or Apple can’t spoof the interface.
So you agree that you can't verify that the system has one and only vote tabulated for every person that actually voted, or that the vote they intended is the one that got counted. So, you agree that you can't trust the results of this election.
Furthermore, if you check and find out that your own vote was incorrectly counted, you can't actually do anything about it, unless voter anonimity is not guaranteed: if you can't prove to an outside party what your real vote was, you can't pursue any legal action, you just know for yourself that the vote was rigged. And if you can prove to an outside party what you voted, that opens up a whole host of other attacks.
So no, this is not even close to an acceptable solution.
I'll also note that the Bush V Gore election issues were not caused by hand counting, but by machine counting as well. So, they should be taken as further proof that simple ballots and manual counts are the right way to conduct an election.
No, I said that reducing the attack surface to a subset of the problems you normally have is good and makes elections cheaper. That’s what cryptographic protocols, including blockchain, do in general. They replace the need to trust corruptible middlemen, with a protocol that is infeasible or extremely hard to subvert, and which leaves traces of the subversion. Crypto is used all the time such as when you use cryptographic hashes to detect tampering, or merkle proofs to prove something was included correctly in a larger part.
You then replied essentially: “well since you still have some problems, you can’t trust the election… the paper way is the only right way”.
Some people might be wilfully misunderstanding because it’s “cool to rag on blockchain” or whatever. People who always repeat a refrain like “this is simply the only right way to do things” are trying to convince not by arguments but by pushing a dogma. And most skeptics of technologies have been wrong, including skeptics of airplanes, computers, etc.
The hand recount took too long and the Supreme Court stepped in and “just picked a winner”. Which later counts showed to have been the wrong result. Citing the machine counting alongside it doesnt really help your case because the machine counting was all kinds of ad-hoc and hybrid things (including the dreaded silly “butterfly ballots”) which is exactly what people advocate for, when they try to argue for avoiding a fully consistent and uniform electronic system. They want all the little variations and manual counting “so no one can hack the whole thing”. So yes it’s a perfectly valid argument to point out that delays caused by this led to the wrong outcome (and had consequences like ignoring Bin Laden, allowing 9/11, the invasion of Iraq, clamping down on civil liberties in USA, raiding Social Security etc.)
All the problems you cited above are present in the current system — including having to prove how you voted to challenge the results. Except in the current system there are far more problems, including not even being able to physically show up at the polling place (because it is too far), or proving that the poll workers corrupted your vote, added extra ballots, literally anything. Out of sight out of mind I guess.
And across the world, elections are done even worse. Consider the recent election of Lukashenko in Belarus. People in districts where he got 80% were trying to ask around who voted for him and complained that very few had said they did. It’s all arguments based on hearsay. That is the flip side of not being able to prove how you voted. In fact if they wanted to know how you voted, in your manual system, they could just take a camera outside the booth and look at timing to know when you voted. Or just put a camera in the booth. But in fact it’s far worse than that, the voter databases include driver’s licenses and addresses and social security numbers, in most US states, AND party affiliation is 94% correlated to how you vote so all this paper ballot “security theater” to prevent “being ABLE to prove how you voted” gets you nowhere: https://ballotpedia.org/Availability_of_state_voter_files
And oh yeah… in the system I described you can anonymously challenge the results because you have cryptographic signatures but your own private key came out of a mixer, so you don’t need to identify yourself to prove your vote didnt match what’s in the system. Enough complaints and we ALL know which districts were corrupt, and very quickly.
In paper based systems, you and other volunteers do most of the counting, alongside representatives of all parties. None of the problems I described exist in such a system: you can't add a million votes unless you convince a whole lot of volunteers and representatives of the parties that they are real votes. You can't put multiple votes in unless none of those same people see you. If one volunteer attempts to change a vote, another one will stop them. If you think your vote was miscounted, a re-count can be issued, with even more observers, and the exact same artifacts are available for all to see (how do you fix an error in the Merkle tree, even if everyone agrees it happened?). Even if you have an extremely corrupt county, that doesn't generally matter in the grand scheme of things; and its extremely unlikely, as any citizen in that county can stop the corruption by simply participating in the process themselves.
Wide-scale voter fraud of this kind is simply impossible in a paper system. The only times it happens is like in Belarus, where it's not "an election", it's a public show that looks like an election, but where the result is pre-determined. The Merkle tree would show the same thing there: it's a mock election to make it look like a mock democracy. Lukashenko wouldn't have stopped leading the country even if miraculously the election would have shown he lost. Or, it can happen in other more complex and more discoverable ways, such as busing voters around to physically vote multiple times in multiple (preferably far away) polling places.
As for Estonia, they'll come to regret this system sooner or later. It can work for a while, but there is no doubt that the system will get hacked, or the losing party will be able to convince enough people that it got hacked even if it didn't. Someone will accidentally publish private keys, like in this Colorado case. The system will go down on election day because of a bug. Who knows which one will be first, but it'll end their experiment. The rest of the world will continue with paper voting and not face such problems.
“In paper based systems, you and other volunteers”
No, 99.99% of “you” go home and “trust the system” to some poll workers, many with major bias and incentives. Many of “you” don’t turn out to vote or are disenfranchised by simply living too far from the polling place or not being able to take time off work, when you could have just voted from your app.
Certain parties even rely on suppressing turnout. (Can you guess which party does that in USA? Hint: it’s the one that closed 1600 polling stations right after the Voting Rights Act got neutered, and then got mad about mail-in ballots ruining their carefully laid disenfranchisement plans during the pandemic.).
In fact, if you want the election to be “secured by multiple distrusting parties”, that is exactly what byzantine-fault-tolerant cryptographic protocols (which power many blockchains) are designed to do.
(how do you fix an error in the Merkle tree, even if everyone agrees it happened?). Even if you have an extremely corrupt county, that doesn't generally matter in the grand scheme of things; and its extremely unlikely, as any citizen in that county can stop the corruption by simply participating in the process themselves.
You are literally arguing from a double standard. In a paper election, somehow “any citizen” by themselves can stop the corruption… by simply participating in the process.” Yeah sure one guy exposes the entire corrupt county, with no ability to prove how anyone voted, why didn’t a single Belarussian and Venezuelan think of that? LOL” And on the other hand, when you have tons of anonymous irrefutable proofs by participants submitted publicly, you throw up your hands and say “what can we do to fix the merkle tree, even if we all knew it was corrupt?” The point of the trre is to catch errors, prove them and publish the proofs widely. As a society, you then have the proof nexessary to fix errors the same way you’d normally do it — by identifying the corrupt districts, and having a recount or revote just there. And bringing those responsible for tampering to justice.
If you stop conflating all the things and unpack them, you’ll see that adding cryptography makes things strictly better:
1. You have more chances to catch if there have been extra votes cast because the private keys are coming from tokens handed out at registration. In a paper election you might have corruption at registration AND all manner of ballot stuffing later too.
2. Everyone can check their vote and report a discrepancy. Not just the volunteers at the polling places. And all because they can prove how they voted and do it anonymously!
3. Everyone can see exactly which districts are corrupt in giving out fake voter registrations, and where there’s smoke, there’s fire. They can do an audit and guess what, the cryptographic signatures are helpful for creating a PROVABLE trail that implicates the system.
4. The attack surface reduces to pretty much just the voter registration sybil attacks. Eliminating a whole class of problems on actual election day.
5. The results are reported to everyone reliably and quickly, or even in real-time (though the latter is “too good” because it might affect how later voters vote).
There’s practically not a single problem that adding cryptography creates, which wasn’t already present in the paper system. And you know all this because if you honestly asked yourself whether dictators, who want sham elections, would want to do their next election with cryptographic signatures and merkle trees or not — what would be your answer? Be honest. And think about what that means for your argument.
I'm pretty sure there are more than 20,000 polling workers in the USA, so no, it's not 99.9% who go home and trust. And most importantly, for every republican there is a democrat and vice versa, in every polling place, auditing the process in real time.
And the reason you can fix this at the polling station level is simple: as long as the entire state is not captured by a single party (in which case no real elections are happening), the rest of the state can come in and fix the bad locations.
Related to your points:
1. If there are more ballots than registered voters, this is easy to check. It's even better than a private key system, as extra registrations can also be caught on the day of polling, if people actually come in and vote again, whereas extra private keys being handed out will not see an election official again.
2. There is no way to actually "prove anonymously how you voted". To move the needle in any way, you have to come out personally and say "I know I voted like this, but the system shows me as voting like that, here is what it shows when I present my private key". And either way, this is actually a weakness of the system, as it allows trustworthy vote selling.
3. I don't understand how this is supposed to be any easier than in the current system. You still won't know how many people were legally allowed to be registered in that district, so what are you comparing against?
4. No, the threat surface is the entire electronic system. Someone can attack the system and prevent voters from getting private keys, issue corrupted keys, allow more keys than were registered, present the results differently from what is stored in the merkle tree, use side channels to decrypt private keys, exfiltrate data about individual voters, and who knows how many other ways. Plus, if you can vote from anywhere, you can be coerced, especially by family or caretakers, to vote in their presence, or disclose your private key so they can vote in your name themselves.
And all this assumes the system is an actually secure Merkle tree. In reality, it would just be a computer program that takes your vote and shows you some data. What is actually running on the server is impossible for you to know unless you are given access to the hardware and software.
5. Sure, this is a clear advantage.
You are severely underestimating the risks of an electronic system, and only looking at the purely theoretical logical core. All of the systems around it, through which you interact with the core system, and all of the human factors around using the systems, are a huge attack surface. For example, would you trust this system and issue your vote from a phone or PC which you know is infested with malware? If not, then you have to agree that every device is part of the attack surface of this system.
Finally, in relation to your challenge, elections held by dictators are only meant to look like elections in more legitimate countries. So, if most countries hold paper elections (which is by far the majority), then the dictators will put on a show like that. If the majority of countries used electronic voting, dictators would also get electronic voting machines. Still, I don't know of any dictator that bothers to make a show of how free and correct are their elections.
Thank you for engaging point by point. Let’s look:
1) Easy to check by whom? With paper, it’s a bunch of people yelling to the news they saw discrepancies. In USA, we have probably the most expensive election in the world and we heard it all in 2020 from sour Republicans. To this day many people believe the election wasn’t secure and was “stolen”, including with physical ballots being shipped in, etc. On the one hand you have people yelling and on the other side you have people saying it’s all fine. Just like after a Venezuela or Belorussia election or the Crimea referendum. None of that would be the case if the elections could just have a standard way to be run, same as we now have electronic standards for DNSSEC or certificate PKI the EVM or IEEE standards. We can do things at scale because of standards. We could remove most of the uncertainty.
2) You don’t have to come out and reveal your PII, in order to publish a complaint as a voter. You’d just have to reveal that you know the private key, here is your receipt signed by the vendors in the system, and here is the actual result the UX vendors reported. The reputation of the vendor would be PROVABLY destroyed, all those receipts would be entered as evidence and they’d have to pay reparations in lawsuits. All because people were forced to double-check from 2 devices. The UX vendor would face chilling effects far larger than currently, for tampering with an election. None of this requires PII of the claimants.
3 and 4. You say it’s the whole system but proceed to list only things related to registration. Which, I already said, remains an issue, but the actual voting can be done on a phone. All your concerns could be also done with a banking app etc. where far more money is at stake than a single vote, yet people use them all the time.
I am not sure how you are supposed to impersonate a person unless you steal their phone, and then force them to open the voting app and enter their biometrics, just for a lousy vote — and you’d have to do this all across town at scale? Nan.
If you’re saying that a bank can “roll back a transaction” if you report losing your app, and somehow the election reaching finality (like a blockchain transaction) is a negative, then you’re saying that
As for people losing their private keys or phones or maybe so poor they can’t afford to have a computer or whatever, they can register to vote in person. If they failed to update their registration, though, before the election, and they can’t vote from their phone, it’s the same issue as if they didnt register at all. So they didn’t vote. But on net there is a much bigger turnout.
5. Okay we agree here. And this isnt an academic point — Al Gore would have been president if they could have counted the votes faster, we could have probably avoided the entire Middle East being on fire, the rollback of US civil liberties, maybe even prevented 9/11 with NORAD, and finally could have avoided the current disastrous wars in Ukraine etc. since Bush was the one to push them into NATO back in 2008 when the Ukrainian public strongly opposed NATO membership until 2014, but he worked with Yuschenko to do it anyway (https://www.pewresearch.org/global/2010/03/29/ukraine-says-n... and https://en.wikipedia.org/wiki/Referendums_in_Ukraine)
I think we both know that a corrupt government would not want to secure elections with merkle trees and publish them online. Too much chance of being caught, and they’d have no way to fudge the results reliably. By making decision-making cheap, the public in every country would be welcomed to hold regular referendums on topics (like California Proposition XYZ) and the governments would be MORE accountable to the people. (Personally, I think provably random polling is superior to voting, due to turnout issues, but that’s another story).
You can say whatever you like but when the rubber meets the road, corrupt officials and their detractors overseas (the war hawks looking to cast doubt on any way to figure out what, say, the actual people of Crimea or Donetsk want) both prefer paper ballots and the effective inability to cast absentee ballots when you fled the country or were internally displaced. While cryptocurrency allows you to take your money with you while fleeing a war zone, the crypto-voting would let you vote from anywhere as long as you had registered as a citizen back before being displaced etc.
It’s literally technology you can add to secure things and corrupt governments avoid it, war hawks across the world hipe they don’t use it, and you are arguing that even adding it makes things less secure and less reliable.
Since Bush was the one to push them into NATO back in 2008 when the Ukrainian public strongly opposed NATO membership until 2014, but he worked with Yuschenko to do it anyway.
Except he did not "push them into NATO in 2008". 2008 was the year that Ukraine's membership application was formally rejected by NATO, and there it has sat, in the doghouse, ever since. But Putin invaded anyway, because the NATO noise was never the reason he invaded in the first place.
The most significant consequence of the Bush presidency was probably the criminally insane invasion of Iraq -- which arguably did encourage Putin to go into Ukraine, on equally vacuous and fraudulent pretexts. "If they can get away with it, then why can't I?" was apparently his thinking.
NATO member countries didn’t really want Ukraine, Ukrainian citizens really didn’t want NATO, but in 2008 Bush vowed to press for both Ukraine and Georgia to join NATO.
Saakashvili of Georgia (who is now in jail for corruption) also had two breakaway republics at the time — Ossetia and Abhazia — and he engaged in a war with them and kept hoping NATO would come. Back then Putin wasn’t even president, it was Medvedev. Anyway, the same exact war started happening back then, with Russia invading Georgia with tanks moving slowly to the capitol, Tbilisi. Their goal was to intimidate them into agreeing to stop shelling the two breakaway republics and leave them alone. (Georgia and Armenia, in turn, had been protected by Russia from Ottomans, much the same way).
The difference in that war was that it ended in a week, because Nicolas Sarkozy (the French president) negotiated a peace agreement successfully. Since then Russia hasn’t invaded Georgia further, simply protected Abhazia and Ossetia, in fact Georgia has been normalizing relations with Russia and opened up direct flights and tourism last year etc. A great outcome for all civilians, compared to what could have been a senseless war. I was in Georgia last year and saw it firsthand.
Meanwhile, after the regime change revolution in Ukraine in 2014, the CIA had 8 years to build up weapons and paramilitaries etc. Same exact playbooj that ravaged Afghanistan w the mujahideen (Arabic for “jihadists”) and Afghan Arabs, masterminded by Zbignew Brezhinski. This time it was CIA in Ukraine: https://news.yahoo.com/cia-trained-ukrainian-paramilitaries-...
So in 2022 when Russians tried the same playbook (intimidate Kyiv into not shelling the two breakway republics) they didn’t expect the Ukrainians to walk away from the negotiating table. They waited for them in Belarus under Lukashenko (where they had signed the Minsk accords years earlier, endorsed unanimously by the UN security council) but the Ukrainian negotiators kept delaying and venue shopping, and the SBU (Ukrainian KGB) even killed one of them as “a traitor” for being too eager to negotiate, a man appointed by the President himsdlf and who the Ukrainian state department called “a hero”.
I personally spoke to David Arakhamia (the guy w the hat) on Facebook Messenger in the first days of the war, he had many Ukrainians on his FB wall begging him to make a deal and avert the war. I tool screenshots and the pleading posts are still there. He privately told me he agreed w me. But when the negotiators entered the room they left after 2 hours. We don’t kmow what happens in closed rooms — whether Baker promised “not an inch” to Gorbachev, or whether the Ukrainian or Russian negotiators ever negotiated in good faith. But the civilians, the people deserve better representation. The war continued, and the tanks found themselves around Kyiv and major firefights in Bucha vs Azov and other armed groups with RPGs shooting at tanks. Kind of like the red triangle videos of Hamas vs Israeli tanks. It’s really unfortunate and was avoidable. Russia expected it to go like the last war, it didn’t.
Naftali Bennett was the Israeli PM and he could have played the role of Nicolas Sarkozy did with Medvedev (Russia) and Saakashvili (Georgia). He has a tell-all interview in Hebrew about how he had negotiated peace DIRECTLY between Putin and Zelensky, and had them both make major concessions — eg Ukraine wouldn’t join NATO, and Putin promised not to kill Zelensky. In his interview he said that Zelensky double-checked this and then came out to record his famous video “I am not afraid, I am here” and saying he needs ammunition, not a ride.
Why did Bennett not succeed? He said he “coordinated everything to the smallest detail” with the US and UK, he “doesn’t do as he pleases”, and they told him he MUST stop the peace deal. He said he “thought they were wrong” and still does. That peace is worth a shot. But he didn’t continue, and the war didnt stop 2 weeks into it.
Erdogan luckilh WAS able to negotiate a year-long grain export deal in the midst of a war, which likely saved millions of lives — Yemen had been very dependent on Ukrainian grain and had a famine from yet ANOTHER proxy war (this one between Iran and Saudis w US weapons, same kind of war but with roles reversed). But no one seemed to care about Yemenis, despite millions being in far more dire hunger conditions than Ukrainians ever were.
The world is complex, but Bush had started the stupid push into NATO, even as NATO members were slowwalking him. My guess is he was angry at Putin’s Munich speech in 2007 NATO, calling out USA for invading Iraq and violating international law. Back in 2001 Putin was the first president after 9/11 to call Bush and offer condolences and they made a joint anti-terrorism initiative. Putin wanted to join NATO back in 2001, he asked the NATO heads but was always rejected. Since 2002(!) Russia tried to stop the invasion of Iraq in the security council and every other way it could but Bush couldn’t be stopped. That is when I think Russia realized that after Kosovo and Iraq, that NATO isnt purely defensive and USA isnt going to be constrained by international law. Putin’s speech in 2007 made Bush want to flip Russia’s neighbors (about which every ambassador said it was a red line for anyone in Russia, “not just Putin”) so the result was predetermined:
Right - Bush "pressed for" Ukraine's membership, but he wasn't successful. And in fact Putin had executed (what he should have seen as) a successful containment strategy by that date, via purely diplomatic means. Sanity prevailed, reason prevailed -- but Putin invaded anyway. That's the key takeaway here.
As to the other tangents, briefly:
(1) No, the Georgia conflict was not "the same exact war". It bears a certain surface similarity, but for what should be obvious reasons, the analogy stops there. In particular Putin's attitude toward (and obsession with) Ukraine is in an entirely different universe from his attitude toward Georgia (the former he sees as basically a part of Russia; the latter merely as a buffer territory).
The situation in Georgia's breakaway regions is also entirely different; the violent aspects of these conflicts there go pretty far back (to the early 20th century, with major flare-ups beginning immediately after the dissolution of the USSR, and major atrocities inflicted by both sides).
There is, simply put, no analogy to be made with the situation with the regions of Ukraine that Putin is attempting to annex - which never saw any violent separatist conflict prior to Putin's invasion via proxy forces in 2014.
In short, there are huge, categorical distinctions between the two conflicts -- describing them as "the same exact war" is really quite silly.
(2) Re: Arakhmiya - your spin here is that the Ukrainians could have just walked away by making basically symbolic concessions (like agreeing not to join NATO), and all would have been well; and that we just don't really know happened because it was all behind closed doors.
This is a false characterization. By now we do have a pretty good idea of what happened, because the proceedings were quite famous and have been thoroughly investigated (for example in the Foreign Affairs article linked to in the thread below). In a nutshell, the concessions the Russians were demanding were not purely symbolic; rather they were demanding not only those, but drastic reductions in force that would have effectively left Ukraine without viable security guarantees of any kind. Against this backdrop there were also the atrocities happening on the ground in Bucha, Irpin and Mariupol, which in addition to providing a certain chilling effect, persuaded the Ukrainians that relying on Russia's good word for their security would not be in their best interest.
(3) There's no analogy between the Ukraine's paramilitaries and jihadists of any kind; that's just scare rhetoric. Once Russia invaded in March 2014, all bets were off -- and any help provided to Ukraine after that date was purely defensive, by definition, end of story.
I am making that analogy, there are so many elements in common, and the analogy to other proxy wars like Yemen too.
You could argue Brzezinski and CIA arming the mujahideen was also “purely defensive”, or Soviets arming the PLO a decade earlier was “purely defensive”. Both are nonsense, of course!
And of course, after Yugoslavia and Libya we know that NATO isn’t a “purely defensive” organization, and its member states like USA sometimes form coalitions to go invade other countries, like Iraq or Afghanistan, and occupy them for years just like the Soviets.
You must not know the history of cold war proxy wars very well to ignore all the parallels and the patterns that repeat and repeat.
Isn’t it a bit silly to just say “period, end of story” and just deny it? This is how people solve problems — by looking at similar situations around the world. You don’t fix a refrigerator by refusing to look at every other refrigerator and treating it as a special snowflake. Same here.
You could argue Brzezinski and CIA arming the mujahideen was also “purely defensive”, or Soviets arming the PLO a decade earlier was “purely defensive”.
One could, but it'd be silly as you already know, and no one is doing that.
Well, they shouldn't do it here either then. The analogy is quite deep since history repeats itself:
CIA training paramilitaries against Russia/USSR
Increasing the chances of Russia invading
Giving ever more weapons to the "freedom fighters"
Country ravaged and destroyed by war
Lots of dead combatants & civilians (needlessly)
Of course the war in Ukraine is like other proxy wars (in Yemen, Afghanistan etc) and can be analyzed by comparing them. For example, Iran did the same with Houthis in Yemen, as US CIA did with far-right paramilitaries in Ukraine. If you call Putin an unelected dictator who bombs a neighboring country to maintain their influence and hegemony rather than let a rival take it over, then what do you call the Saudi monarchy doing that in Yemen? And now that country is ravaged by a decade of needless fighting in a proxy war. In any case, the Ukraine war is not a special snowflake, at all. It's very similar to many other proxy wars.
It's also a war in which Russia invades a country in an attept to bring it to the negotiating table to agree to permanently stop shelling two breakaway republics, very much like with Georgia, so we can see what happened in Georgia (i.e. Russia didn't continue to take over the country, at all) rather than invent fantasy scenarios that Russian orcs want to genocide all Ukrainians, or will go and take over the rest of Europe if they succeed in Ukraine, etc. It is quite reasonable to look at similar situations to infer what the motivations were. And it's NOT reasonable to say "it's all Putin" when every US ambassador said every Russian leader (including Medevedev with Georgia) would react the same way to the "red lines". 73% of the Russian public supports the Ukraine war just like 73% of the US public supported the Iraq war. Public support wars. Similarities matter, and they matter most of all because they help us understand how to prevent and end wars.
For example with Georgia, despite all the similar motivations, and nearly the same actors in similar circumstances, the motivation to say "there is no analogy AT ALL, period, end of story" is that you can then claim Russia will be emboldened and continue its rampage further, if a peace agreement was reached. Most civilians want peace, and don't want carnage, so to justify continued carnage (resulting in 2 million dead civilians in Afghanistan, for instance), you need a narrative that is even worse than sending people to die in wars. So people bring up all kinds of claims (Russia will invade Europe if not stopped here etc.) So if a counterexample is brought up (e.g. Russia didn't continue past 1 week in Georgia) you have to shut it down very quickly. But the analogies are there, and the public's reactions on both sides is similar too:
Ultimately none of these details matter given the elephant in the room: you're voting on some app using your private key, and using some app to check with your private key if the vote has been correctly registered. But you have 0 way of knowing if the system is using this data in the way it was presented. For all the info you have access to, the system can just as well work like this:
1. You cast your vote using the private key
2. This gets registered on a server, it remembers "this person voted for X"
3. When you ask the system "who is my vote registered for?" the system tells you "X"
4. When computing the totals used to decide the election, the system returns 90% Y, 10% X, regardless of the actual votes cast.
Now, this very simplistic scheme would be easily defeated by asking them to publish the whole database of votes. But that would just break the anonymity guarantee of the election, so it is a no-go. And if they destroy the relationship between your vote and your private key, then again you can't confirm anything.
By the way, because you were citing Estonia's e-voting, I read up on it a little: they have all of these problems, and more. For now, people choose to trust the government, I assume and hope rightfully. But their e-voting system relies entirely on secure client devices, it relies entirely on trust that the servers are running the published source code, it relies on the proprietary closed-source client app being trustworthy. And people have even hacked their own vote to show that it's possible, which their supreme court found is not a problem with the election, since it was still their own vote. They barely even have some form of verifiability, and even that is relatively new.
I have no doubt that if a pro-Russia party had a realistic chance at winning (such that the populace and the incombent government would accept the results of an election where they won), Russian state actors would hack their systems and seek to get their people elected (whether they would succeed is of course hard to say). As would the USA if, say, a Latin American state used electronic voting and had an election where the decision was important enough. Or China in Africa, or Israel in the Middle East, etc.
> I think we both know that a corrupt government would not want to secure elections with merkle trees and publish them online. Too much chance of being caught, and they’d have no way to fudge the results reliably.
I think you seriously don't understand what a sham election is, what people know about it, and why it is done. Sham elections don't use semi-sophisticated means of voter fraud that could be thwarted by a better voting scheme. They don't have corrupt officials surreptitiously changing or adding a few votes.
They are entirely ceremonial affairs, where both the people voting and all of the officials know what the results will show beforehand. Often there aren't even options on the ballot. Even if there are, people choosing the wrong option will be threatened, possibly arrested for political crimes, etc. Everyone in countries with sham elections is well aware their vote doesn't matter, or it only matters in so far as the wrong vote can be like wearing an "I hate Big Brother" hat out on the streets in 1984.
The purpose of a mock election is to have some semblance of a normal electoral process to have a minimum of plausible deniability to facetiously claim you are following a democratic process. If people overall believed that the right way to do elections is electronically and by publishing a Merkle tree of the results, corrupt governments would hold sham electronic elections and publish made up Merkle trees.
You'll then have stories from journalists going and asking for people to compare their votes against the public tree, and seeing their votes are different. Just like today you have journalists coming back with stories of entire villages voting for the dear leader when local villagers say they didn't even enter the polling station. And it will matter just as little: the ritual of the election is the only thing that matters.
Just to be clear - even though I say “Merkle Tree”, I am not saying the unhashed votes themselves would not be stored in it. The hashes are just to quickly verify integrity of the underlying data leaves (the actual votes people cast).
The anonymity is done between registration and voting. There is a cryptographic mixer like Tornado Cash that is responsible for the unlinkability, by “tumbling” the tokens to anonymize them while still making sure that each person voting legitimately had registered. (Never mind for a moment that the IP address of the voter can be tied to their address, that can be fixed too.)
So yes, ALL the votes are stored and published in the Merkle tree, and ANYONE can challenge the election, not by hearsay allegations but actual PROOF that anyone can verify. Because the public keys of the UX vendors are published along with the Merkle Tree and are caught red-handed signing conflicting votes. Either the corrupt districts or the UX vendors would have to risk literally ANYONE producing a smoking gun. It is that chilling effect that keeps them all honest, and why we have checksums for things in general. Having everyone in the world see proof of fraud is very different than a bunch of villagers claiming to a journalist locally that they hadn’t even voted.
So given this description, tell me directly — doesn’t it ADD a lot of security and reduce the attack surface and make elections standardized, cheaper and far more trustworthy - don’t you see the value in that?
Think about it — this scheme alone allows some great integrity features for elections. The “election Luddites” are essentially claiming that this has ZERO VALUE and shouldn’t even be tried, shouldn’t even be ADDED TO the existing paper systems even if you lost nothing, because it adds NO SECURITY. That is quite a claim given the properties I listed!
More generally, this is how Smart Contracts work and why they are valuable. Thousands of independently run nodes get to check the data and operations, which are public. The entire community benefits, and in fact the results of voting (eg how much UBI to give out) can be used on-chain. By lowering the cost of collective decision-making, blockchain technology enables a whole new level of efficiency (much like red lights enable better traffic flow), making things like elections or large marketplaces available to everyone without “offchain” corruption-peone mechanisms like surety bonds and reliability ratings (remember Lehman Brothers?)
> There is a cryptographic mixer like Tornado Cash that is responsible for the unlinkability, by “tumbling” the tokens to anonymize them while still making sure that each person voting legitimately had registered.
This is not anonymity, it is pseudonimity, if the system then records "person in control of key K voted for X". Sure, it may be impossible to tell who is that person, unless they come out. But that person can prove to anyone they want that they voted for X (assuming the system were trusted, see more on that below), so they can be forced to show someone who they voted for, either through direct coercion or as a condition for receiving money for their vote. In contrast, once you put a paper ballot in the urn, it is impossible for anyone to tell who you voted for.
> So given this description, tell me directly — doesn’t it ADD a lot of security and reduce the attack surface and make elections standardized, cheaper and far more trustworthy - don’t you see the value in that?
No, it only gives a false sense of security, which is worse. Everything you are describing relies on trust in the people that build these systems, trust in the people that invent the algorithms, trust in the people that invent the maths, trust in the chosen parameters of the cryptographic systems, and so on. Literally none of what you are describing works if you don't trust in all of these people to be (a) honest, and (b) really really good at what they're doing.
It's infamously easy to screw up an encryption implementation, even given a well known and accepted algorithm. It's even easier to screw up a market system and end up with perverse incentives which were not apparent when the system was put in place (like the infamous, though possibly apocryphal, cobra farms).
I asked you before as well: would you be happy to issue your vote from a PC that you know is infested with malware the CIA/FSB/etc controls? If not, then you must admit that the cryptographic guarantees are only a small part of the security of the process, and the whole thing, from client to network to server, needs to be perfectly secure or the election can be stolen.
And you are proposing to add this to a paper based ballot system that is (a) dead simple; (b) almost universally used; (c) proven secure enough in many thousands of elections.
I'll also note that, as always, the blockchain part is not adding anything to all of this. You can just as well have the encryption guarantees and an open protocol with government-run servers, WWW style; that would have all the same problems, but at least it wouldn't also require some bizarre proof-of-stake (what would even be the stake here???) or wasteful proof-of-work scheme to depend on for security.
Finally, I'll come back to this point:
> not by hearsay allegations but actual PROOF that anyone can verify
Nothing you are describing can prove anything. It all still relies on your claim that you were trying to vote X, but the system registered you as voting Y. It's your word against the system. You can be convinced yourself, but you can't 100% convince anyone else.
Edit: note, I am the same person as tsimiones, just posting from a different account from my work computer; not trying to make it seem like multiple people are taking my position or anything like that.
No, it only gives a false sense of security, which is worse. Everything you are describing relies on trust in the people that build these systems, trust in the people that invent the algorithms, trust in the people that invent the maths, trust in the chosen parameters of the cryptographic systems, and so on. Literally none of what you are describing works if you don't trust in all of these people to be (a) honest, and (b) really really good at what they're doing.
Now it's getting a bit silly. Imagine saying about all the technology infrastructure we use daily, such as electricity and computers, that since they require "trust in the people who built these systems, trust in the people who invent the algorithms, maths, and parameters of the curves etc" therefore they are giving a "false sense of security". No! The math isn't just arbitrary, the people aren't just cobbling together a computer I happen to buy. There are literally standards bodies, scientific literature, audits and much more. There are entire ecosystems for error-correction. Otherwise, throw away your technology, you're trusting phone and computer vendors, you're trusting mathematicians with math, and scientists with science... and that's actually worse than living in a world where you fetch water yourself from the river. What? No, it's not.
If you're down to those kind of arguments, I and people like me would conclude that you're out of good ones, and we have a good solution after all.
A paper ballot system isn't great at all -- it is far too slow and expensive and frustrating to run an election, and voter turnout is low for traveling and standing in line -- and certainly it is not "proven secure enough in many thousands of elections". Many elections around the world are disputed, contested, insecure, and the ones you think are secure, are also contested (e.g. the 2020 election, the 2000 election, the 2016 election). You dismiss it in cases you like (US elections) and are happy for your politicians dispute it in cases you don't like (Venezuela) etc. Even if the Supreme Court of Venezuela weighs in, you wouldn't trust it. It's a canvas on which everyone can paint their own outcome, and claim the other side "stole" the election (as if their side didn't engage in similar shenanigans to cancel it out).
If we switched to electronic systems, verification would be so cheap that anyone could do it (as it is for, say, verifying files you downloaded from the Internet with a checksum, which wasn't always the case with previous technology such as analog-to-digital MoDeMs without cryptographic security) -- not only that but it would enable so many more applications. Imagine using Git version control without a SHA1 checksum, and just "trusting the system" to never flip a bit. Imagine not being able to use Merkle Trees for downloading files, verifying their integrity, etc. These things not only improve security and reliability at almost no cost, but enable a whole class of things that would be impossible with pen and paper. Seriously you don't see a difference between, say, BitTorrenting movies and Roman scribes copying into a clay pad? Oh, but we're trusting people who discovered electricity, invented general-purpose computers and the hash algorithms, what if they're trying to trick us and will finally rugpull us all in 2025? Alan Turing and John Von Neumann will have the last laugh as we'll all download the RickRoll files instead of the ones we want.
Nothing you are describing can prove anything. It all still relies on your claim that you were trying to vote X, but the system registered you as voting Y. It's your word against the system. You can be convinced yourself, but you can't 100% convince anyone else.
Not at all. If someone was able to record a signature that their voting gateway signed vote for X as vote for X, but then later that same service claimed they voted for Y, they are caught red-handed cryptographically signing with the private key two conflicting votes. You're equating that to some villagers telling some journalist on camera that they never voted. Ugh. One can be verified by anyone, the other is just hearsay by some journalist.
There is a major difference between trusting regular infrastructure and trusting elections infrastructure. The threat model is completely different. For one, vote secrecy makes it impossible to prove that your vote was mis-registered. For another, in normal situations the cyber-adversaries I need to worry about are regular criminals, for which basic computer security practices are good enough. But votes in an election are improtant enough that nation-state actors are a real threat, and I am absolutely certain that my phone or laptop are not secure against hacking attempts by a nation, or even potentially my own government!
Not to mention, elections are the only situation where trust in my government is not fully possible: the current government has too much incentive to steal votes secretly. So, unlike the electrical grid, roads, financial infra and so on, I can't rely on implicit trust in the government to trust elections.
> If someone was able to record a signature that their voting gateway signed vote for X as vote for X, but then later that same service claimed they voted for Y, they are caught red-handed cryptographically signing with the private key two conflicting votes.
If. What if instead my voting app is showing me that my vote was correctly registered, and that key verification succeeded while the polls are still open, but once the polls close, it shows me that in reality the server registered the opposite vote? How do I prove to anyone else that I voted for X and the app was showing me I voted for X, but now the system shows I voted for Y, and that is what is recorded in the official counted results?
This doesn't even require anyone breaking the encryption: the app can just show me a lie, or some malware can intercept the display info and show a different result, etc. To not leave any trace, the malware even deletes itself from the system as soon as the election timeout expires. Or maybe I am just lying and nothing wrong happened: I voted for Y, the system recorded I voted for Y, and now I'm just trying to cast doubt. Same as a paper based election, anyone can claim anything, and it's exactly as impossible to prove one way or the other.
Plus, again, only a very very very small group of people can actually confirm for themselves that all of these complicated crypto algorithms actually do what they promise to do. Especially when looking at the end to end system. I for one am certain I couldn't verify for myself that all steps of such a system is secure. I would bet you can't either. If, say, Ron Rivest (of RSA fame) came out and said the cryptography used in the election is broken, while Adi Shamir (same) said it isn't, I would have no way to be certain which is right, and even if I tried to verify the math myself, I wouldn't trust myself as much as either of them.
First of all, blockchains are a third party ledger, which is maintained by many independent nodes are the large ones are infeasible to corrupt by a nation-state. The attack could only happen at the point where you sign transactions for the smart contracts.
Voters are required to use at least 2 devices, such as scanning a QR code on their laptop (which runs Chrome) with their phone (which runs Safari).
The QR code contains (or points to) a vote that is cryptographically signed by one gateway. The website or app on the phone checks this QR code and displays the same result back to you, and you confirm it on eg your phone’s screen.
On both gateways (call them Services A and B) you indicated your preference, and digitally signed it, not just with your own key, but there is attestation by the device’s own private key, which is derived from the vendor’s key, meaning the vendor stands behind what their device or app does.
Let’s assume absolutely every signature service cannot be trusted, including all your crypto wallets, incouding Apple’s secure enclave, everything is designed to be sleeper agent to mislead you on the day of the election. They just really want to change everyone’s vote. You can still prove which services were corrupted!
Let’s say that you got signature Service A and Service B to sign two different candidates during the same chain of QR code confirmations. The proof is there that at least one of the services was corrupt. Even if it happened only once, with one voter. The indelible proof is on a blockchain and replicated so nation states can’t hide it. So no Service would agree to volunteer such a blatant proof of its own corruption, given the cost to its vendor. It would only happen if the Service would be hacked by an employee of the vendor, and that would only hurt the vendor, not the election. The vendor would try to eliminate this possibility as much as possible.
However, if service A one lied to you, and you found out after scanning the QR code with Service B, then you wouldn’t want to submit your faulty vote with service B when it revealed that to you. But the service B would already would have provable dirt on service A. Not conclusive, since the voter could after all be someone who would rather complain about a non-faulty system than vote. I won’t speculate on chances of many registered voters not wanting to vote but simply make up fake complaints about the system, but I don’t think regular users should face penalties for lying, so I’ll just accept this as a serious possibility. All I will say is, these people are similar to those who stay out and don’t vote now. It’s an issue of “turnout”.
But even in this scenario (of a malicious voter rather than malicious service), Service B would then be required to do the reverse — process your other vote, and sign the transaction, then anonymously submit it to Service A to be signed. Service A would have to either refuse to cooperate with Service B, or sign it. After that, you’d be given a QR code presented by Service B, and verify it with Service A.
Of course there could be far more than just a of Services A and B. There could be 100 services (eg web-based) and voters could be required to go through a chain of 3 of them, as determined from a random oracle (ie they don’t get to pick who to collude with). You’d get the list of 3, and an honest service would simply redirect you to the next one as you bounce between two devices via QR codes.
Service A on Laptop
Service B on Phone
Service C on Laptop - done
Everything that’s signed goes into a third-party gossipped / replicated log (doesn’t have to be a blockchain, there doesn’t have to be a total order). This log / heap is what contains the indelible proofs that can be found out anytime after the fact, which is why every service must be careful to mess up even once.
You see, there is a huge difference between actors/nodes simply voting between some arbitrary choices A and B, and nodes voting while also following cryptographic constraints amd creating a trail where cheating at any step can be caught and proven later. The latter is much harder to pull off and, given costly enough consequences, creates chilling effects and strong incentives to be honest. This is what many BFT algorithms get wrong and why they fail in the presence of over 33% malicious nodes.
In this day and age the counting should at least be live streamed. Almost every big box store in the US already has a self checkout area that's almost equipped for this task (it has the hardware and the software, just not the physical layout). Publicly (like a public park, not like a "public" school) verifiable vote counting shouldn't be a hard problem.
In a hand count you might get the odd bad actor, but you're unlikely to get large scale systematic bias, which is much easier to introduce in a machine counting system.
“the odd bad actor” is incredibly optimistic, almost like there is already a bias against ever digitizing or using cryptography for adding security to a manual process with tons of ways to corrupt an election
Elections around the world do not match this optimistic characterization. If they did, we’d all trust the outcomes of:
Belarus’ election of Lukashenko
Venezuela’s election of Maduro
Crimean 2014 referendum
Kosovo’s independence referendum
(Note you probably think the last one was a lot more reliable than the first three — a lot of it has to do with living in a certain part of the world and believing the national media, which is only possible because the voting system and results can be so untrustworthy as to not allow regular people around the world to check anything, so propaganda is given free reign. Science and reliable knowledge usually doesn’t work this way.)
In fact, let’s be clear… the “dictators” WANT the elections to have many ways to corrupt them, they WOULDN’T want a blockchain or merkle tree, that should tell you a lot
And the “war hawks” in countries like USA who oppose their geopolitical rivals also want the elections and referendums to not be secure and clear, so they can cast doubt on them (eg Crimea) while at the same time claiming others (like Kosovo) are completely legit and justify unprecedented actions .
As an aside, the vast majority of both Crimea[1] (94%) and Kosovo[2] (99%) that turned out to vote in referendums in 1991 voted for independence, so we all pretty much know what the public wanted later too, but it doesn’t affect the spin put on the later referendums and conflicts anyway
If elections were secured by cryptography, the People around the world would have far more confidence, rather than listening to their own media propaganda spin the ambiguities, and the wars might even be avoided.
That seems like it'd be impossible to implement. Either I'd have a record that I voted with no way to confirm who my vote was counted for, or I'd be able to prove that I voted for a specific candidate which opens a Pandora's box of problems (either coercion for voting for the wrong candidate or bribes for provably voting for a specific candidate).
I mean sure, if someone can come up with a workable blockchain-based system that would be good, but I don't think that is an in-practice option on the table right now.
First of all zero-knowledge proofs allow you to verify stuff without being able to prove it to others
But honestly, I think the whole idea of being able to prove how you voted being dangerous is overblown. The same people who say you don’t need an ID to vote because it’s a non-issue then come up with fantasy scenarios of masses of people being forced to prove how they voted, or bribed to do it LOL.
> masses of people being forced to prove how they voted, or bribed to do it LOL
Would you believe that in some households, the husband considers his wife's vote as his property? And that there are lots of households like this?
It doesn't have to be a singular mass of people being coerced by a single entity. Lots of wives being coerced by lots of husbands is also corrosive to elections.
I don't know if there's a lot of bribery risk, but a family member asking to see how you voted has plenty of room for coercion and abuse. It seems good that no one but you can know how you voted in principle.
> First of all zero-knowledge proofs allow you to verify stuff without being able to prove it to others
I doubt it, and I suspect if you try to point at a specific system to implement you will find that that none exist even in theory. I can verify I voted with zero knowledge, yes. But I can't verify who I voted for. So I can put candidate A into the machine, it switches to candidate B and we can all prove I voted in the election.
Conversely, if I can prove who I voted for then the scheme is vulnerable to the well known after-election issues because I can prove it to others. If I can only prove something with plausible deniability note that I probably can't tell if the machine switched my vote around. There might be something that can be done in the space, but it is a tricky one to resolve.
> But honestly, I think the whole idea of being able to prove how you voted being dangerous is overblown.
If you check you may well find it in a reasonable-worse-case scenario it is a matter of life-and-death. I think maybe literally zero government electoral systems make the voter's vote public (ie, we have near universal secret ballots [0])? There is a reason for that. If we wanted people to sign their name on the vote slip that'd be great for auditing - but we don't because that would set the system up for some really horrible failures. The one that leaps to mind is "if you don't vote for me and I get in, I will do [insert blank] to you" strategies.
In most US states I can get a voter’s database and “party affiliation”. I was shocked that thus info is publicly available, and all the people’s addresses and driver’s license info are also stored there (and can be leaked)
The “party affiliation” is a very good (around 95%) proxy to how they’re going to vote when they show up, as long as the two-party system dominates, which is why I say the whole “ability to prove your vote” thing is overblown, since your party affiliation at registration is already known, even publicly:
If everyone got a unique prime number and a running total vote product was available, I always thought this would be a neat solution. Still susceptible to the goon-with-a-wrench technique I think
That doesn't sound like it secures anything. I can't verify that my prime number is unique (I vote for A. There is already a vote for A at 3. The machine logs a vote for B at 5 and reports to me my number is 3). So it'd be a scheme where nothing can be proved to me that I didn't already know. I still have to trust all the same middlemen, and I don't gain any knowledge about the integrity of an election.
That is an unreasonable assumption, there isn't a secure way to issue everyone with a guaranteed unique prime. And even if there was, what is this system supposed to be doing? It doesn't secure anything and it doesn't enable any new knowledge that wasn't already available by just signing ballots with your name (which is a bad idea, so by comparison we might expect that this prime scheme is also a bad idea). Are you sure that is an interesting thread to pull? It doesn't look at all promising to me.
It is absolutely 100% not overblown. Voter punishment and suppression is a well established practice in many places. India's vote tallies for example have evolved to a pretty complicated system, because local powers were even instituting collective punishment on whole villages if they voted "badly". So, the vote counting system had to be adjusted to extend vote secrecy not just to the personal vote, but even to entire counties.
This is a very real problem with a well known history. Even in the USA, gerrymandering is facilitated by this kind of information. If votes were mixed during counting so that you didn't have information about vote counts in each polling place, it would have been considerably harder to come up with the crazy districts being used today in many places. Having personal identification of each voter would definitely have creative uses as well.
And as for bribing, in this very election we have Elon Musk publicly announcing he's giving out money to people who essentially pledge to vote (with some attempts at plausible deniability for committing this federal crime). I'm sure smaller and less loud election influencing is being attempted all the time - but it's hard to do if people can outright scam you and vote differently than what you paid them. Having an online proof of your vote would open up the floodgates to this at a massive scale. And there are plenty of people poor enough to see this as a lifeline.
People who want voter ID are wrong because they ignore the racist history of using voter ID requirements to disenfranchise voters and/or don’t understand how voter registration or ballot tracking work.
Voter ID is simply not something that will add security to the voting process but it will disenfranchise voters.
ID is already verified when registering and names are recorded when submitting ballots. Anyone seeking to cast ballots in the name of registered non-voters would need an army of individuals that won’t be recognized by poll workers and perfect knowledge of who is registered and not voting.
If a single registered voter name tries to cast two ballots that will trigger an investigation that will unravel the conspiracy. It doesn’t scale. It’s a problem made up by people who want to disenfranchise voters and is eaten up because it sounds “common sense”.
People who don’t think anonymity in voting is important lack imagination and historical knowledge. Fear of retaliation from the government, political fanatics, your family, or friends is perfectly rational and is why voting must be anonymous. This is an especially reasonable concern in an election where one of the candidates refers to voters as “the enemy within”. Consider voting for a Communist when Senator McCarthy was on his witch hunts. People are right to be scared of retaliation.
I’m not calling voter ID racist. I’m saying that in the United States it has an established history of being abused by racists to suppress minority votes. This is a verifiable fact. Look at the Voting Rights Act for proof.
> You need to have a consistent standard for discussion, and clearly the latter approach isn’t very helpful or productive.
(without making any claim about "block chains for voting are good/bad")
Not really. Generally if you want to privately check something like this, you encrypt it for the recipient (government), and sign it with something that only you know. So the contents are hidden from everyone and nobody knows anyone's signature, but you can prove that your item is in the list, unmodified, and is therefore counted.
And then the chain would provide a quick way to check for "has not been modified since I checked", without needing to do the full check again.
Traditionally, you would sign with the government’s public key so that only they can decrypt it. But ballots are so low entropy that I’d be worried about brute forcing it (maybe some significant nonces can be added?) a solution where you use the block chain signed with certificates held in a central database is just… another case of people pushing blockchain without understanding it
Assuming uncontrolled public access to the blockchain, couldn't this also be used to prove to others that you voted "correctly", facilitating vote buying schemes?
Particularly if you do not publicly disclose the cert you signed it with: I'd be willing to bet there's some way to make it so you can produce a signing cert that'll claim you filled in any data you wish.
E.g. have your signature data be a class of values based on vote possibilities, but have all produce the same final signature. You could produce anything for anyone that way. I'm not sure if that'd be "forward secrecy" or "deniable encryption" or what, but there are a variety of systems that do similar things.
I am not a cryptographer and I don't know any concrete implementations that would have all the properties I want, but pieces of pretty much all things you could reasonably want in a voting system do already exist. And pretty often they can be layered together. The bigger problems in practice seem to be "people won't trust it" (which is defensible), "some of the fancier crypto is too new and not thoroughly proven" (which is very true, e.g. zero-knowledge proofs), and "implementers so far have been stunningly incompetent" (undeniable).
(edit: or I guess more easily, just sign the data after encryption, and throw away your encryption key. then you can claim whatever you like - it's encrypted, they can't know, and you can still show that it wasn't changed)
Historically, you open the box and count them in front of anyone who wants to watch — using enough polling sites that’s a relatively short task at each.
Moving ballots, machine counting, etc are all relatively modern inventions — and seem to greatly weaken the consensus mechanism for little benefit.
In traditional voting, the votes get counted by humans, supervised by other humans. If you want to spend the time and energy, you can be one of those humans.
It's completely different from a machine count. Humans have human failure modes, which are easily accounted for. Machines have random failure modes, and complex ways of being attacked. And all of the machines can be wrong in one direction at the same time, which is impossible for human counters.
Even random spot checks don't work for machines if the machine has some way of detecting it is being checked.
>Even random spot checks don't work for machines if the machine has some way of detecting it is being checked.
That's theoretically a possibility, but it's trivially defeated by choosing which ballot boxes to spot check after the machines have finished counting.
Fair enough, but there is also another problem. What happens if you detect a discrepancy in one or two places, but good results in many others? Do you still issue a full recount of all places that the machine was used? If not, then an adversary can still subtly modify the results of the election, at least probabilistically.
The actual ballots are stored, a selective audit is done to verify the electronic count, and in the event that raises issues a full manual recount can be done.
The electronic voting system issues in the 2000 elections motivated the Help America Vote Act of 2002 under which voter-verified paper records for audit purpose required for all voting machines (this requirement became effective in 2006); effectively, “voting machines” add ballot marking machines that may also be involved in convenience tabulation, but are always audited against hand counts of paper ballots, which are the ultimate authority.
The idea is that the machine just provides a preliminary count, a official manual count happens over the following several hours. If there's a discrepancy then the only the manual count counts and the machine can be identified as problematic.
> Where am I technically wrong here? I'm sure I'm missing something obvious.
As I understand that article, BIOS access requires two passwords, and the list only provides one of the two passwords. So, instead of "password list" I would say "partial-password list".
The list also misses "There is 24/7 video camera recording on all election equipment." Of course, you can raise concerns and failure modes about video recordings, but that all brings up the question "Were those recordings compromised?" You should not assume that they were.
CO mails paper ballots to everyone* about a month before election day. You can choose to vote in person, or mail in/drop off your paper ballot anytime prior to election night.
My understanding is what while the ballots are paper, many (all?) are tabulated digitally. It certainly appears to be laid out in a way that benefits digital reading, and i believe that is what the machines in question are responsible for.
I’m an overseas Colorado voter. They lump me in with the military voters so my voting process is super easy (I’m sure certain groups would love to make this harder, but not for the troops). I get an email that my ballot is ready, I go to the CO website, authenticate with my SSN (fucking yikes), fill out my ballot online, print a copy to pdf, slap a digital signature on there, and email it back to the SOS who presumably prints it out and throws it in with the rest, and then get an email saying my vote has been counted.
It’s amazing how easy voting can be when we want it to be.
When you disregard basic voting security, everything becomes super easy. Mail-in voting allows for vote buying, the only way to avoid this is by having a private in person voting booth so the person voting cannot prove to the outside world who they voted for.
Even this isn't secure now, because everyone can just photograph their voting card within the booth.
After your very last sentence, I’m not even sure what your point is here. You just listed a bunch of reasons you don’t think mail in ballots are safe, and then ended with saying the alternative also isn’t safe from vote buying.
Vote buying also does not appear to be a problem in the US electoral system, as another commented pointed out: in order to make a difference in the election, you’d have to buy enough votes that someone would be bound to tell on you.
Yea no, I get that, it's just that voting was still secure up until smartphones were ubiquitous. Now it's not.
It's not just about vote stealing per se, it's about any third party infraction of individual voting rights. It may not matter on a large scale, but it matters to individuals.
Not only that, but it matters that bosses can't coerce workers into voting for someone, or an abusive spouse, or any third party who might have an interest in swaying an election. It often doesn't take much to sway an election.
It becomes very problematic when a victim is unable to vote for someone who would stop abuse. For example, Russia decriminalizing spousal physical abuse. That same thing could happen anywhere, and then you'd have every asshole abuser at home forcing their family to vote for their choice.
Not having secure voting is a real problem, and one that is now unsolved thanks to smartphones.
With my remote voting, I can generate as many ballots as I want. If I want to make a dummy ballot that says I voted for any given candidate in order to fool someone it is easier than ever. Now instead of 1 physical ballot, I can generate multiple ballots, and do as I please with them.
That's a different security issue, not related to voter coercion.
There are checks to ensure votes aren't fraudulent, that's actually very easy and already done. You can send as many ballots as you want, but they need to be legitimised against a person. That's not such an easy grift. I believe
Do you have any evidence this is happening? In order to swing an election, you'd have to buy a lot of votes. That's a lot of people to rat you out.
You're proposing that secret vote-buying conspiracy is going on and thousands of people are all keeping their mouth shut in order to keep getting that... $10, $50, $100 bribe?
Hehe you disproved your own claim. Mail-in voting does not “allow” vote buying any more than any other method of voting. It’s simply not possible for the voting system itself to prevent vote buying, if that were actually a serious problem. But where’s the evidence that vote buying is a widespread problem in the US? Imagining that something is possible doesn’t mean it’s happening, nor make it likely, nor make it a serious problem to solve. And on the flip side, the more technology we add in the name of security, the easier it is to influence elections without people knowing and without having to buy votes.
If you don’t want it to be possible for people to buy or sell votes, then you need to make sure every citizen is engaged and cares about casting their own vote, and you need to make sure the government has a stable and trustworthy system of checks and balances. And why not just make it illegal with massive fines to buy votes and post a huge bounty for anyone tattling on a vote buyer that gets prosecuted? It doesn’t seem that complicated to disincentivize vote buying in a way that eliminates any concerns about the method of voting.
> You would think AI/ML could help with fraud detection.
I think that's a very big leap to make, that the ballots are going to where they're going because of fraud. Hanlon's razor applies.
> ballot box stuffing
Ballot-box stuffing happens when more ballots are cast than there are people who voted. This is difficult to do when voting by mail. Indeed, from the article:
> LeVan Hodson told KING 5, "Even if someone gets a second ballot (or more), whether under their name or someone else’s, we’ll only ever count one ballot per registered voter with their matching signature."
When you receive the envelope, you check the signature against what's on file. You also check records to see if the voter had voted elsewhere (such as at an early-voting location). You can check to see if the voter reported not receiving their mail-in ballot. You can do all these checks before opening the envelope. And once you do open the envelope, it's easy to see if multiple ballots had been included in the envelope.
The signature on my voting registration is the one I used when I first registered 40 years ago when I was still in high school. It’s quite different from my signature today, and it’s never been challenged.
> County officials in Pennsylvania confirmed to local news outlets that the man filmed in the video was an acting postmaster, doing his job. After the video went online, he began receiving threats.
Because of how the electoral college works, and because of how tight the margins are, you don't need to have or enable fraud on a massive scale to cheat. All that's needed is putting your thumb on the scale in a few select jurisdictions and that could tip the scales one way or the other. It's within the realm of probability that the presidential election will be decided by < 50k voters nationwide.
But you have to know which 50k voters in which state, and be able to put your thumb on the scales without tipping off the dozens of people who are professionally employed to prevent exactly this scenario.
More than a few people have been caught trying to cast just a single extra vote.
How in the world are you going to pull off a massive conspiracy like in the midst of the most scrutinized election in the world.
Another example of "Everything looks suspicious when you don’t know how anything works."[0]
Mailed ballots are verified against voter registrations and signatures are checked against the signature on file. This woman with a bunch of ballots for former residents of her apartment would gain essentially nothing and open herself to serious criminal penalties if she tried to vote as anyone except herself.
The article you cite says nothing in direct response to the parent comment (ballot harvesting, etc.).
It also includes some misinformation, saying " signature verification is a critical part of ensuring that only valid ballots from eligible voters get counted" ... while many states, including Pennsylvania, Wisconsin, North Carolina, and Georgia, do not verify signatures.
In texas you pick your items on computer and it spits out a paper ballot that you can look at to verify it's what you voted for. The info is also included in a qr code like form for a reader. In the event that something looks off it can be verified by humans. I figured something similar was done all over.
This is not the case everywhere in Texas. In many places, you fill in a paper ballot at a booth and feed it into a machine at the end with nothing printed afterwards.
It is important that the voting system have credibility for everyone - regardless of party. Has anyone done a ground up exercise of rethinking the process and the involved technologies from a cybersecurity standpoint? It would be great to offer voters verification of their votes while maintaining secrecy.
But right now I feel like we are stuck, with one half the country having doubts about the process and the other half insisting that it is absolutely perfect. It isn’t enough for the process to be either correct or trustworthy. It has to be both.
> But right now I feel like we are stuck, with one half the country having doubts about the process and the other half insisting that it is absolutely perfect.
It's not correct that one half of the US insists that the election process is absolutely perfect. There have been countless investigations, inquiries etc. and the process is being continuously reviewed. One half of the US insists that the process shouldn't be changed to the detriment of minority groups without any actual evidence that problems exist (as the investigations etc. did not result in such evidence), yet the other half still insists that the problems occur and the evidence is just hidden too well, and the process must be changed without ensuring that minority groups aren't affected more than other groups.
> One half of the US insists that the process shouldn't be changed to the detriment of minority groups
This trope that minorities are affected by voter ID laws doesn’t pass the slightest scrutiny. It’s also just plainly offensive and racist to assume minorities can’t show the basic competency to obtain ID when you already need it for so many things. Where were these complaints when everyone, including minorities, had to show documentation around their vaccination status for various things? Why isn’t this issue in every other country that does require ID to vote in elections?
> without any actual evidence that problems exist (as the investigations etc. did not result in such evidence)
A system not designed to generate data for such investigations will not turn up evidence. Just like with poorly designed software systems.
> This trope that minorities are affected by voter ID laws doesn’t pass the slightest scrutiny.
It is well-supported by actual research (e.g. [1]) AND by simple logic. Every single point you brought up has a clear counter argument - why didn't you respond to any of them? Have you simply never heard anyone mention them?
> It’s also just plainly offensive and racist to assume minorities can’t show the basic competency to obtain ID when you already need it for so many things.
It's plainly offensive and racist to ignore studies (e.g. [2]) that prove a higher percentage of minorities owns government issued photo ID compared to non-minorities. I'm not assuming anything, I'm only looking at statistics, at real people and data. You're instead attempting to move the conversation away from data.
> Where were these complaints when everyone, including minorities, had to show documentation around their vaccination status for various things?
First, such complaints did exist back then as well. Second, both vaccination and frequent testing were subsidized by the government, with extra investments towards minorities. Why don't advocates of voter ID ever make similar suggestions? Why not propose a program that allows any minority to acquire a government ID without any downsides, and once that's done propose voter ID?
> Why isn’t this issue in every other country that does require ID to vote in elections?
Because in pretty much every other developed country:
- there exist standardized, government issued IDs that are distributed to every citizen during normal government interactions (e.g. in Germany you must own government ID)
- poor people (a group that minorities make up a disproportionately large part of) have more free time and are in far less precarious positions regarding job security, and consequently health care
- poor people have a far easier time getting to government buildings (e.g. cities are less car-reliant, better public transport, better coverage of government buildings)
The US is in a very different position compared to most other countries. It’s just plainly offensive and racist to introduce additional barriers to basic rights while fully aware that the average person from minority groups will have to spend more time and effort to clear them.
I'm not going to spend time digging up research for every claim I've made unless you're willing to do the same for your positions. But since you've now been made aware that this "trope" does pass the slightest scrutiny, I'm looking forward to your response! Just to summarize, you'll have to explain how the disparate impact of additional barriers to voting isn't "plainly offensive and racist" given that:
- non-minorities are much more likely to own a government ID than minorities
- non-minorities on average have an easier time acquiring such ID
- non-minorities on average face fewer potential repercussions regarding work and health care acquiring such ID
I certainly don’t think we should restrict voting to landowners but maybe having a minimum requirement for citizens to participate in democracy (having an ID) isn’t a bad thing.
I think the concern with not requiring ID is that it could allow non-citizens to vote. Making it illegal for non-citizens to vote also disproportionately affects minorities, but that doesn’t justify changing that.
Do you know any minorities personally who have struggled to get an ID? Most minorities I know would be pretty offended by that implication.
> I certainly don’t think we should restrict voting to landowners but maybe having a minimum requirement for citizens to participate in democracy (having an ID) isn’t a bad thing.
Come on, you can't mean this in good faith as a response to my previous comment. It's a fact that minorities are less likely to have government ID, and that it's on average harder for them to acquire it. This is not "a minimum requirement", this is a requirement that - in the current system - deliberately shifts power by disenfranchising voters.
> I think the concern with not requiring ID is that it could allow non-citizens to vote. Making it illegal for non-citizens to vote also disproportionately affects minorities, but that doesn’t justify changing that.
It is already illegal for non-citizens to vote, but I'm sure you know that. You also know that there is no comparison between the two things.
The worst part is: non-citizens voting would be a valid concern if there were any evidence for this happening beyond a handful of cases per election. But there isn't, because non-citizens generally don't want to risk being caught for one single additional vote. And it's not for a lack of looking - the GOP has spent millions upon millions of dollars to find anything, and they have not been able to procure evidence of non-citizens voting in any meaningful capacity. Yet apparently the rules must be changed anyway, no matter the cost to democracy.
> Do you know any minorities personally who have struggled to get an ID? Most minorities I know would be pretty offended by that implication.
Do you have anything meaningful to contribute to this discussion? Any response to any of the points I've already brought up? I don't need to bring up anecdotal evidence when this topic has been broadly researched, and basic logic leads to the same inevitable conclusion.
> Come on, you can't mean this in good faith as a response to my previous comment.
I sincerely do, I don’t know what else to tell you.
> It is already illegal for non-citizens to vote, but I'm sure you know that.
In many states, non citizens can vote in state or municipal elections just not the federal. In states without Voter ID, a non citizen could easily register with an electric bill. It would be illegal, but it would be very hard to prosecute.
> Do you have anything meaningful to contribute to this discussion?
I think you bring up great points in a challenging and partisan topic. I’m just outlining some of the concerns that people have with not requiring Voter ID. You can dismiss them as invalid if you want! But I think you would have more luck trying to prevent the disenfranchisement of minorities if you wouldn’t dismiss all of these concerns out of hand.
Again, you’ve made a fairly strong case that voter ID disproportionately affects minorities, but you haven’t made the case that wide swaths of voting citizens are actually disenfranchised, nor have you made an argument that justifies abandoning the concept of election security altogether.
> In many states, non citizens can vote in state or municipal elections just not the federal. In states without Voter ID, a non citizen could easily register with an electric bill. It would be illegal, but it would be very hard to prosecute.
Let's play this scenario through. You're a non-citizen and risk being found by registering to vote. You get a provisional ballot (since you can't have registered properly before, as that would have been validated and found). This provisional ballot will be counted once your registration is validated, which it won't be, since you're a non-citizen. So what is the exact danger here?
> I think you bring up great points in a challenging and partisan topic. I’m just outlining some of the concerns that people have with not requiring Voter ID. You can dismiss them as invalid if you want! But I think you would have more luck trying to prevent the disenfranchisement of minorities if you wouldn’t dismiss all of these concerns out of hand.
Thanks, but I'm not dismissing them out of hand, I'm asking for evidence that these things actually happen. If that evidence exists I'll gladly agree that election security must be improved.
> Again, you’ve made a fairly strong case that voter ID disproportionately affects minorities, but you haven’t made the case that wide swaths of voting citizens are actually disenfranchised, nor have you made an argument that justifies abandoning the concept of election security altogether.
Of course I haven't made an argument that justifies abandoning the concept of election security altogether, because who would want that? I want elections to be secure, just like everyone else.
I think I've made a pretty good case that enough voting citizens would be disenfranchised. Why does it have to be wide swaths? Why should you be allowed to disenfranchise even a small percentage of voters, even though you have no evidence that your security concerns are actual issues?
Paper ballots are standard and the majority of states require ID to vote.
There was someone using the Michigan voter file (which has a line in it for each change to the voters record, so repeats voters) to claim that someone was voting dozens of times. They weren't airing a legitimate concern about the voting system, they were sowing discord by lying about how it works.
Your framing of the situation is reductive and cartoonish.
I take it that you mean that before you tear down this system, understand why it is the way it is. And, yeah, sure. I don't think that invalidates reimagining the solution from what may be new/updated first principles.
This feels a lot like the people who simply tell others to become a poll worker when they start asking hard questions about the system. I get the wisdom in this but it can also be a waste of time. In other (non electoral) situations, many big improvements can and have happened without needing to endlessly understand existing things.
In this case it is clear we don’t have verifiable elections - you don’t need to understand anything deeply to know this, since it is apparent with your own ballot. So instead let’s design for something better.
It's only interesting when you oversimplify the two situations for the express purpose of sowing distrust.
The only reason you've left out the details that Tina Peters actually facilitated physical access to voting machines with both required passwords, while this current leak was not even sufficient for someone to repeat Peters' actions, is that it would be absolutely devastating to your entire argument.
Are you claiming that the video is fake? — if not, what’s your comment referring to with “accuracy”? — how is “authority” relevant at all, when discussing video of a malfunction?
Provably digitally altered fake videos of voter fraud were made and disseminated by Russia during the US 2020 election. Non-partisan institutions put a lot of energy in trying to debunk these operations which basically suit America's adversaries and, absent of critical thinking, many people become unwitting participants in their disinformation campaigns.
By eating away at the trust of non-partisan institutions that are established to maintain free and fair elections, autocracies like Russia, Iran, China, etc., move up in the world at the expense of internal divisions in the US.
No, I’m explaining the need for critical thinking, not that all stories of voter fraud/manipulation are immediately bunk. The default of credulity is much more troublesome as it allows for misinformation to be promulgated and be given unearned credence - it gives adversarial actors ‘authority’ one might say. It’s also important to note that in terms of actual fraud, audits and challenges from 2020 show that the system works, contrary to widespread public outrage on the issue
Telling people to “shut the fuck up” about documented voting irregularities is how civil wars actually start — because it causes people to lose confidence in the electoral process.
Yeah, if it is a problem then the person that cannot vote for their intended candidate (I presume it's a two step process - select, then confirm) should flag it up at the officials and the machines shut down / replaced / fixed and its manufacturer shitcanned. There's procedures for this, and instead of ragebaiting on social media there should be a firm and conclusive response.
Officials only pulled the machine once it went viral on social media — because the state regularly suppresses and ignores citizen concerns.
Political parties use social media to detect and focus their efforts — eg, where voters were turned away in PA, videos of that on social media drew enough attention the RNC sued and won an order forcing the polling places to remain open for longer.
Why do people act like social media isn’t a relevant form of communication and organization?
> Laurel County Clerk Tony Brown addressed the issue in a statement, saying the machine was temporarily taken out of service while an investigator from the Attorney General's Office was called to inspect the machine. Investigators tried to recreate the anomaly and were able to do so after spending few minutes tapping in the area of the screen between the Trump and Harris field, Brown said.
> Despite additional attempts, Brown said investigators weren't able to recreate it a second time.
> "The Kentucky Attorney General’s Department of Criminal Investigations quickly responded to the complaint from Laurel County. Detectives have been in touch with the county clerk and recommended they change out the voting machine," Kentucky Attorney General Russell Coleman said in a statement. "All Kentucky voters can have confidence that our elections are secure and any potential issues will be addressed quickly."
> In a statement Friday, officials from the Kentucky State Board of Elections said the voting machine registered the selection for Harris because the voter was touching two boxes simultaneously.
> Initially, the voter used their finger to "jab" the small box in the top-left corner of the Trump field on the touchscreen. After a few failed attempts, a second hand enters the frame and is seen attempting to "simultaneously click the large Trump field with an index finger and the large Robert F. Kennedy field with a thumb, leaving the Harris box highlighted," officials said.
> Michon Lindstrom, spokesperson for Kentucky Secretary of State Michael Adams, also dismissed the incident as "voter error."
> Brown emphasized that the issue occurred on a ballot-marking machine, which does not process votes. Marking machines allow voters to make their selections for their ballot and then physically print them to be cast and counted.
> If the machine prints a faulty ballot, voters are able to discard it and print a corrected one, Brown said.
> Marking machines allow voters to make their selections for their ballot and then physically print them to be cast and counted.
As someone not from the US:
Why do you need that? What’s the advantage over manually filling out a piece of paper?
The machine can’t use the data of printed ballots for anything if I can print multiple ballots, so it’s just a glorified pen making a checkmark?
It limits the user error pens cause. You can look up old disputed ballots, many of them are things like; people sloppily starting to fill out A then realizing they really want B, making such a large checkmark that it covers A and part of B, or those pranksters that fully color in A B and C.
As this shows, it still allows some user error, but they hope for less.
I would just like to say, thank you for doing the work of locating a news post about the situation. That really helps ensure we are talking about the same thing. And it allows us to review the situation ourselves.
Ah, the tried and true "you're holding it wrong" excuse.
Is it safe to admit the voting machine UX sucks if this is remotely possible? These things should be designed so 90 year olds can use them without error - and without filing their fingertips down with little squares of sandpaper.
There's a pretty wide range of possibilities between "videos were all faked because this is the most secure election in history" and "let's not take the video at face value and await further verification because it's election season and there's plenty of bad actors trying to sow distrust in the election system by posting misleading/manipulated videos".
The implication of the videos was that this was malice (and that generates clicks) yet if you read between the lines, it's simply incompetency - uncalibrated touchscreens.
My point is local jurisdictions do not have the knowledge or resources to properly maintain or deal with electronic voting machines (of which there appears to be no national standard) and maintain integrity. If they can't remember to perform basic maintenance like calibrate the screens, what other steps are missed or ignored?
* This password list has been public for a long time, and is easy to access: hidden excel column on a public spreadsheet.
* BIOS access means the intruder can change boot devices, boot their own OS, infect the BIOS with a virus, change boot devices back, compromise the vote host OS.
* Keycard security isn't tight security. Any amature physical penetration tester would just use a primitive attack on the door to get around it. E.g.: Grab the handle from under the door with a wire. Youtube has a ton of examples.
* This could have been done months ago, and over a long period of time.
* The intruder could clean up logs and any other traces of their actions.
Where am I technically wrong here? I'm sure I'm missing something obvious. It sounds like what you would do with BIOS passwords if you wanted to do something nasty. I haven't seen these questions addressed anywhere.
I hear some people say "but we use paper ballots". Then why do you have a BIOS password? If it's all paper where does the computer fit in? All of this is honest curiosity, I'm not sure how the voting system works.