Why Electronic Why Electronic Voting is a BAD Ideaoting is a BAD Idea

[fromderinside]

I presume you understood that the copy was made with your printed from software on your machine with the only link with the government being the number you were in the vote count.

How would that achieve the stated purpose of making it impossible for you to prove to a nefarious third party how you voted?

I don't need to prove to the nefarious party. The nefarious party needs to prove to me that my vote was properly counted. I have all the cards. Its a bit like using numbers as standins for signatures on taxes when one files electronically. The taxpayer holds all the proofs that the number is his signature on her computer.

 

[Jayjay]

How would that achieve the stated purpose of making it impossible for you to prove to a nefarious third party how you voted?

I don't need to prove to the nefarious party. The nefarious party needs to prove to me that my vote was properly counted. I have all the cards. Its a bit like using numbers as standins for signatures on taxes when one files electronically. The taxpayer holds all the proofs that the number is his signature on her computer.

What's to stop the nefarious party from simply standing behind you and watching over your shoulder while you vote?

Or, if the nefarious party asks for the verification number, what are you going to do? If you give him a random number, it might be that the number doesn't exist or the verificaton turns out that the random number you gave voted for the wrong candidate also. Then you are in trouble.

 

[bilby]

How would that achieve the stated purpose of making it impossible for you to prove to a nefarious third party how you voted?

I don't need to prove to the nefarious party. The nefarious party needs to prove to me that my vote was properly counted. I have all the cards. Its a bit like using numbers as standins for signatures on taxes when one files electronically. The taxpayer holds all the proofs that the number is his signature on her computer.

The first step, before you can propose any kind of solution, is to understand the problem.

Let's take a look at this again:

So what we do is treat electronic voting just the same as we treat paper voting. I don't think so. Voters can and should get personal copies of what they voted.There should be ways to rectify such errors by process which is both simple and quick. Verification methods should be robust and not include include near sighted people who need extra light to verify votes.

In fact it seems the government should not be in the business of supplying computers at sites for voters unless voters don't have computers connected to the internet. All the voter does is check in and vote, then when votes are to be counted queries should made to the voter's computer to verify his vote. against the voter's verification routine.

Absolutely not. Voting should be immune to coercion and bribery and that necessitates not being able to prove to a coercer how you voted.

Blahface is envisaging duress - imagine, for example, that your family has been kidnapped, and are held at gunpoint, while the kidnapper sends you off to cast a ballot for his preferred candidate, Candidate B. He and his friends are doing this to families of voters who support Candidate A all across your swing state, to try to get their guy elected instead. But in order to be an effective coercion strategy, our villain needs to know that you didn't vote for his opponent - he needs evidence that you voted the way he told you too, or there is no point in kidnapping your family - you can vote for candidate A, and simply lie; by saying you voted for B, you convince him to let your family go free.

Or perhaps a more likely scenario - a big employer in town gets his 10,000 workers together the day before the vote, and says 'Everyone must bring in their voting slip next week, showing that they voted for candidate B. Anyone who doesn't bring in a slip, or who voted for A, will be fired'.

If voters get personal copies of what they voted, then this scenario becomes a real possibility; but without those personal records, it is impossible - the voters can pick the candidate they like, and their boss has no way to coerce them to do otherwise.

The nefarious party in these scenarios is not the government, or the vote-counting organisation; it is a third party with influence over a number of voters.

 

[blastula]

Will I never be able to vote from my phone?

 

[fromderinside]

The nefarious party in these scenarios is not the government, or the vote-counting organisation; it is a third party with influence over a number of voters.

OK I get it.

However what I proposed was an individual's own record of his vote with the additional safety of having a code which protects her from being identified. One can know that I voted but one cannot coerce me into revealing how I voted since they have no record and I have a personal record.

The last time I looked what is private stays that way. I can verify that the electors actually properly counted my vote but no one can trace me to a particular vote. That is my goal and I believe I achieve it by having voters using personal equipment to vote with secure sign off procedures.

I really don't care what scofflaws in government. company, or mafia attempt as long as I can verify my vote was recorded in a particular way. When I say I voted a particular way and they say I voted otherwise they need to show me the otherwise for which I have proof is wrong.

Coercion requires legal means to work. I believe my method is protected from any legal attempt to get me to testify against myself.

 

[bilby]

The nefarious party in these scenarios is not the government, or the vote-counting organisation; it is a third party with influence over a number of voters.

OK I get it.

However what I proposed was an individual's own record of his vote with the additional safety of having a code which protects her form being identified. One can know that I voted but one cannot coerce me into revealing how I voted since they have no record and I have a personal record.

Either the votes are untraceable once cast, or the voter can obtain information about how they voted. If anyone, including 'fromderinside', has a record that 'fromderinside' voted for Candidate A, then the system is open to abuse.

The last time I looked what is private stars that way.

I cannot believe that anyone over the age of about six years could be so naive as to intentionally write that sentence. Either that's not what you meant to say, or you seriously need to take a look around you. private information leaks out constantly from everywhere; the entire tabloid industry, and the whole history of espionage, is completely dependant on the fact that what is private almost never stays that way for long.

I can verify that the electors actually properly counted my vote but no one can trace me to a particular vote.

A simple paper ballot allows this - via a full recount. But any system that doesn't require a full recount to determine that each vote was properly counted, has the built in risk that someone can determine which ballot was yours, or what yours had marked on it. If that's possible, then the system is open to the kind of abuse Blahface was worried about.

That is my goal and I believe I achieve it by having voters using personal equipment to vote with secure sign off procedures.

And I am certain that you are wrong - if you or anyone else can go back and find out for whom your own individual vote was cast, then the system is open to coercive abuse. The system has to be designed with the idea that even if everyone is trying to corrupt the process, it will work anyway - a system that relies on people doing the right thing is useless.

I really don't care what scofflaws in government attempt as long as I can verify they recorded my vote a particular way. When I say I voted a particular way and they say I voted otherwise they need to show me the otherwise for which I have proof is wrong.

That's not an achievable state of affairs, unless you are happy to open up the system to abuse and coercion. The solution is to have a single, untraceable, anonymous and unalterable token for each voter, that he personally marks, and which is them mixed in with all the others in an untraceable way. You can't recover the information about how you voted, except from your own brain. We call the simplest such token a 'paper ballot'.

Coercion requires legal means to work.

I cannot believe that anyone over the age of about six years could be so naive as to intentionally write that sentence, either. Either that's not what you meant to say, or you seriously need to take a look around you. There are huge organised crime networks all over the world who use illegal coercion very effectively.

I believe my method is protected from any legal attempt to get me to testify against myself.

So what? If you think that criminals are always less of a threat than legislators, then you must be out of your mind.

 

[Deepak]

In addition to the other points made in the thread, I'ma leave this here http://thedailywtf.com/articles/polish-elections

 

[RavenSky]

Ya, that would be fine. What's needed is robust verification systems. They need to be able to track and verify the output of the program using something other than the program itself and reconcile it with the same numbers being counted by a different method.

I find it incredible that America failed electronic voting. It shouldn't have been that hard.

It wasn't. The difficult part was maintaining plausible deniability when the machines came pre-registered with votes for the Republican candidates

 

[fromderinside]

There are huge organised crime networks all over the world who use illegal coercion very effectively. So what? If you think that criminals are always less of a threat than legislators, then you must be out of your mind.

Fine. Its already done. If one wants to fix what is already there then one need start by building more robust societies that are both ethical and moral. Such has little to do with electronic of voting.

In present society Criminals and Legislators are synonyms.

Every criticism of my approach can be accomplished by observing voters in some way. So it isn't whether electronic voting systems are bad its whether public voting, public voting is where citizens interact with central mechanism to vote, takes place. None of the schemes presented are protected against by using paper and pencil methods.

What is important about voting from the view of privacy and coercion is that the voter is anonymous and that the votes are public and transparent. A signature system using a personal computer gives as much privacy and guarantees as much public tranparency about the vote as does going to a precinct and using paper and pencil methods.

After the right solves the fraudulent voter problem maybe we can get around to solving the crooked individual problem. Both are inherent in human nature. Genetic engineering anyone?

 

[bilby]

There are huge organised crime networks all over the world who use illegal coercion very effectively. So what? If you think that criminals are always less of a threat than legislators, then you must be out of your mind.

Fine. Its already done. If one wants to fix what is already there then one need start by building more robust societies that are both ethical and moral. Such has little to do with electronic of voting.

In present society Criminals and Legislators are synonyms.

Every criticism of my approach can be accomplished by observing voters in some way. So it isn't whether electronic voting systems are bad its whether public voting, public voting is where citizens interact with central mechanism to vote, takes place. None of the schemes presented are protected against by using paper and pencil methods.

What is important about voting from the view of privacy and coercion is that the voter is anonymous and that the votes are public and transparent. A signature system using a personal computer gives as much privacy and guarantees as much public tranparency about the vote as does going to a precinct and using paper and pencil methods.

After the right solves the fraudulent voter problem maybe we can get around to solving the crooked individual problem. Both are inherent in human nature. Genetic engineering anyone?

You know, when you make an assertion that is incorrect, you do have the option of simply saying 'I was mistaken; Thank you for pointing that out', rather than continuing to pretend that you know what you are talking about, even though it has just been shown that you do not.

I don't imagine that you are very successful at fooling yourself like this; and I am pretty sure you aren't fooling anyone else.

"Every criticism of my approach can be accomplished by observing voters in some way" is just as ignorant as your earlier incorrect statements - even if we do you the courtesy of assuming that by 'accomplished' you meant 'overcome'.

The problem is that voting looks simple - but it isn't. Getting it right - that is, preventing coercion and fraud - is surprisingly hard. And the paper ballot is a very good solution to many of the problems. Problems that lots of people are not even aware of, because they are absent from the simple paper ballot system; but which become very important when considering alternatives.

 

[beero1000]

I don't need to prove to the nefarious party. The nefarious party needs to prove to me that my vote was properly counted. I have all the cards. Its a bit like using numbers as standins for signatures on taxes when one files electronically. The taxpayer holds all the proofs that the number is his signature on her computer.

The first step, before you can propose any kind of solution, is to understand the problem.

Let's take a look at this again:

So what we do is treat electronic voting just the same as we treat paper voting. I don't think so. Voters can and should get personal copies of what they voted.There should be ways to rectify such errors by process which is both simple and quick. Verification methods should be robust and not include include near sighted people who need extra light to verify votes.

In fact it seems the government should not be in the business of supplying computers at sites for voters unless voters don't have computers connected to the internet. All the voter does is check in and vote, then when votes are to be counted queries should made to the voter's computer to verify his vote. against the voter's verification routine.

Absolutely not. Voting should be immune to coercion and bribery and that necessitates not being able to prove to a coercer how you voted.

Blahface is envisaging duress - imagine, for example, that your family has been kidnapped, and are held at gunpoint, while the kidnapper sends you off to cast a ballot for his preferred candidate, Candidate B. He and his friends are doing this to families of voters who support Candidate A all across your swing state, to try to get their guy elected instead. But in order to be an effective coercion strategy, our villain needs to know that you didn't vote for his opponent - he needs evidence that you voted the way he told you too, or there is no point in kidnapping your family - you can vote for candidate A, and simply lie; by saying you voted for B, you convince him to let your family go free.

Or perhaps a more likely scenario - a big employer in town gets his 10,000 workers together the day before the vote, and says 'Everyone must bring in their voting slip next week, showing that they voted for candidate B. Anyone who doesn't bring in a slip, or who voted for A, will be fired'.

If voters get personal copies of what they voted, then this scenario becomes a real possibility; but without those personal records, it is impossible - the voters can pick the candidate they like, and their boss has no way to coerce them to do otherwise.

The nefarious party in these scenarios is not the government, or the vote-counting organisation; it is a third party with influence over a number of voters.

To be fair, it is possible to have votes be individually check-able while maintaining deniability to a third party. However, that is far from the only problem that needs addressing in the "We can safely transfer money electronically so we can safely vote electronically" false equivalence.

 

[Deepak]

There are huge organised crime networks all over the world who use illegal coercion very effectively. So what? If you think that criminals are always less of a threat than legislators, then you must be out of your mind.

Fine. Its already done. If one wants to fix what is already there then one need start by building more robust societies that are both ethical and moral. Such has little to do with electronic of voting.

In present society Criminals and Legislators are synonyms.

Every criticism of my approach can be accomplished by observing voters in some way. So it isn't whether electronic voting systems are bad its whether public voting, public voting is where citizens interact with central mechanism to vote, takes place. None of the schemes presented are protected against by using paper and pencil methods.

What is important about voting from the view of privacy and coercion is that the voter is anonymous and that the votes are public and transparent. A signature system using a personal computer gives as much privacy and guarantees as much public tranparency about the vote as does going to a precinct and using paper and pencil methods.

After the right solves the fraudulent voter problem maybe we can get around to solving the crooked individual problem. Both are inherent in human nature. Genetic engineering anyone?

We already have a system that works sufficiently - ever try walking into a voting booth with someone else?

This is also true of counting the votes. Having all the interested parties in the same room when the box is cracked open, then counting them on the spot is straight-forward versus having a 'disinterested' third party responsible for tabulating the votes.

Hell, fooling your 'verification' system is trivially easy. Simply remember all votes, so when any given individual submits their chit for verification it gives the real result, but when tabulating convert 2/3 of the wrong parties votes to the right party. Now you've developed a system that will get you killed by the mob and will elect Dick Cheney to his 14th term.

Of course one could defeat such a system - they'd just need to identify themselves, while all other voters also do so, then they could pile their chits into the middle of the room and have some people from all interested parties count them. So we've essentially just taken the current system, deanonymized it while also making it slower and more expensive.

 

[fromderinside]

.

"Every criticism of my approach can be accomplished by observing voters in some way" is just as ignorant as your earlier incorrect statements - even if we do you the courtesy of assuming that by 'accomplished' you meant 'overcome'.

Why do I say what I say? I really don't know much about voting beyond being a precinct captain who has access to voter roles and having served as a precinct observer for my party during elections. I'm certainly not a student of elections. I do, however have the benefit of participating using voter histories and observing operations at polling place where people actually came in to vote. Voting booths are really not very secure since persons can have others with them there for many reasons. Some even come in with lists provided by party operatives which they use as instructions or guides. So in-person paper and pencil opertions are full of holes.

I say what I say because we currently have a vote by mail system. It includes a signature that can be verified against the voter roles and it includes anonymity of the actual votes which are counted by others than tho ones who open the ballots. Presume we meet those two objectives electronically. Why then would the electronic system be worse than the paper and pencil system?

Sorry for being so inconvenient.

 

[bilby]

.

"Every criticism of my approach can be accomplished by observing voters in some way" is just as ignorant as your earlier incorrect statements - even if we do you the courtesy of assuming that by 'accomplished' you meant 'overcome'.

Why do I say what I say? I really don't know much about voting beyond being a precinct captain who has access to voter roles and having served as a precinct observer for my party during elections. I'm certainly not a student of elections. I do, however have the benefit of participating using voter histories and observing operations at polling place where people actually came in to vote. Voting booths are really not very secure since persons can have others with them there for many reasons. Some even come in with lists provided by party operatives which they use as instructions or guides. So in-person paper and pencil opertions are full of holes.

I say what I say because we currently have a vote by mail system. It includes a signature that can be verified against the voter roles and it includes anonymity of the actual votes which are counted by others than tho ones who open the ballots. Presume we meet those two objectives electronically. Why then would the electronic system be worse than the paper and pencil system?

Sorry for being so inconvenient.

Shifting the burden of proof.

It is not sufficient that a new system be no worse than the old one; it must be better. You need to make the case for your new system - I don't need to defend the status quo. And so far, you have changed fundamentals of the way your new system works each time you have posted - which strongly suggests you don't actually have a proposal to defend at all - you are just blowing in the wind.

So no, I don't propose to explain why some poorly defined electronic system would be worse than the well known and well defined current system. I propose to declare that it is worse until proven better - perhaps you could start with a complete specification of your proposal?

 

[fromderinside]

It is not sufficient that a new system be no worse than the old one; it must be better. You need to make the case for your new system - I don't need to defend the status quo.

perhaps you could start with a complete specification of your proposal?

You make some points, you miss some points. The status quo is a failure so you need to defend it when an electronic system proves better in that area. Baselines need to be set.


So here we go.

The technology and criticisms:  [B]Electronic voting[/B]
Up to date analysis of where we are: Evaluating e-voting: theory and practice http://arxiv.org/pdf/1602.02509.pdf
Helios: Helios: Web-based Open-Audit Voting https://www.usenix.org/legacy/event/sec08/tech/full_papers/adida/adida.pdf

I'm proposing an i-voting system so we should concentrate on that

My approach differs from the Estonian system because national ID cards are fraught with coersion possibilities and in the US it is specifically prohibited. The Method used by Turbo tax and others to make one's signature unique and safe seems an appropriate ID alternative. One that is fashioned on the fly interacting with the tax payer, er, voter is used by millions here in the good ole US of A diminishing criticisms about novice user problems with such technology. Such a system makes access to general information available to the voter such as whether my vote was properly recorded and whether the total vote, if a group is employed, count is legitimate.* Groups need be formed by group request with official concurrence. Failure to concur must be publicly be justified.

Helios is a good example of a pretty good i-voting system. Its primary problem with with the notion of a public bulletin board. That feature should be restricted so others, not in a certified group, cannot gain access beyond their individual needs: was there vote properly recorded; was the overall vote properly conducted. Finally, while it does not improve on the paper ballot in terms of falsifying votes it does suffer scalability coercion issues which need be addressed.

Now bilby you need to support improvements to paper and pencil that overcome issues such as uniquiness, accessibility, availability, and coersion resistence. I give you scalability on coercion.

Proper articles for support would be nice.

Thanks.

*See section 5.1 Secret Sharing of the article for a discussion of group sharing verification and validation.

My main problems with paper voting are inadequate training among poll personnel, tendency for common or group access that is lowest denominator, funding requirements for government to provide polling places, machines and ballots that can be remedied by use of Home computing, and finally I repeat the very low threshold of competence among voter control personnel that permits sharing of booths, arbitrary decision making, etc.

 

[Malintent]

Sorry about the title. I don't know what happened.

So don't worry, I am not having a cerebral vascular accident.
Or... would I know if I did?

I assumed the title was a deliberate illustration of your point.

I was on a flight from NY to LA and the captain came on over the loudspeaker... "Good morning, this is your captain speaking. I would like to welcome you to flight 7001, our airline's very first flight piloted entirely by Artificial Intelligence. We are looking at clear skies and a very smooth ride out west today, and I can assure you that all flight safety systems are fully operational. Nothing can go wrong can go wrong can go wrong can go wrong can go wro..

 

[Deepak]

So I read the arxiv paper, and it basically restates the arguments against e-voting that we've raised and doesn't really provide any real tangible and meaningful benefits that offset the very real risks. How that actually bolsters the e-voting proponents and shifts the burden to the pro-paper proponents eludes me

 

[fromderinside]

So I read the arxiv paper, and it basically restates the arguments against e-voting that we've raised and doesn't really provide any real tangible and meaningful benefits that offset the very real risks. How that actually bolsters the e-voting proponents and shifts the burden to the pro-paper proponents eludes me

You read? Great. Then you'll see hits and misses for a variety of electronic and paper and pencil technology. Pleas note I've listed what I think are the most critical failings of both forms. training, access to, and accessibility, are pretty significant drawbacks for paper and pencil and mechanical voting systems. Training can be handled by electronic very adequately if you care to look around and see who are using smart phones. Bureaucracies tend to under spend and under train personnel which plays havoc with voters and voting every election season.

All systems are subject to coercive influences. As a precinct captain I had access to , and so does every body else, individual voter histories. Individual voting behavior going back many election cycles gathered while primarily machine and paper and pencil systems were being used so privacy is not a plus there. I said everybody else because the password is fixed election cycle to election cycle because nobody gives a damn about privacy risks. Sure it could b e fixed, but having experienced this for over 50 election cycles I see little movement.

electronic systems have issues. No doubt. Many of those issues are the same as found on machine and paper and pencil systems. As electronic systems mature many of the P&P failures are overcome. Still many scale problems exist. Centralized systems are to be discouraged for any voting system. So bringing the vote to the voter seems a huge advance.

All I ask is a fair assessment rather than a hair on fire response to electronic and a rocking chair response to P&P methods. We're nearly there. We can only become as good as are human behaviors. Shifting responsibility to voters in their homes is an admirable goal and it may even allow us to get rid or representative democracy and reach individual democracy. That's a pretty admirable goal IMHO.

HELIOS is an serious attempt. Cleaning up public bulletin board shortcomings is doable.

Finally, be sure its the 2016 version of report you have read.

 

[Deepak]

You read? Great.

Flattery will get you everywhere.

Then you'll see hits and misses for a variety of electronic and paper and pencil technology. Pleas note I've listed what I think are the most critical failings of both forms. training, access to, and accessibility, are pretty significant drawbacks for paper and pencil and mechanical voting systems. Training can be handled by electronic very adequately if you care to look around and see who are using smart phones. Bureaucracies tend to under spend and under train personnel which plays havoc with voters and voting every election season.

All systems are subject to coercive influences. As a precinct captain I had access to , and so does every body else, individual voter histories. Individual voting behavior going back many election cycles gathered while primarily machine and paper and pencil systems were being used so privacy is not a plus there. I said everybody else because the password is fixed election cycle to election cycle because nobody gives a damn about privacy risks. Sure it could b e fixed, but having experienced this for over 50 election cycles I see little movement.

electronic systems have issues. No doubt. Many of those issues are the same as found on machine and paper and pencil systems. As electronic systems mature many of the P&P failures are overcome. Still many scale problems exist. Centralized systems are to be discouraged for any voting system. So bringing the vote to the voter seems a huge advance.

All I ask is a fair assessment rather than a hair on fire response to electronic and a rocking chair response to P&P methods. We're nearly there. We can only become as good as are human behaviors. Shifting responsibility to voters in their homes is an admirable goal and it may even allow us to get rid or representative democracy and reach individual democracy. That's a pretty admirable goal IMHO.

HELIOS is an serious attempt. Cleaning up public bulletin board shortcomings is doable.

Finally, be sure its the 2016 version of report you have read.

The argument is self effacing - if in 50 years they haven't been able to work out a sensible password policy then getting them to build an e-voting system is even less likely (let alone a secure and effective system).

The problems that both the arxiv article and I've pointed out are not are not technical limitations as such (i.a. sufficient entropy and bits in the cryptographic ciphers). They're Alice, Bob, Eve, and Mallory problems - such as the coercion issue. With a paper ballot, once I've voted any mafiosos who have kidnapped my family either believe I voted they way they asked me to, or they don't. In an electronically verified system they can be sure that I've voted they way they demand, and extending the window to confirm/invalidate my vote doesn't really work because they can ensure that my family is held hostage long enough for the window to expire.

Ditto the corrupt provider problem, which is essentially a Ken Thompson attack. Sure they can expose some 'Open Source' code, but the verification that their code actually is the code on the machine can be faked. The alternate option is that the folks who currently administer the paper & pencil process load the code and compile it (can Richard Stallman be trusted?) but we're right back where we were - poor training or ombudsmanship still remain issues to be overcome.

I get that you're close to the process, so the existing problems weigh heavily on your analysis - but you're essentially advocating we trade practical problems, which given sufficient will; training; and oversight can be overcome, for theoretical problems which are endemic to the process.

(As for the report, I read the one you linked - if that's not the latest please let me know)

 

[fromderinside]

I get that you're close to the process, so the existing problems weigh heavily on your analysis - but you're essentially advocating we trade practical problems, which given sufficient will; training; and oversight can be overcome, for theoretical problems which are endemic to the process.

(As for the report, I read the one you linked - if that's not the latest please let me know)

Last first: As far as I now the article is the latest.

I'm a bit more than close to the problem. I'm a student of human systems and process behavior as avocation. Long lasting systems like long lasting operating systems eventually are overcome by their, more errors inserted than corrected, revisions or regimes. This is otherwise known as corruption.There is no way the systems already in place within the US voting practices will ever be corrected. For me the only hope is to change, adapt, as we seem to be doing now in information technology. Therefore I prefer to pursue computer information technology platforms and to suggest changes in how we conduct our governing processes.

Horses are gone, cars are going as transportation controlled by humans, automated, augmented technologies are replacing systems processes which replaced original assembly line processes etc.

In my view we have no choice.