[HN Gopher] Let's put e-voting where it belongs: on the trash-he... ___________________________________________________________________ Let's put e-voting where it belongs: on the trash-heap of bad ideas (2016) Author : madeofpalk Score : 39 points Date : 2020-11-04 20:25 UTC (2 hours ago) (HTM) web link (www.theguardian.com) (TXT) w3m dump (www.theguardian.com) | golemiprague wrote: | For me it looks like voting with no ID or by mail is much more of | a trash idea. I can't understand how you can verify who is voting | in this type of system. Doing it electronically or not is the | least of my concerns, it is the process in the US that is | inherently wrong. | dmalvarado wrote: | I am surprised that there is no digital option to preselect your | candidates before going to the polling place. i.e. Make your | choices, receive QR code. Go to polling place, scan, verify | selections on voting machine, press big red button and walk out | of there. | | If each vote took 1 minute instead of 10, would there still be a | line? | | edit: Or if not shorter lines, maybe 5 voting machines instead of | 20? or 4 poll workers instead of 10? Seems more efficient all | around. | jjeaff wrote: | Almost all voting in America uses software to some extent. | Whether it is the counting machines, Scantron readers or | electronic voting booths, we are already using software. | | What more software could do though, is create more transparency. | And I can't believe I'm saying this, but this may actually be one | of those cases where blockchain could be useful. | | It is absolutely absurd to me that we have thousands of non- | experts deciding to keep or throw out ballots based on comparing | a signature. | | With a more electronic method, a citizen's vote could be signed | with a key generated from a few unique identifiers like social | security number, numbers in your street address and maybe a | credit card number. My vote could then be forever logged in the | blockchain. This could create more transparency because everyone | could see and count the votes. | | After voting, you could also give every voter a "receipt" where | they could go online and check in the public blockchain to | confirm that their vote was counted successfully. | | And I don't think we would need any sort of shared and | distributed blockchain. Just a public one that can be verified by | 3rd parties. | | AWS has a managed blockchain service that I'm sure would work | fine. | | So while it may not be a good idea to open the actual voting to | the entire public internet, that doesn't mean that sound math and | technology couldn't be used to make elections more transparent | and thus, secure. | madeofpalk wrote: | Can't blockchains be manipulated by whoever has more computers? | toomuchtodo wrote: | Why do you need a blockchain if you trust the local election | operation? And if you _don 't_ trust the local election | operation, I have terrible news for you; they are still the | legal authority. Citizens are already able to verify their | mail/absentee ballot online, today, without a blockchain [1]. | | I _do_ agree with you that the US needs to adopt something like | Estonia 's national ID system [2], with cryptographic signing | capabilities for official purposes, but this should _only_ (for | elections) be used to digitally sign your paper ballot (with | similar weight that your hand signature on a paper ballot would | carry). We should also encourage mail /absentee ballots for | everyone in every state. | | [1] https://www.pcmag.com/how-to/how-to-track-your-absentee- | ball... (How to Track Your Absentee Ballot by State) | | [2] https://en.wikipedia.org/wiki/Estonian_identity_card | gremlinsinc wrote: | Not every state has tracking... at a glimpse Florida doesn't. | | I think the best option is everyone has an issued id, don't | remember it? You can use your SSN or state id (drivers | license), the # is mailed to you when you register/re- | register or get your ballot. | | You can vote as you normally would, you can setup 2-factor | methods on your id's. If you have a phone 2-factor set, the | minute your vote is tallied you get notified of the result, | if it's not what you chose, you can contest it. | | Easy one-click-at-all-times access to voting trail, also | uniformity, we need a system like this to be uniform, we need | to end 50 states with different rules per county on how | things are run. | toomuchtodo wrote: | I don't disagree (I agree with everything you propose), but | the solution isn't blockchain as the comment I replied to | insinuated; it's to set requirements across all states for | requesting ballots and tracking systems for citizens to | track their ballots. Great points by the way. | thaumasiotes wrote: | > (How to Track Your Absentee Ballot by State) | | I went to look at this. It operates on the honor system; what | purpose is it supposed to serve? | | An actual ballot-tracking system would need to provide me | some evidence that they knew something about my ballot. This | doesn't. | pydry wrote: | The usual response to this is that it enables vote buying. | | However, vote buying literally stopped being an issue the day | it started being prosecuted seriously and never came back. You | simply can't do it at meaningful scale without getting caught. | parliament32 wrote: | >You simply can't do it at meaningful scale without getting | caught. | | Why not? Just run a Tor site, where users can submit their | receipt/verification and get crypto. "Free money" will spread | fast with barely any marketing, and as we've seen from voter | turnouts, lots of people don't give a shit and will happily | sell their vote to the highest bidder. | pydry wrote: | And what's to stop the feds setting up 10 competing sites | and then fining everybody who sold their votes 10x the | amount they were hoping to get? | | Which of the 11 tor sites will you submit your receipt to | now? | parliament32 wrote: | >After voting, you could also give every voter a "receipt" | where they could go online and check in the public blockchain | to confirm that their vote was counted successfully. | | The problem with verifiable voting has always been that it | opens the market to vote-selling. If you can prove how you | voted, your vote can be sold for a significant amount of money | -- or worse, your employer insisting you vote a certain way, | and asking for your receipt after. This won't work until | there's a mechanism where you can confirm your vote while also | having plausible deniability. | rodgerd wrote: | Or, more likely, vote blackmail. | Terr_ wrote: | I think you mean extortion. Blackmail is more specific, and | implies a threat to reveal a secret. | | For example, an employer who threatens to fire employees | who "vote wrong" would not be blackmail. | SahAssar wrote: | I think you're missing a few things: Votes should never be | identifiable and the count should be verifiable. | | First of all: using somewhat public things like SSN, "numbers | in your street address" and a credit card number is a terrible | idea. All of those have been leaked and are present on things | you present to identify yourself or pay. Also requiring a | credit card or home to vote would almost certainly be | unconstitutional. | | Getting a "receipt" is also problematic: You should never be | able to prove you voted A over B or vice versa since that opens | up ways to intimidate people to vote one way and coerce them to | prove it. | | I'm not saying it's impossible but there are so many problems | with electronic voting that I don't even know where to start. | At least with physical ballots we can manually recount if we | need. | | And that's before we even start talking about how current | systems are basically swiss cheese for hacks, just look at the | voting village for the last couple of defcons. | | Related (and amusing) links: | | https://www.youtube.com/watch?v=w3_0x6oaDmI | | https://www.youtube.com/watch?v=LkH2r-sNjQs | | https://xkcd.com/2030/ | wavefunction wrote: | The ballot itself could be a zk-SNARK written to a blockchain | signed with a private key owned by the voter. | SahAssar wrote: | Sorry, I'm not well versed enough in zk-SNARK, can you | explain how it solves the problems above? | | If it does do you think that you can make the general | public trust/understand it enough to run a election? | wavefunction wrote: | Sorry can't reply to your reply but... Making the ballot a | zk-SNARK[0] would allow it to be queried for validity of | certain assertions like "Did this ballot contain a vote for | Candidate A or Proposition B" without leaking the identity | of the voter. The voter's private key could decrypt the | entire ballot perhaps for the voter's verification or even | as another verifiable assertion that the ballot was signed | with the specific key. Perhaps there would be a key | provided by the voting authority body as another verifiable | assertion that would allow the voting authority body to | verify the user for their purposes if required. | | I agree that the more difficult part of this would be | encouraging adoption and supporting use. There are hardware | keys like yubikeys or hardware crypto wallets that can be | populated with voter-generated keys to be used in the | voting process, and these hardware keys could be populated | in a process similar to getting a driver's license perhaps, | except not waiting for it to arrive in the mail. Perhaps | you go into your local clerk's office and they have a one- | time key generator that populates your hardware key. I | definitely haven't fleshed this idea out beyond some basic | musings. | | [0]https://z.cash/technology/zksnarks/ | Twisell wrote: | Watching these links is really recommended if you don't yet | see the issue with e-voting. | | PS: Well at least the first two, third one being the | mandatory xkcd meta-reference :D | totony wrote: | >Getting a "receipt" is also problematic: You should never be | able to prove you voted A over B or vice versa since that | opens up ways to intimidate people to vote one way and coerce | them to prove it. | | Your receipt does not have to mention who you voted for in a | way that's verifiable by a third party. But this problem is | also a problem for mail-in ballots. | | >using somewhat public things like SSN, "numbers in your | street address" and a credit card number is a terrible idea. | | Agreed, this does not mean that it is not feasible. You could | use some zero-knowledge based proof that ensure that the | person is allowed to vote and has voted only once without | knowing his identity. Mail-in ballots are also problematic in | that regard. | | I dislike that people say evoting is a bad idea when we | already have things like mail in ballots which are analogous | to a poor e voting system. | | >Also requiring a credit card or home to vote would almost | certainly be unconstitutional. | | But don't you need a registered address to vote? | SahAssar wrote: | > But don't you need a registered address to vote? | | I'm not 100% sure here but I thought homeless could vote? | | > mail in ballots which are analogous to a poor e voting | system. | | I think it is mostly about scale. It is hard to impersonate | 10000 people it requires physical objects, it is easier if | it is digital. One of the videos deals with this, timecode | here: https://youtu.be/LkH2r-sNjQs?t=140 | totony wrote: | That timestamp is talking about physical voting. I'd | posit it's easier to impersonate 10k mail in ballots of | the same state than (let's say) crack 10k private keys or | whatever is used for that system. I agree though that a | new system will bring about exploits vectors that are | unknown, but I'm not convinced they are as bad as what is | implied in that video and this thread. | totony wrote: | This article is very poor in that it has no real argument as for | why it's bad. Here's what it asserts: | | - We don't care about the speed of the results. That is trivially | false, everyone is following the reporting, Trump is out there | saying he won, people question the delays and suggest they may | give time for bad actors to rig the vote. | | - It's too expensive - There is no backing to this claim except | "it systems routinely go over budget" | | - It disregards secrecy as important - secrecy is a vital part of | an election process. It allows people to freely have any opinion | they want without consequence or fear of people forcing them to | vote for someone else (violence or other). | | - Accessibility - I'm not sure how they can assert that we can't | make e voting accessible? | | EDIT: For those downvoting, please do provide a reason why you | disagree with what I said. Is any argument in that article | actually strong? | greenduck wrote: | Tom Scott still has the best argument against e-voting IMO [1]. | | Briefly: an election only counts if everybody can believe the | results. Making an expert level understanding of CS a requirement | to verify your voting system means that Joe Q. Average who | doesn't hold a PhD (or maybe even a college degree) has to rely | on spooky experts telling him what to believe. If I were in his | shoes then I would have no confidence that I participated in a | fair and valid election. | | We kind of live in a bubble here on HN where most people are sort | of in the tech space and could take a weekend or two to | understand blockchain. I think its easy to forget that most | people don't have the required background to learn it easily (or | would want to use up their time to understand it). I almost have | a PhD in the hard sciences and I don't fully understand the finer | details of block chain. I think I would have to write my own | implementation to fully appreciate it. | | Simplicity and the ability to explain the system to every | American is a requirement of any voting system. | | [1] https://www.youtube.com/watch?v=LkH2r-sNjQs&t=12s | eindiran wrote: | Hard disagree. The world is complex enough that every person in | the world relies on the words of "spooky experts telling [them] | what to believe". | | Even outside of that, elections require trust in the process. | Already, with a "simple" system in place, we have to trust that | no one is committing fraud, that votes aren't being | surreptitiously added or thrown out, etc. E-voting doesn't | fundamentally change the trust dynamics at all: people | ultimately need to believe that the people in charge of the | process aren't up to any funny business or bad at their jobs. | | This argument gets used a lot to argue in favor of first past | the post. Explaining a Borda count or single non-transferable | vote is harder than explaining: most votes = win. But I think | it ultimately comes down to trust: if the people voting trust | the people involved with the process (even if they don't | understand the nitty-gritty details) they will accept the | results of an election. | chrononaut wrote: | > E-voting doesn't fundamentally change the trust dynamics at | all: people ultimately need to believe that the people in | charge of the process aren't up to any funny business or bad | at their jobs. | | A notable difference is that any John or Jane Doe can become | a poll worker or poll watcher with little barrier to entry no | matter their background, and verify the integrity of their | elections should they choose to do so. | | To me, the lack of the ability for an average person to do | this would significantly change the trust dynamics. | [deleted] | bhhaskin wrote: | I used to think the same thing until last night. Watching the | different results come in. The average person already has no | clue what is going on. You need a degree in high level | statistics to understand why races are called when they are. | | After you cast your vote what happens after that? Who counts | them? How are they counted? How are those counts counted toward | the total? Who is certifying all of this? How are those people | chosen? | lhorie wrote: | The flaw in the argument is the assumption that knowledge is a | requirement for trust. But look for example at elections in | Brazil: most people don't really understand how it works, but | they like it nonetheless[1] because the good experience of | instant gratification plants a positive initial seed in | people's minds and association fallacy[2] is a thing. | | There's plenty of other scenarios where we can see | discrepancies between trust and understanding (for example, the | general public's trust in recycling vs what actually happens w/ | plastics). For better or for worse, humans are often fallible | and illogical. | | [1] | https://en.wikipedia.org/wiki/Electronic_voting_in_Brazil#Be... | | [2] https://en.wikipedia.org/wiki/Association_fallacy | trhway wrote: | >Joe Q. Average who doesn't hold a PhD (or maybe even a college | degree) has to rely on spooky experts telling him what to | believe. | | The Joe is for example driving a car full of electronics and | somehow he doesn't have issue trusting his life to it. And, if | anything, i'm pretty sure that deep understanding of that car's | electronics and software would make the Joe to only trust his | car less (one can google the software expert's opinions during | the Prius self-acceleration story) | dmalvarado wrote: | No issues with because he usually ends up at his destination | intact. If, through no fault of his own, he didn't arrive | intact, spooky experts probably didn't know what they were | doing. | | I can see how the argument still holds water if half the time | the outcome of the election didn't go his way. | randyrand wrote: | We aren't trusting the car. We're trusting the car has not | been tampered with. | | We know _many_ people want to tamper with elections. The CIA | has done that much. The same is not true for cars. Steal | cars, yes. But cause a random car to crash on purpose? Thats | pretty rare. If were common, I personally would not trust my | cars electronics either. And neither should you. | superwayne wrote: | I can see that the car works by getting safely from A to B, | thousands of times. If my vote counted or not is not | observable. | trhway wrote: | any e-voting system of course must make it observable. | Otherwise it just wouldn't make any sense. | greenduck wrote: | Science and engineering don't care if people believe in them | or not. | | If people don't believe the results of an election, then it | is de facto illegitimate. | IndrekR wrote: | I think it is time to implement things correctly in US as well. | Closed unverifiable voting system is as good as an e-voting | system as DocuSign is good as an e-signature system. There are | proven mathematical ways that make sure, without using | blockchain, that the votes and voters are correct [1]. | | Then again, I am biased as I am lucky enough to enjoy the | benefits of well implemented electronic voting and signing system | in Estonia. Source code for Estonian voting system is published | in GitHub [2]. | | [1] http://research.cyber.ee/~jan/publ/mobileverification- | ieee.p... | | [2]https://github.com/vvk-ehk ___________________________________________________________________ (page generated 2020-11-04 23:01 UTC)