[HN Gopher] Let's put e-voting where it belongs: on the trash-he...
___________________________________________________________________
Let's put e-voting where it belongs: on the trash-heap of bad ideas
(2016)
Author : madeofpalk
Score : 39 points
Date : 2020-11-04 20:25 UTC (2 hours ago)
(HTM) web link (www.theguardian.com)
(TXT) w3m dump (www.theguardian.com)
| golemiprague wrote:
| For me it looks like voting with no ID or by mail is much more of
| a trash idea. I can't understand how you can verify who is voting
| in this type of system. Doing it electronically or not is the
| least of my concerns, it is the process in the US that is
| inherently wrong.
| dmalvarado wrote:
| I am surprised that there is no digital option to preselect your
| candidates before going to the polling place. i.e. Make your
| choices, receive QR code. Go to polling place, scan, verify
| selections on voting machine, press big red button and walk out
| of there.
|
| If each vote took 1 minute instead of 10, would there still be a
| line?
|
| edit: Or if not shorter lines, maybe 5 voting machines instead of
| 20? or 4 poll workers instead of 10? Seems more efficient all
| around.
| jjeaff wrote:
| Almost all voting in America uses software to some extent.
| Whether it is the counting machines, Scantron readers or
| electronic voting booths, we are already using software.
|
| What more software could do though, is create more transparency.
| And I can't believe I'm saying this, but this may actually be one
| of those cases where blockchain could be useful.
|
| It is absolutely absurd to me that we have thousands of non-
| experts deciding to keep or throw out ballots based on comparing
| a signature.
|
| With a more electronic method, a citizen's vote could be signed
| with a key generated from a few unique identifiers like social
| security number, numbers in your street address and maybe a
| credit card number. My vote could then be forever logged in the
| blockchain. This could create more transparency because everyone
| could see and count the votes.
|
| After voting, you could also give every voter a "receipt" where
| they could go online and check in the public blockchain to
| confirm that their vote was counted successfully.
|
| And I don't think we would need any sort of shared and
| distributed blockchain. Just a public one that can be verified by
| 3rd parties.
|
| AWS has a managed blockchain service that I'm sure would work
| fine.
|
| So while it may not be a good idea to open the actual voting to
| the entire public internet, that doesn't mean that sound math and
| technology couldn't be used to make elections more transparent
| and thus, secure.
| madeofpalk wrote:
| Can't blockchains be manipulated by whoever has more computers?
| toomuchtodo wrote:
| Why do you need a blockchain if you trust the local election
| operation? And if you _don 't_ trust the local election
| operation, I have terrible news for you; they are still the
| legal authority. Citizens are already able to verify their
| mail/absentee ballot online, today, without a blockchain [1].
|
| I _do_ agree with you that the US needs to adopt something like
| Estonia 's national ID system [2], with cryptographic signing
| capabilities for official purposes, but this should _only_ (for
| elections) be used to digitally sign your paper ballot (with
| similar weight that your hand signature on a paper ballot would
| carry). We should also encourage mail /absentee ballots for
| everyone in every state.
|
| [1] https://www.pcmag.com/how-to/how-to-track-your-absentee-
| ball... (How to Track Your Absentee Ballot by State)
|
| [2] https://en.wikipedia.org/wiki/Estonian_identity_card
| gremlinsinc wrote:
| Not every state has tracking... at a glimpse Florida doesn't.
|
| I think the best option is everyone has an issued id, don't
| remember it? You can use your SSN or state id (drivers
| license), the # is mailed to you when you register/re-
| register or get your ballot.
|
| You can vote as you normally would, you can setup 2-factor
| methods on your id's. If you have a phone 2-factor set, the
| minute your vote is tallied you get notified of the result,
| if it's not what you chose, you can contest it.
|
| Easy one-click-at-all-times access to voting trail, also
| uniformity, we need a system like this to be uniform, we need
| to end 50 states with different rules per county on how
| things are run.
| toomuchtodo wrote:
| I don't disagree (I agree with everything you propose), but
| the solution isn't blockchain as the comment I replied to
| insinuated; it's to set requirements across all states for
| requesting ballots and tracking systems for citizens to
| track their ballots. Great points by the way.
| thaumasiotes wrote:
| > (How to Track Your Absentee Ballot by State)
|
| I went to look at this. It operates on the honor system; what
| purpose is it supposed to serve?
|
| An actual ballot-tracking system would need to provide me
| some evidence that they knew something about my ballot. This
| doesn't.
| pydry wrote:
| The usual response to this is that it enables vote buying.
|
| However, vote buying literally stopped being an issue the day
| it started being prosecuted seriously and never came back. You
| simply can't do it at meaningful scale without getting caught.
| parliament32 wrote:
| >You simply can't do it at meaningful scale without getting
| caught.
|
| Why not? Just run a Tor site, where users can submit their
| receipt/verification and get crypto. "Free money" will spread
| fast with barely any marketing, and as we've seen from voter
| turnouts, lots of people don't give a shit and will happily
| sell their vote to the highest bidder.
| pydry wrote:
| And what's to stop the feds setting up 10 competing sites
| and then fining everybody who sold their votes 10x the
| amount they were hoping to get?
|
| Which of the 11 tor sites will you submit your receipt to
| now?
| parliament32 wrote:
| >After voting, you could also give every voter a "receipt"
| where they could go online and check in the public blockchain
| to confirm that their vote was counted successfully.
|
| The problem with verifiable voting has always been that it
| opens the market to vote-selling. If you can prove how you
| voted, your vote can be sold for a significant amount of money
| -- or worse, your employer insisting you vote a certain way,
| and asking for your receipt after. This won't work until
| there's a mechanism where you can confirm your vote while also
| having plausible deniability.
| rodgerd wrote:
| Or, more likely, vote blackmail.
| Terr_ wrote:
| I think you mean extortion. Blackmail is more specific, and
| implies a threat to reveal a secret.
|
| For example, an employer who threatens to fire employees
| who "vote wrong" would not be blackmail.
| SahAssar wrote:
| I think you're missing a few things: Votes should never be
| identifiable and the count should be verifiable.
|
| First of all: using somewhat public things like SSN, "numbers
| in your street address" and a credit card number is a terrible
| idea. All of those have been leaked and are present on things
| you present to identify yourself or pay. Also requiring a
| credit card or home to vote would almost certainly be
| unconstitutional.
|
| Getting a "receipt" is also problematic: You should never be
| able to prove you voted A over B or vice versa since that opens
| up ways to intimidate people to vote one way and coerce them to
| prove it.
|
| I'm not saying it's impossible but there are so many problems
| with electronic voting that I don't even know where to start.
| At least with physical ballots we can manually recount if we
| need.
|
| And that's before we even start talking about how current
| systems are basically swiss cheese for hacks, just look at the
| voting village for the last couple of defcons.
|
| Related (and amusing) links:
|
| https://www.youtube.com/watch?v=w3_0x6oaDmI
|
| https://www.youtube.com/watch?v=LkH2r-sNjQs
|
| https://xkcd.com/2030/
| wavefunction wrote:
| The ballot itself could be a zk-SNARK written to a blockchain
| signed with a private key owned by the voter.
| SahAssar wrote:
| Sorry, I'm not well versed enough in zk-SNARK, can you
| explain how it solves the problems above?
|
| If it does do you think that you can make the general
| public trust/understand it enough to run a election?
| wavefunction wrote:
| Sorry can't reply to your reply but... Making the ballot a
| zk-SNARK[0] would allow it to be queried for validity of
| certain assertions like "Did this ballot contain a vote for
| Candidate A or Proposition B" without leaking the identity
| of the voter. The voter's private key could decrypt the
| entire ballot perhaps for the voter's verification or even
| as another verifiable assertion that the ballot was signed
| with the specific key. Perhaps there would be a key
| provided by the voting authority body as another verifiable
| assertion that would allow the voting authority body to
| verify the user for their purposes if required.
|
| I agree that the more difficult part of this would be
| encouraging adoption and supporting use. There are hardware
| keys like yubikeys or hardware crypto wallets that can be
| populated with voter-generated keys to be used in the
| voting process, and these hardware keys could be populated
| in a process similar to getting a driver's license perhaps,
| except not waiting for it to arrive in the mail. Perhaps
| you go into your local clerk's office and they have a one-
| time key generator that populates your hardware key. I
| definitely haven't fleshed this idea out beyond some basic
| musings.
|
| [0]https://z.cash/technology/zksnarks/
| Twisell wrote:
| Watching these links is really recommended if you don't yet
| see the issue with e-voting.
|
| PS: Well at least the first two, third one being the
| mandatory xkcd meta-reference :D
| totony wrote:
| >Getting a "receipt" is also problematic: You should never be
| able to prove you voted A over B or vice versa since that
| opens up ways to intimidate people to vote one way and coerce
| them to prove it.
|
| Your receipt does not have to mention who you voted for in a
| way that's verifiable by a third party. But this problem is
| also a problem for mail-in ballots.
|
| >using somewhat public things like SSN, "numbers in your
| street address" and a credit card number is a terrible idea.
|
| Agreed, this does not mean that it is not feasible. You could
| use some zero-knowledge based proof that ensure that the
| person is allowed to vote and has voted only once without
| knowing his identity. Mail-in ballots are also problematic in
| that regard.
|
| I dislike that people say evoting is a bad idea when we
| already have things like mail in ballots which are analogous
| to a poor e voting system.
|
| >Also requiring a credit card or home to vote would almost
| certainly be unconstitutional.
|
| But don't you need a registered address to vote?
| SahAssar wrote:
| > But don't you need a registered address to vote?
|
| I'm not 100% sure here but I thought homeless could vote?
|
| > mail in ballots which are analogous to a poor e voting
| system.
|
| I think it is mostly about scale. It is hard to impersonate
| 10000 people it requires physical objects, it is easier if
| it is digital. One of the videos deals with this, timecode
| here: https://youtu.be/LkH2r-sNjQs?t=140
| totony wrote:
| That timestamp is talking about physical voting. I'd
| posit it's easier to impersonate 10k mail in ballots of
| the same state than (let's say) crack 10k private keys or
| whatever is used for that system. I agree though that a
| new system will bring about exploits vectors that are
| unknown, but I'm not convinced they are as bad as what is
| implied in that video and this thread.
| totony wrote:
| This article is very poor in that it has no real argument as for
| why it's bad. Here's what it asserts:
|
| - We don't care about the speed of the results. That is trivially
| false, everyone is following the reporting, Trump is out there
| saying he won, people question the delays and suggest they may
| give time for bad actors to rig the vote.
|
| - It's too expensive - There is no backing to this claim except
| "it systems routinely go over budget"
|
| - It disregards secrecy as important - secrecy is a vital part of
| an election process. It allows people to freely have any opinion
| they want without consequence or fear of people forcing them to
| vote for someone else (violence or other).
|
| - Accessibility - I'm not sure how they can assert that we can't
| make e voting accessible?
|
| EDIT: For those downvoting, please do provide a reason why you
| disagree with what I said. Is any argument in that article
| actually strong?
| greenduck wrote:
| Tom Scott still has the best argument against e-voting IMO [1].
|
| Briefly: an election only counts if everybody can believe the
| results. Making an expert level understanding of CS a requirement
| to verify your voting system means that Joe Q. Average who
| doesn't hold a PhD (or maybe even a college degree) has to rely
| on spooky experts telling him what to believe. If I were in his
| shoes then I would have no confidence that I participated in a
| fair and valid election.
|
| We kind of live in a bubble here on HN where most people are sort
| of in the tech space and could take a weekend or two to
| understand blockchain. I think its easy to forget that most
| people don't have the required background to learn it easily (or
| would want to use up their time to understand it). I almost have
| a PhD in the hard sciences and I don't fully understand the finer
| details of block chain. I think I would have to write my own
| implementation to fully appreciate it.
|
| Simplicity and the ability to explain the system to every
| American is a requirement of any voting system.
|
| [1] https://www.youtube.com/watch?v=LkH2r-sNjQs&t=12s
| eindiran wrote:
| Hard disagree. The world is complex enough that every person in
| the world relies on the words of "spooky experts telling [them]
| what to believe".
|
| Even outside of that, elections require trust in the process.
| Already, with a "simple" system in place, we have to trust that
| no one is committing fraud, that votes aren't being
| surreptitiously added or thrown out, etc. E-voting doesn't
| fundamentally change the trust dynamics at all: people
| ultimately need to believe that the people in charge of the
| process aren't up to any funny business or bad at their jobs.
|
| This argument gets used a lot to argue in favor of first past
| the post. Explaining a Borda count or single non-transferable
| vote is harder than explaining: most votes = win. But I think
| it ultimately comes down to trust: if the people voting trust
| the people involved with the process (even if they don't
| understand the nitty-gritty details) they will accept the
| results of an election.
| chrononaut wrote:
| > E-voting doesn't fundamentally change the trust dynamics at
| all: people ultimately need to believe that the people in
| charge of the process aren't up to any funny business or bad
| at their jobs.
|
| A notable difference is that any John or Jane Doe can become
| a poll worker or poll watcher with little barrier to entry no
| matter their background, and verify the integrity of their
| elections should they choose to do so.
|
| To me, the lack of the ability for an average person to do
| this would significantly change the trust dynamics.
| [deleted]
| bhhaskin wrote:
| I used to think the same thing until last night. Watching the
| different results come in. The average person already has no
| clue what is going on. You need a degree in high level
| statistics to understand why races are called when they are.
|
| After you cast your vote what happens after that? Who counts
| them? How are they counted? How are those counts counted toward
| the total? Who is certifying all of this? How are those people
| chosen?
| lhorie wrote:
| The flaw in the argument is the assumption that knowledge is a
| requirement for trust. But look for example at elections in
| Brazil: most people don't really understand how it works, but
| they like it nonetheless[1] because the good experience of
| instant gratification plants a positive initial seed in
| people's minds and association fallacy[2] is a thing.
|
| There's plenty of other scenarios where we can see
| discrepancies between trust and understanding (for example, the
| general public's trust in recycling vs what actually happens w/
| plastics). For better or for worse, humans are often fallible
| and illogical.
|
| [1]
| https://en.wikipedia.org/wiki/Electronic_voting_in_Brazil#Be...
|
| [2] https://en.wikipedia.org/wiki/Association_fallacy
| trhway wrote:
| >Joe Q. Average who doesn't hold a PhD (or maybe even a college
| degree) has to rely on spooky experts telling him what to
| believe.
|
| The Joe is for example driving a car full of electronics and
| somehow he doesn't have issue trusting his life to it. And, if
| anything, i'm pretty sure that deep understanding of that car's
| electronics and software would make the Joe to only trust his
| car less (one can google the software expert's opinions during
| the Prius self-acceleration story)
| dmalvarado wrote:
| No issues with because he usually ends up at his destination
| intact. If, through no fault of his own, he didn't arrive
| intact, spooky experts probably didn't know what they were
| doing.
|
| I can see how the argument still holds water if half the time
| the outcome of the election didn't go his way.
| randyrand wrote:
| We aren't trusting the car. We're trusting the car has not
| been tampered with.
|
| We know _many_ people want to tamper with elections. The CIA
| has done that much. The same is not true for cars. Steal
| cars, yes. But cause a random car to crash on purpose? Thats
| pretty rare. If were common, I personally would not trust my
| cars electronics either. And neither should you.
| superwayne wrote:
| I can see that the car works by getting safely from A to B,
| thousands of times. If my vote counted or not is not
| observable.
| trhway wrote:
| any e-voting system of course must make it observable.
| Otherwise it just wouldn't make any sense.
| greenduck wrote:
| Science and engineering don't care if people believe in them
| or not.
|
| If people don't believe the results of an election, then it
| is de facto illegitimate.
| IndrekR wrote:
| I think it is time to implement things correctly in US as well.
| Closed unverifiable voting system is as good as an e-voting
| system as DocuSign is good as an e-signature system. There are
| proven mathematical ways that make sure, without using
| blockchain, that the votes and voters are correct [1].
|
| Then again, I am biased as I am lucky enough to enjoy the
| benefits of well implemented electronic voting and signing system
| in Estonia. Source code for Estonian voting system is published
| in GitHub [2].
|
| [1] http://research.cyber.ee/~jan/publ/mobileverification-
| ieee.p...
|
| [2]https://github.com/vvk-ehk
___________________________________________________________________
(page generated 2020-11-04 23:01 UTC)