* Opens Cargo.lock [1] and pnpm-lock.yaml [2]
* Closes Cargo.lock and pnpm-lock.yaml
* Goes to find a Tylenol
At least with open source we can see the sausage getting made...
[1] https://github.com/votingworks/vxsuite/blob/main/Cargo.lock
[2] https://github.com/votingworks/vxsuite/blob/main/pnpm-lock.y...
Auditing the software isn't enough if you can't reliably verify that this is actually what's running on the machines, or if the machines weren't otherwise tampered with in some way.
Note that ananymous is also a required part of voting.
• Why Electronic Voting is a BAD Idea <https://www.youtube.com/watch?v=w3_0x6oaDmI>
• Why Electronic Voting Is Still A Bad Idea <https://www.youtube.com/watch?v=LkH2r-sNjQs>
Humans are actually quite bad at hand-tallying hundreds of millions of datapoints. Our eyes go glassy but we press on anyway.
Machines are very good at doing that kind of tedious labor accurately.
Whether human beings will put more trust in a system that we know will be wrong, but it's wrong for comfortable meat reasons, over a system that might be compromised but will be more accurate its more of a psychology question than a technical question though.
Having a paper trail and an observable counting process is worth a small error margin.
The problem with the accuracy assumption of electronic voting is that a) its all coded without errors and b) someone hasn't deliberately but code into manipulate the vote numbers.
If you're saying we should be writing voting machine code in ML and keeping the firmware in Fort Knox, I'm going to make the argument that it's a lot cheaper to do sampled hand-counts to check against machine error or tampering... Which we already do.
> no software or programmable hardware
That's obviously too stringent. Consider:
1. Precinct hand-counts every single paper ballot bubble sheet.
2. Precinct hand-counts every single paper ballot bubble sheet, then confirms the hand count by feeding all the ballots into an electronic bubble-sheet reader.
Your claim is that #1 is more trustworthy than #2. That's an extraordinary claim that requires more evidence than two youtube links!
Edit: to be clear, I want the requirement that all voting must be paper ballots like the human-readable bubble sheets mentioned above. But saying that no software or programmable hardware can be used "in the election process" is so extreme that it sounds like a parody of my own position.
We've been using mechanical, semi-mechanical, and electronic systems for decades at this point. The new concern for accuracy is pretty unfounded (and, it is worth noting, was heavily drum-beat into existence by a Presidential candidate who then went on to win an election).
If we want to talk problems with electronic systems, I'm a lot more concerned about how people don't actually know how to use touch screens (and I am myself in favor of pencil-and-paper ballots for that reason alone) than I am about people being able to sneak a super-double-secret modification to an electronic tabulator in against all the ways that attack could fail (including "The county can just decide to hand-count the pencil and paper ballots anyway, which would discover the deception").
Fully electronic, no-paper-output systems are past my personal trust threshold.
More seriously, even though some cars are programmable, I did not mean that nobody could use cars to transport ballot boxes. I obviously meant that the official results should be the manually-counted one; machines could conceivably be used to get interim results faster, and/or to double-check a count to see if it needs to be counted again. But I was serious about requiring absolutely no machines involved in the counting of the official results.
The main benefit of manual tallying is that election tampering at scale becomes a rather labor-intensive and physical process that is more likely to leave detectable traces. Compare that to the the last US presidential election that has statistical oddities in machine-tallied voting results of kinds that have historically been shown to correlate with election fraud. If this was indeed caused by fraudulent voting software, it happened without leaving any other obvious traces of tampering.
When and where was this?
- in New York there is statistical anomaly correlated with a couple small-town polling stations. Those towns are small enough that they have a huge population of one religion, and one explanation is that the Democrat party's perceived "soft on Israel" stance tilted 100% of voters in those locations away from supporting the Democrat presidential candidate.
- in Pennsylvania a standard statistical analysis tool used to detect vote disruption suggested disruption occurred. The form of the disruption could be fraud, but it can also be things like voter intimidation (which was observed and reported in Philadelphia) and sudden discontinuity in voter behavior (the aforementioned "soft on Palestine" issue).
Correlation does not imply causation, and the lack of evidence of tampering of the machines in the audit logs is lack of evidence of tampering of the machines, not indication that the audit logs were compromised.
People who think it's not safe should really spend some time learning how it works. It's impossible to cheat at scale. Each ballot is verified to be correct my multiple eyes. A person is reading, one is writing down the name, one is verifying and some other things I don't remember.
To cheat you need to have everyone in on it. A whole town involved to cheat and to at best win one polling station. It's safe because anyone can attend the counting, so each party can send someone to check no shenanigans is going on.
So the more votes you want to be winning by cheating the more people must be brought in the conspiracy. That's impossible to be unnoticed at the scale of a city, much less at the scale of a country.
Elon did it, and they both bragged about it, publically.
And the other related issue is that in 2025, it simply should be possible to vote from your phone in a way that verifies your identity, if you'd like, using the faceId/fingerprint biometrics that most smartphones from recent years have.
Paper ballots are fine. It is not complicated at all and an election is the one thing you just cannot get wrong in a representative democracy. It can cost a bit and you only do it once every few years.
And if anyone can make up a reason to doubt the outcome of the election, it will fail it's objective: Peaceful transfer of power.
The usual way to try to solve this is the ability to override previously cast votes, in secret. But the combination of that and the ability for all interested parties to independently verify the count is not trivial. But not impossible either, much has been written on the subject since e-voting was all the rage in the 90s. One would do good to study this work before designing yet another voting system.
They can see whether another candidate's ballots are piling up faster than yours, they can estimate whether a table counting ballots for a district you're expected to dominate is being given way fewer ballots to count than you'd expected...
Yes, they would obviously spot if some election worker is like adding a pile of pre-marked mass produced ballots to a pile or something, or if they were just putting half of your ballots in the wrong pile - but stuff like that basically never happens, whereas somebody will win and it'd be nice to know before it's announced if that's achievable.
Software and hardware is still magnitude more vulnerable to intentional misbehavior, and even accidental mishaps has a higher risk of massive negative consequences, and its harder to discover failure compared to boxes of votes that has a physical presence.
Arguments against electronic voting: 1) one person can change millions of votes 2) vulnerable even outside the country 3) even if you audit the software, it's hard to verify that the audited software is what is actually loaded on the machines 4) even if you check hashes of the software, how do you check the software that checks the software (this is a restatement of the Ken Thompson Hack) 5) proprietary software 6) USB sticks are insecure 7) final computer tallying everything is owned and located in a single place 8) XSS attacks on e-voting pages.
Arguments for physical voting: 1) centuries old, many attacks have already been tried and failed 2) no identifying marks on ballot = no opportunity to pressure voters to change their vote 3) multiple people involved in each stage of the process
I realized after typing that out that YouTube has a "Show Transcript" function, so try that for the second video.
If you can not independently verify election results, what good does published source code do?
Elections are a process, not a result.
The huge takeaway for me was not the technology (or lack thereof). Ultimately all existing (and proposed) systems have flaws. The key was public trust in the result.
The first step to sidestepping democracy is to attack the legitimacy of elections. One can attack the process, software, hardware, ballot security, eligibility, and so on. It doesn't really matter what you attack - it doesn't matter if your gripe is legit or not. It only matters that you erode trust in the result.
If you can make people think the elections are rigged, then you can bypass them and move straight to authoritarianism.
Quibbling over open-source or not is irrelevant. We can cast doubt on the software either way. Quibbling over electronic or paper voting is equally irrelevant (there are plenty of paper-only elections worldwide that are very suspect.)
Naturally the Open Source company promotes Open Source voting machines. But in truth being Open Source has no (real) benefit. Software is easy to tweak, Open or not.
Electronic voting is fine. Why can't we just have a printer in the polling booth? I run my ballot, then hit print, then I can manually verify it, and then drop the printed ballot in a box.
Literally the easiest thing to do.
They don’t have stellar democracy grades from The Economist’s index: https://en.wikipedia.org/wiki/The_Economist_Democracy_Index and both seem worse off in the last ten years than the ten years before.
Enjoy: https://en.wikipedia.org/wiki/The_Economist_Democracy_Index
Our elected representatives have tried to add a paper trail to the machines twice now and it was ruled unconstitutional for total bullshit reasons. Our former president was banned from future presidential races because he questioned the machines. We have a judge loudly proclaiming that the machines are UNQUESTIONABLE with such unwavering pride you'd think he'd have the balls to start a billion dollar bug bounty and post it here on HN. He only allows you to "audit" the system by appointment behind closed doors and the only tools you're allowed to bring with you is a pen and a piece of paper. People found issues even with these restrictions. There are people protesting to this day, laymen asking for source code, completely unaware of the existence of supply chain attacks and the fact the source code would prove nothing and serve only to humiliate them. We have former US president Biden's top CIA guy telling our former president to stop questioning the machines, wouldn't be surprised if they had access to this shit.
Germany did it right: voting machines are unconstitutional because citizens do not understand it. Elections must be fully auditable by the average person. This is the correct stance.
Bolsonaro didn't question the electoral process, in fact, I doubt he even understand it himself. He questioned only the results, because in his mind he should have won by a lot.
Not dissimilar than Trump's "stop the count!" on US paper ballots.
He did. For years, and during his mandate. I was there. Out of every stupid thing he said and did, they cited his perfectly valid criticism of the voting machines as the reason for his banishment from politics until 2030.
> Not dissimilar than Trump's "stop the count!" on US paper ballots.
Completely different matter. I'm very skeptical of claims of election fraud in the USA because it uses paper ballots. I have no trouble at all believing that our Magnitsky sanctioned judge literally named Lula president.
In the end it's irrelevant. Bolsonaro's ordeal has revealed the deep truth of Brazil to the masses: the real power is in the supreme court. Discussing elections is utterly pointless since these judges are not elected. Elections are just a game they play to give this shithole a veneer of democracy.
The cost of human labor to count all ballots by hand will be enormous. Probably worth it I suppose, but this really is something that should be primarily automated. But again, trust in software. Sigh, why can't we just have nice things?
What's important is being able to segment the population in enough voting places so that each voting place is maneaganle just by a small number of people. The Chilean system is scalable because you can always just add more voting places as the population grows.
Usually these voting places are civic centres, stadiums, schools.
It's a good system and generally for a presidential election we get the results in about 4 hours after voting ends.
In Taiwan, this is how it's done. Every ballot is counted by human. It's completely public: you can just walk in any polling station during the counting process and watch they count.
Every problem Tom mentions can be worked on and overcome. Maybe not today, maybe not by the next big election, but we should still start now, rather than later. We need to do everything possible to increase participation in the democratic process, especially for the demographics that are currently not very involved, which are also the demographics that are more likely to adopt electronic methods of voting.
Do we? Participation should be made easy for those eligible and inclined to do so, but I don't see the benefit of encouraging participation from people who can't be bothered to put some effort into it, or are ignorant of the issues and candidates and are easily swayed by trashy campaign ads. I've seen the statistic thrown around that less than half of americans can even name the 3 branches of government, and if that's true I think those people have a civic duty not to vote.
Seeing the constant barrage of campaign ads every couple years made me think about it- Why does campaign financing matter, how do they turn money into votes anyways? The answer apparently is ads, but I see these bottom-of-the-barrel slop political advertisements and wonder how that trash could possibly have a measurable effect on the outcome of an election. But it must work, otherwise they wouldn't spend so much money on it. And the fact that elections can be meaningfully influenced by the amount of ads a campaign can run is a signal to me that the democratic process is broken in some fundamental way. The votes of well-informed constituents are drowned out by the more numerous cohorts of partisans, reactionaries, and the apathetic just going through the motions to fulfill their 'civic duty', so it seems to me that increasing voter participation without changing anything else is only going to exacerbate the problem
It would certainly be exhausting to share an opinion on every single resource you want to share with someone.
In fact, I'd argue that having 50 different voting systems with 50 different ways to prove eligibility makes our elections more resilient to large-scale voter fraud, even if it makes it more difficult to verify voter rolls wholesale.
That's pretty much the problem they were designed to solve no? It's called the double spend problem, and it's crypto's big comp-sci innovation. The whole paper was about it.
- The Human Identification Problem (not sure if there is a more official name): uniquely identifying a human being. If you solve this, you solve many forms of fraud (anything rooted in identity fraud) and eliminate entire industries dedicated to reducing fraud losses. Best attempt so far has been the Estonian ID system [0]; Sam Altman tried with Worldcoin but that ended up being yet another crypto grift. Incidentally, Estonia uses its identity system for electronic voting.
- Proof of citizenship; citizenship in the US for most people is a birth certificate issued by a hospital or other authority several decades ago, or a proxy to this document such as a passport. Naturalized citizens have it easier here because they have a state-issued document declaring their citizenship.
- Proof of residence: This is also something not verifiable via a blockchain or smart contract, because it depends on the state and relies in part on your physical location and your intent. Legally you can only vote from one voting address, but there are countless people registered with multiple addresses across states as they move residences.
- Secret ballots: You cannot tie votes back to voters in a free election. Blockchains are open and publicly-verifiable, which is good; but cast ballots cannot be verified _even by the voter_. Blockchain doesn't bring anything to the table here over, say, a database; because the recorded ballots must not be tied back to human identities, you cannot use any of the work done to verify the three previous points to verify the election outcome. Blockchain would boil down to replacing or augmenting paper ballots with a provably immutable record, where you still need to place trust in the system recording votes on the chain.
I live in California, where the voting method is vote-by-mail and you sign your ballot. That breaks anonymity right there, plus there's a barcode that matches address and ballot for traceability, so in theory anyone involved in the election process could look at my ballot, cross-reference against address, and figure out how I voted. In practice I've never heard of anyone being pressured or confronted based on how they voted, so my default assumption is this doesn't happen much or at all.
But even broader, in the U.S. your party registration is public information. That's why whenever there's a political shooting, the media always says "He was a registered Republican" or "registered Democrat" or "was not registered to vote". And this mechanism is actively and publicly being exploited to alter elections. Since the U.S. is a two-party system and party membership is public, you have a fairly good idea how each precinct is going to vote before they vote, and can gerrymander maps to get the outcomes you want.
Plenty of trust issues in physical ballot transfer as well. California is vote-by-mail, but that assumes the postal service is a reliable carrier, while there was just a recent news story [1] about ballots being stolen. Before I lived in California, I was in Massachusetts, where we voted on 1930s-era lever voting machines where you hit a lever down and it marks a paper ballot without you ever seeing the real ballot. Between elections, these were stored backstage at the local middle school, so a mechanically-inclined middle schooler with knowledge of how an upcoming election's ballots would be formatted (and we did mock elections in middle school) could have rigged the machines to deliver the local precinct to their preferred candidate.
The useful points in the video were basically that decentralization and redundancy are what make physical elections hard to rig: you have to hack multiple locations to influence the overall election, and at each point you have multiple eyes watching you. He sets up the contrast with software voting, where you have the same software running on each machine, and even if the software is open-source, you can't be sure that the rest of the stack it's running on is secure (an oblique reference to the Ken Thompson Hack [2]).
But decentralization and redundancy are properties that you can introduce into software systems just as easily as real-wold systems. The KTH can be countered through Diverse Double-Compiling, for example [3]. zkStarks and digital signatures give you ability to prove that you authored something without revealing what that something is or who you are. The importance of client diversity for the security of the network as a whole has been well-known in the filesharing and crypto worlds. And anyone who has worked in Big Tech, aviation, or telecom could tell you that having multiple paths to success that are developed by independent teams is important for any computer system that is in a safety- or reliability-critical area.
[1] https://www.almanacnews.com/election/2025/10/14/ballots-stol...
As far as party registration goes, is that required where you are? Because if so that's insane and the government there needs to change that. Everywhere I've lived you don't need to register any kind of party affiliation (and indeed some places you couldn't), you just register as a voter and you're good. Maybe it's different where you are, but if so just be aware that it is (thankfully) not universally done wrong in the way you describe.
(Splitting hairs here but) this isn't true: in some countries, but not all.
In some countries ID is an optional document you only need to acquire if you want to drive, vote or travel internationally.
This means anything more complex than a pen or a stamp on an approved paper is too complex.
Many countries have secret ballots, mine doesn't, for reasons which are extremely sketchy (and presumably why my country is blue, not dark blue like New Zealand on the democracy map)
- Secrecy of who voted for whom
- Transparency of everything else. The names of everybody in the process, the process itself and all the statistics should be verifiably public.
Being an observer to your polling station must be a guaranteed voter right. Similarly all participating parties must have the right to send representatives to observe the entire process.
Before opening the polling station all ballots are counted by multiple observers from all sides. This is recorded into files / documentation of each observer. So the number of possible ballot papers that can be voted on is documented.
Then each ballot paper needs to be stamped with a official local seal. This is also observed by every observer. The number of stamped ballots is also counted and documented. The number has to match the original ones.
The number of people who can vote in that voting station is determined by a population survey. In bigger cities each region must have roughly the same number of constituents.
The number of ballots that are stamped must match the number of eligible voters in the polling station. A voter can request to change a damaged ballot paper. The replacement should be done in front of all observers and the voter. The replaced ballot is destroyed in front of everyone.
After putting their ballot into the box, the voter has to sign their name in multiple printouts of the list of eligible voters of that polling station. These printouts of the lists are held by observers from multiple sides. The number of signatures has to match the number of ballots in the box.
Everybody can observe the count. All the numbers are checked against each other.
If you think that this is infeasible, I come from a country of 80 million people and live in a similarly sized one. Both of them use the same system. It works. It scales since it is an almost trivially parallelizable problem. We get the election results in the same day of voting.
Besides that what other scaling problems are there?
Coming from Ireland (tiny population, low pop density) I've heard this argument countless times (we're an obvious target for this critique), but I still to this day don't see the logic of it. At all.
Constituencies are sized per capita, count centres are staffed per capita, if you have higher pop-density you'll either have more observers at count centres, or the same number at more count centres. This is a distributed system - it's the definition of scalable.
Fwiw the last count I tallied at (Dublin MEP) had an electorate of 890k. It was the smallest constituency in Ireland in that election, but still bigger than the largest congressional district electorate in the US. We counted in one large open warehouse. There were 23 candidates & 19 separate repeating counts.
That could work in favour or against your argument - I don't really know - I don't really think it matters either direction though.
It's 100% paper PRSTV & so the counts are slow. Not only is this generally OK (because getting a rapid result is absolutely not a requirement of any well-functioning voting system) but it also has actual benefits.
The main benefit is predicated on the count being engaging in and of itself. Other countries put a lot of effort into jazzing up statistical presentations on constituency predictions, cloropleths aplenty, to engage viewers. In Ireland, count centres are not only manned by trained count staff, they're also flooded with volunteer tallymen who verify the counting in realtime. Count coverage is on the ground, showing a real physical process that's intricate enough to be watchable. The entire process also serves as an education-through-doing in how our voting system works, so you get a more engaged & informed electorate (when it comes to the mechanics of voting - still unfortunately not that informed on policy, that's a worldwide problem).
In practice it doesn't seem to matter that much. The counters even out the first-level effects of this, so it only matters for votes that have been transferred more than once; it can be determined statistically that it changes the result only in a very small number of cases; and there are plenty of other weird threshold effects to care about instead. But it's one property you might expect of a fair voting system that Ireland doesn't give you.
That said, surplus distribution tends to be the main flaw raised time & time again, & whenever improvements are discussed the general conclusion tends to be that the current distribution mechanism goes a very long way toward fair representation of the actual preference distribution. It's notable that the more computationally intensive alternatives to get "fairer" outcomes are pretty recent inventions & it's really hard to justify the effort given the tiny number of cases affected.
Once you start with non-transparent mechanisms, there is no end to it.
Every time I try to get to the bottom of this, it always boils down to "trust the system" which makes me uneasy.
IMO the best solution here is to have electronic counting with an auditable and traceable paper trail as a backup. Every time I've voted for the past 10 years has been like this. First, I get a ballot paper from the front desk and stick it into an airgapped ballot marking machine. I then make my choices and the machine prints them onto the ballot paper. I'm able to read the paper and verify that it matches the choices I made. I then stick it into a separate airgapped ballot counting machine, which scans my ballot and deposits the paper copy into a sealed box. The entire process of setting up the machines, transporting the paper ballots, and reading the results from the machines is cross-checked and signed off on by volunteer poll workers from both parties.
> how can a constituent know with absolute certainty that their vote was counted
The representative of your party plus independent observer said all votes at your polling station were counted. You know both those community members and know them to be generally honorable. Ergo your vote was counted.
> every voter in the system was legal
None of the observers at the polling station, or the station head claimed any illegal person voted.
> the final tally was authentic
The observers all signed as witnesses on the final tally.
This is not the "system. it is humans you know who are telling you what they saw. If you can't trust other humans at their word, democracy cannot fundamentally work.
This, but also, important to point out that this is a question of scale: "If you can't trust other human*s*" - plural.
It's not that developing voting software should be open-source, its that actual voting should be "open-source" in the physical sense.
Trusting the system is possible if you can (you, yourself) readily observe every part of the system. I don't think giving members of the public access to the server your voting software is hosted on is a very viable idea, but giving members of the public access to paper count centres is (it's done very successfully in many countries).
One of the weaknesses in our democracy is the insistency of doing things virtually - it's the same weakness exposed by social media.
Electronic systems are always going to be subject to hacking and manipulation, and are more easy to hack and manipulate at a large scale (scaling is the point of software). In-person voting is still subject to manipulation, but you can just go back and look at the ballots on paper as they are. You get more targeted manipulation, but it's probably easier for a single person to uncover and reason about.
I guess in some sense I'm arguing for the existing system [1], and not to move to any sort of electronic voting, but adding in a new federal holiday for the actual Election Day. It should be a celebration of democracy, a day of reflecting on our republic, and an opportunity to be patriotic with special programming and events, parades, etc. Just a hope/dream there.
I guess the main thing I'd like to say is, I think we should have the day off from work and we should all get together as much as possible as a society and celebrate this damn thing we have instead of sitting at home on the Internet just complaining and doing nothing all the time.
[1] Today we have ballot markets which electronically mark and print the ballot. I'm not quite as concerned about those being hacked (from a layman's perspective not any expertise), and then we have the actual ballot that was cast by the citizen that we can reference. When I think about open-source voting systems, electronic voting, etc. I think of doing it through your computer.
Why do we need machines? Counting the votes for e.g. the parliament only takes 24 hours or so, generally. And we don’t have elections every week, right?
In first past the post system, between 1% to 49% of votes are stolen and tossed by design. This actually, not hypothetically happens, in real life. Electronic voting maybe can be abused, and maybe some significant number votes may be defrauded. But in FPTP it has actually happened already and at a much worse scale. Imo the real high priority issue is obvious.
Unless something has changed recently, election integrity demands a voter-verified paper ballot that is retained with security by the authority, and can be physically counted, as a check against compromised or defective digital systems.
Open source is not sufficient. Don't let marketing sound bites be a confusing diversion from the problem.
If the US understands anything this year, it's how important elections are. Hopefully we get another one.
Who gives a shit man, it's not going to be the end of the world or even substantially change things no matter what methods we choose. You might as well choose the ones that make things easier on people. Crazy that the world wide information network that we've built and defines our current age in history is treated like some horrible evil. It's not, it will be fine. But with vote by website now every home, school, and library in the country becomes a polling place.
There is no amount of transparency that will achieve the mythical "public trust" that's being envisioned. Our current voting system is all paper right now, actual voting fraud—meaning literal ballot stuffing is nonexistent and still people buy into conspiracy theories. Voting manipulation happens in broad daylight at the systems level and is done by carefully restricting access. Expand access and the problem vanishes.
If people in power want to cheat, they will. Shuffling around the tech isn’t going to do all that much to change things.
As another example, you don’t have to swap the ballots at all. Somewhere in the chain of custody, someone could just “lose” ballots for a region that is projected to vote against whoever they’re trying to fix the election for. They could forge or lose some other accompanying paperwork that was to manage those ballots, too. Or they could not bother doing that either because what are you going to do, redo the election?
Cooking up examples is sort of pointless. There are always going to be new and unexpected ways to commit fraud. The actual root issue isn’t technological. It’s sociological trust.
And if all you want is political polling, every elected representative does this already (well, they generally pay someone else to do it). So I'm not sure what it would mean for the US gov to do it separately. Do you imagine that a "non-partisan agency" like the CBO would do it with taxpayer dollars, as a publi service for the politicians who would still vote however they do?
If the goal is public trust, open source isn't helpful for the general public.
But still it is not a way to fight a political party that will use dummy machine that counts each ballot as a vote for them, and then accusing all others that they are trying to steal the elections. It is an unbelievable stupid tactic, but I think it may work in USA, judging by people eager to believe any BS if it supports their party.
The US has the worst voting system intentionally, not accidentally. And mail-in voting shows we aren't even a little serious about election integrity. We're militantly against it: you can get people to rabidly support universal IDs for trivial, nonsensical reasons that have never resulted in significant problems; and to demand digital IDs, device attestation, and real names on social media; but to the same people showing IDs to vote is supposed to be the end of democracy.
People have made this proposal every year since the 90s, and depending on the year it was the Republicans rabidly opposing it or the Democrats rabidly opposing it. Good luck getting things accomplished with a good argument. That's not how things get done. The people who get the final say about this would love to get rid of voting altogether, but they'll settle for vendor kickbacks.
A signed affidavit or local ID should be fine to establish identity. That can be done when signing up for mail in voting (although I personally prefer in person).
Voter fraud is extremely rare under the current system.
RealID is a national ID system (that they pushed since the 90s for no reason), and we're all issued voter IDs when we register as voters.
> A signed affidavit or local ID should be fine to establish identity.
I don't think you understand that people are against showing any ID to vote; if you pull one out, the poll workers' eyes get big and they fall over themselves trying to get you to put it away (I just took it out so you could read my address to pick my precinct, ma'am.) An ID which, very soon, will be required to be a RealID if it isn't already in your state. It is in mine.
I also don't think you really mean that a signed affidavit is enough to establish identity, even though you said it clearly. If you actually do mean what you said, I'd love to hear the argument.
> That can be done when signing up for mail in voting
Mail-in voting allows other people to watch you as you vote, and is the opposite of voter integrity. You should not be able to prove who you've voted for, or else you can be forced to prove who you voted for. This is why you are not allowed to take pictures of your ballot in the voting booth.
There's absolutely no reason to spend any time on open source voting code if you'll allow churches to call their entire memberships in to fill out their mail-in ballots together (under pain of expulsion), or hypothetical gangsters to go door to door threatening to shoot people if they don't give their ballots up.
> Voter fraud is extremely rare under the current system.
1) There is no way to know, and 2) if so, that makes this proposal even sillier.
I personally am very interested in electronic voting and voting algorithms. I've read a million papers and think about it all the time. But this is not a technical problem. There is no country that has a worse voting system than the US. Normal countries don't take weeks to count up the votes.
I had the privilege of helping count votes in my small town 2012. Volunteers stayed up after voting ended and all of the ballots were double checked - counted by two separate people, working together at a long table. Cheating or manipulation was inconceivable, and there were many layers of double checking.
The beauty of this system is it is infinitely scalable. The more voters there are, the more vote counting volunteers there are. For larger cities you can split up by blocks or per polling place. There should be many polling places to make voting easy and accessible.
It isn’t fast or fancy or glamorous. But communities ignore the power of communal activities at their peril.
Even with that utopian scenario the remaining problem is that the goal of elections is agreeable consent. Mewning the goal isn't just to get a decision. The goal is to get a decision, people can agree with because they trust the process must have been okay. If your vote is low stakes, like where you go for lunch with your collegues, then that trust doesn't matter, who cares if it was wrong? But if it is high stakes even a perfect digital system is problematic, because even intelligent, technological expert voters have no chance of understanding which of the moving parts might influence what in which way in practise.
Meaning a paper ballot with the right process can more or less be understood by everybody who can count and has mastered the cognitive skill of object permanence.
A Rust project with a 30k Cargo.lock file filled with dependencies on an even more complex operating system, running complex (in a different way) hardware, that might differ for each voting location isn't that. And that isn't about the programming language or the tech stack. It is about the intransparent nature of electronic systems themselves.
I spent a three quarters of my life learning programming and electronics including hardware design and I teach that stuff on a university level. Even I would have a hard time ensuring there is really no backdoor in the whole stack. And this fact means even if there is no backdoor in it, there might be and there is no realistic way for a normal person to check. I understand the nerd appeal. It is cool to toy around and figure that problem out. But the core of the problem is not technological it is sociological.
That is such a big flaw that IMO it is not worth it for high stakes elections.
Anyone who talks about election security should be required to spend at least a few moments walking around Defcon in the election machine hacking village. Even absent electronic voting machines we still need to apply that same level of rigor to security across all domains of the election system no matter what format is used.
More fundamentally, the epistemic meaning of a ballot, a vote, or an option on the ballot, how options are even decided for inclusion or their exclusion, which outcome deciding algorithms are used, and how "the result" is interpreted by society or implemented by a political agent is deeply confused. The vote itself has very little resemblance to what actually happens. Such things likely cannot be formally specified anyway. Massive amounts of ambiguity, noise, error rate, and insecurity are to be expected in these kinds of systems. So what then are we even doing with all this? I am not referring to what we say we are achieving, or what we say we are intending to achieve, but rather what kind of actual outcomes be can supported by careful engineering of all these components?
Blockchain is no solution here. See:
"Going from bad to worse: from Internet voting to blockchain voting" https://www.dci.mit.edu/s/VotingPaper-RivestNarulaSunoo-3.pd...
The voter needs to be able to see their vote on the paper.
Reading the rolls needs to be done by machines, but by several different machines reading the same rolls. So we can verify.
Software is not the problem. The medium of persistence is.
For those who don't know the VotingWorks software is both Open Source and their machines create and count paper ballots. You can read about it here: https://www.voting.works/machines
Essentially they have a computer, a ballot marking device, that people can use to mark their ballot. That ballot is printed on paper. Then the paper can be validated visually. Then fed into a machine to scan and count. The paper ballot is preserved and can be later audited.
The ballot marking device has a number of advantage over pre-printed and hand marked ballots:
- American Disabilities Act (ADA) compliant using standard web technologies
- Available in applicable languages without lots of translated papers on hand
- Errors or typos in ballots can be fixed days before election instead of weeks (due to print shop lead times)
- Better UX for complex races where things like ranked choice, choose three, etc with rules which can cause people to mismark and then have their ballots rejected
- Avoids sloppy/incomplete markings that must be interpreted and judged by counters/auditors
The entire system runs offline. It is open source.
They also have separate open source software for running risk limiting audits using the paper ballots: https://www.voting.works/audits
Disclosure: I am a donor to VotingWorks.
Probably a difficult task to ensure all readers of all pages on the entire website are fully aware of this context in advance - I'd imagine this kind of averse reaction will continue to be common until these kind of hybrid systems become more widespread (or the interests pushing paperless are comprehensively silenced, which seems less likely).
---
That said, now that I do have full context, I do have two criticisms:
1. Clicking through to the VotingWorks frontpage, the copy still doesn't really highlight in a very obvious manner the paper nature of the system. You really have to analyse the website to figure this detail out.
2. The homepage does contain a section entitled "Faster Election Results" - which I do think flies directly in the face of many criticisms in the HN comments here & I personally believe to be an approach that's incompatible with democratic integrity. Counts should simply not be trying to be fast as a high priority - verifying the automated count by hand is insufficient if it isn't done as a matter of course. Ideally, live, while the count is taking place. The latter is not feasible with an automated system, & the former is a lot more likely to be overlooked if speed is a priority.
We don't just need systems that can be fair, we need systems that incentivize fairness & don't contain perverse incentives - count speed is exactly such an incentive.
https://sites.pitt.edu/~rbrandom/Courses/Antirepresentationa...
It's a simple, cost-effective system which is impossible to hack. Electronic voting offers no advantage over this.
A vote recount and/or judicially called audit can take months to resolve. This can lead to a loss in confidence in the outcome and for political shenanigans (e.g. Bush v. Gore).
I feel far more confident in a system where the software is open source because it increases trust for free. As a citizen having the software be open source is only upside to me.
Verifying that requires more expertise than verifying the physical ballots themselves.
AndyMcConachie•3h ago
astroflection•3h ago
goda90•2h ago
fabian2k•2h ago
It is possible to do small-scale fraud with paper ballots, you can never fully eliminate that option. But it is exceedingly hard to do larger scale fraud without it being extremely obvious to any observer.
brendoelfrendo•2h ago
fabian2k•2h ago
vlovich123•2h ago
0x457•2h ago
mjparrott•2h ago
horacemorace•2h ago
kelnos•2h ago
Yes, I know: before computers and other mechanical systems, people had to count ballots by hand. There were many fewer people voting then, and regardless, that's not really the point: they counted by hand because they had no alternative.
Electronic voting certainly brings new problems into the mix. I don't think those problems are insurmountable. The problem isn't the technology itself. It's the legal and social landscape around voting technology. Open source, with reproducible builds and a method to verify that the code running on a machine was built from a particular version of source, is a start. Verification of that software's functionality, on par with the verification done of critical software (medical devices, things that go into space, slot machines, etc.) would be another good move.
Voters can also receive paper receipts, and I'm sure we can come up with some sort of scheme to take a representative sample of the electronically-recorded votes and validate them against the paper receipts, while maintaining voter privacy.
mjparrott•2h ago
luxuryballs•2h ago
fabian2k•2h ago
Other countries do paper ballots and manual counting without issues. The US isn't that special or unusual.
dogleash•2h ago
As soon as you try to be more clever than electronic counting of paper ballots, yes they are.
You can either audit the count by replaying the input event stream, or you can't.