Haha, I was contemplating posting this myself to HN, but since I don't have a blog where I could do a writeup and collect some links, I decided not to.
For those that are confused, Sweden does not have electronic voting, and you can vote for anything, not just registered political parties. There's no list of parties where you are supposed to mark one, instead you get an envelope, and put in a ballot paper that contains the name of the party you are voting for. Normally you get a pre-printed one from the party you want to vote for, but you can also take a blank one and write whatever you want on it.
Any ballot with something written on it is a valid vote which has to be counted and becomes part of the official election result. Since a few years back they started publishing these results on the website of the election authority, you can see the 2006 results here: http://www.val.se/val/val2006/slutlig/R/rike/roster.html
Thanks for the information about the Swedish system.
> Sweden does not have electronic voting, and you can vote for anything [...]
That's not very connected. You could easily imagine a free form electronic system. And the German system on the other hand is (or used to be?) completely paper based: You got a ballot with the names of all the parties / candidates, and placed a tick next to the name you liked. Any writing made the ballot invalid.
> That's not very connected. You could easily imagine a free form electronic system.
I can also imagine a multitude of ways electronic voting can fail or be manipulated without anyone knowing.
Voter turnout was over 84%, and that number has been increasing over the last few elections. We do not have an accessibility problem. For the type of elections we have, the current system is a good fit. One person - one envelope. When the polling stations close the polling clerks take all the envelopes, open them, sort the ballots into valid and invalid piles, and then count the valid votes by hand. It takes a few hours, but we get a pretty accurate preliminary result on election night, and the process is completely open, anyone can watch the counting.
After the preliminary counting all the ballots are sent in to the regional election authority office where they do a second counting where they also add in mail-in votes from Swedes abroad and other people who couldn't be there on the voting day. The second counting is also completely open, anyone can come and watch.
Yes, it takes a few days to get the final result, but the confidence in the result is very high. Yes, there are occasional screwups, but it gets noticed, it gets reported, anyone can notice them, you don't need to a software engineer to have a chance at it.
Sure. I am not a fan of electronic voting either. Paper based voting is fine, because anyone can understand and audit it in principle. Auditing electronic voting is at least as hard as debugging.
If the general population can understand the inner workings of democracy, they are probably much more likely to embrace it.
(Though still, electronic voting and free form ballots are completely unconnected.)
Oh, you mean connected as in having with each other to do, not as in having the results connected to some central authority for quick counting. Sorry, I misunderstood you. :-)
Bull. Those German ballots may come with names on them, but you can also strike out names and add other names by hand. There may be individual restrictions on whether you can only name people that registered as candidates, or anyone fulfilling the legal requirements for being a candidate, but writing a name on a ballot doesn't always make it invalid (of course, if you write something else than a name - say, a story or an insult, or of you draw faces or doodle on it, it does become invalid).
OK. My version was the cautious story, if you want to make sure your vote counts. I never bothered testing the limits back home --- also you do not really get feedback, your vote will be just silently discarded or counted.
By the way the Bundeswahlgesetz (Paragraph 39, Absatz 1) says: "Ungültig sind Stimmen, wenn der Stimmzettel [...] einen Zusatz oder Vorbehalt enthält."
So in general, putting extra stuff besides your tick, is not allowed.
I didn't get it. I'm assuming the majority of the people voted electronically. So, are these votes the traditional ones? If so, why do they allow a text area on it? Is the person supposed tho write the name of the candidate instead of selecting it from the options available?
To clarify: to be valid, a hand-written ballot needs to identify the party without there being any confusion. Thus, a ballot saying "Fp" will be counted as a vote for Folkpartiet, but "Socialmoderaterna" would be invalid.
This is true if the party in question has ordered ballot papers from the central voting authority. This is (strangely enough) a different thing from being a runner in the election.
So "Donald Duck" and "DONALD DUCK" would count the same iff someone has ordered official ballot paper for Donald Duck party (or similar). They would (or at least should) count individually if not.
What's with the XKCD reference? SQL injection and XSS existed long before Munroe made a half-decent joke about it. I see no reason why we should assume the author reads XKCD.
Edit: Sorry, I meant author of the blog post. I know the HN title style guide.
Searching the internet existed long before google came along, yet "googling" has become synonymous with web search much the same way as "little Bobby tables" has become synonymous with certain kinds of sql injection.
Hmm, OK I guess. I wasn't aware that XKCD had attained that level of representation of CS as a whole (or I guess a paper-based SQL injection, even though simply naming someone a SQL injection string doesn't necessarily require it be paper based).
you'd be surprised. i have a bunch of friends who read XKCD for some of the generically geeky content, and to who i have to explain a lot of more technical punchlines to. including the premise behind little bobby tables. there's a lot of people whose initial exposure to a CS concept is through XKCD, which solidifies that relationship into the future.
The author of the blog post, or the person who attempted the injection?
Pretty sure the author's read it, since he's linked to the comic.
Anyway, I think at this point it's a common enough reference that when you tell someone "Little Bobby Tables", they immediately associate it with SQL injection.
I don't think that is the correct interpretation. It's not that it's through paper that it's "Little Bobby Tables". Little Bobby Tables is an injection through someone's name.
In this case, the reference is because it's through the voter registration list--i.e. voters purposefully put a SQL injection in their voter registration.
The analogy breaks down if you look too closely because it's in the party name field, not the voter name field. However, I think it's funny enough to stand notwithstanding the fact we're sitting around analyzing the joke.
For those that are confused, Sweden does not have electronic voting, and you can vote for anything, not just registered political parties. There's no list of parties where you are supposed to mark one, instead you get an envelope, and put in a ballot paper that contains the name of the party you are voting for. Normally you get a pre-printed one from the party you want to vote for, but you can also take a blank one and write whatever you want on it.
Any ballot with something written on it is a valid vote which has to be counted and becomes part of the official election result. Since a few years back they started publishing these results on the website of the election authority, you can see the 2006 results here: http://www.val.se/val/val2006/slutlig/R/rike/roster.html
The list of votes for registered parties that did not gain any seats are here: http://www.val.se/val/val2006/slutlig/R/rike/ovriga.html
And finally, the list of write-in votes for non-registered parties is here: http://www.val.se/val/val2006/slutlig_ovrigt/handskrivet/R/i...
So given this, it was just a matter of time before someone would use their vote to see if they could do a pen and paper scripting attack. :-)