The best thing about paper ballots is their simplicity: even children can understand how to count and monitor them. Nearly any citizen has the skills to participate and to spot fraud.
In comparison only a small percentage of the populace understands programming, fewer still would be able to write a secure voting system and fewer still would be able to debug such a voting system (code is harder to debug than to write).
Given the above and the high stakes of government elections I think we have yet to find a technology superior to simple paper ballots.
> even children can understand how to count and monitor them
Except they have no error correction and admit ambiguity as to a voter's intent. That's all great and theoretical, but the inability of some voters in 2000 in Florida to fully punch a paper ballot led to a recount that under some scenarios would have led to President Al Gore rather than President George W. Bush.
Maybe the occasional hanging chad is worth the other positive attributes of paper, but don't write off all the advantages of an electronic system (error correct, instant results, etc).
With the utmost respect, you can screw up anything. The florida voting paper and damn hole punching was and remains utterly crazy. Obviously so to the overwhelming majority of people in a way that anything electronic isn't and will never be.
"This is really bad form design, look at this layout" - she said pointing to the piece of paper she was holding. Most people can assess the merit of that argument, and in the case of Florida, have done so in a reasonable manner - whatever their conclusion.
"This is a bad electronic system" - 99% of people have to trust an authority to even begin to form a view on that which makes disinformation and propaganda of the usual kind, ie advertising and lobbying, more effective than it deserves to be based on merit alone. Now that's fine for soda purchases but not good enough to trust your democracy to.
> the inability of some voters in 2000 in Florida to fully punch a paper ballot
Blame the user?
The fault lies with the election administrator who had not followed procedures and properly cleared the voting machines of chads from prior elections.
> don't write off all the advantages of an electronic system (error correct, instant results, etc)
None of which are true. The sole advantage to electronic voting systems is to expedite the transfer of public monies to cronies. Well, a second advantage is to obfuscate the whole process.
This is an incredibly salient point, because the conspiracy theorist in me screams that it was intentional in order to sway public opinion in favor of electronic voting machines, in order to let Them fix elections. I truly believe the whole scheme of electronic voting is intended to defraud the public of their right to vote.
You can simply and easily do instant results by using an optical scan voting system: ballots are scanned as they are submitted by the voter to the ballot box.
One of the most fundamental requirements of the ballot is secrecy. If you are provided with a receipt, you can be coerced to demonstrate that you have voted a certain way.
A fundamental problem with electronic voting systems in general is unless the code is open nobody has any way to know if their vote is actually secret or not - and even then we have no way of verifying the machine hasn't been tampered with.
This article discusses what should happen to ballot slips after and election, compared to what actually happens, and describes the potential for de-anonymizing votes.
1. The ssl certificates for the transmission of vote counts where leaked.
2. PAPER ballots, which have an rfid chip to HELP the automatic vote counting could be used to duplicate a PAPER ballot.
I don't know about point 1, and I'd like someone with experience in that to check it up, but point 2 is just not an issue.
This is because this isn't really electronic voting, this is an electronic assisted paper ballot. It's just a paper ballot which is printed with the help of a touchscreen. People are supposed to check each ballot in each voting table, but know they have rfid readers to make it faster. When they read a ballot as containing a double vote they just declare it invalid. Also, vote numbers must be equal to the amount of people that voted, you just can't duplicate votes.
This is wrong. And I have read this argument so many times. This needs to stop.
1. First, a "white vote" is just an empty ballot
Nothing prevents the card being printed later, and used as if you voted in the first place.
2. there's no way to void your ballot.
You are supposed to write "void" in the card, but nothing prevents the authorities from reading from the chip, or worst writing down "void" to your non-void ballot.
3. The chip can hold multiple votes
Which the software will count, but will raise no warning whatsoever.
Also, in the case of a difference between the chip counter and the paper count, which one should be trust?
Should we throw away the entire table? if so, then a simple vote could then nullify the entire table
1. It's the same for traditional ballots, "Fiscales" and the table president prevent it. They go one ballot at a time checking if the vote has to be voided for failing with the protocol and adding the votes. Now they just have an automatic medium to double check the count. Each party has an incentive to find anything to void the oposition's votes.
2. Yes there is. This last election a friend of mine got his ballot voided because he didn't fold it while putting it in the box, which would reveal the ballot ("voto cantado").
3. Again, counters go one ballot at a time if one turns double it's voided.
The push to e-voting actually surprises me - if it was just one country, I'd write it off as just one of those things, but the fact that it keeps happening in country after country. Generally speaking, most human behaviour can be explained by assuming that people value status and power above all other things. So you can expect those in power to try to keep that power.
But e-voting surely does the reverse: it throws open the playing field, putting power up for grabs to whoever can hack the system, with no way to predict who that will end up being. So why do those currently in power want that to happen? (Not a rhetorical question: I'm actually curious about the answer.)
How not? Sure, the people who ordered the system installed might have planned to arrange a hack themselves, but once it's in place, anyone can hack it.
Yeah, such a hack will become either a mess and declared invalid or something political motivated. The event horizon of political motivation can be calculated. Therefore planned ahead.
So if I understand you correctly, what you're saying is, those who already have and are used to wielding power, are (whether rightly or wrongly, it's what their intuition tells them according to their experience so far) reasonably confident they can use existing power structures to manage what ever mess results and prevent it getting out of hand? That does sound like a reasonable explanation.
Follow the money. All the new voting systems are about enriching cronies at public expense.
Now that HAVA's touch screen fiasco has played out, the next big push is for vote by mail (postal balloting) requiring all new gear and enabling exciting new business models.
That these new systems are unverified, unreliable, and easy to subvert (undetectably) is just a happy side effect.
One form of hacking or another, prevention must occur in both types. Old school is busing people you want to vote a certain way to the booths and leaving others behind, having some vote at multiple stations, even through absentee votes for people who you know won't vote or cannot; the dead being an example.
I would say than an effective electronic system would need to be open from code to monitoring. There is no reason to have the voting machines nor machines which accumulate the vote to be connected to any external network.
Sorry, I'm fresh out of trust. I made the mistake of learning the mechanics of election administration.
The only "trust worthy" system is one based on mutual distrust. If two or more belligerents (aspirants) agree to the final count, then it's probably satisfactory.
I like how this can be read both ways. It could mean that the system is 'secure' in providing an accurate tally of voter intentions, or that it is 'secure' in assuring the desired outcome for whoever is in control. The latter possibility makes more sense to me.
But why? Usually when people believe untrue things despite being informed otherwise, it's because at some level they see social status in it. Is there any status to be gained by claiming e-voting to be secure?
Any e-voting system that is not entirely open for inspection is inherently open to alteration. Of course if the intent is to allow the existing political leadership to manipulate the results in their favor it is working as intended.
Electronic systems make manipulation data on a small scale harder but on a large scale easier. A large scale attempt to alter paper ballots is far harder to keep under wraps just because of there being more people involved.
The difference is that making paper voting systems entirely open for inspection is inherently much easier than doing the same for an electronic voting system. Especially for non-experts in engineering and cryptography, that is, like, 99.9% of the population.
Sad yet not surprising. Argentina, sadly, continues to devolve into a complete joke of a country. I lived there for over ten years. I love the people and the beauty of the country. However, Argentinians seem to suffer from a cancer that causes them to be easily manipulated into voting the absolute worst politicians into power. These politicians proceed to rape and pillage the country and make a circus out of the whole thing. When you can watch this from the outside and see it for what it is It is down-right sickening. You want to yell: Wake the fuck up! Will they for the upcoming elections? If history is any indication, no, they'll vote in the same pandering socialists criminals who seem to always be able to convince the masses money will rain from the sky. And nothing will change.
What's even worst is to see the parallels between what happens in Argentina and the US political system only to see Americans fall prey to some of the same sick politics and not see the reality of what politicians are doing to us. That's another topic.
> ... manipulated into voting the absolute worst politicians ...
I've never really followed an Argentine election closely, but I'm curious is they have options. In other words, Is there often a significantly better political representative that is overlooked, or is it more of a "lesser of all evils" situation?
The culture of crime and corruption in politics has such deep roots that it is hard to answer your question. Not sure. I mean, people quite literally get arrested, attacked, destroyed and even killed for opposing the powerful forces at the top. It's a slow motion tragedy being played out for the world to see.
Has nobody created an open-source, non-tamperable e-voting platform yet (could give the blockchain a solid purpose)? It seems like something that would make for a great project - a voting system for the people by the people.
So is arresting people who charitably disclose vulnerabilities gonna be a thing now? I find it hard to believe any society fifty years from now is going to effectively function by shooting itself in the foot to prove how much blood it doesn't need.
This is not a unique thing for that country and current government. It's illegal to challenge the validity of government-provided statistics and even the "Big Mac Index" is manipulated by forcing McD to sell something called "Big Mac" at a lower price. Basically, the IMF and other institutions were using unofficial data to make their estimates since the official data was so obviously bogus. The government responded by cracking down on those reporting the unofficial data. (As an aside, Argentina is also selling inflation-adjusted bonds, so it kind of makes sense to promote large underestimations of that number).
So when the government put forward a voting machine, it became illegal to question the validity of its workings.
1. It's not illegal to "challenge" goverment statistics, everybody does it: private agencies do it, provincial goverments challenge the federeal goverment's stats, etc. Some official said some time ago they'd prosecute some agencies that provided statistics but nothing happend.
2. Goverment kind of "forced" (and not really directly) many companies to leave the price of some products fixed amidst inflation and devaluation, so Big Mc were pretty cheap for a while (that's been over since like 1.5 years).
3. The goverment didn't really crack private agencies from reporting data, they kind of tried and the courts didn't follow. There are lots of agencies reporting inflantion, just check it up.
4. Yes, they fixed the inflation data to fix the inflation-tied bonds (look for "cupon pbi"). But argentina isn't "selling those bonds". Those bonds where issued to funds after the 2002 default, it's a little messy but most funds like these have been nationalized by now, the only people who trade those bonds now are high risk gamblers.
"This is not a unique thing for that country and current government". The city's government and the Nation's government are from opposing parties. This shows that they are both just as corrupt. "This is not a unique thing for that country" (alone) would have been more accurate.
We're at least decades away from making secure digital voting (if something like that is ever going to be possible). I also believe it will be somehow based on blockchain technology that can't be easily altered to fraud the votes. We mainly need to do authentication in a secure way that can't be spoofed or hacked (easily).
So they put a paper ballot with an RFID chip inside into a machine which then puts your vote into the chip, then you drop the ballot into a box? How is this any different from a regular paper ballot?
One of the problems in Argentina's elections is that volunteers of political parties steal the ballots of smaller parties from the voting room, and since these small parties don't have the man power or monetary resources to restock the ballots, they lose votes. A better solution would be single paper ballot, but the ruling parties don't want this because they are who benefit for the current system.
That said, this system prevents chain voting (a mechanism to make sure the votes that parties buy from low-income people are not changed).
I know three people who do vote counting every year. They all agree that the voting went very smoothly, with less crowding than usual, and the counting took a third of the time it usually does. This is unrelated to the security issues, but to them, the benefit was very clear
A known bug is that the counting machines doesn't validate the number of votes per ballot, so you can cast multiple votes by rewriting the RFID chip with a NFC enabled phone.
And even if they address that particular bug, because of the inherent nature of the political process, parties' representatives will always want to count the ballots by hand to prevent fraud.
EDIT: As of this moment there is no way an argentine political party would accept black-boxing an election.
But pretty much all the software suffers from shortcuts one after another, ridden with bugs and backdoors. Someone will most certainly get to exploit the state of affairs before these systems are solid enough for good.
Public key cryptography in my eyes is the only proper way to do electronic voting, but it has a severe cost - the lack of secrecy. As anyone knows, the lack of secrecy comes with even more severe ramifications, the purchase of votes, pressure from friends/family/employers, the potential to be arrested in a fascist government, the list goes on.
There might be some validity to that, but I think you are blurring the lines between a private key being issued to someone and others knowing their vote, which would only happen if other know their public voting key.
Public key cryptography by nature requires a persons identity SOMEHOW be tied to their private key. Even if I get a private key issued by the government without any identifying information embedded in it, it's still tied to my identity, at the very least whoever administers the vote knows who I voted for - at least with a paper ballot no one but me knows what ballot I submitted.
True, although I think a centralized organization for identity, while not at all ideal, is different than everyone knowing who you voted for.
I wonder if there are methods for mixing identities. Bitcoin mixing services have many people put coins into a pool, then outputs balances to new addresses. It isn't a 1:1 comparison at all, but I wonder if there are methods that could be used.
If more than one identity service is used I wonder if the multiple keys could be mixed to create a unique key that only the voter knows.
As anything the EFF writes, this article is heavily biased. There is a huge difference between "technologists fixing a voting system" and "technologists irresponsibly leaking the source code and private certs of a voting system"
Irresponsibly? If this vulnerability exists to download the certs, it should be assumed that somebody else has already downloaded them. Thus, it should be assumed that the voting system is already compromised. Its use should be immediately halted.
Wow, advocacy organization that supports freedom of speech and democracy writes about freedom of speech and proper use of electoral systems. I am shocked, I tell you, shocked.
That's true but the local government and the company were terrible in how they handled the issues. Even the University of Buenos Aires who did the security review couldn't find basic issues.
Unfortunately they did. You can see the request for review here[1], and the actual review here[2]. I know the guy who actually did it (Righetti), he sent an email to the department a few days ago. The quality of that review was absolutely terrible.
I know the professor who did the review. He sent a mail explaining what actually happened, as opposed to what is shown by the mayor's website. The actual report will not be finished until August, so whatever you are seeing is not the complete report. What you are seeing is a preliminary result concerning a specific part of the system.
Unfortunately, even after the actual report si finished, the university will not have permission to make it public. So we may never see the real results.
The report is signed by him, so it's safe to say that report is an accurate recollection of what happened according to him.
Having a report on the security of a system be issued months _after_ it is used is completely stupid. This is not simply his fault, it's the entire arrangement which is stupid.
The report shows that Righetti had access to the source code. Unless you are trying to say that he did not have access to the files in which _actual_ security vulnerabilities were found, or that the source code he was given was _different_ from the source code which was leaked, which contained egregious vulnerabilities.
Keep in mind he pockets hundreds of thousands of dollars in this arrangement. That's the part that adds insult to injury. Further, he does not teach information security or anything similar at university (he teaches networking), when there _are_ people teaching such things at UBA (FCEyN), who would have been better suited for the task.
Covering up the ability to manipulate an election is irresponsible.
Disclosing an election can be rigged with all the supporting evidence is your absoluteduty. Doing anything else is not just irresponsbile, it's morally evil.
Covering it up by not disclosing is the action of someone who is LITERALLY an enemy of democracy and freedom.
In comparison only a small percentage of the populace understands programming, fewer still would be able to write a secure voting system and fewer still would be able to debug such a voting system (code is harder to debug than to write).
Given the above and the high stakes of government elections I think we have yet to find a technology superior to simple paper ballots.