1. 10

  2. 18

    Odd, because I didn’t read the XKCD comic as making fun of security people for saying ‘voting machines won’t work, stay away’ at all. I read it as saying voting machines won’t work and that we should stay away from them. And to that I have to say: I totally agree. Voting works fine as it is: done by humans, counted by humans, entirely on paper with not a computer or network in sight.

    1. 4

      Elections are really hard regardless if it’s done by computers or not, but we didn’t get to the point where we figured out the computer side of it at all. What’s worse, is that adding computers into the mix was an excuse to go back on well-tested election related rules, such as secret voting. No, we can’t have voting over the internet or via mobile phones or anything like that.

      We should really go back to limiting computer involvement in elections to UI, with the papertrail as the official record of votes. Involving computers in the actual process adds such a huge leap of complexity that it excludes most people from ever being able to verify results. Everyone can verify paper ballots.

      1. 6

        Not really sure why you’d even want computers as UI. The ‘UI’ of a piece of paper you tick a box on really is quite good.

        All I can say is that I’m glad that New Zealand has never (as least to my knowledge) involved computers in actual voting. Not even UI. I hope that the complete disaster that was our recent attempt at doing a census online[0] will help dissuade anyone from trying to do elections online as well.

        [0]: Somehow they managed to simplify the census, put it online, reduce the number of questions and get fewer responses than before even though it’s still mandatory. What. And in return for significantly reducing the amount of information we get from the census, now they have a mandatory incredibly invasive survey of a randomly selected few percent of the population.

        1. 3

          The reason for fewer responses may have little to do with technology and more to do with that notorious citizenship question.

        2. 1

          What’s worse, is that adding computers into the mix was an excuse to go back on well-tested election related rules, such as secret voting. No, we can’t have voting over the internet or via mobile phones or anything like that.

          There’s designs and protocols for that. We could even have diverse suppliers on the hardware side to mitigate the oligopoly risks. The question is, “Should we?” I think traditional, in-person methods combined with optical scanning is still the best tradeoff. The remote protocols might still be useful to reduce cost or improve accuracy on some mail-in votes, though.

        3. 4

          I absolutely agree. Voting should be as simple for voters to understand as possible. Introducing an electronic device makes it auditable only to experts and even they might have a difficult job given the many layers at which things can go wrong (including hardware vulnerabilities).

          One of the reasons people are advocating electronic voting is their lower cost. Personally, I think this argument is totally wrong. Cost is a factor but not the most important one - not having elections would be cheaper.

          1. 2

            And let’s face it, how significant is the cost of having elections really? The 2008 general election in NZ cost about $36 million. Sounds like a lot, but that’s $12 million per year: 1/1719th of the Government’s budget. Spending 0.058% of the budget to ensure we have safe and fair elections is pretty insignificant really, it’s about as much as is spent on Parliament and its services and buildings etc, and about half as much as the Police earn the Government in fines from summary infringement notices (speeding tickets etc).

            1. 4

              Exactly. Also, lots of good things can be said about software but not that it’s inexpensive.

          2. 3

            100% agree. I counted votes in the last federal election of Germany and that is some serious work, but totally worth it and very hard to tamper with.

          3. 12

            This article still doesn’t address the fact that electronic voting is much easier to attack than paper. Electronic voting systems are hard for laypeople to inspect for tampering, which is incidentally why the Dutch government, after a brief stint with electronic voting went straight back to paper.

            1. 9

              The author is wrong.

              It’s not about accidental vs intentional security, it’s about the effectiveness of the technology in reaching the end goal.

              Flying: did I get to my destination?

              Elevator: did it take me to the right floor?

              Voting machines: did it count the votes correctly?

              It’s way way harder to be sure about the last one when computers are involved, because humans aren’t.

              1. 8

                The problem is also noticing the attack. It is pretty easy to notice an attack on a plane or elevator, not so much when “counting” votes.

                1. 5

                  A few of you here assert that voting works fine as it is, on paper, counted by humans. It does not, and is stupidly easy to attack. All you have to do, is have a few members in the counting committee. Let me tell you a few recent examples from Hungary!

                  We had an election earlier this year, the ruling party got 2/3 of the seats in the parliament. The country was divided into voting districts, and each district had a committee. They handed out the papers, watched for fraud, and counted the votes once voting closed. There were quite a few districts where papers were handed out wrong, which, in some cases, rendered half the votes invalid. There were cases where votes were intentionally miscounted - but nothing happened, because the overall committee asserted that recounting wouldn’t change the outcome.

                  In previous elections, when my father was part of one of the committees, he witnessed another member of the committee failing to stamp a paper only when giving it to someone they knew would vote for a party that was an opponent of the party of the committee member. How many such “errors” were made? How many intentionally, how many by accident?

                  There are so many ways to attack paper-based voting, and all of this is being done today. It’s not just some theoretical fear. It’s not limited to my country - this is just where I have reliable information from. But even if we forget about intentional attacks, and only focus on accidents, I don’t think it is unreasonable to think that by the end of the day, when people get tired, they make mistakes. Forgetting a stamp, giving wrong papers, failing to check credentials are all things we’ve seen, all things that can influence the outcome.

                  Thing is, paper-based voting is not fine. It does not work well. It’s not secure, not anymore than voting machines. It’s simply something we are used to and perhaps unconsciously, ignore the disadvantages.

                  1. 2

                    “All you have to do, is have a few members in the counting committee.”

                    And with computers, you just need one person with physical or remote access to the device. So, computer-based method is still worse than human-based method.

                    1. 1

                      I disagree. To tamper with a voting machine, you need one person with physical or remote access, and sufficient knowledge to carry out an attack. This is quite limiting.

                      With paper-based voting with humans, if the committee members fail to correctly verify people, the system is easy to abuse. From my experience, I only need to persuade one specific member of the committee, to be a bit more lax about checking identities and whatnot. That’s not a high bar to jump, and you don’t need a person with special knowledge, just one at the right spot at the right time, and overlooking a fake ID is much easier than tampering with a machine physically. Stupidly easy to deny as well.

                      (Yeah, if you have remote access to a voting machine, that’s going to be fucked up. But lets assume we’re not that incompetent, shall we.)

                      1. 1

                        “and sufficient knowledge to carry out an attack”

                        You don’t need that. You just need a readily-available exploit plus instructions on how to use it. Someone else can develop it with a one-time, up-front cost. Easier if there’s only a few suppliers to target. That’s how the malware market works right now for desktops. For voting machines, that might be as simple as plugging USB sticks into specific devices or as “hard” as disassembling them to connect something to internal parts.

                        “ if the committee members fail to correctly verify people, the system is easy to abuse”

                        Which is why we have recounts with lots of people in the town checking paper votes. A failure mode of that was the accused getting to determine which pieces of paper they looked at. That’s an easy solution to fix.

                  2. 4

                    The author made a massive mistake early on: voting software has never proven itself effective even against accidents. And planes and elevators definitely are designed to protect against intentional attacks. The entire first part of the article is flawed.

                    Also, the assertion that software is better than the mechanical machines they replaced is also wrong. A bunch of mechanical things in my car have been replaced with software, and none of the ones I care about work as effectively as the mechanical thing they replaced. :(

                    The rest of it goes on like that. The entire thing is ridiculous.

                    1. 1

                      voting software has never proven itself effective even against accidents

                      Quite the opposite - here’s a recent article about voting machines reporting 243% turnout in Georgia, for example. That particular mistake was fixed by adjusting the number of eligible voters, but other failures are alleged and it’s not obvious that there is a reliable audit trail to follow up on these allegations.

                      A couple of other points from the article that made me itch:

                      It’s actually really hard for the Russians to hack voting machines, as they have to be attacked them on a one-by-one basis. It’s hard for a mass hack that affects them all.

                      I’m not convinced this is true: voting systems are supposed to be airgapped after a vendor sold them with remote access software installed but systems like Voatz’ proposed online vote-by-cellphone setup presumably undo this.

                      The author goes on to say:

                      It’s much easier to target the back-end systems that tabulate the votes, which are more often normal computers connected to the Internet.

                      I agree! And since these are an important part of the counting process for electronic voting systems, I don’t see how this is in any way an argument in favour of voting machines.

                      1. 1

                        It was interesting reading the reactions.

                        For as long as I can remember, people who have observed software development (insiders as well as outsiders) have compared it unfavorably with other professions when it comes to stuff like safety, verification, and adhering to standards.

                        But the thread is full of “well, actually”s from people who seem to think that the current way of designing software is just fine, and it’s bad people attacking software that’s the problem.

                      2. 1

                        It starts as a unified system to replace an antiquated one, then we keep adding more features.

                        Soon, we can vote on anything a la direct democracy via the blockchain.

                        Eventually we ICO and then sell VoteCoins.

                        Wait…. back up. Nvm. The first two parts sound good though.

                        1. 3

                          Direct democracy existed before computers. But whether it’s a good idea to have citizens directly voting on everything is a separate question. The point of representative democracy is even stronger nowadays, in my view, as things become more complex and the public becomes both less able to comprehend the finer details and more easily swayed by mass media.

                          1. 1

                            Liquid Democracy provides the best of both worlds.