If I understand correctly: The idea is to scan every ballot, and upload all scans to a public website. The system preserves anonymity because voters are not required to write their names or other PII on the ballot paper.
I still have lots of questions:
1. Doesn't this system raise the possibility of coercion? For example, a goon or abusive spouse might, under threat of violence, force you to vote in a certain way and mark your ballot for them to audit afterwards. Isn't plausible deniability also one of the key desiderata of the election process?
2. The system allows me to mark my ballot paper and confirm that my vote was correctly counted, after the fact. But I still need to trust all the other votes uploaded to the website. Of course, the presence of independent election observers (who watch the counting process and the ballot boxes being moved around) would mitigate this fear.
I still think a serialized ballot is the way to go. Upon verification of identification at the polling place, a ballot is printed with a random serial number and given over. Those serials are kept until after the count, and any serial number not in that master set should be examined for fraud.
What threat does that prevent? If we don’t trust the storage of ballots, don’t we have the same problem with the storage of the serial numbers? If people are claiming that ballots are being tampered with of fakes, those people will immediately pivot to saying that the serial numbers were legit but attached to new ballots, or that the voting machine switched fields when creating the ballot, etc.
The underlying problem here isn’t that there’s anything wrong with the American voting system. It’s that the weight of one of the two major parties and a multi-billion dollar media network were put behind the conclusion that Trump didn’t lose in 2020, and everything else is confabulation backwards from that conclusion which cannot be questioned. Trying to come up with technical solutions for that is doomed from the start because the concerns were never rational in the first place – it’s like trying to win over a creationist of the “god made it look like we evolved” school.
Do we have a cryptographic protocol for verifiable elections yet? Where someone can be assured their vote was counted (and counted correctly), but cannot be coerced, nor prove, whom they voted for?
Yes, several. A particularly interesting one is Scantegrity [1]:
> Scantegrity is a security enhancement for optical scan voting systems, providing such systems with end-to-end (E2E) verifiability of election results. It uses confirmation codes to allow a voter to prove to themselves that their ballot is included unmodified in the final tally. The codes are privacy-preserving and offer no proof of which candidate a voter voted for. Receipts can be safely shown without compromising ballot secrecy.
> Scantegrity II prints the confirmation codes in invisible ink to improve usability and dispute resolution. As the system relies on cryptographic techniques, the ability to validate an election outcome is both software independent as well as independent of faults in the physical chain-of-custody of the paper ballots. The system was developed by a team of researchers including cryptographers David Chaum and Ron Rivest.
It works with the common "fill in the bubble" paper ballots that can be counted by simple optical scanners (or by hand). The only extra hardware you need to add it to an existing "fill in the bubble" system is that you have to use a special marker to fill in the bubbles.
This is very interesting, yet it feels like it doesn't address the real issue. Most election sceptics would probably disbelieve a sophisticated system just the same, or not believe it is privacy-preserving.
If there are academic experts coming out to really argue the system is watertight, that would only make it worse!
we can’t keep chasing the approval of the most paranoid, many of them quite literally will never ever be satisfied.
the number of times throughout our day we trust and rely on something done by another human numbers in the thousands.
too many people have this weird fantasy that we can somehow have (or even need) “zero trust”, and for almost anything this is a fantasy of the paranoid and not at all based in coherent reality.
and even more importantly, even if we could, for soooo many things “zero trust” wouldn’t solve the problems anyway.
I have a coworker that is terrified of elevators, claiming them unsafe and that they're death traps, and takes the stairs up three stories to the office multiple times per day. He couldn't explain why he trusted the stairs or building more than the elevator, but his gut just tells him the stairs are safer and elevators are death traps.
He's also a firm believer that ballots are all fraudulent and so he doesn't vote because it wouldn't matter, the new world order has decided who is going to win years ago.
He will never believe differently, and he's a very rational person in other areas of his life and is a very talented developer. We can build a cpu with billions of gates and yet we can't safely pull a box up on a cable. I will never understand.
Tell your coworker that there is one thing you can do to make yourself safer in an elevator: If ever the elevator stops between floors with the doors open, do NOT attempt to climb out of the elevator.
If I understand correctly: The idea is to scan every ballot, and upload all scans to a public website. The system preserves anonymity because voters are not required to write their names or other PII on the ballot paper.
I still have lots of questions:
1. Doesn't this system raise the possibility of coercion? For example, a goon or abusive spouse might, under threat of violence, force you to vote in a certain way and mark your ballot for them to audit afterwards. Isn't plausible deniability also one of the key desiderata of the election process?
2. The system allows me to mark my ballot paper and confirm that my vote was correctly counted, after the fact. But I still need to trust all the other votes uploaded to the website. Of course, the presence of independent election observers (who watch the counting process and the ballot boxes being moved around) would mitigate this fear.
#1 (forced choice) is also a problem with mail-in voting (along with a number of other issues).
I still think a serialized ballot is the way to go. Upon verification of identification at the polling place, a ballot is printed with a random serial number and given over. Those serials are kept until after the count, and any serial number not in that master set should be examined for fraud.
What threat does that prevent? If we don’t trust the storage of ballots, don’t we have the same problem with the storage of the serial numbers? If people are claiming that ballots are being tampered with of fakes, those people will immediately pivot to saying that the serial numbers were legit but attached to new ballots, or that the voting machine switched fields when creating the ballot, etc.
The underlying problem here isn’t that there’s anything wrong with the American voting system. It’s that the weight of one of the two major parties and a multi-billion dollar media network were put behind the conclusion that Trump didn’t lose in 2020, and everything else is confabulation backwards from that conclusion which cannot be questioned. Trying to come up with technical solutions for that is doomed from the start because the concerns were never rational in the first place – it’s like trying to win over a creationist of the “god made it look like we evolved” school.
Do we have a cryptographic protocol for verifiable elections yet? Where someone can be assured their vote was counted (and counted correctly), but cannot be coerced, nor prove, whom they voted for?
Yes, several. A particularly interesting one is Scantegrity [1]:
> Scantegrity is a security enhancement for optical scan voting systems, providing such systems with end-to-end (E2E) verifiability of election results. It uses confirmation codes to allow a voter to prove to themselves that their ballot is included unmodified in the final tally. The codes are privacy-preserving and offer no proof of which candidate a voter voted for. Receipts can be safely shown without compromising ballot secrecy.
> Scantegrity II prints the confirmation codes in invisible ink to improve usability and dispute resolution. As the system relies on cryptographic techniques, the ability to validate an election outcome is both software independent as well as independent of faults in the physical chain-of-custody of the paper ballots. The system was developed by a team of researchers including cryptographers David Chaum and Ron Rivest.
It works with the common "fill in the bubble" paper ballots that can be counted by simple optical scanners (or by hand). The only extra hardware you need to add it to an existing "fill in the bubble" system is that you have to use a special marker to fill in the bubbles.
Here's a paper giving details [2].
Here's a paper proving coercion resistance [3].
[1] https://en.wikipedia.org/wiki/Scantegrity
[2] https://www.usenix.org/legacy/event/evt08/tech/full_papers/c...
[3] https://eprint.iacr.org/2010/502.pdf
This is very interesting, yet it feels like it doesn't address the real issue. Most election sceptics would probably disbelieve a sophisticated system just the same, or not believe it is privacy-preserving.
If there are academic experts coming out to really argue the system is watertight, that would only make it worse!
https://archive.is/93NX9
Society is going downhill on a double black diamond slope. The people who don't trust our institutions aren't going to trust this- why cater to them?
i tend to agree to an extent.
we can’t keep chasing the approval of the most paranoid, many of them quite literally will never ever be satisfied.
the number of times throughout our day we trust and rely on something done by another human numbers in the thousands.
too many people have this weird fantasy that we can somehow have (or even need) “zero trust”, and for almost anything this is a fantasy of the paranoid and not at all based in coherent reality.
and even more importantly, even if we could, for soooo many things “zero trust” wouldn’t solve the problems anyway.
I have a coworker that is terrified of elevators, claiming them unsafe and that they're death traps, and takes the stairs up three stories to the office multiple times per day. He couldn't explain why he trusted the stairs or building more than the elevator, but his gut just tells him the stairs are safer and elevators are death traps.
He's also a firm believer that ballots are all fraudulent and so he doesn't vote because it wouldn't matter, the new world order has decided who is going to win years ago.
He will never believe differently, and he's a very rational person in other areas of his life and is a very talented developer. We can build a cpu with billions of gates and yet we can't safely pull a box up on a cable. I will never understand.
Tell your coworker that there is one thing you can do to make yourself safer in an elevator: If ever the elevator stops between floors with the doors open, do NOT attempt to climb out of the elevator.
https://www.firefighternation.com/fire-leadership/cal-state-...