Been filling out paper ballots for years. I don't want to vote on a machine. A machine can count my vote. But there should be a paper that goes in the ballot box, so it can be recounted using multiple methods. Different machines, humans, dogs, cats... whatever. There are real physical artifacts.

Unfortunately many people now conflate "voting machine" with direct-recording electronic or DRE machines. While DRE machines became common for a short period after the Helping America Vote Act imposed accessibility requirements that were difficult to meet with paper ballots, most voting machine vendors now offer "ballot marking machines" (sometimes integrated into the precinct tabulator) that allow individuals with special needs to mark a paper ballot using methods like voice feedback. The marked paper ballot can be verified by the voter or another individual before tabulation. Ballot marking machines have mostly eliminated the original motivation for DRE voting and the popularity of DRE voting across the United States has decreased since the shortly-post-HAVA period (2004 election cycle, basically), with many states prohibiting DRE entirely or DRE without voter verified paper audit trail (VVPAT), an arrangement in which all machines essentially function as ballot markers and produce a paper ballot with the voter's selections for the voter to inspect.

DRE with VVPAT can be attractive because it integrates the "ballot on demand" system into the voting machine, simplifying the three-step process typical of precinct tabulation where the voter obtains a ballot from a ballot-on-demand workstation, marks it, and then inserts it into a tabulator. Ballot-on-demand is functionally required by most modern election administrators because it facilitates "voter convenience" models where voters can appear at any precinct (usually within their county), not just at the single precinct in which they reside. The reason for this is simply that, considering the multiple taxing jurisdictions in most parts of the US, a single county election can have hundreds of distinct "ballot styles." Preprinting every ballot style for every precinct is impractical and encourages fraud due to the number of valid ballots "lying around." Ballot-on-demand tends to have a very positive impact on election integrity in this way: the ballot does not physically exist until it is issued by the BOD system which is typically integrated into the pollbook system such that a ballot cannot be issued without marking a voter as voted in the pollbook. DRE with VVPAT is mostly equivalent to precinct tabulation with BOD, but many prefer precinct tabulation with BOD because the majority of voters (those not using assistive technology) mark their ballots manually which decreases the risk of mismarking by a ballot marker.

It's important that American voters understand that non-auditable voting machines are no longer common in the US and are found only in some states, and the portion of votes counted by methods without paper audit trail is decreasing year over year as states replace aging DRE equipment.

Unfortunately, the larger problem with US election administration is not DRE machines but funding. State election administrators usually operate on extremely restrictive budgets. States originally purchased DRE machines mostly because they were the cheapest option that met HAVA requirements, which essentially required many states to wholesale replace their voting equipment on short notice. Most states that use DRE equipment today use it because they cannot afford to replace it. There is very little, even zero, real support for DRE machines other than for the simple reason that states cannot afford to purchase anything else... and this is no longer as true today due to more affordable ballot marking machines, and vanishingly few election administrators are choosing DRE when they have funding available to replace voting systems.

A larger concern in voting security is likely registration and pollbook systems, which are often poorly audited and from small software vendors, once again largely due to the small budgets available to pay for them. In the cases that voting irregularities have been found in the US, they are virtually all a result of defects or limitations of the pollbook system and unrelated to the actual vote tabulation. This encompasses situations like individuals voting multiple times---one voter, one vote is a responsibility of the pollbook system and not the tabulator, which is unaware of the voter's identity as a precaution to protect secrecy of the ballot, constitutionally required for federal and many state and local elections.

The trial described in the article:

> On November 8, VotingWorks machines will be used in a real election in real time. New Hampshire is the second state to use the open-source machines after Mississippi first did so in 2019. Some 3,000 voters will run their paper ballots through the new machines, and then, to ensure nothing went awry, those same votes will be hand counted in a public session in Concord, N.H.

It seems to involve paper ballots, as far as I can understand it.

And this is how the authors of the voting system describes it themselves: https://www.voting.works/voting-system

IE: Only Fred used the VMD... Or how does the counter interpret the VMD? Are people vigilant about checking their ballots?

Pen, paper -> Into Box -> Counting, KISS. I can deal with a scantron. Not much more is needed here. I'd rather we work on chain of custody and figuring out who has voted etc, that are harder to solve. Though honestly, the fraud rates are so low, on double voting, I suspect made up voters, and ballot box stuffing are bigger concerns.

> Been filling out paper ballots for years. I don't want to vote on a machine. A machine can count my vote. But there should be a paper that goes in the ballot box, so it can be recounted using multiple methods.

And that's what happens here. People vote on paper, they put their paper ballots in a box, a machine counts them, and they are also separately counted by hand, in public.

I'm not sure what you're talking about with 'VMDs', an abbreviation that nobody else in this thread has used, and which doesn't appear in the link from the GP post.

Are you for the system being used in New Hampshire, or not?

The only thing I'd like to see is a relaxation of this idea that ballots need perfect secrecy as the most important goal, because that runs directly at odds with accountability. I'd like my ballot to come with a UUID that I could put into the public web site and verify my votes were recorded correctly. All those UUIDs and corresponding votes should be public, so everyone can do their own math. It would make coercion easier, but I don't see that as the most important issue.

I think this is an area where you don't need a technological solution, just a legal one.

Vote selling/buying just needs to be as illegal as blackmail, fraud, etc. Fines and jail terms. (As I assume it already is?)

The thing is, it's going to be incredibly easy to catch, because if you're attempting to pay a group of people (employees, villagers, whatever) to sway their vote, there's always going to be at least one person who doesn't want to and inform the law. (Or else you don't need to be paying in the first place.) Hell, set up punitive damages so a whisteblower is guaranteed 50x whatever price they were being offered for their vote.

The idea is that people post their votes publicly, but encrypted, and there's a procedure (based on zero-knowledge proofs) that allows to check that an encrypted vote is correctly accounted for in the tally without decrypting said vote. If sufficiently many voters post their encrypted votes (and if it's not too predictable who will do so), a wrong tally will be detected with high probability.

My assumptions are that 1) individual votes have almost no value on their own, so coercion or vote selling should be limited by low appeal, and 2) we still have a justice system, if someone forces you to vote a certain way, report it. Buying any significant number of votes would be exceedingly difficult to keep secret. Especially given how little compensation could be offered for them.

While it's true that law enforcement has a role to play here, if you're being paid, you probably aren't going to report on yourself.

> individual votes have almost no value on their own

That's probably true in a national election, but it might not be true in e.g. a mayoral race.

I have offered to sell my vote to anyone in my area (a swing area of New Hampshire) who wants another vote for their side in any election at any level. I've never even set a price.

Not one person has ever offered a cent for it.

I mention this just by way of making the point that small-scale vote buying, which would be the hardest kind to detect, isn't happening.

Theoretically at least, detecting and preventing vote-buying at a scale significant enough to change the outcome of an election should be much easier.

Would-be buyers have to get word out to enough people for it to matter, but if most people assume this is unethical (or even just undesirable), it shouldn't be hard to get nearly everyone else to be willing to rat out the buyers.

I don't think the problem is nearly as hard to solve as you're thinking it is.

The odds of your vote swinging an election at any level are lower than the risk of being struck by lightning twice. Nobody wants to buy one vote. They need to buy hundreds or thousands before it will matter, and that makes them easier to catch.

So your result is the expected one. But the outcome would not be the same with most types of harebrained "let's just vote with our phones" that people come up with regularly.

This is also why it is in most countries illegal to take photos or film around the voter booth.

A photo of me with my completed ballot, in the voting booth, has always been part of the offer, since that was the same year I finally quit bothering to cast my own ballot.

[0] https://www.nbcnews.com/news/us-news/federal-appeals-court-r...

But I believe major point is still the same. Nobody knows if that's the actual posted ballot. You could easily take several and only cast one.

It is my personal belief that votes absolutely carry a market value, they're just very hard to monetize. (Which is usually regarded to be a virtue.)

Because it gives the person with more money more voting power (even moreso than they already have).

Remember that hand-counting of ballots has been unusual in the US for quite some time. Some states process their mail-in ballots through large central tabulators even though they have only a small portion of mail-in votes, simply because they still have the central tabulators from before they switched to precinct tabulation, back when they used to drive the ballot boxes from every precinct and have staff re-stack the ballots and feed them to a tabulator after close.

Ballot secrecy is unlikely to change. It was widely adopted in the US as a direct result of the fact that non-secret ballots facilitated purchased and forced votes, since the payer could verify that the voter cast the ballot they were supposed to. This is not a theoretical problem but one that was widespread in the 19th century.

Something like you describe is already in available in many states, though, at the pollbook level rather than the tabulation level: in many states you can obtain a record online of whether or not you were issued a ballot and, if you were issued the ballot by mail, whether or not it was received back. The ballot is 'severed' from this record system (usually by physical means like dual-envelopes or even passing through a slot in a wall) before tabulation so that your voting choices cannot be proven after the fact to facilitate bribery or intimidation.

It's super convenient. You don't have to be at the polling place at a certain time in bad weather. Just fill out the form in the comfort of your home and drop it in the mailbox.

I hate it though because it really does make fraud and mismanagement easier:

- People are sent ballots for people who no longer live in the house, or are dead

- The post office fails to actually send you your ballot, as in this case: https://www.wmar2news.com/matterformallory/mail-in-ballots-f...

- This article details several more ways to commit fraud via mail-in voting/absentee ballots - and cites fraud cases from both Republicans and Democrats: https://insidesources.com/mail-in-ballots-make-voter-fraud-e...

As far as the "people don't color the circles correctly", the counter machine can kick that back and say "unclear scan, please verify all circles are colored correctly" and not count that ballot.

A voting machine that marks a paper ballot for you is the best of both worlds -- it is a paper ballot, but it marks it consistently, and allows the user to affirmatively confirm their choices were recorded correctly.

Were we to do that, we’d need a damn library full of paper in each booth, and someone to count how many slips of paper you’re dropping into each box. Doesn’t sound like it would work well for us.

Voting is not the process of marking the ballot. Voting is the act of casting a ballot (marked, unmarked, vandalized, etc.) into a secure pile of ballots therefore making it anonymous.

In terms of voting security the digital scanning and counting is much more problematic than electronically marking of choices on paper.

Maybe one way to address the issues of electronic counting would be to have parallel counts by each candidate (and their reps) using their own hardware and software with a manual count in case the electronic counts of every candidate do not match. But this means each candidate has to bring their own counting infrastructure which is prohibitive.

I have often imagined having say two scanners in physical sequence (so passing through a ballet is a single operation), and having more than one (competing) recorder for the output of each scanner head.

This would require some standardization of form factors and interfaces, but with small enough electronics units and scanners, in principle parallel data paths could be included in a single intentional "infrastructure".

Everyone thinks about counting. "We need fast counting, we need accurate counting" they say.

We also need to think about understanding and trust. Think of your neighbor, think of 'Florida man', do you expect them to understand a voting machine? Do you expect them to trust a voting machine? I'm a computer programmer and am hesitant to claim I understand voting machines. I do understand paper though, and I do trust the nice people I went to church with when I see them running the polls.

I see they are using manual vote counting this time around to check, but how is that any guarantee the software will be the same in 2 years time when it happens all over again? Knowing there is software in some git repo somewhere that I can audit doesn't make me trust the machine in front of me any more.

Every conceivable election method is vulnerable to some type of fraud, and hand-counting leads to relatively very high unintentional error rates. Post-election audit sampling is a typical practice in many states and should be in all.

The OP is talking about the inability to audit the code actually running at the time of voting. You can audit the code in the repo all you like but if the hardware of the voting machine is compromised, or the code you audit is modified or replaced sometime before execution, or there is other malicious code running on the machine interfering with the voting then your audit is useless.

The auditing needs to be controlled such that a malicious auditor doesn't compromise the machine.

State couldn't prove that the machines audited by a private group in Arizona weren't compromised so they had to replace them [0] to a tune of $2.8M.

[0] https://www.businessinsider.com/arizona-audit-maricopa-count...

I wasn’t suggesting manipulation was easy. But for a sufficiently motivated and resourced actor with direct or indirect physical access to the machine all bets are off.

There's no way for a computer to completely prove it has the right software for a job.

It's still a black box on election day - it's just got detailed instructions written on it claiming that's what is inside.

You need to display all of that information, take a user's input, store it in an auditable format. Oh, and people like "small government" so making custom hardware is completely out of the question. Using a "multipurpose" computer is the economical choice.

But there's another aspect to this: if you can swap out the hardware and keep the software the same, it makes the whole thing more transparent. A jumble of 4000-series CMOS on a breadboard could hide any number of bugs/backdoors. And, perception of trust is important, nobody wants to vote on your science fair project. Also, you'd need to produce thousands of these machines to run an election. Really easy to procure thousands of commodity multipurpose machines... but you're talking about mass-manufacturing your science fair project. Hell no.

And I forgot write-ins! You don't even have a fixed set of candidates in a given election!

These are machines that read paper ballots and compute totals. See https://news.ycombinator.com/item?id=33469882

Boiling the problem down to the integrity of the hardware and software throws out the nuance of how and why exploitation might occur (and who is doing the exploiting), which has huge implications for how you make regulations and do enforcement.

Third, though, and perhaps most significantly, "traditional" optical mark reading (OMR) systems using LED or laser sources and diodes were inflexible as to ballot layout and more problematically not very reliable across varying marks (remember the grade-school requirement for #2 pencils due to OMR scoring of exams), a particularly big issue since voters are often not experienced with OMR systems and so do not mark their ballot "correctly." To address this, almost all modern ballot tabulators use a CCD mechanism to take an image of the full ballot and then interpret it via machine vision (this is not a case of machine learning, the algorithms used are actually very simple). This yields much more reliable interpretation of ballots with fewer ballots rejected to hand-counting, but requires more complex software.

It's important to understand that most US election administrators avoid hand-counting in large part because of its inaccuracy. In many US jurisdictions hand-count ballots are counted by two individuals to improve reliability, but the error rate remains higher than machine tabulation. When it is 1AM after a day that started at 5AM and you are on the hundredth ballot you've hand-tabulated since you got off the precinct floor it becomes extremely difficult to tabulate with the virtually zero error rate that US voters expect. This is not a hypothetical scenario but one that's pretty typical of US election working conditions due to the slim budget and expectation of rapid posting of returns.

And I'm unsure how adding timestamp helps with the problem you're trying to solve, don't you just need Sum(machine vote count at location X) == voters visiting location X. (Also this hueristic is kinda leaky since how do you account for voters protesting with intentional spoilers?)

Defence in depth.

A very least now they have to bring a math nerd into the conversation, increasing the footprint of the operation.

I could imagine a whole computer being there could make the rf emissions less predictable. I can definitely think of some ways of making a simple machine like that more resistant against an attack like that. Idk if the study looked into that, I can't find the study anywhere.

Oversimplification isn't helpful.

See https://apnews.com/article/donald-trump-new-hampshire-voting...

https://www.concordmonitor.com/voting-machines-nh-new-hampsh...

The news of this has of course been buried under all of the false claims of voter fraud from the 2020 presidential election.

So it is not surprising that New Hampshire would be looking at a new approach to voting machine technology.

In my home state, a Republican candidate (albeit disowned) was indicted for ballot harvesting, particularly for hiring a consultant from CA to run around through a particular east Asian community collecting ballots. If a system works, every politician will exploit it.

* ID's should be required (like they are for everything else, including travel, bank accounts, bars, etc);

* voter rolls should be scrubbed;

* election results should be auditable;

I am not sure having the source code of the machines be open source would help, but maybe make it easier to audit and detect that the crease would lead to a miscounted ballot.

If hand counting paper ballots instills confidence, then at some low level of public confidence in elections, it makes sense to do so routinely, rather than just a demonstration. Vilifying doubters doesn't seem to be very effective. For many of those there is no level of proof that could dent their opinion, so little is lost by simply attacking them. But there are many others that are convincible by sufficient openness.

Sure, turning it back into a manual process has its own issues, particularly with efficiency. But with an election efficiency is a minor consideration compared to confidence.

One example I recall is vote counters wedging a piece of pencil lead under a fingernail. If they see a ballot they don't like, swipe the lead across it and toss the ballot in the "spoiled" pile.

Sure, this requires a little bit of blind eye from the county clerk (or whoever), but if the election goes the right way, it's worth it.

* One vote counter can't make much of a difference by themselves, so you need a conspiracy of vote counters. But conspiracies are difficult to bring about and keep secret in the real world. This is especially so if you have to pay the individuals involved – which seems likely, given that vote counting is boring, thankless volunteer work.

* Everyone involved in the conspiracy risks going to jail, but hardly anyone benefits on a personal level. Why would anyone risk it?

* The extremely large number of spoiled ballots would be suspicious. Especially as they'd probably look rather unlike ordinary spoiled ballots.

* Observers would notice that some counters (those involved in the conspiracy) were processing many more spoiled ballots than others.

I'm reminded of Number 2 pointing out do Dr. Evil that he could quadruple his profits if he shifted his resources away from evil empire building and towards Starbucks. The money and resources spent on rigging the count could be spent more efficiently on 100% legal means of increasing vote count, such as canvasing (= knocking on supporters' doors and encouraging them to go vote).

Counter example: broken ciphers in WW2 mostly kept secret until the mid 1970s.

Look the only reason hand counting is even coming up is belief in a particular set of conspiracies, mostly by members of a particular political party.

How's this a counterexample? We know about about lots of conspiracies from the 1970s that weren't known at the time, but we're not finding out about any conspiracies to rig UK election counts – because there weren't any that succeeded to a meaningful extent. Your example shows that even top secret government conspiracies tend to come to light eventually.

That black box gathers a few hundred votes over the course of the day. There are multiple people in the room with that black box throughout the day.

At the end of the day the number of people who have voted and the number of pieces of paper that have been used, are both counted to ensure they are the same.

The box is then sealed (with tamper tape) and transported to a central hall, usually in a car, but sometimes by ferry or helicopter depending on weather and location. Obviously this takes longer for rural areas than for urban areas.

When it arrives, it is unsealed in front of many witnesses, and the ballots emptied. They are counted (how many pieces of paper), and this number matches the above paperwork.

The ballots are then put into a pile in the middle of the room where all the candidates and their teams can see, and are counted by a team of however many (say a team of 20 for a district of 60k votes - tend to be local council workers being paid overtime). From the counts I've seen, 300-600 an hour is a reasonable speed. Those are bundled into bundles of 100 and put into piles on display.

Any ambiguous marking that the person counting or the people watching think is amigious is set aside (the famous "WANK/WANK/NOT WANK" case [0]), and the candidates and their agents get to see and agree on the paper.

Urban counts of districts with c. 70,000 voters tend to get the first ballot boxes about 10-15 minutes after polling closes and start counting. Some have large numbers counting in an aim to get the count done first (in an hour or so), others take longer, but the majority of districts are verified, counted, and recounted after about 6 hours. Some places have to wait for the aforementioned ferry etc so don't report to maybe 12 hours after.

I don't understand why you need machines to vote or machines to count. Breaking the system above by a few votes is probably possible with a small team of conspirators, but breaking it beyond that doesn't scale.

[0] https://www.joe.co.uk/politics/voter-writes-wnk-all-over-bal...

Is it more of an effort than trusting a machine is working correctly? Yes, absolutely, but this is the literal fundamental foundation of democracy we are talking about - let's put in a bit of effort.

If it seems to be possible in a country like Brazil, why not in Canada/UK/USA?

P.S.: Sure enough, here's an example of a "contester" :

https://www.newsweek.com/mike-lindell-hints-brazil-election-...

AFAIK not a Brazilian citizen, but this gives an example of democracy-sapping claims that are avoided with manual vote counts.

It is important that the losing party can not blame the process, in order for the result to be accepted by both sides.

Brazil is as we speak a very clear example on the risks of not heeding this advice.

The voting machines isn't for you, it for the politicians. Denmark have system pretty much identical to what you described. We normal have a result for parliamentary voting within five to six hours of the polling station closing. After three or four hours we normally have enough votes counted to call the election, on a party basis.

The issue is the individual candidates, the well known politicians are interviewed a few hours into an election night, when their seats are secured. The lesser known politicians may have to wait for a day, or two, in order to have their seat confirmed. So they get no airtime, no interviews, because the media don't care when the personal votes are finally counted and confirmed. The voting machine are for those low ranking politicians ego.

As for the US, who don't have a parliament and only two, or three, candidates in each election... I have no idea. Because they f-ed up their election system and closed to many polling stations, resulting in ballot counting taking to long?

Exactly. Replacing a system that is guaranteed to work with an another system that is guaranteed to not work is foolish.

There are electronic voting systems that have been running without issues for decades, why couldn't the US accomplish the same?

However this sane and simple system would probably not work in eg Australia? Their voting system is too complicated.

In the US, this is racist.

> where all the candidates and their teams can see

In the US, this is insurrectionist.

In the old days, paper ballots would also 'go missing' from districts known to be favorable to the other side (aka be chucked out of trucks on a bridge over a river). The best option seems to be open source voting machines + paper audit. This way you get immediate counts and then an audit trail, so would-be manipulators have to mess with BOTH at the same time which is significantly harder.

Think you know a better way HN? Let's hear it.

The problem with electronic voting, however, is that it takes roughly the same effort to change one vote than it takes to change millions

Questioning the legitimacy of the voting machines has also become illegal ("fake news").

Remember, such questioning is being literally censored and supreme court judges are publicly saying the results are "unquestionable" and anyone who spreads suspicion will be treated as anti-democratic criminals. If you really believe censorship and judiciary dictatorship is okay I really don't know what to say anymore.

Computerized vote counting is a ridicolously bad idea on every imaginable level. Especially if there is any amount of centralization. Computerized ballot printing "just" makes it very easy to deanonymize people.

Here where I live your name is crossed of a list after you have shown your ID card. Then you get a piece of paper which is thrown into a box. Given the incentives, anything less rigorous seems quite ridicolous.

Voting machines have attack vectors which can not work on humans.

As long as the machine prints a paper receipt that I can verify is correct before it is stored, the code that creates the receipt doesn't really matter.

Giving voters the ability to inspect their ballots and the criteria by which they are considered valid at least gives the voter the control over making sure things are correct.

As for open source, I don't think it matters. I mean, even if the software is open soruce, how do you know what the machine is running? Are you going to build it yourself and verify hashes? Can you?

Don't get me wrong: open source for something like this is a good idea. Experts should be able to verify this. It just won't stop claims of election fraud because those largely aren't based on a lack of transparency but rather political expeidency.

Maybe it's not perfect, but (at least to me) seems like a step in a good direction. Also for what it's worth the company making the tech has a product for auditing as well. Idk guess I'm feeling more optimistic this morning.

Is it? Provided you have a working democratic state with checks and auditing, what is the problem that voting machines solve?

The level of guarantees that you have with a paper vote is hard to surpass and the inconvenience of paper vote is not that big considering how often voting occurs (even in the extreme case of Swiss style referendums).

It solves the problem of waiting days or weeks for a result. It solves the problem of multiple languages on a ballot. It solves the problem of visually-impaired voters accessing the voting machine, it solves the problem of incorrectly filled out voting sheets (hanging-chat).

Hell, that's just off the top of my head, and I'm sure others can contribute more.

But a system that uses electronics to tabulate votes that can be verified via paper ballots that are stored long-term, securely? Why not?

Edit: Maybe I didn't describe this well. The person makes the vote on paper. The paper is counted by a machine (like the article is saying). The paper is stored securely and catalogued for later reference and audit. What is the problem there?

If the paper ballots as backup are manually created by the voter then while it’s still possible it’s much harder to fake the votes en masse but there’s more scope for human error (what if they vote in two different ways). If the paper backup is automatically generated then can they check it? If not then there’s little improvement over purely digital voting. If yes, do they actually check it? Many won’t bother and maybe there’s an exploit there. Then there’s the fact that this system would require regular auditing, and lawsuits and close contests will force a certain number of audits every election. No one can reliably predict which districts will require audits so presumably they’ll need to hire sufficient people to do a manual recount anyway which eliminates the labor cost advantage.

If by using electronic voting we are opening up new potential exploits, even with paper backups, and not really gaining much of an advantage why would we go to the expense and bother of implementing electronic voting?

There is no system in which electronically cast and electronically created backups are a good idea.

Fair enough, however the issue of the thread is electronic voting machines not electronic paper vote tabulation.

It just add bigger SPOF. Compromise a single voting machine and you control hundred thousands of votes. Compromise one vote counter and you control thousands at most

There are literally no problems to solve in modern functioning democracies when it comes to votes, it's just some technocrat mentality that requires everything to be automated so it's faster/more efficient, etc.

So yeah you can make these things faster at the expense of basically everything else, including trust

The only reason to have electronic voting machines is to subvert the voting process.

I'm putting open source in quotes, since only software can be open source, a voting machine is a piece of hardware that you do not own, so you have no idea what it software it is running.

But yes: this is definitely progress compared to closed source machines.

Looks to be TypeScript running on node. They have an embedded kiosk browser.

> “There’s a strong desire to see how ballot counting machines are actually counting the ballots,” New Hampshire’s Secretary of State, David Scanlan, told Click Here in an interview. “And open-source software really is the only way that you can do that effectively.”

In any case, I don't think voting machines are a good idea.

I know that you can use enough cryptography and enough open sourcing to make them secure, but what might convince me wouldn't convince the 'village idiot'.

Paper voting and traditional election observers work in a nice 'analog' way. It's tangible, and even a 'village idiot' can understand how it works.

Most voting systems aren't complicated enough to need a computer to evaluate them.

(And those that are should arguable be changed.)

In my state, election workers have to ensure that the number of ballots is the same as the number recorded by the ballot box on election night - although we don’t recount who voted for who. The ballots are preserved.

Presumably the auditing process would involve tallying the votes manually... in case why bother with the electronic process? Unless you only run the audit if there's a complaint. Which I guess works. But personally for something as important as elections I would much more comfortable with a system where the transparent, hard-to-corrupt process is used by default.

We also have tons of checks in place to make sure the machines work. There are calibration runs where known stacks of votes are sent through the machines and confirmed at the end. The vote totals on the machines are checked against the number of people who voted. Post-election, election officials randomly choose machines, open them up in front of the public at preannounced times, and confirm that the ballots that have been locked inside the machine match the tally the machine produced.

I would expect that the amount of time it takes to tally a paper election is related to how many people you have counting.

You might also vote for someone to represent you in the devolved Welsh/Scottish/Northern Irish governments if you live in those countries, but that's only 15% of the population and those elections aren't necessarily on the same day as the general election.

Spend: In the UK, price of counting ballots is far lower than price of paying poll booth staff. It costs approximately £0.10 per person (note, not per ballot) in the UK to count ballots in a nationwide election (as opposed to about £0.35 on keeping polling booths open). It’s likely that if the number of ballots went up by a factor of 10, further efficiencies would be found, but simple ‘ballots counted per hour’ metrics imply that the marginal cost should be relatively affordable.

Difficulty: While running a fair and free election is undeniably challenging, it naively would appear to be much less work than E.g. the USPS does each day to deliver the daily 300M pieces of mail.

The people running elections don't charge voters for voting.

So I'm not sure it's useful to compare the two?

(That the Americans feel like they need government mail when the supposedly more socialist Europeans mostly managed to privatise their former monopolists probably tells us.. something?)

Isn't that just checking that "x == x" in software if everything is done by machine?

2. The typical US ballot has a dozen or so different votes that need to be done.

I understand “voting machine” to be any mechanism that acts as a substitute for a paper ballot, or that acts as an intermediary between you and a paper ballot. And I would agree that the former are a terrible idea and the latter probably don’t provide much net benefit.

But ballot counting machines are a different matter. Here’s the thing: there’s no voting process without a ballot counting machine. It’s just a matter of whether that machine will be a carbon-based one subject to bias, fatigue, boredom and hunger, or an electronic one that excels at stupid-simple repetitive tasks and is subject to none of those things.

I know that human beings are fallible. That's why I wrote:

> I know that you can use enough cryptography and enough open sourcing to make [electronic machines] secure, but what might convince me wouldn't convince the 'village idiot'.

People are used to the failure modes of other humans. And they trust other humans in a way they don't trust machines.

This is similar to how juries still put a lot of stock in eye witnesses.

Potentially, yes. Especially if you used off-the-shelf machines that IBM built in 1920.

In any case, that's just a distraction. Just use humans.

All that said, I live in a town of less than 3,000 people. I don't know that the solutions that work for us here would work everywhere.

Edit: I suppose that doesn't mean voting machines are required though, just that the results on each ballot paper need to be inputted to a computer to determine the outcome. A lot of data inputting required, but still auditable.

If traditional voting is required, I have higher hopes for approval voting or the slightly more complicated range voting. These are quite easy to evaluate completely by hand. Especially the former.

If you are happy to go a bit off the beaten track, using sortition amongst volunteers might be a good way to fill up a parliament. (Or any other body big enough for the law of large numbers to kick in.)

As a slightly more complicated system, I would have every voter indicate their favourite candidate on a ballot sheet, and then draw enough votes at random to fill up parliament.

(Use your favourite mechanism to handle the same candidate being voted for multiple times in your sample. Perhaps give them more weight, or re-draw, or have people write down an ordered list of preferred candidates, and admit the highest ranked one who isn't already in parliament, etc.)

Random sampling is surprisingly powerful. It also completely bypasses Arrow's impossibility theorem.

However, you can look at how the lottery does it, perhaps?

For example, they don't write the players names on the balls. They use more indirection. (And lots of other cleverness.)

Also keep in mind that I suggest to use this mechanism for something like filling up a parliament. The German Bundestag has about 600 members. The UK has 650 MPs in their House of Commons.

I posit that getting into parliament is perhaps comparable to winning the lottery, ie something people might trust lottery equipment and procedures to handle.

Becoming the president of the US is a bigger deal than winning the lottery, so we can't naively expect lottery equipment and procedures to be above suspicion.

Less seriously, add random dry ice steam, fire, and whirling gears for best effect.

Is this really transparency?

No you don't. You have the opportunity to trust someone who understands how the software works, which you wouldn't have if the people you trust weren't allowed to inspect the software.

With this kind of logic, you could never trust an election where you didn't physically count all of the votes yourself. Since that doesn't make sense (not scalable when elections get beyond about 20-30 people), we allow voters to send people they trust to observe and participate in the vote count. This is like that.

But it does not have a license file or any license headers... meaning it may not be under an Open Source license at all?

Some of their code- the audit program, looks like it is AGPLv3... which seems like an odd choice of license for this sort of system. Still happy to see more work on Open Source voting systems.

Even if you remove networking from a machine the whole system is so fragile and there are very high stakes at play.

Independent examiners will be permitted to verify the source code is actually used as-built, that it has a signature attached and that every machine that is built has the signature checked.

Sure, it's not perfect but neither is manual counting (plenty of countries are proving that right now). The question is, I guess, does a software-based system provide notable advantages over manual counting other than cost and speed of a result?

But how could a witness verify a software and a voting machine?

Somehow, twenty years in the future, we don't know results until weeks after the election, and auditability/transparency sucks.

Yikes

It is ridiculous that we are still debating on that , which shows how messed up we are now.