20 years ago I attended an international conference on electronic voting. There were various papers on the form of elections (not on specific products.)
The huge takeaway for me was not the technology (or lack thereof). Ultimately all existing (and proposed) systems have flaws. The key was public trust in the result.
The first step to sidestepping democracy is to attack the legitimacy of elections. One can attack the process, software, hardware, ballot security, eligibility, and so on. It doesn't really matter what you attack - it doesn't matter if your gripe is legit or not. It only matters that you erode trust in the result.
If you can make people think the elections are rigged, then you can bypass them and move straight to authoritarianism.
Quibbling over open-source or not is irrelevant. We can cast doubt on the software either way. Quibbling over electronic or paper voting is equally irrelevant (there are plenty of paper-only elections worldwide that are very suspect.)
Naturally the Open Source company promotes Open Source voting machines. But in truth being Open Source has no (real) benefit. Software is easy to tweak, Open or not.
> But in truth being Open Source has no (real) benefit. Software is easy to tweak, Open or not.
But that's not the truth though. Open source software is not easy to tweak when it's deterministically compiled using reproducible builds and there are provisions for on-demand inspection of executables and hardware.
We looked hard at this question, but ultimately determined it was as prone to distrust as any other.
Firstly, inspection of code is a very technical skill, so there's a certain amount of reliance on a tiny group here. That tiny group then simply declares whatever they like. Understanding a complex C program, looking for obfuscated behavior is a very specific skill.
Secondly, given the tens of thousands of machines in play it becomes impossible to guarantee the code inspected is the code that runs. The GCC compiler itself, used to build the software could be altered. The kernel of the machine could be altered, and so on.
Yes, ultimately given enough time, it would be possible to detect problems. But getting a report years after the election is fruitless. Also, no doubt, with time, security issues in the OS and code will be retroactively discovered. There will be no way to determine if those flaws were used or not.
In short, you cannot determine veracity or correctness of the machine, in reasonable time. Making the code Open Source does not change this.
And again, it doesn't matter if the code is honest or not. It only matters what people believe. If anything having the code Open just means more opportunity for malicious actors to claim they've "found issues" without being specific.
The issue is not the software. And its not the software license. It's the environment of mistrust coupled with the willingness of people to accept obvious and blatant misinformation. (See vaccines etc).
Electronic gambling machines are highly regulated because they deal with real money and random number generation. There are a lot of safeguards in that industry across various jurisdictions that seem like they should apply to electronic voting machines too.
Independent testing laboratories exist that do specialize in the specific skills you're talking about. Pretty much all of the software involved is certified and saved, source is saved, compiled binaries are saved, hashes are logged of the compiled binaries. Binaries run from EPROMS or write-protected partitions making it very difficult to change them once installed. Cabinets have tamper-apparent sealing.
The machines are designed so that an auditor can inspect a machine on a casino floor in under 5 minutes, verifying that the software that's installed is the one that's supposed to be and that the physical seals haven't been broken.
I'd imagine there are a lot of similar processes for ATMs.
Problem of distrust cannot be solved completely, but probability of cheating can be reduced significantly by using multiple independent vendors of voting machines, better if they are from different countries, AND using paper ballots, so voters will have choice.
World went down on a completely different path. New wave authoritarians want to pretend that there is democracy, and they want to keep up the trust, even when elections are not free or fair at all.
I would argue the opposite. Authoritarians promote mistrust in elections (regardless of whether they win or lose.)
In the US for example, distrust is very high. Promoted by accusations of mail-ballot fraud, of illegals voting, by anything at all. This continues despite winning the 2024 elections.
I agree insofar as ensuring all e-voting implementation attempts are open source will enable us to more comprehensively prove that it is a fundamentally bad idea.
Candidates drop out, die, or become ineligible in all kinds of ways. Paper is not strictly better and can create costs and complications on the day of the election itself.
Electronic voting is fine. Why can't we just have a printer in the polling booth? I run my ballot, then hit print, then I can manually verify it, and then drop the printed ballot in a box.
What you have just described is an ExpressVote voting system, manufactured by ES&S (https://www.essvote.com/products/expressvote-3/). Here is an example how-to on using it from Micigan (https://www.youtube.com/watch?v=ebqktli8bRk). The only salient difference between what you describe and the actual system is that the paper run through the machine is also audited (to guard against someone ballot-stuffing by creating additional ballots when nobody is looking).
If you want this, the next step would be to get involved at your county or state level (depending on how your state makes voting technology decisions).
Can you please edit out swipes from your HN comments, and generally stop posting aggressively? You haven't been doing it extremely (which is good) but you have been doing it repeatedly (which is bad).
Your comment here, for example, would be fine without the last bit ("you've missed the point entirely").
You still have to securely distribute those machines. All of the things still apply. Actually you need even more security!
Printing paper is cheap. Shipping it is cheap. Checking it is cheap and obvious. Reprinting is cheap. You don't even need to ship them. Most of the cities are close to industrial areas which has big printers and paper mills.
Making stamps or buying pens is cheap. You validate ballots at the polling stations which is scalable and cheap. It is the members of public who validate it. You don't need to pay most of them. They are just local constituents! It is their vote!
You are not aware how far away you are from the point!
IIRC, last presidential election that was what we did in our county, voted on a machine, got a prinout, verified it, stuck it in the scanner and was done. I think I'm remembering it right?
You didn't define how paper ballots are better. Given that many electronic systems print paper ballots, I'm not sure how they could be said to be universally better.
Electronic ballots can be much better than paper in two ways. Firstly, they are faster to count. I'm not sure why that matters, but it's true and seem people seem to think knowing the outcome quickly is important.
Far more importantly to me: they are easier to use. In Australia we have compulsory voting. A lot of attention is paid to how many votes are invalid. It currently runs at 5%, but ranges up to 10% in areas with lower education levels or non-English speaking. Voting machines can tell you verify if the vote is valid, help you if they aren't, provide information from the candidates if you want to know more.
One the downside, a poorly designed voting machine can be far less secure than out current paper system. Sadly, I don't think I've seen proprietary voting voting machine that didn't have significant design flaws. Making the situation worse is the voting machine companies like to keep their flaws well hidden (flaws aren't good for sales). In Australia, we've had examples of the Australian Electoral Commission perusing academic researchers in the courts for revealing flaws. [0] Mandating open source mandate is a solution to that.
Pharaos had to run a footrace to prove they were still fit to rule, meanwhile we sacrifice the security of our voting system so that the most feeble and feeble-minded among us can vote. In some countries even the most disinterested and uninformed in politics are legally compelled to vote. Then we complain how foolishly the public votes, and how easily they are swayed.
Hardly: History shows the repeated failure of the alternative, where only the "qualified" may vote.
Terrible people just corrupt the qualification-mechanism instead. That evil tactic tends to be more-effective and longer-lasting than trying to appeal to the lazy-stupid vote.
You think this is a fair characterization of what I wrote? That it not being worth sacrificing the security of a voting system to get the most disinterested and incapable to vote, is equivalent to some unstated "qualification" test?
> In some countries even the most disinterested and uninformed in politics are legally compelled to vote.
It depends on what you are after I guess, but it's almost certain that if the USA has compulsory voting Trump would not have won the last election. The people who don't usually vote; the feeble-minded as you call them, pull the vote toward the centre. Whatever Trump may be, he doesn't represent the centre of politics.
If the current USA polls are any indication, most USA voters are now wistfully thinking what might have been, had a system that forced those feeble-minded voters to get off their arses and vote been in place back in November.
One of the few things I was happy with Texas legislation this year was moving all to paper ballots. They still use the "bubble counter" machinery though and not human eyeballs. But it's not like it still relies on honest people and a government that is neutral when it comes to counting votes. That's starting to look like it is less and less possible with the current regime's banana republic chaos.
I agree but worry about what this implies for accounting and other financial systems. If we can't trust the voting machines to tell us what the vote totals are, how can we trust the bank computers to tell us who owns what?
I would be very worried about banking security if there was only one bank and it was run by the government. Obviously, that's not the case, banks are private companies and there are thousands of them constantly competing for each other. They have a strong interest in tight security to remain trustworthy. They're also heavily regulated, probably even more than the voting system, and they're subject to financial auditing. I'm not an expert but would estimate that for these reasons banking is overall more secure than electronic voting.
I could be wrong, though. As far as I know, hardware companies nowadays cannot even be reasonably sure that the chips they use don't contain backdoors.
For clarification, my position is that electronic voting is not secure and cannot be made sufficiently secure to safeguard against catastrophic failure and abuse. That's orthogonal to the issue whether voters trust in the voting mechanism, which is also important.
