Swiss e-voting pilot can't count 2,048 ballots after decryption failure
theregister.com221 points by jjgreen 5 days ago
221 points by jjgreen 5 days ago
The biggest advantage physical voting has it is follows human-scaling laws. Which often is a problem (inefficient) but for voting this is a massive benefit for one particular reason - due to lack of automation any fraud doesn't also benefit from the same automation so has to be large scale and widely distributed for it to be impactful (the fraud has to be distributed to the humans involved). Which isn't to say that it can't happen (and does!) but requires a lot more effort and in the physical world there always a lot more fingerprints left, cameras looking, informants, etc.
This probably only works properly in the developed countries. In developing countries like India we suffered through decades of "booth captures" [1] where armed gangs would take over a polling booth and cast votes for their political candidate at gun point. Villagers would be disallowed from casting their votes. In many instances, the polling booth itself would be set on fire, ensuring that those votes are never counted.
With EVMs the polling officer can just deactivate the machine (which stops the counting at that moment) making booth capturing pointless.
Not saying this is not possible in developed countries. It could very well happen sometime in the future where armed gangs take over polling booths (especially if the candidate in question is bound to lose due to corruption/scandal and needs to cling onto political power to prevent himself/herself from going to prison).
> This probably only works properly in the developed countries. In developing countries like India we suffered through decades of "booth captures" [1] where armed gangs would take over a polling booth and cast votes for their political candidate at gun point. Villagers would be disallowed from casting their votes. In many instances, the polling booth itself would be set on fire, ensuring that those votes are never counted.
Yeah, but these are visible! They provide evidence that the voting was not fair.
Compare to electronic voting, where a capture might be done and no one ever finds out.
We want rigging of elections to be visible. That's the whole point.
I don't think any system can do much if things have degraded to the point where armed gangs are running around with impunity. I think systems (paper or otherwise) presuppose a certain level of functional civil society
I mean looks like booth capture can only capture a booth at most and to capture more you practically need armed rebellion. But if we automate it, then you only need to capture a location to capture all booths in the region.
> Not saying this is not possible in developed countries. It could very well happen sometime in the future where armed gangs take over polling booths…
I fully expect this happening more as the systems degrade in the west and, arguably, it already has happened several times now in many different ways, even if executed in more “sophisticated” ways that make it less apparent.
What do you call the many “color revolutions” the US and EU have now perpetrated in many different ways and places? The ”gang” was just a state level actor with immense resources and methods that exceed the local capacity to prevent them… just like a local gang using arms to take over a local polling booth.
There are declassified versions of old and obsolete CIA guides on how to conduct the precursors of such “color revolutions” through long term “capacity building” that is then activated if/when necessary. That’s the voluntarily declassified manual of the CIA; someone might suggest there are more effective instructions that are classified.
There have also been medium sophistication level events like what has happened over the last several years in Europe, where Merkel ordered an election result cancelled through technicalities because she/the literal The Party, did not like the result (I guess you can take the woman out of the dictatorship…), the EU simply used the judiciary to force a “runoff” because the election results were not to its liking, de facto canceling elections, or even all the subtle measures like visually misrepresenting election results where the bar or pie chart does not match the numerical data to suppress public mandate and perceptions about results, i.e., higher result numbers being represented by smaller bars than lower numbers.
I would argue they are all examples of the very same things you describe, the equivalent of “…gangs take over polling booths…” only it’s done through process, authority, policy, or even law and those in power tell themselves they’re doing it for “our democracy” and justified through similar dystopian, narcissistic, megalomanic, authoritarian mindsets; “I need to be in power for your own good because you don’t know any better”.
It could go both ways, either things will increasingly start degrading even more as the power slips out of the “gang’s”hands, and the system starts crumbling around them; or if “digital voting” is fully implemented there will essentially be “backdoors” to make sure the powers can “preserve our democracy” just like they need OS backdoors and media control to “protect the children”, which coincidentally seems to always coincide with them remaining in power and control and the people not even being asked about major upheavals of their society and their votes being effectively meaningless because the agenda is continuous regardless of election results.
It’s like those people who used to play slot machines at the casino, (now doing so digitally on their phones) pounding at the buttons that do absolutely nothing since the algorithm is what determines where the spin ends, not them rapidly hitting an essentially dead button just because the “clicking”, the “voting”, makes them think they have control. . . . “our democracy” where you and I are not part of that “our”.
The other advantage in physical voting is that so many people are needed to participate in the process. The probability of aligned bad actors goes down significantly when the voting process is a civic responsibility shared by volunteers who monitor each other. It's not perfect but public participation adds to the legitimacy of the process itself.
Sorting physical ballots is very easy to automate. You get the security of paper with the speed of computing.
In Washington State we get mailed ballots, which we fill in and mail in.
But the ballots are not even printed on security paper. They don't have a serial number on them, either.
The filled out ballot is intended to be fully anonymous.
It is then slipped into a security sleeve to make it harder to read within the envelope.
The envelope is sealed and signed by the citizen.
Security is provided by the envelope which is the attestation that the citizen cast their ballot. Offhand, the county voting office is likely required to retain the ballot as part of the state/federal records. I haven't checked but that or a centralized ballot repository are the only things that make sense.
Once the ballot is removed from the envelope, it is just a sheet of paper with votes on it. There's no name, serial number, or signature on it.
Hence "stuffing" in more ballots cannot be detected.
Printing the ballots on security paper will not eliminate this risk, but it will make it much harder.
I don't know if there is an auditable "chain of custody" of ballots from mailbox to the counting center. The fraud here would be "losing" ballots that are from precincts that tilt significantly in one direction or another.
There's bigger issue than stuffing. In "rural" Hungary chain voting is customary where people are taken to the voting place by gangs and are either awarded with some money or a bag of potatoes, or threatened to be beaten if they do not comply. The first voter of the chain goes in, takes the ballot, hides it and takes it out. It is then pre-filled by the gang. The next voters take the prefilled ballot in, throw it in the box and bring a fresh clean ballot out, and so on...
In other cases, people get money/bag of potatoes for a photo of their correctly filled ballot.
> Hence "stuffing" in more ballots cannot be detected.
The whole envelope opening and ballot counting process is recorded and streamed live from multiple angles.
https://kingcounty.gov/en/dept/elections/about-us/security-a...
That sounds good. But it doesn't account for the ballot from your mail box to the processing center. Nor does it check citizenship & residency status. Ballot harvesting is also legal and takes place in Washington state.
Those things are checked based on the envelope, as other people already pointed out to you in this thread.
The Turkish citizen who did a mass shooting in a mall voted in Washington.
>The envelope is sealed and signed by the citizen.
Alas, the signature must reasonably match one on file (from somewhere ... presumably a state ID) or the ballot may be rejected. Since human signatures can vary wildly for reasons, this non-deterministic feature requires a human guess for -each- ballot. No mechanism to dispute that decision.
Mine has been disputed several times (because it changed due to name change and wasn't updated). There is a very clear mechanism to dispute that decision, and in fact that's why they ask for your phone number and/or email on the envelope--so when they want to dispute it, they have a way of contact for you to do what's necessary to make the ballot count (provisionally, only if the race is close enough for your vote to matter).
Isn't the advantageous fraud easy to do?
Sheriff monitors the ballot box (ex. Jimmy Carter's opponent).
Only allow loyalists to count the result (and then report w/e you want; ex. Russia).
It's not fraud is difficult to do, it's difficult to do so without people noticing. The problem of r-country is not that fraud is not discovered, they problem is they are not capable to course-correct (in general, but in regards to having elections specifically)
It's also very difficult to scale. For one voting site you might need a few people to force it, plus a few more counting the votes. For thousands of sites you need many thousands of people.
Versus e-voting where may conceivably manage to swing the vote with a handful of people.
> Versus e-voting where may conceivably manage to swing the vote with a handful of people.
No the thing you're missing is that the ballots are always electronically counted. Sure, at the very low level they'll manually count each ballot but the sums are then provided to different people electronically who then report the combined total sum.
But also a handful of people can just remove registered voters to have the same effect.
The fraud is easy to scale though because it if you win local offices you can use that to control state offices which you can then uses to control federal offices.
They are counted by hand in Denmark. We used to post the results on physical paper at the voting site afterwards + have them published for the entire country (including a list of the votes at each voting site) in the national papers.
If the local results anywhere were different from those published in the papers, people would notice. If they were different in different papers, or in different parts of the country, people would notice.
We have, unfortunately, switched to a list on a website instead of in the papers :(
I don't care how much maths and encryption you use, you can't get out of the fact that things can be anonymous (no one can know how you voted) or verifiable (people can prove that you only voted once) but not both.
- Switzerland usually gets around this by knowing where everyone lives and mailing them a piece of paper 'something you have'
- South Africa gets around this by putting ink on your fingernail
I've read quite a bit about the e-voting systems in Switzerland and USA and I just don't see how they thread the needle. At some point, you have to give someone access to a database and they can change that database.
Until we all have government-issued public keys or something, there isn't a technical solution to this? (Genuinely curious if I'm wrong here)
The USA threads the needle by simply not having verifiable voting. And it turns out it works pretty well. Despite countless hours and lawsuits dedicated to finding people who voted more than once, only a handful of cases have actually turned up.
It's not that there are no checks. You have to give your name, and they know if you've voted more than once at that station that day. To vote more than once you'd have to pretend to be somebody else, in person, which means that if you're caught you will go to jail.
We could certainly do better, but thus far all efforts to defeat this non-problem are clearly targeted at making it harder for people to vote rather than any kind of election integrity.
This. The process in my precinct is roughly...
- Enter queue
- A front of queue, show ID of some sort (various accepted) to volunteer
- They scratch you from the list and hand you a paper scantron sheet
- Go to private booth, fill out scantron
- Go to exit, scan ballot (it scans and then drops into a locked box for manual tally later, if necessary)
The "easy" ways to vote fraudulently are also easily caught... fake ID documents, voting twice, etc.
For people who forget their ID or have address changes that haven't propagated through the voter roll, there is provisional voting - you do the same as above, but they keep the ballot in a separate pile and validate your eligibility to vote at a later time. IIRC, the voter gets a ticket # so they can check the voter portal later to see if the ballot was accepted.
As noted, the number of fraudulent votes are astonishingly small, given the amount of money spent on proving otherwise. The current GOP has spent 100s of millions or billions on proving wide-spread fraud and so far, all they've managed to prove a few voters, most of whom were actually GOP-leaning, have committed fraud (and most of them were caught day-of already).
> As noted, the number of fraudulent votes are astonishingly small, given the amount of money spent on proving otherwise
How would you even know? The fact that prosecutions for fraudulent voting are rare tells you nothing. Prosecutions for tax evasion are also rare. Does that mean nobody evades taxes? If you have a system that’s insecure, how would you even know when it’s been compromised?
There have been numerous efforts to scrutinize the voting. In 2020 there were 62 lawsuits; none of them succeeded.
Tax evasion is rarely prosecuted because nobody is looking very hard. People looked very, very, very hard for fraud in 2020 and found zilch.
Most of those 62 lawsuits were thrown out on procedural grounds, such as lack of standing (which I think was a bad reason: if the losing candidate doesn't have standing to challenge an allegedly fraudulent voting system, then who does?). But that means they never reached the fact-finding stage, so citing those cases as meaning "there was no fraud" is not supported by the evidence. The cases thrown out on procedural grounds only mean "no conclusion was reached on whether the facts alleged in the complaint were true".
And in each of those 62 cases they gave up there and then ? Tells you something
They didn't give up, they appealed. Most of the appeals, as I recall, were also decided on procedural grounds, but by that time it was (IIRC) "this is moot, we're not going to overturn the result of an election that was decided last year".
If I've gotten any of my facts wrong, corrections (preferably with links) would be welcome — I don't have time right now to go dig up five-year-old news articles, I'm in the middle of a project.
But no, they didn't give up then and there.
> They didn't give up, they appealed. Most of the appeals, as I recall, were also decided on procedural grounds, but by that time it was (IIRC) "this is moot, we're not going to overturn the result of an election that was decided last year".
> If I've gotten any of my facts wrong, corrections (preferably with links) would be welcome
See "Post-Election Cases Decided on the Merits" in [1].
How do you reconcile the idea that voter fraud is common with the existence of so many cases decided on the merits against the plaintiffs precisely due to sheer lack of evidence? You'd think these cases with people looking so hard would've uncovered nontrivial fraud if it was common, no?
[1] https://campaignlegal.org/results-lawsuits-regarding-2020-el...