I often say that election security is by far the hardest technical problem I've ever encountered. Why? Four reasons:

1) Contradictory critical requirements, particularly vote secrecy vs. transparency.

2) No truly neutral trusted third parties.

3) Election do-overs are generally impossible, so the ability to merely detect problems is insufficient. You have to reliably prevent them.

4) Much of the technology than can manage the complexity of elections is inherently untrustworthy.

There are a few other problems out there that have *some* of these difficult properties, but elections seem to be almost unique in having all of them.

Add to that the high stakes and sophisticated state actors that are part of the threat model, and it can get really exciting.

I know you’ve thought about this for all of the 15 minutes required to qualify as an Official Internet Expert and all, but seriously, real-world election security isn’t simple, easy, or obvious.

@mattblaze I get it. The one thing I want to see made standard is for every electronic voting machine to have a paper receipt that the voter can verify that is kept for a manual recount.

I know this doesn't, in and of itself, fix election security, but it's a hole in the system I think needs attention.

@sarahmaywalt Receipts of your vote would allow you to prove to a third party who you voted for, which opens the door to coercion and vote-buying.

The requirement for a secret ballot complicates things, but there are important reasons for it.

@mattblaze The receipt would be handed to the poll workers and kept by them, but it would be simple enough for the voter to be able to check it for accuracy before it was turned in.

It would not have to have any identifying information on it. The voter would be required to stuff it into a ballot box before exiting the booth.

@sarahmaywalt I see. What you're describing is called a VVPAT ("voter verified paper audit trail") or a "ballot marking device", depending on the particular configuration. Unfortunately, studies have suggested that in practice, voters don't appear actually check them at a sufficient rate to reliably correct for machine errors or malicious programming.

@mattblaze Perhaps, but it would help prevent any malicious actions that affect the account after the vote occurs from affecting the count. Also, there have been reports of voters using an electronic machine and the machine appearing to misattribute the vote. If the malicious code was buggy enough to tip its hand so that the voter would question what happened, such a receipt could confirm that there is a problem and lead to an investigation.

@sarahmaywalt I know this sounds impossible, but believe it or not, people have actually studied this stuff carefully.

@mattblaze @sarahmaywalt I know this sounds impossible, but believe it or not, people have learned ways of imparting information without sarcasm or insult!

Follow

@mattblaze @sarahmaywalt @vy
I gotta warn ya, if you do that, people will encourage you to smile more. Just say no.

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.