@omnipotens @swiley
Have you watched Tom Scott's video about electronic voting?

@omnipotens @swiley regarding SSNs, we still have situations where multiple people have the same SSN.

https://www.nbcnews.com/technolog/odds-someone-else-has-your-ssn-one-7-6C10406347

Of course this is a flaw with the SSN system itself, as they don't want to do anything about this to prevent it.

Also, not every American has a SSN, though functioning in society without one is next to impossible. When my kids were born, i was not required by law to sign them up for a SSN (but had I chose not to, it would have made life hell)

@omnipotens @swiley That said, presuming that the feds actually fix the idea of a SSN and make the digits sufficiently long enough so that name/number collision do not happen, there's still the issue that Americans are not required to have one.

You aren't even required to have legal state-issued ID to prove your identity in many states. Even if you have state-issued ID, they aren't biometrically linked in any way to you except photos (which are easily fooled)

@matt @omnipotens We wouldn't want a biometric link anyway. All that does is create hassles for people who's biometrics change and make it easier to defraud people trying to authenticate you because every where you go you leave biometric information.

@swiley @omnipotens Biometrics markers, by their nature, should not easily change in the first place.

If you're thinking DNA, that's one biometric marker, but its not the only one.

@matt @omnipotens I was thinking of fingerprints actually but it really doesn't matter.

@swiley @matt fingerprints are pretty easy to compromise.

@matt @omnipotens
There are serious problems with having a single ID number that's used for official things like this. We're already seeing how easy it makes fraud and how that affects people. It used to be illegal to use the SSN for anything other than social security, there was a good reason for that.

@matt @swiley Well you need an SSN to pretty much do anything from getting a job to a driver's license. Regardless if it has been stolen or not it is just used as an identifier. ssn=person + unique voter id=home address.

@omnipotens @swiley I'm of the mind that you need to use biometric markers to make an ID bind to a specific person. Something that cannot be easily altered, and something that doesn't readily change over a person's lifetime.

Of course, then you open Pandora's Box for a myriad of reasons.

@matt @swiley retinal scanning I can get behind the thought however, you will need multiple ways for that one-off person that does not have any eyes at all but guess they can signup for more of a traditional method.

@omnipotens @matt That sounds extremely unpleasant and I'm sure you could still find ways to forge a correct scan with eg contacts.

If we really wanted a national ID than the federal government should be running a key server. No one reasonable wants this because it would create a huge mess and we absolutely should not be tying it to biometrics. Biometrics are worse than requiring a shared secret to authenticate because you can at least choose who you share the secrete with and change it if you think it's been compromised.

@swiley @omnipotens one problem with the 2fa approach:

I wouldn't expect some numbskull in Kentucky to understand any of this.

@matt @omnipotens 2fa is a whole separate issue. Now you're requiring people to run certain OSes or use specific private networks to authenticate.

People in Kentucky are just as dumb as people in virginia. Hopefully you see why even if we had a national ID you couldn't expect it to actually refer to individuals 100% of the time. Fraud happens and the world is messy and the cleanup is way too slow for whatever automation you'd want to build for it anyway.

@swiley @matt No I am not requiring them to run any OS. Right now when I go and vote I show ID. All I am adding is a randomized voter registration number. When you vote. you put in your id and your voter registration number. If those two match then it's a valid vote. It will just add another layer of difficulty to slow corruption. I am not even saying it's a full-proof idea but its a start.

@omnipotens @matt Maybe it's different where you live but that's essentially what they do here IIRC:
You're authenticated by the volunteers running the Poll and they issue you a serialized ballot.

@swiley @matt Right now many states do signature validation. However, you frame that you just serialized your ballet.

@omnipotens @matt Signiture validation is somewhere between meaningless and potentially a good excuse for throwing away votes.

I sign my credit card purchases with a PR Nonce for this reason.

@swiley @matt I agree with you about the signature validation. That's why I tossing ideas for a better way to validate just to see where that goes.

@matt @swiley You don't give people enough credit.

@omnipotens @matt Regardless *I* don't want to deal with maintaining a national ID.
The problems caused by having an SSN are enough of an annoyance.

@swiley @matt Oh and voting is done by the state not national so all systems would be at a state level.

@omnipotens @matt
You need an SSN to pay taxes. It's not required for anything else. They're not unique, they're trivial to forge, and they should not be used for anything other than social security accounts.

@swiley @omnipotens Actually, you do not need a SSN to pay taxes. You need a taxpayer identification number, which *can* be your SSN.

https://www.self.inc/blog/possible-pay-taxes-without-social-security-number

@matt @swiley and again it really has nothing to do with SSN I was just using that as a unique identifier. This can be anything really.

@omnipotens @matt Right, but we don't have a unique identifier and I'm pretty sure most people would be against having one.

@swiley @matt everyone has some form of unique ID these days from driver's license numbers, SSN, ITN whatever. even if it is not 100% unique that not the point. Heck in most states you cannot vote without some form of ID

@swiley @matt I don't know where you are from but every job I ever had they needed a copy of my ssn. I needed it to get my DL open a bank account. It is used for lots of things.

@omnipotens @matt You job needs your SSN so it can fill out tax forms (for social security.)

Same with the banks, they'll accept an ITN instead.

@omnipotens @matt Furthermore an SSN doesn't mean you have a right to vote anyway. Visa holders are given SSNs and still aren't allowed to vote.

@omnipotens https://www.usa.gov/who-can-vote
I don't see an SSN on this list.

I don't think paper audits are fool proof. The reason electronic voting is a problem is that *you have to convince the skeptics that it's correct.* Most of the people skeptical of your voting scheme may not even understand PKI and other ideas necessary to judge it's correctness. The result is a mass rejection of the results like what we had last year.