Tom Scott does a great job of explaining this. Tr;Dr is paper ballots are a mature process that has the benefit of requiring physical access to tamper with, and governments who aren’t great at IT and only do something at scale once 4 years is asking for trouble
Because there is no way to prove without a shadow of a doubt that any digital system is 100% reliable. Are all voting machines completely tamper proof? Running unique code that cannot be run elsewhere, and is 100% open source such that the source can be viewed by anyone without exposing itself to risk that a smart enough bad actor can cause havoc? Do these machines need to be networked? Are all the networks completely identical and have 100% uptime? I could go on for hours about the flaws in software.
The general response is usually something to the effect of “well paper ballots and human counting is also flawed” to which my immediate rebuttal is, humans have to write the code and develop the hardware and if humans are flawed, so to will the code they produce be. Digital voting is just the same human error with more steps. Nearly all of the issues with paper voting are present in digital voting and then some.
… but also, i do wish we had the best of both worlds: ONLY paper ballots are submitted as trustworthy, however machines that print on paper ballots (so if the machine stops working you can use a pencil as usual still). this ensures that people mark the ballots in a valid way, they can physically look at their ballot paper and ensure it’s what they want before submitting it, and the machine can record its ballots so they can be fed into a computer as a “preliminary” count so results are available ASAP, with the paper ballots confirming validity - the preliminary count is meaningless other than speed; paper ballots are the source of truth
Digital voting is just the same human error with more steps. Nearly all of the issues with paper voting are present in digital voting and then some.
I wonder if one can use ghost keys for an anonymous voting system, which still ensures that a voter only votes once, and still makes all votes verifiable.
That would have much fewer issues.
Running unique code that cannot be run elsewhere, and is 100% open source such that the source can be viewed by anyone without exposing itself to risk that a smart enough bad actor can cause havoc?
No need to use some fantastically obscure hardware. Source code being open is not bad.
A voting system is the easiest thing to emulate. Except for load.
Even if you could make a perfect digital system through encryption and keys and further complexities, to the layman this is effectively a magic black box that they have to trust does the job. If you can’t explain it simply to that layman without saying “trust me bro”, it doesn’t fix the primary problem we currently have with our voting system, the lack of trust in the system.
There’s a solution of vote not being anonymous, so that everyone can check if their own vote has been stolen, and everyone can see if there are anomalies in distribution of voters.
But then you have the issue of voter retaliation and discrimination. That already happens in certain places in this country if someone even thinks you vote a certain way. If there was a reliable way to find out who someone else voted for in the most recent election, there would be huge social implications.
What if you lose a job because of the way you voted? An employer would not have to disclose that as the reason or any reason at all. Most states are employ at will states where you can be hired or fired for any reason at all with a handful of exceptions. And even with those exceptions, it is very very difficult to prove if those exceptions have been broken.
Well, either that or we have to explain zero-knowledge algorithms to voters.
What if you lose a job because of the way you voted?
In some sense that’d be a good thing to have fewer connections to people who’d do such a thing. But in fact, of course, that would lead to voter coercion.
If there was a reliable way to find out who someone else voted for in the most recent election, there would be huge social implications.
There’s another solution, which is strictly speaking not voting. Using sortition with no unknown components - a predictable pseudorandom number (say, from timestamp, amount of UN member states, and something else) and some public citizen register, and the register of those willing to be chosen. The changes of that register would be very volatile (deaths, births), and so those of willing participants. And just like with checksum algorithms, the smallest changes in sources would cause the biggest changes in the result. At a firmly defined moment in time (no shifting day forward, day back and so on) it’d be calculated which people become, ahem, electors. Due to no unknown components it’d be verifiable by everyone and hard to tamper with.
And then they would vote non-anonymously, as it happens now. Not direct sortition to a presidential post, because there has to be some degree of security from madmen.
EDIT: Actually one thing I like about this is that the art of politicking, as in campaigning, as in selling yourself to the public, becomes less relevant.
It’s a huge problem in today’s world, where outside of the West everyone knows that who’s considered the victim and the good guy and who’s the aggressor and the bad guy is determined by spending on such campaigning and efforts to sell the point.
Westerners generally think that the best point of view will sell itself to them. And Yazidis in Sinjar could do that worse than ISIS supporter countries, while ISIS was murdering them.
And also remember that Kuwayti nurse who “testified” before UN who was in fact a daughter of a prince, if I’m not mistaken.
So I like sortition quite a lot, but there should be mechanisms to alleviate its results (randomization and all that). Like non-anonymous voting on top of it. And maybe with 2/3 of electors being selected this way, and 1/3 of them via anonymous popular vote.
You don’t have me convinced and I genuinely don’t understand how this could be the popular opinion. You absolutely can’t convince me that with a well designed system it would be easy to cheat when compared to a piece of paper.
Why the hell would software need to be more complex than a few text lines that store the results of your selections? An amateur coder could create a simple multiple choice selection system in an afternoon.
Why does anything other than a local network need to be involved? It can literally function similarly to paper ballots and have a central recipient machine that collects the results that is then handed over to a ballot authority. Please keep going on for hours about the flaws instead of simplifying the problem.
A machine that is sitting in a voting hall is as easily tampered with as a paper ballot, and it’s not going to be done by the average person. Anyone who could manipulate these machines could figure out how to mess with a paper ballot.
You can’t ‘run out’ of a digital vote. You can’t ‘miscount’ a digital vote. If both methods have issues, why choose the one that is OBVIOUSLY easier to manipulate? Oops! Someone misplaced the piece of paper you put in.
The year is 2024 and all of the possible issues you’ve just brought up can be solved but it seems that it would be way too easy to actually have accurate vote counts and one less voter suppression tactic in the pocket of shady governments, so they won’t.
And then proceed to convince every American that it is good and reliable and will work because it only takes a vocal few to stir question about it. And it only takes a single person finding a small flaw that can probably skew results. And that one flaw that allows someone smarter than you or I, has the power to throw question into our already shaky political system. And you as the producer of the system are entirely liable.
We are already fighting about trust in our voting system, to add the complexity of computerized systems is not going to sway the vast majority of people.
You can’t ‘miscount’ a digital vote.
Yes you absolutely can. Look up flipped bits, look up rounding errors. Look up lossy data. Look up bit overflow. There are many many ways computers miscount things. Hell, many calculators have incongruent output to each other because they do math in a slightly different system.
Those are easy to mitigate, even on a hardware level… But of you really needed to you could even do it on a software level.
Look up rounding errors
For integer numbers… Suuuure
Look up lossy data
What the fuck does compression have to do with this? Guess you needed to pad your text
Look up bit overflow
Even a 32bit processor will not overflow unless you go above 2 billion, and even if you were using 16 bits, that’s what the overflow bit is here to indicate… And if you’re coding using anything but assembly this isn’t anything you need to worry about
There are genuine concerns with digital voting, but you’re missing every single one of them with this response.
Sadly we live in an age where non-tech people, a bit like LLMs do, can say all those words and not understand them.
I genuinely think using PDP-11 level (in feel, can be more performant) machines as our PCs (with hardware accelerators for cryptography, some sound and some graphics) would be beneficial for the humanity. Limit them to things they can use differently from a squirrel using a wheel.
My point was not that these examples are issues to be concerned with in a voting system. Instead I was pointing out that computers fail at counting all the time. It’s also not even my full argument. You dissected one portion of my response and still missed the point I was making.
That’s awesome for Brazil. They discovered a perfect flawless man made system. I completely believe it is entirely tamper proof. It’s much easier to change whole datasets than to edit enough paper ballots to make a difference in a vote where many millions of people have submitted paper votes. Ctrl+a, del… Goodbye data. Not that it’s possible to do in the Brazilian system. But it certainly is possible in many databases…
Why is it possible to run out of something that could (should) be handled entirely digitally?
Tom Scott does a great job of explaining this. Tr;Dr is paper ballots are a mature process that has the benefit of requiring physical access to tamper with, and governments who aren’t great at IT and only do something at scale once 4 years is asking for trouble
https://youtu.be/egeMAIXYIvI?si=_o3lyAjKsRobUbLq
https://youtu.be/LkH2r-sNjQs?si=xSQdMh4uzC2u4-oz
Because there is no way to prove without a shadow of a doubt that any digital system is 100% reliable. Are all voting machines completely tamper proof? Running unique code that cannot be run elsewhere, and is 100% open source such that the source can be viewed by anyone without exposing itself to risk that a smart enough bad actor can cause havoc? Do these machines need to be networked? Are all the networks completely identical and have 100% uptime? I could go on for hours about the flaws in software.
The general response is usually something to the effect of “well paper ballots and human counting is also flawed” to which my immediate rebuttal is, humans have to write the code and develop the hardware and if humans are flawed, so to will the code they produce be. Digital voting is just the same human error with more steps. Nearly all of the issues with paper voting are present in digital voting and then some.
this is 100% correct
… but also, i do wish we had the best of both worlds: ONLY paper ballots are submitted as trustworthy, however machines that print on paper ballots (so if the machine stops working you can use a pencil as usual still). this ensures that people mark the ballots in a valid way, they can physically look at their ballot paper and ensure it’s what they want before submitting it, and the machine can record its ballots so they can be fed into a computer as a “preliminary” count so results are available ASAP, with the paper ballots confirming validity - the preliminary count is meaningless other than speed; paper ballots are the source of truth
I wonder if one can use ghost keys for an anonymous voting system, which still ensures that a voter only votes once, and still makes all votes verifiable.
That would have much fewer issues.
No need to use some fantastically obscure hardware. Source code being open is not bad.
A voting system is the easiest thing to emulate. Except for load.
Even if you could make a perfect digital system through encryption and keys and further complexities, to the layman this is effectively a magic black box that they have to trust does the job. If you can’t explain it simply to that layman without saying “trust me bro”, it doesn’t fix the primary problem we currently have with our voting system, the lack of trust in the system.
There’s a solution of vote not being anonymous, so that everyone can check if their own vote has been stolen, and everyone can see if there are anomalies in distribution of voters.
But then you have the issue of voter retaliation and discrimination. That already happens in certain places in this country if someone even thinks you vote a certain way. If there was a reliable way to find out who someone else voted for in the most recent election, there would be huge social implications.
What if you lose a job because of the way you voted? An employer would not have to disclose that as the reason or any reason at all. Most states are employ at will states where you can be hired or fired for any reason at all with a handful of exceptions. And even with those exceptions, it is very very difficult to prove if those exceptions have been broken.
Well, either that or we have to explain zero-knowledge algorithms to voters.
In some sense that’d be a good thing to have fewer connections to people who’d do such a thing. But in fact, of course, that would lead to voter coercion.
There’s another solution, which is strictly speaking not voting. Using sortition with no unknown components - a predictable pseudorandom number (say, from timestamp, amount of UN member states, and something else) and some public citizen register, and the register of those willing to be chosen. The changes of that register would be very volatile (deaths, births), and so those of willing participants. And just like with checksum algorithms, the smallest changes in sources would cause the biggest changes in the result. At a firmly defined moment in time (no shifting day forward, day back and so on) it’d be calculated which people become, ahem, electors. Due to no unknown components it’d be verifiable by everyone and hard to tamper with.
And then they would vote non-anonymously, as it happens now. Not direct sortition to a presidential post, because there has to be some degree of security from madmen.
EDIT: Actually one thing I like about this is that the art of politicking, as in campaigning, as in selling yourself to the public, becomes less relevant.
It’s a huge problem in today’s world, where outside of the West everyone knows that who’s considered the victim and the good guy and who’s the aggressor and the bad guy is determined by spending on such campaigning and efforts to sell the point.
Westerners generally think that the best point of view will sell itself to them. And Yazidis in Sinjar could do that worse than ISIS supporter countries, while ISIS was murdering them.
And also remember that Kuwayti nurse who “testified” before UN who was in fact a daughter of a prince, if I’m not mistaken.
So I like sortition quite a lot, but there should be mechanisms to alleviate its results (randomization and all that). Like non-anonymous voting on top of it. And maybe with 2/3 of electors being selected this way, and 1/3 of them via anonymous popular vote.
You don’t have me convinced and I genuinely don’t understand how this could be the popular opinion. You absolutely can’t convince me that with a well designed system it would be easy to cheat when compared to a piece of paper.
Why the hell would software need to be more complex than a few text lines that store the results of your selections? An amateur coder could create a simple multiple choice selection system in an afternoon.
Why does anything other than a local network need to be involved? It can literally function similarly to paper ballots and have a central recipient machine that collects the results that is then handed over to a ballot authority. Please keep going on for hours about the flaws instead of simplifying the problem.
A machine that is sitting in a voting hall is as easily tampered with as a paper ballot, and it’s not going to be done by the average person. Anyone who could manipulate these machines could figure out how to mess with a paper ballot.
You can’t ‘run out’ of a digital vote. You can’t ‘miscount’ a digital vote. If both methods have issues, why choose the one that is OBVIOUSLY easier to manipulate? Oops! Someone misplaced the piece of paper you put in. The year is 2024 and all of the possible issues you’ve just brought up can be solved but it seems that it would be way too easy to actually have accurate vote counts and one less voter suppression tactic in the pocket of shady governments, so they won’t.
Why in the world do you think we would have a well-designed system?
Then why don’t you create that system?
And then proceed to convince every American that it is good and reliable and will work because it only takes a vocal few to stir question about it. And it only takes a single person finding a small flaw that can probably skew results. And that one flaw that allows someone smarter than you or I, has the power to throw question into our already shaky political system. And you as the producer of the system are entirely liable.
We are already fighting about trust in our voting system, to add the complexity of computerized systems is not going to sway the vast majority of people.
Yes you absolutely can. Look up flipped bits, look up rounding errors. Look up lossy data. Look up bit overflow. There are many many ways computers miscount things. Hell, many calculators have incongruent output to each other because they do math in a slightly different system.
Those are easy to mitigate, even on a hardware level… But of you really needed to you could even do it on a software level.
For integer numbers… Suuuure
What the fuck does compression have to do with this? Guess you needed to pad your text
Even a 32bit processor will not overflow unless you go above 2 billion, and even if you were using 16 bits, that’s what the overflow bit is here to indicate… And if you’re coding using anything but assembly this isn’t anything you need to worry about
There are genuine concerns with digital voting, but you’re missing every single one of them with this response.
Sadly we live in an age where non-tech people, a bit like LLMs do, can say all those words and not understand them.
I genuinely think using PDP-11 level (in feel, can be more performant) machines as our PCs (with hardware accelerators for cryptography, some sound and some graphics) would be beneficial for the humanity. Limit them to things they can use differently from a squirrel using a wheel.
My point was not that these examples are issues to be concerned with in a voting system. Instead I was pointing out that computers fail at counting all the time. It’s also not even my full argument. You dissected one portion of my response and still missed the point I was making.
Somehow Brazil makes it work, there are many many layers of redundancy so that any tampering would not affect the result, or be obvious.
That’s awesome for Brazil. They discovered a perfect flawless man made system. I completely believe it is entirely tamper proof. It’s much easier to change whole datasets than to edit enough paper ballots to make a difference in a vote where many millions of people have submitted paper votes. Ctrl+a, del… Goodbye data. Not that it’s possible to do in the Brazilian system. But it certainly is possible in many databases…
Because people can understand paper ballots, while tech is complicated and people don’t want to understand it, so they instantly think it’s unsafe.