For giving a guiding vote from the citizens to assist in parliamentary or local decisions, yes.
For electing state officials, no. A voting scheme needs to be designed for the worst possible circumstances which practically means a bordering civil war, and where trust between voters is zero at best. Voting allows revolution to take place peacefully.
Therefore the method of voting needs to be understood, carried over, and be verifiable by the common (wo)man. No electronic scheme can do that: anything that runs in software means that the correctness of the system depends on the experts' word only, and that word is likely to mean nothing when half the population is already collecting arms.
> No electronic scheme can do that: anything that runs in software means that the correctness of the system depends on the experts' word only.
No paper ballot in box scheme can do that: anything that is run by officials means that the correctness of the system depends on the officials' word only.
What is truth? What is reality? Turtles all the way down?
Please sign up and observe your local elections. The Australian Ballot system (private voting, public counting) is time proven, battle hardened.
Paper ballots cast at precincts counted when the polls close is the gold standard. It works because opposing belligerents agree on the outcome. Trust forged from mutual distrust.
Paper ballots permit guaranteeing the physical chain of custody. You should show up and help keep that guarantee.
But how do you verify that each voter is authorized to vote, and that only one vote was cast? It seems if you involve a digital system you're kicking the trust bucket down the road.
The security of a digital systems is "good enough" IMO, especially if there's a public cryptographically verifiable ledger. We bank online where the banks essentially only hold cash in the form of a database entry. The benefits of digital voting means we can have more granular input in our government's operations. I don't see paper ever scaling to meet that demand.
Remember that your IMO is not what the consensus among security experts is. There are many things that you and me missed.
The worst problem with electronic internet voting is that depending on country, something like 5-40 percent of voters loses the secret ballot and the opportunity to vote independently without coercion. Husband, brother or other family member will be behind their back to watch how they vote.
Here in Finland I have a friend who has been election official and he says that it's not uncommon common for family member trying to squeeze into ballot box or try get behind. Especially if the ballot has been cast in post office with small space.
I disagree. I'll be surprised if any electronic voting system matches the integrity, performance, scalability, feature set of the Australian Ballot, of paper ballots cast at polls sites counted when the polls close.
Your jurisdiction's voter registration database is (hopefully) up to date. YMMV. Note that verified reports of registration fraud are very, very few. Whereas caging, purging are fairly common.
Briefly, On election day: voter shows up to correct poll site, shows some kind of ID (YMMV), name found in that location's poll book, voter signs in, ballot is issued, voter marks ballot, voter casts ballot. If there's any error (question) during this process, voter is issued a provisional ballot, to be adjudicated out of band.
Ballots are counted before the polls open and again when the polls close. The bookkeeping is simple and easily verified.
Everything is bundled in tamper evident seals, observed and signed by members of opposing parties, physically escorted by opposing members, etc.
> Everything is bundled in tamper evident seals, observed and signed by members of opposing parties, physically escorted by opposing members, etc.
I don't see why this level of security couldn't be used to randomly and deterministically assign crypto keys that are used for some kind of blockchain voting scheme. Put a thousand pre-known keys in a hat, one thousand people draw keys from a hat, the key is activated on the blockchain and points to a user-defined voting wallet. Now you have anonymous cryptographically verifiable voting with double spend protection. Am I missing something?
Voting wallets? Assign crypto keys? You mean just like issuing a ballot? How would someone do a recount? An end-to-end audit? Keep track of who was assigned which key (thereby destroying the secret ballot)? Who voted and who didn't? How do you handle provisional ballots? Etc.
PM me once your proposal satisfies the requirements (works as a replacement) for current election administration systems.
Okay, maybe I'm being too dismissive, which I normally hate. But blockchains, crypto, signatures are not magical. Design the whole system, make it auditable while accounting for information leakage, simulate a few real world elections. Do the leg work, unlike Chaum, Rivet, others. THEN we can talk.
Thank you. Sort of. Now I have to waste my time figuring out how Scantegrity is flawed.
With the prior Punchscan system, voter privacy is accomplished thru hash collisions. Hiding your ballot in a herd of ballots cast. A trick that works only if your herd (precinct) is large enough and your ballots are simple enough. Definitely would not work (protect voter privacy) in my jurisdiction.
Side note about IRV, as used in Maryland Park: It's now a non-starter. After the handful of well-studied experiments, election administrators are dead set against it. Ballots are complicated, voter education is tough, and IRV necessitates electronic tabulation, which rules out legally required manual recounts. (My jurisdiction often gets over 500k ballots. IRV is not feasible here.)
Any time your voting system for the general public involves "fiddle with this computer/software", you've lost. The public in general can't handle security methods, and many folks just shut their brains down when it comes to computers. Similarly, if you can't explain the method in terms they can understand, then their trust in the system will simply not be there.
People lose wads of cash that are valuable to them; they're going to care even less about their electronic verification file.
If I install a virus on your grandfathers computer and show him that his vote has been counted when it fact it wasn't, he will not be able to check that.
He could just verify from another computer since the blockchain is public. Bitcoin wallets already have m of n signature schemes that can require multiple devices to sign before being valid transactions.
Some of the places with the highest levels of distrust on electoral authorities and government bureaucracy solve this problem by marking your thumb with indelible ink, which can't be washed off but fades away over the course of a week or so. This guarantees people enter polling stations only once, even if they magically happen to have been registered at multiple places.
We use this in Mexico, in addition to (non-digital) fingerprint-carrying voter ids. Historically, it has not prevented fraud in general (most of which happened due to insufficient audit procedures and rural polls not having observers from all parties, allowing for stuffed ballots and the like). It did however close that particular attack vector. My trust on the results of an individual polling station in an urban area with observers from all major and most minor parties is actually quite high, even as I know any or all of the observers involved are likely to be corrupt and have low regard for the law. The reason for this is that they are all incentivized to prevent each other from cheating and have the means to detect tampering in such setting (without needing uncommon expertise beyond observation and basic arithmetic).
This is a thing you actively don't want. You don't want to be able to prove to anyone else how you voted. Otherwise it would be absolutely trivial for your boss to say, "So, you voted for that anti-union candidate, right?" (Or your boss to not say that, but just happen to give promotions to people who show proof of voting the way the boss wants.)
The right to a secret ballot is demanded by the Universal Declaration of Human Rights.
Yes, this renders the electronic voting problem - and honestly the voting problem in general - very close to impossible. That's why it's hard.
>> Put a thousand pre-known keys in a hat, one thousand people draw keys from a hat, the key is activated on the blockchain and points to a user-defined voting wallet. Now you have anonymous cryptographically verifiable voting with double spend protection
I just invented a scheme to anonymize votes in 5 minutes. I'm sure if smarter people tried we could definitively solve this. I'm not convinced this is hard as much as people are saying it's hard.
1. As others said, the private key proves how you voted. If you can verify it with the private key, you can show the proof to someone else. And if it's a single-use private key, there's no reason for me not to share the private key once I voted.
You need to have deniability; I need to be able to revoke my ability to prove how I voted, and moreover I need to be required to revoke it (otherwise I can be compelled not to revoke it). Right now, I am unable to leave the voting booth with any receipt of how I voted, even if I wanted to (i.e, even if someone else wanted me to). I can see my vote, and election monitors prevent anyone else from seeing it until it leaves my hands. In most places in the US, I can't even take a cell phone photo of my votes, and that's a good thing because nobody can ask me to take a cell phone photo of my votes.
2. If they're pre-known, anonymous, single-use keys, nothing prevents a corrupt election official from keeping a copy of the key and voting before the voter gets home. The voter has no way to prove that they didn't vote and that someone stole their key.
a solution to 1 would be ring signatures as used by many crypto note base currency. They group unrelated input and outputs to give all the parties involved plausible deniability to who paid what to who. So your vote would be mixed with a group of others so no one can tell exactly who vote for just that the right number of votes were cast.
How true is this? Somebody could just take a picture of their ballot (under the threat of violence presumably). Sure they're not supposed to, but at this point we're relying on legislation - where the legislation could say employers aren't allowed to ask for employees voting wallets. Maybe I'm missing something.
If you mess up your ballot sheet, you can ask for a replacement - at least in the UK. Your original ballot sheet gets recorded specially as having been replaced, and you get a new one which gets counted. The result is that you can discreetly take a photo of your ballot sheet and then go ask for a new one if you're being threatened.
The penalty for taking a picture of your ballot is on you, not the person asking for the picture, and it's at the time the record is created, not when someone asks for it. So, it's perfectly plausible and defensible for me to say "There was a poll monitor, I couldn't take a ballot selfie, sorry." That is much simpler than saying "Hey, 911, my boss just asked me for my ballot proof."
(The other thing is that photos of ballots have only become a serious threat in the last few years, and at the moment there's not really voter coercion through those photos, as far as we know. If it becomes a problem, I expect a bigger crackdown on it.)
What about postal voting? Probably less of a threat because it's not that common I guess. But does it mean there are no countries complying with secret ballot demands?
In the US, at least, we tolerate a fair amount of error. See the WI recount this election, which exposed the totals to be off by over one hundred votes. I'd be willing to bet if you recount again, it'd be off from that total as well. It isn't absolute is my point.
Every election I verify that my precinct is counted correctly. I'm just a regular citizen but I work as a volunteer election official (but you don't need to be that for just checking). There are a lot of people like me. If you don't trust any you can check as well. And everybody can do this – no university-level Math education needed.
To change the outcome of an paper ballot election you need to have thousands of thousands of people on your side and have everybody keep quite.
In Canada, every candidate has the right to appoint representatives to observe the voting and the counting of ballots. Said representatives get a copy of the official counts from the polling places they were observing, and the campaigns check the arithmetic.
Do most people trust the officials? Sure. But any campaign with enough volunteers is able to verify everything.
The process of voting shall be observed by members of opposing parties and members of opposing interests and similarly to the process of counting the votes. Depending on your country you can most likely keep an eye on them yourself. Typically it's citizens who are volunteering to run the elections, everyone with mixed interests. It's enough for one of them to be an outsider and blow the whistle if s/he sees everyone else try something shady together.
It's to an extent possible to mount a local attack with paper ballots but its cost is an effort too great that it doesn't scale. You would basically have to get your own people, or paid people, to swap the ballots while nobody else is watching to get the results you want in one election district.
Because ballots need to be saved for recounting the marks on the ballots also need to be sufficiently distinct so that they don't look like they all come from a photocopier. Again, if there seems to be anything fishy, people can and will organise to redo the election locally, this time with different representatives from the parties.
With digital voting, vulnerabilities and malware and automated attacks scale to all systems involved and theoretically a single entity can rewrite the election results of the whole nation. Worse yet, it may not be evident whether the results are skewed or not as it's just digits in a computer and those can be changed without a trace.
In Germany, every citizen is allowed to control and inspect the counting process, as long as they don't interfere with it (and likely to be deputized to help in the counting by the folks doing it, if they are interested). Assuming you have enough people interested, it'll be very hard to counterfeit (or just sow distrust in) a general election.
Then again, it appears in some countries you can just claim millions of fraudulent votes without any proof without being called out for it.
> > No electronic scheme can do that: anything that runs in software means that the correctness of the system depends on the experts' word only.
> No paper ballot in box scheme can do that: anything that is run by officials means that the correctness of the system depends on the officials' word only.
This comparison is flawed, the entire correctness of a electronic scheme could only be verified by a few experts, whereas in every polling place with a paper ballot, there is a committee, and witnesses of the vote count. Proving the correctness of a paper ballot system such as the one described in [1] is trivial.
Ultimately, the correctness doesn't even depends solely on officials:
In the course of the day, the polling station officials ask voters whether they want to participate in ballot counting as tellers. Voters can also volunteer to do so ; candidates can nominate tellers as well.
Your argument does not account for the widespread deference to closed source electronic voting which already exists, and fails to account for any of the value of open sourcing to assuage the very fear you are identifying as the problem.
I see what you're saying, but would it help if we just make the whole "build" of the election scaffolding and process deterministic? Looking at the architecture, it seems that there's a whole "generation" phase where the election is initialized from certain data. I wonder if this could happen in a Gitian-like [1] environment, that any technical citizen could re-run and verify against some sort of validity hash stored in public [ledger].
The problem is, that the average citizen does not understand what 'deterministic build' means. One aspect of an election is as a ritual to legitimize the government, and this legitimization currently rests on the argument that in principle every voter could verify the election process. (It is a ritual because no average voter does something like that.) So technology will not help, unless you can change the perception of the function of elections.
The beauty of having an open source solution is smart and rational people from across the political spectrum can work together on something that everyone agrees is a 'correct' voting system.
Two or more block chains. Each run by different parties. And a need for the same vote to show up on multiple blockchains to count. The voters would visit multiple websites to cast their votes which would then be verified between the various block chains, potentially by software that anyone can run on their own computer or vps. Every single person does not have to vote on multiple platform. Just enough that you can validate the voting.
Yes and how do you, as a citizen, verify that it's not been tampered with. In the US in the past few elections at least there has been accusations of fraud. And also having this sort of thing makes it possible to do research on the data afterwards... for anyone to do research on the data as it's public. No so with any other system.
If you take the time to enter the voting booth when it opens and verify that the ballot boxes are empty at the start, and stay in the voting booth until it closes, you can verify yourself if everyone put at most one ballot in the ballot box. Later on you can double check if indeed every ballot is counted correctly and can thus conclude that at least your own ballot is counted correctly and exactly once without having to let anyone know what you voted.
> If you take the time to enter the voting booth when it opens and verify that the ballot boxes are empty at the start, and stay in the voting booth until it closes
Too late to edit my own post but please s/voting booth/polling station/ in the parent. Of course every voter should have absolute privacy in the voting booth in order to rule out coercion, but the ballot storage in the polling station should be publicly verifiable.
> nice. election day isn't even a holiday in america.
First of all, there are fifty elections in the US (not counting territories like Puerto Rico and Guam). Each state runs its own elections separately and can decide on their procedures.
Secondly, some jurisidctions already experimented with making election days a holiday. Aside from the fact that this only affects government employees (private businesses set their work schedules at their discretion, just as they do for other holidays), this ended up decreasing turnout, because people ended up taking the previous day off, treating it as an extra-long weekend for travel or vacation.
Third, this is a moot point when most states (34/50) offer early voting, and three more vote by mail, making "election day" rather arbitrary. It's really the last date on which someone can cast their vote. Those states also include three of the four largest states, meaning that the vast majority of people in the US have the option to vote well ahead of election day.
(For the record, the states which have neither early voting nor no-excuse absentee voting are Alabama, Connecticut, Mississippi, Kentucky, Virginia, Missouri, Michigan, Pennsylvania, South Carolina, Rhode Island, New Hampshire, and New York)
Usually because there's a fine line between "poll watching" and "poll intimidation" and people generally aren't quite civilized, thoughtful, or well-mannered enough to stay on the good side.
That includes "shouting racial slurs" in your first link.
* Each voter signs off his name on the registered voter list before dropping it into the ballot box. If you want to do multiple votes, it's going to be harder. Anyone can come and watch those.
* Unboxing the ballot is done in public, anyone can come and watch those.
* Counting the votes is public and anyone can come and watch.
Voting on paper is dead simple, has withstood centuries of attacks, counting scales insanely well while attacks don't scale and it just takes one person to notice it and your whole plan goes south.
Whereas electronic voting requires trusting black boxes, more black boxes, and understanding asymmetric cryptography.
First of all, limit the risks. Do runoff elections and split electoral votes in all states (or just don't have per-state elections it makes almost no difference). The risks now is that a 1% error can sway 100% of the votes in 5 states. It's just an unbelievably broken constitution.
If that's "too hard to fix" then there must be at least a fraction of people who don't think this is broken.
In all US states you can sign up to inspect the election, including collection and counting. There are not many requirements other than registration, in California at least. IIUC, in many states, the ballots themselves become publicly inspect able after a certain period of time
How anonymous is your vote in the blockchain(s)? And how can you still verify the vote is counted correctly and exactly once while lacking hard proof to others about what you voted?
This paper shows you know to achieve exactly that. You can vote anonymously and receive a proof that your vote was counted correctly, without ever telling anyone what that vote was. To prove that your vote was miscounted, I believe you do need to reveal who you voted for, but you can prove to the world that there was fraud.
This paper solves one of the major problems with blockchain based voting, but there are many more. I don't endorse blockchain voting.
Perhaps all voting should be public. All voting 100% public. 0% funding from any source other than individual citizens. And even that should be heavily capped. So each individual citizen over 18 can give say $100 dollars and that's it.
Knowing what one voted opens the door for coercion. Think of family members wanting you to vote a certain way. If you vote anonymously you can never prove to them what you voted, which protects the voter from any social, religious or other external pressure one might feel.
So I guess ballots should be anonymous. So how to do that with a blockchain. Well simply by assigning some random number or hash to the voters that no one else knows.
Selling votes is not a problem. Secretly selling votes is the problem.
Perhaps it would be better to turn the vote-selling market into a publicly verifiable open market?
If I say that it would cost a buyer $10k more for me to vote yes than the highest open bid for me to vote no, that is a strong quantifiable indication of the magnitude of my opposition. I'm sure the vote-pricing data would be a gold mine for statisticians.
Of course, this would make the plutocratic oligarchy operate out in the open, officially, rather than behind the scenes with lobbying, campaign contributions, and speaking fees. Some people might find that objectionable: both those who do not want a plutocracy and those who do not want their money influence on politics to be openly known.
No, even public vote-selling is a problem, because it muddles incentives. No one should have to vote against their best interests in the long term for short-term financial gain. This leads to exploitative behavior of vulnerable population groups.
If you can not possibly reveal your vote (like with the ballot box) you can not sell your vote.
If I say you can forget the $10k for your vote and accept that you either vote for my preferred candidate or you're fired/beaten, suddenly the secret ballot starts looking like a good idea again.
And that's even before we conclude the preferred candidate of the plutocratic oligraphy would actually be massively aided by being able efficiently purchase the votes of the indifferent rather than having to inefficiently purchase airtime to convince people their candidate actually has merit.
(And of course they'll still be able to continue to organise their vote-buying operations through shadowy umbrella organizations to the extent they can be bothered to disguise who they want to win)
Selling votes is obviously a problem, but more practically, is it even possible to make something possible to sell publicly, but impossible to sell secretly?
Upvoted, not because I agree, but because if we adopt electronic (mediate) systems, full transparency is the only way to at least mitigate the disaster.
No, in your proposed case, a single blockchain would be better than many. If one party controls the whole blockchain, it's "easy" to forge data in it [1]. On the other hand, distrust between involved parties makes it hard to forge and deny actions on a single blockchain (though it'd still be possible with a 2-party system). Btw, I wonder how and why people want to implement blockchain for use in government or banks - since they are big monoliths, 51% attack is a real possibility.
Why involve a blockchain when there's no coordination problem? The only benefit of a blockchain over a log is that multiple, uncoordinated parties can agree on an order of events, but order doesn't matter here.
While I appreciate the effort of putting it open-source, and even more to do it on GitHub, I hope they will hire someone who knows how to use Git/GitHub, like using tags for versioning instead of repository name [0], or using meaningful commit messages [1].
For the future let's see how they will manage external contributions. Opening the code for transparency is a good point (even if this still doesn't ensure you that the same version of the code is running in production on trusted hardware), but doing this on GitHub will certainly bring some contributions. Will they refuse everything? Or accept external contributions? Will they use GitHub as the central development process? If not how are they going to handle the development in intern in regards with external contributions? Also are they going to do all commits with this dedicated state-account? Who will be part and what would be the process for reviewing and accepting external contributions, to be sure they are not adding backdors purposely desguised as mistakes? Having a state starting to work on open-sourcing such a sensitive software in Switzerland opens a wide range of interesting questions. Maybe, and probably, this has already been discussed in other countries or even other part of Switzerland, but in the state of Valais (Switzerland) this is at least not the case.
It's not the first project under state control in Switzerland that is on GitHub. I'm also aware of geo-admin [2] who have their sources there. As far as I saw, they are handling GitHub much more professionally.
For me, they haven't fixed the problem GUN.FREE highlighted when they decided to shut down (https://www.gnu.org/software/free/), but they have highlighted the risks and made them harder to exploit.
I need to sit down and think about attack vectors properly, as the process is quite convoluted, but it seems to me there are multiple opportunities for key personnel to change votes and to identify whom voted for each outcome - the scope is limited, and within a very small step due to ballot shuffling, but it definitely is there on a first read-through.
You would be doing a service to interested laypeople by writing down and sharing your thoughts on this. Experts often forget that things that are very obvious to them can be very enlightening to others.
Election is a singleton so they keep reinstantiating it every time they want to use it instead of just doing
> election = Election()
at the module level and having a more idiomatic singleton (module variable are singletons). But a singleton design probably isn't the best approach.
The singleton example isn't that bad of code since it assumes that one server will run one election which is a valid assumption, but reading through this code makes me weary about e-voting. I think this proves that OpenSource doesn't always mean good code. There is little incentive for people outside of Estonia to contribute to the project.
I have been very interested in Open Voting Systems for quite some time now and have been following Open Voting Consortium, Alan Dechert and more for many years now. It is a problem that I think could have better solutions. There are many good ideas out there for this, and many include paper and open source software.
I have compiled a list of reading materials here for those who are interested.
Furthermore how does your average voter verify that the code itself is secure? How are your grandparents going to validate the crypto? How can your illiterate cousin ensure the hardware isn't backdoored?
I just don't get the draw of an electronic voting system.
Paper works, and it works well. Anyone that can count can validate a single precinct. You can have one person, or 100 people all standing there watching a ballot box all day for tampering. You can have a whole group of people count the results, or just a few.
In a traditional paper system, swaying a single precinct with "blackhat" methods takes a lot of physical resources, a lot of time, and in most cases a lot of people. Then multiply that by every precinct in the country, and it quickly becomes pretty much impossible to do (and get away with).
I've said it before, and i'll say it again. Electronic voting is dangerous and is a very bad idea. And it doesn't matter if it's FOSS, it doesn't matter if it's vetted, it doesn't matter what safeguards are put in place, all it takes is one mistake. One fuckup, and someone can now choose the leader of a nation.
And replacing a system where literally everyone can validate a system on voting day if they want to with a system where only a fraction of a fraction of people can even read and understand the code, let alone validate the code (and can't actually validate the hardware, or make sure what is running on the hardware is actually that code), and it takes a magnitude more time to do so, just isn't a good idea.
> I just don't get the draw of an electronic voting system.
Make elections cheap. For those that wish to experiment with majority rules a reliable system would allow the people to technically be able to vote in their government on a daily, weekly, monthly basis.
So further to this if elections are easy to run and are cheap what does it matter if someone breaks one election? You can just run the next one fine. It changes the variables somewhat and requires a sustained and persistent threat to be engaged to subvert the democracy. Combined with a team that investigate irregularities you can create a vaguely stable system, especially if you consider ideas such as binding authentication to geography instead of identity making it more difficult to stuff ballot boxes as teams can easily verify how many votes should be possible from a specific gps co-ordinate.
I'm not saying its a great idea, its probably awful but it opens up an option to society that previously hasn't been available and that's interesting.
The problem is so many government decisions can't be rolled back, like military, treaty, supreme court appointments, some environmental regulations... You'd have to change everything else and every other country first to tolerate a "by bad, we're gonna redo" attitude and then implement "my bad, redo".
An interesting simpler direct majority rule scheme is to halt elections completely and use jury selection techniques to select decision makers. What we'd lose in expertise we'd more than gain in the lack of sociopaths and psychopaths. A government completely of jury duty/draft would be far more effective than the one we have, which is probably why no one in power wants it.
>What we'd lose in expertise we'd more than gain in the lack of sociopaths and psychopaths.
I think far more likely these people would mostly just end up taking advice from whichever experts are left further down the hierarchies, who would then effectively run the country.
OK, I'm not saying no, but you'd need to explain how that's different than the current situation other than the top leadership would be less crazy and less corrupt on average. Or aside from being different, how would having better leadership make the situation actively worse.
Surely you can't be implying we have subject matter experts running the country now. Or that the subject matter experts we do have from law and show business who are in charge now are only in charge of their areas of expertise specifically law or show business? I'm just saying there's nothing wrong with having congress leading the American Bar Association, its just that having lawyers in charge of, say, nuclear power plants, is about as dumb as having plumbers in charge of source code.
So, using the US Federal government as an example, the sociopaths would need to convince 600-ish random people to do what they want on a continuous basis. Currently, the sociopaths need to convince ~100M random people to do what they want once every two years. The former might be superior, but it's not obviously so.
Well, many things are decided by elected comitees, but referendum are required to change the constitution (we're ok with it changing, it's not seen as an untouchable artifact here).
Citizens can also decide to submit things to referendum, and that has absolute decision power. To do so you need to gather a set number of signatures depending on the level of the decision (communal, state-wide or federal). This is very often used by political parties as a "weapon" to counter their opponent's decisions - they organise signature gatherings, and if they reach their goal the people gets to have the final word on the topic at hand.
Of course, anyone can submit a referendum on anything, as long as you gather the required number of signatures. You don't need to be elected or in a party or anything like that.
The system does lead to some ridiculous things being put up for nation-wide discussion, but that is usually seen as the cost of living in a direct democracy. I can think it's stupid, but it's your right to bring it to my attention if you consider it important (a bit like freedom of speech and the old "I'll fight your your right to say it even though I disagree").
EDIT: doh' I did repeat the "referenda" mistake here :/ Edited out.
I wouldn't want to live in a world where people's imaginations were bound by their current reality. I don't make this argument as a "right", its a what if. AND if they're cheap you can run em all the time, that's interesting isn't it?
No, I think being able to run more elections is dangerous, because there are a lot of reasons republicanism works better than direct democracy at scale, but people are self-entitled idiots and will want to weigh in on things they have no idea about or useful input on because they're important.
You seem to suggest that the complement of "direct democracy" is "republicanism", rather than "representative democracy". "Republicanism" is the opposite of "Monarchism", and it is possible for a republic to be a direct or representative democracy (or anti-democratic).
You're not one of those people who think "America isn't a democracy, it's a constitutional republic" are you? I see that meme expressed online a lot, and it's really unnerving that people believe that.
Also, might I infer that your support of "republicanism" over "democracy" is because you support the Republican party in the US and have been taught to fear and loath anything which starts with the string "Democra"?
Republic: a form of government where elected officials exercise power on behalf of the public.
I would argue that kind of by definition, a republic is a representative democracy, though it's possible there are representative democratic governments that aren't republics.
The US is a republic, which is a form of representative democracy -- much like Im a mammal and a eukaryote.
The end of your comment of course is just a non-sense ad hominem. I don't support the Republican party, but your need to other and slander people you don't agree with is troubling.
And yes, people are self-entitled idiots. You, me, everyone else. That's why, even with it as our full time job, a support staff, and the genuine motivation to make a difference, we couldn't keep up with the actual complexity of every vote. Expecting the average person to do what a professional with staff can't is ludicrous!
Now, there are lots of ways we could use technology to better harness the public for decision making, but having them vote on everything would just be a disaster.
Thank you for your clarification and I apologise if I over-reacted. It felt like you were excluding yourself from the "self-entitled idiots" designation, which would itself be an attempt to "other and slander people". For what it's worth, I think you are under-estimating yourself if you describe yourself as simply a self-entitled idiot, but certainly we all have a bit of that in us.
My point, though poorly worded, was that very intelligent people with a lot of dedication routinely fail while working as senators and representatives because the job is legitimately complicated and hard.
We feel that we'd do good at it because most of us honestly have no idea what's actually required to work in that environment. I don't imagine that I, as an amateur with a job and social life, would really be more informed than the people in Congress. I don't think most of us would be.
So the solutions to the problem need to address how to combine our effort and expertise, rather than asking us all to be experts. (If that makes sense....)
I think there's a lot of promise in, say, using ML and public repos (eg, github) to let us collectively scan, annotate, and suggest edits for legislation.
Why isn't Congress just the maintainers of the authoratative repo that anyone can make a PR to? That seems much more useful than having a vote about everything -- let's argue about it, lay out our best cases as the PRs merge up the hierarchy, and let the Congress people argue out the final merge of a dozen proposal PRs? I mean, that's basically what they do, but it's weirdly pay-to-play, and it seems much more democratic to, ya know, let the public in on it.
Yes there are theoretical justifications for a republic over a democracy. But in modern practice, do you believe that the average person is more of a "self-entitled idiot" than the corporate lobbyists writing our laws?
Not self-entitled part, but the idiot (on a particular topic) part. I think lobbyists could sell the public on things they could never sell senators on.
Now lobbying is a problem, but the solution should be in our picking and regulatory mechanisms, not in letting them lobby the public directly.
There are many forms of democracy and to act as if we've got it all figured out today and have the best system is potentially another form of being self-entitled and silly. Our system very much "sucks least".
We have plenty of evidence that governing by asking a large, diverse population over and over about local issues just leads to exactly the sort of tragedy-of-the-commons that government is meant to reign in.
Having too many votes simply doesnt work, because the voters can't put in the required effort per vote to decide on a prudent course of action.
The only reason to switch off paper ballots is of you're running so many elections you're just influence laundering by pretending to be democratic when you're not.
Paper works, and it works well. Anyone that can count can validate a single precinct
Add to that there's not really a need to speed up deployment of the results for elections and referendums in Switzerland.
Except for the "house of representatives" (Nationalrat) where it can take a tad longer due to the complexities of the vote, results are usually in at voting day before 6pm (Voting closes at noon).
I'm also deeply reluctant to accept the necessities of electronic voting. Given all parameters it's a really hard (if not impossible) problem to crack.
How do you know the ballot box you put your vote into is being taken to be counted and recorded, and not simply destroyed and another ballot box introduced?
There is always going to be a weak point where you have to trust somebody - this is why party members should not be involved in every step from setting constituency borders, all the way to being in charge of any balloting and reporting results. It needs to be independent (e.g. in the UK it is fiercely independent of party members' involvement at any level).
The interesting attack vector here is your ISP could trick you. That can be mitigated with certificates and some of the measures banks use to identify themselves to customers (strings that you added at registration being displayed at login that only you know, etc.)
>How do you know the ballot box you put your vote into is being taken to be counted and recorded, and not simply destroyed and another ballot box introduced?
You can watch it.
With a "ballot box" system, you could get there, put your vote in the box, then sit there and watch it all day until it's counted. Hell if you want you could get there and inspect the box before they start voting.
And it's not just you that can do that, everyone can do that regardless of profession, age, race, background, education, etc...
To clarify on top of Klathmon's point: this actually happens in Switzerland, it's not just a theoretical argument.
Actually, the government is required to have some people watching the counting (specific rules vary on a per-canton basis). Some states select random citizens for that (similar to jury duty in the US - you get fined if you don't show up, but get paid for your time). Other states have a pool of people they choose from randomly (you volunteer for the pool).
EDIT: Furthermore, Swiss people vote in their community. It's not like you need to go out of your way to watch the counting - it happens in your town hall or (sometimes) the school. It always happens on Sundays (which is a required day off in Switzerland except in some rare cases).
If you don't mind me asking, how does Switzerland handle those which are required to work on election days?
That's one of the ugliest parts of the US election system to me, is the fact that many people need to fit the election around their work schedule, and I know of at least 3 people that couldn't get time to vote this year, and my state makes it so you basically need to be actively deployed in the military, or be hospitalized to get an absentee ballot.
Like I added in my edit, there is almost no such case: Sundays are a mandatory day off for most. That means you can't go shopping on a Sunday, except in very few shops (train station shops have exceptions). Doctors, pharmacies and most other emergency things operate on a reduced schedule.
I'm not certain what would happen if say a nurse working a shift in an ICU was selected. I'm pretty sure it's either announced early enough that the hospital would have to switch shiftees or they would be given a pass for free. I suspect a person working in a train station shop on a Sunday would tell their boss, and would simply be shifted to another time (it's not like the boss or the employee can do anything about it - it's law).
EDIT: to clarify once again - I'm pretty sure it does happen, but the case is probably rare enough for it not to matter too much. The rule works for a good 90% of cases, exceptions can certainly be done on a case-by-case basis at community level.
In Spain, where the system is similar to what you described (staff for the day is chosen at random from all citizens in that voting district, and similar to jury duty), some professionals (doctors, nurses, air controllers, etc.) can decline the request if they will be on watch, and there are assigned replacements for them.
A non-critical worker cannot refuse but:
a) Chosen citizens are paid, even if not much (60€ I think).
b) Chosen citizens have the following Monday morning free, should they need to travel back to their job site, etc.
c) Chosen citizens have strong legal protections should their boss try anything.
In practice, when an employee is chosen for election duty the boss just deals with it as best as they can, since it's a case where judges and police are super strict: messing with election duty will get you heavy fines and/or jail time. So no-one is going to fire you or retaliate if you are assigned election duty.
In all the German elections I participated the only people watching (apart from the regular citizens that are appointed official poll workers) were the few people showing their children how voting works - and they leave after a few minutes because let's be honest, counting ballots is rather boring. It would be nice if a few more people were watching the process.
So is pulling down a lever and watching spinning wheels. Permit placing bets on the outcome. Turn it into entertainment. That always works. And if money is involved, people will triple check. [oh the Humanity. I forget now if this comment started as an /s.]
To add to your point, also with ballot system it's very hard to change results. You can by a few votes, though it's a drop in the water compared how much you can buy and how many vote. If you want to change the outcome of the vote - you need to have a lot of resources (look at Crimea's occupation by Russia). Where's with e-voting, there could be few north koreans who would be able to compromise e-voting system in the country, which is on the other side of the world, just for the kicks.
I suppose that I could, in theory, watch it. It's a physical ballot, so we could do that. But does anyone actually do this? And more importantly, are all the votes watched?
It's completely impractical to try to watch millions of physical ballots. Or to even simply count to a million without making a mistake.
But if the voting was done (correctly, securely) in software, each person could independently audit the complete results. And to be clear, it's the overall election being audited that's important, not my vote in particular.
Perhaps it would be more difficult to understand the algorithm and code than following a physical ballot, but not a million times more difficult.
paper voting is so great because it scales so well.
There is no one person counting millions of votes. There are people counting hundreds or even thousands of votes in every precinct. Then from there they are publicly announced, and then anyone and everyone can tally up the totals.
The more people that vote, the more precincts there are, so the amount that any one person or place is responsable for (even only partially) is kept small so that mistakes or "bad actors" can only do a very small amount of damage on their own.
And if you read down in this submission a bit, people are pointing out that some countries (namely Switzerland) not only encourage people to watch ballot boxes and count along, but actually "draft" people to do it similar to a jury-duty kind of thing in the US.
Also I think you are severely underestimating the difficulty of auditing code. For starters, it completely removes the ability for the vast majority of the population to audit even if they wanted to. non-programmers can't read programming. Not to mention the illiterate, the elderly, and anyone else that doesn't have the knowledge to be able to read and follow a programming language.
Then there's the amount of time it takes. Watching a ballot box takes the duration of the election day. A day at most. Auditing every inch of a codebase? Months, years, even longer. You can point out that not everyone has to review every single line, but then you are back to letting a fraction of a percent of the population validate the code (and in a ballot box system, you can have everyone validate the process, adding magnitudes more redundancy that something shady will be caught). And what percentage of programmers do you think have a good enough grasp on cryptographic protocols and voting systems to be able to correctly and securely vet a system like this? I'd be willing to bet good money there are less than a thousand of them in the united states, and by sheer (un)luck at least one of them will be a "bad actor".
But probably the biggest thing is that to sway a "paper and pencil" election, you need materials, you need a LOT of people, and all it takes is one person to see what's going on and it all collapses. If you're really clever, you might be able to get away with changing the outcome of a single precinct, but what about the rest of the county? the state? the nation? In 2012 there were 2712 voting precincts in virginia alone. Orchestrating a system where you can put a person at a majority of them that will do something nefarious to sway the election means you are looking at 1000 people spread across a not-insignificant amount of land. And that's just for one state.
With an electronic voting system, one bug is all it takes. One vulnerability, one crypto flaw, one guy somewhere that can put the backdoor in the manufacturing of the CPUs for the vote counters. A single person can (if the are very smart and lucky) completely change the outcome of the election. And they might get caught, but the chances are much smaller than if it required thousands of people at the least to do so.
Every state does things a little differently, but where I live paper ballots enter an optical scanner and every dozens/hundreds of ballots a subtotal is printed on a continuous stored piece of cash-register like tape. The presumably neutral election volunteers and the opposing party observers are fascinated by that tape every time it prints something. I don't know if there's a law or mere gentleman's agreement to not report results until after the polls close, but something is being periodically reported.
The subtotal tape cries out to have a block chain added to make it impossible to rewrite history. Once the five neighboring precincts hash and sign my precincts results it would be very difficult to later fake historical results.
There is of course the false assumption that everyone involved in elections wants a fair election, in which case systems will be constrained to make a fair election impossible, with technologies such as e-voting or obscure registration procedures or strange voting laws in general. But its very easy to run a fair election if the people running it want it that way. If. The sheer amount of problems indicate a very large number of people actively discourage democracy in practice.
In the USA it is common for election work to be run or observed by pairs of majority-party workers: one Democrat and one Republican. So there are multiple pairs of eyes watching the boxes by people of different parties.
This doesn't make funny business impossible but does make it both unlikely and difficult to tamper with on a large scale.
When I did poll watching (for knocking up supporters) for Labour a while back we where not allowed in the building and you could not have anything with the candidates name on within 50 or 100 yards - plain rosettes where ok.
this is on a similar level of trust as the question about whether your paper vote is actually counted by some volunteer or just scraped.
But I agree, that e-voting systems require a high level of trust by the users but I would argue that it is comparable to the trust you need in letter voting. The main difference in my view is the authority is typically split between fewer people with an e-voting system giving a single person more potential influence when they abuse their power. (e.g. a single server admin can deploy a malicious version of the system rather than a person only having access to maybe a few thousand ballots)
Speaking of trust, your comments are interesting and over the decades I've been struck by the symmetry and asymmetry between evoting systems and our heavily automated financial system. There is enormous financial reward to corrupt an e-voting system and enormous financial reward to provide a trustworthy secure financial system. No great surprise which system works and which system will never work.
The solution seems simple at first glance; scrap the entire voting system, scrap the entire fundraising system, and whichever candidate receives more individual $1 donations via check or money order wins. You can vote a dollar to as many candidates as you want but your federal tax return for that year is only getting a single $1 election credit. You could require the candidates to declare to the IRS each $1 contributor which makes election fraud also a form of income tax fraud.
Certainly, our financial marketplaces and clearinghouses at their absolute worst are more trustworthy and reliable than our evoting systems at their absolute best. And the additional infrastructure to transfer a hundred million bucks every four years is utterly trivial (well, more often due to primaries and midterm elections, but its still a drop in the bucket ...)
The anonymity emperor has no clothes, anyway. Thanks to the miracle of modern technology everyone who matters already knows exactly who you voted for and your complete financial life, you're just plausibly deniable on an individual basis against some non-state opfor some of the time. May as well face reality and make all votes part of the public financial record. Sure, it sucks. But better to face a reality you don't like, than to live in a fantasy world of completely broken anonymity. Living a lie means you'll slip up and the consequences of the slip up are likely worse than the lack of anonymity itself.
> this is on a similar level of trust as the question about whether your paper vote is actually counted by some volunteer or just scraped.
No, if you don't trust that your paper vote is actually counted you could stay in the election hall all day, watch the counting, check the when the results are transmitted. You don't have any comparable option with e-voting.
"But how do you verify that the compiler produces the code you wanted it to create?"
You open it in disassembler and look through. It's a white box.
"But how do you verify that the Computer actually does what is in the Bytecode?"
It is much closer to the original question. hardware backdoors is a difficult topic
I'm guilty of it as well. Despite English being my primary language for the last 10 years, whenever I read my previous comments I catch glaring mistakes.
These fix all, cure all novel voting systems are like recurring announcements of perpetual motion. Catnip for nerds.
Please, study how election administration (in the USA) works to better assess these new technologies, techniques, systems.
TLDR: Electronic (mediated) voting schemes cannot guarantee both the secret ballot and public count. Tech which may do one, or perhaps even both, hasn't even been conceived, must less invented.
You have a seperate blockchain that is used to verify a citizen. You can put many things there (marriage status, SSN..not needed anymore with this, any other info), which would include a voting key. The voting blockchain would check the citizen ID blockchain, to verify that citizen and all ensure the same voting key would not be used twice and that the citizen has proper status (like...is the person alive...legal...not a current felon, etc.)
Theoretically, we have figured out the entire thing pretty damn well, we just need someone to try it ;)
Also, explaining blockchain to the general population and "assuring" them will be the hardest part. People will revolt and think it's rigged and have no understanding of how it works. Even politicians are clueless...so, yeah, not sure how far off we are on this hah.
>You have a seperate blockchain that is used to verify a citizen. You can put many things there (marriage status, SSN..not needed anymore with this, any other info), which would include a voting key. The voting blockchain would check the citizen ID blockchain, to verify that citizen and all ensure the same voting key would not be used twice and that the citizen has proper status (like...is the person alive...legal...not a current felon, etc.)
So how is the citizen ID blockchain linked with the voting blockchain?
I would question the requirement that government not have a record of who voted for who. Furthermore, I believe there are mathematical methods for being able to validate that someone voted, but not for whom they voted.
A successful challenge to the results of an election will most likely end up in a civil war. In other words, whoever is officially announced as winner will remain so, even if proof of fraud is found; accepting fraud would question the capabilities/transparency/independene of the electoral authorities. This situation is aggravated by electronic voting, not because of the possibilities of hacking the system, but because the results come to damn fast: victims of fraud do not have a chance to react. While they are barely starting the legal paper work to ask for a recount, the winner is already giving his/her triumphant speech!
Just this year the presidential elections in Austria were repeated because of formal mistakes during counting of the ballots - proven fraud wasn't even the reason. When I was there recently it looked nothing like a war zone.
Civil war? Last time America had a civil war was 150 years ago, and not due to election fraud. Who exactly in today's America do you see potentially engaging themselves in civil war? Most young people - those that would usually be recruited as soldiers - are busy studying, working (debt off). There is no generation of idle, dead poor or undereducated youngsters to pick soldiers from. Many of the young people are really out of shape and have lived comfortable indoor lives. Most importantly they have better options than to fight a war. In what scenario would more than a few thousand crazy people take to arms because, for example Trump was caught in election fraud and impeached? I just cannot imagine that happening.
America is the USA. Mexico is Mexico, the United States of Mexico to be exact. If you're thinking of the continent North America and South America, that's a different thing. Besides, America is a common name for the USA. You don't call Peruvians "Americans." But you do call the United States nationality "American."
North America isn't "the north part of America" -- the continent is named "North America."
So the nationality is American but citizens of the continent are North American or South American respectively.
The people's of North and South Americans aren't collectively known as "Americans." In French americain refers to "one who is from the United States." It's the same in multiple languages. Even Spanish refers to people from the US as americanos.
This is a subtle thing and in the grand scheme really makes no difference unless someone feels so strongly about it that they want to change multiple languages.
The American Embassy is not referred to anywhere (in English) as The United States Embassy --
edit: actually "US Embassy" is common, sorry for the misstatement. However American Embassy is very commonly used by diplomatic personnel and in general conversation.
--
I don't understand why a certain subset of people, generally from South and Central America have such an obsession with this. Canadians never refer to themselves as Americans. In fact, many would resent such a thing.
Basically, USA is a country without name. Every federalist country from America is an united states of America. South America, Central America and North America are subcontinents. The continent is called America.
Never, not once in writing or in speaking heard it referenced this way. American by itself references the USA, North or South America references the regions.
From en.Wikipedia: "North America is a continent entirely within the Northern Hemisphere and almost all within the Western Hemisphere. It can also be considered a northern subcontinent of the Americas."
In most countries (including Brazil), we are taught that America is a single continent and North, Central and South Americas are subcontinents (classical view).[1]
Now I see that people from USA are taught that North America is a single continent, and the reason seems obvious now.
https://www.quora.com/Are-people-taught-that-the-Americas-No...
The Americas is the name of the entire continent. For example, you cannot say "I'm going to America" to mean you're going to north or South America but you can say "I'm going to the Americas". This is similar to how you can say "I'm going to the Philippines" but you cannot say "I'm going to phillipines"
it seems to me that north and south america (setting aside central for a moment) are as much of "a whole continent" as what you might call "afro-eurasia".
we're talking entirely different tectonic plates - plates that don't even touch. plates that will eventually shift such that you there will be no possible land travel, and a widening gulf (admittedly in the distant future). not to mention different cultures, hemispheres, etc.
You have quite a cynical view. In Switzerland, people usually elect a group of people at the same time to a cantonal executive (i.e. a group of ministers from different parties who have too choose the president among themselves). If one of them refuses to step down in case of a clear fraud, the others will force him/her to do so because it is in their interest of being seen as legimately elected. Also, it is unlikely that they conspire as they stem from different parties. Even the national government consists of ministers from four different parties.
2012 a vote about taxing cars has been repeated in the Canton of Bern, because there was an official complaint which couldn't be resolved because some communes already discarded the ballots making a recounting impossible.
The voting system of India has been heavily criticized by Hackers. People from the German CCC have gone there showed how easy these systems are to exploit. Indian authorities have reacted pretty hostile of course.
Nobody says you can not run electronic voting, its just hard to do it securely. India does not do it securely.
i know that - but it is guarded by actual physical security. The election commission of india is unanswerable to anyone - including the judiciary or the legislature.. and does its job brilliantly.
Which is why I was asking the question on comparison. Because I'm not able to figure out if it is yet-another-voting-system... or something this is peer reviewed and secure.
I would like to say I think e-voting is a very good thing and could be transformative to society, given the political will. We have a very weak form of democracy in which we elect representatives and then entrust them to make decisions for us (yes I know we can lobby and petition govt). However this could allow a form of government where the population actually ratifies decisions made by government - a direct form of democracy.
You specifically used the word "ratify" which could be very important. The other commenters are assuming you mean voting on individual policy issues. A more generic weekly vote of confidence or no confidence in the government in general is somewhat more practical, although only somewhat.
The problem with a weekly vote of confidence is you're just going to motivate massive chronological engineering such as doing everything unpopular the same week and taking the lumps and hoping no one notices, or playing mixing games that have nothing to do with good governance to ram something unpopular thru the same week something happy happens (or possibly refusing to do something popular until a stockpile of equal and opposite unhappiness accumulates).
Its not bad that both good and bad things happen simultaneously, its bad that they have to be stockpiled and delayed until they match up for weekly election reasons.
I can only imagine how awful this would work for situation where the government is sort of expected to lie for awhile, longer than a week anyway. Foreign diplomacy, military action, negotiations of all kinds, sometimes faking people out for more than a week is necessary to achieve victory in the longer term (like on a scale of months years decades centuries)
Another problem with weekly confidence votes is what happens if the government gets tossed out three times in a month, as could happen if the electorate are generally pissed off. You can't really form a government and operate and judge its operation in a mere week.
Now maybe an annual confidence vote is achievable. Maybe. Or maybe one weekly no confidence vote means little more than internal "WTF are we doing" conversations, but more than 7 no confidence in a 13 week quarter means they all resign, something like that.
This seems like a bad idea. You are assuming you have an informed electorate and that is rarely the case. Not saying what is in place is the best right now, but what you are suggesting seems far worse.
In other words people are too ignorant to know what's good for them and we must trust our smart government officials to make decisions for us. A typical line of anti-democratic ideology.
No. It is not likely the average person will have time to go through all the nuances of a bill to properly evaluate it and make an informed decision. You are obviously passionate about the big name issues but there are hundreds, if not thousands, of boring bills and policy adjustments that the common person is not going to research to make an informed decision. Direct democracy has been tried and it largely failed.
It hasn't been tried! Not to my knowledge. And the closest approximations have been quite good successes too. For example the Swiss system, in Liby under Gadaffi there was a system where every law had to be ratified by the population. Apparently it was very successful. Lastly the system of workers councils and anarchist rule in revolutionary Spain was very successful.
Not everybody thinks that a direct democracy is better. I for one don't have the time or the expertise to make informed decisions about all the issues my representatives handle.
Neither do the representatives, honestly. They are elected to two-year terms so they spend half their time in office campaigning, and there are no particular qualifications or expertise required to run.
Still, I would not trust an electronic system unless it printed a paper receipt behind a glass window, and dropped it into a box when I hit the submit button.
Why build an open source voting system, why not go all the way and build an open source election system? That way no one can complain about voting or not voting. Assuming you could find a bunch of people eligible who are willing to do the work, building some kind of AI system would at least eliminate the hassle, though I imagine not the complaining.
For electing state officials, no. A voting scheme needs to be designed for the worst possible circumstances which practically means a bordering civil war, and where trust between voters is zero at best. Voting allows revolution to take place peacefully.
Therefore the method of voting needs to be understood, carried over, and be verifiable by the common (wo)man. No electronic scheme can do that: anything that runs in software means that the correctness of the system depends on the experts' word only, and that word is likely to mean nothing when half the population is already collecting arms.