Physical collection is risky, but we can mitigate the risks.
I can't speak to the US system, but here in New Zealand every political party is entitled to appoint scrutineers to each polling place. They cannot speak or interact with anyone but they watch the whole process from checking voter entitlement, through transporting the ballots and then counting.
The idea is each party distrusts the others so won't let them get away with rigging the ballot. Mutual distrust produces a trustworthy outcome.
Election administration is by state in the US. To my knowledge, every US state except for West Virginia allows some form of "observer" or "challenger" (or sometimes both with different purposes), often appointed by either political parties or candidates. It's a bit of a patchwork from state to state, but yes, in general, there is a system of interested persons observing the polling place.
(In this state, observers and challengers are different, with challengers specifically serving the purpose of challenging individuals that may not actually be qualified to vote. Since the pollbooks are electronic today challengers are rarely seen, they were generally only able to challenge clerical errors that are no longer seen with computer pollbooks)
Electronic votes can be checked statistically after-the-fact through audits, but that's about it.
It's mind-boggling we don't do that already -- most voting districts would need only a few random ballots, and you can gradually increase your sample size and check again before needing to trigger a full recount.
This seems overly simplistic. Both have ridiculously tough to harden attack vectors.
In physical, it isn't enough to protect where the votes are done. They have to be transported back and ultimately counted somewhere. At any point in that process, they are vulnerable. No?
>In physical, it isn't enough to protect where the votes are done. They have to be transported back and ultimately counted somewhere.
No, they don't. At least in my country they are counted in place.
All the observers sit next to the ballot for the whole process, and when the voting ends, the box is opened and the votes are counted. The observers being several people appointed at random (like a jury) to check vote credentials and count the votes at the end + appointed representatives from each party present.
Everything is recorded on paper, the votes are stamped and kept, and the tally is then reported for that voting district.
Even if the people appointed at random wanted to tamper, they'd have to work all together + get the party representatives to agree with it, because it all happens in the open, ("reading vote #N, says party X, do we agree it says party X? (shows the vote around) registering vote #N for party X (people look as the vote is recorded, two people sign next to the vote's registration)).
Usually after the ballots are closed (election ends), it takes 5-10 hours for those people to count all the votes for a district. Then the number is announced. All country districts are announced publicly, so any individual party representative or "jury" member of any district can challenge if the numbers announced (and used for the final country-wide tally) are not accurate.
They are not allowed to leave the room, and there's also a policeman present outside.
I've been an "Election Judge" twice in Chicago. I administered my polling location twice. After voting ends, we physically collect the votes and transport them by our own vehicles to a polling location to be counted.
Which proves that "votes have to be transported to be counted" is not some inevitable byproduct of the paper-voting process as the parent made it sound like.
So, how many agents are we talking about here? How are they counted at the location you too them to? Two easy targets to identify.
I'm not claiming they are impossible to harden. Just not as easy as people are claiming. And super expensive. Such that if you were truly intent to defrauds place, you would focus on poor sections first.
And our best method of defense is probably our extensive polling tests nowadays. The more we have, the more corroborating evidence we have to an outcome. This protects both forms of counting.
Vulnerable to what, though? Physically changing votes takes time, and swapping them leaves a paper trail. If someone miscounts paper votes, you can just recount them.
With a computer, you flip a bit and there's no record. Votes are miscounted? Tough, those numbers are a real as any other numbers. And how much time does it take to swap a vote? Less than a microsecond?
But then do we understand as well how physical data works, what's the actual shortcomings etc. ?
Personaly I don't think I do, yet even at my personal level I have anecdotes of ink just fading out of paper, or countless of widespread voting frauds from decades ago.
I have the feeling we are putting paper and physical media handling to a higher standard because we don't know as much about it.
Yes. Physical data is well understood. Inks fade, so you use a different formula and keep it out of the light as much as possible. Inks use chemicals, so even if it’s not visible you can still see where the writing was done, inks are pressed into the paper and change the physical structure of the paper in the process.
It takes a concerted effort to change paper ballots.
The issue is not physical data though. We are talking about a voting system, with agents, suppliers, observers, ballots and people handling them.
For instance some paper elections in Africa have crazy high voter prticipation when not so many people showed up.
That’s an extreme and we could point the finger at blatant corruption. We’re not at these extremes, but where are we on the spectrum?
For instance we don’t have any clear idea of how much corruption we have, to the point that “perceived corruption” is the best approximation.
What I’m going at is, to evaluate how much trust we put in an electronic voting system, we’d need better views at the current system than “paper is better because it’s physical” (that’s not your argument, I take a less nuanced position as example)
It's so bad that Diebold had to spin off and rebrand their voting machine division, out of fear that security and reliability issues with the EVMs would tarnish their main ATM business.
Same in Italy, each party can have one person observing proceedings. There used to be tons of parties, hence there were lots of eyes around. The better-organised parties also tracked in realtime whether their sympathizers had actually voted, seat by seat, and could send messages through relays to hurry them to the booth. Before computers, journalists typically relied on the major parties to have the first results, well before they were officially declared.
This has changed in modern times, as a number of parties disappeared after electoral reforms; and the risk of tampering and shenanigans has increased substantially.
Also on this point, we know the large silent majority is made up mostly of moderates who want to live in a civilised democratic country where the government either leaves everyone alone or have a mass benevolent impact.
As long as attacks don't scale it seems safe to assume corruption will be localised and the integrity of the system will hold. The risk is that IT is used to centralise democracy to bring down costs, then becomes compromised in an unrelated attack.
I can't speak to the US system, but here in New Zealand every political party is entitled to appoint scrutineers to each polling place. They cannot speak or interact with anyone but they watch the whole process from checking voter entitlement, through transporting the ballots and then counting.
The idea is each party distrusts the others so won't let them get away with rigging the ballot. Mutual distrust produces a trustworthy outcome.