I often say that election security is by far the hardest technical problem I've ever encountered. Why? Four reasons:
1) Contradictory critical requirements, particularly vote secrecy vs. transparency.
2) No truly neutral trusted third parties.
3) Election do-overs are generally impossible, so the ability to merely detect problems is insufficient. You have to reliably prevent them.
4) Much of the technology than can manage the complexity of elections is inherently untrustworthy.
The only good solution I know is to have a physical box, have everyone check that it's empty, have all the ballot papers put in the box by voters while everyone watches, then shuffle the papers, then take them out and count them while everyone watches.
@neroden @mattblaze I know you’re mostly joking. But that suggestion only works if your election has a small number of candidates for a single position.
The last election I voted in had 4 positions, 3 questions. Each position had up to 120 candidates of which I could choose up to 10. This one was counted by a scantron machine and I have confidence that nothing underhanded happened. Still, elections can be complicated.
One way to make it more possible: Most countries simply don't have *nearly* as many races as the US -- you may vote for one representative to Parliament, and one local mayor (at a different time), not the very long ballots we have here.
The "box" system is scalable as long as the voting system is "precinct-summable" so that you can count in each precinct and then add up.
UK still counts ballots by hand.
https://theconversation.com/explainer-how-britain-counts-its-votes-41265
@neroden @aeisenberg @mattblaze Ireland also counts votes by hand, and unlike the UK it not just a simple plurality count but a proper proportional representation system that requires many counts (it's similar to what in the US would be called instant runoff in multi-seat electoral districts).
The count can take a day, but that's OK and expected. In fact I find the drawn out count drama to be one of the most interesting parts of the process.
@aeisenberg @neroden @mattblaze
Why joking? That's how we do it in Australia. No problems.
Oh, it's an issue if you have to *move* the box.
Ideally the counting is actually done in the same room where the voting was done, with the watchful eyes of all the party observers and everyone else on the box the whole time. So no "seal" issue.
Well, that's high praise!
Thanks. I'll assume you mean that entirely legitimately.
I agree with you that election security is a very hard problem. Largely due to needing to implement the secret ballot. That's why this extraordinarily low-tech solution is the most reliable one I know of. :shrug:
I mean you can still end up with problems if someone attacks the box physically during the voting process, or attacks the voters or vote counters, or the voters or vote counters start attacking each other. I have certainly read about this happening in countries with violent insurrectionist movements, but nothing can be entirely secure against that
@neroden @mattblaze @brainwagon
Not that this would work. But is there some statistical way to remove a fraction of the votes and still have confidence in the outcome? I know votes come down to coin toss and nobody would be happy. But, if you can’t trust all of the votes can you just increase the burden of knowing where to alter the outcomes….
@neroden @mattblaze @brainwagon Agreed. Decentralization is the only way to address a physical threat to the ballots, by reducing the effect of one failure on the entire election. Immediate machine scanning at the polling location can create a backup, but then you have to trust the backup, with your audit material gone.
There is no perfect solution, only a best solution.
@davidgerard @brainwagon @neroden What on earth makes you think ensuring the integrity of voting in Australia (or anywhere else) is simple or easy?
There's more to election integrity than the vote-casting technology, and most of the hard properties on my list have nothing to do with computers.
But you're the expert.
@mattblaze @davidgerard @brainwagon
Again, I'm glad you recognize that I'm the expert and you're not. I only know what I know because I've worked with expert election integrity organizations.
I'm not sure why you're asking weird questions though -- of course it's difficult.
Most of the hard properties on your list have been analyzed for *centuries* and we know pretty solid solutions with the physical ballot box and precinct-level counting and election observers.
@mattblaze @davidgerard @brainwagon
Look, I don't want to be rude, but you are being really weird.
I see you're one of the many, many advisors to Verified Voting, whose work I've always respected... and who keeps coming down in favor of in-precinct counting, physical ballot boxes (for the secret ballot), and precinct-level observers.
However, I have probably studied the *history* of elections at least as much as you have. I don't see much of a non-CS record for you.
@neroden @davidgerard @brainwagon
Bye bye little troll.
@mattblaze @davidgerard @brainwagon
One of the biggest problems in elections is arguably finding enough *observers*.
We've always known that we don't have neutral trusted third parties, so the solution, as others have stated, is to have all the untrusting parties staring at each other simultaneously -- but if they don't recruit enough observers for every precinct, you can't do it.
This didn't make your list of 4 reasons. It's critical.
@mattblaze @davidgerard @brainwagon
Well, I guess Matt Blaze proves that he's a troll. Sad.
@neroden
maybe you see something i don't, but when i web search his name i see a professor of law (https://www.law.georgetown.edu/faculty/matt-blaze/ ), who's most cited work (https://scholar.google.com/scholar?hl=sv&as_sdt=0%2C5&q=matt+blaze&btnG= ) regards policymaking in the management of decentralised trust (https://ieeexplore.ieee.org/abstract/document/502679 )
@troglodyt @mattblaze @davidgerard @brainwagon
Fair enough, I mostly found his CS work, but he's apparently got a co-position in law (focused on CS stuff).
Election security is a hard problem, but he's unfortunately approaching it from a narrowly CS perspective. I'm an interdisciplinarian.
There is consensus on the solutions to the 4 problems he describes (namely physical ballot boxes, in-precinct counting).
There's a *next* layer of problems -- getting enough election observers & workers.
@neroden
don't see your interdisciplinary work in google scholar, is your name here a pseudonym?
@troglodyt @mattblaze @davidgerard @brainwagon
I have spent my time in activism rather than academia.
I honestly have a lot of respect for Matt Blaze's past work, but he's being really weird here.
Election security *is* difficult. His 4 stated problems have consensus solutions, *and he knows it* because orgs he works with have said so. There's >100 years of history working on those problems. There is a whole next layer of problems after that
@neroden
ok, don't see you listed as founder or member on organisation websites when i search for your name. how come? what orgs can vouch for your commitment to these issues?
@troglodyt @mattblaze @davidgerard @brainwagon
I'm not particularly interested in credentialism, so I don't tend to want my name up on websites when I work with organizations.
I don't understand why Matt Blaze responded with such weird and content-free statements. I agree with him that election security is difficult, and I said so from my first comment.
He responded by saying that I was the expert. Well, you sure aren't saying anything expert here, Mr Blaze.
@troglodyt @mattblaze @davidgerard @brainwagon
I'm just saying stuff which is absolutely standard among election integrity experts, you don't need to take my word for it (and you shouldn't), just check their websites. Matt Blaze is saying... nothing at all, he's just acting rude.
@troglodyt @mattblaze @davidgerard @brainwagon
Judge people, intellectually, by their behavior. Matt Blaze hasn't engaged in conversation or discussion at all, he's just made snide remarks which don't have any content. It's unfortunate, I expected better of him.
Serious election integrity experts have taken the opportunity to explain why each step of the low-tech standard solution exists and what problems it solves, and remaining issues.
Matt Blaze isn't acting serious.
@neroden
so none of these organisations wanted you as a front for their work, and didn't elect you as their representative or leader
and even though you've been very important to their work they still didn't make you their public contact for whatever interdisciplinary stuff they're active in
did i get that right?
@troglodyt @mattblaze @davidgerard @brainwagon
I never said I was very important. I just said I was involved. I listen to the experts.
Matt Blaze is also unimportant but he is not an expert on election integrity and apparently does NOT listen to the experts.
NOW have you got it right?
@neroden
this is no longer about blaze, it's about you
please explain why no organisations have made you part of their public work
@troglodyt @mattblaze @davidgerard @brainwagon
I spent my time on other activist work after we won Verified Voting in NY and stalled in NJ. There's your answer.
@troglodyt @mattblaze @davidgerard @brainwagon
Also, this is no longer about me, it's about Blaze.
@neroden
i don't believe you. to me it seems you have lied yourself into a corner. you are neither an activist, nor an "interdisciplinarian", and no one will back you up on these claims
in the light of this it's not very interesting that you have some anger towards blaze or other academics that consider technological changes more important to study and research policy for than elective techniques with centuries of history
@troglodyt @mattblaze @davidgerard @brainwagon
You don't have to believe me, and I don't really care whether you believe *me*. Just check what actual election integrity experts say.
There's no CS solution to the problem of having a secret ballot with election integrity, because all known computer security techniques are identity-verification-based. The physical ballot is the only known way to mix up the ballots so you don't know who voted for what, without potential fraudulent votes.
@troglodyt @mattblaze @davidgerard @brainwagon
Perhaps you're explaining why Blaze reacted with incoherent, unintellectual anger. He knows this perfectly well. Since his research is all CS, he may not want to admit it. Thanks for the insight.
@mattblaze I did a few months' work experience at the AEC in the 1990s and scrutineered (candidate's representative watching the AEC staff count the paper votes) for a friend when he ran in the late '90s, fwiw.
One thing that helps a lot is that voting is compulsory. This sounds weird, but that means the AEC tries super hard to make sure every single person over 18 is registered and able to vote, and to make voting super-easy. You can get a postal vote for the asking, or vote pre-poll easily.
From outside (UK or AU), the US's voting problems appear to be voter suppression, at both the registration and voting stage. The UK government has been getting into suppression at the voting stage of late.
i keep having to answer "but bl*ckch**n will solve elections!!" with "AUSTRALIA, DICKHEAD" and "NONE OF YOUR PROBLEMS ARE THE TECH"
@davidgerard That you have hardworking, scrupulously neutral public servants is great, but the problem is, what if they aren't as neutral as the system assumes that are. Or, equivalently, what if people THINK they aren't neutral. It can, and sadly does, happen in a heartbeat.
The trust and legitimacy of an election system is an extremely fragile thing.
@davidgerard @mattblaze
Ascribing one country's problems to another and assuming it is the same there is presumptuous. Likewise, ascribing one's solutions to another could also be.
Having said that, "integrity" issues seem to exist more in some places than others.
I have also seen the AEC at work (volunteered in the 1990s) and while bad eggs exist everywhere, the checks and balances in place gives me reassurance.
Matt Blaze
Nathanael Nerode
Andrew Eisenberg
Imbolc
ChookMother 🇦🇺🦘
Mᴀʀᴋ VᴀɴᴅᴇWᴇᴛᴛᴇʀɪɴɢ
david koblas
nickfank
David Gerard
Tröglödÿt
sleepyeyesvince