I often say that election security is by far the hardest technical problem I've ever encountered. Why? Four reasons:
1) Contradictory critical requirements, particularly vote secrecy vs. transparency.
2) No truly neutral trusted third parties.
3) Election do-overs are generally impossible, so the ability to merely detect problems is insufficient. You have to reliably prevent them.
4) Much of the technology than can manage the complexity of elections is inherently untrustworthy.
The only good solution I know is to have a physical box, have everyone check that it's empty, have all the ballot papers put in the box by voters while everyone watches, then shuffle the papers, then take them out and count them while everyone watches.
Oh, it's an issue if you have to *move* the box.
Ideally the counting is actually done in the same room where the voting was done, with the watchful eyes of all the party observers and everyone else on the box the whole time. So no "seal" issue.
Well, that's high praise!
Thanks. I'll assume you mean that entirely legitimately.
I agree with you that election security is a very hard problem. Largely due to needing to implement the secret ballot. That's why this extraordinarily low-tech solution is the most reliable one I know of. :shrug:
I mean you can still end up with problems if someone attacks the box physically during the voting process, or attacks the voters or vote counters, or the voters or vote counters start attacking each other. I have certainly read about this happening in countries with violent insurrectionist movements, but nothing can be entirely secure against that
@neroden @mattblaze @brainwagon
Not that this would work. But is there some statistical way to remove a fraction of the votes and still have confidence in the outcome? I know votes come down to coin toss and nobody would be happy. But, if you can’t trust all of the votes can you just increase the burden of knowing where to alter the outcomes….
@neroden @mattblaze @brainwagon Agreed. Decentralization is the only way to address a physical threat to the ballots, by reducing the effect of one failure on the entire election. Immediate machine scanning at the polling location can create a backup, but then you have to trust the backup, with your audit material gone.
There is no perfect solution, only a best solution.
Matt Blaze
Nathanael Nerode
Mᴀʀᴋ VᴀɴᴅᴇWᴇᴛᴛᴇʀɪɴɢ
david koblas
nickfank