I often say that election security is by far the hardest technical problem I've ever encountered. Why? Four reasons:
1) Contradictory critical requirements, particularly vote secrecy vs. transparency.
2) No truly neutral trusted third parties.
3) Election do-overs are generally impossible, so the ability to merely detect problems is insufficient. You have to reliably prevent them.
4) Much of the technology than can manage the complexity of elections is inherently untrustworthy.
There are a few other problems out there that have *some* of these difficult properties, but elections seem to be almost unique in having all of them.
Add to that the high stakes and sophisticated state actors that are part of the threat model, and it can get really exciting.
@mattblaze I'm fond of the Canadian approach of not allowing computers anywhere near the process and doing everything on paper and counting by hand.
I'm sure that there are still 8 million ways to screw it up, but at least none of them are quite as embarrassing as the computer ones
@mattblaze Ive been of the opinion for at least 20 years that tech should only be used to print a human and scantron readable ballot. Whatever you put in the box is your vote. If something goes wrong you can still fill one out or count by hand.
The physical security of pieces of paper has been studied for thousands of years.
Having been a election volunteer here in Germany, yes it can be easy. Having seen ballots from USA with a huge amount of options: it blows up in complexity.
And if you take what all can go wrong with "easy elections" in Germany, ask Berlin.
https://en.wikipedia.org/wiki/2021_Berlin_state_election#Irregularities_and_annulment
Here in Bremen we have a slightly more complex voting system for state elections in place than most states, and it already explodes to nearly a week to count. Federal Elections are counted in few hours <4
@mattblaze I get it. The one thing I want to see made standard is for every electronic voting machine to have a paper receipt that the voter can verify that is kept for a manual recount.
I know this doesn't, in and of itself, fix election security, but it's a hole in the system I think needs attention.
@sarahmaywalt Receipts of your vote would allow you to prove to a third party who you voted for, which opens the door to coercion and vote-buying.
The requirement for a secret ballot complicates things, but there are important reasons for it.
@mattblaze The receipt would be handed to the poll workers and kept by them, but it would be simple enough for the voter to be able to check it for accuracy before it was turned in.
It would not have to have any identifying information on it. The voter would be required to stuff it into a ballot box before exiting the booth.
@vy @sarahmaywalt for the record, yes, I’m not always very “nice”. Your demands that I be nicer are noted, but will be ignored.
I do, however, try to be helpful and share useful, accurate background information on this important subject, about which I have some actual expertise.
@mattblaze @vy Matt, you're a professor of computer science and law at Georgetown University, so I kind of feel I shouldn't have to tell you this, but if you don't want comments on your thoughts, don't post them on a site to be commented upon.
I hope you treat your students better than this.
Maybe his students like his "no bullshit" kind of answers? I find them refreshing. Matt is basing his statements on studies conducted. If you link to studies that support your view, then I'm sure he would love to read them. Until then it is just your opinion, which you are entitled to, but Matt doesn't have to give them any weight.
@vy Just so you know, Matt would agree with you about paper ballots. He’s stated so himself. Also, you apparently didn’t understand what was meant by “hardest CS” problem if you think that saying it’s a political problem is disagreement. A problem can be both CS and political.
Matt wasn’t bullying you. He was telling you outright that you didn’t understand what he said and also that your assumption that his statements were made from a position of ignorance was incorrect.
Elections 2022 "I Voted" Sticker Contest Winners! Current Election Your Voting System Election Results Required Notices Election Calendar Voter ID Ballot by Mail Voters with Disabilities Election Workers Elected Officials Campaign Finance Resources FAQ Cast Vote Record Our new Travis County voting system combines touch screen technology with a paper ballot backup. It's modern, secure […]
Ever consider not boosting reply toots?
@mattblaze @sarahmaywalt my county finally moved off receiptless machines to one's with human readable ones. Which let's people audit the count.
I do agree people rarely read their printed ballots (which were very readable) and they complained about having to walk it over and put it into a scanner to actually tabulate the vote and store the ballot.
Still better than "just trust the black box"
@mattblaze @sarahmaywalt it's the usual security questions of tradeoffs between security, ease of use, budget.... And a million more things.
Like you said originally this is a tough problem because we need security, transparency, and auditability that works for the entire electorate.
Each method has its own flaws and exploits, back down to old fashioned paper.
I worry most about gaming the count, because I had to vote on black boxes for too long. Front and center exploit you know?
Adding a "paper trail" solution on top of an electronic election system always sounded to me like polishing a turd (sorry for the crude term).
Handmarked paper ballots already have a paper trail and none of the other issues with electronic voting systems.
I'm curious to know how many of those VVPATs were designed with human factors in mind to encourage verification?
For example, were they just a version of the ballot with all the candidates listed and a checkbox marked for the selected candidates, or did they print only the names of the selected candidates and party affiliation in large, eye-catching print with adequate whitespace?
My district's were of former type and I've wondered if any others did a better job.
@mattblaze @SwiftOnSecurity My rule of thumb metric here is "order of magnitude of the number of people trying to game the system".
Ten people? I can probably personally cope. A hundred thousand people? Find an expert. Ten million people? I need a longish 'splainer just to have proper context for understanding what the actual experts worry about.
Matt Blaze
Carl Vernet
Canageek
Norman Wilson
João Baptista
YetAnotherGeekGuy 
ClipperChip 
kkeller
John Kaniarz
…might work for coffee…
mathew
Sarah Maywalt 🥌🧶
vy
Andy Lowry
Tazor
David Penfold 
Rich
Ryan Egesdahl 
Paul Dot X
Mike D
Bob Bryla
Emily 🏳️⚧️
Spicewalla
Rob Landley