I often say that election security is by far the hardest technical problem I've ever encountered. Why? Four reasons:
1) Contradictory critical requirements, particularly vote secrecy vs. transparency.
2) No truly neutral trusted third parties.
3) Election do-overs are generally impossible, so the ability to merely detect problems is insufficient. You have to reliably prevent them.
4) Much of the technology than can manage the complexity of elections is inherently untrustworthy.
There are a few other problems out there that have *some* of these difficult properties, but elections seem to be almost unique in having all of them.
Add to that the high stakes and sophisticated state actors that are part of the threat model, and it can get really exciting.
@mattblaze Ive been of the opinion for at least 20 years that tech should only be used to print a human and scantron readable ballot. Whatever you put in the box is your vote. If something goes wrong you can still fill one out or count by hand.
The physical security of pieces of paper has been studied for thousands of years.
Having been a election volunteer here in Germany, yes it can be easy. Having seen ballots from USA with a huge amount of options: it blows up in complexity.
And if you take what all can go wrong with "easy elections" in Germany, ask Berlin.
https://en.wikipedia.org/wiki/2021_Berlin_state_election#Irregularities_and_annulment
Here in Bremen we have a slightly more complex voting system for state elections in place than most states, and it already explodes to nearly a week to count. Federal Elections are counted in few hours <4
Matt Blaze
John Kaniarz
…might work for coffee…