The Indian Voting Machines are the answer.
No operating system, no passwords, no connections, no bruteforcing anything, system on a chip, so widely distributed devices that hacking even a few of them is challenging, etc.
The US voting machines are just waiting to be hacked, just a matter of when, not if.
I think random, serialized paper ballots are the way to go. When the polls close you know the serial numbers of every vote cast, so no new serial numbers should be added to that unless a very good reason. Keep them or destroy them afterwards is another issue, but it's a step in the right direction.
I have some distrust in the American voting system, first with the computerized systems, but also that federal elections are run at the state level. With so many states and jurisdictions, I can't help but feel that fraud is happening. If the federal elections process was truly federalized, and funded if it is not already, managed and controlled by the federal government, then I think there could be greater control and security.
Curious to know more. Is there a good source of information on the security of the hardware and software used for elections India.
As an Indian citizen I see the casual lack of security mindset in large swathe of things implemented by both public and private actors. Many things get better only though iterative failures and corresponding reactive fixes.
What type of failures and improvements have happened here, or instances of demonstrated hardness against those with motivation and access to machinery.
Regarding Indian voting machines, there is also randomization involved at various levels during distribution making it difficult to game the system but still I always wonder if there is any way to hack the system. I hope people in charge have a process to continuously evaluate the security procedures and improve it.
I never understood the desire to have any kind of machine at all. Paper ballots are a perfectly efficient and scalable system used for many large elections. Even if complicated machines are theoretically safe against malfeasance, keeping it simple increases public confidence.
I should say, the speed of tabulation. An American election can include ballot lines for president, senator, member of congress, state senator, three state representatives, a county councilmember or two, a member of the board of education etc.
If the speed of tabulation is the main reason then why are results no longer known by election night? They're saying it might be days again. When we had paper ballots, we knew that night. (For America)
More bits of paper. The ballot papers around here are bloated oversize monstrosities (picture A3 sized) due to the number of parties and candidates but you get a separate one for each election. Unfortunately not every area is paper only.
Here we don't even put names on the ballot, instead there is number assigned for each, this scales up to hundreds of candidates. This does prevent write ins, but I see no reason why you could not have own ballot for each purpose and then say colour code them and append letter or two in front of each candidate for each election.
We need results in as short a time as possible, ws have about 100 crore registered voters, of whom about 70% on average vote, meaning that the ECI must process 70 Crore votes, in under 10 hours.
Making that happen in a free and fair way is a logistical challenge, one that we undertake every 5 years.
One more large advantage of EVMs is making booth capture very expensive (because EVMs have a inbuilt rate limit, but a ballot box does not).
At any rate, with VVPAT being there, it adds another layer of security.
No, because of the way CO runs elections. But it is possible to gin up fraud claims and then resort to violence if the candidate who did this before loses again.
I hate the narratives around voting security in the US. One side says that it is totally secure, basically 0 fraud, most secure election in history, etc etc. The other side claims that the election was completely stolen from them by voting machines.
Neither of these claims is right. Personally, I doubt the election was stolen. I know of a handful of cases of voter fraud both anecdotally ("My mom [in a retirement home] told me to vote for McCain, but I know she really wanted to vote for Obama, so that's what I put.") and numerically[1].
I would not be surprised if one or two of the very razor thin House district elections in 2020 experienced enough fraud to flip the decision. This doesn't mean that I believe all of the Dominion voting system hack nonsense or anything like that. I just think only a Sith deals in absolutes.
Did Republicans anywhere try to "secure elections" in a way that didn't involve curtailing voting rights? Improving voting machines, systems, counting, etc. in a way that partisan leadership couldn't mess with?
Not bizarre at all. It's BS, but it's not bizarre.
Politics has become trench warfare. Everything is a battle to the death to keep the other side from gaining an inch anywhere. And, as is often the case in warfare, truth is a casualty. Both sides will say absolutely anything to keep anyone from thinking that the other side has a valid point.
It's advertising, but without any truth-in-advertising laws. Or, if you prefer, it's propaganda. Any relationship to the truth is purely accidental.
This is a wild amount of both-sidesing in a case where one side has evidence and the other is literally an unsubstantiated conspiracy theory at a scale where you could not keep the secret.
Most secure in history is (in my state) is correct. There are more pointless safeguards than have ever existed. If you were willing to go with the results of any election pre 2020 then you should be overjoyed at how much more "secure" the process is. That's the point that's being made, the amount of provable voter fraud that bypasses the checks and is only discovered after the fact is nil
The article you cited is literally the system working. There's 11 million people in Ohio, the number of illegal registrations is several orders of magnitude less than the lizardman constant and they were nonetheless caught.
Including the safeguards where observers are safely kept away from the counting! There were a lot of irregularities in 2020. The supreme Court recently said Pennsylvania should not have counted some of the ballots it did in 2020 (policy change by secretary of state vs legislature).
Yes drop boxes and mail in ballots with no signature verification and the counting done largely by one side of the partisan divide (county/state employees) is totally 100% secure what could go wrong? Those conspiracy nuts just don't get it.
The only way to get an honest electronic vote is by giving realtime visibility on who voted what and where publicly.
Everything else is a scam.
It would mean no secrecy of vote, but I think that secrecy of vote is for places that are new to democracy.
It could be anonymised to a point a clever system of personal certificats, but the idea is that in a 100 people district, the citizens should be able to count themselves and check if their real votes are correctly registred.
If the list is public, everyone got a proof of vote and can confirm that the global list is correct localy, then there is no way to hide cheating.
> The only way to get an honest electronic vote is by giving realtime visibility on who voted what and where publicly.
The secrecy on individual votes has a good reason to exist. Votes are already bought based on per-section public results, imagine what would happen if individual votes were public.
Moreover, people under any sort of threat (communities dominated by drug dealers, employees of a dishonest, politically engaged business owner) would be in big trouble.
But, there is still someone somewhere that distribute the certificats and can link you to your vote so why try to hide something that can leak. It will leak.
Uh oh. Ignorance of computing showing. IF they need two passwords to combine to make one, but sometimes have one of them, they just need to brute the other open... I think it's a bigger problem than the administration understands, unless the passwords are for something inert like wattage delivered to the machine.
Paper ballots have very boring failure modes and need no explanation or technical support.
When you see a system more complex than paper ballots, know that the additions are not there on your behalf.
Colorado uses paper ballots. It's an all-mail voting state so every voter is mailed a paper ballot which is then dropped off or mailed back.
No one has mentioned 2FA. I suspect the passwords are not all that is needed.
The Indian Voting Machines are the answer. No operating system, no passwords, no connections, no bruteforcing anything, system on a chip, so widely distributed devices that hacking even a few of them is challenging, etc.
The US voting machines are just waiting to be hacked, just a matter of when, not if.
I think random, serialized paper ballots are the way to go. When the polls close you know the serial numbers of every vote cast, so no new serial numbers should be added to that unless a very good reason. Keep them or destroy them afterwards is another issue, but it's a step in the right direction.
I have some distrust in the American voting system, first with the computerized systems, but also that federal elections are run at the state level. With so many states and jurisdictions, I can't help but feel that fraud is happening. If the federal elections process was truly federalized, and funded if it is not already, managed and controlled by the federal government, then I think there could be greater control and security.
Curious to know more. Is there a good source of information on the security of the hardware and software used for elections India.
As an Indian citizen I see the casual lack of security mindset in large swathe of things implemented by both public and private actors. Many things get better only though iterative failures and corresponding reactive fixes.
What type of failures and improvements have happened here, or instances of demonstrated hardness against those with motivation and access to machinery.
IIRC it uses tamper evident hardware.
There was an interview with one of the Profs who designed the EVMs here.
> The US voting machines are just waiting to be hacked
Feature, not a bug?
Regarding Indian voting machines, there is also randomization involved at various levels during distribution making it difficult to game the system but still I always wonder if there is any way to hack the system. I hope people in charge have a process to continuously evaluate the security procedures and improve it.
I never understood the desire to have any kind of machine at all. Paper ballots are a perfectly efficient and scalable system used for many large elections. Even if complicated machines are theoretically safe against malfeasance, keeping it simple increases public confidence.
I should say, the speed of tabulation. An American election can include ballot lines for president, senator, member of congress, state senator, three state representatives, a county councilmember or two, a member of the board of education etc.
If the speed of tabulation is the main reason then why are results no longer known by election night? They're saying it might be days again. When we had paper ballots, we knew that night. (For America)
More bits of paper. The ballot papers around here are bloated oversize monstrosities (picture A3 sized) due to the number of parties and candidates but you get a separate one for each election. Unfortunately not every area is paper only.
Here we don't even put names on the ballot, instead there is number assigned for each, this scales up to hundreds of candidates. This does prevent write ins, but I see no reason why you could not have own ballot for each purpose and then say colour code them and append letter or two in front of each candidate for each election.
Scale is a bit of an issue.
We need results in as short a time as possible, ws have about 100 crore registered voters, of whom about 70% on average vote, meaning that the ECI must process 70 Crore votes, in under 10 hours.
Making that happen in a free and fair way is a logistical challenge, one that we undertake every 5 years.
One more large advantage of EVMs is making booth capture very expensive (because EVMs have a inbuilt rate limit, but a ballot box does not).
At any rate, with VVPAT being there, it adds another layer of security.
It's a matter of when, if, and, if we will ever know
Is voting fraud at stake here or leak info over who voted? Is it possible to infer who voted what from the leak?
No, because of the way CO runs elections. But it is possible to gin up fraud claims and then resort to violence if the candidate who did this before loses again.
That just seems so unlikely. What sort of out-of-touch ego monster, bigger than Jesus, flaming asshole would do this?
If you broaden fraud to include interference, suppression, etc yes absolutely
I hate the narratives around voting security in the US. One side says that it is totally secure, basically 0 fraud, most secure election in history, etc etc. The other side claims that the election was completely stolen from them by voting machines.
Neither of these claims is right. Personally, I doubt the election was stolen. I know of a handful of cases of voter fraud both anecdotally ("My mom [in a retirement home] told me to vote for McCain, but I know she really wanted to vote for Obama, so that's what I put.") and numerically[1].
I would not be surprised if one or two of the very razor thin House district elections in 2020 experienced enough fraud to flip the decision. This doesn't mean that I believe all of the Dominion voting system hack nonsense or anything like that. I just think only a Sith deals in absolutes.
1: https://apnews.com/article/ohio-voters-citizenship-referrals...
> One side says that it is totally secure, basically 0 fraud, most secure election in history
Additionally, the sides have completely flipped. Utterly bizarre.
Good thing we fixed the hanging chad issue.
Did Republicans anywhere try to "secure elections" in a way that didn't involve curtailing voting rights? Improving voting machines, systems, counting, etc. in a way that partisan leadership couldn't mess with?
Georgia, I predict, will be a shitshow this year.
Notice the Cheneys and John Boltons of the world also have seemed to flipped with them.
I am happy to say, I've never been on the side of a Cheney. Go me!
Not bizarre at all. It's BS, but it's not bizarre.
Politics has become trench warfare. Everything is a battle to the death to keep the other side from gaining an inch anywhere. And, as is often the case in warfare, truth is a casualty. Both sides will say absolutely anything to keep anyone from thinking that the other side has a valid point.
It's advertising, but without any truth-in-advertising laws. Or, if you prefer, it's propaganda. Any relationship to the truth is purely accidental.
The true casualty is America’s credibility abroad. In pretty much every capital, embassy, boardroom, etc… it noticeably declines year on year.
Even the Brits don’t take anything at face value anymore.
Our credibility has been suddenly made synonymous with how willing we are to go to war on behalf of other countries . We are not
But I think any attack on an American force will get you a quick lesson on our credibility, which, as an American, is all I really care about.
Similarly economically, good luck not participating in the American markets.
Each side uses the argument most expedient to them at the time. For the 2020 election I recall it was concern over mail in ballots.
This is a wild amount of both-sidesing in a case where one side has evidence and the other is literally an unsubstantiated conspiracy theory at a scale where you could not keep the secret.
Most secure in history is (in my state) is correct. There are more pointless safeguards than have ever existed. If you were willing to go with the results of any election pre 2020 then you should be overjoyed at how much more "secure" the process is. That's the point that's being made, the amount of provable voter fraud that bypasses the checks and is only discovered after the fact is nil
The article you cited is literally the system working. There's 11 million people in Ohio, the number of illegal registrations is several orders of magnitude less than the lizardman constant and they were nonetheless caught.
Including the safeguards where observers are safely kept away from the counting! There were a lot of irregularities in 2020. The supreme Court recently said Pennsylvania should not have counted some of the ballots it did in 2020 (policy change by secretary of state vs legislature).
Yes drop boxes and mail in ballots with no signature verification and the counting done largely by one side of the partisan divide (county/state employees) is totally 100% secure what could go wrong? Those conspiracy nuts just don't get it.
The only way to get an honest electronic vote is by giving realtime visibility on who voted what and where publicly.
Everything else is a scam.
It would mean no secrecy of vote, but I think that secrecy of vote is for places that are new to democracy.
It could be anonymised to a point a clever system of personal certificats, but the idea is that in a 100 people district, the citizens should be able to count themselves and check if their real votes are correctly registred.
If the list is public, everyone got a proof of vote and can confirm that the global list is correct localy, then there is no way to hide cheating.
> The only way to get an honest electronic vote is by giving realtime visibility on who voted what and where publicly.
The secrecy on individual votes has a good reason to exist. Votes are already bought based on per-section public results, imagine what would happen if individual votes were public.
Moreover, people under any sort of threat (communities dominated by drug dealers, employees of a dishonest, politically engaged business owner) would be in big trouble.
There are ways of doing this using encryption so that the person will know what their own vote is in a way that others don't.
But, there is still someone somewhere that distribute the certificats and can link you to your vote so why try to hide something that can leak. It will leak.
"Prove that you voted for Putin or you are out of a job".
Uh oh. Ignorance of computing showing. IF they need two passwords to combine to make one, but sometimes have one of them, they just need to brute the other open... I think it's a bigger problem than the administration understands, unless the passwords are for something inert like wattage delivered to the machine.
Can you brute force a BIOS password without prolonged physical access?
The leak does increase the risk of a single trusted insider messing with the system, though.