32 States Offer Online Voting, But Experts Warn It Isn't Secure

Long-time Slashdot reader Geoffrey.landis writes: According to the Washington Post, 32 states have implemented some form of online voting for the 2016 U.S. presidential election -- even though multiple experts warn that internet voting is not secure. In many cases, the online voting options are for absentee ballots, overseas citizens or military members deployed overseas. According to Verified Voting, "voted ballots sent via Internet simply cannot be made secure and make easy and inviting targets for attackers ranging from lone hackers to foreign governments seeking to undermine US elections."
And yet 39% of this year's likely voters said they'd choose to vote online if given the option, according a new article in the Boston Globe, noting that "All 50 states and D.C. send ballots to overseas voters electronically," with Alabama even allowing them to actually cast their ballots through a special web site. "Security is exponentially increased over any other kind of voting because each ballot, as well as the electronic ballot box, has military-grade encryption," argues the founder of the software company that assures the site's security. "She also claims that Web voting is more accurate," reports the Boston Globe. "No more hanging chads or marks on a paper ballot that may be difficult to interpret. Web systems can also save money and can be upgraded or reconfigured as laws change..."

Threats

[ChrisMaple]

With online voting, it is impossible to prevent coercion.

Re:Threats

Ah yes, let me go and coerce a few million people to even make an impact... That whole "prevent coercion" is BS and you know it.

Re:Threats

[NotInHere]

Its much easier to fake or deanonymize an online vote (undetected) than to do the same with a paper trail based vote.

Voting is one of the areas where I beliveve no computer technology should be used. Computers should be devices that serve us, not devices we use to chose our leaders with.

Re:Threats

[whoever57]

With online voting, it is impossible to prevent coercion.

Also with postal voting. Note that I don't intend this as support for online voting: instead, postal voting should be restricted to people who cannot vote in person.

Re:Threats

[houghi]

It also saves a lot on plane tickets from Moscow.

Re:Threats

That whole "prevent coercion" is BS and you know it.

Ransomware authors would beg to differ.

Re:Threats

Online voting is absolutely irresponsible and not worthy of a democracy. Some random Ukrainian or Russian hacker could determine your next president. Or the NSA or just about any other intelligence agency.

Re:Threats

[BradMajors]

It is also impossible for an online ballot to be a "secret ballot".

Re:Threats

[dgatwood]

With online voting, it is impossible to prevent coercion.

Not true. You can prevent coercion by designing it like this:

• Votes can be verified only immediately after voting.
• Vote as often as you want; only the last one counts.

Now, in theory, somebody could hover over you from the moment you cast your vote until the polls close, but in practice, that doesn't scale. Instead, most vote coercion merely requires showing proof of voting. Because the rules above preclude proving that a given vote was the last vote cast, coercion is impossible, and nobody sensible would even attempt it.

Re:Threats

[ADRA]

So does mail-in voting. That doesn't stop basically every state from allowing it. Some people just can't physically reach a polling station.

Re:Threats

Easily defeated by time-shifting attacks, either simple or subtle.

Re:Threats

With online voting, it is impossible to prevent coercion.

Security is not the current political attack point. Instead, it is voter disqualification, which can easily be applied against targeted populations likely to be voting in a particularly way. "Jesus Rodrigues" – we have six voters of that name in three adjacent counties and they are all registered to the same party, so this must be the same voter voting multiple times, so throw out all of them. Similarly for common african-american names. This is as effective as miscounting the vote and is done openly. Note that they never act against this supposed crime as it would likely not hold up in court.

Re:Threats

With in-person voting it's impossible to prevent coercion. I'd suggest it's impossible to prevent coercion in any system where two or more people interact.

There are consequences to requiring in-person, some of which are bad. There are consequences to allowing voting in other forms, some of which are bad. The question is not "can we 100% eliminate bad outcomes of type X" (which no system does), it's "all things considered, which outcomes to we like best". And there are already lots of not-in-person votes in the US today. In several states the default is vote-by-mail, for example, and all states *allow* voting outside the polls so long as you fill out a bit of extra paperwork.

The idea that someone who is being coerced couldn't be made to show others their ballot under current systems in any state just factually inaccurate. The reasonable way we protect ourselves from coercion is to report it when it happens to us and use the power of larger society to keep us safe -- which is more or less what you're suggesting that polling places do in the first place.

Re:Threats

[dynamo]

When election day is a holiday or held on a weekend, this is a legitimate argument, but a huge percentage of the population can say with credibility that working makes it unfeasible for them to vote.

Re:Threats

With in-person voting it's impossible to prevent coercion. I'd suggest it's impossible to prevent coercion in any system where two or more people interact.

There are consequences to requiring in-person, some of which are bad. There are consequences to allowing voting in other forms, some of which are bad. The question is not "can we 100% eliminate bad outcomes of type X" (which no system does), it's "all things considered, which outcomes to we like best". And there are already lots of not-in-person votes in the US today. In several states the default is vote-by-mail, for example, and all states *allow* voting outside the polls so long as you fill out a bit of extra paperwork.

The idea that someone who is being coerced couldn't be made to show others their ballot under current systems in any state just factually inaccurate. The reasonable way we protect ourselves from coercion is to report it when it happens to us and use the power of larger society to keep us safe -- which is more or less what you're suggesting that polling places do in the first place.

I suspect you don't know how polling places are operated in the USA.

Polling places have representatives of both parties present to prevent in-person coercion or even any kind of communication with a voter during voting. For coercion to take place it would require collusion between the Democratic and Republican pollworkers. I admit that could happen somewhere, but to the extent required to influence any election above the local school board election, it won't happen in this country.

AFAIK, all 50 states prohibit anything resembling campaigning within some distance (usually over 100 feet or more) of the building and/or property where voting is done. The rare instances I recall of people trying to campaign at a polling place quickly brought police and criminal charges.

Also, I admit that fringe parties won't have enough people to staff every polling place, but that's because they are fringe parties.

Re:Threats

[Aighearach]

My State is 100% vote by mail, and we don't have this as a problem.

Re:Threats

OK, but that makes it ripe for someone to change your vote.

Given that it's on your home computer that could include a virus (not that that couldn't already change it during voting and display a faked verification page). I suspect the virus argument is the main reason experts warn it can't be secure. The authentication part can be but your computer is a weak link in the chain. At least at polling stations the computers there are under their control so can (in theory) be trusted.

Re:Threats

[The-Ixian]

What if we force the creation of a public/private key pair with a ridiculous key length as a prerequisite for voting online? Perhaps, attach it to the state ID/driver's license which you would need to go to the DMV to get (only the public key would be embedded in the card and the private key would be send certified mail to you on a flash drive with instructions to keep it safe).

Obviously, all communications encrypted with this key would be readable by you and the government.

If you see more than one vote show up from a single key, you throw out all the votes for that key and notify the user that they need to do it the old fashioned way.

Yes, you could DoS the voters... but you would need to harvest a lot of user's private keys.

Re:Threats

[The-Ixian]

This has been the case with me all my life. Voting days are ALWAYS weekdays and held during WORKING hours....

The only people who can vote under this set up are people who have vacation/sick leave... Which most working people don't have.

I believe that there are laws requiring employers to allow time off for voting... but those are not enforced whatsoever in my experience. Good luck fighting that one being a working poor person...

Re:Threats

[XXongo]

This has been the case with me all my life. Voting days are ALWAYS weekdays and held during WORKING hours....

Where I live polls open at 6:30 a.m. and close at 7:30 p.m.. If your working hours are longer than that, I hope you're raking in a lot of overtime.

(In fact, my employer has a policy of allowing one hour of paid, excused leave for voting... but only if your scheduled work hours mean you can't vote without taking time off. Since almost nobody ever gets mandatory overtime (employer couldn't afford that), nobody ever qualifies for the "excused leave." Nice gimmick: they get to claim they're doing their patriotic duty by giving people time off to vote, but it costs nothing because they don't actually give anybody time off. Still, I like the idea.)

Re:Threats

[NotInHere]

With this system it would be trivial for the government to deanonymize the vote. What should e.g. a government employed worker do, vote for his boss, knowing that he knows whom to vote for, or vote for someone else, whom he'd much more prefer to see.

Also, there is this problem with endpoint security... Computers today are very very insecure. The only really secure computers these days are perhaps chromebooks.

Re:Threats

Good idea, let's tolerate a security vulnerability because it's inconvenient for citizens who don't even live here.

Re:Threats

It's not impossible if you cheat by having them come in to register at least once.

Re:Threats

The site on which you vote is digitally signed. The coercing entity could demand you run a program which votes at the last second and sends him the signature.

Re:Threats

[The-Ixian]

Correct me if I am wrong, but don't many states require a valid government issued ID in order to vote currently?

I know that nothing perfectly ties a particular vote with a particular person, but the government has the time of day that you showed up and also knows when certain votes are entered into the system. If the terminals are electronic, even better. So, while they may not have a perfect correlation, they have a pretty good guess.

But, yeah, I see your point. It would seem to be an insurmountable problem.

Still, perhaps voting from your personal or corporate computer may be out of the question, but what about an already existing secure computer system like an ATM network? If I could pop out during lunch and hit up the nearest ATM in order to vote, I absolutely would. As it is, there are way too few voting centers... it's almost as if they are designed to be out of the way for nearly everyone.

Re:Threats

[NotInHere]

I know that nothing perfectly ties a particular vote with a particular person, but the government has the time of day that you showed up and also knows when certain votes are entered into the system. If the terminals are electronic, even better. So, while they may not have a perfect correlation, they have a pretty good guess.

One of the reasons I am against electric voting terminals :)

Re:Threats

[Shirley+Marquez]

The driver's license scheme wouldn't work. Licenses get presented as ID all the time; it wouldn't be too hard for somebody dishonest to skim the keys from them.

Re:Threats

[Shirley+Marquez]

Even if one's working hours aren't that long, the combination of work hours and commuting make that schedule impossible for some voters.

I think the polls should be open for 24 hours. And in national elections those should be the SAME 24 hours (real time, not local clock time) everywhere to eliminate the problem of the vote in states that vote late being influenced by the results in states where the voting ends early. 9pm Eastern sounds good to me; in most cases (except for really close ones like Bush v Gore) that should allow the count to be ready in time to report on the 11 o'clock news.

Re:Threats

With online voting, it is impossible to prevent coercion.

Also with postal voting. Note that I don't intend this as support for online voting: instead, postal voting should be restricted to people who cannot vote in person.

My State is 100% vote by mail, and we don't have this as a problem.

My god, it's worse than we thought look what they made him post to slashdot!

Re:Threats

[The-Ixian]

But in that case they only get the public key which is almost useless to them.

Sure, they could encrypt stuff using it, but only you and the government (having the private key) can decrypt it. Worst case I can think of is that the keys would be used to spoof identification in various ways. But that is already the case if they steal your ID.

Re:Threats

[dgatwood]

This would be pretty easily discovered—not to mention that it would probably bring down the servers if it happened to a degree that would actually change the election results meaningfully.

Besides, that can be easily avoided through a local app that does certificate pinning, combined with an operating system that enforces signed executables. And without those things, it is arguable whether the vote can be trusted anyway.

Online Voting

If this can be made to work, then we no longer need a congress. Everyone can vote directly on every issue.

Re:Online Voting

That would be direct rule, as opposed to a representative democracy. Some may think that is better, I do not.

Our current system of representatives was intentionally chosen by the framers of the US constitution and many of the much-vaulted checks and balances in the US government require separate elected bodies with dissimilar election schedules and dissimilar constituents. They called direct democracy "the Tyranny of the majority"

Direct voting means that 51% of the electorate can vote for incredibly unfair laws targeting the 49%. Representative democracy means that representatives are elected who vye with each other to get laws passed. Compromises are usually necessary and passions of the moment fade before laws wind their way through the system.
Certain values of Gridlock and dysfunction are a feature of US democracy. We actually really don't want to change that.

Re:Online Voting

If this can be made to work, then we no longer need a congress. Everyone can vote directly on every issue.

Be careful what you wish for. With a system like that, homosexuality and interracial marriage would probably still be illegal, just to get started.

Re:Online Voting

[Citizen+of+Earth]

"The best argument against democracy is a five-minute conversation with the average voter." -- Winston Churchill

Re: Online Voting

no, there is nothing that says a direct voting system must follow majority vote...just like now Congress needs more than a majority vote to over ride a presidential veto....

Re:Online Voting

[thegarbz]

Elected officials are paid to sit and read lengthy documents that get passed into law, and even they don't do it.
How many of the direct public do you think are going to read a multi-hundred page document and have the understanding of the legalese to cast an informed vote on it?

Direct democracy works if you're in a small village. Hell just look at Brexit and the number of Google searches from within the UK on "what is the EU" AFTER the voting deadline had finished.

Re:Online Voting

They called direct democracy "the Tyranny of the majority"

Much better to have a tyranny of the minority, amirite? Additional layers of abstraction are like castle walls - they originally kept the patriots in charge, but now that ownership has changed hands these walls keep the rest of us out. Now we've got well-represented corporations who can actually deal with this complexity in ways that individuals handle poorly, because the vote isn't just "what do you agree with?" - it's "who do you kinda agree with and is a shark?"

Re:Online Voting

[The-Ixian]

Yeah well, if government prioritized education then this statement wouldn't make sense. But see, what government doesn't want are educated people. They want to continue to justify their actions by being able to say "Look at those poor unwashed masses... I am doing what's best for them."

Politicians are completely onboard with the circus of misdirection and grandstanding.

Re:Online Voting

[dfenstrate]

"The best argument against democracy is a five-minute conversation with the average voter." -- Winston Churchill

Good thing we're aiming for a Republic.

Re:Online Voting

[clovis]

Elected officials are paid to sit and read lengthy documents that get passed into law, and even they don't do it.
How many of the direct public do you think are going to read a multi-hundred page document and have the understanding of the legalese to cast an informed vote on it?

Direct democracy works if you're in a small village. Hell just look at Brexit and the number of Google searches from within the UK on "what is the EU" AFTER the voting deadline had finished.

Good point.
A good example of this is the so-called "Obamacare".
Most people have no idea what is in that bill. They don't even know the name of the actual bill.
(it's not "The Affordable Care Act", it's the "Patient Protection and Affordable Care Act")
It is unreasonable to expect the any person of any social class to spend the week or month necessary to read and understand just this one bill before voting on it.
And the PPACA is pretty much jargon-free; it's just that there's a lot in it.

Now imagine people trying to read and understand Dodd-Frank (DODD-FRANK WALL STREET REFORM AND CONSUMER PROTECTION ACT) before voting on it. And we sure as taxes cannot depend upon the media to explain these things.

Re:Online Voting

[RespekMyAthorati]

Good thing we're aiming for a Republic.

Which, if you know what the term means, is also a democracy.

Re:Online Voting

[dfenstrate]

Good thing we're aiming for a Republic.

Which, if you know what the term means, is also a democracy.

It's democratic in nature, but with significant differences intended to control some of the negative tendencies of pure democracies.

Of course, you knew that, and you knew that I knew that, and you knew that's what I was getting at. Yet you decided to be a smart ass anyway. Any particular reason?

Crooked Republicans

The crooked Republicans will use this to steal the election just like they did in 2000 and 2004. The exit polls favored Gore and Kerry, because that's who the people actually voted for. But both elections went to Bush because of rampant voter fraud by the Republicans. For all the talk of Hillary supposedly being crooked, the Republicans are far worse. Their job of stealing the election has been made far easier by the embarrassing lack of security.

Re:Crooked Republicans

[BradMajors]

All of the recent "election stealing" has been done by Hillary. BTW, Hillary is a Democrat.

Who needs elections

[lucm]

just put up a Facebook page and see who gets the more Like. Problem solved.

It's not like it really matters anymore. Politicians are entertainers nowadays, not decision makers.

Re:Who needs elections

Politicians are entertainers nowadays, not decision makers.

Entertainers with access to nuclear weapons.

Just sayin'.

Re:Who needs elections

[guises]

Unfortunately, politicians may get elected based on their entertainment value but then they do make decisions. Important, influential decisions.

Re:Who needs elections

[PolygamousRanchKid+]

just put up a Facebook page and see who gets the more Like.

Actually, it would be fairly amusing to set up Slashdot polls on Congress votes instead. Kinda sorta like a "Shadow Congress". Subsidies for bow and arrow manufactures in Oregon? No thanks. Support for aardvark ranchers in Arkansas? No, we'll skip on that one as well.

A plan to drop Cowboy Neal into North Korea with an H-bomb instead of a parachute on his back? That one works!

Re:Who needs elections

[CanadianMacFan]

How about riding an H-bomb, swinging a cowboy hat around above his head with his right hand, and yelling "Yee-haw!" all the way down?

Re:Who needs elections

[wkwilley2]

Entertainers with access to nuclear weapons.

They aim to please.

The small amount of fraud

[rsilvergun]

This will result in pales in comparison to the amount of enfranchisement it will create. Every time I've seen someone railing against voter fraud it's always been a transparent attempt to keep some kind of "undesirables" from voting. Usually members of the working class.

Re:The small amount of fraud

[GoChickenFat]

This will result in pales in comparison to the amount of enfranchisement it will create. Every time I've seen someone railing against voter fraud it's always been a transparent attempt to keep some kind of "undesirables" from voting. Usually members of the working class.

Bullshit. I only want people voting who put some effort into it. We're continually throwing away our country by trying to turn elections into zero effort by the voter. In my opinion the two worst things in our elections are open primaries and early voting. Show up the day of the election, darken the oval next the candidate you want and feed it into the electronic counter - an unambiguous paper trail will remain. Save early voting to the true absentee and not leave it open to vote harvesting.

Re:The small amount of fraud

[frank_adrian314159]

Fuck you, you undemocratic piece of shit. The constitution says nothing about "putting in an effort" or any other such crap. You've proven the original poster's point - that people who complain about those that vote are usually wanting to clear out their notion of undesirable voters (in your case those undesirables that aren't putting in an effort). The question is whether we're going to have a democracy or not. So I reiterate - fuck you, you undemocratic piece of shit.

Re:The small amount of fraud

[GoChickenFat]

Hey, dipshit...read the constitution and understand our federal form of government is a representative republic - it's not democratic. There, did calling names convince you of anything or does it just sound ignorant?

Re:The small amount of fraud

I agree with this. Every citizen has a right to vote whether they are stupid or lazy or whatever. If you don't like the constitution of the USA find a country that restricts voting rights and move there.

Re:The small amount of fraud

What's your point? The representitives are still elected democratically. In the US that means citizeship = vote, not some citizenship plus some random criteria that you made up.

Re:The small amount of fraud

[iris-n]

And this is exactly why it will be strongly fought against.

To give a concrete example, in the last presidential elections in Austria the neonazi party FPÖ won in the polling booths, but lost in the postal votes. Their answer to that? Forbid postal voting, of course! Who uses it the most are university students that are away from their hometown, and have very little sympathy for the FPÖ.

Re:The small amount of fraud

[Gavagai80]

The "effort" test unfairly favors retired seniors who have a lot more time to waste than someone working long hours. It's not a fair measure of actual interest in voting at all.

Re:The small amount of fraud

[AthanasiusKircher]

Fuck you, you undemocratic piece of shit. The constitution says nothing about "putting in an effort" or any other such crap. You've proven the original poster's point - that people who complain about those that vote are usually wanting to clear out their notion of undesirable voters (in your case those undesirables that aren't putting in an effort).

Well, to be fair, "the Constitution says nothing about" the requirements for suffrage in general. In the early days of the U.S., states restricted voting rights to mostly white male landowners... by your standards, the original Constitution as interpreted by the states who decided who got to vote was profoundly "undemocratic." The phrase "right to vote" never even appeared until the Fourteenth Amendment was passed after the Civil War.

Gradually, over the years, we've added suffrage to other folks, and now it's pretty much universal for people over the age of 18 (excepting felons serving time and such edge cases). But twas not always thus, and citing the "Constitution" in this discussion brings in a host of problems... since that Constitution had to be amended at least SEVEN times SPECIFICALLY to enfranchise voters which had been previously excluded.

And Congress has had to pass other bills to extend voting rights to other random groups who would not necessarily otherwise have it under the Constitution (e.g., citizens overseas, some Native Americans, residents of D.C. in some elections, etc.).

Anyhow, I do NOT agree with GP's attitude here. But the Constitution is pretty much a terrible model for enfranchising people to vote -- the default position over the centuries has basically been "no, you don't really have the right to vote..." because the Constitution does such a poor job of granting it.

Re:The small amount of fraud

[AthanasiusKircher]

Oh, and by the way -- if you think that normal U.S. citizens have "the right to vote" today, that's really up to interpretation. For example, you really don't have the right to vote for President of the U.S. You have the right vote in an election, but it's up to your state legislature to decide in what manner the results of your state voting can be tallied to select members of the Electoral College to vote for President on your behalf.

Basically, the Constitution is profoundly undemocratic in sense of "direct democracy." It was designed to have many layers between the votes of the people and the actual officials and laws in the government.

Re:The small amount of fraud

Bullshit. I only want people voting who put some effort into it.

You mean by voting?

We're continually throwing away our country by trying to turn elections into zero effort by the voter.

You know, we don't have an opt-out system, right? Seriously, you can't out of most laws that are enforced upon citizens (and non-citizens) in the country, there's a few you can out out of (mostly entitlements), and a few you can opt in to (again, entitlements, security clearance, military enrollment, etc). Honestly, what you say is just absurd.

In my opinion the two worst things in our elections are open primaries and early voting.

I'd agree with the former, but only in that we even have primaries. But, you know, that's not a part of the government per se* and really a hard point to argue about without just coming across at the same sort of jackass who decries reality TV. Boo hoo. As for early voting, why do you have a problem with defining voting to extend upon multiple days? Is there something magical about the first Tuesday in November that we must limit voting to a sub-24 hour stretch on that day? Uh, yea, no.

Show up the day of the election, darken the oval next the candidate you want and feed it into the electronic counter - an unambiguous paper trail will remain.

s/day/days/ and we make the process more reasonable. But then...

Save early voting to the true absentee and not leave it open to vote harvesting.

Yea, damn that vote harvesting! Why, we should try to prevent as much harvesting of votes as possible! Hell, why even have voting? Oh, right, because that's the whole point of an election. To harvest as many votes as possible to try to derive as much of a consensus of the people so the government better represents the people. Now, if you want to argue that voting does a poor job of that or elections do or a fixed term or having individuals elected instead of platforms, I'd agree. But to bitch about a very specific aspect of it as if THAT is the problem when it isn't is just stupid.

* Indirectly who appears on the ballet is controlled by this on almost all states, but you can still write in who you want. So, yea, it definitely is like a survey that pushes for a certain response. But in the end, you do have control of who you elect.

Re: The small amount of fraud

If you want to reduce the amount of uneducated voters, it's far more productive to work on educating voters. The media isn't especially effective since they focus more on appearance and things that don't matter than they do on the actual issues.

Re:The small amount of fraud

[ADRA]

Democracies by definitinon allow anyone to vote. If anything, taking voting rights away from children and washington DC, and most US protectorates are bad enough.

The informed voter ideal is certainly something worth really looking into, but it is NOT democracy. Read Star-ship troopers and you'll see at least one image of tiered democracy. In at least a few EU countries, you can't vote without spending time in the armed services, even if it's treated more or less a 2 week summer camp.

Re:The small amount of fraud

Bullshit. I only want people voting who put some effort into it. We're continually throwing away our country by trying to turn elections into zero effort by the voter. In my opinion the two worst things in our elections are open primaries and early voting. Show up the day of the election, darken the oval next the candidate you want and feed it into the electronic counter - an unambiguous paper trail will remain. Save early voting to the true absentee and not leave it open to vote harvesting.

Define "true absentee" and also, tell us exactly what kind of effort you want. I don't know about you, but standing in line outside a church? Not exactly the kind of sacrifice I consider important, let alone demonstrating inner virtue to a high degree of confidence. I could respect a desire to show true commitment, in an abstract sense, but you're not offering much in the way of what I would call valuable testing. That it lacks cohesiveness is yet another reason to doubt it. Not that I agree with you on the principle, but even giving you full credit for that, the method is defective.

I also disagree with you on the primary issue. We should get rid of closed primaries too, and instead go with a run-off system. California is reasonably close, but I'm not entirely satisfied with it. But I'd like to do a lot of electoral reform, even reshaping the legislatures.

That would perhaps be a digression though. I'd really like to know why you think the "effort" as you state you wanted, but as ultimately will be manifested, is meaningful. Did you just go with your gut, without really thinking about it much?

Re:The small amount of fraud

The constitution also says that only citizens can vote. Whereas the true goal of most people arguing about "disenfranchisement" is to enable non-citizens to vote fraudulently, because they believe the fraud will help their side, while also claiming that the amount of fraud is negligible.

Re:The small amount of fraud

Go away. We all get a vote, they are all equal. Or are you not talking about the land of the free?

Re:The small amount of fraud

I'm not sure how "open primaries" require less work from voters. I'd argue they're more cognitive work for voters, and they're certainly more practical work for parties.

Frankly I'm not sure why we ever got into the business of letting parties decide who appears on the ballot, and I'm even less sure why we keep putting up with it. If the RNC/DNC want to endorse candidates and have conventions and whatnot they're welcome to do so. But candidates should only appear on the ballot because they got enough signatures on a petition to appear in the open primary and got enough votes in the primary to appear on the final ballot.

I'm also not sure why you think "more work" equates to "better management". In business we typically find exactly the opposite -- that processes which require a lot of manual work from unsupervised individuals are often slower, more expensive, and less reliable. Why do you think it works differently when we're managing the government?

Re:The small amount of fraud

[GoChickenFat]

Actually, states determine the right to vote and citizenship is not a requirement by the constitution. The constitution has only been amended to prevent states from prohibiting certain voters, it still does not completely define how states determine who can vote. The president is selected by electoral college, of which you vote your opinion but the electoral are not bound to that opinion. I doubt most know who all their electoral folks are...I sure don't...and by the constitution they cannot be a senator or representative - so not someone you democratically elected.

...but to my original point. It's simply my opinion that people who vote should put some effort into it - if that means lazy, ignorant people don't make it to vote so be it. You can disagree and provide reasons as to why you really want lazy, ignorant people to vote but calling me names doesn't make your case.

Re:The small amount of fraud

This will result in pales in comparison to the amount of enfranchisement it will create. Every time I've seen someone railing against voter fraud it's always been a transparent attempt to keep some kind of "undesirables" from voting. Usually members of the working class.

Here's the thing; who are the citizens.
There are about 30-40 millions non-citizens (US Census says 30, others 40) in the USA of which about 10-12 million are here illegally.
Non-citizens are not supposed to vote.
Non-citizens tend to live clustered so that local county elections are at a huge risk of being affected by non-citizen voting. In states with large immigrant populations (California, Texas, Florida, Georgia), it's a very real risk for local elections as well as district based elections such as the House of Representatives.

You tell me how, without identification, we can filter out the votes of non-citizens and still have a secret ballot.

OTOH, I'm 99% certain that the extreme requirements that a few states have put in place for voter identification was done solely to make it difficult for the lower classes (Blacks and Hispanics) to vote. They're being assholes.

This is one of those issues where the question should be "where do we draw the line".
I am as suspicious of the motives of the "anybody can vote" left wing as I am of the right-wing's "show a photo ID, a birth certificate, and a notarized family tree going back to the Mayflower". or Robert E Lee, depending on where you're from.

Personally, I support requiring people to register to vote ahead of time with reasonable requirements for identification. Requiring all of Driver's License, birth certificate, social security card, and utility bill is absurd. I'm looking at North Carolina.

I don't support that anyone can show up and have their vote counted without registering and no ID.
I support the option of freely providing provisional ballots for those who say they cannot obtain such an ID for one reason or another or cannot register in time.

if it's a close election, then the provisional ballots can be counted and audited. In case you don't know, absentee and provisional ballots are usually not counted if the number of such cast is significantly less than the winning margin.

Re:The small amount of fraud

Well done! Now you only need to show that democratic means "early voting" and representative republic means "show up on Election Day and stand in line", and you will have formed a coherent argument.

Re:The small amount of fraud

Actually, states determine the right to vote and citizenship is not a requirement by the constitution. The constitution has only been amended to prevent states from prohibiting certain voters, it still does not completely define how states determine who can vote. The president is selected by electoral college, of which you vote your opinion but the electoral are not bound to that opinion. I doubt most know who all their electoral folks are...I sure don't...and by the constitution they cannot be a senator or representative - so not someone you democratically elected.

Yes, yes, the Constitution is flawed, and the Electoral College is the biggest joke of them all, but let's not digress into that technical argument here, you're really not approaching that subject very well.

...but to my original point. It's simply my opinion that people who vote should put some effort into it - if that means lazy, ignorant people don't make it to vote so be it. You can disagree and provide reasons as to why you really want lazy, ignorant people to vote but calling me names doesn't make your case.

Your point is flawed, because you aren't suggesting any effort that would be impacted by laziness or ignorance, the only quality that directly arises from your presented objections (to absentee ballots and early voting) is the stubbornness to stand around on one given day if there's a crowd. Which speaks to poor planning on the elections staff's part, not a real trial. Open primaries don't even do that much.

So far, your opinion seems to be based on a irascible temperament of your own. I'm not sure I want *you* voting with that attitude. Then again, your complaints aren't helping your case either. You're being subjected to obscenities, not name-calling, the descriptions may be pejorative, but you really need to pay attention to the criticisms rather than brush them off so blithely. Or rather, use the excuse of vulgar language to conceal your lack of ability to approach the substance of the complaints against you. I'd recommend you just let the vituperative language go, rather than be distracted by it.

If you want to consider why people have the right to vote, regardless of their ignorance, laziness, or other qualities, it's because the government is legitimized by such an action. Giving all people influence over the decisions and conduct of the government is important because said government has authority over those individuals. That's why instead of barriers to vote, the government should act in the opposite direction when it comes to voting. Now when it comes to acting under the authority of government, there you have a good case for selections of character and virtue.

Re:The small amount of fraud

[r0kk3rz]

Show up the day of the election, darken the oval next the candidate you want and feed it into the electronic counter - an unambiguous paper trail will remain.

What about ranked choice voting? How does that fit into the 'darken the oval' method? Ranked choice is a much fairer way of conducting elections

Re:The small amount of fraud

[dywolf]

Rights: Now only for those deemed worthy by ChickenFat.

Re:The small amount of fraud

[dywolf]

Because at the time of the founders the word democracy referred primarily to what we now call "direct democracy". the phrase "representative democracy" didn't exist yet, even though it means the same thing as "representative republic".

the founders used a lot of words that refer to the democratic selection of government. words like: self-rule, self-governed, voting, election, etc.

what you are essentially doing is talking about your new car, but refusing to call it a car, saying instead that it is a "motorized conveyance device".

Re:The small amount of fraud

Here's the thing; who are the citizens.
There are about 30-40 millions non-citizens (US Census says 30, others 40) in the USA of which about 10-12 million are here illegally.
Non-citizens are not supposed to vote.

And generally speaking, they don't. Of course, going by recent turnout, neither do most Americans.

Non-citizens tend to live clustered so that local county elections are at a huge risk of being affected by non-citizen voting. In states with large immigrant populations (California, Texas, Florida, Georgia), it's a very real risk for local elections as well as district based elections such as the House of Representatives.

Ok, let's go with your concern, risk of what? What's the actual risk of harm involved? Is it more or less than say, the current gerrymandering of House districts anyway?

That's been harming the country, due to a lack of accurate representation of the preferences of the electorate.

You tell me how, without identification, we can filter out the votes of non-citizens and still have a secret ballot.

You're confusing opposing "voter ID" with "no identification" which is not the same thing. Of course, the whole business of citizenship is problematic anyway, but that's a deeper issue.

I am as suspicious of the motives of the "anybody can vote" left wing as I am of the right-wing's "show a photo ID, a birth certificate, and a notarized family tree going back to the Mayflower". or Robert E Lee, depending on where you're from.

The left in the US has hardly pursued this "anybody can vote" policy, so I'm not sure you're being effective in your suspicions here. The left isn't even pushing that hard against felon disenfranchisement.

Personally, I support requiring people to register to vote ahead of time with reasonable requirements for identification. Requiring all of Driver's License, birth certificate, social security card, and utility bill is absurd. I'm looking at North Carolina.

I don't support that anyone can show up and have their vote counted without registering and no ID.

Ah, the trick is reasonable, and the trick is what happens when the government is responsible for something like say, erroneously mistaking you for another person and removing you from the voter rolls, or even doing it by accident.

I support the option of freely providing provisional ballots for those who say they cannot obtain such an ID for one reason or another or cannot register in time.

if it's a close election, then the provisional ballots can be counted and audited. In case you don't know, absentee and provisional ballots are usually not counted if the number of such cast is significantly less than the winning margin.

Oh, they are, they're just not terribly important, so they're not verified or accounted. Then again, such error-checking is generally the case for most elections, it's not worth the bother to verify and test.

Re:The small amount of fraud

[The-Ixian]

what you are essentially doing is talking about your new car, but refusing to call it a car, saying instead that it is a "motorized conveyance device".

<Pedantic>I think a better analogy would be: You got a new "motorized conveyance device", which is what they are called now. But you continue to call it a "car" even though the definition of "car" has changed to mean something slightly different.</Pedantic>

Re:The small amount of fraud

[GoChickenFat]

A distinction without a difference. Our president is elected by an electoral influenced by a democratic voting process by which each state defines qualification and only with recent amendments to the constitution, has been further defined but still not specific. The founders put in place the electoral in just such as case as democracy would become idiocracy - https://en.wikipedia.org/wiki/... - at least for the president. The house originally was our democratically elected branch, with the senate selected by the state's legislatures. That's all been changed by the 17th amendment. I don't know which would be better but I do know I have much better access to my federal and state house representatives than my senators or the president.

Sorry, my quick "not democratic" response to mr "fuck you" was not well defined. Frankly, I'm disappointed in the overall lack of understanding of the constitution and its history found here on slashdot; although, I'm not surprised as I wasn't taught much in high school either and had to take a full semester in college on the "right to vote." Slashdot used to be a place were people defended their ideas with information and reason...now it's just "f-you" and "move if you don't like it" - the same useless drivel found all over the internet.

Re:The small amount of fraud

[speedplane]

I only want people voting who put some effort into it.

And whomever gets to define "some effort" wins the elections.

Re:The small amount of fraud

[GoChickenFat]

Rights: Now only for those deemed worthy by ChickenFat.

Actually, as defined by the constitution, which does not provide for nor exclude early voting or absentee voting. That's left to the states to define and that's where my opinion should count with my elected representatives.

What's your opinion about felons or foreigners being excluded from voting by most states? The constitution does not expressly forbid felons or foreigners. Who deemed them worthy to be excluded? It wasn't me.

Re:The small amount of fraud

[GoChickenFat]

And whomever gets to define "some effort" wins the elections.

Yes, I realize "effort" is subjective, but dang, the path we're on right now is what has us voting for the worst possible people to hold office. The only effort I'm suggesting is showing up on election day...presumably only those that care enough would make the sacrifice. It would also severely limit the ability to vote harvest over weeks - and by that I mean individuals or groups that round up what can only be called "useful idiots" to cast votes in return for whatever - food, money, a ride, something to do, nothing, etc.

Re:The small amount of fraud

[The-Ixian]

Exactly this.

Having to take unpaid time off from work (if your employer even lets you) to go vote pretty much guarantees that a certain portion (working poor) of the electorate will not vote.

Re:The small amount of fraud

[david_thornley]

Okay, darken the ovals next to the candidates you want, in order of preference. Works just fine around here.

Re:The small amount of fraud

[speedplane]

the path we're on right now is what has us voting for the worst possible people to hold office. The only effort I'm suggesting is showing up on election day...presumably only those that care enough would make the sacrifice. It would also severely limit the ability to vote harvest over weeks - and by that I mean individuals or groups that round up what can only be called "useful idiots" to cast votes in return for whatever - food, money, a ride, something to do, nothing, etc.

If the goal is improving vote quality, then it's much safer to improve the media and education apparatus, than to come up with artificial hurdles for voters. While it would be nice if there was a philosopher king that could choose voters based on education, intelligence, effort, etc., it's just too much power to give any one person or government entity. It's better to make voting incredibly easy, and develop strong first amendment rights (free flow of information) and quality institutions that utilize those rights. This way, the power to influence voting is spread among many instead of the few. It's not ideal, but it much less prone to developing too much power in too few.

There is one good thing

[fustakrakich]

You can take a screen shot or a picture of the screen that shows your vote.

Still, nothing beats good old paper ballots. Too bad not enough people are demanding it.

Re:There is one good thing

[Geoffrey.landis]

You can take a screen shot or a picture of the screen that shows your vote.

But, what do you do with the picture? I suppose if you're being paid for your vote, that might be a way to verify that you should get paid, but it won't tell you whether your vote is correctly added to the tally.

Still, nothing beats good old paper ballots. Too bad not enough people are demanding it.

Paper ballot with optical scanner seems a good compromise: you can count electronically, but if there's a problem, you have a paper trail.

Re:There is one good thing

[Zumbs]

Paper ballot with optical scanner seems a good compromise: you can count electronically, but if there's a problem, you have a paper trail.

How do you know that there is a problem, if you haven't made sure that the paper ballots have been under observation from when voters start casting their votes until the votes have been counted? If days or weeks have passed, the ballots could have been tampered with.

Re:There is one good thing

[CoderJoe]

Optical scanner systems have been hacked already.

Re:There is one good thing

[clodney]

Where I live (Minnesota) ballots are physically secured. You fill out your paper ballot, then feed it into the optical scanner. The scanner reads the ballot, and you see the ballot counter change on the machine. The ballot goes directly into a locked container.

If the scanner has been hacked to report incorrect results, the paper ballots can be used as an audit trail.

I don't know all the steps taken to secure the paper ballots, but I know that both major parties have election judges and observers at pretty much every step of the way. Not saying that fraud is impossible by any means, but it is treated as an adversarial system. In the Franken/Coleman recount of 2008 (?), Democrats and Repulicans were involved at every step of the process. At one point I think they even had a webcam on the room containing the ballot boxes, to satisfy people that no tampering was going on.

Re:There is one good thing

[david_thornley]

How we do it around here is that we normally go by the optical scanners. We also select precincts at random to compare the paper ballots with the optical scanners. If a candidate presents sufficient reason for a recount, or if the votes are too close, we can count all the paper ballots. All ballots are cast in rooms with provisions for observers. Once the ballots are cast, the boxes are sealed and not opened except when necessary, and in the presence of observers. Typically, both major parties will send observers when called for, and there's no reason other parties can't.

Quibbling

[93+Escort+Wagon]

From TFA: "But experts in computer security maintain that nothing sent over the Internet is secure."

While I agree with the point he's trying to make about the issues with existing online voting systems, this hyperbolic statement is clearly wrong.

It's certainly possible to make Internet voting at least as secure as paper ballots. Heck, it could be made significantly more secure than my state's vote by mail program (which is the only way to vote in Washington state). The problem is, making it secure would also make it extremely inconvenient for each voter, as well as expensive to the state in terms of both money and manpower... so that's not going to happen.

Re:Quibbling

[GoChickenFat]

it could be made significantly more secure than my state's vote by mail program (which is the only way to vote in Washington state).

I'm sorry to hear that Washington state has already thrown away their elections. I'm sure every single mailed in vote is actually cast by the intended person and not by one person in the household "helping" or by churches rounding up the elderly to "help", or nursing home "helpers", etc.

Re:Quibbling

[Geoffrey.landis]

I'm sure every single mailed in vote is actually cast by the intended person and not by one person in the household "helping" or by churches rounding up the elderly to "help", or nursing home "helpers", etc.

That would be one-ballot-at-a-time election stealing. I'm not terribly worried about that; it would take such a massive program to alter 50,000 votes that way that this wouldn't be an effective way to steal an election. It's changing the entire count that I worry about.

Few elections are ever decided by ones and twos of votes. It's wholesale changing that is the problem.

Re:Quibbling

[DaHat]

it would take such massive program to alter 50,000 votes that way that this wouldn't be an effective way to steal an election

Massive? I could do that from my basement in a couple of weeks... though my credit cards might get maxed out to do so.

A couple of years ago I discovered a rather easy to exploit series of vulnerabilities in the Washington system which could be used by an individual to quickly sway a small election in a short period of time, or by a campaign or PAC backed group to sway a statewide one in just a couple of weeks.

From time to time I go looking for a lawyer interested in working on the project as the only way to prove it's actually an issue (and one the state is ill-equipped to detect & mitigate) it's an issue is a demonstration... which would of course be very very illegal, without permission... and given my desire to stay out of jail, I've not moved on this project nor disclosed the specifics.

Re:Quibbling

[ADRA]

Just write a thesis on voting measures and counter-measures. Last time I looked, academics don't get locked up for attacking hypothetical voting regeimes even if they happened to be based on real world scenarios.

Re:Quibbling

[DaHat]

That is the backup option (even though I'm more than a decade out from academia)... unfortunately it too comes with a great deal of risk. A read through state law alone gives me the impression that widely disseminating the info, even in such a hypothetical, totally not connected with any particular state would still leave me liable should someone ever use the method.

Yes, it is unlikely that they'd come after me unless I actually opted to illicitly print & vote 5k ballots from my basement over a weekend... I tend to prefer to limit my legal exposure to overzealous prosecutors.

Re:Quibbling

[LynnwoodRooster]

Remember the Rossi/Gregoire election in 2004? It took but a few hundred votes to change that. And of course, those "votes" were found a month after the election - in a box, stored in a closet somewhere.

Re:Quibbling

[fgouget]

From TFA: "But experts in computer security maintain that nothing sent over the Internet is secure."

While I agree with the point he's trying to make about the issues with existing online voting systems, this hyperbolic statement is clearly wrong.

It's certainly possible to make Internet voting at least as secure as paper ballots.

You're mistaken on both points. The only things we know how to make somewhat secure are things that are not secret. For instance when you buy something online the store knows what you bought, provides you with the means to prove what you bought, and the bank knows your identity, that of the store and the amount of the transaction. Even so you're not protected from a store taking your money and never shipping the product. But at least, all this data can be used to prove the existence of the transaction and resolve conflicts.

But voting is different: not only must the state not know how you voted, but even you must not be able to prove how you voted. Furthermore you cannot trust any state-provided software because they are both judge and party and are the ones with the most to gain from a rigged election. This makes all the standard techniques used to keep things online secure unusable.

Back to the analogy, it's as if you wanted to build an online store that would only let registered customers (citizens) buy stuff, but have no knowledge of what they bought (how they voted), and not let them prove in any way what they bought (to prevent vote selling and corercion). Furthermore the people running the store would stand to gain a lot by cheating their customers, and there would only be one such store (your country) so you could not even rely on an reputation system to weed out bad actors.

Re:Quibbling

[fgouget]

Wikileaks?

Re:Quibbling

[fgouget]

I'm sure every single mailed in vote is actually cast by the intended person and not by one person in the household "helping" or by churches rounding up the elderly to "help", or nursing home "helpers", etc.

That would be one-ballot-at-a-time election stealing. I'm not terribly worried about that; it would take such a massive program to alter 50,000 votes that way that this wouldn't be an effective way to steal an election. It's changing the entire count that I worry about.

Few elections are ever decided by ones and twos of votes. It's wholesale changing that is the problem.

In this case the worry is not so much one individual stealing an election, but entire categories of the population being denied their right to vote freely due to social factors.

Not likely

[rsilvergun]

Any fraud large enough to influence elections is likely to get caught. It was in Florida too, it's just that Gore underestimated the damage of a Bush presidency and over estimated the damage a fight would have. That's not a mistake anyone's going to make twice.

Make no mistake, the Republicans are absolutely shitting themselves at the thought of this. Right now Trump's strategy of trying to appeal to new voters is freaking them out (538, Nate Silver's blog, just did a piece on it). A huge part of American politics is controlling who actually gets to vote. That's why progressives like Obama have been flying the idea of mandatory voting for a few years now. The working class generally is too busy working 50 hours/week to think much about it. And the working class isn't too friendly to the Republicans. They're diametrically opposed to their economic and they're becoming indifferent to the social issues (if only because the Repubs have failed to deliver on any victories).

The American left need enfranchisement to succeed. If you accept that as a truism (and I'll leave that as an exercise to the reader) then it stands to reason the American Right need disenfranchisement. This also explains the popularity of "voter Id" laws.

Re: Not likely

I hate when people, usually on the left, fuss about voter identification laws. Requiring identification is definitely a good way to ensure that the person casting the vote is who they claim to be, and that people don't vote multiple times. I don't see how any honest person could oppose those goals.

The real problem is the ridiculous barriers sometimes put in place to make it difficult to obtain appropriate identification. It's definitely in our interests as a country to know is here, to be able to identify a person when needed, and to ensure that those people have access to basic services that require identification. The actual disenfranchisement is carried out by closing down DMV offices and making it very expensive and difficult to obtain prerequisite documentation like birth certificates. Those tactics harm people beyond their ability to vote. I support voter ID laws while addressing the underlying issues I just described.

Re: Not likely

So naturally you are also in favor of requiring IDs in other critical or dangerous area, such as buying guns, right?

Re: Not likely

Of course I am. Requiring an ID and a comprehensive background check to buy a gun is common sense. As for voting, reducing fraud with voter ID laws and enfranchising minorities are not mutually exclusive. I can't understand why there isn't a bigger push to simply make it easier for minorities to get proper identification. It would take away an avenue for disenfranchisement while making it far easier to do other things that require ID, including getting many types of jobs.

Re: Not likely

In what State can you buy a gun from a dealer without an ID form? And you do know, that it's actually a GSA rule that you MUST show a Government-issued ID to enter Federal Government buildings...

Re: Not likely

Difference is owning a gun is a right for everyone in the US, while voting is only a right for citizens.

The sky is falling...again

[filesiteguy]

Here we go again, with the "it isn't secure, and we're gonna hack the election" conspiracy. Funny how our entire banking system is online and secure enough, yet voting isn't. We're still forced to accept 1800's era paper trails. Even the multi-million LA County voting system (last designed in 1969) is being redone with a paper balloting process.http://vsap.lavote.net/

Sheesh!

Re:The sky is falling...again

[ledow]

Voting systems require:

Everyone to have unique credentials (yep, banks have this).
Everyone to be identified before issuing credentials (yep, banks have this)
Everyone to have AT MOST one credential (Er... nope).
Everyone to have a credential which can be proved to have been used only once (Er... possibly, some of the banking stuff can only be spent "once").
Everyone to have votes that can be verified throughout the process (some of this, but nowhere near the same level of assurance).

The problem is not any of the above. But your bank funds all the above. All of it. Who funds the electoral system? Taxpayer-funded government IT. You seriously just give up when you hear that, in IT.

Issuing millions of credentials to only verified people, with no duplicates, to the point that the person must be verified to be the person using the credentials, and they can only "use" them once, and they all know how to do it, and without just taking things on trust (isn't Amazon's entire credit card functionality based on assuming all the risk from the bank for the sake of simplicity and customer experience?), and being able to prove that everyone voted only once but NEVER what they voted for, and being able to prove who - overall - everyone voted for? It's a difficult, but not impossible task hindered by maths, logistics, practicality, human error, cost and budget-defined shortcuts.

Re:The sky is falling...again

[NotInHere]

Even if online banking was secure (which it isn't), the difference still is that online banking TRACKS each of your activities, and that if it it indeed was hacked (e.g. you clicked a wrong link and installed malware), you will find out soon enough. But with voting, the situation is terribly different.

First, its done in secret, noone knows what you voted, even if you told everyone what you will vote, in the booth noone can look over your shoulder. Banking is the exact opposite, the bank knows each of your transactions.

Second, if someone used malware to change the outcome of a vote, there is no way to know it for certain.

I'd say let's keep our fingers off digitizing this part of how we live together.

Maybe some parts of the system should be changed (e.g. letting the people vote directly for the president), but the paper trail is IMO the best and most secure way to do it.

I love technology, but we haven't figured out how to make computers safe (we really haven't), and with votes there is too much at stake.

Re:The sky is falling...again

[GoChickenFat]

Banking transactions are not anonymous and are substantially subject to fraud. It's amazing that people on slashdot talk for years about dumb users and their dumb passwords but come online voting by these same dumb people - no problem. How do you intend to insure the person casting the vote is the actual person and not a grandson "helping" grandma or some other form of vote harvesting? Same problem exists with mail in voting. Show up, vote on paper! Save the absentee for the very few that should qualify.

Re: The sky is falling...again

[tacarat]

Having a computer, knowing how to use it, keyloggers, malware changing your vote, politically motivated hackers, counter hacking, counter counter hacking. Everybody on this website might be ready, but probably not the rest of the US.

Re:The sky is falling...again

[RossWilliams7099]

Yes, banks are relatively secure. But they wouldn't be if you had no way to renew your transactions or know what your balance was.In fact, I suspect there are a lot cases where people have access to their spouses bank accounts. People provide access to debit cards or automatic deductions tied to their bank account all the time. Its not only plausible, but likely that political parties and campaigns would "bank" people's voting numbers so they can just automatically vote them. With only an electronic record there is no way to verify that the count actually reflects how people voted. History, not conspiracy theories, tells us that if it is possible to rig the vote count, someone will do it. A tangible ballot is really the only way of assuring auditing for an accurate count. The third problem is privacy. It may be possible to create an electronic privacy envelope that makes it impossible for the elections officials to know how you voted. But it does not appear to be a non-trivial task. You need to create a process where a vote counter can read the ballot but can't attribute the ballot to a specific individual. At the same time the voter has to be able to verify that their ballot was received as sent. In short, electronic voting will likely never work. But it is almost certainly not ready to work now.

Re: The sky is falling...again

Trace Bustah Bustah...Bustah.

Re: The sky is falling...again

[david_thornley]

I've been a techno-geek longer than most of you have been alive, and I don't want online voting. There's just too many things that can go wrong. With the current system, I'm relying on simple handling of pieces of paper in ways I understand. I'm not nearly as confident of my ability to audit voting machine code, my ability to verify that the code running on the machine is built correctly from the source I audit, verify the communications, and so on.

Voter, not ballot, not secure

[Todd+Knarr]

The problem isn't so much that the ballot itself isn't secure, it's that the authentication of the voter isn't reliable so the identity of whoever cast the ballot isn't secure. The only ways to make that authentication reliable involve encoding the identity of the voter into the cast ballot, which blows away the whole idea of secret ballots so nobody can confirm how you voted.

It's possible to do it, but you'd need a) a state-issued smartcard with a unique key-pair assigned to that specific individual capable of encrypting and signing arbitrary blocks of data, and b) a front-end system that'd accept the voter-signed ballot, verify the signature and contents, strip the voter's signature and replace it with one from the election authority, and this system would have to be trusted not to record anything tying voter identities to ballots and verifiable so that anybody could confirm that not only was the system actually trustable but that the running software was generated from the verified code. That's a non-trivial system to set up.

Re:Voter, not ballot, not secure

This is, of course, wrong. Computers are easily hacked--especially PCs--so there is little that could prevent malware from showing the voter one thing on the screen but send something else to the vote server.

Proper authentication is easy compared to the very nasty problem of endpoint security.

The closest computers should get to voting is scanning hand-marked paper ballots. DO NOT even make the voter fill a ballot on a screen and then take extra time to verify a hardcopy.

Re: Voter, not ballot, not secure

There is a technology called blockchain nowadays. It's the only way to make online voting secure. Votes can be recorded into a blockchain in a way that no one else than the voter can see what the vote was and the record is unchangable.

Re: Voter, not ballot, not secure

[dgatwood]

Blockchains do nothing to help with this problem. The only way to ensure that no one else other than the voter can see the vote is to implant an LCD panel inside the voter's eyeball and require the voter to close his/her eyes before showing the vote info....

The problem of ensuring that only the voter's computer can see the vote is a trivial one and does not require a blockchain or anything like it. You just give the voter a unique identifier, hash the ballot using the voter's unique identifier as a nonce, and submit the hash alongside the ballot data. Then, you store the ballot data on the local computer.

To verify the vote, the voter's computer provides the voter's unique identifier and the result of re-hashing the ballot data with that identifier as a nonce. The server verifies that A. the provided hash exists in the database, and B. when the hash is recomputed by combining the stored vote data with that unique ID, the result matches the stored hash value.

This does not prevent someone from obtaining the voting record from the user's computer, however, unless the user chooses to destroy the local copy of the vote data, in which case the user will be unable to verify the vote later (short of remembering who he/she voted for and painstakingly reconstructing the ballot). Technically, the user's computer could throw away the vote data and keep only the hash. However, that would mean that it would be unable to show the user who he/she voted for, and thus the verification would tell you only that the server has a vote for that user ID that matches a hash that you can only assume had something to do with your actual vote. By contrast, if you keep the vote data, the user could manually compute the hash and trust would be much more absolute.

There's also the option of making that nonce be temporary, generated randomly by the user's computer, and independent from the authentication system. That would ensure that the vote is tied only to the sending IP address, rather than to the original voter, to the maximum extent possible (though during the initial vote submission itself, the server would temporarily know the user's ID for authentication purposes; I think that is probably very nearly unavoidable, though you could possibly add some layers of indirection to make it so that multiple servers would have to be compromised to determine who voted for which candidate). Subsequent vote changes would not require authentication (the hashed vote and the original vote data would be sufficient proof, assuming communication is properly encrypted).

Re:Voter, not ballot, not secure

[Kjella]

That wouldn't actually solve anything because you're still relying on the box you set up to tally the votes it actually got instead of creating its own result. Maybe it's easier to understand all the problems if we examine a hypothetical reverse election fraud. Let's assume that you go to vote for president and you actually vote for Trump. But when the votes are tallied and there's zero votes for Jill Stein in your voting district, you go out and publicly claim "Hey this election is a fraud, I voted for Jill Stein so where's my vote??"

Obviously if they can pick out your vote and say look, here's your vote and you're lying then secret ballots is a lie. So in a paper ballot you'd have people testifying that they've examined the ballot box and it didn't have any hidden compartments to add/remove votes and was empty when they started, that it's been kept locked and under observation from voting started until the votes got counted, that it was properly emptied and all votes counted and here's the stack of cast votes that's been in secure storage for a recount. For bonus points there's possibly video evidence that the chain of custody is unbroken.

While you can never formally prove a negative there would be fairly strong circumstantial evidence that the vote wasn't tampered with and that you're actually mistaken, lying or have mental problems. And while it's possible that there's been some form of irregularity in this one place, it'd take a mass conspiracy to significantly influence the election. There's a reason systematic election fraud in third world countries is pretty obvious from the the outside world, you can't have that many people involved and keep it a real secret.

Compare this to an electronic vote: The box says so. Who says the box is telling the truth? The government and the company who made the voting box. All you need is some kind of condition or trigger to say this is the real election, nobody will know if you swing a few votes now. And the rest of the time, it'll tally exactly what it's supposed to for public demonstrations of how reliable it is. What's the guy who lost by a surprising last minute 4% swing going to say, that the election was rigged? He'll come across as a sore loser and paranoid nut even if that's exactly what happened. And there's no record to prove it anyway.

Re: Voter, not ballot, not secure

[dolmen.fr]

Citizen voting has at least two requirements:
- the ballot of a voter is secret
- voters must vote only once, so voters must be authenticated and vote must be recorded.

So far I am not aware of a blockchain based system that garantees both.

Re:Voter, not ballot, not secure

[thegarbz]

it's that the authentication of the voter isn't reliable

Given your votes are cast anonymously and many states don't have ID laws I don't see this as any worse than the system in place now.

Mind you I find the entire lack of ID thing amusing. The fact that people can get through their lives without a valid form of ID is very foreign to me, as is the concept that some people would be disenfranchised by requiring ID. How expensive or difficult could it be?

Re: Voter, not ballot, not secure

[fgouget]

There is a technology called blockchain nowadays. It's the only way to make online voting secure. Votes can be recorded into a blockchain in a way that no one else than the voter can see what the vote was and the record is unchangeable.

First, if only the voter can see what the vote is, then the government obviously cannot tally the votes, making the election impossible. Fortunately blockchains don't work like that: the transactions are public since the nodes must verify that they are valid.

Second, the voter must not be able to prove how he voted otherwise that opens the door to vote selling and coercion.

Third, voting must be restricted to citizens of age which implies that the government must maintain a list of the public keys of registered voters. Then it's trivial to use that list to de-anonymize all votes.

So no, blockchains are useless for traditional voting systems.

Re:Voter, not ballot, not secure

[Todd+Knarr]

That's easy to check. During an election you pick a sample of random precincts, set their actual ballots aside and in their place submit an identically-sized set of ballots which are randomly-generated but known. Have those random ballots created and checked/counted by independent groups so it'd be infeasible for any one entity to control both the vote-counting software and the random-ballot generation process. If the reported count for those precincts isn't exactly identical to the known count, there's been tampering with the counting software. Then you can submit the actual ballots for those precincts as a correction, replacing the random ballot counts, and proceed as usual.

military grade encryption?

What the fuck is up with this the term military grade encryption? This sounds like a term invented to justify multiple classes of encryption. One class than cannot be broken for the military and another class that can be for everyone else. That is not how this is supposed to work, encryption that worth using cannot be broken.

Re: military grade encryption?

[tacarat]

Marketing. Military grade is commercial off the shelf (COTS) for many things. If not, "lowest bidder" gets thrown around a lot too.

Re:military grade encryption?

The military needs stronger encryption than joe-schmoe does.

Re:military grade encryption?

[RandomSurfer314]

The term "military grade encryption" is a telltale sign of snake oil. People outside the military do not know what encryption the military uses in classified systems, and AFAIK there is also no general "military grade" encryption grade in the military. I'd rather wager that encryption in military systems ranges from ad hoc and easy to break now (though perhaps very fast in hardware) to very hard to break. It doesn't matter, though, if the endpoint security is not given. For what it's worth, the military could use weaker than "civilian" encryption in many scenarios, because the military has stronger endpoint security plus better working security by obscurity.

Re:military grade encryption?

[david_thornley]

The military has more sophisticated security models than Joe Shmoe, but doesn't necessarily need stronger encryption. For example, the orders for an attack need to remain secret until it's too late to do anything about it, and in some circumstances that doesn't even require encryption if things are moving fast enough. Encryption that, as far as we can tell, is unbreakable is cheap and easy nowadays, and there's no reason the JCS and Joe C. Shmoe can't use it equally.

The worst possible thing

[H_Fisher]

Want to end democracy in America once and for all? Then sure, go ahead and move all voting to electronic systems.

Doing so, you eliminate any real citizen oversight — you don't need all those election observers and volunteer pollsters anymore, so that's thousands of people who no longer count ballots, or supervise the machines that scan paper ballots now. Less oversight makes it easier to rig the system — something that's much less plausible now, because we have so many people involved.

Voting needs to happen on paper. Technology can improve our lives the other 363 or so days out of the year, but when it's an election at stake, I want a paper ballot for each and every person who votes. I want a tangible record, no matter how expensive it might be. A paper ballot is not entirely flawless and there are other kinds of fraud that can happen. But I'd prefer the startlingly low incidence of those kinds of issues because this is the only way we can be sure that other, more pernicious, less obvious or even provable types of fraud cannot and are not happening. Electronic voting should be illegal.

Re:The worst possible thing

Doing so, you eliminate any real citizen oversight

Exactly. Basically, you want voting to be as labor-intensive as reasonably possible. More labor means more people observing the system and making sure it's being run correctly and fairly. More people means more stability.

Re:The worst possible thing

I have been on duty as an observer on electronic voting in my home country.
If done right, you can have public scrutiny over e-voting as well.

1) Open source everything from code to protocols to procedures.
2) Have both public and commercial security assurance performed on everything.
3) Sign all software, both voter and server side. Use integrity checks everywhere.
4) Deploy physical tamper evidence on all servers and systems.
5) Perform admin tasks only under public scrutiny. There will be enough nerds and enthusiasts who WILL gather to find flaws in your procedures and opsec; use them wisely.

Nothing can be 100% secure, but good oversight CAN be achieved for electronic voting. It needs some fundamental decisions - publishing the code and protocols being the most important one.

Re:The worst possible thing

[fgouget]

1) Open source everything from code to protocols to procedures.

Open-source is useless if you have no way to verify that it is the code being used on the computers on election day.

2) Have both public and commercial security assurance performed on everything.

Elections serve to peacefully overthrow the powers in place. So, as far as elections are concerned the government must never be trusted. So letting the government pick a select few to perform the security checks is no guarantee at all. Furthermore security audits are useless if they don't audit the software and hardware that is actually used on election day. But while it's possible to let a handful of people perform very basic checks on these up to election day, it is impossible to let the voters do so. In other words the voters have no way to verify anything.

3) Sign all software, both voter and server side. Use integrity checks everywhere.

Sign all software, including the signing software. Audit the compiler too, and the compiler's compiler (at the assembly level, not the source level), the operating system, the drivers, etc. If you skip any step it's all for nothing.

Of course on election day you must also verify that the computer is actually running the official software and not just software designed to print the official cryptographic checksums. So start election day by pulling out the hard-drive, putting it in a computer that you trust, and verifying its content with your software. Of course the observer next to you cannot trust your computer and software and thus will need to make the same checks using his own hardware and software, giving him an opportunity to hack the content of the drive after you have checked it.

4) Deploy physical tamper evidence on all servers and systems.

Which is moot due to the point above. Also seals are pretty easy to replace, particularly by the entity that stands the most to gain from a rigged election: the government. Finally seals make denial-of-service attacks trivial: just break the seal. Once someone points out the seal has been broken the computer and software must be thrown away and rebuilt from scratch, delaying the election.

5) Perform admin tasks only under public scrutiny. There will be enough nerds and enthusiasts who WILL gather to find flaws in your procedures and opsec; use them wisely.

Yay, everyone can see the admin typing ls and the expected result being displayed in the terminal. Just ignore the fact that there's a 3G card hidden inside the computer and hacker reconfiguring things remotely. Public scrutiny means nothing.

I have been on duty as an observer on electronic voting in my home country.

You've had the wool pulled over your eyes.

Re:The worst possible thing

[fgouget]

Exactly. Basically, you want voting to be as labor-intensive as reasonably possible. More labor means more people observing the system and making sure it's being run correctly and fairly. More people means more stability.

I would add the corollary which is that a more labor intensive process makes it necessary to bribe more people to successfully rig the election. This drives up the cost but also the risks: as the saying goes, once three people share a secret it's no longer a secret.

So Long As

Trump Wins The Game Is Afoot!

I wonder

[NotInHere]

I wonder, do those sites include ga.js? Probably they do.

Call for hackers

[Bruce66423]

The only way to nip this dreadful idea in the bud is for a serious hack to occur that proves it is insecure. Thus the system reporting a billion votes cast for Abraham Lincoln would probably do the job...

That will never work

[ronmon]

Because then you only get votes from people that are stupid enough to use Facebook.

Not secure by design

[p51d007]

The problem is, people in the USA, take their rights & freedoms for granted. The (un)education system in this nation, over the last 40+ years, along with our short attention span, people don't have a clue how our system is SUPPOSE to work. People are deathly afraid of the IRS, afraid of the CIA, afraid of pretty much any government agency. THAT my friends, IS the problem. People are afraid of government, but, the government should be afraid of the people. We have become not a free nation, but a nation that is now is a soft tyranny, and we are quickly approaching a hard tyranny. Once "something" triggers a nationwide crisis, be it terrorism, a huge global pandemic, depression, war, whatever, the government will quickly suspend our rights and we will become a socialist dictatorship. I only hope it doesn't happen until my time on this Earth is finished. The Constitution EXPECTS its citizens to police those governing it, and, to throw out any such government that usurps the rights guaranteed in the constitution. Considering how we've allowed the government to get to this point, shame on us for not being good stewards of our country.

Online voting is a BAD idea

Voting in person on paper is the way to do it.

Voting in person requires the person show up and can be checked off a list. If they vote online, all it takes is a single person with their identifying information and possibly a proxy server to commit massive voter fraud voting for thousands or even millions of people without their knowledge.

Voting with a machine or having a machine tally the votes allows for the machine to be programmed to lie about the results and if the votes are cast digitally, they can have the record of the vote changed to match where they have no proof the rigging took place.

And if it was rigged, both systems can be done by the same set of people so all online voting can do is allow the votes to be stolen even easier. I already dislike mail in ballots for the same reason but at least that is more trackable than either of the previous two.

Whatever made you think America was a democracy

[rsilvergun]

We've been an oligarchy well... pretty much always. Then entire point of the electoral college, the Senate and our entire system of representative gov't was to protect the interests of wealthy landowners. We only bothered to form a Federal gov't in case the British attacked again. What little flirting with actual democracy we've done was the result of a member of the ruling class (FDR) breaking ranks with his peers and throwing in for the workers. That an WWII killing a huge number of working males requiring the ruling class to practically coddle the survivors (plus the cold war delaying global competition among wage earners).

We have not and are not a Democracy. Online voting might actually change that though. Disenfranchisement has been the best method used to keep up the ruse. Online voting would make voting possible for the working poor (who traditionally can't make it to the polls before they close around their 12-16/hr/day jobs; not by accident). Like mandatory voting the ruling class is scared shitless of this.

Re:Whatever made you think America was a democracy

What little flirting with actual democracy we've done was the result of a member of the ruling class (FDR) breaking ranks with his peers and throwing in for the workers.

Isn't that the guy who forced us to give our money to bankers? Without FDR, you'd be saving in a gold-backed account for your own retirement - not working endlessly for bankers who keep your money when things go well and get bailed out when things go poorly. Today we're living in a best-case scenario for FDR's peers thanks to his actions. Tomorrow let's see how secure your 401k really is when the shit hits the fan.

Why so limited

Why are paper or electronic ballots so limiting?
I can only think that TPTB want it that way...

Why not let voters use order of preference.. 1st, 2nd, 3rd... Say you didn't like Hitlery or Trumpet but knew voting for J. would be taking a vote from the Trumpet candidate and you knew it would be far worse with Hitlery in charge...

So you can put #'s by names or more complicated check boxes to say

_1_ : Johnson
_2_ : Stein
_3_ : Trumpet
_4_ : Hitlery

I think a majority might well endup being a 3rd party if one didn't worry about throwing their vote to a candidate they fear. Yes it would take some more complicated tracking but, great..

Also one could provide a unique index code(or 2) with every vote; to the voter which could be looked up after totals in an unchanging (hash code/public list verifiable) where anonymous voters can check to see if their votes were counted properly... If they were not, by enough people, a formal stink could be made...

A :None of the above option that if 'won', would force all parities to present new candidates(heck, maybe ban existing from ever retrying) and another vote.

Re:Why so limited

Don't forget a law forcing candidates to not go contrary to their promises else lose their position and personal wealth.

Re:Why so limited

[dolmen.fr]

Promises are a bet on the future. But the future may not happen as envisioned at the time the promise was made.
Would it be fair to punish people for not correctly predicting the future?
Do you really want any promise to be applied even if it does not anymore apply to the context it was envisioned?

Banks aren't secure [Re:The sky is falling...again

[Geoffrey.landis]

Here we go again, with the "it isn't secure, and we're gonna hack the election" conspiracy. Funny how our entire banking system is online and secure enough, yet voting isn't.

But it isn't. Bank fraud happens all the time. When it happens, you show the paper trail, and the bank verifies it and gives you your money back. They accept the loss as the cost of doing business. How do you get your vote back?

Here is David Pogue's comment in Scientific American (www.scientificamerican.com/article/when-will-we-be-able-to-vote-online/):

“But wait,” you're entitled to object, “banks, online stores and stock markets operate electronically. Why should something as simple as recording votes be so much more difficult?”

Voting is much trickier for a couple of reasons. Whereas monetary transactions are based on a firm understanding of your identity, a vote is supposed to be anonymous. In case of bank trouble, investigators can trace a credit-card purchase back to you, but how can they track an anonymous vote?
And credit-card and bank fraud goes on constantly. It's just a cost of doing business. But the outcome of an election is too important; we can't simply ignore a bunch of lost or altered votes.

Voting for candidates should be in person, period.

[eriks]

For our "Representative" democracy, as many others are saying, electronic voting simply makes no sense. Too easy for coercion, too hard for identity confirmation, etc.

However, a "teledemocracy" system makes sense in the form of a national referendum, or maybe more like a national conversation about specific issues. It could pull some issues back into the realm of direct democracy. Probably not for everything, and probably not all at once, but having a serious system (unlike previous attempts which were largely ignored by our representatives) that could guide reps and congresspeople more directly than the current system(s) of "polling", which is again, all too-often ignored.

Such a system could be not unlike the one here on slashdot, with moderation, karma, etc., which though perhaps less than ideal, could lead to a system where the American People actually get to set (or at least nudge) the agenda, rather than the status quo, where lobbyists, and power-brokers get to not only set the agenda, but write the legislation.

I'm sure it wouldn't be perfect, any maybe not any better, but it's hard to see how it could be any worse than what we have now.

Oh, good...

...I was so worried that the Democrats might have a harder time stealing this election than normal. It's good to know their hackers are on the ball.

You do realize

[rsilvergun]

you just advocated voter disenfranchisement, right? And what, exactly, do you define as sufficient effort? Here in my neck of the woods voting for Bernie in the primaries was a 3 hour wait. That wasn't an accident, you know. Wasn't there some old saying about coming round for the socialists? I forget how it went, and evidently you did too.

Oh, and only 9% of voters turned out for the Primaries. That's why you get to choose between Fuckface von Clownstick and Wallstreet's Girl.

Re:You do realize

[GoChickenFat]

I have no idea what you're talking about concerning socialists but I'm happy you put in the effort for your candidate. I have a 20 mile round trip, through two towns, to get to my voting precinct, yet I vote in every election - should I also complain of being disenfranchised by this unusual burden, or be proud that I care enough to put in the effort? The Hillary supporters didn't need to put in as much effort because, as you likely now know, the Democrats with their super delegates had their selection process rigged from the beginning. The Republicans just failed to properly rig theirs in time.

Primaries and caucuses are defined by the parties and access is generally controlled by how much they and the state want to spend to run the election (e.g. a caucus is cheapest). I hope we can all agree now that primaries and caucuses are a joke. There were people in Kansas City proudly proclaiming on TV interviews they took part in the Iowa caucus - no one is checked! The Kansas caucus had voting occurring in St. Louis because Wichita State folks were there for a basketball tournament - seriously! Claire McCaskill, a Missouri democrat, threw a victory party on primary night in 2012 because Missouri's open primaries allowed her to organize democrats, including tv advertisements, to vote for the republican candidate she could beat - she even wrote in her book about it. Once again for governor this year, in the open primary state of Missouri, the democrats ran virtually no candidates except their chosen ones and the republicans ran a field of candidates and now have a heavily out of state funded republican governor choice that 2/3 did not vote for in the primary - again Tv add shows up right at the end with an obvious signal to democrats to vote for the guy they can beat in the general. The gamesmanship is huge yet the reporting and analysis is noticeably absent. Why?

Any fraud possible from electronic voting is nothi

[srichard25]

Any fraud possible from electronic voting is nothing compared to the fraud possible with the current paper system. Paper votes can easily be lost or rendered unreadable. And many states don't require any sort of ID to vote, making it possible for the dead to vote.

Blockchain anyone?

[elcor]

Off course they can be made secure :|

Re:Blockchain anyone?

Off course - yup.

Re:Blockchain anyone?

Privacy is optional nowadays.

Re:Any fraud possible from electronic voting is no

I've also personally watched the ballots being thrown in the garbage by the administrators (usually little old ladies). I'm all for electronic voting. It is the ONLY say to make voting secure.

Experts again

Are these the same experts who warned us of Y2K?

your boss can make you vote at work their way

[Joe_Dragon]

your boss can make you vote at work their way with on line voteing!

Baffle 'em with BullSh*t

It's the old problem of confusing complicated with secure. It's not the same, no matter how long they argue.

The answer is no

[raymorris]

> The question is whether we're going to have a democracy or not.

The answer is no, the US is not a Democracy.
I look forward to discussing with you more after you finish the fifth grade.

Computers can cheat a million times per second

[raymorris]

> It's certainly possible to make Internet voting at least as secure as paper ballots.

I've been involved in computer security for 20 years. Before that, I did physical security, lockingsmith work. Before that, I was a professional magician. I could cheat a paper ballot. Might use a bit of sleight of hand.

I could also cheat an internet ballot, and very easily put a FOR loop around to run the cheat a million times. That's the big difference with networked computer systems vs physical systems. You can rob someone in person once; you rob EVERYBODY in the entire database via computer.

Electronic systems that serve many people are fundamentally less secure because nobody can ever physically do anything a million times; computers routinely do things a million times per second. One improper ballot is less than the noise floor; a million improper ballots will swing the election.

Re:Computers can cheat a million times per second

[bluefoxlucid]

As a professional magician, were you more amazed by how the tricks worked mechanically, or by the very fact that people are too stupid to live and will simply not notice what they're looking *right* *at* if it's out of the ordinary?

There's a routine where you perform a recorded magic trick while changing a bunch of shit on the stage. People watching the video don't notice the changes (they happen off-screen). When it's brought up and a replay is shown, people will then become fascinated with the blatant scenery changes they didn't notice the first time; a significant portion of the audience then starts to wonder how the actual trick was carried out--which typically involves just handing off one prop for another, and is blatantly visible on-screen during the breakdown, but people are watching everything else change and miss that the performer e.g. handed his deck of cards to an assistant and got a brand new one *while* *they* *were* *watching*.

There's also the bouncing balls trick.

Re:Any fraud possible from electronic voting is no

Oh really? Explain to me your process for script automating paper vote fraud.

Military encryption reqs are called FIPS 140-2

[raymorris]

Federal purchasing, including DoD (military) is done through an open bid process. The acquiring agency publishes a very detailed requirements document. The encryption requirement normally refers to FIPS 140-2 (FIPS: Federal Information Processing Standard). The standard specifies not only which algorithms, but which implementations are acceptable, so you use a FIPS-certified library. FIPS-140-2 can be found here:
http://csrc.nist.gov/groups/ST...

Because most companies and standards bodies aren't run by security specialists, they too often refer to FIPS-140-2. "Must meet DoD security requirements" is a lot easier to specify in a contract than figuring out all the details yourself.

Re:Military encryption reqs are called FIPS 140-2

[GoChickenFat]

Companies must pay for FIPS-140-2 certification and any updates or improvements to the encryption or surrounding application must be recertified. My main concern with this, and general lack of understanding of the process, is what happens when said previously certified code is found to be flawed? In other words, military grade FIPS-140-2 only defines a point in time and not so much as the "best currently available". At least that's how I'm interpreting it. I dealt with FIPS140-2 with IpSwitch's MoveITDMZ sftp server - you're pretty much stuck on old code if you enable FIPS.

"easy" fix for that problem

[laurencetux]

each polling location is provided with a set number of boxes that are sealed and rigged so that once a ballot is inserted (by the polling machine) it can't be removed.

number of ballot forms is a logged number (number of registered voters+ a reserve to recover from spoiled ballots with one brick being opened at a time and spoiled ballots kept)

when you vote you place your marks and then feed the ballot into a polling machine and it then spits out a ticket with a set of random numbers from a pool (each number is used once )

checks in place

1 they inventory the boxes afterwards "Missing" boxes or evidence of tampering results in a redo (and criminal charges for the staff)

2 they also inventory the ballots (again missing ballots result in a redo if it is large enough to effect the election FOR THAT LOCATION)

3 a voter can input any number they want to check what a given vote was (may be their vote may be somebody elses)

lol

[Smiddi]

Rigged election much?

e pluribus [Re:Quibbling]

[Geoffrey.landis]

That was 129 votes, a bit more than "ones and two's".

So, yes-- a gubernatorial election twelve years ago was decided by a little more than 100 votes, and it's "among the closest political races in United States election history." I think that pretty much demonstrates my case: even here, voting fraud at the ones and two at a time level isn't what we need to worry about; it takes voting fraud on a much larger scale to swing an election. And you can count on most elections not being that close.

https://en.wikipedia.org/wiki/...

Re:e pluribus [Re:Quibbling]

[david_thornley]

Personally, if there are candidates tied such that there isn't a two-sigma preference for one, I have no objection to either one being declared the winner.

Here's my prediction of next election...

[jozmala]

In 39 states both hillary and trump gets over 100 million votes, and third party candidates wins by over bilion votes.

Re:Here's my prediction of next election...

[BlueStrat]

In 39 states both hillary and trump gets over 100 million votes, and third party candidates wins by over bilion votes.

All hail President Zaphod Beeblebrox!

Strat

I could care less if my vote is anonymous

[JosephDoeden]

People who care can use the mail in or go to a polling place. The problem is that state government are responsible for voting. That means they will each be attempting to put their own voting systems into place, potentially all different designs. Feds can't regulate voting much because it's voting and has to be done by states. Russian hackers seem very interested in our election and so far they've seem to only attack Democrats. I don't trust non tested opensource voting platforms. I want online voting, but I want it to be highly tested. I don't see how this is tested enough to go live. Government IT departments are notoriously bad. This solution should be tested and shared among the states for the sake of costs and security. The last time we rapidly switched to electronic voting we wound up with Bush.

Re:Any fraud possible from electronic voting is no

That is why there should be international poll observers, however the US kicked them out in the last election.

Why electronic voting is a bad idea

https://www.youtube.com/watch?v=w3_0x6oaDmI

Current threat, future threats [Re:Threats]

[XXongo]

Security is not the current political attack point. Instead, it is voter disqualification

Voter disqualification may be the current attack point, but it's not a good idea to open up new attack points.

Voting privacy and voting security [Re:Threats]

[XXongo]

That's true for in-person voting at the polling place, but all the states allow absentee ballots, which are sent in by mail. Absentee ballots are not protected by the safeguards you mention. In most states, you don't need a reason to vote by mail; in many states (including mine), people are actually encouraged to vote by mail. But voting by mail has no safeguards to protect anonymity.

As always, security and convenience are a trade-off. My personal preference would be to slide that trade-off toward security, even if it makes voting slightly less convenient. I'd like to see absentee ballots allowed only for voters with a valid reason that they cannot vote in person. There have been some companies that, in the past, have demanded "vote the way we select or you will be fired." Secret ballots are secret for a good reason. But I do understand the argument for convenience.

Overall, I'm more worried by the prospect of wholesale election fraud-- altering vote counts-- and less by the prospect of one-by-one vote buying.

Re:Voting privacy and voting security [Re:Threats]

same AC here.
I totally agree with you about absentee ballots and similar remote voting options.
They're already being abused by political organizations on both sides who send teams into nursing homes, churches, community organizations to "assist" with voting.
 

Attention deficit disorder ruins magic

[raymorris]

I really like the second video you linked to, where you count the number of times the players pass the ball. I saw that for the first time a few months ago - maybe you linked it from another post, or maybe I encountered it elsewhere.

> As a professional magician, were you more amazed by how the tricks worked mechanically, or by the very fact that people are too stupid to live and will simply not notice what they're looking *right* *at* if it's out of the ordinary?

As you may know, the mechanical working of most effects are quite simple and boring. It's mostly about the psychology - directing people's attention (though *some* tricks involve interesting mechanisms).

However, I have a different viewpoint on this than "people are too stupid .. not notice". I tested off-the-charts ADD. One of the tests for ADD was somewhat similar to the "count the passes" video - I was to click the button every time the number 5 showed on the screen. I thought I had done very well, that I hadn't missed any or clicked when there was no 5, but the results showed different - I did actually miss the giant 5 on the screen several times as I was noticing the adjustable feet on the stand for the screen, the knot in the wiring, the stains on the ceiling. The results DID match up with my experience in daily life - I often have to ask people to repeat what they just said, because I was noticing the imperfections in the wall finish or some other irrelevant thing about the background of the room. Most of the time, that's NOT good. Most of time, paying attention to the important part is better. When you ask people to count the passes, most people can do that rather than be distracted by bug in the light fixture or whatever else is going on in the room - they pay attention to what they trying to watch. Being easily distracted by unimportant details of the room isn't normally a good thing.

Yes, that *can* be manipulated, but that doesn't make it a bad thing. Magicians do it constantly. Hillary's friends got a whole bunch of people looking at "who released the Democrats' emails?", ignoring the truly much more important issue of what what said in those emails. Still, on balance a driver *should* be looking at the road ahead of them, not how many LEDs burned out in the green light, or the color of the buildings they are driving by.

Re:Attention deficit disorder ruins magic

[bluefoxlucid]

Yeah ADHD does weird things. I've been trying to fix mine--I dropped all medication 15 years ago, and have recently become rather annoyed that my past 4 years of effort have consisted of piling up things I should do and then watching Twitch or just staring at a wall to avoid bothering--and have been... somewhat hyper-focused on ADHD study. That complicates things; I'm going to try to get a Modafinil prescription from a doctor now, and uh. Patient walks in asking for drugs, seems well-informed. Spinning a line of bullshit or nah?

Some people like to claim ADHD gives you a type of superpower, because you see things differently. It's not true. I wanted to get back to where I was at 19-23 (non-drugged), because I accomplished great things then; I accomplished great things because I had no control and was hyperfocusing. Now I'm trying to accomplish things and hyperfocusing on other things. I don't "work differently" and thus better on different things; I'm a broken, dysfunctional tool 100% of the time.

Amphetamine-like drugs get me high by the time they treat ADHD; methylphenidate made me never eat and never sleep (terrible insomnia is a thing I still have, drugged or not, and I'm not sure if that's a result of development problems from being on insomnia-causing stimulants from 8-16 or if it's a primary condition); and Adrafinil is like taking 3,500mg of tylenol (liver doesn't like it). The adrafinil (becomes modafinil by metabolism) produced zero sensation and seemed to do nothing, until I tried to do something and holy shit, my attention system recognizes external stimuli, immediately makes a decision on whether to respond or ignore, and then goes directly toward what I've decided is important! You know what? That's better.

Even without ADHD, though, people filter out noise. I'm not processing hilarious amounts of information from my environment, drugged or not; like you say, you just shift attention arbitrarily, and miss the things you wanted to pay attention to. It's a cognitive defect, not hidden genius. With normal people, they generally don't notice things outside their selective attention, if you can give them enough information to fully-engage their selective attention system and prevent them from recognizing other, non-critical defects like a gorilla strolling by (a gorilla charging will probably get someone's attention).

Still, on balance a driver *should* be looking at the road ahead of them, not how many LEDs burned out in the green light, or the color of the buildings they are driving by

Depending on background, a driver might not notice a pedestrian moving somewhat with the crowd, but differently, such that he's about to pass a parked car and enter the road. Many advanced driving courses teach a form of active vigilance, which eventually internalizes and causes you to briefly shift attention to things like that.

More usefully, body language is *highly* visible to humans. If you try to enter an office building or military base, you get stopped; and if you try to enter the same place, dressed the same way, but in the complete mindset of someone who belongs there, you'll print exactly like all the other hundreds of people passing by all day, and nobody will notice you standing out from the five or six folks in their field-of-view at that moment. They look right at you and don't see you.

Scott Adams once walked into Logitech's corporate headquarters, passed the reception desk unchallenged, went to an upper floor, and sat in on a high-level executive meeting. He started *presenting*. He forked over a whole heap of bullshit and, forty minutes later, they had developed a new mission for the company before he finally told them he was full of shit and didn't even work there. He's done this *twice*.

You could literally take over a country that way. It's been done. It happened to *France*.

My point is that a lot of magician's tricks fall apart upon close inspection, and resist said inspection because

This never gets old

** Voting Machines Elect One Of Their Own **
In districts where electronic voting machines are used, a computer gets 100% of the votes. Where paper ballots are used, it gets none and human candidates receive the votes. Are backwards districts actually prejudice against inexperienced computer candidates? Watch it here ;)

https://www.youtube.com/watch?v=tSEOXRLSpVc

_

FIPS updated often. Module certified twice /year

[raymorris]

There are updates to FIPS 140-2 every few months, as you can see here:
http://csrc.nist.gov/groups/ST...

Therefore you can easily be *compliant* and up-to-date, no problem.

If you want to be *certified* and up-to-date, the low cost option is to use something like the OpenSSL FIPS Object Module, which is recertified every six months or so. (This is a very restricted subset of OpenSSL). That provides the latest certified encryption.

If you want to also certify the product as a whole, you can do that and batch any security-sensitive changes into new versions, then recertify new versions only infrequently.

Walking past bouncers, magic already happened

[raymorris]

The Scott Adams thing reminds me of what I do sometimes. Something I can't quite describe about giving off the vibe that you belong there. I used to do lighting and sound for bands on the weekends, and sometimes I DJ. I've made it a bit of a game to just walk right past the bouncer without *telling* them that I'm with the band. Everybody else is paying the cover charge, I just walk right by like it doesn't apply to me (because it doesn't). 95% of the time the bouncer doesn't challenge me. If they make eye contact, I nod as I continue walking. It would be interesting to do or read some experiments about the psychology of that.

A note about magic tricks - very often, the tricky bit is done BEFORE the audience thinks the trick has really started, and certainly before they know that the deck will change color or whatever. The first time you see a trick, you CAN'T be paying attention to how the magician makes the color change because you don't yet know that he's going to make the color change. If you watch a trick twice you're much more likely to see the secret because the second time you know you're watching to see how he causes it to change color.

> I'm going to try to get a Modafinil prescription from a doctor now, and uh. Patient walks in asking for drugs, seems well-informed. Spinning a line of bullshit or nah?

What worked for me was to very humbly ASK the doctor about my preferred medication, to not seem overly confident that I wanted that specific medication. "I was reading about ABC and sounded interesting because XYZ. Would it be worth trying ABC, do you think?"

Re:Walking past bouncers, magic already happened

[bluefoxlucid]

What worked for me was to very humbly ASK the doctor about my preferred medication, to not seem overly confident that I wanted that specific medication. "I was reading about ABC and sounded interesting because XYZ. Would it be worth trying ABC, do you think?"

Has its own hazards. I started building my interactions with people on the platform of always dealing honestly, which I find can almost compensate for being an asshole about it. If the doctor says no or tries to put me on amphetamines, I'm going to have a problem; I don't *want* adderall, it's going to cause side-effects I'm not willing to tolerate, and I'm not going to be able to just spin another line of bullshit to cover for "it's not working exactly the way I want" even though it isn't. Spending the whole time putting on an act like I haven't planned all this way in advance is fragile.

On the flip side, I'm already on adrafinil, and know how it compares to methylphenidate (at a distance--I stopped that 15 years ago, and never slept when I was on it) and something very close to an amphetamine (e.g. adderall). You might notice the lower-left benzine on methylphenidate (Ritalin, Concerta) leading to that HN on the right, as well.

I have a good, honest argument for these kinds of stimulants causing too many side-effects, carrying too much risk, and just not working as well as other things. Adrafinil becomes Modafinil in the body; it's a better proxy to judge modafinil than phenylpiracetam is to judge adderall. You make a good argument for buy-in--people respond well to being in charge of the decision--and I'm just remiss to use that tactic as a basis for a patient-physician relationship.

I am, of course, horribly unsocialized, and don't know what to expect when interacting with people in general. I haven't spoken to a doctor in 15 years--more than half my life. Maybe I'm just unfairly assuming they'll all be hostile and totally disinterested in the patient's perspective.

And who wins? And who loses? You, citizen !

[swell]

Billions of dollars/euros/yuan cross the internet daily without much difficulty.
Why would voting be less secure?

Just as some voters are disenfranchised by ID requirements, etc, some are disenfranchised by physically having to go somewhere to vote. Students, for instance, aren't interested in standing in line with a bunch of old people. Old people who aren't able to stand for long. Moms & executives who are too busy... If they could sit at their computer and do it conveniently, the balance of demographics would change. That could mean an advantage for conservatives or for progressives. This is why authorities hesitate. Until they can be sure who benefits from online voting, they will delay.