To Protect Voting, Use Open-Source Software

Recent discussion: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=14920513" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=14920513</a>

No. To protect voting, don&#x27;t use software. Everyone needs to be able to _understand_ as well as be able to verify that they successfully voted.<p>Besides the issues with what software the machine is actually running, most people cannot comprehend or understand that software - even if it is open source. That is not acceptable for an open democratic society, or to sustaining it.<p>In this particular situation it should not be necessary to rely on an expert to explain whether the vote counting mechanism is reliable. This only adds to the problem of unreliable or scheming officials - it doesn&#x27;t improve anything in terms of transparency.

Electronic voting is a bad idea and I&#x27;d be suspicious on anyone trying to promote it.<p>How can you know that even if the source code for the voting machine is open, the voting machine is running the exact same source code? How can you know nobody has tampered the code the instance is running?<p>I&#x27;m glad my country is still running on paper ballots and glad we require voter ID.

I&#x27;d like to reference Tom Scott&#x27;s video[0] here. There is no need for an electronic voting system, paper ballots work perfectly.<p>[0] <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=w3_0x6oaDmI" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=w3_0x6oaDmI</a>

This is plain bullshit. Opensource gives no guarantee that the vote won&#x27;t be altered by whoever runs the machine.<p>What we need is a zero-knowledge proof: we need the entire voting dataset to be publicly downloadable and some kind of checksumming so that, while maintaining anonimity, I can 1)check that my vote is the same 2)run whole the counting in a blink on my PC.<p>This gives much better guarantees of no tampering

First and foremost, use paper ballots. Before anything else. The paper ballots are the System of Record. If ever in doubt about downstream results, paper ballots can be hand-counted. (Additionally, use paper voter rolls. Mark registered voters when they vote, and track any same-day registrations on paper. The exact number of ballots cast can be extracted from the voter rolls.)<p>Second, <i>never</i> allow paper ballots to be handled by just one person, or by only members of one party - whether blank or used. Require that members of at least two political parties be present any time the ballots are physically touched.<p>Third, if using machines to read the ballots (ScanTron, etc), conduct spot counts of random machines, to make sure the machine results match the paper ballots. Conduct spot counts of entire polling stations randomly to make sure result totals match voter roll totals. Although this isn&#x27;t 100% certain, it doesn&#x27;t take a lot of spot checks to detect any sort of large-scale fraud effort.<p>Do these things, and it&#x27;s exceedingly difficult to do statistically meaningful vote fraud, because we have a high degree of trust in the paper ballots and their surrounding process. From there, you can use automatic ballot reading and tallying to get fast results - the vote counting&#x2F;tallying automation is derived data, not the System of Record.

A child can understand paper ballots and why they work.<p>There are probably less than a hundred people in the world who can understand an electronic voting system at every level down to and including the silicon.

To protect voting don&#x27;t use electronic voting.<p>Paper ballots (the kind with marks read optically, not the ridiculous punch cards at the center of the Florida 2000 debacle) are easy to use and understand with a very low error rate and keep a paper trail, being the actual ballots.<p>I don&#x27;t understand why anyone other than the companies who sell e-voting machines actually want electronic voting.

To protect voting, use paper ballots.

As someone who is a firm supporter in free software as the best option in every area, this feels like a subversive attack.<p>Voting software is bound to fail, no bug bounty is big enough to offset the billions that could be made off of hacking an election. It is bound to fail spectacularly, and then for the rest of time people can point at the election and say &quot;the ability to see the source code let this happen.&quot;

Geneva has made its e-voting software public: <a href="https:&#x2F;&#x2F;republique-et-canton-de-geneve.github.io&#x2F;chvote-1-0&#x2F;index-en.html" rel="nofollow">https:&#x2F;&#x2F;republique-et-canton-de-geneve.github.io&#x2F;chvote-1-0&#x2F;...</a><p>I&#x27;d much prefer electronic to paper. Last year I voted on 24 initiatives, and that is just the federal level. It also does not include elections.

Someone needs to start a campaign: &quot;Say No To Electronic Voting&quot;

Well, IMHO a good way to digitize voting would be to give out a USB-drive-like (NFC) device with an option to set a value and lock it in the read-only mode using voter ID.<p>How it will work: A person gets this device in the voting center enters&#x2F;gets his voter ID, does the voting (anonymously), presses the read-only lock and throws it into the bin. After all the voting these device are scanned and voting data is retrieved. A voting database is populated in each center in a transparent way, to prevent tampering (several parties can be allowed to read this data separately and then all data variants can be compared against each other, just in case). After consensus on the voting data, each voting center sends the results for counting. And the voting is completed.<p>In the end, these devices are reset and the cycle continues.<p>Well, I&#x27;m sure that there must be some problems when voting the aforementioned way. But I guess it could work out, with some modifications.<p>EDIT: Grammar.

Previous discussion (5 days ago): <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=14920513" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=14920513</a>

My first job was an ethnography of electronic voting in a wealthy region in northern Italy.<p>By our observations electronic voting added several layers of complexity that are difficult to justify.

Why can&#x27;t you have everything set up so that when you vote, you get what amounts to a JSON Web Token to be able to later verify that you did in fact vote? You could use the governments publicly available key to verify that your vote reached the central service, and part of the JWT could contain your vote as well as your identifying information (SSN in USA).<p>Obviously everything could have fancy UIs created for end users so they don&#x27;t see that really all have is a JWT (maybe a QR code printed out when they vote? And all the info easily human readable?). Verification could be handled by a .gov address and also through manual use of the public key (so other services could be set up to verify votes as well). And internet connectivity wouldn&#x27;t be a problem as they could just require T1 lines at polling locations (I assume if phones went out across the country the election would be delayed regardless). You could likely tell if someone had stolen the private key (the only way I can think of breaking this system), if you have a service to verify someone&#x27;s vote, and it doesn&#x27;t show up there, even though you have a signed JWT containing your vote. That would prove someone had stolen the private key, allowing for a makeup election.<p>Am I missing something basic of how this would be hackable? I&#x27;m one of those who finds it odd that many elections around the world are susceptible to simple human mistakes&#x2F;purposeful malicious actions when it comes to counting ballots.

Why is it that electronic voting is so vehemently opposed here on HN and by many technologists in general when virtually every other existentially vital system they rely on is run electronically?

“R. James Woolsey […] former director of [CIA]. Brian J. Fox, […] develop open-source voting systems” — even if I had no opinion on the matter, it&#x27;d seem to me that there&#x27;s a clear conflict of interest there.<p>To protect voting, do NOT use software. At all. Open-Source software is no more trustable than paper, and is orders of magnitudes more complex to set up and audit. If you can&#x27;t explain a 5 years old how it works, your voting approach is not trustable.

First, you have to understand the problem:<p>1. You don&#x27;t need to commit widespread election fraud to throw an election if you can predict where a small fraud will matter.<p>2. Not all election fraud is a miscount of ballots. Throwing out minorities&#x27; registrations is also election fraud, and you can&#x27;t fight that with more-reliable ballots.<p>3. The best solution might not be a technology solution. Paper ballots make it hard to scale fraud. But that&#x27;s not enough, since fraud doesn&#x27;t always need to scale.<p>4. Early voting and absentee voting need to be taken into considerations and are a growing part of voting in the US.<p>5. If software systems are used in voting, tallying, or anything connected to election results, the systems should be open to inspection and to pen testing.

To protect voting, use paper ballots and count them in public (OK, and voter ids if you insist).

Security may not ever be 100% with e-voting systems, but it can be secured enough to where the probability of any hack attempt would have minimal impact on the overall outcome. I can think of several ways to a secure, verified registration could work just off the top of my head. I think the issue is more, where&#x27;s the incentive for the government to make this happen?

This past election has shown that it&#x27;s not just the voting software, but the software&#x2F;systems that control who is permitted to vote.

why not blockchain voting. everyone receives 1 voteCoin, and transfers it to the correct wallet address of the person he or she votes for?

There&#x27;s got to be some way to put votes on a blockchain. More important than voting electronically is being able to verify your own vote was not tampered with, and that all the votes add up as reported.

To protect voting, use this or something similar:<p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Scantegrity" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Scantegrity</a>

Related comment to a related thread<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=14921935" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=14921935</a>

A lot of talk about securing voting machines&#x2F;verifying that they run the correct software. Why do we have to have physical machines? If it&#x27;s electronic, surely a website would do if you have the correct means of ID?<p>NB: this is not an indication of which side I fall on the debate, it is an observation.<p>[EDIT] Also, I&#x27;m aware similar issues exist with a website, but it seems a lot of focus goes on the actual machine.

The amount of anti-free-software FUD in this thread is staggering. Did Microsoft buy off all of you?

To protect voting <i>use paper</i>.<p>Why did anyone <i>ever</i> think computerising voting was a good or useful idea?

To what extent is voting fraud an issue in the developed world and why is Nytimes upset about it?

This story has been posted four times now. Click the &#x27;past&#x27; link at the top.

Use open source software that prints a paper ballot then count the paper ballot.

Retire voting in favor of sortition.

&quot;The blockchain is an undeniably ingenious invention – the brainchild of a person or group of people known by the pseudonym, Satoshi Nakamoto.&quot;<p>It isn&#x27;t even definitively known who invented blockchain, it is behind the pyramid scheme known as bitcoin and no, no way should that ever be used in voting system computers.

One word: blockchain

to protect voting, audit your software&#x2F;system extensively. Openssh is open-source and we all know the story..

I&#x27;m not a crypto fanboy or anything, but I feel like voting is a great application of blockchain technology. It seems like the system could be made to be both anonymous and publicly verifiable, and the vote count would return more or less immediately.