Discussion
Swiss e-voting pilot can't count 2,048 ballots after USB keys fail to decrypt them
zoobab: eVoting cannot be understood and audited by normal citizens, not even by nerdy ones. It's just good for the trash.
palata: The title is misleading. It's an e-voting PILOT. That's important. "Switzerland is running small-scale e-voting pilots in four of its 26 cantons", three of which were not affected.From Wikipedia [1]:> A pilot experiment, pilot study, pilot test or pilot project is a small-scale preliminary study conducted to evaluate feasibility, duration, cost, adverse events, and improve upon the study design prior to performance of a full-scale research project.[1]: https://en.wikipedia.org/wiki/Pilot_experiment
jjgreen: Had to truncate the title since too long for HN (often the case for the Register)
diego_moita: Meanwhile Brazil does full e-vote for almost 30 years collecting more than 100 million votes (that's 11 times the whole of Switzerland's population).You'll get there Switzerland, it can be done. It is safer and faster.
palata: And they probably started with small-scale pilots, too.
eunos: That's a very exact number if you know what I mean
ritzaco: I don't care how much maths and encryption you use, you can't get out of the fact that things can be anonymous (no one can know how you voted) or verifiable (people can prove that you only voted once) but not both.- Switzerland usually gets around this by knowing where everyone lives and mailing them a piece of paper 'something you have'- South Africa gets around this by putting ink on your fingernailI've read quite a bit about the e-voting systems in Switzerland and USA and I just don't see how they thread the needle. At some point, you have to give someone access to a database and they can change that database.Until we all have government-issued public keys or something, there isn't a technical solution to this? (Genuinely curious if I'm wrong here)
diego_moita: Yes, they did.But I think that the main reason is that Brazil's elections were a lot dirtier and a lot more unreliable than Switzerland's.What I mean is that the push towards e-voting is much stronger in countries with unreliable elections, because e-voting is harder to tamper than the crude ways you can defraud paper ballots.Switzerland's and other organized countries have elections that are "good enough", so the push towards e-voting is probably not that strong.Is the "leapfrog" concept. Sometimes it is easier to adopt newer technologies in places where the existing ones are horrible. Other examples: electronic payment systems, solar panels and EVs in India and Africa.
palata: Actually I don't understand the push towards e-voting in countries like Switzerland. E-voting can be hacked from the other side of the world, because it happens on computers. In-person voting or physical mail is much harder to hack from the other side of the world.
phoronixrly: > At some point, you have to give someone access to a database and they can change that database.It's the only problem in existence that can be solved by the blockchain...
caminanteblanco: But generally sacrifices that anonymous axis via a reproduceable public ledger
phoronixrly: Unless pseudonymized...
ericmay: Stories like this probably scare some people off from electronic voting but I don't think this is that big of a deal. When we finish voting operations in my area we load the ballots up on someone's personal vehicle and they take them down, securely, to where they need to go. That vehicle could get blown up and those ballots could be gone, though I think we could still get a record of the results.That being said, I am in favor of in-person voting requiring proof of citizenship, and making "voting day" a paid national holiday. Not so much for technical or efficiency reasons but for social reasons. I'd argue it should be mandatory but I don't think we should force people to do anything we don't have to force them to do, and I'm not sure we want disinterested people voting anyway.Exercising democracy, requiring people to put in a minimal amount of thought and effort goes a long way. It should be a celebratory day with cookies and apple pie and free beer for all. Not some cold, AI-riddled, stay in your house and never meet your neighbors, clicking a few buttons to accept the Terms of Democracy process.I know there's a lot of discussion points around "efficiency" or "cost" or "accessibility" or how difficult it supposedly is to have an ID (which is weird when you look at how other countries run elections) and there are certainly things to discuss there, but by and large I think the continued digitalization and alienation of Americans is a much worse problem that can be addressed with more in-person activities and participation in society. We're losing too many touchpoints with reality.
stetrain: > That being said, I am in favor of in-person voting requiring proof of citizenshipI think this is fine if it also then means that obtaining a qualifying ID is treated as a no-cost and highly-accessible right for all citizens.This is where such arguments tend to get stuck in the US. If you require proof of citizenship, but also have places where getting to a government office to get such an ID is difficult or expensive, then you are effectively restricting voting access for citizens. A measure to place stricter qualifications on voting access needs to also carefully consider and account for providing access to all citizens.The US is a geographically very large place with worse public transportation options compared to many other countries, and with that comes differences in economic and accessibility considerations for things like "Just go to your county's office and get a qualifying ID."
palata: Also e-voting can be hacked (I guess they vote from their computer/smartphone, which can be hacked from the other side of the world). The last place you want to care about phishing, IMO, is voting.Good luck hacking in-person voting or even "physical" mail voting from the other side of the world.
phoronixrly: Regular ballot voting can also be hacked and on a scale. Making ballots invalid while counting them, or modifying them in some form or other, intentionally writing wrong values in the counting protocols...And of course controlled vote or paid vote...
beautiful_apple: Ironically most production e-voting systems do not use blockchains. That's because there isn't need for decentralization, just verifiability of a correct result and protecting voting secrecy.
AuryGlenz: Pretty much every bill that has ever been put forward for needing an ID to vote has had a provision for free IDs. That’s not where things get caught up.Also, it’s a pretty silly thing anyways. I don’t even drink and I still need my driver’s license quite a few times every year.
another-dave: but it's done in public where anyone observing the count can see that the people counting don't have any pencils etc in their hand
beautiful_apple: You can have e-voting systems that protect ballot secrecy and are verifiable.You can use homomorphic encryption or mixnets to prove that:1) all valid votes were counted2) no invalid votes were added3) the totals for each candidate is correctAnd you can do that without providing proof of who any particular voter voted for. A few such systems:https://en.wikipedia.org/wiki/Helios_Votinghttps://www.belenios.org/Authentication to these systems is another issue - there are problems with mailing people credentials (what if they discard them in the trash?).https://www.cbc.ca/news/canada/ontario-municipal-elections-o...Estonia (a major adopter of online voting) solves this with the national identity card, which essentially is government issued public/private keys.https://en.wikipedia.org/wiki/Estonian_identity_cardLots of cyber risks with the use of online voting though, especially in jurisdictions without standards/certification. I outline many in my thesis which explores the risks to online elections in Ontario, Canada (one of the largest and longest-running users of online voting in the world)https://uwo.scholaris.ca/items/705a25de-f5df-4f2d-a2c1-a07e9...
phailhaus: Voter registration already requires proof of citizenship. What is the point of requiring that high bar of proof on the day of voting as well?
tossstone: I've lived in 3 states and none of them have required proof of citizenship to register to vote. You basically check a box that acknowledges that you are a US Citizen with the right to vote and that illegal registration carries penalties.
lolc: Please realize that Switzerland holds many votes per year. There is no big voting day where I have to go somewhere. I could go cast my ballot in person, but I can also fill out and send in my ballot in advance. That is entirely routine and part of my day like other paperwork.The problem with e-voting is that it is much harder to validate. My paper ballot rests at a community building where it will be counted on the day of the vote. I can understand the process from start to finish in physical terms. Throw in a USB stick and anything could happen. It is possible we will never know what went wrong here.
atoav: It is not even about understanding. It is about how easy it is to distrust it.Contrary to what nerds think, the goal of elections isn't to get bulletproof results by mathematical standards. The goal is to create agreeable consent among those who voted. A good election system is one where even sworn enemies can begrudgingly agree on the result.A paper ballot system has the advantage that it can be monitored by any group that has members which have mastered the skill of object permanence and don't lie. That is not everybody, but it is much better than any hypothetical digital system
phoronixrly: How about a machine voting system with paper fallback. You as a voter can review the paper protocol from your vote. If there is distrust, the justice system can review the paper trail as well.
ericmay: > I think this is fine if it also then means that obtaining a qualifying ID is treated as a no-cost and highly-accessible right for all citizens.I completely agree and I don't think there is a fair argument to suggest otherwise.
xvector: Even the poorest people have a state ID or drivers license. You cannot get most jobs without some legal ID.
phoronixrly: The ballot voting process is also misunderstood by regular citizens, even nerdy ones. From experience, even by voting officials.
tribaal: As a Swiss citizen I strongly disagree. Most people capable of reading and basic maths (addition!) can understand the counting of our paper ballots. My kids understand how this works since they are like 5.Any citizen can go and check how votes are counted in their Geminde. Any citizen can check what is reported in the federal tally. I did several times. It's not rocket science.
fermisea: What about this? Consider a toy system: everyone gets issued a UUID, everyone can see how every UUID voted, but only you know which one is your vote.This is of course flawed because a person can be coerced to share their ID. In which case you could have a system in which the vote itself is encrypted and the encryption key is private. Any random encryption key works and will yield a valid vote (actual vote = public vote + private key), so under coercion you can always generate a key that will give the output that you want, but only you know the real one.
orwin: In the US, a driver license isn't a proof of citizenship. Also, state IDs are not accepted by federal agencies, so it probably wouldn't work as proof of citizenship on federal elections.
dolni: > but also have places where getting to a government office to get such an ID is difficult or expensiveWhere in the US do you find it's difficult for people to get an ID? Where is it not? What percentage of the population has an ID in a place where it's difficult to get one vs somewhere it is easier?What constitutes an ID being expensive?Nearly every country in the world requires proof of citizenship to vote. How is the rest of the world dealing with this problem? Do you think that their democratic processes might be compromised because of it?
zinekeller: > What percentage of the population has an ID in a place where it's difficult to get one vs somewhere it is easier?Not the OP, but except for passports (and passport cards)... there isn't really any federal-level ID in the US (and passport booklets/cards are expensive, just a bit over $100 IIRC).The nearest equivalent in the state level are driver's licenses, which are also on the expensive side considering the ancillary costs (because it's a driver's license, not just an identification card). This is also the reason why US-centric companies like PayPal, for this exact reason, accepts a driver's license as proof of identification (obviously where not otherwise prohibited by local laws).Some (New York for example) do have an ID (called a non-DL ID, that's how embedded driver's license is in the US), but most states do not have a per se ID.> What constitutes an ID being expensive?Developing countries, rather ironically, issue their IDs for free? Okay, indirectly paid by taxes, but there's no upfront cost. The above-mentioned identity documents have a clear cost attached to them.> How is the rest of the world dealing with this problem? Do you think that their democratic processes might be compromised because of it?Cannot talk about other countries (because there is an ID system and it's not a controversial affair to them), but instead I'll answer with a reflection of the US system.Unfortunately, American ID politics are hard, mainly due to concerns of surveillance, but I think (only my opinion) because some of them want those historically disenfranchised (even if a fully native-born US citizen) de facto disenfranchised. This means that there is no uniform and freely-issued identification system in the US (or even a requirement to do that at the state level). Unfortunately, this... is a tough nut to crack, politically-speaking.
stvltvs: Note that drivers licenses wouldn't count as proof of citizenship under the SAVE act.
stvltvs: Proof of citizenship is not the same as the driver's licenses people are issued by their state.Not everyone has ready access to proof of citizenship in order to register to vote. It gets even more difficult if your current legal name doesn't match your birth name, e.g. if you took your husband's name.Not every eligible voter has or needs a government issued ID. For example, retired people who don't drive. For them to get to the DMV to get an ID just to vote would be a challenge.The US has large rural areas where government offices are hours away.All of this adds up to significant barriers to eligible voters. There's a reason even the GOP isn't bending over backward to pass the SAVE Act.
grosswait: How is it a high bar of proof if it is already required? Edit: and already met
stvltvs: It's not a requirement in most places. This would be a significant change in practice.
appointment: In many states these are available without proof of citizenship. When people say proof of citizenship they usually mean a passport or REALID.
stvltvs: Most state-issued Real IDs don't count as proof of citizenship under the SAVE Act.https://factually.co/fact-checks/politics/will-save-act-allo...
stetrain: Free and accessible are not the same thing. And a driver's license is not necessarily proof of citizenship.
