Smart Voting

cython · 28-10-2018 9:35pm

doylefe wrote: »

What's to stop them doing it now?

The software would be audited. The line of code that changes your vote would be commented out.

Transparency. So much of the current process is done in plain sight, and/or under the supervision of the Gardai (people's opinions on them are a matter for other threads, IMHO). The casting and collection of votes are also widely distributed both geographically and across people, so to manipulate them you would need to get to a completely unfeasible number of people. Once the votes get to the count centre then, it's all done in plain sight of loads of people, and tallies are ubiquitous to keep the system honest.

If you centralise everything into an electronic system, a very small cadre of bad actors with privileged access can manipulate it far more easily. Even e-voting where the machines' totals are tallied up at the close of polls would be less open to manipulation than that, as the polling clerks in the stations could know their local totals, and this could be reconciled against a published register.

AndrewJRenko · 28-10-2018 9:35pm

kneemos wrote: »

What's wrong with any registered voter that opts for it being sent a link to a separate voting site?

SO they are now able to sell their vote to the highest bidder.

And their bullying husband is now able to force them to vote in a particular way.

AndrewJRenko · 28-10-2018 9:38pm

doylefe wrote: »

How do you know exactly what happened to your individual piece of paper after you put it in the box and left the polling station?

You know that the ballot box is sealed in public view in the polling station that night, usually in front of observers from the political parties who choose to verify the process. You know that it is transported to the polling centre, and stored under Garda supervision at the polling centre, often in public view again. You know that the seal is broken in public view, the votes are emptied out on the table in public view, the empty box is verified as being completely empty in public view, and the votes are counted in public view, with enthusiastic tallypeople scrutinising every vote.

Victor · 28-10-2018 9:38pm

GarIT wrote: »

I'd even argue that should happen every x years. The electoral register should be binned on every 29th of February.

Actually, it should be binned every day, well more that it should be updated on a live basis, until X days before voting.

AndrewJRenko · 28-10-2018 9:39pm

GreeBo wrote: »

You are not meant to do a lot of things though.

I'm pretty sure I could snap a photo of my ballot card without anyone noticing, considering I'm in a little box with a curtain behind me.

Does your polling booth still have a curtain? I haven't seen one of them in Ireland for years, though I guess local practices might vary.

Regardless, you probably could snap a photo, and then you could change your vote before you put it into the ballot box, so it would be a fairly dumb vote buyer who would pay for that.

Collie D · 28-10-2018 9:40pm

doylefe wrote: »

It identifies a vote, not you individually.

Fair enough. But you will never be able to convince someone like me who can be a bit of a Luddite that the two are different. I'm sure I'm not alone.

Even if the technology was 100% sound and there was no way of either manipulating the data or linking the voter to the vote it will never work because the public wouldn't have the confidence in the system. And that in itself is a flaw in the democratic process.

GreeBo · 28-10-2018 9:40pm

Government sets up a pool of blockchain addresses for each vote, one for every eligible person, you get randomly assigned one when you go to vote, either online or in a booth somewhere.

No record is kept of linking you to it (easy to determine this is in fact true by auditing the software), but you can verify your vote at any stage afterwards, no one else can change it after the fact (the point of blockchain) so your vote is cast in stone forever and only you can tie the address to you.

Discuss!

One issue might be how to keep the result of the vote secret until voting completes though the actual vote itself could be encrypted with the key only being released when voting closes.

bloodless_coup · 28-10-2018 9:42pm

AndrewJRenko wrote: »

You know that the ballot box is sealed in public view in the polling station that night, usually in front of observers from the political parties who choose to verify the process. You know that it is transported to the polling centre, and stored under Garda supervision at the polling centre, often in public view again. You know that the seal is broken in public view, the votes are emptied out on the table in public view, the empty box is verified as being completely empty in public view, and the votes are counted in public view, with enthusiastic tallypeople scrutinising every vote.

I don't know that any of this is true. I therefore cannot trust the current system is free from interference.

cython · 28-10-2018 9:44pm

AndrewJRenko wrote: »

It's the other way round. The standard RFA form is the one in use for most of the year. It doesn't require a Garda witness.

The RFA form is not intended for use as a change of address, or at least it is not fit for purpose, as it does not remove people from the register at their old address, especially if they have moved constituency. In fact I'd posit that people relying on this is part of why there are so many duplicated distributions of polling cards. There is a correction to the register form that can change your address if you are already on the draft register that is only in use for the 3 weeks in November.

AndrewJRenko wrote: »

The RFA2 form is only used if an election has been called, so only for 3 weeks of the year. That is the one that requires a Garda signature.

I linked the RFA3, the RFA2 is for new additions if you have missed the full register.

AndrewJRenko wrote: »

Changing your vote in normal circumstances involves filling in a simple one page form and posting it - no excuses.

See above, it's a one page form between November 1st and 25th (or so) for a register that becomes valid the following February. Other than that, it's an RFA3 for supplementary register, and this will be merged in the following year's draft register.

AndrewJRenko · 28-10-2018 9:46pm

Victor wrote: »

Actually, it should be binned every day, well more that it should be updated on a live basis, until X days before voting.

Tread carefully. There are indeed huge problems with quality and accuracy levels of the register.

However, cleaning of registers has been abused in other jurisdictions, particularly in the USA. It has been used a weapon to systematically disenfranchise people from certain ethics backgrounds (usually black or Hispanic people) or people from certain social classes.

https://www.salon.com/2000/12/04/voter_file/

Be very, very careful about how register cleaning is done.

AndrewJRenko · 28-10-2018 9:51pm

GreeBo wrote: »

Government sets up a pool of blockchain addresses for each vote, one for every eligible person, you get randomly assigned one when you go to vote, either online or in a booth somewhere.

No record is kept of linking you to it (easy to determine this is in fact true by auditing the software), but you can verify your vote at any stage afterwards, no one else can change it after the fact (the point of blockchain) so your vote is cast in stone forever and only you can tie the address to you.

Discuss!

One issue might be how to keep the result of the vote secret until voting completes though the actual vote itself could be encrypted with the key only being released when voting closes.

Any solution that relies on software auditing is not secure. How do you ensure that the version of software that is audited is the version running on election day?

Do you also audit the operating system? And the database system? And the device driver? Do you audit every possible software component involved in making it happen?

And every three months, when the each of those components gets a new version release, do you go through that auditing again? And again? And again? Or do you stick with the old audited version which now has publicly identified security weaknesses?

Collie D · 28-10-2018 9:52pm

GreeBo wrote: »

Government sets up a pool of blockchain addresses for each vote, one for every eligible person, you get randomly assigned one when you go to vote, either online or in a booth somewhere.

No record is kept of linking you to it (easy to determine this is in fact true by auditing the software), but you can verify your vote at any stage afterwards, no one else can change it after the fact (the point of blockchain) so your vote is cast in stone forever and only you can tie the address to you.

Discuss!

One issue might be how to keep the result of the vote secret until voting completes though the actual vote itself could be encrypted with the key only being released when voting closes.

Why would you want it set in stone? Verifying your vote would mean a record of it is kept somewhere. If it can't be linked to you how would you be able to check it?

And what would the purpose of keeping a record be? If I remember correctly one of the objections to e-voting machines was what happened to the record. In that case - and correct me if I'm wrong - you didn't need to enter any PIN or code before voting so your vote wouldn't be linked to anything. A log in on a remote app or website would involve this so if people objected to the machines for that reason they'd be more likely to object to a login based system.

GreeBo · 28-10-2018 9:56pm

Collie D wrote: »

Why would you want it set in stone? Verifying your vote would mean a record of it is kept somewhere. If it can't be linked to you how would you be able to check it?

So that it can never be changed without my knowledge.

It can't be linked to me by anyone else, but I know my address so I can check it at any time.

Collie D wrote: »

And what would the purpose of keeping a record be? If I remember correctly one of the objections to e-voting machines was what happened to the record. In that case - and correct me if I'm wrong - you didn't need to enter any PIN or code before voting so your vote wouldn't be linked to anything. A log in on a remote app or website would involve this so if people objected to the machines for that reason they'd be more likely to object to a login based system.

There is no login, all the votes would be sitting on a blockchain for anyone to see, but there are no details other than the vote, you would have to know someones address to know their vote.

AndrewJRenko · 28-10-2018 9:57pm

doylefe wrote: »

I don't know that any of this is true. I therefore cannot trust the current system is free from interference.

Your personal ignorance of the system is your personal problem. Hang around your polling station at 10pm and tell the presiding office that you want to witness the sealing up. Get a count centre ticket for the next election and you can see it all happening in public, in front of hundreds of people, most of whom have very direct vested interests in ensuring that all of their votes are counted correctly.

Now compare that to some bits and bytes flying round, and tell me which is more transparent to more people?

AndrewJRenko · 28-10-2018 9:58pm

GreeBo wrote: »

So that it can never be changed without my knowledge.

It can't be linked to me by anyone else, but I know my address so I can check it at any time.

So I can definitely pay you €50 to vote for me, and you can check it in my presence afterwards and show me your vote.

Collie D · 28-10-2018 9:59pm

GreeBo wrote: »

So that it can never be changed without my knowledge.

It can't be linked to me by anyone else, but I know my address so I can check it at any time.

There is no login, all the votes would be sitting on a blockchain for anyone to see, but there are no details other than the vote, you would have to know someones address to know their vote.

But would it be impossible for someone to get that address? And how long would the record exist for?

bloodless_coup · 28-10-2018 10:00pm

AndrewJRenko wrote: »

Your personal ignorance of the system is your personal problem. Hang around your polling station at 10pm and tell the presiding office that you want to witness the sealing up. Get a count centre ticket for the next election and you can see it all happening in public, in front of hundreds of people, most of whom have very direct vested interests in ensuring that all of their votes are counted correctly.

Now compare that to some bits and bytes flying round, and tell me which is more transparent to more people?

The Russians developed a system of opening seals, changing drug samples and re-sealing the original seals. How are we sure this is not happening here?

Coillte_Bhoy · 28-10-2018 10:00pm

doylefe wrote: »

I don't know that any of this is true. I therefore cannot trust the current system is free from interference.

****ing hell, it's been explained to you. Are you pure thick or just **** stirring? Sit back a moment and actually think how many people would need to be involved to fiddle even one ballot box

AndrewJRenko · 28-10-2018 10:01pm

cython wrote: »

The RFA form is not intended for use as a change of address, or at least it is not fit for purpose, as it does not remove people from the register at their old address, especially if they have moved constituency. In fact I'd posit that people relying on this is part of why there are so many duplicated distributions of polling cards. There is a correction to the register form that can change your address if you are already on the draft register that is only in use for the 3 weeks in November.

It's the form used to get onto the draft register;

From http://www.dublincity.ie/main-menu-your-council/register-vote

Registering for Inclusion in the Draft Register of Electors
The Draft Register of Electors is published on the 1st November each year and is available for inspection in Libraries, Post Offices and Garda Stations. Any individual entered in the Draft Register will automatically be entered in the Register of Electors published the following February. To be included in the Draft Register, please check the conditions listed below and if you are eligible, then complete a RFA voter registration form and return it to the Franchise Section, Dublin City Council, Block 4, Floor 4, Civic Offices, Wood Quay, Dublin 8, before 25th November.

I wouldn't disagree with your views on the weakness relating to removing people from their old address, but the fact remains, it is the current form to get onto the register, and it doesn't require Garda verification.

RFOLEY1990 · 28-10-2018 10:01pm

Rubberchikken wrote: »

Totally against this. Insecure. No matter how much anyone tries to convince me otherwise, nothing is absolutely secure.

Plus if a person is so lazy that theu cant be bothered to get to the nearest polling station then finding ways to encourage this laziness/apathy shouldnt be allowed.

No more insecure than going with a voting. Ten years of voting I've been asked to show id about three times

Coillte_Bhoy · 28-10-2018 10:02pm

doylefe wrote: »

The Russians developed a system of opening seals, changing drug samples and re-sealing the original seals. How are we sure this is not happening here?

Were there reps from all the political parties involved? Police etc overseeing every step of the process?

bloodless_coup · 28-10-2018 10:02pm

Coillte_Bhoy wrote: »

****ing hell, it's been explained to you. Are you pure thick or just **** stirring? Sit back a moment and actually think how many people would need to be involved to fiddle even one ballot box

I'm being obtuse, similar to how others are being obtuse in relation to using technology as a solution.

Capt'n Midnight · 28-10-2018 10:06pm

AndrewJRenko wrote: »

Ballot boxes are sealed in public view in the polling station, stored under Garda supervision overnight, and opened in public view in the count centre. It is pretty foolproof, and Ireland has an excellent record of electoral integrity.

The Ballot boxes are transparent so a stack of votes would be spotted, so stuffing them would be a logistical problem.

And there's the tallymen from different political parties watching over everything like hawks. So similar pattern or writing might be picked up. On an evoting system all of this evidence would be invisible.

The previous eVoting solution we bought actually required MORE manpower to operate than the manpower required for the counts. Each machine required a dedicated operator to enable voting for each voter. So it didn't save manpower at all.

Not to mention the €51m in hardware costs. And another €3.2m is storage costs. In the end they were sold off for just €70,000.

I like to watch politicians squirm on count day.

kneemos · 28-10-2018 10:06pm

RFOLEY1990 wrote: »

No more insecure than going with a voting. Ten years of voting I've been asked to show id about three times

Think they have a quota of twenty or something at each station.
To be asked at all is extremely unlikely.

cython · 28-10-2018 10:09pm

AndrewJRenko wrote: »

It's the form used to get onto the draft register;

From http://www.dublincity.ie/main-menu-your-council/register-vote

I wouldn't disagree with your views on the weakness relating to removing people from their old address, but the fact remains, it is the current form to get onto the register, and it doesn't require Garda verification.

And I would contend that if you have changed your address, you are not looking to get on the register, rather you are looking to correct it. Citizens Information says the below (my emphasis):

Correcting your details in the draft Register
If you need to add your name or change your entry in the draft Register, you can do this up to 25 November each year. You must fill in form RFA1 for the draft Register and send it to your local authority. This form is available to download at that time at checktheregister.ie. You can also get it from any post office, public library or local authority.

If you are applying because you have moved to a new address, you should include this information and your former address so that you can be removed from the register for that area.

The amended Register of Electors is published on 1 February each year and comes into force on 15 February.

In turn the RFA1 form says

The purpose of this form is to facilitate anyone wishing to make a ‘claim’ (ie a proposal) to have a correction made in the Draft Register. The form is for use in the period 1 November to 25 November each year, following the publication on 1 November of the Draft Register for the register coming into force on the following 15 February.

So by rights you should use RFA1, which is valid for slightly over 3 weeks each year, and outside of that you need Garda verification. Anyone relying on the bog standard RFA form is part of the problem, and considering it could be months (indeed over a year if they submit it after November!) before it gets them on the register with the correct address, it's a terrible way to go about it.

Collie D · 28-10-2018 10:10pm

kneemos wrote: »

Think they have a quota of twenty or something at each station.
To be asked at all is extremely unlikely.

Really? I've missed maybe two votes in 20 years due to being out of the country and I'm always asked for ID. Not sure if that means you're wrong or I have one of those faces.

AndrewJRenko · 28-10-2018 10:12pm

doylefe wrote: »

I'm being obtuse, similar to how others are being obtuse in relation to using technology as a solution.

Others aren't being obtuse. Others are pointing out the specific strenghts of the current system that you don't know about, and the specific weaknesses of your proposals that you haven't considered.

On the broader issue, do you really think that a boards poster is going to come up with a Sunday night solution that armies of academics and industry experts have wrestled with for 30 or 40 years?

RFOLEY1990 wrote: »

No more insecure than going with a voting. Ten years of voting I've been asked to show id about three times

It's a separate issue, not directly relevant to the question of online voting security.

kneemos wrote: »

Think they have a quota of twenty or something at each station.
To be asked at all is extremely unlikely.

I heard the Dublin Returning Officer say their quota was one in five people to be asked for ID.

cython · 28-10-2018 10:13pm

kneemos wrote: »

Think they have a quota of twenty or something at each station.
To be asked at all is extremely unlikely.

When I clerked a number of years ago it was something like you needed to be able to say you had IDed or could recognise something like 1 in 5 or 10 people. This was in a small town (circa 10k people), and I actually used to live in the neighbourhood that the station covered, so realistically much fewer than 1 in 5 people were IDed, but we were probably certain of > 3/5 people's identities.

bloodless_coup · 28-10-2018 10:15pm

AndrewJRenko wrote: »

Others aren't being obtuse. Others are pointing out the specific strenghts of the current system that you don't know about, and the specific weaknesses of your proposals that you haven't considered.

I've considered all aspects of my proposal and I'm comfortable with the robustness across the board.

Gbear · 28-10-2018 10:16pm

How about don't link the voting machines to a network and count votes through removing the hard drives and plugging them into a central machine at the location where the counting is done. You'd have to break into wherever they're stored, sneak some code into the program that wouldn't be caught in testing or brazenly attempt to interfere with the machine on site on the day to hack them then.

In fact, the code could probably be really really simple then, making it hopefully less buggy and more difficult to disrupt, as well as not being absurdly expensive, but, of course, government cannot do things like this without somehow pissing loads of money away.

For auditing, have a random code on your eballot that you can keep, and then release a randomised sample of votes online for people to compare to their votes - ie you can't sell it because only, say, 10% of votes will actually be revealed.

Also, buying and selling votes is not something we should worry about IMO. There's lots of **** motivations that go into voting. I don't believe it will be significant enough a problem, even if it were feasible, or that it would unbalance the vote one way or the other.
Politicians already have legitimate means to buy votes. I'm not sure it would be cost-effective to actually pay people to vote one way or another in sufficient volume to skew elections, although that might depend on the vote (Dail votes would be more sensitive than, say, referenda)

Another thing would be doing both paper and evoting. Use the digital count to cross reference and ensure accuracy and also give a near instantaneous result, while the paper is counted to ensure legitimacy.
Even if evoting was to be implemented, I would imagine it would be best to have a transition period with both to give several elections to find out any possible systematic failures anyway.

Another option is that evoting might be a good tool but for a different job. You could have a Dail app that allows the government to get a broad picture of opinions in relation to policy decisions, through regular plebiscites, but not necessarily be bound by them. It would give a more fluid and up to date mandate to the government.

Smart Voting

Comments