E-Voting System

Jackie laughlin

There is a tendency to confuse our voting machines with on-line voting. Our machines must rate as one of the most flagrant misuses of public money ever. Had there been no problems whatever with them, they would have produced absolutely nothing. OK, we'd get a fast count! Not only should whoever approved them be sacked but the fool who suggested it should go too.

On-line voting is another matter. In the face on declining voter turnout, it is argued that going on-line will attract younger voters who are among the least likely to vote. There are all sorts of problems - security being the least of them - but it has worked in primaries in the US and in the Baltic.

bonkey

oscarBravo wrote:

The fundamental difference between electronic voting and electronic pretty-much-anything-else is the absolute requirement for privacy.

I disagree.

There is already a postal vote for some people. This means that we already have a system which doesn't meet this absolute requirement you mention. Either its absolute or its not, there's no moddle ground with a term like that.

I live in Switzerland. Here, you are posted your ballot and you can return it by post, by dropping it into a box at the local Gemeinde, or by turning up on the day. They've also experimented with SMS-based voting with apparenly good success (although I'm skeptical of the auditability). Strangely, this disastrous (by your standards) system is often considered to be the heart of the best implementation of democracy going today.

Indeed, if you look around the world, you'll find precious few voting systems which implement this alleged absolute requirement or any other.

Now, this says one of two things to me.

1) Its not an absolute requirement.
2) There isn't a functional democracy on the planet, including the current Irish system. Thus, the need for it to become an absolute requirement is questionable.

And thats all I'm doing. I'm questioning the assertion that the need for total privacy is absolute as opposed to there being a need for sufficient levels of privacy. I believe the reality is that the latter is what is needed, and I haven't heard a compelling argument to show that this fuzzier definition is still unsatisfied.

Our constitution requires that such not be the case in an election.
...
If you're concerned that your vote accurately reflects your intentions, then the question changes.

Please bear in mind that I am not suggesting eVoting (i.e. remote voting) be in any way mandatory, simply optional. Young Johnny can always say "I will go and vote at the voting office" if he's worried about mom pressuring him whilst voting and/or that the system is less than perfect.

Ideally, I'd allow him to vote in both places and ensure the voting-office vote supercedes the online one. Coercion problem solved...unless he's gonna be locked up etc. Course, if someone did that, they can already prevent him voting one way, if not coerce him into voting the other, so its still just a reiteration of an existant problem.

Also, if our constitution requires that you cannot audit your vote, then our constitution requires that it be impossible for you to have 100% faith that your vote was accurately reflected. Either you can track it from start to finish, or you can't. If you can't then you can't have absolute faith that something isn't gone awry...simply reasonably good faith that it is so.
If you can track it, then it would seem that the current system is unconstitutional.

If this level of "reasonably good faith" is acceptable in the current sytem, why is the bar raised to an absolute for any future systems?

The only safe assumption should be that if coercion is possible, it will happen, and that therefore opportunities for coercion should be strictly limited.

But you can't limit them. You can limit one tiny set of conditions, which - in the era of portable cameras - are long obsolete. You can't prove that someone isn't coerced into voting a particular way, and the means for someone to effectively prove how they voted are now utterly commonplace in the form of digital cameras.

A paper vote is no freer from coercion possibility than any other. We just like to consider it so because its comforting.

I agree completely that our voting system has potential flaws.

They're not potential flaws, OB. They're very real and they show beyond question that we are more than willing and able to live with a less-than-perfect system. This, above everything else is what I'm trying to show - that the new system is being held to a standard we don't currently meet and don't (in general) seem to have a problem with not meeting.

Just as JoeQ Public was quite happy to hand his card over to the waiter and have it swiped out of sight, JoeQ Public should have had no problem sending it over the internet in encrypted form. But JoeQ did have a problem, because so many nay-sayers shouted out how unsafe this whole internet doohickey malarkey was. Meanwhile, the waiter down the local restaurant continued to rip him off through a sytem he was perfectly happy with.

Just like with online CC transactions, the critics re: remote voting say "its not perfect" and the implementors respond "neither is what you're already happy to live with so whats your point". What I'm saying is that a lack of perfection is not in and of itself the problem, but rather that one should be able to quantify the risk from a flaw and make an informed decision on it.

Once one accepts that perfection is not a requirement, and accepts that absolute requirements cannot be absolute if their current implementation is flawed, then one can look more objectively at what the real level of quality required is going to be. I'm not saying there are no problems, I'm saying that straightforward imperfection or a failure to meet absolutes is not automatically amongst them.

I have always had reservations about postal voting, but as I understand it a postal vote is very difficult to get.
I wasn't aware that the categories you listed were eligible; I thought that only police and armed forces and certain others could vote by post. I'm open to correction.

I pulled them off oasis.gov.ie after a quick google. Blame them.

Again, though, the question isn't how difficult it is. The point is that the existence of the postal vote at all shows that what you allege to be absolute requirements cannot be absolute.

A phone-camera is a recent threat model that's been introduced to the security of our existing system.

Its not that recent. Its a progression from the film-based camera which predates democracy in our nation. I remember as a kid in the 70s playing with a 110-format of my dads that would fit pretty-much invisibly in a jacket pocket, so anecdotally I can say this is a threat thats been real for at least 30 years.

The real question is: how serious a threat is it? The answer, I would guess, is "almost entirely negligible". I know a guess isn't good enough, but I've seen little if anything better from anyone else. No-one seems interested in quantifying risks, just pointing out that they theoretically exist and that this therefore is enough to disqualify.

Rather than shrug it off and resignedly accept that voting security is impossible, I'd rather see precautions taken to tackle such threats.

I think people should establish them to be threats in the first place. and quantify the risk.
I'm not shrugging anythign off other than untenable demands for perfection. There is, as with everything, a balance to be found. This will be a trade-off of ensuring people get to exercise their vote, ensuring the vote is inviolable, cost, and a number of other facts.

If people were willing to pay a fortune, put up with massive diosruption, and take huge amounts of time...I'm pretty sure a tamper-proof system could be implemetned using any technology. It might involve strip-searches, DNA-printnig and the likes, but its notionally doable at massive cost. Do we want that? No, because its the wrong balance.

OT: the C S Lewis quote in your sig has been one of my favourites ever since I first read Dawn Treader about 25 years ago.

Re-read it the other day and came across this just after reading Sceptre's post on the Israel thread. Thought it appropriate.

Diaspora

I like the sound of the Swiss system which wouldn't cost anymore than the current system if the ballot paper replaced the polling card.

The original project was typical Martin Cullen and to think that instead of demotion they charged him with directing how we will all travel for the next 20years.

Akrasia

Bards wrote:

Very same way I transfer funds between bank accounts from home. No intimidation there. More chance of intimidation from polstres up the strret from polling stations.

As far as I am aware my own house has enough privacy.

Even in the paper based system You can get intimidation... Sinn Fein driving people to Polling stations is intimidation/vore buyinig in my mind

no matter how many people sinn fein drive to the polling stations, they can't force them to vote for sinn fein, once they get to the polling booth they're on their own. If you vote from home via the internet, what's to stop the Daddy, who's a big Fianna Fail or Sinn Fein supporter from standing over his wife/mother/son/daughter as they cast their ballot to make sure they vote for the right candidate?
What's to stop parents opening their childrens ballot information (containing their pin) and voting on their behalf?

And more importantly, what's to stop a corrupt government from just making up their own election result and passing it off as the true vote? There would be no paper trail or exit polls or transparancy of any kind. We all know about Bank officials who embezzled small amounts of money from each money transfer. If that can happen in the secure banking system, it can happen in a voting system, especially seeing as politics tends to bring out the very worst in some people.

Akrasia

Without a secure paper trail, all electronic voting is subject to massive fraud. Look at what happened in america in 2004. Touchscreen voting machines without an audit trail were used, and very suspicious results were returned (in many voting centers, the exit poll results gave kerry the lead, but the recorded votes gave bush a significant victory (it never happened the other way around, and in some case, the margin of error of the exit polls was in the region of 9%, a figure unheard of in statistical analysis of exit polls anywhere else in the world)

John_C

Aren't blind people allowed to have someone come into the voting booth to help them? What's to stop that person from intimidating the blind person?

The 'potential threat' already exists in a number of forms and the sky hasn't fallen in.

oscarBravo

bonkey wrote:

And thats all I'm doing. I'm questioning the assertion that the need for total privacy is absolute as opposed to there being a need for sufficient levels of privacy. I believe the reality is that the latter is what is needed, and I haven't heard a compelling argument to show that this fuzzier definition is still unsatisfied.

OK, fair point. Allow me to restate my objection to electronic voting in general, and remote voting in particular: it introduces a whole bunch of new failure modes, and further undermines the level of confidence that it's possible to have in the validity of an election result.

The problem with a concept like sufficient level of privacy is that it's impossible to define. At least absolute privacy - while, you're right, unattainably - is a goal worthy of working towards. It's also a goal that can be legislated for, such as by making photographic devices illegal in polling stations.

bonkey wrote:

Also, if our constitution requires that you cannot audit your vote, then our constitution requires that it be impossible for you to have 100% faith that your vote was accurately reflected. Either you can track it from start to finish, or you can't. If you can't then you can't have absolute faith that something isn't gone awry...simply reasonably good faith that it is so.

OK, but there's a fundamental difference in the level of faith that it's possible to have in a well-managed paper-based system, and in a black-box voting system.

Up until now I have folded a paper ballot and inserted it into a locked box. That box is kept locked and under constant supervision until it is opened, in public, and the contents publicly and visibly checked. There are very, very few possible failure modes.

Now I'm being asked to have the same level of faith in an electronic system where I push a few buttons and walk away. Sorry: not going to happen.

bonkey wrote:

Just like with online CC transactions, the critics re: remote voting say "its not perfect" and the implementors respond "neither is what you're already happy to live with so whats your point". What I'm saying is that a lack of perfection is not in and of itself the problem, but rather that one should be able to quantify the risk from a flaw and make an informed decision on it.

Right, and I'm saying that if a new system introduces a whole new raft of failure modes, and doesn't address any of the existing problems, then it's automatically a bad idea.

Bards

Diaspora wrote:

I like the sound of the Swiss system which wouldn't cost anymore than the current system if the ballot paper replaced the polling card.

The original project was typical Martin Cullen and to think that instead of demotion they charged him with directing how we will all travel for the next 20years.

Wrong.. The original project was Noel Dempsey...

Bards

oscarBravo wrote:

Now I'm being asked to have the same level of faith in an electronic system where I push a few buttons and walk away. Sorry: not going to happen. .

I'm glad ATM's were invented before E-voting otherwise we would still be going to the Teller inside the Bank

oscarBravo

Bards wrote:

I'm glad ATM's were invented before E-voting otherwise we would still be going to the Teller inside the Bank

Paper trail. Auditability. Try to keep up.

Bards

Actually when ATM's were first introduced the same level of hostitlity and fear was used as an argument not to use them... ring a bell

bonkey

Diaspora wrote:

I like the sound of the Swiss system which wouldn't cost anymore than the current system if the ballot paper replaced the polling card.

One important factor of the Swiss system is that everyone's address is registered.

This might sound like Ireland, but in Switzerland, if you change address, your old community must be notified of your new address, so any and all correspondance can be forwarded. The fines for not doing this are seriously unfunny.

My fiancee used to work in a business management company, and part of her job involved tracking debt-dodgers through this system, often through 4 or 5 address changes.

The entire postal-voting system rests on the already-tight integration of postal and social services. I can see a lot of Irish people complaining that such "draconian" requirements would be an unacceptable invasion of privacy...

bonkey

oscarBravo wrote:

Paper trail. Auditability.

BTW, what part of the constitution expressly forbids the possibility of VVAT?

Also, what would prevent a referendum from changing that if this were agreed to be the only significant obstacle?

jc

oscarBravo

bonkey wrote:

BTW, what part of the constitution expressly forbids the possibility of VVAT?

I don't think it does. I didn't think I had suggested it did - if I did, apologies.

bonkey wrote:

Also, what would prevent a referendum from changing that if this were agreed to be the only significant obstacle?

A paper audit trail would certainly help, but only if correctly implemented. There are many potential pitfalls associated with the idea: first, the audit trail would have to be recorded in such a way as to prevent an individual's vote from being identified, so a continuous paper roll couldn't be used. Second, the voter would have to be given the opportunity to verify that the paper version corresponded exactly to the ballot as cast - and what's the procedure if it doesn't? Third, the voter must be prevented from removing the paper ballot from the polling station - this complicates the previous requirement. Fourth, under what circumstances are the paper votes counted? Fifth, if there's a discrepancy between the paper votes and the electronic votes, which version is authoritative?

Those are just off the top of my head. Given the huge increase in complexity all this adds to the electoral process, I find myself wondering exactly what the benefits are that justify all this?

Victor

oscarBravo wrote:

Auditability.

I'm sure he can hear fine.

Calling Sierra Papa Oscar Oscar Foxtrot ...

dahamsta

It's naughty to call someone a tango romeo oscar lima lima in here Victor, I've been banned for less in the past, while the aforementioned remain in-place. It's the Oirish Way loike.

adam

bonkey

oscarBravo wrote:

I don't think it does. I didn't think I had suggested it did - if I did, apologies.

If you didn't, then I completely misread this bit:

Whether you're talking about a credit card payment on online banking transaction secured by TLS, you're still looking at a scenario where the potential victim can check a paper trail and become aware of any fraud.
Our constitution requires that such not be the case in an election.

A paper audit trail would certainly help, but only if correctly implemented

I think its a given that only proper and correct implementations will be of benefit regardless of what aspect we're talking about.

I find myself wondering exactly what the benefits are that justify all this

Electronic voting, if correctly imlpemented, should lead to a more cost-effective system. (Please note the use of the words lead to[/] instead of produce is entirely deliberate.) Having said that, I'm not entirely convinced of this argument. I'm also not convinced of all the "more reliable results" arguments, but I guess that depends on what you're moving from. The "hanging chad" fiasco in teh US shows just how dodgy mechanical systems could be, but its hard to beat good ol' pen and paper.

Ultimately, the goal should be to have properly decentralised, reliable voting. Its not an easy thing to accomplish, I accept, but I don't see that as a reason to decide its not worth persuing.

The Swiss went down the "postal vote" path, and having gained widespread acceptance for that are now looking at other options. Their aim was simple - to increase participation. Their solution was simple - make it easier to vote, and more people will do so. The results? Exactly as planned - higher participation. Having achieved that goal, they're now looking at SMS (as mentioned before), internet, and god-knows what else. The reason - to keep participation high by making sure people have enough options that about the only ermaining reasons for not voting are "I didn't want to" or "I forgot".

oscarBravo

bonkey wrote:

If you didn't, then I completely misread this bit:

Whether you're talking about a credit card payment on online banking transaction secured by TLS, you're still looking at a scenario where the potential victim can check a paper trail and become aware of any fraud.
Our constitution requires that such not be the case in an election.

Not misread so much as missed the point.

With online banking, credit cards or whatever, there's a paper trail that can, of necessity, be associated with an individual. In other words, when I transact business using a secure online system, I expect to be able to find a record of it afterwards.

If I cast a vote electronically, to be able to check the value of my vote afterwards would violate the secrecy of the ballot. Any paper trail resulting from an electronic vote must be implemented in such a way as to prevent a given paper record being associate with a specific voter.

This is the point that's missed when comparing electronic voting to ATMs and online CC purchases - it introduces a completely new set of challenges.

Bards

Need a paper trail but if I can look it up then yes the paper trail works but gone is the secrecey. I think they are both mutually exclusive. unless

Why not have an in-between system. Voter enters preference on system A with valid userid and pin known only to themselves. system A passes the votes to system B (The count system) in a jumbled up and encrypted fashion with a totel number of votes check that is the same on both systems. User can check later by logging on that his vote is still the same on system A.

Now in my mind the secrecey and audit trail is valid unless someone can tell me why this will not work.

oscarBravo

Bards wrote:

User can check later by logging on that his vote is still the same on system A.

Now in my mind the secrecey and audit trail is valid unless someone can tell me why this will not work.

It won't work because it provides an audit trail at the expense of secrecy. If I can check my vote when I get home, then someone can force me to check my vote when I get home.

bonkey

oscarBravo wrote:

Not misread so much as missed the point.

I'm still wondering where in our Constitution this point is.

I know what you said and what you were driving at, but I'm not aware that our constitution explicitly says this is a no-no. Hence the question.

If I cast a vote electronically, to be able to check the value of my vote afterwards would violate the secrecy of the ballot.

Ummm. Maybe not. It depends at what point you cease being able to check the value of your vote, and at what subsequent point the vote is actually counted.

I'm not sure why this is a problem, though, because the same difficulty exists with paper-based voting.

How do you know, for example, that your paper-ballot wont get deliberately and incorrectly declared spoiled? You can't check it. You also can't check that the locked box your paper went into wasn't surreptitously swapped out for an identical-looking one at some point. There's not much you can check about your individual vote after it goes into the ballot-box in fact. THe best you can manage is to check the larger collection (the ballot box) to an imperfect degree.

So how can you fully trust such a system? The short answer is you can't, but people accept that such fraud has been made sufficiently unlikely, and made it even more unlikely as the scale at which the fraud is perpetuated increases.

Actually, most people don't even think about it, but when its brought to their attention, the "more trouble than its worth" conclusion seems to be a typical one in my experience.

When it comes to electronics, though, that all changes. All of a sudden, there are "trivial" threats even to a well-designed system...even if they're not trivial at all.

What it basically boils down to is that >99% of the voting populace are quite happy to trust the paper-based system on the assumption that the checks and balances function but will not trust an electronic system because they refuse to place their trust in the checks and balances there...oftentimes without even considering or knowing what those checks and balances are.

someone can force me to check my vote when I get home.

And? Are you seriously suggesting that democracy is in peril because of this?

I've already argued that the "uncheckability" of the paper vote has been a myth for over 30 years, but we're happy enough to live with that. You might wish to argue that we shouldn't be happy, but there's 30 years and more of evidence suggesting that this isn't something we need to get overly worried about.

We're happy to live in a world where recounts rarely produce the exact same result as the original count. Hell, we're happy to live ni a world where recounts exist. If the system wasn't flawed, there wouldn't be a justification for recount in the first place.

Democracy has not failed as a result of these flaws. We accept them because their impact is minimal in the absence of a corrupt system. When a system is corrupt, though, it doesn't matter what technology you use, you still won't get an honest result.

I guess at the end of the day, it comes down to a matter of perspective. I tend to agree with what I see as the Swiss mentality, which is that the democratic system is what is most important. I'd rather see 70% participation with a tiny potential for abuse than 35% participation with half the abuse potential.

Sure, we need to minimise flaws, but no matter what we introduce, someone somewhere will be disenfranchised and/or there will be some avenues of abuse open. However, as long as those do not threaten the democratic fairness of an entire system, then its fine by me. I have no illusions that each and every vote must be sacrosanct. It should be, but we've always settled for less in the past, we're settling for less now, so I don't see what logic suggests we are wrong to do so in the future unless perfection is actually attainable and we go for something else.

I personally don't care if mommy and daddy put pressure on little Johnny to vote for Da Partee. I don't care if they threaten to cut off his allowance if he doesn't bring home pictorial evidence proving how he voted, or if they just decide they know him well enough to know when he's lying about how he voted.

I don't care that my 102-year-old Aunt was basically being told who to vote for by the people in her nursing home, nor that she ignored them and instead trusted my sister to fill out her vote according to her choices.

I don't see these as threats to the system, unless thousands of moms and dads started targetting thousands of little Johnnies on the behest of Da Partee. But were such a threat to materialize, then it would be virtually impossible to keep it under wraps regardless of the voting mechanism used.

Bards

oscarBravo wrote:

It won't work because it provides an audit trail at the expense of secrecy. If I can check my vote when I get home, then someone can force me to check my vote when I get home.

Just like someone can force anyone to tell them which way they voted by interrogating them... no system no matter how it is done will ever ever ever be 100%

hmmm

I think some people are confused by what a VVAT system would look like. It's not a "receipt" in the same sense as an ATM receipt that you could take out of the building (or even throw away) - if that was the case, yes you could argue it breached the constitution.

Typically VVAT systems will allow the users to electronically enter their votes and then display, on paper, the vote they have registered. If the user accepts, the electronic vote and the paper are deposited in the voting machine. In the event of a discrepency, the paper vote is used.

Red Alert

there -should- be no reason to need to jumble the order on the Journal/Audit roll, since even in a paper election they only cross your name off the register. there is no indication on it as to who voted for who. the nedap system doesn't deal with voter registration as it had to be activated by a polling officer.

i would personally be more on for a system like the Lotto, where the same ballot could be counted electronically or manually.

oscarBravo

bonkey wrote:

I'm still wondering where in our Constitution this point is.

I know what you said and what you were driving at, but I'm not aware that our constitution explicitly says this is a no-no. Hence the question.

Article 12.2.3, "The voting shall be by secret ballot..." This has been expanded on by the Supreme Court. I don't have time to dig out the case law, sorry.

bonkey wrote:

Ummm. Maybe not. It depends at what point you cease being able to check the value of your vote, and at what subsequent point the vote is actually counted.

I'm not sure why this is a problem, though, because the same difficulty exists with paper-based voting.

How do you know, for example, that your paper-ballot wont get deliberately and incorrectly declared spoiled? You can't check it. You also can't check that the locked box your paper went into wasn't surreptitously swapped out for an identical-looking one at some point. There's not much you can check about your individual vote after it goes into the ballot-box in fact. THe best you can manage is to check the larger collection (the ballot box) to an imperfect degree.

Right, but again, you're missing my major point. It has long been recognised that there are threat models against the current paper-based voting system. Those threat models are well-understood, and there are procedures in place to guard against them. Those procedures are published, transparent, and carried out in full view of public scrutiny.

Yes, it is possible to swap the ballot box for an identical-looking one. Because this threat is so well understood, it's relatively simple to implement a chain-of-evidence style process to ensure that such a substitution doesn't happen.

The problem is that the proposed system introduces a swathe of possible attack scenarios that it's simply not possible to guard against in the same well-understood, open and transparent manner. As it currently stands, when I place my ballot in the box, I know it's in the box. I also know that there's a well-understood process involved in making sure it's still in the box when it's opened the next day, and that several parties with differing agendas have a shared vested interest in making sure the box isn't tampered with.

With the proposed system I'm already having to make a leap of faith that my vote was even recorded before I leave the polling station, and that's not counting the number of transformations it will undergo before it's even counted.

bonkey wrote:

What it basically boils down to is that >99% of the voting populace are quite happy to trust the paper-based system on the assumption that the checks and balances function but will not trust an electronic system because they refuse to place their trust in the checks and balances there...oftentimes without even considering or knowing what those checks and balances are.

I'm speaking for myself, rather than for the 99%. I've been watching this story very closely from the beginning, and I'm unhappy with the checks and balances in the new system. I'm relatively happy with the checks and balances in the current paper system. I wouldn't mind seeing an electronic counting system implemented, as long as the checks and balances are no worse than those currently in place.

bonkey wrote:

And? Are you seriously suggesting that democracy is in peril because of this?

Yes. You seem to be arguing from a position that if what I've got isn't perfect, then I should be happy to accept whatever new imperfections are offered to me. That's like saying that because my house isn't perfectly burglarproof, I should be happy to leave my valuables under a tarpaulin on the lawn, because that wouldn't be perfect either.

bonkey wrote:

I've already argued that the "uncheckability" of the paper vote has been a myth for over 30 years, but we're happy enough to live with that. You might wish to argue that we shouldn't be happy, but there's 30 years and more of evidence suggesting that this isn't something we need to get overly worried about.

I'm actually arguing that we shouldn't be implementing changes that make it easier to coerce voters, just because it's not currently possible to prevent it.

bonkey wrote:

Democracy has not failed as a result of these flaws. We accept them because their impact is minimal in the absence of a corrupt system. When a system is corrupt, though, it doesn't matter what technology you use, you still won't get an honest result.

For me, it's not a question of democracy suddenly collapsing as a result of this proposed change in the system. I am more worried about a gradual erosion of the level of faith we can have in an electoral system.

Yes, our paper-based system has flaws. But they're not in the same league as the fiasco that many electronic (and mechanical, as you've pointed out) systems in the US are increasingly turning out to be. I firmly believe that a substantial proportion of US election results are not reflective of the will of the voting public - in some cases due to system failures, and in others due to blatant fraud facilitated by the undermining of the auditability requirement. I don't want to see us go even one step down that road.

bonkey wrote:

Sure, we need to minimise flaws, but no matter what we introduce, someone somewhere will be disenfranchised and/or there will be some avenues of abuse open. However, as long as those do not threaten the democratic fairness of an entire system, then its fine by me. I have no illusions that each and every vote must be sacrosanct. It should be, but we've always settled for less in the past, we're settling for less now, so I don't see what logic suggests we are wrong to do so in the future unless perfection is actually attainable and we go for something else.

Settling for less than perfect is OK by me. Settling for less than we've currently got is not.

oscarBravo

Red Alert wrote:

there -should- be no reason to need to jumble the order on the Journal/Audit roll, since even in a paper election they only cross your name off the register. there is no indication on it as to who voted for who. the nedap system doesn't deal with voter registration as it had to be activated by a polling officer.

Right, but that ignores the fact that it's possible to tell simply by watching the door who was the first person to vote in a given polling station. Being able to match that person to the first entry on a "till roll" breaches the secrecy of the ballot.

Red Alert wrote:

i would personally be more on for a system like the Lotto, where the same ballot could be counted electronically or manually.

That's fairly easy to do with a simple ballot where you vote for either candidate A or candidate B. With STV, it's much more difficult to implement.

oscarBravo

Bards wrote:

Just like someone can force anyone to tell them which way they voted by interrogating them... no system no matter how it is done will ever ever ever be 100%

So you'd have no objection to scrapping the requirement for a secret ballot, and having people vote publicly instead?

Avns1s

To me there seems to be a very simple solution to this, in principle at least.

Why not have the evoting machine print off a "ballot paper" that the elector would place in a normal ballot box before leaving the polling booth, then you have the benefit of the e voting and the backup of the paper system oin case of errors or in a tight poll that merits a recount.

I would also think that if e voting is to be made active that the results of the counts be revealed bit by bit over the course of an hour or so, at least to those who have been brave enough to place there names on the ballot paper. At least then, if they are not doing well they have a chance to realise this and keep some dignity when the results are announced. Whatever we might think about them and even say about them, they are still human! Well most of them anyway!

sovtek

In my opinion these electronic voting machines are being pushed specifically because it's easier to manipulate them...call me crazy.
The only other reason I can see is that some people that are quite influentual will make a bundle off their sale to the state.

oscarBravo

Avns1s wrote:

Why not have the evoting machine print off a "ballot paper" that the elector would place in a normal ballot box before leaving the polling booth, then you have the benefit of the e voting and the backup of the paper system oin case of errors or in a tight poll that merits a recount.

My ideal electronic voting system in a nutshell.