The most important feature of public elections is trust. Efficiency is one of the least important feature.
When we moved away from paper voting with public oversight of counting to electronic voting we significantly deteriorated trust, we made it significantly easier for a hostile government to fake votes, all for marginal improvements in efficiency which don't actually matter.
Moving to internet voting will further deteriorate the election process, and could move us to a place where we completely lose control and trust of the election process.
We should move back to paper voting.
The thing about paper ballots is that the ways to cheat with them are well-known ("finding" ballots in the trunk of a car, "losing" ballot boxes on the way to the counting center, counting the ballots behind locked doors with observers not present, and so on), and have been well known for centuries. So the counters to them (ballot boxes sealed with an official seal once full, only sealed ballot boxes will be opened and counted, neutral observers present at all times when ballot boxes are being transported and/or counted, and so on) are also well-known. If those anti-cheating counters are in place, that gives you quite a lot of trust in the results. And if observers get thrown out and then ballot counting continues behind closed doors, you can have a reasonable suspicion that cheating is going on, and can make a stink and demand a redo of the vote.
With Internet voting, the ways to cheat are not all that well-known among the general population, and even among an audience like HN I bet we couldn't come up with all the ways to cheat. (That's not a challenge!) So there's going to be fundamentally less trust in the election process than with paper ballots, even if the Internet-voting system was actually made completely secure. (And I'm not persuaded it can be made completely secure, given that secret ballots are a fundamental requirement of the process).
So yes, paper ballots are very much the way to go.
P.S. On the subject of counting ballots behind closed doors, look up Athens, TN in 1946 if you haven't heard about it before. It's a fascinating story. https://en.wikipedia.org/wiki/Battle_of_Athens_%281946%29 has a very long account, but the short version is: the sheriff of McMinn County was widely believed to be cheating on ballots by, among other things, having his deputies count the ballots behind closed doors. In 1940, 1942, and 1944, he and his cohorts "won" the election. But in 1946, a bunch of WW2 veterans returning home had formed their own voting block and had run some candidates opposing the sheriff and his cronies. When the sheriff's men took ballot boxes away to count behind closed doors again in the county jail, the WW2 vets armed themselves (without permission) from the local National Guard armory and besieged the jail. The sheriff's men eventually surrendered and returned the ballot boxes which, once counted in front of unbiased observers, showed that the sheriff's candidates had lost and the veteran candidates had won. (Surprise, surprise).
It got made into a 1992 movie called "An American Story" (which covers many things, the Battle of Athens being just one of them). I have no idea how accurate the movie is (I know it's not 100% accurate, but how much it changed I don't know).
There's a town in Alabama that skipped elections for 60 years; they'd just hand it off to a buddy. Someone finally registered to run and won by default, so ten days later they had a secret do-over to avoid a Black mayor.
https://en.wikipedia.org/wiki/Newbern,_Alabama#Mayoral_dispu...
Hadn't heard about that one. Fascinating. Especially since the Black mayor then challenged the secret do-over, won, as was reinstated as mayor. Then the next year there was an actual election for the first time in over 60 years, and the Black mayor won reelection 66 to 26. Not 66% to 26%, 66 votes to 26 votes. Which just goes to show what a small town that was.
P.S. Population of that town in 2020, according to the census? 133 people.
Alabama Goddam
Oh, and if the election is on something so polarizing that there are no "neutral" observers, then rather than neutral observers you can have observers from both (or all) parties/sides present, with cameras rolling, while the counting is going on.
I strongly disagree. If the system is transparent enough and provides mechanisms for verification and control - No reason to distrust it. I would prefer a system where even in 20 years I can go online and check how my vote was counted in older elections - this way stealing my vote would be impossible.
The issue is how to preserve privacy...
> I would prefer a system where even in 20 years I can go online and check how my vote was counted in older elections - this way stealing my vote would be impossible.
Understandable, but then vote-buying becomes possible. The reason vote-buying is impossible in a secret ballot is because you can't prove how you voted to anyone else. If you can look up your own ballot even five minutes after it's dropped into the box, then you can show your screen to someone else who then hands you $100 for voting the right way, and elections change from being "who has persuaded the most voters?" into "who has the most money to buy votes with?"
Vote buying and worse 'vote for me or I'll shoot you'. Buying is the more common scam but there are worse options for evil people
I live in an economy where people vote with pencils on paper in cardboard booths and at scalable cost, it just works. Obviously the cost also has to scale linearly for the 200+m voter economies, and time becomes a factor, but for community acceptance I still think paper and pen/pencil beats machine hands down.
(this is Australia. we have compulsory attendance at voting booths for eligible citizens, you can spoil your paper or walk away but we enforce with a fine, participation in the one obligation of citizenship)
-I have been offered voting remotely in elections for my home economy of the UK and I would have welcomed some kind of homomorphic encrypted, secured voting method, given I have done KYC with the UK government to get my pension paid, I don't see there is a problem with them knowing who I am online.
I therefore do not totally agree with the headline, but I'm willing to be convinced by the article, because comparing the land of hanging chad to my own, I think paper and pencil is just fine. BTW we have a senate election which demands ballot papers cut from A0 paper in long strips. Hundreds of boxes to be filled in. What we don't have is the vote for every judge, official, proposition on the table, we just elect representatives and senators, but we have a complex vote method. It just works. We do machine reading, but every single paper is reviewed by people, and parties have rights to monitor the vote, in secured spaces. We do not have a serious concern with the integrity of our vote, and the question is regularly asked and tested. (it's not just because we believe its secure and don't check)
Its a great list of signatories, includes people I respect. I would think that the prime question for americans is "how much worse or better than the current approach could this be?"
I've heard great things about the way that India votes.
It sounds like their Election Commission takes their job very seriously.
Very. Every voter is guaranteed a booth nearby (<2km away from registered address). Including a monk who gets his own polling booth because he lives so far from everyone and everything else. https://www.aljazeera.com/gallery/2024/5/8/an-election-booth...
Also https://www.reuters.com/world/india/family-remote-himalayas-...
As a kid living in Vicksburg MS in the late 80s, this is what irked me about in person voting. We lived in county but in a fairly dense suburban area with some biggish apartments nearby (SFH was mostly white, the apartments were mostly black). Our polling site was way out in the boonies, somewhere you could never get to without driving for 45 minutes...I was shocked when my dad took me with him.
There was really no good reason for that, unless they were really against a certain segment of the population voting (a lot of people in the apartments didn't have cars, or were too busy to go so far to vote).
Australia really uses erasable pencil markings to vote?
I would feel much better if they required ink.
Yes, and the reasons are outlined by the Australian Electoral Commission, the independent body that runs Australian elections (see the first FAQ)[0].
There are scrutineers that watch counting happen at the booth once polls close, and who also see and hear the numbers get phoned into HQ. HQ has more scrutineers from all parties checking both postal votes and recounts.
If anything doesn't match up it gets flagged. I think that the ability of every party to watch votes themselves means that trust is increased, and they have skin in the game (if they didn't object at the booth why not!?).
Pen markings are perfectly valid however, so you can bring a pen to the booth to vote with if you'd like to do so.
It's also true of course that erasers don't quite erase pencil. It would be fairly obvious that the paper was tampered with.
If you're worried about someone taking away your vote by erasing your pencil marking, then you should be equally/more worried about someone spoiling your ballot by voting twice on the same ballot, thereby invalidating it. You just need to trust that the people handling your ballot won't do that.
It's pencil in Canada too. Pencil works. Ink pens stop working, and are far more expensive than pencil in bulk. Voting is old. Using fountain pens, and quills to vote, is far more annoying than pencil when it just works.
The mark of vote being indelible or not is irrelevant. The monitoring and protection of the ballots is far more important. For example, representatives of all political parties are involved in the count, oversight by an agency, etc. If you had time to erase and re-mark ballots, you could swap out paper ballets too.
It’s not that it’s impossible - it’s that the established players are already questionable. And any new entry would require more than any simple company could provide. Heavy investment and collateral is required.
Our livelihoods are increasingly (almost entirely) digital and endure great efforts to abuse. But banking and/or retail operate on a different spectrum. For one they make money. The costs associated allowing their business online may never make sense for a non-profit based activity like voting.
Do we have any examples of internet activity as tempting to infiltrate/pervert that is secure and doesn’t extract value?
Anyways it seems greater damage will be done before we even reach a provably secure system. So paper/pencil voting would be better.
But fear not - even if we abolish voting machines we aren’t out of the hole just yet. We have good company with concepts like Citizens United as well as activities like sweepstakes that try to sway the populace to throw away a vote for a chance at a million. Illegal - sure - but that won’t stop the ostensible infinitely wealthy from enduring a slap on the wrist - or more appropriately a verbal reprimand (which is all that happened last time) for their part in electioneering. And if that didn’t work we have an onslaught of reAlIty and bots that poison our conversations in order to form our world views.
I’m jaded. I’m overly pessimistic. I’ll go now.
If we can’t create a secure online voting system why do we use it for passports, banking, medical records, drivers licenses, criminal and law record keeping.
This is just an attempt at control using the majority of cases that most websites and applications are insecure. If enough effort and time is invested of course we can create a fairly robust and secure voting system.
Errors in these other areas are typically reversible without undermining trust in electoral processes, leading to (in the worst case) wide scale violence and death.
We use the internet for too much, more systems should be airgapped. It’s a miracle that there hasn’t been a tragedy yet from a hack of critical infrastructure. Even things like water treatment and energy systems can be vulnerable: https://www.cnbc.com/2024/10/08/american-water-largest-us-wa...
I agree with the risks, the overall theme being it's much easier to potentially manipulate a million internet votes than physical. In other worlds, internet vote manipulation scales significantly more than physical.
But I could make the argument with any high trust internet system.
Let's take another high trust activity we do on the internet - banking. Internet banking gives a hacker the ability to steal millions while sitting across the world. This is the same argument the authors make about changing a million votes.
So it really comes down to the pros vs cons. That's the more important discussion imo.
Do the benefits of internet voting outweigh the cons?
Unless you’re talking about crypto, your internet banking hacker will not get away with anything significant. You can’t just “hack the bank” and take a million dollars. Banks only transfer funds digitally to one another by agreement through systems like SWIFT, and these transactions are traceable and reversible. Changing some ones and zeros in your account and then attempting to withdraw it all would raise a ton of flags, and you would need to breach an unrealistic number of systems and processes to make it possible.
At best you might be able to scam someone into sending you a few hundred dollars via Zelle. Some scam centers do this 24/7, but it isn’t that easy, and apparently they rely on human trafficking to acquire free labor.
The complex systems backing internet banking (including the people and processes) are immense in scale. They evolved over decades and were honed and improved as real problems occurred. Needless to say, there is no room for iterative trial and error in elections.
If you hack the bank you get very little, at least today. If you hack an election you get everything. No thanks. No to electronic voting.
> Let's take another high trust activity we do on the internet - banking. Internet banking gives a hacker the ability to steal millions while sitting across the world. This is the same argument the authors make about changing a million votes.
Bank fraud happens all of the time and at scale. However, it is entirely insurable and reversible.
Election fraud is not reversible. Trust cannot be restored in the way that a bank account can.
Internet banking is not anonymized. Voting should be.
In Brazil we have been using electronic voting for decades.
See, here we always had issues with corruption, and thats why we had to implement it.
The thing is that we always had major issues at the city level elections, because many small groups dominate different regions, and they just controlled the election officials, influenced voters, disappeared with ballot bags, and did all types of crazy stuff. It was pretty common at the eighties exchange votes for gas, dentures or even tubal ligation.
For all this reasons, a specific voting registry was created in 1985, and an electronic voting machine was used for the first time in municipal elections in 1995. This solved most issues, and elections started to be a lot easier, there was A LOT of confusion in the past. After it was available in all cities in the country, they started to do national elections.
The main idea here is that this is a government endeavour, not a private company. There are so many security layers that I think that only another external government actor would have resources to attack it.
These machines have special hardware, the encryption keys are loaded at the election day by the government, the machines are there only for the 8 hours of voting, then came back to a government deposit, they account for every machine, they are audited before and after, they randomly choose the election officials, the machine prints a receipt for the voter and the stats of votes of that machine. Each person has an election location and room/machine, so schools are used. If a machine has problems, they have to on the fly generate new keys for a substitution. In 2024 they used 570.000 machines at the election.
When the election day finishes, they place at the door of the room the machine receipts, so any ONG or international organization can verify. After it they take the machine to a central place where they connect to them and trasmit the data, and in one hour we know the president. During these decades we had presidents from the right and from the left, and all cities and states, so you can say it works just by seeing all this power cycling all the time.
I agree with the article in the sense that we need paper confirmation, and that we cannot trust the voter machine, but I think Brazil solved this by making sure to control the machine, and printing receipts and making then available to any public organization.
I particularly think that only one thing is missing in this technology, technically speaking, I would like to have a personal key with an ecc key created by me, that would allow me to insert this card when voting, so it would encrypt my vote, store and send to the server, so I could, using my card (even online) check for my voting history, connecting all the endpoints. It is still anonymous, but verifiable by me.
More information here: https://international.tse.jus.br/en/electronic-ballot-box/pr...
To some extent, I think the cost of paper voting is almost a feature. It takes more work and effort to corrupt a paper voting system enough to change an electoral outcome, it helps more people gain familiarity with the electrical process and places an additional weight on the decisionmaking,
* “all your money lives on the internet and it’s safe”
* “internet voting is insecure”
who wins?
Internet voting needs to be anonymous and non demonstrable.
Internet money needs to be the opposite, and reversible through the courts.
I think it is very difficult to secure internet voting, someone can stand behind you and twist your arm or otherwise coerce you to vote for their candidate. Much harder to do when there are observers and witnesses at the polling booth.
>Internet voting needs to be anonymous and non demonstrable
Why? Honestly Internet voting would improve overall turnout, which seems more important. And we probably could accomplish anonymity with some clever cryptography.
Anonymity keeps the government from locking you up if you vote the wrong way. Non-demonstrable keeps you from selling your vote to your boss.
That is why you typically show id, get a ballot and there is no relationship between the two.
It can't be anonymous. There has to be some form of IDV to ensure it is a registered voter.
The ballot has to be anonymous, or unable to be tied back to the voter once cast. It’s a hard requirement for a variety of reasons
You have to trust the voting place/ballot receiver in all cases. Like, after they take your name, you need to make sure that they aren't secretly associating your name with the ballot you are filling in. Likewise, if you vote by mail, you need to make sure that they aren't associating your identity on the envelope with the anonymous ballot inside the envelope.
The vote needs to be anonymous, not the registration + checkin process.
When digital content can be duplicated with ease, it is difficult to guarantee verified voter but untraceable vote.
Indeed, many people now get a erroneous covid tax-relief refund bill for not qualifying for a program they never signed up for in the first place.
One local scammer made off with a $5m government refund for a fraudulent business tax filing. You can't make this stuff up if you tried...
At some point, one is just amazed at the size of the cons people pull online. =3
Second is also possible in jurisdictions that issue id cards with cryptographic layer AND ability with the companion app to only prove a scope of the identity.
Without saying too much about my home country I believe it's doable.
[dead]
Wow, rarely one sees a comment that so clearly shows how our attention span has deteriorated and how we now too often fail at understanding the most basic conceptual underpinnings of a discussion.
[dead]
So my internet banking is secure for my funds, but internet voting is not for my vote. Right... OK, we got the message.
Voting is one of those things that people care very little about but it's extremely important as it can determine who is the head of state (a position that has a lot of power an influence).
A single compromise once can have incredibly bad long term consequences for the majority of a ruling elite gain power indefinitely.
2 factor vote. Vote in app, still go in person to validate result.
So where is the thought on mail in these days? It’s what we have in Washington and I rather like it.
Imagine that: thinking the technology used to cast votes is how elections get manipulated.
I believe the piece we're missing is the government (citizen?) service which issues (manages, replaces, revokes) constituents' cryptographic tokens for use with such things.
Then our voting systems could be electronic, secure, open, verifiable, and mostly private; assuming effective oversight / this organization does not issue fraudulent tokens or leak keys or identities (big assumption, but I don't think it's impossible.)
Isn't a vote being verifiably tied to a person actually a bad thing? Then you can actually check what e.g. your wife or kids voted for and punish them if they vote wrong. Or get people to pay for votes, but doing that at scale is obviously hard.
Maybe this isn't what you meant by verifiable, but there are systems with this property and they are bad.
The property you are talking about is generally called "deniability" in the literature, whereas the GP is talking "verifiability" ie. being able to verify your own vote is cast correctly. They are both valuable, sometimes mutually exclusive, but not necessarily, see eg. https://petsymposium.org/popets/2024/popets-2024-0021.pdf
Verifiable in this context means I can verify my vote was tallied correctly.
That would also mean someone could force you to show who/what you voted for.
So then you can verify your vote reached the tallying center, but not that it was tallied correctly. Someone can look at your vote and count it wrong.
I think that's fine and the best we can do, but the person I replied to said you can verify your vote is tallied correctly. That implies checking what the actual vote was.
Not at all. Make verification possible only at secure physical sites.
Receipt-freeness (i.e., a secret ballot) is usually the desired property. Yes, a lot of people like you state they desire verifiable votes. But that's where you need to respond to the points the person above you is making: how is such a system not also susceptible to coercion and bribery?
(However you would verify your vote, imagine the person who is coercing you is just standing over your shoulder with threat of force. An example might be an abusive husband who does not want to allow their wife to vote freely/against him. A briber might simply force you to allow them to look over your shoulder before they'll pay you off.)
Vs. paper ballots in a polling place: a coercer would not be permitted in the poll booth with me. I get to vote, and when I leave, … I can tell them whatever, but it does not need to match my vote. It utterly defeats bribery, as the briber has no way to verify that I'm doing what they way.
The person above me makes assumptions about implementation details and then pokes holes in them. I answered above.
Yeah, we have certificates on our ID cards, but they need to be manually renewed every 3 years which necessitates a trip to the designated authority. And then the underlying system gets changed every so often invalidating the card types altogether, so they can be used as dummy IDs only.
Exactly, we can definitely build a secure online voting system, far more secure than the current paper one, but it will come with some downsides. One of them is a national digital ID mandated to all voters, which obviously can and will be abused by the government.
Another reason (besides what I mentioned in another post below) why such a secure system will never see the light, even if we can technically build it, is that the average person will start to question: why do we still need to vote for representatives if we have such a system in place? Can't we as citizens vote directly on bills/acts? Which makes sense since the current system was designed before all these tech and connectivity.
While we’re on it, I don’t want the internet on my stove or car either.
We're actually not on that subject.
Which of these vulnerabilities do not apply to any other internet system? And yet all of everyone's money is accessible over the internet and that seems to be working fine. If they really care about security at this level then they should ban all non in person voting methods.
> If they really care about security at this level then they should ban all non in person voting methods.
Many countries do exactly that, sometimes with a few exceptions (ex: expats, disabilities, ...).
One problem with internet voting that does not apply to money is the "receipt-free" aspect. That is, a voter should not be able to prove that he voted for a particular candidate, as it would allow for vote buying, threats, etc... And it is a hard problem. With money transactions, you generally want the opposite, which is an easier problem.
Tom Scott made a solid video on this years ago[0].
I would love to go back to paper elections, even with all its problems (hanging chads anyone?). Let's make attack scaling as difficult as possible.
"Go back to"? How are you voting now?
Estonians seem to have funny ideas on this. They're very VERY digital-forward.
And their system has the same problems as all the others: https://estoniaevoting.org/
Looks like. More recent papers still find vulnerabilities too.
Steelmanning: They're putting the effort in so we don't have to. Either they find a way and it'll be awesome, or at some point they become an object lesson.
edit: Or third path: They muddle along just well enough with a system that can't work in theory, but ends up nearly working in practice, stochastically? (see also: email, wikipedia, or a hundred other broken things that can't possibly work but are still hanging on. )
what about crypto voting schemes? zero knowledge and all that
if we assume the user connection is secure (ie, about as secure as banking), can we have secure internet voting?
Not exactly. Centralized transactions on a blockchain ledger using hierarchical aggregation of tiers of voting collection points where each municipality includes their digital signature. And receipts for all voters that are easily verifiable against a publicly-readable ledger.
More important it should be a right first. Where i live it's not optional
You know, kind of an interesting test here. This was posted 13 minutes ago and the comments so far are mostly all supportive of not wanting internet/insecure voting methods, all supportive of pen and paper. I wonder if after an hour or two the propaganda hoses will have been turned on and all the top comments start to have the reverse messaging in them, saying internet voting is perfectly fine, and such initial comments downvoted into oblivion.
So you are saying that the humans are fast and the propaganda bots are slow?
Whose bots are fastest?
I agree.
In person and by mail voting with a blockchain ledger-based receipt is how to prove one's vote is counted anonymously.
There must always be a paper trail and a blockchain ledger provides the most reliable and secure means to maintain integrity.
Is this just an abstract and is there more to this post? I found it quite shallow.
I think it’s just twisting the facts to reach a predetermined conclusion.
paper & pen has tremendous value as a recording mechanism. Although it's slower at counting and indexing, it is far better at reproducibility and durability:
* records last > 500 years with no electricity . corruption is obvious at first glance. ( bad records don't appear to be good).
* counting is easily distributed by number of workers
* readily visually inspected with no special tools . ideal for auditing
* records stay in order at rest.
* easy to detect & protect against tampering
* easy to train new users . CRUD tooling costs pennies per operator
* cheaper to scale writes & reads
TCO and risk-assessment for paper records exceeds digital on nearly every measure.
I think this relies on the old argument that anything connected to the internet is potentially insecure. While it might have some truth, practically we all do very sensitive stuff securely while connected to the internet. The risk is there, always, but you put all the measures to mitigate it and even prevent it.
The idea that a malware could be on a phone “altering things automatically” feels like a 90s FUD cliche. If an online voting system existed, it won't be like a poll that you see on Twitter, for instance; it will be far more involved. For example, we can have blockchain as the network, and not just transparent to all, but even after you vote you can still check your vote and see if it was potentially altered, and a proper electronic chain of custody can also ensure that the vote was counted per the process, and all of that is visible to anyone who would like to check and even count ALL the votes yourself, again, just like how transparent blockchain is.
And saying paper voting is more secure isn't true at all, because these votes will be counted electronically at some point, either by a machine or just a simple Excel sheet, opening the same risks as the previous one except here, if it would happen, you will never know and you as a voter can't trace the vote from when you voted all the way until it was counted. The voting process should be designed in a way with zero trust in mind, just like how secure systems are designed now, like storage, encryption, vpn, etc., and voting should too.
I personally believe that we can build a very secure, robust, and trustworthy system that can be used for voting online, but I think no one wants that for all sorts of political purposes, either by actually altering the results that could go unnoticed, or at least keeping the window open to blame the results on a faulty system.
Why is it FUD? It's a real thing any competent programming team could implement.
The US overwhelmingly uses paper voting (often paired with electronic tabulation). We can't "move back", it's where we are.
Electronic tabulation introduces little risk when the ballots are paper.
Yep, I believe Louisiana is the only US state that does electronic voting without a paper trail. [1]
And not all paper systems are good either. I'm sure everyone remembers the disaster that was the punch card system used by Florida in the 2000 election...
[1] https://ballotpedia.org/Voting_equipment_by_state
>Electronic tabulation introduces little risk when the ballots are paper.
Do European and other first world countries favor electronic tabulation?
Is it possible that introduction of all electronic factors reduce trust?
For their upper house elections (which can have giant ballots), Australia uses computers in its counting, but there are humans in the process. [Here's a video from the Austalian Electoral Commission.](https://youtu.be/9AqN-Y25qQo)
Risk limiting audits are why this work. You physically sample ballots at random. The number you sample grows as the gap in the electronic tally shrinks to reach high confidence the election was tabulated correctly.
The majority of the U.S. votes on paper: https://verifiedvoting.org/verifier/. Most of the rest of the country votes using Ballot Marking Devices that produce paper ballots; less than 5% of the population lives somewhere where the only or default choice is electronic voting.
The problem isn't paper voting. It's paper voting by mail. It has to be in person and we have to verify the person who shows up to vote is legally allowed to vote. Without those two checks you cannot have safe elections.
I have a friend somewhere else in the world who is in the business of providing electronic voting machines to governments (cities and countries) to run elections. I won't mention where in the world because there are only so many of these companies and his is very prominently known in the region he serves. They develop the machines, write the software and provide the service.
He told me stories of various elections across the region where governments or specific political parties ask him to tilt the playing field in their favor by secretly altering the code. He has refused every single such requests because, as he put it, if you do for one side or the other, sooner or later you get burned (or worse) and it's over. He happens to be one of the honest and responsible players. That's not necessarily the case for others.
When I asked him about US elections, his answer was very simple: I can't believe you allow people to vote by mail. You don't know who's voting. You don't know how many times they are voting. You don't know if someone is voting for a dead person. You don't know if the person who filled out the form is legally allowed to vote. You don't know if votes are being intercepted and discarded or somehow replaced. You don't know anything. And this all before a single mail-in vote is counted.
We’re less worried about a low-scale low impact fraud my many people that is unlikely to alter results, than a systematic mass fraud by few people who can choose a result
> We should move back to paper voting.
We already use paper voting. If you mean go back to a time before voting machines, then I fear that would actually reduce trust because the amount of tabulation errors, data entry, and spoilt ballots would skyrocket. The only people who are increasing doubt in voting machine are the same people who are trying to disenfranchise voters and not accepting the results of past elections.
The last presidential election where doing a paper recount might have helped was in 2000 and believe it or not, the same party that's calling for abolishing voting machine today was the one who sued to avoid a paper recount then.
They did start a recount! IIRC SCOTUS, at that time already taken over by partisans, illegally ruled to force the original results on us instead of correctly ruling for all FL districts to use the same methodology when performing the tallies.
Yeah. The Republicans blatantly sabotaged the recount and everyone shrugged and moved on.
Just do both like we do here in GA. You vote on a computer, it prints out a piece of paper, you walk the paper over to some kind of scanner, and then it is deposited into a giant trash can. (maybe they keep the paper records, idk) - these are the dominion systems.
(memories..)
When I lived in NYC there was a giant lever you got to use - it was pretty fun - but positioning the actual paper was kind of tricky.
I think Georgia used to have Diebold machines where you would get a little receipt but I'm pretty sure they were very hackable. Anyway half of them were always broken.
Minnesota has a better system. You fill in a paper ballot using a pen, and the paper ballot gets optically scanned.
Besides avoiding any issues (real or imagined) with touchscreens, it makes it extremely cheap to stand up more polling places with more booths, since only one tabulator is needed; the booths themselves can just be little standing tables with privacy protectors.
This was common in Texas, but becomes challenging when one polling place serves voters that might have different elections to vote for - say, at a polling place on the line between two school districts or something like that. You can't just print one sheet of paper, and it to everyone, and call it a day. Toss in a few different jurisdictions that don't directly overlay each other, and the number of combinations become nontrivial.
(the machines used in Texas vary by county, in my county we use Hart InterCivic machines that are touchscreen but produce a paper trail - honestly I think it works well)
That just sounds like you don’t have enough polling places.
This really is the best way to do it. Scantron gives fast results and you get a paper physical record which shows the actual ballot exactly as it was presented to the voter along with what their vote was.
<devilsAdvocate>How many people spend time making their selections on the computer, then compare every single selection on the print out? Deniers could say the computer randomly prints votes to skew in certain candidate/party direction knowing not everyone would catch it.</devilsAdvocate>
all it would take is one person saying their printed ballot does not match their specific selection, and the whole thing would become chaos.
These "ads" are hilarious:
https://rcareaga.com/dieboldvar/adworks.htm
The New York mechanical machines by the 2000s were all worn out, there was a statistically higher occurrence of certain numbers (I believe 9) because the gearing was worn down.
I suppose I'm an optimist. I believe it is possible to create a secure online voting system. My life savings might be held at Fidelity, Merrill, or elsewhere, my banking is online, 90% of my shopping is online and it all has "good enough" security. Plus most banks seem to be well behind the state of the art in security. I believe with the technologies we have available today, we could create a secure, immutable, auditable voting system. Do I believe any of the current vendors have done that? NO. But I believe it could be done.
Money are stolen electronically every day - we do not know how to build secure systems. Considering the stakes for national elections (civil war or government instability) good enough is not good enough.
I agree with you on local elections - electronic voting is good enough for town or even state level elections. The stakes are dramatically lower.
We have ID.gov and we have blockchain. If we can ensure that the person submitting the vote is indeed that person, would it matter whether it was online, in a booth, or by mail?
People of limited technical ability can understand the checks and balances of a paper voting system, which legitimizes outcomes. No digital voting system I'm aware of has this characteristic.
You're not securing your banking details from the bank. The people running the elections are a probable adversary during elections, though.
That makes software really unsuitable.
Elections in most countries involve tens of thousands of volunteers for running ballot stations and counting votes.
That is a feature, not a problem to be solved. It means that there are tens of thousands of eyes that can spot things going wrong at every level.
Any effort to make voting simpler and more efficient reduces the number of people directly involved in the system. Efficiency is a problem even if the system is perfectly secure in a technological sense.
How do you solve the issue of manipulated voting? That's solved by in-person ID-authenticated voting, but can never be solved by online voting.
> The most important feature of public elections is trust. Efficiency is one of the least important feature.
If efficiency is low enough to significantly affect turn out, you cannot trust the results.
> We should move back to paper voting.
Nowhere in the US is electronic voting used from what I know of. Estonia is the only country I know of that does internet voting, but my info could be out of date.
Mostly agree, but we don’t have to give up the benefits of direct digital tabulation for quick results. I would like a paper audit trail. Print my ballot-as-cast for on a paper roll that scrolls by under a window. I can verify it before leaving the voting booth. Recounts and challenges can be a computer scan of the paper roll. None of this is hard. Costs a bit more, but buys trust in the system.
This is the system used in the majority of the United States. Direct-recording electronic voting systems were never that common, briefly peaked after the Help America Vote Act as the least expensive option to meet accessibility requirements, and have become less common since then as many election administrators have switched to either prectinct tabulators or direct-recording with voter-verified paper audit trail.
In the 2026 election, only 1.3% of voters were registered in jurisdictions that use direct-recording electronic machines without a voter verifiable paper audit trail (https://verifiedvoting.org/verifier/#mode/navigate/map/voteE...). 67.8% of voters are registered in precincts that primarily use hand-marked ballots, and the balance mostly use BMDs to generate premarked ballots.
> I would like a paper audit trail. Print my ballot-as-cast for on a paper roll that scrolls by under a window. I can verify it before leaving the voting booth.
Why should you be forced to trust that what you're shown is also what was being counted? The paper record should be the actual ballot itself, with your actual vote on it.
That's how it works in Cook County and a lot of other places: it's touchscreen voting, using "ballot marking devices", which produce a paper ballot you hand to an EJ to submit.
You don't necessarily need any sort of electronic counting for quick results. Federal elections in Australia are usually called late on the voting day and I imagine the same is true for other countries that are paper-only.
Some paper jurisdictions have this, essentially. E.g., where I live: the ballot is a paper ballot. You vote by filling in a circle/bubble. (If you're familiar with a "scantron" … it's that.)
It looks like a paper document intended for a human, and it certainly can be. A machine can also read it. (And does, prior to it being cast: the ballot is deposited into what honestly looks like a trashcan whose lid is a machine. It could presumably keep a tally, though IDK if it does. It does seem to validate the ballot, as it has false-negative rejected me before.)
But now the "paper trail" is exactly what I submit; it's not a copy that I need to verify is actually a copy, what is submitted it my vote, directly.
What if some level of efficiency (not necessarily internet) improves turnout and participation?
There are non-internet ways to do that. States are really the "laboratories of democracy" on that front, with different states having affordances like long early-voting periods and mail-in voting.
However, those are in the context of whatever political system they're in. No level of efficient election design is going to put a dent in the fact that California loves direct-elected downballot offices (e.g., treasurer, controller, insurance commissioner, state judges, local judges, etc.) and referenda, which all result in super long and complicated ballots with 50+ questions each.
At least in the US, I think there are a number of suggestions that are made repeatedly each cycle here. Like "it should be a paid federal holiday", and not putting onerous requirements on voters. Automatic registration. The list goes on.
But I what is written over and over is more on the lines of "I don't trust the process". I cannot blame anyone for not trusting Internet voting: I am a professional SWE, and it would be impossible for me to establish that any such system isn't pwned. Too much code to audit, hardware that's impossible to audit. But it's pretty trivial to demonstrate to the layperson how paper voting works, and how poll observers can prevent that process from being subverted.
Improved turnout and participation is a good thing in itself, but not necessarily if it puts a weapon in the hands of those who do not like the outcome and are seeking to invalidate it without regard to whether it represents the electorate’s legitimate choice.
We have mail voting as a default in Colorado. When you get your license you are registered to vote and opted in automatically. The one piece that might improve it further is if it came with a stamp to mail back. Otherwise you just drop it off at a drive-up ballot box. You can also vote in person if you want. Hardly anybody does it so there’s never a line.
You get text messages each step of the process too. “Your ballot has been mailed”/“your ballot has been delivered”/“your ballot has been received”/“your ballot has been counted - thanks for voting”.
How do they prevent double voting?
The ballots envelopes (not the ballots themselves) are keyed to the voter's identity. When the ballot is removed (not until the signature is verified and not contested), the voter is counted as voted, so if they double vote, then the second vote will be rejected. Likewise if you try to vote by mail and then at the poll, you are flagged before you even try to vote.
Other states that do this well don't start counting mail in ballots until after polls closed. They know if someone voted in person, so their mail in ballot is rejected before being opened and verified.
When you vote in person they print out a label that has some internal identifier unique to you and place it in your ballot
A question we all have to ask ourselves. What would I trade for efficiency?
The only thing seriously reducing trust in elections is anti-democratic politicians who will ALWAYS find a convenient reason to claim the election is rigged, and many of their followers will believe and propagate that lie to create distrust in the election.
There is really nothing we can do to satisfy these people except create some kind of structure they demand which will somehow be made to heavily lean in their favor. That is what will satisfy them. Nothing else will.
You're conflating "efficiency" with "disenfranchising voters."
Mail-in voting enabled citizens who otherwise simply couldn't vote, to vote. Citizens who, more often than not, were from already disadvantaged backgrounds.
Porque no los dos?
yeah, trust is real important. Wait, what's that. Stop the count? Don't count all the votes because it's taking too long? Where have I heard that before... What political, totally not fascist, group of people have supported a politician saying that before...