Are there no attempts made to investigate the impact of vote trafficking?

Europe did several studies on postal ballots, and largely rejected them as insecure. I don't think the possibility with mail in ballots is in question.

You can require registration with an ID, but in the US maintaining voter rolls is hard.

All security limits how easy it is to do whatever it is you are securing. So you have a trade off of zero security and super simple voting, or massive security and very difficult voting. And everything in between. You have to choose.

In my opinion, postal ballots should be restricted to the smallest group possible. I don't mind an exception for the paranoid, but we don't need to break the system to accommodate the fringe cases.

[removed]

Here's a more concise way to put it: I would prefer if we did not have trade secrets in elections. Let the vendors copyright and/or patent their stuff, but the source code should be open to public inspection. This isn't about security, per se, as much as it's about transparency. If you want to get nerdier about it, it's also about publicly verifiable reproducible builds, which has ramifications for security and transparency.

How do I rig an election in Uganda?

How is it legal for Republicans to be doing what they are to take over the government? I.E. filling positions all over the country with trumpists (state level SOS) which is an obvious government power grab? Why is gerrymandering acceptable per court ruling some odd years ago? Fuck politics and the system, man, its fucked at this point.

Why do you think one party or the other is worse about honest elections?

Republicans have been pushing for more observers, more verifications, elimination of mail in ballots, laws against ballot harvesting, etc.

The Democrats are opposing election security. I'm not saying they are necessarily trying to steal elections, but they are not doing investigations into voter fraud, and opposing common sense election security so you can't catch voter fraud if it happens!

This guy is detailing some great ways to ensure nobody (including your Republican and her goods) can mess with the results. Something I applaud. But note none of his solutions work with mail in ballots outside of a monitored polling station.

Are the machines ever randomly subjected to a forensic level audit to ensure the machine operated as it should? Ultimately who is accountable for ensuring the machine operated as it should? Are there any consequences of a machine that didn’t operate as it should for the person or entity responsible for its operation? Are the machines connected to some kind of live operations center for real-time monitoring?

If the hash doesn't give feedback to the voter that the ballot is counted correctly, I think you need open source to ensure that is actually done correctly.

My point really isn't about counting or verifying votes, but the monitoring of processes. Of course, being in the blockchain myself, I've focused on creating cryptographic proofs of sequences of events, and gathering all those proofs into summaries (block hashes if you will).

Allowing the logging of all the processes behind voting (the set up, poll, venue, setup, voting machine configurations), observers, workers, video, etc.) all to the blockchain, you end up with time sequences and actions that create responsibilities. Failures in process can't be hidden.

I feel actual voting and ballots don't gain much from the blockchain, though there are ways to use the blockchain for voting. The real gain is to audit the execution of the election.

Public blockchains are much more complex than your description, and do allow for selecting authorities in distributed locations that all contribute to a unified (cryptographically speaking) log of events.

Open source hardware and software is the only way to rid ourselves of accusations that are made about voting machines like we saw in 2020.

And it isn't an entirely baseless fear. We do know software is often compromised, and we even know hardware is often compromised.

The most secure software in the world is open source, and the best way to build forward with secure voting software with rich features is to ensure everyone can develop on a common base.

It's difficult to find evidence of this sort of thing. The most persistent rumors generally involve some form of bundling of vote-by-mail ballots. In the Rio Grande Valley of Texas, for example, they're called "politiqueros" or "politiqueras". It's unclear whether the impact of these sorts of activities are sufficient to change election outcomes, but Texas and other states have chosen to make it harder to vote by mail, claiming it would reduce fraud. Of course, whenever you change a policy like this, you'll have unintended effects, like making it harder for legitimate voters who might prefer to vote without needlessly exposing themselves to the risks of COVID.

Hence require open source. It isn't about being commercially viable, if not providing an open source product means it isn't commercially viable.

Very interesting, thanks for the thorough and informative response!

How much money did you get from dominion?

People vote for the corrupt politicians.

To combat them, you have to get people to stop voting for them.

The current state of things has people wanting corrupt politicians, and the only way to change that is to talk to people and change their mind,

What do you define as close?

https://projects.fivethirtyeight.com/2020-election-forecast/maine/ 2020 polls consistently showed a double-digit lead. (~+10)

The final results were consistent with that: https://en.wikipedia.org/wiki/2020_United_States_presidential_election_in_Maine#Results

It's not really that simple. I could tell you that Rhode Island is amazing (try the grilled pizza!), but they face very different needs, never mind operating at a very different scale, from California or Texas. Small town elections are often done with hand-counted ballots, which is fantastic, but that would never work in huge cities, where it's just too slow and too error-prone.

The earlier generation of paperless electronic voting systems, adopted in the early 2000's, have been widely studied and have been found to have significant security flaws (examples: California "top to bottom" review in 2007, Ohio EVEREST 2007). (I was one of the co-authors on the California review.)

As a consequence, all the new voting machines involve paper in one form or another. The two most popular forms are ballot marking devices, which have some sort of computer interface and produce a printed ballot, and hand-marked paper ballots, which are typically scanned by a computer, often bolted to the top of the ballot box ("precinct count optical scanner").

The magic of a risk limiting audit (the topic of this thread!) is that it provides an efficient process where a post-election audit can prove, to a desired level of statistical confidence, that any errors in the electronic tabulation are small enough that they don't change the announced winner of a contest.

So, RLAs let us have the efficiency benefits of computers, while still having the security properties that we want from hand tallies, without requiring the slow (and error-prone) process of hand counting.

So a Republican and her goons go walking into a voting machine office. How can we put safeguards in place so that the machines themselves, i.e. their physical security, can be assured?

Thank you for the response :) I'll read up more on risk-limiting audits!

I'm glad to hear that a security expert such as yourself is not concerned with non-credible "evidence" and is more focused on eliminating vulnerabilities before they are exploited. I imagine you could talk at length about 2020 but I'll leave it at that!

I'm not an expert in polling, but polls have margins of error, and pollsters often make corrections to their raw polling to compensate for demographic differences between their sampled population and what they anticipate the actual electorate might look like. So, for any given poll, there are a bunch of assumptions baked into the numbers, any of which might turn out to be false. In other words, when an election disagrees with a poll, that can be a surprise, but it's not an immediate red flag.

That said, many states have laws that allow for automatic recounts when the margin of victory is small enough (typically under 1%). And we recommend that every state adopt risk-limiting audits (the topic of this post!) for all their elections, as a required procedure.

In a high-margin race, a risk limiting audit requires a very small number of samples in order to provide convincing evidence of the correctness of the outcome, so RLAs would be a great thing to adopt.

What states do voting the best? And what are the things they are doing to make it that way?

What about the races that were so far off from the pre-election polling?

No one even thought to audit the Senate race in Maine, because it was a huge margin, but the polls had it much closer.

Wouldn't it make sense to do some sort of audit in those situations?

Each of our states have their own rules and procedures, but there are only a small number of equipment vendors for the vast majority of votes cast. This means, in practice, that we can't depend on diversity as much of a security mechanism. Instead, we need better process and procedures (like risk limiting audits!) to help mitigate against some of the threats we face.