Securing Elections

Technology can do a lot more to make our elections more secure and reliable, and to ensure that participation in the democratic process is available to all. There are three parts to this process.

First, the voter registration process can be improved. The whole process can be streamlined. People should be able to register online, just as they can register for other government services. The voter rolls need to be protected from tampering, as that’s one of the major ways hackers can disrupt the election.

Second, the voting process can be significantly improved. Voting machines need to be made more secure. There are a lot of technical details best left to the voting-security experts who can deal with them, but such machines must include a paper ballot that provides a record verifiable by voters. The simplest and most reliable way to do that is already practiced in 37 states: optical-scan paper ballots, marked by the voters and counted by computer, but recountable by hand.

We need national security standards for voting machines, and funding for states to procure machines that comply with those standards.

This means no Internet voting. While that seems attractive, and certainly a way technology can improve voting, we don’t know how to do it securely. We simply can’t build an Internet voting system that is secure against hacking because of the requirement for a secret ballot. This makes voting different from banking and anything else we do on the Internet, and it makes security much harder. Even allegations of vote hacking would be enough to undermine confidence in the system, and we simply cannot afford that. We need a system of pre-election and post-election security audits of these voting machines to increase confidence in the system.

The third part of the voting process we need to secure is the tabulation system. After the polls close, we aggregate votes—­from individual machines, to polling places, to precincts, and finally to totals. This system is insecure as well, and we can do a lot more to make it reliable. Similarly, our system of recounts can be made more secure and efficient.

We have the technology to do all of this. The problem is political will. We have to decide that the goal of our election system is for the most people to be able to vote with the least amount of effort. If we continue to enact voter suppression measures like ID requirements, barriers to voter registration, limitations on early voting, reduced polling place hours, and faulty machines, then we are harming democracy more than we are by allowing our voting machines to be hacked.

We have already declared our election system to be critical national infrastructure. This is largely symbolic, but it demonstrates a commitment to secure elections and makes funding and other resources available to states. We can do much more. We owe it to democracy to do it.

This essay previously appeared on TheAtlantic.com.

Tags: , , , ,

Posted on May 10, 2017 at 2:14 PM78 Comments

Comments

Gunslinger May 10, 2017 2:31 PM

Requiring voter ID is not suppression. It is a critical security measure to verify that the person voting is registered and thus eligible to vote.

parabarbarian May 10, 2017 3:13 PM

A secure way to differentiate a legitimate voter from those not permitted to vote is essential for a secure election process. Authentication and authorization. Absent a secure way to identify a voter, programs like online registration open up a raft of opportunities for abuse.

TheOne May 10, 2017 3:26 PM

Only a left-leaning security expert would promote authentication without identification (in regards to voter ID). People must know when to flip off their political switch and use their professional experiences and logic instead.

tz May 10, 2017 3:37 PM

You can’t securely and reliably register online.

Say someone falsifies my registration in another state. Either the duplicate records means I won’t be able to vote and may only find out when I show up at the polls, or bunches of people can be cloned in every county.

Identity is hard if you want it to be reliable. Driver’s licences or state IDs? Some states give them to illegals (I won’t use “undocumented” because it is illegal to be undocumented),

What if you don’t have state ID? How do you verify citizenship or identity (birth certificates)?

How do you prove you are you in a legal sense (affadavit, perjury) online? Especially if you don’t have credit, don’t have a recent utilty bill, aren’t familiar with the area (I once tried to go through Equifax’s system, was denied, but it was a case where I couldn’t appeal).

Can you even do something like 2 factor authentication? How do you establish something antecedent (passport or Real-ID) that would allow you to use it to prove it is you changing the info.

Consider the Social Security administration is just adding 2FA, and the IRS has had lots of ID theft and fraud, and that should be at least as secure as voting.

Cigaes May 10, 2017 3:40 PM

Internet voting is a big no even with perfect technical security: if the voters can vote from home, they can do so in plain sight of other people, which means for some fragile people voting under peer and family pressure, and opens the door to vote coercion and buying.

Only the privacy of the voting booth, secured by officials, can prevent that. This plain but subtle fact is already weakened enough.

Ergo Sum May 10, 2017 4:10 PM

Quote from the article…

The simplest and most reliable way to do that is already practiced in 37 states: optical-scan paper ballots, marked by the voters and counted by computer, but recountable by hand.

My state does that, I just call the “scanner” a shredder. Could they re-count the votes? Certainly, but it is only done if and when the results are challenged. That’s seldom takes place and it is a costly proposition. So there’s room for “slanting” the results, just don’t make it obvious and everybody is happy…

As for voter identification…

In my state, one needs to be registered prior to voting and make it to the list of voters eligible to vote in the voting district where the person lives. Register to vote after a certain date, the person will not be eligible to vote. Yes, I still need a picture ID to actually vote. I don’t see much issue with this…

Michael Connell Nyeaawwmmmm, ka-FOOMM crackle crackle May 10, 2017 4:16 PM

Why secure elections when the parties squash anybody who supports things you might want to vote for? Do this instead.

http://www.nature.com/news/former-us-mental-health-chief-leaves-google-for-start-up-1.21976

This will help FBI find more nuts so they can stick a bomb in their hands, “Here, quick, hold this!” and lock them up as terrorists. Or CIA can put them in St. Elizabeths and brainwash them to kill Trump or RFK or Nicholas Deak or anybody else who annoys them.

Ross Snider May 10, 2017 4:34 PM

Let’s brainstorm some ideas:

1.) Voting trucks (like blood donation trucks, ice cream trucks, etc) that move out to hard-to-reach neighborhoods and for people who are on lunch breaks on work? Impersonation of such a truck should be considered a crime, like impersonating a police officer.

2.) National standards for the security properties required for voting: auditability, transparency, etc. States are evaluated against each other by a public commission to determine the properties that their state system implements and these are made public. This means that states could choose to use technological solutions (crypto systems and Dieboold machines) or paper ballots – and the measurement is against the properties rather than the solution.

3.) Gerrymandering and homestating are made illegal and a national system of defining districts is put in place.

4.) The election commission, privately owned by billionaires and CEOs of US heavy industry, is made a public organization.

5.) The voting system is revised to deter the formation of monopoly political parties, by using technology such as alternate voting systems and revising the control that the political parties have over the organization of the election system. First past the post is revised.

6.) Mail and absentee ballots are encouraged across all states.

7.) Voter surveillance and information campaigns are made illegal and political parties that engage in surveillance and voter manipulation are charged in public court.

8.) Citizens are asked to vote, in a non-binding manner, for policies as well as representatives so that there is a public record of the policies that citizens seek during elections.

9.) Votes are made to happen on a more frequent basis.

Daniel May 10, 2017 4:53 PM

I have mixed thoughts on this issue. On one hand I agree that there is very limited voter fraud and that voter ID is less about preventing fraud and more about voter suppression. On the other, I am not convinced that making voting easier is the best approach. Political ignorance is a real and significant problem and I don’t see how increasing the pool of uninformed voters actually increases democratic outcomes. It is worth remembering that at the time of America’s founding only property owners could vote. We have come a long way since then in terms of voter participation and I don’t see the value in eking out every last drop. So I am not convinced that the voter suppression aspect of this story has much merit either. Studies I have seen show that the problem isn’t the lack of registered voters, it is the fact that most people who are registered to vote, don’t vote.

JB May 10, 2017 5:11 PM

I agree with Gunslinger “voter ID is not suppression.” What keeps me from voting in other districts/states? I live in the most liberal state (Hawaii) and the state requires an ID to vote.

TheOne May 10, 2017 5:47 PM

A lot of people think voter ID laws would inhibit minorities from being able to vote but there are many ways that this issue can be resolved. If we can’t employ basic security fundamentals using logic instead of disregarding it due to feelings then maybe we don’t deserve a democracy and the voting privileges that come with it. Millions of dollars in grants are distributed to federal transit systems that run in the negative ( for the poor and minorities) and we’re throwing a fit about providing them a $10 voter id card. We even provide free “Obama” phones on every corner without any fuss. Follow the core security fundamentals…everything or nothing!

Anura May 10, 2017 5:56 PM

@Gunslinger

Requiring voter ID is not suppression. It is a critical security measure to verify that the person voting is registered and thus eligible to vote.

As you know, but are deliberately ignoring for the sake of making your point, the debate is not about simply whether we should require IDs, it’s about the fact that Republicans are writing ID laws specifically designed to suppress the vote of Democrats. Requiring an ID which is not required by law is inherently going to cause some people not to vote. Targeting those laws specifically in areas that are going to give your party an advantage is voter suppression. The fact that we allow states to set their own rules for national elections is complete idiocy, as it can only be abused (and the Republicans have done nothing but abuse it in recent years). The rules need to be uniform across the entire election and designed to be as inclusive as possible if you want fair elections.

liz May 10, 2017 6:00 PM

@Gunslinger
“Requiring voter ID is not suppression. It is a critical security measure”

To say it’s “critical” implies we’d be having serious problems without this measure. Is there evidence of that, like a huge drop in fraud rates after requiring ID?

Gary May 10, 2017 6:12 PM

Bruce, if secret ballots are a critical requirement — and this is always given as the reason that Internet voting is impossible — why are mail-in ballots okay? They are not secret before they’re placed in an envelope, and they’re not secret in transit either. My vote, my name, my address, and my signature are all in one nice neat bundle, ready to be intercepted.

v May 10, 2017 6:30 PM

Any remote voting – absentee ballots, Internet voting, etc. – is an invitation to fraud. Not only intercepted or altered-in-transit ballots, there’s also the possibility of coerced or purchased votes. If you say active duty military personnel overseas should vote absentee but local voters need ID you want,in my opinion, voter suppression. Maybe military personnel should be avowed to vote twice in each of the following x elections after their return.

James Brown May 10, 2017 9:01 PM

I agree with everything Bruce said except one little bit. I agree that a human readable ballot is an absolute necessity. I don’t agree, however, that a hand marked paper ballot is the right way to go.

Bruce said: “The simplest and most reliable way to do that is already practiced in 37 states: optical-scan paper ballots, marked by the voters and counted by computer, but recountable by hand.”

Hand marked ballots create a host of problems, just as punched ballots do. We all remember the dangling chad, pregnant chad, etc. arguments from past elections. Paper ballots have that same problem. Is this pencil mark in two bubbles or only one? Which one is darker / which one counts? And the list of problems goes on.

I think the most reliable method is to use electronic voting machines that collect the vote but immediately print a paper ballot for the voter to turn it. Being machine generated means there is a very low chance of it being misinterpreted upon a manual recount.

This gives the best of both worlds. We have a quick (instantaneous) way of counting votes (from the electronic voting machine) but we also have a human readable ballot that both the voter themselves can verify and that can can be hand counted for recounts or random verification of precincts.

I actually think this same sort of system could potentially be used to implement internet voting (at least to an extent) in a secure manner as well. We already do something like this today for absentee or early vote-by-mail situations. Why not extend that to internet voting?

It could work like this: you vote at home via internet which generates a ‘paper ballot’. You then print that paper ballot and mail it in. Bar codes could be used to verify that a given vote is only counted once and they can then be physically separated from the ballot to maintain the secrecy of the vote just as happens with paper ballots today at polling locations. Digital signatures can be used to validate that the paper ballot has not be altered in transit (although we don’t do that today for by-mail ballots). We can use any of the available personal verification systems (the ones that ask all sorts of questions from the public record about property you’ve owned, etc.) to positively identify voters and avoid fraud.

Of course, the results of the election would be preliminary until all the paper ballots arrived and were verified. The hard and fast rule is that if you don’t mail in your ballot for verification the vote doesn’t count. There would be deadlines for mailing in ballot confirmation just as their are for vote-by-mail ballots today.

Since my suggested system requires a mail-in ballot it is not purely internet voting. Therefore, it doesn’t conflict with Bruce’s assertion that we really don’t have the technology to securely implement pure internet voting. I agree with that completely, it’s the problem of “programming Satan’s computer.”

Anura May 10, 2017 9:08 PM

@Gary

Voter registration, including name and address is public record. I’m not certain, but I think the poll book you sign when you vote is as well. It is who is associated with each ballot that is kept secret (of course, I could imagine it being fairly easy to put fingerprint scanner in the ballot reader).

Swing-State Anon Coward May 10, 2017 9:14 PM

Ergo Sum wrote:

<

blockquote>…I just call the “scanner” a shredder. Could they re-count the votes? Certainly, but it is only done if and when the results are challenged….

<

blockquote>

Just add a store-bought video camera to the setup on a solid bracket to document the results as they exit the scanner. Post the video of all the ballots being scanned on the Internet with the checksum of the video published by the local newspaper the next day. Include a separate video of the backs of people entering the polling booths so you have an overall voter count.

Paper ballots should include unique, non-human readable (Q-code/barcode) numbers from a subset of a huge range, scanned beforehand and kept secret. Then shuffle the paper ballots physically. Now it’s a lot tougher to pull a switcheroo of 500 completed ballots with a ream of fake ballots. When the polls close, scan the empty ballots to collect the unused numbers.

In the interest of privacy, ballots aren’t scanned immediately, but go into a clear locked box, all on video. Yes, you can fold your ballot.

Here’s the fun part:

After the polls close, anyone can hold their own recount at home with friends using the ballot footage (for the price of a few pizzas, no doubt.) League of Women Voters, Boy Scouts, both political parties, you name it.

Someone will of course get the bright idea to write software to isolate the video frames into unique ballots, then cluster the isolated frames using the average distance of marked pixels from the left margin. Use that average to sort the frames. Playing back the sorted frames will look a bit like those old-fashioned flip-book cartoons. The video will feature clusters: the sloppiest, heaviest-marked ballots for the incumbent (let’s say for argument’s sake), followed by double-marked ballots with erase marks, double-marked ballots, light marks for the challenger, heavy marks for the challenger then the no-vote ballots. (Or something similar.)

The video catches the vulnerability where the supply of paper ballots is polluted by shifting some of the victim candidates’ checkboxes outside the detection range programmed into the scanner.

One ordinary commercial scanner, $400.
Two video cameras with brackets, $600.
Two huge SD cards, $100.
Confidence in our elections, pr…

V May 10, 2017 9:18 PM

Re: voting by mail

I’ve got this bottle of MD 20-20 I’ll give you as soon as I see you drop your vote for Senator Blowhard in the mailbox.
Nice kneecaps! It’d be a shame if someone whacked them with a golf club. Let me help you take that vote for Senator Blowhard to the mailbox.

jdgalt May 10, 2017 9:58 PM

I suggest we register people to vote on their tax returns, as they do in Canada.

(Canada’s tax return is also the application for welfare, so everyone files one. That feature also would make a lot of sense for us.)

Andrew May 10, 2017 11:38 PM

American election not my competence but from a general perspective it doesn’t make too much difference if one rich guy steal some votes from another rich guy while some others rich guys, owning the whole media, only allow these two the access to power. Some people with really good intention will never make it.

On the other hand, the American society seems that will not be crippled anymore with funny and stupid efforts of trying to prove that Trump is a Russian spy.
I think Comey was a man of integrity but he lost the big picture wasting time with this. (Just some flame for political comments)

Winter May 11, 2017 2:38 AM

Instead of speculating on the effects of Voter ID laws, lets look at real data. And the real data tells us that strict voter ID laws do suppress minority votes in a way that benefits Republican candidates:

Voter Identification Laws and the Suppression of Minority Votes

Zoltan Hajnal, University of California, San Diego
Nazita Lajevardi, University of California San Diego
Lindsay Nielson, Bucknell University

http://pages.ucsd.edu/~zhajnal/page5/documents/VoterIDLawsSuppressionofMinorityVoters.pdf

For the courts and for American democracy the core question should be – are these laws fair? Do they limit the access and participation of the nation’s most disadvantaged? Are these laws racially discriminatory? The findings presented here strongly suggest that these laws do, in fact, have real consequences for the makeup of the voting population. Where they are enacted, racial and ethnic minorities are less apt to vote. The voices of Latinos and to a slightly lesser extent those of Blacks, Asian Americans, and multi-racial Americans all become more muted and the relatively 30 influence of white America grows. An already significant racial skew in American democracy becomes all the more pronounced.

All of this also has clear partisan and political consequences. Strict voter ID laws appear to diminish the participation of Democrats and those on the left, while doing little to deter the vote of Republicans and those on the right. They produce a clear partisan distortion.

Alex May 11, 2017 2:47 AM

Having people involved locally counting the ballots lends a lot of credibility to the process. Most people can count and trust the process to be fair. There are some errors as humans are counting, not machines, but they will be minimal.

If we could design a secure electronic voting process, this trust is lost. How many people could audit the system and “prove” it cannot be hacked ?

Having actual people involved matters, it isn’t just a technical issue.

Patriot COMSEC May 11, 2017 2:49 AM

Unfortunately, doing the right, smart thing and using technology to secure and streamline the election process, even though this is urgently needed, will first merely amount to another battlefield for Americans to fight it out with each other. Who stands to gain? Which party stands to lose?

The other point about future elections in America is this: each is going to be a hackfest.

Mr. Schneier is out front leading on this important issue. Securing the next presidential election in the U.S. is an vital task that a proper implementation of technology can help assure.

Teaching people how to use encryption–so that it works–is going to be a big part of limiting the upcoming hackfest.

Who? May 11, 2017 3:19 AM

This one is another example of Occam’s razor. Why tampering the electronic voting process when there are easier ways to influence on the voters before the voting process (either electronic or traditional) happens?

Tampering the electronic voting process is risky, it can be discovered at a later time and fixed, even if it means removing a president. Influencing the voters by either publishing compromising information about candidates, by means of a terrorist attack or by means of some sort of psyop is easier as there is no need to hide the “operation.” In fact, the power of this operation is that it is public.

We have very good examples. In 2004 Al-Qaeda killed two hundred citizens in Madrid, two days later the government (PP) lost in the elections. Publishing compromising espionage information and emails from the DNC put Donald Trump on the White House. A recent, non successful, attempt happened on France last week. It seems french citizens are difficult to influence by means of these tactics, and it is good. These voter-targeted attacks are easier and less risky, as there is nothing to hide.

You attack the people wishes, not the technology. People wishes cannot be fixed.

Mic Channel May 11, 2017 3:28 AM

Lots of baroque and technical systems being proposed here.
But When I last voted, there were two boxes on the ballot and I marked one of them. (FPTP unfortunately.) Not impossible for a determined adversary to see that I voted, where I voted (30mins walk away), and roughly when I voted. But the ballot paper I received (the bit of paper to write on) was anonymous and created by hand. And it was immediately jumbled up with lots of other anonymous ballots. Mail-in not too different except that my vote and my ID were briefly together in transit, but immediately separated upon receipt. Any efforts to subvert this simple system would have to be large-scale and obvious to have even the slightest detectable effect.

uerhgli May 11, 2017 5:06 AM

As a French I don’t understand this debate. Why the hell do you need technology ?

Here we simply use ID cards for identification and printed paper ballots in envelopes. To use voting machines makes no sense. Paper can’t be hacked, and the counting is done by a person in front of a crowd so that everyone can detect a fraud.

Clive Robinson May 11, 2017 5:17 AM

@ Andrew,

I think Comey was a man of integrity but he lost the big picture wasting time with this.

Mr Comey is a staunch believer in certain notions that were fundamental to the GOP style of Republicanism. As I’ve pointed out before, Trump is not a Republican, and he clearly blackmailed the Republican party. Therefore “The Donald” was just about everything Mr Comey hated in a politician, worse even than Obama who Comey was quite happy to railroad.

Worse the GOP assumed that they would be able to “guide” Trump untill after the next set of elections, by which time they could dispense with him one way or another, but impeachment would be the GOP weapon of choice. To do that they would need a scandal such as the one that brought down Nixon not the sort that failed to bring down Clinton, especially as Trump has already sailed past the “Sex, Lies & Video Tape” style character assassination during the election.

Thus the supposed “man of integrity” Mr Comey started to see things in a way that made it a personal mission. As there were not any handy windmills to tilt at, he went for political targets…

Since J. Edger Hoover politicians have been both scared and enamoured of the power vested in the hands of the head of the FBI… As long as the head of the FBI was “your man” the power was yours to wield against your political enemies. However when the head of the FBI was not your man or had gone feral, then they were a cancer in the body politic.

For many the way to deal with a cancer is to excercise it with a knife, others prefer to poison it into impotence especially when it’s feral nature had gone beyond the knife.

Mr comey got exercised by the knife, quickly and hopefully the next incumbent will find not be seduced by the power into going feral, or have the sense to go after more reasonable targets to get in their sights.

No doubt the comments by Republicans over the candidates for Mr Comey’s replacement will reveal more about their hoped for plans for dealing with Pres Trump than they have so far given out.

Oh and watch out for the faux arguments by which some squirrels will try to get into your head. We are seeing that over Stephan Colbert and his joke about a holster for Putin. We are getting the squirrels playing the cynical ploy of trying to be more outraged than anyone else to set a trap for those who might have legitimate reasons to be upset… It’s something some dual nationality US pundits playing for the otherside have down to a fine art.

Clive Robinson May 11, 2017 5:53 AM

@ Alex,

How many people could audit the system and “prove” it cannot be hacked ?

The simple answer is “No One Can Do That” you are in effect trying to prove a negative with insufficient information. Put simply you could rule out the “known knowns” some of the “unknown knowns” but when it comes to “unknown unknowns” you have no knowledge so can not rule them out as attack vectors.

More importantly though,

There are some errors as humans are counting, not machines, but they will be minimal.

In a two party system you would expect the votong difference to be quite small almost minimal. For counting errors to not matter, they effectively need to be random or more correctly balanced between the two parties in any given area.

The reason is any single voting area there is only one vote that counts and that is the one more than the other party has got. All other votes either canncel out or have no effect on the result. Thus you only have to fake up the number of votes required in the important voting areas (marginals) to cancel out another strong area where trying to tamper with the count would be obvious. When you add in the US voting college it gets even easier to manipulate with tiny count changes in critical areas.

If you are looking for an absorbing hobby have a look at various voting systems and how they can be defrauded in various ways. The problem is that better election systems tend to result in less effective governments and more frequent voting cycles…

Clive Robinson May 11, 2017 6:21 AM

@ Patriotic COMSEC,

doing the right, smart thing and using technology to secure and streamline the election process, even though this is urgently needed,

That is a whole bunch of assumptions that realy are not true.

There is little or no need to streamline the process, the only perceived need is for media talking heads.

The smart thing is to actually ensure you get the right voting system in place. As a general rule the more people involved the less likely fraud is.

The problem with technology is it’s not open to public scruitiny or any real scruitiny due not to any need for secrets but due to the complexities involved. Thus less technology is likely to lead to less mistakes in the system. Which in turn leads to less opportunities for fraud.

Thus the best direction to investigate is one that is as simple as possible so that most if not all people would spot attempts at manipulation, to improve the odds of this as many people as reasonably possible acting as the cogs in the system would be desirable. Thus a simple manual vote system with citizens “press ganged” into service as is done with “jury service” would be a good start. Secondly make voting day a “national holiday” with rules that make voter attendance compulsory with penalties not just for individuals but their emoloyers would likewise make the process more transparent.

This then leaves the issue of registering / deregistering voters. We have other registration systems such as for tax, driving etc. Many of these have penalties for not being correct. That is 14days to update your address of residence, place of employment etc is not uncommon.

We have existing systems in place but for some reason what we otherwise regard as being OK we suddenly get squeamish about when it comes to voting. Investigating why this might be so and mittigating it might be the first best step.

Dirk Praet May 11, 2017 6:51 AM

@ Who?

It seems french citizens are difficult to influence by means of these tactics

Yes and no. Macron essentially was just lucky that none of these documents revealed any smoking gun of public wrongdoing. Fillon and Le Pen, on the other hand, were both caught in corruption scandals that did affect voting behaviour.

There are a couple of significant differences with the US, though. For starters, the French do value content over showmanship and personal attacks, which is something Marine Le Pen dramatically shot herself in the foot with during the presidential debates. “Lock her up”-stuff doesn’t work here. And thanks to more balanced mainstream media carefully examining each candidate’s promises and lies, they’re less gullible in the sense that even the most retarded or disgruntled Frenchmen would ever believe that a big-mouth real-estate billionaire living in a golden palace could somehow be the champion of a left-behind working class. Plus they know what happened with Berlusconi in Italy, who despite his populist presentation, was only in it for the money too.

The French also couldn’t care less about someone’s private life. Just like the Clinton-Lewinsky affair back in the day was a non-story in Europe, nobody gave a rat’s *ss about Macron being married to a woman who’s 24 years older than himself, and who fell in love with him when he was only 15. What did work against Le Pen on the personal level is her being the daughter of an unrepenting racist who founded her political party and once even called the Holocaust a footnote in history. Exit polls also show that many people who voted Macron actually didn’t vote for him, but against Le Pen.

Although I’m happy Le Pen didn’t make it, Macron – like Trump – is an outsider who unless he somehow miraculously succeeds in not just uniting the French people but also getting the existing ruling class on board is going to be the same lame duck president Hollande was.

@ Andrew

On the other hand, the American society seems that will not be crippled anymore with funny and stupid efforts of trying to prove that Trump is a Russian spy.

What happened to Comey is obviously not inspired by the will of American society, but by that of the guy under investigation and some of the people working for him. You guys are well on your way to becoming a banana republic. You just haven’t realised it yet.

@ Clive

Secondly make voting day a “national holiday” with rules that make voter attendance compulsory with penalties not just for individuals but their emoloyers would likewise make the process more transparent.

Over here, we have compulsory voting and elections are always held on a Sunday. Each voting office is manned by ordinary citizens who have been drawn by chance to assist the (volunteer) office president and who get hefty fines if they don’t show up.

Winter May 11, 2017 7:35 AM

@Dirk Praet
“Macron – like Trump – is an outsider who unless he somehow miraculously succeeds in not just uniting the French people but also getting the existing ruling class on board is going to be the same lame duck president Hollande was. ”

Both Sarkozy and Hollande were insiders, and they did not achieve much. On that task, the bar is set very low for Macron.

@Dirk Praet
“nobody gave a rat’s *ss about Macron being married to a woman who’s 24 years older than himself, and who fell in love with him when he was only 15.”

He also responded that the fake news about him being secretly gay was both misogynist, as it assumed he could not love his older wife, and homophobic, as if he would hide being gay if he were.
Which is allvery believable as the previous Belgian and the current Dutch prime ministers are both gay, as is one of the vice presidents of Le Pen’s party. Nor did anyone care about Hollande having an affair and previous French president Mitterrand having a shadow family.

Michael May 11, 2017 8:44 AM

Gunslinger is dead on, the mechanisms for validating voter identity must be part of this process, and in no way suppress votes. If that was the case, many of you would be fighting merchants to stop requiring photo ID to write a check, or, use photo ID to open a bank account. You are not, because it is a reasonable mechanism for validating identity, and should be part of the voter registration process. Voting is and always has been a privilege as well as a right, there is no reason whatsoever to ask for some minimum efforts on the part of voters to secure that right.
If you really want to impact this issue, let’s talk about how you motivate 40 % of Americans who consistently do NOT vote to get involved so an election more accurately represents the entire country.

Rachel May 11, 2017 9:03 AM

Clive Robinson

in the early 2000’s, friends of mine lived in Melbourne Australia in a suburb famous for muslim population of many nationalities and subsequent cultures. It continues to be celebrated by muslims and non-muslims for its unique flavours culinary and non culinary

National elections were due. The prime minister famous for being extremely anti-muslim, pro-bush, pro iraq invasion etc was up for re election.
My WASP friends went to the polling booths in their muslim area (pencil and card, show ID, old fashioned style) and were told they could not vote. What do you mean? Oh, you can vote. But votes from this area are not going to be counted. What about absentee votes for this region? – Oh, well those will be counted but will not be added to the offical vote. What about going to another polling region? Oh, you can do that. But you’re registered for this area. So you won’t be counted.

Sami May 11, 2017 9:55 AM

Eh, can you tell a stupid European why you need to separately “register” for voting? Does it have something to do with the lack of a voter database? Why isn’t coming to the right place on the election day with a valid ID enough?

Rachel May 11, 2017 10:10 AM

Sami, not exactly sure, but the registering you refer to IS the voter database. AKA the national electoral roll maintained by the electoral commission. One enrolls, once of legal age, once. registering every time one turns up to vote is not very consistent and fraught with peril.

Unsure about practice in the US but, then, no one understands what goes on there anyway

hey I have a good idea. What about abolishing voting altogether? Then the government can just take care of it. They can place the person they feel is most suitable, into the appropriate position.
Oh. wait. Hang on..

Party Constituent May 11, 2017 10:20 AM

@ Mr. Schneier

Voting machines need to be made more secure. There are a lot of technical details best left to the voting-security experts who can deal with the technical details, …

Right there, the alarm bells of liberty should be ringing loud and clear.

This means no Internet voting.

No shit Sherlock.

… the tabulation system.

Paper. Manual. Not that difficult. Each small precinct or polling station is counted manually and certified. The totals are added up and aggregated to larger districts, again by hand. Not that difficult.

voter suppression measures

Really?

like ID requirements,

Which are ideally taken care of beforehand, by a process called voter registration, at which the voter registers a signature card, (just as if the voter were opening a bank account.) At election time, the signature of the voter is matched with the signature card on file.

barriers to voter registration,

Is citizenship even a requirement to vote?

limitations on early voting,

I assure you, absentee ballots are available.

reduced polling place hours,

Right. Reduced in some areas and extended in others in order to manipulate the results. Dependence on electronic machines and power failures caused by foreign sabotage.

and faulty machines,

Let’s keep any machines simple, stupid, and mechanical, and have a manual paper by-pass option available in case of failure.

Bottom line: willful and intentional interference with and manipulation of the nation’s voting system constitutes HIGH TREASON.

David Leppik May 11, 2017 10:42 AM

There are huge trade-offs when it comes to elections and security. On the one hand, getting it wrong has huge consequences—and once someone’s in power, the results can’t be rolled back.

On the other hand, the election can be skewed (or rigged, if you prefer) if you make it too hard for voters. Long lines at polling places or polling places which are hard to get to are just as much of a threat.

If you want photo IDs, fine. Why not let people obtain their IDs at the polling site on the day of the election? If you can do that, then the IDs are redundant. If you can’t, then you need to make sure that getting the IDs is literally no burden, especially for citizens with no permanent address or low mobility.

Mail-in votes are especially tricky, since they rely on multiple intermediaries (the postal service, the people who open the mail) and non-coercion can’t be guaranteed. But NOT supporting mail-in voting disenfranchises rural voters, low-mobility voters, and people who need to travel.

Here’s an idea: why not pay voters $50 cash if they have to wait more than an hour to vote? The private sector does this (“it’s fast or it’s free”). Right now, under-staffing polling places or not providing enough ballots is a way for crooked politicians to disenfranchise voters while saving money.

Helot May 11, 2017 10:58 AM

Democracy is for dorks. Just let the rich rule. They shouldn’t pay ANY taxes, either. That’s for the little people.

Andrew May 11, 2017 12:16 PM

@clive “impeachment would be the GOP weapon of choice”, “politicians have been both scared and enamoured of the power vested in the hands of the head of the FBI.”

It takes probably a bit more for impeachment than practicing an administrative right of the position resulted from elections. The rumors about being “nixonian” are greatly exaggerated. But yes, you can never know.
The intelligence became state inside the state everywhere in the world. The technology of the latest 20 years made them more powerful than politicians, close to the power of financial circles.
Even if Comey pissed off everybody and not being submissive enough, he may be still in cards for a future US president. Then, he can chase himself for being a Russian agent.

parabarbarian May 11, 2017 12:16 PM

“As a French I don’t understand this debate. Why the hell do you need technology ?”

We don’t. As you said, a simple ID card and a paper ballot work fine. However, the more complex the system the more opportunities to subvert it and there are people who benefit by a system that can be subverted.

albert May 11, 2017 12:29 PM

Didn’t y’all learn -anything- from the last election?

What was the most important lesson you learned?

Keep beating the dead horse if you must, but stop recycling the ‘improving the technology’ arguments; none of that is ever going to happen.

The Power Elite are quite happy with the status quo. Any changes will be in appearance only.

God bless you, @Bruce. Your naivete about democracy is quaint and charming, like a Vermont village of days gone by.

. .. . .. — ….

mark May 11, 2017 12:36 PM

I disagree. NO voter registration online. Not unless you want 5,280 fake registrations, and millions of people denied the right to vote because the system was hacked and their address was changed.

The all-electronic voting machines are going away. Mostly replaced by paper that is scanned.

I voted absentee in my co (Montgomery Co, MD) until the all-electronic were gone. Chicago had paper/scan 10 years ago.

Jon May 11, 2017 12:51 PM

“We simply can’t build an Internet voting system that is secure against hacking because of the requirement for a secret ballot.”

Secret ballots are a bad idea. The argument goes if voters were given a paper receipt of who they voted for, then people would start paying people to vote for a certain candidate and use the receipt as proof they deserve a financial reward for their bought and payed for vote.

There’s a few reasons this line of thinking is false.

#1 Pass a law against this. Make it a felony offense if it’s not so already.

#2 If this ‘pay for votes’ happened on a large scale lots of people would know about it, making it impossible to keep a secret. Imagine thousands of homeless people lining up with their vote receipts waiting for financial reimbursement.

#3 Security through obscurity is never a secure strategy. Which is what secret ballot security amounts​ to.

Maybe the real reason behind secret ballots is it doesn’t give citizen’s an additional way to verify the outcome of elections.

ab praeceptis May 11, 2017 12:57 PM

uerhgli

Things are much more complex. For a start, an election system is not 1 complex problem but (at least) 3.

One has to identify who is entitled to vote plus some other factors like where they can vote. Also keep the by-mail voters in mind who usually are outside the jurisdiction of the voting state.
You have to make that every entitled citizen can vote, right? Nope, wrong. You have to make sure that every entitled citizen can vote once and meeting certain specifications (like privacy).

Then the voting itself is not one major problem but a zoo of problems. Many of which look simple but aren’t. Example: The V = V’ problem, i.e. to make sure that what the voter considers his vote and what the voting mechanism considers his vote are identical. Sound simple but has broken more than one election.
And there I did not even look at the trust aspect of the V = V’ problem but restrained my look at the technical level; questions like “what’s the meaning of an ‘x’ slightly off-center and partly outside the tick box?
Which leads us to funny legal problems because what is a vote? It’s a declaration of will, which is known to be big mine field. Systems (like states) need formalization and uniformity but still and no matter what a declaration of will is the basis.

And that slightly off mark ‘x’ might have many reasons, Maybe eye problems, maybe mental problems, may bodily coordination problems, etc, etc. So, we introduce helpers, right? Nope. They would break voting privacy. As I said, a large funny problem zoo.

Next you have multiple counting/tabulation levels. There have been many cases of staff people playing tricks.
Then there is transport/transmission. All those local results need to be centrally processed. Yet another box of problems.

And let’s not forget the voters view. Maybe he doesn’t care about the mechanism and details but he certainly wants to be sure that his vote is included and played its tiny role in the end result. How to make sure that that is the case, let alone to guarantee it?

And, of course, many relevant factors are often ignored in discussions. Example: There are no referees; staff members are voters, too and they have political preferences and maybe even feelings (“Le Pen must not win, no matter what!”). That alone, however, takes away one classical and valuable tool, a “neutral, unaffiliated referee”.

Bruce Schneier is on the right track. We need a good, extensive, profound understanding of the involved problems, proper mathematical models, and finally, hopefully one day reliable and safe mechanisms.

preimage resistance May 11, 2017 1:09 PM

Perhaps Bruce will be tapped to participate? 😉

President Trump to sign executive order establishing commission on ‘election integrity’
https://www.local10.com/news/politics/president-trump-to-sign-executive-order-establishing-commission-on-election-integrity

“The commission, which will include Republicans and Democrats, will be tasked with studying “vulnerabilities” in U.S. voting systems and potential effects on “improper voting, fraudulent voter registrations and fraudulent voting,” according to one official with knowledge of the announcement. […] The commission will also examine the issue of voter suppression, officials said, which could encourage Democrats to sign on to the effort.”

Clive,Robinson May 11, 2017 3:07 PM

@ Jon,

Secret ballots are a bad idea.

The financial incentive argumant would be a straw man argument if not for history.

The real reason is to stop all types of inducement benificial or not before they start.

Primarily it’s to stop violence against voters not them making the proce of getting drunk.

One of the dirty little secrets of the “womans vote” was where men believed they had the right to tell their wives daughters or any other members of their houshold how they should vote. If a recipt with the vote cast on it was given out, it would force those in such a household to vote the way they were told or face what would be regarded as serious abuse these days. The same for workers and most others in some form of dependant position.

So the reason for a secret ballot is to try and ensure voter freedom just as the boths, curtains, envelops and boxes you will find in most polling stations do.

Jim May 11, 2017 3:16 PM

“If we continue to enact voter suppression measures like ID requirements…”

Bruce, just curious, how is requiring an ID a form of voter suppression? And the corollary question: How is NOT requiring an ID going to adequately protect against voter fraud?

paranoia destroys ya May 11, 2017 4:47 PM

There is a need to secure more than elections

Former national security adviser Colin Kahl asked on Twitter:
“Was it a good idea to let a Russian gov photographer & all their equipment into the Oval Office?”
Former deputy CIA director, David S. Cohen, replied, “No, it was not.

albert May 11, 2017 5:30 PM

@paranoia destroys ya,

Well, what would you expect from former Obama officials?

Kahl: “We KNOW WikiLeaks timed leaks to help Trump”

Cohen does have a wiki page:
https://en.wikipedia.org/wiki/David_S.Cohen(attorney)

“…In 2015 Cohen was appointed Deputy Director of the Central Intelligence Agency. At the time of his appointment, some speculated that Cohen’s selection was due to the Obama administration’s reluctance in picking someone with ties to past incidences of CIA torture and extraordinary rendition….”

Thanks for the BS from the heavy-weight politicos.

. .. . .. — ….

Clive Robinson May 11, 2017 5:53 PM

@ paranoia destroys ya,

“Was it a good idea to let a Russian gov photographer & all their equipment into the Oval Office?”

The real answer should be “not at all” if other people are doing their jobs right. The Oval office is at the end of the day the “symbolic seat of power” and thus it is ceremonial in nature and all manner of people from the smallest of school children to the oldest citizens get invited in for a “meet-n-greet” as well as all maner of foreign visitors. Thus it should be considered an insecure place.

I have a friend who runs a company he owns and there is a certain amount of risk with regards confidentiality involved. He has two offices on different floors, the first is a small slightly messy room where he has his real desk etc which is his “work room”. The second is a show piece office with meeting table etc which he only half jokingly calls “The bored stiff room” where he meets and greats clients and has non sensitive conversations etc. Very few people ever get to see his “work room” or even know where it is and the reason it’s slightly messy is he cleans it himself.
Both rooms get the regular sweep for surveillance devices etc.

Through out history rulers have had both private and state rooms for carrying out the business of state. It is known for instance that Queen Victoria had a private work room where her and Prince Alberts desks were side by side, but each faced a picture that to be frank would be considered pornographic even by todays standards. She would see the Prime Minister and some other Ministers of state in that room but had a series of other rooms for other people she had to meet.

Likewise for security reasons politicians in several countries have a similar policy. When Margaret Thatcher was the UK PM she likewise split her work activities between different rooms depending on the nature of her work.

You might have heard of the UK COBRA emergancy committee the name stands for “Cabinet Office Briefing Room A” and was setup back in the 1970s, the thing is it’s not one room but several in different places which is why the A was dropped some years ago though the press still use it. One of these rooms is quite aways from 10 Downing St and more than a hundred feet underground, though not much used these days because it’s quite a pain to get down to, and most types of national emergancy don’t require it.

It would be odd for the President of the USA to not have similar security arangments, they are after all fairly common sense.

In fact I believe that there is at the very least the “Situation Room” amongst others.

Martin Kochanski May 12, 2017 4:42 AM

People don’t really want elections that are secure or accurately counted.

They want elections they know are secure, and they want elections where they know the count has not been manipulated. Whether the count is 100% accurate is not nearly as interesting.

Thus IT applied to elections tends to solve the wrong problem. At the end of the day, when a vote produces a result that everybody is certain is wrong, and the mob are beating on the doors, which will placate them:

  1. An expert in a grey suit who says “I am an expert in a grey suit and I am paid to tell you the result is OK”?
  2. Someone saying “Send your 10-year-old children in and let them count the bits of paper to prove no cheating has happened”?

JF May 12, 2017 8:05 AM

@Ergo Sum “… I just call the “scanner” a shredder. Could they re-count the votes? Certainly, but it is only done if and when the results are challenged. That’s seldom takes place and it is a costly proposition. So there’s room for “slanting” the results, just don’t make it obvious and everybody is happy…”

I believe in most such paper ballot/optical scanner districts, a sample of precincts are chosen at random for audit, as part of normal election procedure. As long as randomness of those precincts chosen can be assured, that goes a long way toward ensuring the integrity of that system. A full recount is only done if the result falls within some narrow percentage, or if the audit of the sample precincts reveal discrepancies.

As we saw in the recent US presidential election, there are provisions whereby private parties can petition to have a hand recount at their expense.

JF May 12, 2017 8:29 AM

One thing I have not seen discussed is there is need for parallel voting systems. Paper ballots and scanners have certain advantages, but for the visually impaired, they remove the possibility of voting independently.

Electronic systems can accommodate these voters by providing synthesized voice feedback via headphones, similar to the screen readers they use while browsing the internet. Whatever the potential weaknesses of electronic systems, having the need of someone to “assist” in completing a ballot is a far more immediate issue. Not to mention these systems afford dignity and self reliance.

Zdanb May 12, 2017 9:32 AM

Look no farther than Oregon ballot system. It is Mail in and verified signatures with Optical scanning. At random the Secretary of State calls on the county clerk to manually count one of the items on the ballot to assure the scanner is working properly. I work as an election Observer for the Independent party of Oregon.

boog May 12, 2017 10:13 AM

@Clive Robinson

If a recipt with the vote cast on it was given out, it would force those in such a household to vote the way they were told or face what would be regarded as serious abuse these days.

I seem to recall in the recent US election there was concern over people taking pictures of their ballots with their phones while in the voting booth, for similar reasons – a household member could require others to show proof that they voted as instructed, or face punishment.

Clive Robinson May 12, 2017 2:08 PM

@ Boog,

I seem to recall in the recent US election there was concern over people taking pictures of their ballots with their phones while in the voting booth…

I’m not quite sure where the concern began, but in the UK there were considerable problems with a Mayor who a judge had very daming things to say before kicking him out of office for what was in effect voter fraud.

Without trotting out the details his supporters were from a western asian strongly patetnalistic culture. Apparently they not only ordered their entire family to vote for the man but demanded proof via mobile phone picture. They also badly abused other voting methods such as postal voting, by making their extended family vote that way and filled the forms in for them as well as doing the same to others in the community. Falsly registering people at properties they owned and other nasty little abuses. None of them has ever shown any remorse infact one was secretly recorded say it was his right As a pillar of the community…

All realy quite nasty stuff that would make the old style mafia shocked.

@ JD,

You’ve obviously never heard of Ethereum.

Oh I’ve heard of Ethereum but it fails the “sniff test” rather badly. Few people can actually understand how it works, and are thus deeply suspicious of it. Those that do know how it works but are not “blockchain evangelists” are rightly cautious.

The fact that there have been problems with Bitcoin and it’s block chain and surrounding software has not exactly been a good presentation of the technology. But worse Bitcoin and thus the blockchain is seen by many very negatively as it’s main news worthy ness is ransomware, bying drugs, paying for hit men and all sorts of other crimes.

Thus whilst Ethereum might be a nice idea it’s got one heck of a lot to prove in the face of growing negativity about blockchain related systems.

When it comes to voting the over riding principle for community trust is KISS. People don’t want and more importantly can see they don’t need “technobable” “arm waving” systens where the least trust worthy in society –ie politicos– say “trust me” even though it’s clear they have absolutly no idea about what they are espousing. Especially when people have heard “The Emperor’s New Cloths” story on multiple occasions when young.

Thus if it looks like a turd, behaves like a turd and smells like a turd, it’s going to be hard to sell it as the finest gold that just needs a bit of buffing up to shine.

tz May 12, 2017 8:52 PM

Somehow even illegals in CA can get drivers licences – that ID is not drivers’ suppression.

Or that to open an account at a bank or credit union – that isn’t Depositor suppression.

Or to be employed practically anywhere you need an I-9 form isn’t employment suppression.

But to insure the integrity of the electoral system, requiring proof you are eligible to vote (including not being a felon), it is “voter suppression”?

If felons, aliens, and dead people can just come in and vote and vote often, MY VOTE IS SUPPRESSED.

There is no requirement to have a ZERO BARRIER to ID and proof and voting. And I’ve missed any evidence – even anecdotal – where simple requirements that you can handle MONTHS before an election somehow suppress the votes of people LEGALLY ENTITLED to vote.

Should your bank account require more or less a requirement to insure the ID is valid, and that it is YOU than some voter’s registration?

I must be eligible, then only vote once, and in one declared location.

If you can’t insure that, then my vote is meaningless.

JF May 13, 2017 6:54 AM

@tz “And I’ve missed any evidence – even anecdotal – where simple requirements that you can handle MONTHS before an election somehow suppress the votes of people LEGALLY ENTITLED to vote.”

In the US, one is legally entitled to vote by virtue of birth. The only requirement should be that one registers in the county of residence.

There is plenty of evidence not only that requiring certain forms of photo ID significantly suppresses the vote, but that in states with such laws, the ID’s allowed are chosen based upon which groups they favor. For example, in Texas, a handgun license is acceptable, but a University ID issued by the state is not. And in rural areas, not everyone is physically capable or has the transportation to get to the county seat for an ID, even though the voting precinct might be in the church across the street.

On the other hand, there is little evidence that voter fraud occurs in any significant amounts. To argue that the minuscule fraud that occurs must be stopped at the expense of denying significant numbers of citizens their birth right, is disingenuous.

Steve May 13, 2017 7:31 AM

@JF “There is plenty of evidence not only that requiring certain forms of photo ID significantly suppresses the vote”

You provided no evidence just your opinion.

“On the other hand, there is little evidence that voter fraud occurs in any significant amounts.”

Again, no evidence provided just your opinion based on your political ideology.

Hopefully this is not the best you can do.

Party Constituent May 13, 2017 8:01 AM

@JF

In the US, one is legally entitled to vote by virtue of birth.

Or by virtue of legal immigration and lawful naturalization as a citizen.

ID requirements?

For some reason, these people all have the ID to drive their first car on their 16th birthday and get drunk at the local bar on their 21st birthday, but oddly enough not to register to vote at the age of 18, or perhaps it has something to do with the Selective Service….

JF May 13, 2017 9:03 AM

@Steve
There are many studies and papers that have been done on this topic. If you cannot be bothered to look, here is one that you might like to read:

http://www.gao.gov/products/GAO-14-634

“GAO found that turnout was reduced by larger amounts:
among registrants, as of 2008, between the ages of 18 and 23 than among registrants between the ages of 44 and 53;
among registrants who had been registered less than 1 year than among registrants who had been registered 20 years or more; and
among African-American registrants than among White, Asian-American, and Hispanic registrants. GAO did not find consistent reductions in turnout among Asian-American or Hispanic registrants compared to White registrants, thus suggesting that the laws did not have larger effects among these subgroups.”

and you may read this:

https://www.brennancenter.org/publication/justice-departments-voter-fraud-scandal-lessons

“In 2007, the Justice Department was upended by scandal because it had pursued a partisan agenda on voting, under the guise of rooting out suspected “voter fraud.” Its actions during the George W. Bush administration were well outside the bounds of rules and accepted norms of neutral law enforcement. In pursuing this agenda, DOJ political leadership fired seven well-respected U.S. Attorneys, dismissing some top Republican prosecutors because they had refused to prosecute nonexistent voter fraud. Top officials hired career staff members using a political loyalty test, perverted the work of the nonpartisan Voting Section toward partisan ends, and exerted pressure on states and an independent government agency to fall in line with an anti-voting rights agenda.

Ultimately, the effort backfired badly. The U.S. Attorney firings touched off a wave of investigations that exposed just how partisan the Justice Department had become and how far it had strayed from its mission of neutral law enforcement. The result was the worst scandal to hit the Department since Watergate. The Attorney General, Alberto Gonzales, was forced to resign, as were other top DOJ officials. It also helped drive Karl Rove, President Bush’s chief White House strategist, from his job. Moreover, the Justice Department not only lost credibility with Congress, but it also lost in the courts, where judges repeatedly rejected the untenable anti-voter legal theories it had urged.”

Trump claims “millions” voted fraudulently. Where is the proof?

Brutus May 13, 2017 11:06 AM

Bruce Schneier wrote: “We have to decide that the goal of our election system is for the most people to be able to vote with the least amount of effort.”

But this is a most peculiar idea, and completely misses the point of what elections are in fact for. The goal of an election system is, as a society, to make good collective decisions about matters that affect all of us. I find it very difficult to believe that a maximal raw number of voters, each expending minimal effort, will make better decisions than a somewhat smaller number of voters, each of whom had to put in more effort in order to vote. The former situation creates an opportunity for demagogues, the latter allows for citizens to deliberate.

Voting should be hard.

JF May 13, 2017 12:19 PM

@Brutus
“Bruce Schneier wrote: “We have to decide that the goal of our election system is for the most people to be able to vote with the least amount of effort.”

But this is a most peculiar idea, and completely misses the point of what elections are in fact for. The goal of an election system is, as a society, to make good collective decisions about matters that affect all of us. I find it very difficult to believe that a maximal raw number of voters, each expending minimal effort, will make better decisions than a somewhat smaller number of voters, each of whom had to put in more effort in order to vote. The former situation creates an opportunity for demagogues, the latter allows for citizens to deliberate.

Voting should be hard.”

What is “peculiar” is the idea that decisions that affect all of us should be made by a subset of “us”.

Poll taxes, intended to improve the quality of the voter, and the literacy tests were, when all is said and done, nothing more than measures to dis-enfranchise certain sub-groups. This bogus voter fraud claim is more of the same.

Is someone who holds a concealed weapons permit somehow more qualified to vote than a college student? Given your argument, that seems to be the rationale of the Texas legislature.

Zdanb May 14, 2017 8:38 AM

Look no farther than Oregon ballot system. It is Mail in and verified signatures with Optical scanning. At random the Secretary of State calls on the county clerk to manually count one of the items on the ballot to assure the scanner is working properly. I work as an election Observer for the Independent party of Oregon.

Pete May 15, 2017 2:57 AM

Quote “..a way technology can improve voting” .

Yes, because this thing with setting your X in pen or pencil on a piece of paper- It’s just SO old-school . We need a facebook voting-app .

What you need to do for a start is : Get away with this nonsense that you must register to vote . In my country, you get registered the day you are born, in the Central Person Register . The day you turn 18 you are automatically registered to vote in all future elections . No partisan anti-democrats can do anything about it, and guess what ? WE HAND-COUNT ALL THE VOTES !!
This is why tech-nerds should be ignored when giving “advice” : You are SO fascinated by computer-tech that you choose to ignore all risks, even those that you are clearly aware of .

Papageno May 15, 2017 7:12 AM

I am completely opposed to computer-based ballot counting. Paper ballots have their drawbacks (including security) but every citizen can participate to the ballot counting and check with his own eyes that there is no cheating. If the voice counting is delegated to computers, then the whole process is a black box controlled by the experts and no longer by the people.

No matter how many layers of “safety” we add to the machines, and how many experts we pay to certify the code or the hardware, I will NEVER EVER trust a machine to count the ballots. The day they allow it in my country (France) you can say bye-bye to what is left of democracy.

The other obvious reason to oppose voting machines is their cost. Paper is cheap, and more ecologically friendly if you consider the whole cycle.

Ninja May 15, 2017 1:30 PM

I don’t think registration can be safely done online. At some point you need it to be done in person at a secure place. Personally I think you should add biometry as one of the means to identify the voter coupled with showing the ID to access the machine/ballot/whatever for instance. The real problem lies in the authentication. I’d certainly add some form of 2FA such as an usb key, a phone (like that one-click 2FA from Google) or the NFC pre registered but I’m not sure about the second form of authentication. Passwords don’t help and we shouldn’t be retaining too much data on the voter beyond what’s strictly needed. I’m not sure which kind of second authentication to use that doesn’t become a burden and discourage people from voting.

Mike Hagan May 16, 2017 12:22 PM

Presidential electors are selected on a state-by-state basis, as determined by the laws of each state. Approaching the issue from a national perspective is the wrong way to go about it. To have the individual states each do their own thing has it’s advantages and disadvantages, but that’s the way that the law is now.

Super Dane May 19, 2017 7:04 AM

As a European, I don’t understand the voting registration issue, but I will let that go.

However, I also don’t understand the need to automate the voting process – it simply obscures what is happening.

In Denmark the following happens:

  1. Go to the polling station with ID and receive paper ballot.
  2. Go to polling booth and fill out ballot.
  3. Drop ballot in locked container.
  4. At end of day (8PM), containers are opened in the presence of the public – anyone can attend.

  5. Votes are counted manually by people appointed by each party. Anyone can attend.

  6. Initial results are reported from each polling station to ministry of home affairs.

  7. Usually a stable result is available at 10PM, never later than midnight if it is close.

  8. Votes are recounted next day to verify result.

  9. Results are published to the public for all to see, down to the individual polling station. Everyone involved can check that their numbers are correct and that numbers add up.

This is more costly than the automated process. However, our elections are too important to be left to machines.

Matias Dlivige October 5, 2017 12:07 AM

We have another election in November. We are under continuing attack from the Russian Grizzly-Steppe and other GRU/FSB digital armies.

There is not sufficient time to replace/repair/secure Voter Registrar and Eelction Commission systems – maybe by 2018 Nov. but not for 2017.

Every Registrar of Voters and local Election Commissioner needs to get prepared. There are effective steps that can be taken in the next 30 days. This should be a mandatory task in the next thirty days for every RoV and EC.

Before any more time has passed, all voter management and balloting software should be verified as pristine and unaltered. New security measures should be taken immediately – here’s how:

  1. Every RoV and EC computer should be taken offline, 100% scanned and cleaned with professional anti-hacking/virus/trojan software. All operating system updates and security patches should be installed. Voter management and balloting software should be verified as pristine and unaltered by matching to the software vendor issued validity hash (MD5 code, a digital fingerprint). Software vendors can supply these digital fingerprints.

  2. While offline, every user account and mailbox must be scanned and cleaned of any malware, viruses, trojans, etc.

  3. Every RoV and EC UserID and account login should be wiped; all logins, user IDs, and passwords should be freshly re-created using never-before-used userIDs and passwords. Old userIDs can be forward via aliasing to the fresh UserIDs, flagged as coming from the old IDs.

  4. Every RoV and EC UserID and account login should be required to change to strong passwords at least every 30 days. Passwords must be stored only in a secure password manager protected using 256-bit AES encryption. Staff must be re-trained to detect possible phishing, evaluate authenticity quickly, and be provided a resource they can confirm or alleviate suspicions of phishing quickly. Turnaround speed on expert IT responses is critical, if it takes too long, employees will just decide for themselves.

  5. Once clean secure systems are brought back online, Voter management and balloting software must be re-verified (by digital fingerprint) every time it is used.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.