The most important feature of public elections is trust. Efficiency is one of the least important feature.
When we moved away from paper voting with public oversight of counting to electronic voting we significantly deteriorated trust, we made it significantly easier for a hostile government to fake votes, all for marginal improvements in efficiency which don't actually matter.
Moving to internet voting will further deteriorate the election process, and could move us to a place where we completely lose control and trust of the election process.
Yep, I believe Louisiana is the only US state that does electronic voting without a paper trail. [1]
And not all paper systems are good either. I'm sure everyone remembers the disaster that was the punch card system used by Florida in the 2000 election...
Risk limiting audits are why this work. You physically sample ballots at random. The number you sample grows as the gap in the electronic tally shrinks to reach high confidence the election was tabulated correctly.
The normal person has no knowledge of stats. I am a professional physicist, and I struggle with stats. The methods you suggest can convince a stats professional that the tally is correct. It cannot convince a normal person of the same.
Election security should not hinge on a "trust me bro" - especially when people are being convinced the other way by Russian propaganda talking heads on social media.
Manual counting requires zero trust. In my country anyone is welcome to observe the entire process from start to finish, if they wish to do so. A few years back a fringe far-right party tried importing the voting integrity distrust over here, and recruited people to watch their local polling stations to "expose the fraud". Which was totally fine because they were always allowed to do so, and it fizzled out because zero evidence of fraud was found, and that party still didn't get a significant number of votes.
Don't these two situations (watching vote counts; understanding a complicated statistical argument that the vote is tamper-free) require the same kind of trust?
1. In both cases, everyone is theoretically capable of checking it themselves; they're theoretically zero-trust. In the former scenario, I'm theoretically capable of attending the vote count, and in the latter scenario, I'm theoretically capable of learning the statistics needed to verify the argument.
2. In both cases, most people cannot (or will not) practically check it themselves, and is trusting that someone they trust is doing the checking for them.
I'm not saying they're the exact same situation, but they both ask for a large amount of trust from most of the voters.
You are correct on both points, which you elucidated well. Let's me differentiate the two systems based on "who-to-trust".
- The observe-system operates on an adversarial basis. The people observing the voting process are state officer, independent observer, each party's observers. If you vote for party X, then you trust that party and its people to do right by you. This include trust party X's observer, who additionally is often a local well-known person. You can actively distrust all the other observers and officers, and as long as your observer gives the A-Okay, you are happy with the result. This trust in your observer is a very simple human kind of trust. No expertise is needed by your observer. If you trust other observers, your trust in the result goes even higher.
- The stats-system is founding its trust in the trustworthiness of the stats experts. The problem is that (1) you don't know the stats expert personally. In fact, a huge chunk of the population in any country doesn't know anyone who is good enough at maths and stats. If people in your family are not the math type, your friends will also not be the math type. (2) It is incredibly easy to sling mud at the expertise and trustworthiness of an expert. This process is operating at a very high level these days on social media. Anyone remotely connected to politics is continuously character assassinated by others. Adopting a stats-system actually will actually increase this mud slinging to new heights.
The observe-system is better because as someone else has said, all the counters and anti-counters to it have been known for 100s of years. Breaking it requires breking 100s or 1000s of polling stations across the country. The stats-system has more central points of trust which can be broken more easily.
For their upper house elections (which can have giant ballots), Australia uses computers in its counting, but there are humans in the process. [Here's a video from the Austalian Electoral Commission.](https://youtu.be/9AqN-Y25qQo)
Good data is hard to come by, but from a brief survey electronic precinct tabulation (the most common system in the US) is also in at least partial use in Canada, Mexico, India, the Phillipines, and Russia, and a laundry list of smaller countries.
Now, you might contend that this is not a list of first-world countries exactly (but rather I sampled the largest countries). You must keep in mind that the use of electronic tabulation in the United States is mostly a response to the very limited budget on which elections are carried out; electronic tabulation is much less expensive than significantly increasing staffing. As a result, globally, electronic tabulation tends to be most common in poorer countries or countries with newer election systems, while hand tabulation is most common in wealthier countries with long-established election procedures.
For this reason, the countries you might go to for comparison (like France and Germany) have largely manual election processes that have often seen few changes since the Second World War.
The Help America Vote Act (2002) had a de facto effect of making the United States a country with much newer election processes, as HAVA requires strict accessibility measures that most European election systems do not meet (e.g. unassisted voting for blind and deaf people). Most US election systems didn't meet them either, in 2002, so almost the entire country had to design new election processes over a fairly short span of time and on a shoestring budget. Understandably, election administrators leaned on automation to make that possible.
It's also important to understand that because of the US tradition of special-purpose mill levies and elected independent boards (like school boards), the average US ballot has significantly more questions than the average European ballot. This further increases the cost and complexity of hand tabulation, even ruling out entirely the "optimized" hand tabulation methods used in France and Ireland.
vote by mail (and similar ballot harvesting, bulk ballot dropoffs with hazy chain-of-custody as from a nursing homes and immigrant communities) are new, based on paper, and open to abuse.
It's not where we were.
traditional absentee balloting was a small scale thing used by college students, military personnel, etc. and if it was messed up, it was not likely to change outcomes or a threat to counting accurately (no election is perfect)
1. why did absentee voting/vote by mail expand? What was the claimed intention and purpose? What has been the actual result (and based on what evidence) ?
2. who has an interest in underming confidence in vote by mail and why? What evidence do they offer that it actually is a problem?
those are not questions I have, nor answers I feel that I am lacking, and it fits a familiar online debate technique of bogging down discussions when you don't like the direction they are going in, wasting the time of your interlocutor. are you really so unimaginative and out of touch that you don't know the answers to your questions?
legitimately elected politicians cheat left and right all over the place, and there is every reason to rhink illegimate election is just as attractive to them as the fruits of the power they seek, it's human nature, it's in the bible, it's in the koran, it's why we have laws. I would prefer a voting system that was guaranteed as secure as we can because the power to vote them out of office is our best hope.
The reality is that in the USA there just isn't any evidence of widespread election fraud, and lots of evidence to support the claim that our voting systems, while not perfect, are secure enough to trust the results.
So unless you believe there's a whole layer of election fraud that nobody - not the losing party, not pro publica, not the FBI, not state investigators, not reddit - has been able to even detect, there's just really nothing to talk about here.
you keep trying to change the subject. Here's how the to understand the difference in our positions:
if security researchers find vulns in network software, should they be fixed, or should a hypothetical researcher PaulDavidThe2ndSmartestPersonInThisThread quash the discussion by saying "there is no evidence that these vulns are being exploited"?
understand that politicians who would benefit from fraud would also control the investigation, making your "see no evil" monkey brain's position as questionable as the election system security is
Nobody, certainly not myself is suggesting that discovered vulnerabilities should not be fixed.
However, vulnerabilities that have demonstrably led to the wrong person being elected are entirely different to vulnerabilities that are invoked only in hypothetical scenarios for which there is no evidence that they've ever happened.
There are lots of things in this world that ought to be "fixed", but I'd prefer we prioritize the ones that are actively, demonstrably causing harm rather than the ones which "could cause harm if A, B & C even though A, B & C have never been observed to occur together".
So sure, fix the vulnerabilities, all of them, but don't lie about their status or impact on actual elections.
you don't need to have "compelling evidence" to show that something is "open to abuse", you simply need to point out the threat vectors
as we know from all over the internet and from various financial frauds, rug pulls, insurance frauds, etc., if there is something to gain, there is no shortage of people who will abuse any system.
This argument would apply to any voting method regardless of how secure it was. If the "threat actors" are the only important factor then the voting method is irrelevant.
If you don’t have compelling evidence, you have hand-waving, which is all the concern trolling about massive absentee voting fraud always ends up doing.
Mail-in voting has been operating for decades. Nobody fear mongering about for all these years has ever delivered a shred of evidence to back their claims. It’s flat earth-grade conspiracy nonsense.
We already use paper voting. If you mean go back to a time before voting machines, then I fear that would actually reduce trust because the amount of tabulation errors, data entry, and spoilt ballots would skyrocket. The only people who are increasing doubt in voting machine are the same people who are trying to disenfranchise voters and not accepting the results of past elections.
The last presidential election where doing a paper recount might have helped was in 2000 and believe it or not, the same party that's calling for abolishing voting machine today was the one who sued to avoid a paper recount then.
They did start a recount! IIRC SCOTUS, at that time already taken over by partisans, illegally ruled to force the original results on us instead of correctly ruling for all FL districts to use the same methodology when performing the tallies.
The majority of the U.S. votes on paper: https://verifiedvoting.org/verifier/. Most of the rest of the country votes using Ballot Marking Devices that produce paper ballots; less than 5% of the population lives somewhere where the only or default choice is electronic voting.
We’re less worried about a low-scale low impact fraud my many people that is unlikely to alter results, than a systematic mass fraud by few people who can choose a result
That's the wrong perspective. The minute votes go into the mail system there is no way to know just how many mail-in votes might be subject to fraud. In other words, your characterization has no basis in evidence. Note that I am not asserting that massive fraud has been committed anywhere. That statement would be as impossible to support with evidence as yours.
The only thing you can state with absolute certainty is that mail-in ballots can be subject to manipulation and that this manipulation can reach enough scale to affect results in elections where the margin is so narrow that a few hundred or a few thousand votes can determine who wins.
Simple example: We receive eight ballots. There's absolutely nothing to prevent me from filling out all eight of them as I see fit and mailing them. Nothing.
There's also nothing to prevent bad actors from destroying ballots in large quantities.
Again, do not mischaracterize my statements here. I am not asserting that any of this has happened. I am saying that mail-in ballots enable potentially serious manipulation and are insecure.
This is like saying that short passwords are insecure. Lots of people use them safely and never get hacked. We all know they are unsafe. The fact that they might not be insecure enough for the general public to understand the issue (because you don't have news every day showing how many thousands of people are getting hurt) is immaterial. The truth of the matter is independent of the perceived consequences. Short passwords are insecure. Mail-in ballots are insecure.
> There's also nothing to prevent bad actors from destroying ballots in large quantities.
Around here (WA state), you can check to see if your ballot was received and accepted. If a bad actor destroys ballots in large quantities on their way to voters, many voters will notice and complain. If a bad actor destroys ballots in large quantities on their way to to the counting facility, some voters are likely to notice and complain.
Same goes if you return ballots for other people. Either the actual voter notices their ballot is missing or the vote counters notice they got two ballots from the same voter or a larger than usual number of bad signatures.
Is it foolproof? No. And there's usually no established procedure to cure a tampered election, either. But large scale tampering is likely to leave signs. And small scale tampering would only rarely make a difference in results.
In person voting might be more secure, but it takes a lot more people, and if you want an ID requirement, you need to figure out how to make ID acheivable for all the voters or it's really just a tool to disenfranchise people who have trouble getting ID. In the US, there is no blanket ID requirement, so there are a lot of eligible voters without ID.
No one has trouble getting an ID. You need an ID to drive, to work, to open a bank account, to buy liquor or tobacco, etc. The idea that someone can’t get an ID is absolute nonsense.
Not a problem. We should pay for them to get proper identification. This is likely an infinitesimally small percentage of the population qualified to vote. As the other commenter said, you need identification for most important things in life. Yet, again, if someone does not have ID and they want to vote, it should be easy and free. If they can't drive, we pay for an Uber. If they don't understand the process, we pay for a coach. Etc. This is the kind of process that reduces to zero over time. If you process 100K people on year one, there might only be a couple of thousand people the following year...and down to zero it goes.
Voting is much more fundamental to a democracy than Uber lmao, therefore it's worth it to make the effort to make sure as many people as possible can participate.
We have essentially ~no voter fraud in the US, so the only reason to change it is because you want to prevent other people from voting for selfish reasons.
> There's absolutely nothing to prevent me from filling out all eight of them as I see fit and mailing them. Nothing.
Just as there is nothing to prevent a person threatening or physically coercing 8 members of their household to vote as they direct.
This is hard to scale up into the hundreds.
WRT mail-in ballots, these are common place in Australia.
You post in a provided envelope to the AEC address, that outer envelope indentifies you against the voter rolls, just as you are identified when you attend a physical voting location.
The inner sealed envelope contains your voing slip - this is removed and passed on to the "votes from district" counting bucket .. just as all the voting slips from physical voting locations are.
In the checksumming of the election the same person being marked down as having voted multiple times, whether at various locations or by multiple mail in ballots, gets caught and investigated.
At this point voters are marked off against registration rolls and actual votes are anonymous.
This is important in an Australian election as no one should know that someone drew a crude suggestive image of their local member and submitted that.
The real downside of mail in voting is missing out on a sausage sizzle with others in your district at a voting location on voting day.
You arguing with the wrong person. I am saying that we need to go to in-person paper ballots.
The comment you responded to was about the scenario of someone getting a bunch of ballots and filling them out at home or making their household fill them out at home the way he or she might want to.
My point wasn't to paint a water-proof scenario. It is to illustrate just how unreliable and dangerous mail-in voting can be. There are other vectors for manipulation.
Not seeing the ballots won’t necessarily stop them from trying to vote. They might ring up to complain that they never got them. They may try and go in vote in person. Trying to vote using someone else’s name or ballot can very easily land you in hot water.
> Person who shows up to vote is legally allowed to vote
How does that work though? What's the root of trust identifying me as me to a government who, at most, has a written record somewhere of my birth, and definitely not enough information to tie that to any particular face or body.
I have to present my passport to get on a plane, enter into another country, register into a hotel and return to this country. I have to show either my passport card (another passport-like ID in the US) or my RealID-equipped drivers license to fly within the US. They also make me stand in front of a camera.
Nearly every nation on earth does this. It's nothing new. We have the technology and the means. This isn't a problem.
In a lot of places, it's a photo ID. Usually that required a birth certificate to get, and often a few more pieces of corroborating information to make it harder.
Without a root of trust though, how much good is that? When I needed a copy of my birth certificate to get a CA driver's license, I just sent my home state $10-$20 and pinky promised that I was me. Getting utility bills or whatever delivered to your favorite name isn't hard either. It's cheap and easy to bootstrap your way into somebody's identity.
Maybe the payout isn't worth it, but (a) empirically, people seem to be willing to spend a lot more than that per vote if necessary, and (b) it's not substantially harder or riskier to do that than to risk prison voting for a dead person or whatever else some fraudster might cook up; if we think this is an important system which people are trying to rig then the proposed cure just keeps honest people honest.
Do you have a citation for voting by mail being demonstrable problematic? None of the things you describe are even true. We’ve been voting by mail in Oregon for decades and the demonstrated instances of voter fraud are effectively zero. The Heritage Foundation, which is opposed to vote by mail, has a great list here: https://electionfraud.heritage.org/search?state=OR.
I encourage you to click the ‘Read’ tab to see the actual circumstances resulting in the convictions as most are for trying to game ballot signatures and have nothing to do with votes being cast. It just doesn’t happen because the system is secure.
Never once has anyone, outside of their expansive imagination, proven that voting by mail is not secure and effective.
I have EXCELLENT, current news for you, comrade. Since then, I can point you to six States in the USA that have implemented mail-in voting that is demonstrable secure and gives far more people the ability to vote than mandatory in-person voting. Isn’t that simply wonderful to hear? And, to boot, lest you worry about volume, one of those States alone (sunny California) is nearly the same population as France was in 1975! So even having large populations vote entirely by mail is proven to be a non-issue! Phew, I’m glad we can stop trotting out fear mongering and speculative arguments of unproven inevitable doom to stupidly disenfranchise voters!
There are open accusations of mail-in fraud in California, not a settled issue. France is an interesting example because there was fraud, settled issue.
France isn’t that interesting of an example given the exponential changes to how mail-in ballots work that have been implemented in the last 50 years. Using France as your lone example is like citing to the Challenger launch and ignoring every subsequent success in deciding if you’re going to launch a rocket. It’s almost delusional.
Apropos of nothing, Oregon has over 800,000 inactive voters [0] on the voter roll that should have been removed but weren't. So there's room for improvement.
Citations aren’t necessary when the incentives for fraud are so great and the means of executing fraud so easy. It’s not demonstrably problematic, it’s inevitably problematic.
Citations are needed when I can point you to six States that have vote-by-mail systems and there’s no evidence of meaningful fraud in those systems. And citations are especially needed when the very think tanks that are spending millions of dollars trying to disenfranchise voters by banning mail-in voting are unable to find meaningful cases of fraud to bolster their argument and instead rely on nonsense like ‘it’s inevitable that something bad will happen, trust me bro!’
The US has had mail in voting for 100 years with no widespread fraud. You're going to have to present more evidence then "what if bad actors use it this way"
> He has refused every single such requests because, as he put it, if you do for one side or the other, sooner or later you get burned (or worse) and it's over.
I have to admit, it's a bit disturbing that his reason for not doing it is because he might get "burned" or caught. How about...you know...because he believes in upholding democracy?
> I have a friend somewhere else in the world who is in the business of providing electronic voting machines to governments (cities and countries) to run elections. I won't mention where in the world because there are only so many of these companies and his is very prominently known in the region he serves. They develop the machines, write the software and provide the service.
> He told me stories of various elections across the region where governments or specific political parties ask him to tilt the playing field in their favor by secretly altering the code. He has refused every single such requests because, as he put it, if you do for one side or the other, sooner or later you get burned (or worse) and it's over. He happens to be one of the honest and responsible players. That's not necessarily the case for others.
Just to be clear, if you are actually telling the truth you have a fundamental duty to reveal the company in question and who is making these requests, as doing so can constitute a felony in many countries across the world. So I recommend you telling us where this is happening.
Oh yeah? Your source for why mail voting is a shaggy dog friend of a friend definitely real story?
Mail voting has routinely been proven to be extraordinarily difficult to exploit at scale. For as much feverish dedication there is to the idea of how terrible it is (for quite obviously partisan benefit) there is absolutely no evidence of any kind of substantial fraud. It's a right wing fever dream exercise in post hoc logic to justify depriving the 'right' people in our society of their vote. Simple as that.
Mail voting is common in many systems, it's convenient, and worst of all ... More people vote!! All of which is very dangerous to the power of a certain class of politicians.
Even the most cursory research into mail-in voting shows a number of safeguards designed into the process; one summary can be found at https://responsivegov.org/research/why-mail-ballots-are-secu.... Instances of mail based voting fraud are extremely rare despite the extremely high motivation of some actors (such as the current US federal leadership) to find any evidence to the contrary.
Because you can’t make me sign my ballot? Because without my signature the ballot is void. I can also show up in person to cure my vote if you force me to sign it at home btw.
It’s not impossible - I won’t deny it. But we haven’t had any substantial evidence despite the current administration trying to claim otherwise.
If we are to roll back mail in ballot, let’s also make voter ID free and easy, and also make Election Day the weekend or a public holiday, rather than the various frictions including long lines at the poll.
> But we haven’t had any substantial evidence despite the current administration trying to claim otherwise.
Take politics out of it. My comments are not at all based on politics or ideology. It's purely a matter of process issues. It's like saying that short passwords are insecure.
With regards to your lack of evidence observation, this is actually one of the problems with mail-in voting. There is now way at all to know who filled out the ballot. None. It happens privately. If, on the other hand, voting is in person and with proper identification, there is no doubt.
So, lack of evidence is not evidence of a lack of manipulation at all.
I'll give you a personal example: As my father succumbed to dementia a couple of years before passing, my mother, who was also pretty old but still mentally functional, would fill out his ballot and have him sign it. I told her many times that she should never do that and that he, due to his dementia, had no business voting. She didn't want to hear it. Before someone says "you should have reported it!". First, you are an asshole. Second, I'd like to see you report your 94 year old mother with pancreatic cancer and your 96 year old father with dementia at the edge of death.
Now, if in-person paper voting was required he would not have been able to vote and the same may have been true of her towards the end.
I'd be willing to bet this kind of thing happens with some frequency in households. Another one is children who just turn 18 and the parents telling them how to vote. That's just as fraudulent and manipulated. Another friend of ours who isn't interested in being informed and hates politics tells his wife to just fill out the ballots any way she wants.
> Take politics out of it. My comments are not at all based on politics or ideology. It's purely a matter of process issues. It's like saying that short passwords are insecure.
When there're people with unlimited resources who are actively looking for evidence to back up the claim, it makes sense to bring that up because they haven't found anything.
You don't think those 8 people you stole votes from might ask some questions? This is a self-correcting problem, as evidenced by the fact that the few voting fraud cases that do happen (generally nutbag conservatives convinced they are 'balancing out' fraud by commiting it) are usually quickly found and prosecuted l.
I signed my ballot poorly last year because I had nothing hard to put behind it when signing. It was compared to previous years and rejected. At a minimum you need to know what someones signature looks like, which reduces the possible scale of this attack from 'small' to 'vanishingly small'. You can also get rich stealing peanuts from squirrels, if you can find enough squirrels. Good luck with that.
The issue is that the paper ballots are counted electronically. There may be a paper version for double-checking the vote, but it's rarely used. The vote relies almost entirely on electronic technology.
There are many state-mandated post-election audits that involve random selection of ballots or precincts. There are state statutes and procedures that require a post-election audit of ballots after every election. These audits are designed to verify that voting equipment and tabulations operated correctly and that reported totals are accurate
Just do both like we do here in GA. You vote on a computer, it prints out a piece of paper, you walk the paper over to some kind of scanner, and then it is deposited into a giant trash can. (maybe they keep the paper records, idk) - these are the dominion systems.
(memories..)
When I lived in NYC there was a giant lever you got to use - it was pretty fun - but positioning the actual paper was kind of tricky.
I think Georgia used to have Diebold machines where you would get a little receipt but I'm pretty sure they were very hackable. Anyway half of them were always broken.
Minnesota has a better system. You fill in a paper ballot using a pen, and the paper ballot gets optically scanned.
Besides avoiding any issues (real or imagined) with touchscreens, it makes it extremely cheap to stand up more polling places with more booths, since only one tabulator is needed; the booths themselves can just be little standing tables with privacy protectors.
>Minnesota has a better system. You fill in a paper ballot using a pen, and the paper ballot gets optically scanned.
>Besides avoiding any issues (real or imagined) with touchscreens,
Wait... I don't think these are the complaints being made against internet voting at all. The problem is with a computer counting and reporting it, right? Centralized, less transparent, etc.
I dont view writing my vote on paper and scanning it to be paper voting if it's just immediately fed into a computer.
> I dont view writing my vote on paper and scanning it to be paper voting if it's just immediately fed into a computer.
The paper ballots are retained for recounts, and most places with this system automatically recount a random subset of the paper ballots to ensure it matches the computer totals. This guards against both shenanigans and mistakes. For security the scanning machines are not networked! A person carries around a little SD card (not USB as it's too hackable) to collect the totals.
The paper ballot with in-precinct immediate scanning system is the best system I've seen. It reports results quickly and leaves a full paper trail for recounts and accountability.
They are USB on the machines we use. That said, that’s not a concern to me.
The machine also prints a paper tally that goes with it to verify. We used sealed bags so they can’t be messed with in transit. They tabulate the results and compare it to the total from the tape. Personally, I wish there was a hash of the results that would make it simple to say “yep, that’s the same” but practically that’s not necessary.
A second copy of the receipt goes back separately with the paper ballots. Same sealing and chain of custody handoffs.
I like the electronic ballot marking device. I can understand the argument that they’re not worth the cost, though.
This was common in Texas, but becomes challenging when one polling place serves voters that might have different elections to vote for - say, at a polling place on the line between two school districts or something like that. You can't just print one sheet of paper, and it to everyone, and call it a day. Toss in a few different jurisdictions that don't directly overlay each other, and the number of combinations become nontrivial.
(the machines used in Texas vary by county, in my county we use Hart InterCivic machines that are touchscreen but produce a paper trail - honestly I think it works well)
This really is the best way to do it. Scantron gives fast results and you get a paper physical record which shows the actual ballot exactly as it was presented to the voter along with what their vote was.
<devilsAdvocate>How many people spend time making their selections on the computer, then compare every single selection on the print out? Deniers could say the computer randomly prints votes to skew in certain candidate/party direction knowing not everyone would catch it.</devilsAdvocate>
all it would take is one person saying their printed ballot does not match their specific selection, and the whole thing would become chaos.
Same but different issues. Now you have to know that the dots were filled in correctly to be readable. Having someone make an obvious attempt at selection but not readable by the reader is also problematic. No reason to not count their vote. You may laugh about not being able to do it correctly, but it happens.
Only if the scantron shows that each position on the ballot was counted and the voter is not allowed to leave until the person monitoring the scan confirms with the voter their ballot was scanned would this give confidence. Any issues with the scan, and the voter is allowed to correct the issue. There should never be an issue of reading the ballot by the scanner as an acceptable outcome.
of course, all of this is assuming in person voting only
Checking each ballot for completeness sounds like a good improvement to the system. Right now people are just expected to mark carefully and double-check their work before feeding their ballot into the machine and request a new ballot if they mess up.
It might slow things down a little bit, but making sure that the machine can detect a vote for each race/question (even if it's just "Abstain") would make sure people didn't forget to fill out something and help prevent the fill-in-the-bubble equivalent of hanging chads.
I like the idea that "abstain" should be an option for each position on the ballot to remove the ambiguity of it just being skipped mistakenly. Require every position on the ballot to need a response from the voter regardless. That would definitely simplify the tally process even if it does require the voter to go back to fill in additional spots. Better to be right on even if it takes 30 more seconds.
We agree. Don't use computers. Scantron is only there to get a fast count for the news agencies. Manual counting of physical paper ballots would still be done anyway.
To manually count by hand every ballot would mean not finding out a complete tally well until after Jan 20. When election day and inauguration day was selected, the number of ballots to count were a mere fraction of today's count.
Manually counting votes is so error prone that I'd have less confidence in it than a scantron type of ballot. At this point, I'm more in favor of giving each voter a ball/bead/chip to drop into a bucket for each position on the ballot. After checking in, you go to each position to receive your one token. If you don't visit a position, you do not get a token to pass to someone else. Tallying the votes could be as quick as weighing the bucket as the weight of the bucket/token will be known. Each election can change size/weight/color of tokens to be unique. If the weights total an irrational weight, it would be deemed suspect and a hand sort of the tokens can be done to find the odd token.
Hand counts are kind of obnoxious but they can't be beat for transparency. There's no reason it has to be done at once either. Ideally people would be able to vote over several days and counting can start right away.
Balls/tokens aren't a bad idea either though, but it sounds like people pocketing a ball/token would force a manual count even if they kept them since the total weight of all buckets combined would be off. I'd also worry about people bringing in heavier or lighter balls/tokens but the bigger risk would be poll workers handing out heavier or lighter balls/tokens to specific people (or types of people) because it'd be easier to make sure the weights would add up in the end.
Maybe we could force everyone to vote at every position (which should have an abstain option) then have the machine check the weight of every ball/token as it was inserted, and verify that one but only one was inserted, before it fell into the selected bucket?
To me, hand counts are beyond obnoxious. How many times does each ballot need to be counted? Just once? Someone with an agenda could cause havoc. Twice? Three times? Majority wins? How many times would non-unanimous count be allowed before the person making the odd result be dismissed/replaced? I can't remember the hanging chad debacle process, but I do seem to remember one person looking at it before handing it to the next person for confirmation.
I like the idea of placing the token into a verifier to validate authenticity before dropping into the bucket. Similar to a coin sorter where invalid tokens get rejected to a separate bin with a light and siren to ID the person trying to cheat. These could get expensive as you'd need one per candidate per position on the ballot.
Transparency comes much more from repeatable results than manual process. You run the same stack of 1,000 ballots through 2 optical scanners, they will give the same result unless one is busted (in which case do it with 3 or 4). This takes very little time and is reliable. Do it by hand and you are guaranteed to get a different result almost every time, and it will take forever.
The New York mechanical machines by the 2000s were all worn out, there was a statistically higher occurrence of certain numbers (I believe 9) because the gearing was worn down.
> The most important feature of public elections is trust.
Agreed.
However, in some states, such as California, mail-in voting has become the default.
What's used to verify identity and integrity? Your signature from your voter's affidavit of registration, a signature from any past voter form, or literally an "X"[1]. Your signature doesn't even need to match, it just must have "similar characteristics". You can print your name or sign in cursive, you can even just use initials. They're all accepted.
We're firmly on the "honor system".
Pair that with lack of voter ID laws, and we have a system that's designed to be untrustworthy.
In Australia you can postal vote if necessary, but "prepoll" voting is much more popular (I believe 37.5% of registered voters, 90% of which actually voted, in 2025). It's just so convenient, with the same crowd of volunteers and officials as actual polling day.
In 2020's national election, nearly 87% of California votes were by mail[1].
California offers day-of in-person voting, and has ballot-drop boxes (unmonitored) and drop-off (monitored) locations for at least several weeks (I believe it was a full month in the past election).
I wonder how correlated is this to how (un)contested California results are (?). I think the main test will be whenever a case like Bush vs Gore happens.
I volunteered at Fairview development center in Costa Mesa CA, which is a place where dozens of disabled residents lived. These people could not talk, move, etc. They were essentially quadriplegics; mentally completely not there; etc. I was a high school student helping move residents to Sunday service and back and doing activities with them (volunteer hours). I clearly remember seeing nurses and others mark ballots of residents that were in no fit state to vote (unable to communicate at all; those who could were often not mentally competent enough to make their own medical decisions, let alone decide who to vote for). I don't think anyone cares to be totally honest. I was shocked the residents even got absentee ballots. Of course, competent adults should be able to vote, but at the point where you're essentially a child mentally? I mean ... how can anyone possibly figure it out. I did lodge a complaint, but nothing came of it.
> The most important feature of public elections is trust. Efficiency is one of the least important feature.
If efficiency is low enough to significantly affect turn out, you cannot trust the results.
> We should move back to paper voting.
Nowhere in the US is electronic voting used from what I know of. Estonia is the only country I know of that does internet voting, but my info could be out of date.
You're conflating "efficiency" with "disenfranchising voters."
Mail-in voting enabled citizens who otherwise simply couldn't vote, to vote. Citizens who, more often than not, were from already disadvantaged backgrounds.
Ok, now compare other things they do to enable voting. Is voting day a holiday and/or do workers get guaranteed paid time to vote? Are the ballot boxes equally accessible for most people, and not strategically placed to disenfranchise certain voters?
One of the main aims of voting system (physical or online) is to increase the participation of the voters, since the average turnout of global voters are less than 70% (filter by continents for simpler aggregated average) [1].
For example even in country with pervasive internet connectivity (99%) like in Netherland the voter turnout in 2024 is only 77%.
Security technology of trust management in the centralized voting system and architecture has already been solved and well understood, and now we are even moving into zero trust with multi-factor authentications.
All this while the venerable Kerberos has been around for decades with its secure derivatives, and its secure alternatives are numerous. For the more challenging fully distributed arguably has already been solved recently by blockchain, immutable data, etc.
This is the classic example is not that you can't (as claimed by the the article), but you won't. This is what political will is all about and since this is on political voting this lame attitude is kind of expected.
Mostly agree, but we don’t have to give up the benefits of direct digital tabulation for quick results. I would like a paper audit trail. Print my ballot-as-cast for on a paper roll that scrolls by under a window. I can verify it before leaving the voting booth. Recounts and challenges can be a computer scan of the paper roll. None of this is hard. Costs a bit more, but buys trust in the system.
This is the system used in the majority of the United States. Direct-recording electronic voting systems were never that common, briefly peaked after the Help America Vote Act as the least expensive option to meet accessibility requirements, and have become less common since then as many election administrators have switched to either prectinct tabulators or direct-recording with voter-verified paper audit trail.
In the 2026 election, only 1.3% of voters were registered in jurisdictions that use direct-recording electronic machines without a voter verifiable paper audit trail (https://verifiedvoting.org/verifier/#mode/navigate/map/voteE...). 67.8% of voters are registered in precincts that primarily use hand-marked ballots, and the balance mostly use BMDs to generate premarked ballots.
You don't necessarily need any sort of electronic counting for quick results. Federal elections in Australia are usually called late on the voting day and I imagine the same is true for other countries that are paper-only.
Votes close at 10pm. Might be a few stragglers left in the queue, so call it 10:15pm. (Exit poll results are embargoed until 10pm.)
Ballot boxes are transferred from individual polling station to the location of the count. The postal votes have been pre-checked (but the actual ballot envelope has not been opened or counted) and are there to be counted alongside the ballots from the polling stations.
Then a small army of vote counters go through the ballots and count them and stack together ballots by vote. There are observers - both independent and appointed by the candidates. The returning officer counts the batches up, adjudicates any unclear or challenged ballot, then declares the result.
The early results come out usually about 1 or 2. The bulk of the results come out about 4 or 5. Some constituencies might take a bit longer - it's a lot less effort to get ballot boxes a mile or two down the road in a city centre constituency than getting them from Scottish islands etc. - but it'll be clear who has the majority by 6 or 7 the next day.
I can appreciate that the US is significantly larger than the UK, but pencil-and-paper voting with prompt manual counts is eminently possible.
That's how it works in Cook County and a lot of other places: it's touchscreen voting, using "ballot marking devices", which produce a paper ballot you hand to an EJ to submit.
Some paper jurisdictions have this, essentially. E.g., where I live: the ballot is a paper ballot. You vote by filling in a circle/bubble. (If you're familiar with a "scantron" … it's that.)
It looks like a paper document intended for a human, and it certainly can be. A machine can also read it. (And does, prior to it being cast: the ballot is deposited into what honestly looks like a trashcan whose lid is a machine. It could presumably keep a tally, though IDK if it does. It does seem to validate the ballot, as it has false-negative rejected me before.)
But now the "paper trail" is exactly what I submit; it's not a copy that I need to verify is actually a copy, what is submitted it my vote, directly.
> I would like a paper audit trail. Print my ballot-as-cast for on a paper roll that scrolls by under a window. I can verify it before leaving the voting booth.
Why should you be forced to trust that what you're shown is also what was being counted? The paper record should be the actual ballot itself, with your actual vote on it.
I suppose I'm an optimist. I believe it is possible to create a secure online voting system. My life savings might be held at Fidelity, Merrill, or elsewhere, my banking is online, 90% of my shopping is online and it all has "good enough" security. Plus most banks seem to be well behind the state of the art in security. I believe with the technologies we have available today, we could create a secure, immutable, auditable voting system. Do I believe any of the current vendors have done that? NO. But I believe it could be done.
People of limited technical ability can understand the checks and balances of a paper voting system, which legitimizes outcomes. No digital voting system I'm aware of has this characteristic.
Elections in most countries involve tens of thousands of volunteers for running ballot stations and counting votes.
That is a feature, not a problem to be solved. It means that there are tens of thousands of eyes that can spot things going wrong at every level.
Any effort to make voting simpler and more efficient reduces the number of people directly involved in the system. Efficiency is a problem even if the system is perfectly secure in a technological sense.
I find that argument lacking. Each of those people is also a potential weak link or even an adversary from a security standpoint. Would I rather have 10,000 weak links or one software system with rigorous testing and logging?
Money are stolen electronically every day - we do not know how to build secure systems. Considering the stakes for national elections (civil war or government instability) good enough is not good enough.
I agree with you on local elections - electronic voting is good enough for town or even state level elections. The stakes are dramatically lower.
It's of course possible. In fact electronic voting could be safer. The issue is that voting has nothing to do with technical details of safety and everything to do with trust. If your electorate doesn't understand modular arithmetic, then there's no point to electronic voting.
"trust" is a fuzzy concept - people use iMessage and have no concept of how it's architected or how it works. But they trust it. Why? because trust is something that is transferable. If you trust me, and I tell you iMessage is safe then you have a high likelihood of trusting iMessage. If this is reinforced by other people you trust, even better. There would be ways to create a voting system in the open, and have it validated by third parties. If you've ever bought stock it's because underlying the transaction, and auditor has certified their financials...
We have ID.gov and we have blockchain. If we can ensure that the person submitting the vote is indeed that person, would it matter whether it was online, in a booth, or by mail?
> The most important feature of public elections is trust.
I think that perhaps you meant to say that the easiest thing about public elections to undermine is trust. You don't need to actually hack the ballots, send in fake electors, or any other actively nefarious stuff. Just undermine people's "trust" in elections (ironically by talking about how important that "trust" is), and voila, you've done much more harm to an election process than anything we have actual evidence for.
The only thing seriously reducing trust in elections is anti-democratic politicians who will ALWAYS find a convenient reason to claim the election is rigged, and many of their followers will believe and propagate that lie to create distrust in the election.
There is really nothing we can do to satisfy these people except create some kind of structure they demand which will somehow be made to heavily lean in their favor. That is what will satisfy them. Nothing else will.
Yes, and this isn't a tech problem. It's a civics problem. Being secure is necessary but insufficient. We need to be maximally impervious to false allegations of insecurity. Having an election process that's comprehensible and transparent is part of that.
At least in the US, I think there are a number of suggestions that are made repeatedly each cycle here. Like "it should be a paid federal holiday", and not putting onerous requirements on voters. Automatic registration. The list goes on.
But I what is written over and over is more on the lines of "I don't trust the process". I cannot blame anyone for not trusting Internet voting: I am a professional SWE, and it would be impossible for me to establish that any such system isn't pwned. Too much code to audit, hardware that's impossible to audit. But it's pretty trivial to demonstrate to the layperson how paper voting works, and how poll observers can prevent that process from being subverted.
There are non-internet ways to do that. States are really the "laboratories of democracy" on that front, with different states having affordances like long early-voting periods and mail-in voting.
However, those are in the context of whatever political system they're in. No level of efficient election design is going to put a dent in the fact that California loves direct-elected downballot offices (e.g., treasurer, controller, insurance commissioner, state judges, local judges, etc.) and referenda, which all result in super long and complicated ballots with 50+ questions each.
We have mail voting as a default in Colorado. When you get your license you are registered to vote and opted in automatically. The one piece that might improve it further is if it came with a stamp to mail back. Otherwise you just drop it off at a drive-up ballot box. You can also vote in person if you want. Hardly anybody does it so there’s never a line.
You get text messages each step of the process too. “Your ballot has been mailed”/“your ballot has been delivered”/“your ballot has been received”/“your ballot has been counted - thanks for voting”.
The ballots envelopes (not the ballots themselves) are keyed to the voter's identity. When the ballot is removed (not until the signature is verified and not contested), the voter is counted as voted, so if they double vote, then the second vote will be rejected. Likewise if you try to vote by mail and then at the poll, you are flagged before you even try to vote.
Other states that do this well don't start counting mail in ballots until after polls closed. They know if someone voted in person, so their mail in ballot is rejected before being opened and verified.
Improved turnout and participation is a good thing in itself, but not necessarily if it puts a weapon in the hands of those who do not like the outcome and are seeking to invalidate it without regard to whether it represents the electorate’s legitimate choice.
It depends on what "Voters can check their votes" means since you have to make sure that nobody can take a receipt to see which way someone (including themselves) voted. You're also still stuck trusting that what your receipt said matches what actually got counted.
The best paper record is the actual ballot you yourself marked and turned in. It shows exactly what the ballot said and it shows what your selection was. Counting of those ballots can take place in public, on camera to make sure that each vote gets counted correctly. No internet or computers needed.
It means that some people will be able to force others to vote a certain way, punish them if they don't vote a certain way, or even pay them for their votes. Those schemes are a lot less effective when you can't prove how someone voted. People can try to bribe you, or even intimidate you, but once you're in the voting booth you have the freedom to vote however you want and nobody can find out later which way you actually voted. That freedom is very important and worth keeping. You already know which way you voted, no one else needs to be able to check.
Are there places that don't do paper voting in the US? Ballots are still paper everywhere I've voted (mail in ballots, electronic ballots with printouts, filling in bubbles, etc. It's always been paper).
Also, even with paper ballots hand counted people aren't suddenly going to trust elections, at least not some people I know. I had someone say that hundreds of thousands of illegal immigrants voted in the last election. That obviously didn't happen and there's already controls to stop that from happening but that didn't stop them from believing it. It's one of the issues with the conspiratorial thinking, it's durable even in the face of overwhelming evidence.
Isn't it effectively computers everywhere? Sure, you may write on a piece of paper but there is a computer scanning and reporting it. I dont see a practical difference between that and submitting a form directly on a computer.
With paper ballots you can do hand recounts physically with the paper and it's much harder to change values than digitally (obviously), which is a huge difference. You could switch to hand counting by default for everything but the conspiracy theories are really durable for process changes like that so my experience is it won't make a difference.
To expand on that a bit: I've only found their preferred candidate winning to be a long term convincing argument to them (and even then they still will be suspicious). The scenarios I've heard aren't even possible in the current system but they don't trust the election system as a whole so there's no control they would be satisfied with. Even if they personally counted the paper ballots themselves they would just say the ballots were switched out before they got them. Obviously not everyone who doesn't trust elections is like this but I know a lot of people like this.
yeah, trust is real important. Wait, what's that. Stop the count? Don't count all the votes because it's taking too long? Where have I heard that before... What political, totally not fascist, group of people have supported a politician saying that before...
When we moved away from paper voting with public oversight of counting to electronic voting we significantly deteriorated trust, we made it significantly easier for a hostile government to fake votes, all for marginal improvements in efficiency which don't actually matter.
Moving to internet voting will further deteriorate the election process, and could move us to a place where we completely lose control and trust of the election process.
We should move back to paper voting.