It would certainly be “nice” to have the software/hardware stack to be 100% verified but the truth is that if it you could run it off a Malware infested Windows XP PC and the worst which could be done is invalidate the vote. Any attempt to change the actual voting data and pass it off as legit would be futile (so hopefully nobody tries). The biggest threat is sabotage, that’s the only reason why security is necessary.
The analogy would be like having someone compromise a ballot box, but instead of them being able to actually change anything, they could only destroy the box or some of the votes inside, and it would be extremely noticeable.
- Any discrepancies in what the voter actually selects would be picked up right away on the print out
- Even if the printout has been faked, if the voter then submits their receipt to a scrutineer, it would be plain to see that the receipt is fraudulent because none of the crypto information on the receipt would be valid.
Worst case scenarios:
- Machine is not printing out user selections
- Discrepancy picked up by the voter and reported to AEC staff on the spot. You can see that the screen and print out don’t match. Same procedures if someone was physically messing with a ballot box.
- Printer compromised to print out what the voter actually put even though another vote was recorded
- Discrepancy picked up by Scrutineers when the voter reports in their vote and the cryptographic hashes on the receipt don’t match what’s actually in the block chain.
- Currently this defense (actually check the with the voter what they really voted for) isn’t even available in paper based systems. Who’s to know if the box wasn’t stuffed when no one was looking?
- Someone makes a fake receipt to call the block chain they are on into doubt.
- There would be other paper trails, other voters coming forward, and even a level of physical security (eg: security features on the paper it’s printed on) to confirm the validity of the claim. If proven, that block chain is invalid, possibly needing a re-vote done for that polling place/electorate.
- Russian government invents a quantum computer which is at least 1 trillion times more powerful than Albert Einstein’s brain. It can solve any big data mathematical problem you throw at it and brute force it to get the results in seconds. It can mine a billion bitcoins in seconds, smash the record for prime in a nanosecond, cure cancer and find SETI.
- Even if there was a way to change the data on the block chain (hash collision attack), discrepancies would be discovered when voters check their votes with the scrutineers version because those in the changed area have paper proof of their vote. Their crypto data would be wrong even if the crypto data outside the changed area is valid. That’s if it even gets that far because the whole block chain can be verified from a paper record and 3rd party scrutiny which keeps a running total before that could even happen (as unlikely as it is anyway)
The only level of trust involved is on the Scrutineer… surely they would trust the political party they go for? Or even 3rd party scrutineers unaffiliated with a party, or even publish the data as a whole on the web and they can check it for themselves. It doesn’t matter about trust if it is a mathematical truth.
I believe that they count a certain amount until a result is known and then don’t worry about the rest. Or maybe they OCR the rest for data purposes these days. Still, counters make mistakes, it’s quite an error-prone process because of the big human element.
Well that’s why we don’t use these systems because favouring major political parties make it easier to count. Imagine if everyone voted differently and below the line, it would be a nightmare to count. If counting process wasn’t a factor, then you don’t need to limit yourself to systems which need simplicity for counting in your Policy. Sure you could still do so, but you have more options. It is favourable to Pirate Party and other minor parties to have voting systems which give smaller players a fairer chance because the voting system hasn’t been gimped to make it easier to count.
Below the line is hard on purpose because they want you to do it above the line so they can count it easier.
Electronic Input makes Below the Line easier to use.
Fair enough, I exaggerated on that. Not ALL Systems. But Many. And it would still useful to play around with (i.e. instead of putting preferences 1,2,3 who are all under the same party, you could treat them as equal 1,1,1 and feed it into your algorithm that way) or cross check with demographics of the area and electoral boundaries.