[EM] Why We Shouldn't Count Votes with Machines

[Kristofer Munsterhjelm]

Jonathan Lundell wrote:
> On Aug 16, 2008, at 12:54 AM, Kristofer Munsterhjelm wrote:
> 
>>>     I am for a record on disk of each ballot, but done in a maner to 
>>> not destroy secrecy.
>>
>> You have to be very careful when doing so, because there are many 
>> channels to secure. A vote-buyer might tell you to vote exactly at 
>> noon so that the disk record timestamp identifies you, or he might, in 
>> the case of Approval and ranked ballots, tell you to vote for not just 
>> his preferred candidate, but both the low-support communist and the 
>> low-support right extremist as well, so that he can tell which ballot 
>> was yours and that you voted correctly.
> 
> In the US, at least, voting by mail has become so prevalent that I 
> wonder whether it's worthwhile making voting machinery absolutely 
> impregnable to vote-buying. All else being equal, sure, why not, but if 
> we trade off other desirable properties to preserve secrecy, and leave 
> the vote-by-mail door unlocked....

I think it'd be better to lock the vote-by-mail door. One simple way of 
doing that has already been given, with the two envelopes under a 
verified setting. If you like technology, you can achieve the same 
effect, without the need for the physical verified setting, by using 
blind signatures. However, that runs into the same problem where the 
voters may not know what's going on.

The fingerprinting vulnerability of ranked ballots is annoying, because 
I like ranked methods (rated ones would have even greater a 
vulnerability). I can think of a crypto solution where the recording is 
done under k of n secret sharing, and the secret-holders don't disclose 
their key parts unless it becomes necessary to do a recount. But yet 
again, how could the voters know that'll actually work? Even if they 
don't, it may still be better than nothing, though.