[EM] Why We Shouldn't Count Votes with Machines
Kristofer Munsterhjelm
km-elmet at broadpark.no
Sun Aug 17 00:14:21 PDT 2008
Jonathan Lundell wrote:
> On Aug 16, 2008, at 12:54 AM, Kristofer Munsterhjelm wrote:
>
>>> I am for a record on disk of each ballot, but done in a maner to
>>> not destroy secrecy.
>>
>> You have to be very careful when doing so, because there are many
>> channels to secure. A vote-buyer might tell you to vote exactly at
>> noon so that the disk record timestamp identifies you, or he might, in
>> the case of Approval and ranked ballots, tell you to vote for not just
>> his preferred candidate, but both the low-support communist and the
>> low-support right extremist as well, so that he can tell which ballot
>> was yours and that you voted correctly.
>
> In the US, at least, voting by mail has become so prevalent that I
> wonder whether it's worthwhile making voting machinery absolutely
> impregnable to vote-buying. All else being equal, sure, why not, but if
> we trade off other desirable properties to preserve secrecy, and leave
> the vote-by-mail door unlocked....
I think it'd be better to lock the vote-by-mail door. One simple way of
doing that has already been given, with the two envelopes under a
verified setting. If you like technology, you can achieve the same
effect, without the need for the physical verified setting, by using
blind signatures. However, that runs into the same problem where the
voters may not know what's going on.
The fingerprinting vulnerability of ranked ballots is annoying, because
I like ranked methods (rated ones would have even greater a
vulnerability). I can think of a crypto solution where the recording is
done under k of n secret sharing, and the secret-holders don't disclose
their key parts unless it becomes necessary to do a recount. But yet
again, how could the voters know that'll actually work? Even if they
don't, it may still be better than nothing, though.
More information about the Election-Methods
mailing list