[EM] The critical importance of Precinct Summability.

Wed Sep 4 10:14:00 PDT 2024

The cryptography can be fixed by placing each race on its own separate
ballot, but that's kind of a pain.

There's two different issues here. The first is we want to be able to
release precinct-level data, so we can check it for unusual patterns. The
second is we want to be sure none of the ballots are tampered with or
destroyed in transit (after polls close). Precinct summability implies both
(by letting us skip transit entirely), but isn't needed for either.

An easy way to prove ballots weren't tampered with in transport is WDS's
receipt proposal. Print a receipt (exact copy) of each vote and put it in a
box. Every ballot and receipt has a random serial number on it. After the
election, the government can post ballots along with randomized serial
numbers. Voters take a single random receipt from the box home with them
when they leave and check it. Now if any ballot is tampered with or
destroyed after leaving the precinct, some voter can prove it by showing
their receipt. Assuming even a handful of voters check their receipts, any
substantial fraud would be easy to detect. Ballot-box stuffing in transit
can be prevented simply by reporting the total number of votes (turnout) by
precinct.

This can be paired with tabulating full ballot data by precinct, then
releasing it after adding random noise (c.f. differential privacy) so we
can check for any weird patterns in precinct-level data. For any
non-chaotic rule (i.e. probably anything except STV), this noise will
cancel out. This can be helped by using a weakly-summable method like
proportional approval in moderately-sized districts (perhaps 4
representatives). Then people can calculate the results based on the
precinct data at the end.

On Tue, Aug 27, 2024 at 3:05 AM Kristofer Munsterhjelm <
km-elmet at munsterhjelm.no> wrote:

>
> On 2024-08-27 05:14, robert bristow-johnson wrote:
> >
> >
> > I was away from home in my previous reply and using my phone.  About the
> other part ...
> >
> >> On 08/26/2024 11:44 AM EDT Closed Limelike Curves <
> closed.limelike.curves at gmail.com> wrote:
> >>
> >   ...
> >> I think we really need to be much more careful about
> >> precinct-summability. If we're not careful, we're going to hit a
> >> massive wall as soon as we talk about multi-winner systems, which
> >> usually aren't precinct-summable.
> >
> > If you're doing PR (which I think is the purpose of RCV in
> > multi-winner election), then it's gonna be something like the Gregory
> > method with Droop quota and surplus votes transferred and runoffs
> > eliminating the weakest candidates.  And it's not precinct summable.
>
> I think that's his argument.
>
> If Droop-proportional PR methods are desirable,
> and (strong) summability is desirable,
> and Droop proportionality is incompatible with strong summability,
> then we have to give something up.
>
> Which is it going to be?
>
> There may be ways to solve or circumvent the dilemma. I can think of these:
>
> - If it turns out that DPC is not actually incompatible with strong
> summability, and we can invent a strongly summable method of a
> reasonable order, then no problem.
>
> - We could use party list instead of candidate-centered PR, or relax the
> type of proportionality required and fill the gap with DMP or party
> list-based top-up seats. For instance, Forest's method described in
> https://rangevoting.org/PuzzQWEAns15.html uses a weaker sense of
> proportionality ("color proportionality") and is summable.
>
> - We could use small district sizes and hope that/determine if weak
> summability is good enough. Weak summability says that if we hold the
> number of seats constant, then the method is summable, though it may be
> non-summable if we're allowed to vary the number of seats.
>
> - It's possible that PR isn't actually needed if the single-winner
> method is good enough; or that 2- or 3-seat districts suffice for the
> same reason. Robbie Robinette argues for Condorcet this way.
>
> https://medium.com/@robbierobinette/american-politicians-are-divided-but-the-people-are-not-9e944b90fc0a
> and https://betterchoices.vote/head-to-head-in-congress. This is related
> to the idea that proportionality of representatives isn't needed if
> their *decisions* are representative. I still would think that PR is
> good in a non-polarized system so reps with different points of view
> could discuss where they're coming from, but it's possible that the loss
> isn't as great as we think. (More on polarization here:
> https://link.springer.com/article/10.1007/s10602-022-09378-6 and
> https://arxiv.org/pdf/2306.07147)
>
>
> >> Precinct verifiability is enough. In theory, it might be possible
> >> to  drop the need for precinct verifiability, if you have some kind
> >> of end-to-end auditable procedure?
> >
> > In the U.S. serialized ballots ain't gonna cut it.  Then we lose our
> vote by secret ballot.
>
> It might be possible. For instance, Warren Smith and Ron Rivest
> mentioned a method where voters cast three ballots, two of which cancel
> each other out, and then take the identifiers of some (but not all) of
> them to use to verify the results later. The idea is that you can then
> verify that the ballots you chose were counted, but people who are
> coercing your vote can't know if you gave them the ID to your real
> ballot or to one that cancels another out.
>
> Apparently, it's been found to be flawed if the ballot asks for results
> for multiple races.
> https://en.wikipedia.org/wiki/ThreeBallot#Broken_encryption But perhaps
> something similar can be devised.
>
> The main problem with cryptographic schemes, I think, is that they make
> the election process more opaque. The ThreeBallot scheme can at least be
> understood by ordinary voters; even so, it's harder to deal with than no
> encryption at all. But computer cryptography would be completely opaque.
> The people would have to trust the voting machines.
>
> Another human-legible method has apparently been tried in practice:
> https://en.wikipedia.org/wiki/Scantegrity#Use_in_public_elections
>
> -km
> ----
> Election-Methods mailing list - see https://electorama.com/em for list
> info
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.electorama.com/pipermail/election-methods-electorama.com/attachments/20240904/e7cf539b/attachment.htm>