Open source Voting System

Politics aside if you were to create an open-source voting system how would you design it to be efficient, secure, and tamper-proof?

I was thinking of something like using blockchain This would create a provable mathematical audit trail for each transaction then. Combined that with using your SSN and a unique ID from the voter registration. You would have proof of every valid vote basically 2fa. Then data will be exported to a write-only USB drive once an hour.

· · Web · 9 · 3 · 6
@omnipotens I think the White House lawyers have already spoken about using blockchain for secure voting. I think it's already in the works.

@Orakel interesting didn't know that still, it's just a fun thought experiment to see what people come up with. Tons of really smart people here and wanted to see where this went.

@omnipotens I'm not a computer person. I just heard someone saying it while watching all those meetings on voter fraud. It's a great idea!

@omnipotens Electronic voting can't be audited the way paper voting can. The last election should make it obvious what happens when a large portion of the population can't trust the voting system and that's what you get with electronic voting.

Also: you don't (and should not!) need an SSN to vote. The US has no unique ID numbers.

@swiley Well every legal citizen that is allowed to vote has a social security number that is unique to the person. As for paper audits are full proof is the biggest lie ever told in my opinion. If money can be counterfeited so can ballets. We can still use both but I believe the answer is in technology. With 2 systems the offline voting machine and a registered voter chain. Each transaction can be matched and tagged as valid duplicated or not in the system.

@omnipotens @swiley
Have you watched Tom Scott's video about electronic voting?

@omnipotens @swiley regarding SSNs, we still have situations where multiple people have the same SSN.

Of course this is a flaw with the SSN system itself, as they don't want to do anything about this to prevent it.

Also, not every American has a SSN, though functioning in society without one is next to impossible. When my kids were born, i was not required by law to sign them up for a SSN (but had I chose not to, it would have made life hell)

@omnipotens @swiley That said, presuming that the feds actually fix the idea of a SSN and make the digits sufficiently long enough so that name/number collision do not happen, there's still the issue that Americans are not required to have one.

You aren't even required to have legal state-issued ID to prove your identity in many states. Even if you have state-issued ID, they aren't biometrically linked in any way to you except photos (which are easily fooled)

@matt @omnipotens We wouldn't want a biometric link anyway. All that does is create hassles for people who's biometrics change and make it easier to defraud people trying to authenticate you because every where you go you leave biometric information.

@swiley @omnipotens Biometrics markers, by their nature, should not easily change in the first place.

If you're thinking DNA, that's one biometric marker, but its not the only one.

@matt @omnipotens I was thinking of fingerprints actually but it really doesn't matter.

@matt @omnipotens
There are serious problems with having a single ID number that's used for official things like this. We're already seeing how easy it makes fraud and how that affects people. It used to be illegal to use the SSN for anything other than social security, there was a good reason for that.

@matt @swiley Well you need an SSN to pretty much do anything from getting a job to a driver's license. Regardless if it has been stolen or not it is just used as an identifier. ssn=person + unique voter id=home address.

@omnipotens @swiley I'm of the mind that you need to use biometric markers to make an ID bind to a specific person. Something that cannot be easily altered, and something that doesn't readily change over a person's lifetime.

Of course, then you open Pandora's Box for a myriad of reasons.

@matt @swiley retinal scanning I can get behind the thought however, you will need multiple ways for that one-off person that does not have any eyes at all but guess they can signup for more of a traditional method.

@omnipotens @matt That sounds extremely unpleasant and I'm sure you could still find ways to forge a correct scan with eg contacts.

If we really wanted a national ID than the federal government should be running a key server. No one reasonable wants this because it would create a huge mess and we absolutely should not be tying it to biometrics. Biometrics are worse than requiring a shared secret to authenticate because you can at least choose who you share the secrete with and change it if you think it's been compromised.

@swiley @omnipotens one problem with the 2fa approach:

I wouldn't expect some numbskull in Kentucky to understand any of this.

@matt @omnipotens 2fa is a whole separate issue. Now you're requiring people to run certain OSes or use specific private networks to authenticate.

People in Kentucky are just as dumb as people in virginia. Hopefully you see why even if we had a national ID you couldn't expect it to actually refer to individuals 100% of the time. Fraud happens and the world is messy and the cleanup is way too slow for whatever automation you'd want to build for it anyway.

@swiley @matt No I am not requiring them to run any OS. Right now when I go and vote I show ID. All I am adding is a randomized voter registration number. When you vote. you put in your id and your voter registration number. If those two match then it's a valid vote. It will just add another layer of difficulty to slow corruption. I am not even saying it's a full-proof idea but its a start.

@omnipotens @matt Maybe it's different where you live but that's essentially what they do here IIRC:
You're authenticated by the volunteers running the Poll and they issue you a serialized ballot.

@swiley @matt Right now many states do signature validation. However, you frame that you just serialized your ballet.

@omnipotens @matt Signiture validation is somewhere between meaningless and potentially a good excuse for throwing away votes.

I sign my credit card purchases with a PR Nonce for this reason.

@swiley @matt I agree with you about the signature validation. That's why I tossing ideas for a better way to validate just to see where that goes.

@omnipotens @matt Regardless *I* don't want to deal with maintaining a national ID.
The problems caused by having an SSN are enough of an annoyance.

@swiley @matt Oh and voting is done by the state not national so all systems would be at a state level.

@omnipotens @matt
You need an SSN to pay taxes. It's not required for anything else. They're not unique, they're trivial to forge, and they should not be used for anything other than social security accounts.

@swiley @omnipotens Actually, you do not need a SSN to pay taxes. You need a taxpayer identification number, which *can* be your SSN.

@matt @swiley and again it really has nothing to do with SSN I was just using that as a unique identifier. This can be anything really.

@omnipotens @matt Right, but we don't have a unique identifier and I'm pretty sure most people would be against having one.

@swiley @matt everyone has some form of unique ID these days from driver's license numbers, SSN, ITN whatever. even if it is not 100% unique that not the point. Heck in most states you cannot vote without some form of ID

@swiley @matt I don't know where you are from but every job I ever had they needed a copy of my ssn. I needed it to get my DL open a bank account. It is used for lots of things.

@omnipotens @matt You job needs your SSN so it can fill out tax forms (for social security.)

Same with the banks, they'll accept an ITN instead.

@omnipotens @matt Furthermore an SSN doesn't mean you have a right to vote anyway. Visa holders are given SSNs and still aren't allowed to vote.

I don't see an SSN on this list.

I don't think paper audits are fool proof. The reason electronic voting is a problem is that *you have to convince the skeptics that it's correct.* Most of the people skeptical of your voting scheme may not even understand PKI and other ideas necessary to judge it's correctness. The result is a mass rejection of the results like what we had last year.

@swiley Not to mention when they do a paper audit they do not check the validity of the votes cast only the number of votes. If they see the same person voted 10 times there is nothing they can do as the task is to count them not investigate them.

@omnipotens I don't know, but seems to me like conventional voting systems place a lot of importance on anonymity, and also are very much reliant on a centralized means of authorization (i.e the government keeps a list of everyone, and crosses your name off when you show up to vote), which suggests to me that any such system would hinge entirely on trusting the central authority.

I'm not sure how you could carry forward those premises into an "open source" system, depending on what that means.

@eviloatmeal no not true, If that was the case then people would not have received letters in the mail saying their vote was rejected due to signatures validation. It depends on the state and how each state runs there election process.

@omnipotens If this is directed toward the anonymity part, then I should clarify that I mean anonymity in the sense that you can't tell from the end result who voted for what, as in, most of the voting systems I've heard of either have some mechanism by which you can't figure out what someone else voted, or at least actively refrain from publishing that information.

@omnipotens A fundamental difference to overcome here is that one can verify open source programs by compiling it ourselves, or a hash sum.

You can't verify a voting machine unless you're allowed full access, and if you're allowed access then other people cannot trust the machine.

I do like this idea. Definitely, such a system is possible to design, implement, test, audit, and, finally put into production.
However, the main challenge will be to explain the functionality of such a system to a common voter in plain language. There are so many prerequisites of exact and intrinsic knowledge. A common voter will have no chance to trust it without a plain belief.

The system will contain literally thousands of components where each and every of them can contain a vulnerability that can compromise the system. As the system is compromised so the result of the voting. Not speaking of the human factor during analysis, development, testing, and maintenance. Even the majority of the staff responsible for this will not be able to understand the system as a whole.

@omnipotens I'd never trust a non paper based voting system. And even worse, with digital systems there can be no proof of tampering.

Votes should not be counted with a machine either.

@SnabelAdmin I still believe if you can counterfeit money you can counterfeit ballets. And it's nearly impossible to validate all the paper ballots are legit.


Well, the difference is scale. You need massive infrastructure, organization and resources to do voting fraud. And keeping it secret will be difficult because of the amount of hands that have to be gathered without leaking.

The current American system sucks, but the solution isn't going away from paper.

There is extensive research on this made by experts, and USA has always been critizised for digitalizing voting by these experts.

@omnipotens you cannot. Computers are a black box system to the voter and ergo, have no place in the electoral system.

@omnipotens Have a look at Patricia Aas' work in this area. Why paper ballots is the good and how to secure such a system.

Sign in to participate in the conversation

Linux geeks doing what Linux geeks do...