Auditing Elections
Apr. 4th, 2021 10:36 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
libertarianhawkLarry Correia pointed out that elections don't have nearly the degree of audit trails and verification which the federal government expects of other processes.
I agree. I've been through Federal audits, and company internal audits preparing for them. Fed auditors barge into my cubicle (back when I was in one) and demand to know what number I'm charging to, where the authorization for it came from, and what I'm doing to justify charging to it. The internal auditors are politer, they'll schedule the meeting, but they dig deeper. "Why are you measuring it that way? What tools are you using? Who sees this data?"
Doing that for an election would require matching up every vote to every voter--and would break the tradition of secret ballots. Even if the audit data was officially secret, it could be leaked, stolen, or FOIA'ed if the rules change.
There's good reasons for keeping votes secret. People could face retaliation for voting the wrong way, or be bribed to favor a candidate. People taking selfies of themselves voting have been bit by laws designed to keep people from revealing how they voted to collect bribes.
The flip side of the problem is the many ways people have cheated at elections. Throwing away votes for an opponent. Stuffing the ballot box with fake votes. Non-eligible voters casting ballots. Altering the count. Just plain stealing them (check out the Battle of Athens for a 20th Century shoot-out over ballots).
Crypto geniuses could probably find ways to make voting auditable in multiple directions (confirm a vote was counted, confirm a vote was cast by a real authorized voter). But that's going to make the system more complicated, and require more effort from the voters.
Making voting harder is something people object to for both principled and partisan reasons. We already have screaming arguments all over the country over the methods and security procedures for voting, on top of basic logistics such as the number of polling stations and how long they're open. Any obstacle to casting a vote will make at least one marginally motivated voter not bother--and someone wants that vote.
Engineers say, "Good, fast, cheap, pick two," to drive home the need for making trade-offs when designing a system. In practice the balance is traded among the three factors. "How good can we make it for $10 million and a two year delivery?" is the sort of thing project managers wrestle with.
For a voting system, the trade-off is "Easy, secure, anonymous, pick two."
If anyone's thinking of just zeroing out "secure," keep in mind that elections only matter if people believe they reflect the will of the voters. If they just become a contest of skill between rival bands of fraudsters, we won't have democracy. We'll have shoot-outs that make the Battle of Athens look like a recess scuffle.
"Easy" can't be zeroed. Even if actually casting the ballot was effortless, voters have to make a decision. In some elections they have dozens of races to vote on. I've spent many hours googling for data on obscure candidates. Judicial elections are the worst. The ethics rules prohibit them from taking stands that would prejudge cases, so there's nothing but resumes and party affiliations to go by--and not even the latter in primaries.
Right now we have a system that's hard over on anonymous, leaving the trade-offs between "easy" and "secure". I don't think that's a bad thing, as long as we can achieve a compromise that maintains public confidence in the system.
A real audit trail would be one way to do that. If the crypto geeks can create one that doesn't turn voting into an hour long ordeal with a six hour wait, great. If not, we need to keep elections secure with the current tools as best we can.
I agree. I've been through Federal audits, and company internal audits preparing for them. Fed auditors barge into my cubicle (back when I was in one) and demand to know what number I'm charging to, where the authorization for it came from, and what I'm doing to justify charging to it. The internal auditors are politer, they'll schedule the meeting, but they dig deeper. "Why are you measuring it that way? What tools are you using? Who sees this data?"
Doing that for an election would require matching up every vote to every voter--and would break the tradition of secret ballots. Even if the audit data was officially secret, it could be leaked, stolen, or FOIA'ed if the rules change.
There's good reasons for keeping votes secret. People could face retaliation for voting the wrong way, or be bribed to favor a candidate. People taking selfies of themselves voting have been bit by laws designed to keep people from revealing how they voted to collect bribes.
The flip side of the problem is the many ways people have cheated at elections. Throwing away votes for an opponent. Stuffing the ballot box with fake votes. Non-eligible voters casting ballots. Altering the count. Just plain stealing them (check out the Battle of Athens for a 20th Century shoot-out over ballots).
Crypto geniuses could probably find ways to make voting auditable in multiple directions (confirm a vote was counted, confirm a vote was cast by a real authorized voter). But that's going to make the system more complicated, and require more effort from the voters.
Making voting harder is something people object to for both principled and partisan reasons. We already have screaming arguments all over the country over the methods and security procedures for voting, on top of basic logistics such as the number of polling stations and how long they're open. Any obstacle to casting a vote will make at least one marginally motivated voter not bother--and someone wants that vote.
Engineers say, "Good, fast, cheap, pick two," to drive home the need for making trade-offs when designing a system. In practice the balance is traded among the three factors. "How good can we make it for $10 million and a two year delivery?" is the sort of thing project managers wrestle with.
For a voting system, the trade-off is "Easy, secure, anonymous, pick two."
If anyone's thinking of just zeroing out "secure," keep in mind that elections only matter if people believe they reflect the will of the voters. If they just become a contest of skill between rival bands of fraudsters, we won't have democracy. We'll have shoot-outs that make the Battle of Athens look like a recess scuffle.
"Easy" can't be zeroed. Even if actually casting the ballot was effortless, voters have to make a decision. In some elections they have dozens of races to vote on. I've spent many hours googling for data on obscure candidates. Judicial elections are the worst. The ethics rules prohibit them from taking stands that would prejudge cases, so there's nothing but resumes and party affiliations to go by--and not even the latter in primaries.
Right now we have a system that's hard over on anonymous, leaving the trade-offs between "easy" and "secure". I don't think that's a bad thing, as long as we can achieve a compromise that maintains public confidence in the system.
A real audit trail would be one way to do that. If the crypto geeks can create one that doesn't turn voting into an hour long ordeal with a six hour wait, great. If not, we need to keep elections secure with the current tools as best we can.
