(this is Australia. we have compulsory attendance at voting booths for eligible citizens, you can spoil your paper or walk away but we enforce with a fine, participation in the one obligation of citizenship)
-I have been offered voting remotely in elections for my home economy of the UK and I would have welcomed some kind of homomorphic encrypted, secured voting method, given I have done KYC with the UK government to get my pension paid, I don't see there is a problem with them knowing who I am online.
I therefore do not totally agree with the headline, but I'm willing to be convinced by the article, because comparing the land of hanging chad to my own, I think paper and pencil is just fine. BTW we have a senate election which demands ballot papers cut from A0 paper in long strips. Hundreds of boxes to be filled in. What we don't have is the vote for every judge, official, proposition on the table, we just elect representatives and senators, but we have a complex vote method. It just works. We do machine reading, but every single paper is reviewed by people, and parties have rights to monitor the vote, in secured spaces. We do not have a serious concern with the integrity of our vote, and the question is regularly asked and tested. (it's not just because we believe its secure and don't check)
Its a great list of signatories, includes people I respect. I would think that the prime question for americans is "how much worse or better than the current approach could this be?"
Unfortunately, explaining them to Joe Q. Public in such a way that he's going to trust your election is a very tough sell, whereas counting paper is a much easier process to explain.
And that's before you begin worrying that the developer of your whizz-bang mathematically-provable voting system is a) going to win the bid to build it for the government, b) implements it correctly, and c) isn't subverted while doing so.
In fact, the one isn't nearly as big of a privacy concern (if any at all). I wouldn't be surprised if someone told me the former could be done with some XOR scheme, but proving that both you voted and your vote counted for a specific candidate while keeping that a secret is a much more difficult task
After your name is checked off, you then proceed to a booth where you mark a piece of paper before folding and placing that paper into a plastic collection box on the way out.
It's very analog and the electoral commission have no way to know if you actually voted or who you voted for. They only know that you turned up to the polling station and gave them your name.
I assume the number of people who turn up at the polling station, only to walk away without voting is so small that it's not seen as a problem to solve.
Just have a code show the truth (for you to verify) and a second code to show a lie (in case of threats).
And the biggest problem of this all is that it's basically impossible to prove because there's no meaningful identifier at any given point in the process. The only real evidence you'd have is a bad signature, yet in 2020 some states ceased comparing signatures and signature comparison was, in general, bizarrely under attack by certain interest groups.
https://www.bbc.com/news/uk-politics-26487418
The article quotes one Mr Richard Mawrey QC:
> "Postal voting on demand, however many safeguards you build into it, is wide open to fraud… on a scale that will make election rigging a possibility and indeed in some areas a probability."
> "Now I know that there is a very strong political desire to keep the present system. What I'm saying is that if you keep the present system, then however many safeguards you create, fraud and serious fraud is inevitably going to continue because that is built into the system."
Personally, my concern is that with mail in ballots some nutjob that believes there's ballot stuffing can set fire to the ballotbox and even though they're caught it's a major inconvenience to get a replacement ballot and the websites that show your ballot is received take days to update.
But I still love mail in voting. My state sends a candidate brochure with it and I can take my time to actually look up all those random candidates' policies. It takes me hours to actually fill out my ballot but that's a feature, not a bug (there's nothing preventing you from along party lines but frankly I'd be happier without parties)
[1] - https://www.brennancenter.org/our-work/research-reports/voti...
But you can already do that, regardless of mail in voting or not?
Guy with sledgehammer is at least a block waylay, and everyone knows that everyone votes, by law.
People do, in fact, threaten or coerce their spouse and that extends to voting.
Being able to audit from a secure counting room and being able to produce an always-available-online permanent record is different.
As far as I know, these votes have gone mostly unchecked before electronic voting, but after that, they’ve started voting straight from the workplace computers. There were, of course, a lot of straight-up falsifications as well.
That said, our pen-on-paper voting isn’t too legit either :’)
The closest I can think of is rare cases like this: https://en.wikipedia.org/wiki/Bushel%27s_Case
You can try to google-translate [this, for example](https://holod.media/2024/03/08/soprotivlenie-putinu/#h-3-%D0...)
It sounds like their Election Commission takes their job very seriously.
A key part of India's system is the Elector's Photo Identity Card (EPIC), required to cast ballots. Similar obligations are present wherever election integrity is taken seriously.
We have an independent electoral commission. I'm not saying its incapable of being reproachable, nothing is "beyond reproach" but I have yet to hear a serious, non-cooker accusation any political party has tried to stuff the electoral commission.
What we don't have, (and I think should have) is capped party donations. I'm tired of the money aspect of who gets the most billboards.
We also have silly bad behaviour emerging: People doing their billboards in the same style and colours as the electoral commission. Often in foreign language support roles, using words like (not a quote) YOU MUST VOTE FOR PARTY A LIKE THIS which I think is really trolling the voter badly.
Asserted without evidence, and apparently quite likely to be an attempt to cast aspersions on "election integrity" in the USA and elsewhere.
The flip side is even more true. If someone is claiming they care about election integrity and isn't willing to pair that with funding of an equivalent ID system that is both free and easy for voters to acquire, they don't actually care about election integrity.
If your voter ID system isn’t 100% free and absolutely effortless for voters to obtain, it’s a badly disguised vote suppression scheme.
It’s pretty much always a vote suppression scheme.
Some people probably are so badly organized and/or ignorant that they can’t manage making and keeping one single DMV appointment even once every 15 years so that they could get an ID (I think we can all agree that an “expired” ID would do fine, as long as the picture isn’t so out of date it can’t be verified).
Anyway, it’s only those people who would be “disenfranchised” under a voter ID system and I’m not convinced our government would benefit from incorporating the opinions of someone so unserious. It’s ok that some things in life are reserved for people that have invested a tiny amount of effort once in their lives. There’s also not a free and effortless way to feed or bathe yourself.
By the way, a state ID costs $15 in Mississippi and $9 for “eligible people” in California.
If it costs a penny and is a requirement to vote, it is an unconstitutional poll tax.
I hate calling something a slippery slope, but I don't know how else to describe an argument that is fundamentally "Sure, it will disenfranchise people, but who cares about those people anyway?" Once you accept that people's rights can be taken away simply because protecting those rights is an inconvenience, then none of us actually have any protected rights.
Beyond this point: voting isn't just a freedom, it's a duty in a civilized democracy. We don't enforce it like Australia does, but anyone who not only doesn't care if it's performed, but is sanguine about it, isn't fully on board with government by the people.
Also https://www.reuters.com/world/india/family-remote-himalayas-...
There was really no good reason for that, unless they were really against a certain segment of the population voting (a lot of people in the apartments didn't have cars, or were too busy to go so far to vote).
I would feel much better if they required ink.
There are scrutineers that watch counting happen at the booth once polls close, and who also see and hear the numbers get phoned into HQ. HQ has more scrutineers from all parties checking both postal votes and recounts.
If anything doesn't match up it gets flagged. I think that the ability of every party to watch votes themselves means that trust is increased, and they have skin in the game (if they didn't object at the booth why not!?).
Pen markings are perfectly valid however, so you can bring a pen to the booth to vote with if you'd like to do so.
It's also true of course that erasers don't quite erase pencil. It would be fairly obvious that the paper was tampered with.
I mean the same is true in the United States. One of the key issues with the 2020 election was footage from several jurisdictions where the public was physically blocked from viewing the counting by election officials literally holding up giant white boards. The optics of that were extremely bad.
Scrutineers are also not members of the public. They are declared and appointed by candidates and parties for polling oversight and have complete access to the counting and polling area. They're not allowed to touch ballots but they can challenge and bring them up to all the scrutineers in the location (and EC staff) and finally they can take it to the court afterwards
Election officials are also not local council\elected people they're people working for the AEC\State Electoral commission. which is as mentioned above a non partisan organisation (which is highly different from bipartisan framing)
You also have a large number of counting staff. who do the sorting and then counting with machine assistance (how many sheets are here in this stack do they match the tally the 2 people already made on that pile)
Though the senate elections have a more complex voting software stack due to STV fun.
Given the number of people involved in watching ballots the entire time it is happening this would require a lot of compromised people and a lot of compromised scrutineers.
On the other hand, disappearing ink has been around for a long time.
The mark of vote being indelible or not is irrelevant. The monitoring and protection of the ballots is far more important. For example, representatives of all political parties are involved in the count, oversight by an agency, etc. If you had time to erase and re-mark ballots, you could swap out paper ballets too.
Then both parties think that if their party’s guy isn’t in charge of the election itself, that the vote counting itself is being faked. Of course, these concerns only ever come out when their preferred party loses.
Mix internet voting into this, and the average person’s utter cluelessness about computers, and no amount of fancy crypto, blockchain, etc. would ever convince any American that their party lost fair and square. “The new online voting system was rigged!”
https://en.wikipedia.org/wiki/Voter_suppression_in_the_Unite...
What evidence do you need that making it more difficult to vote will result in fewer people voting? Isn't it common sense?
Then my refusal to vote should be counted. If enough people refuse to vote then the entire election should be cancelled and new candidates found. Otherwise this is a ridiculous catch 22 of state bullying to no actual purpose. Who would even think to create such a law?
With Internet voting, the ways to cheat are not all that well-known among the general population, and even among an audience like HN I bet we couldn't come up with all the ways to cheat. (That's not a challenge!) So there's going to be fundamentally less trust in the election process than with paper ballots, even if the Internet-voting system was actually made completely secure. (And I'm not persuaded it can be made completely secure, given that secret ballots are a fundamental requirement of the process).
So yes, paper ballots are very much the way to go.
It got made into a 1992 movie called "An American Story" (which covers many things, the Battle of Athens being just one of them). I have no idea how accurate the movie is (I know it's not 100% accurate, but how much it changed I don't know).
https://en.wikipedia.org/wiki/Newbern,_Alabama#Mayoral_dispu...
P.S. Population of that town in 2020, according to the census? 133 people.
About 42%, or 8,200 of those places, have less than 500 people.
About 20% of ALL US towns have less than 200 people.
It's a big country.
Caro covers this pretty extensively in his LBJ biography series, but it's reasonably clear from the evidence that LBJ won his senate seat by some pretty crude paper voting record manipulation after the fact - changing a '7' to a '9' by writing over the number with a pen - almost certainly with LBJ's knowledge. Given that his senate seat eventually put him in the presidency, it's probably the most consequential voter fraud ever committed in American history (that we know about, I suppose).
Those numbers alone should make anyone suspicious. If you have an urn containing about 20,000 balls in two colors, red and green (this election happened in 1948 and the 1950 census listed that county's population as 27,991; let's assume that roughly 20,000 people would have been old enough to vote in 1948) and you randomly draw out 202 balls (about 1% of the total number in the urn), you would expect the number of balls you draw out to be roughly proportional to the red-blue mix in the urn. (1% of the total is big enough to expect a roughly-unbiased sample). So if you draw out 99% red balls and 1% green balls, then either you have a very very skewed proportion of colors in the urn, or else someone is cheating. Given the TINY margin of victory in that race (87 votes out of nearly a million, 988,295 to be precise), it's very very unlikely that precinct 13 happened to be skewed 99% towards LBJ when the state as a whole was so closely balanced.
According to Caro, part of the background is that the relevant southern Texas precincts were well understood to have vote counts up for purchase; over the course of election counting, both sides would have their controlled districts release counts based on what the other side was reporting to stay in the race. These counts would vary in legitimacy and how skewed they were based on the precinct and need of the candidate that had swayed the boss to their side. But tactics like having armed guards supervise the casting of votes to ensure the favored candidate got a large majority, or simply distributing vote receipts to people who never voted at all and recording votes on their behalf, or making numbers up entirely, were quite common. Typically, though, Caro argues that because both sides did this, and they did it incrementally, it usually wasn't enough to sway an election one way or another, but rather was just part of the cost of doing business. He even says that LBJ lost his Senate election earlier that decade because he got cocky and told the bosses of the districts he had bought to just release all their numbers right away, letting his opposition then juice their numbers just enough to win.
It's really the timing, more than the margin, that makes it clear what happened (and the crudeness of the forgery); after every other precinct reported and finalized, they corrected their number by barely more than needed to win. The 100 to 1 vote margin was actually not that far off from the vote margin that the precinct reported in the first place (... which, of course, really tells you that the whole thing was made up from whole cloth).
The issue is how to preserve privacy...
Understandable, but then vote-buying becomes possible. The reason vote-buying is impossible in a secret ballot is because you can't prove how you voted to anyone else. If you can look up your own ballot even five minutes after it's dropped into the box, then you can show your screen to someone else who then hands you $100 for voting the right way, and elections change from being "who has persuaded the most voters?" into "who has the most money to buy votes with?"
When we moved away from paper voting with public oversight of counting to electronic voting we significantly deteriorated trust, we made it significantly easier for a hostile government to fake votes, all for marginal improvements in efficiency which don't actually matter.
Moving to internet voting will further deteriorate the election process, and could move us to a place where we completely lose control and trust of the election process.
We should move back to paper voting.
Electronic tabulation introduces little risk when the ballots are paper.
And not all paper systems are good either. I'm sure everyone remembers the disaster that was the punch card system used by Florida in the 2000 election...
vote by mail (and similar ballot harvesting, bulk ballot dropoffs with hazy chain-of-custody as from a nursing homes and immigrant communities) are new, based on paper, and open to abuse.
It's not where we were.
traditional absentee balloting was a small scale thing used by college students, military personnel, etc. and if it was messed up, it was not likely to change outcomes or a threat to counting accurately (no election is perfect)
1. why did absentee voting/vote by mail expand? What was the claimed intention and purpose? What has been the actual result (and based on what evidence) ?
2. who has an interest in underming confidence in vote by mail and why? What evidence do they offer that it actually is a problem?
This claim is frequently made and never backed job with any compelling evidence.
Do European and other first world countries favor electronic tabulation?
Is it possible that introduction of all electronic factors reduce trust?
Now, you might contend that this is not a list of first-world countries exactly (but rather I sampled the largest countries). You must keep in mind that the use of electronic tabulation in the United States is mostly a response to the very limited budget on which elections are carried out; electronic tabulation is much less expensive than significantly increasing staffing. As a result, globally, electronic tabulation tends to be most common in poorer countries or countries with newer election systems, while hand tabulation is most common in wealthier countries with long-established election procedures.
For this reason, the countries you might go to for comparison (like France and Germany) have largely manual election processes that have often seen few changes since the Second World War.
The Help America Vote Act (2002) had a de facto effect of making the United States a country with much newer election processes, as HAVA requires strict accessibility measures that most European election systems do not meet (e.g. unassisted voting for blind and deaf people). Most US election systems didn't meet them either, in 2002, so almost the entire country had to design new election processes over a fairly short span of time and on a shoestring budget. Understandably, election administrators leaned on automation to make that possible.
It's also important to understand that because of the US tradition of special-purpose mill levies and elected independent boards (like school boards), the average US ballot has significantly more questions than the average European ballot. This further increases the cost and complexity of hand tabulation, even ruling out entirely the "optimized" hand tabulation methods used in France and Ireland.
But you don't need everyone to be convinced of it first-hand. You just need everyone to trust someone who is convinced of it.
We already use paper voting. If you mean go back to a time before voting machines, then I fear that would actually reduce trust because the amount of tabulation errors, data entry, and spoilt ballots would skyrocket. The only people who are increasing doubt in voting machine are the same people who are trying to disenfranchise voters and not accepting the results of past elections.
The last presidential election where doing a paper recount might have helped was in 2000 and believe it or not, the same party that's calling for abolishing voting machine today was the one who sued to avoid a paper recount then.
Agreed.
However, in some states, such as California, mail-in voting has become the default.
What's used to verify identity and integrity? Your signature from your voter's affidavit of registration, a signature from any past voter form, or literally an "X"[1]. Your signature doesn't even need to match, it just must have "similar characteristics". You can print your name or sign in cursive, you can even just use initials. They're all accepted.
We're firmly on the "honor system".
Pair that with lack of voter ID laws, and we have a system that's designed to be untrustworthy.
Yes, I agree, a state issued ID should be free...
[1] https://codes.findlaw.com/ca/elections-code/elec-sect-3019/
In Australia you can postal vote if necessary, but "prepoll" voting is much more popular (I believe 37.5% of registered voters, 90% of which actually voted, in 2025). It's just so convenient, with the same crowd of volunteers and officials as actual polling day.
California offers day-of in-person voting, and has ballot-drop boxes (unmonitored) and drop-off (monitored) locations for at least several weeks (I believe it was a full month in the past election).
[1] https://abc7.com/post/election-2024-21-californias-registere...
(memories..)
When I lived in NYC there was a giant lever you got to use - it was pretty fun - but positioning the actual paper was kind of tricky.
I think Georgia used to have Diebold machines where you would get a little receipt but I'm pretty sure they were very hackable. Anyway half of them were always broken.
Besides avoiding any issues (real or imagined) with touchscreens, it makes it extremely cheap to stand up more polling places with more booths, since only one tabulator is needed; the booths themselves can just be little standing tables with privacy protectors.
>Besides avoiding any issues (real or imagined) with touchscreens,
Wait... I don't think these are the complaints being made against internet voting at all. The problem is with a computer counting and reporting it, right? Centralized, less transparent, etc.
I dont view writing my vote on paper and scanning it to be paper voting if it's just immediately fed into a computer.
The paper ballots are retained for recounts, and most places with this system automatically recount a random subset of the paper ballots to ensure it matches the computer totals. This guards against both shenanigans and mistakes. For security the scanning machines are not networked! A person carries around a little SD card (not USB as it's too hackable) to collect the totals.
The paper ballot with in-precinct immediate scanning system is the best system I've seen. It reports results quickly and leaves a full paper trail for recounts and accountability.
(the machines used in Texas vary by county, in my county we use Hart InterCivic machines that are touchscreen but produce a paper trail - honestly I think it works well)
all it would take is one person saying their printed ballot does not match their specific selection, and the whole thing would become chaos.
Only if the scantron shows that each position on the ballot was counted and the voter is not allowed to leave until the person monitoring the scan confirms with the voter their ballot was scanned would this give confidence. Any issues with the scan, and the voter is allowed to correct the issue. There should never be an issue of reading the ballot by the scanner as an acceptable outcome.
of course, all of this is assuming in person voting only
It might slow things down a little bit, but making sure that the machine can detect a vote for each race/question (even if it's just "Abstain") would make sure people didn't forget to fill out something and help prevent the fill-in-the-bubble equivalent of hanging chads.
Manually counting votes is so error prone that I'd have less confidence in it than a scantron type of ballot. At this point, I'm more in favor of giving each voter a ball/bead/chip to drop into a bucket for each position on the ballot. After checking in, you go to each position to receive your one token. If you don't visit a position, you do not get a token to pass to someone else. Tallying the votes could be as quick as weighing the bucket as the weight of the bucket/token will be known. Each election can change size/weight/color of tokens to be unique. If the weights total an irrational weight, it would be deemed suspect and a hand sort of the tokens can be done to find the odd token.
Balls/tokens aren't a bad idea either though, but it sounds like people pocketing a ball/token would force a manual count even if they kept them since the total weight of all buckets combined would be off. I'd also worry about people bringing in heavier or lighter balls/tokens but the bigger risk would be poll workers handing out heavier or lighter balls/tokens to specific people (or types of people) because it'd be easier to make sure the weights would add up in the end.
Maybe we could force everyone to vote at every position (which should have an abstain option) then have the machine check the weight of every ball/token as it was inserted, and verify that one but only one was inserted, before it fell into the selected bucket?
If efficiency is low enough to significantly affect turn out, you cannot trust the results.
> We should move back to paper voting.
Nowhere in the US is electronic voting used from what I know of. Estonia is the only country I know of that does internet voting, but my info could be out of date.
For example even in country with pervasive internet connectivity (99%) like in Netherland the voter turnout in 2024 is only 77%.
Security technology of trust management in the centralized voting system and architecture has already been solved and well understood, and now we are even moving into zero trust with multi-factor authentications.
All this while the venerable Kerberos has been around for decades with its secure derivatives, and its secure alternatives are numerous. For the more challenging fully distributed arguably has already been solved recently by blockchain, immutable data, etc.
This is the classic example is not that you can't (as claimed by the the article), but you won't. This is what political will is all about and since this is on political voting this lame attitude is kind of expected.
[1] Voter turnout of registered voters, 2024:
https://ourworldindata.org/grapher/voter-turnout-of-register...
I think that perhaps you meant to say that the easiest thing about public elections to undermine is trust. You don't need to actually hack the ballots, send in fake electors, or any other actively nefarious stuff. Just undermine people's "trust" in elections (ironically by talking about how important that "trust" is), and voila, you've done much more harm to an election process than anything we have actual evidence for.
In the 2026 election, only 1.3% of voters were registered in jurisdictions that use direct-recording electronic machines without a voter verifiable paper audit trail (https://verifiedvoting.org/verifier/#mode/navigate/map/voteE...). 67.8% of voters are registered in precincts that primarily use hand-marked ballots, and the balance mostly use BMDs to generate premarked ballots.
It looks like a paper document intended for a human, and it certainly can be. A machine can also read it. (And does, prior to it being cast: the ballot is deposited into what honestly looks like a trashcan whose lid is a machine. It could presumably keep a tally, though IDK if it does. It does seem to validate the ballot, as it has false-negative rejected me before.)
But now the "paper trail" is exactly what I submit; it's not a copy that I need to verify is actually a copy, what is submitted it my vote, directly.
Why should you be forced to trust that what you're shown is also what was being counted? The paper record should be the actual ballot itself, with your actual vote on it.
I agree with you on local elections - electronic voting is good enough for town or even state level elections. The stakes are dramatically lower.
That makes software really unsuitable.
That is a feature, not a problem to be solved. It means that there are tens of thousands of eyes that can spot things going wrong at every level.
Any effort to make voting simpler and more efficient reduces the number of people directly involved in the system. Efficiency is a problem even if the system is perfectly secure in a technological sense.
But I what is written over and over is more on the lines of "I don't trust the process". I cannot blame anyone for not trusting Internet voting: I am a professional SWE, and it would be impossible for me to establish that any such system isn't pwned. Too much code to audit, hardware that's impossible to audit. But it's pretty trivial to demonstrate to the layperson how paper voting works, and how poll observers can prevent that process from being subverted.
However, those are in the context of whatever political system they're in. No level of efficient election design is going to put a dent in the fact that California loves direct-elected downballot offices (e.g., treasurer, controller, insurance commissioner, state judges, local judges, etc.) and referenda, which all result in super long and complicated ballots with 50+ questions each.
You get text messages each step of the process too. “Your ballot has been mailed”/“your ballot has been delivered”/“your ballot has been received”/“your ballot has been counted - thanks for voting”.
Why are so many people convinced we don’t use paper ballots? Disinformation?
Also, even with paper ballots hand counted people aren't suddenly going to trust elections, at least not some people I know. I had someone say that hundreds of thousands of illegal immigrants voted in the last election. That obviously didn't happen and there's already controls to stop that from happening but that didn't stop them from believing it. It's one of the issues with the conspiratorial thinking, it's durable even in the face of overwhelming evidence.
To expand on that a bit: I've only found their preferred candidate winning to be a long term convincing argument to them (and even then they still will be suspicious). The scenarios I've heard aren't even possible in the current system but they don't trust the election system as a whole so there's no control they would be satisfied with. Even if they personally counted the paper ballots themselves they would just say the ballots were switched out before they got them. Obviously not everyone who doesn't trust elections is like this but I know a lot of people like this.
Mail-in voting enabled citizens who otherwise simply couldn't vote, to vote. Citizens who, more often than not, were from already disadvantaged backgrounds.
There is really nothing we can do to satisfy these people except create some kind of structure they demand which will somehow be made to heavily lean in their favor. That is what will satisfy them. Nothing else will.
Voter registry is used to generate traceable but anonymous keys
Used when voting
Votes are electronically counted.
Voters can check their votes against the count
Third parties can check vote counts against the anonymized registry
The best paper record is the actual ballot you yourself marked and turned in. It shows exactly what the ballot said and it shows what your selection was. Counting of those ballots can take place in public, on camera to make sure that each vote gets counted correctly. No internet or computers needed.
I'm leaving out other measures and details, but you get the general idea.
I used to flirt with the idea of a digital voting system, but now I clearly see that it is a problem of scale. It's very difficult to interfere with an election at scale when many independent actors and parallel flows are in place. This is what provides the system with its trustworthiness.
However, I think fraud is moved elsewhere (with campaign funding, fake news, and other methods...), but that's a whole different topic
- How votes are cast
- How votes are counted
- How votes are custodied
In order for an election to be trusted, all three steps must be transparent and auditable.
Electronic voting makes all three steps almost absolutely opaque.
Here's how Mexico solves this. We may have many problems, but "people trust the vote count" is not one of them:
1. Everyone votes, on paper, in their local polling station. The polling station is manned by volunteers from the neighborhood, and all political parties have an observer at the station.
2. Once the polling station closes, votes are counted in the station, by the neighborhood volunteers, and the counts are observed by the political party observers.
3. Vote counts are then sent electronically to a central system. They are also written on paper and the paper is displayed outside the poll both for a week.
The central system does the total count, but the results from each poll station are downloadable (to verify that the net count matches), and every poll station's results are queryable (so any voter can compare the vote counts displayed on paper outside the station to the online results).
Because the counting is distributed, results are available night-of in most cases.
Elections like this can be gamed, but the gaming becomes an exercise in coercing people to vote counter to their preference, not "hacking" the system.
**
Edit: Some people are confused about what I mean by "coerced." Coerced in this case means "forced to vote in some way."
The typical way this is done is as follows:
- The "coercer" obtains a blank ballot (for example, by entering the ballot box and hiding the ballot away).
- The blank ballot is then filled out in some way outside the poll station.
- A person is given the pre-filled ballot and threatened to cast it, which they will prove by returning a blank ballot.
- Rinse and repeat.
This mode of cheating is called the "revolving door" for obvious reasons.
This characterization is reductive and basically a straw-man.
The principle underlying opposition to "counting in one day" is basically that every vote that is correctly placed in time should be counted, and as many people as possible should have access to voting. Mail-in voting, for example, has been shown to increase voter turnout by making voting more convenient, but you have the question of what to do with ballots that are received late. There are pretty good arguments for counting all mail-in ballots that are postmarked before the election, and I don't think "xenophobia" is among them.
In America specifically, all decisions relating to access to voting are considered against a backdrop of our widespread and systematic attempt to restrict voting. A modern example of this is related to wide disparity in the number of polling places, and therefore the amount of time required to vote, in "urban" regions of some southern states as compared to rural regions.
I have never heard of a racism-based opposition to paper ballots. I think you just made that up.
Make voting mandatory and on public holiday. Problem solved.
There are historical factors that contribute to those things you brought up. American minorities are disproportionately affected by things like limited hours, for example. You'd know that if you were an American POC.
I don't mean this as an ad hominem, but was this comment generated with AI or something?
(At the time of writing this comment there's a sibling claiming that the comment cannot possibly understand this POV because they are not "an American POC.")
Really, where? In the sibling comments (including mine) people are pointing out that those claims are specious.
Sure there is. ID checks make it impossible for people who don't have government-issued ID to vote, which is a lot of people; and furthermore ID checks don't actually improve election security. Same-day counting is impossible if you are going to count all mail-in votes that were sent before the deadline.
To be clear, I'm not saying that politicians aren't agitating for conditions that benefit them. That's there job. But I also believe in supporting access to voting and fair elections, and at least some of the politicians' arguments help achieve those ends.
Many of those tactics existed on a large scale in the South before the Voting Rights Act, and when the Supreme Court recently invalidated the Act, many have returned. For example, reducing voting locations in minority areas so people have to travel far and wait longer. Texas and possibly other states have criminalized errors in voter registration (iirc), making it dangerous to register voters. Georgia, and others, conducted a large-scale purge of voting rolls, requiring people to re-register. Requiring government-issued ID prevents many people from voting, often poor people and immigrants who lack what wealthier people are accustomed to. Florida's voters passed a ballot measure enabling ex-felons to vote; the Republicans added a law requiring full restitution to be paid (iirc) before they could vote, effectively canceling the ballot measure vote. And these days almost any Democratic victory is called fraud; remember the 2000 election, the lawsuits, riots, threats against ordinary citizens working on local election boards and on elections, etc.
Directly addressing the parent's claims: I've never heard of paper votes being called racism - could you share something with us? Calls to limit counting are often accompanied by calls to limit the voting period, invalidate votes received later (e.g., due to US mail delays), and calls to greatly restrict mail-in voting - all things that make it more difficult for people working two-three jobs.
The Democrats have their flaws; I've never seen them try to limit voting. That should be something everyone in the US - and in the world - agrees on: Do all we can to enable everyone to vote.
Why do either of these matter? If you assume paper voting in-person is secure, then there is zero reason to also limit the time spent counting or the time window for counting. Anything past that point is clearly trying to fill some sort of agenda for the sake of disenfranchising people who cannot adhere to the times you're trying to set.
Why would you want that?
Surely what you want is to enable everyone to vote, and then to count all the votes?
In the UK where I have most experience of this stuff, there are many, many small polling stations, and usually you just walk right in and vote without queueing. The longest I ever had to wait to vote was about 30 minutes. Votes are counted locally and results usually declared within a handful of hours. Some take longer due to recounts etc if the tally is very close in a certain area, but the whole thing is pretty uncontroversial and pretty low-effort.
Here in Australia, voting is compulsory, it's always on a Saturday, and there's usually a charity sausage-sizzle at the polling place, it's sorta fun. And again, AFAICT (I'm not a citizen yet) the infrastructure is over-provisioned so people aren't waiting around forever.
From what I hear about the US, in some places voting can take hours, it seems like the number of polling places is deliberately limited to make it hard for people to vote, and you have those weird/horrible rules cropping up like it being illegal to hand out water to people in line, which seems purely designed to discourage electoral participation. And then you have all these calls to stop the count after a certain time etc.
It's deeply weird from an outside perspective. If counts are taking too long, if people are having trouble voting, provision more... but of course it seems clear that there are motives for underprovisioning, because one or other group thinks it will benefit them.
1. Everyone votes on paper.
2. An electronic tallying machine tallies the vote.
3. Vote counts are sent to a central system, IDK if it's electronic or not.
4. Candidates can challenge and start a hand recount at anytime.
I think this combo is pretty close to the ideal. The actual ballots are easy to audit. Discrepancies can be challenged. And the machine doing the tallying isn't connected to the internet, it's just a counting tool that gets the job done fast.
For people with disabilities, poll workers can come in and help with the vote.
We're not willing to do that. No modern democracy has public ballots. The reason is simple: secret ballots make it effectively impossible to buy votes, as there's no way to prove how any person actually voted.
If that's gaming the system, what even is the point of voting?
Good point. Let's just get rid of voting and go back to "divine right of kings", at least until they develop a cure for human gullibility.
This may be a bit tinfoil hatty of me, but I think the whole anti-woke thing is a ploy to interfere with that kind of education.
But I could make the argument with any high trust internet system.
Let's take another high trust activity we do on the internet - banking. Internet banking gives a hacker the ability to steal millions while sitting across the world. This is the same argument the authors make about changing a million votes.
So it really comes down to the pros vs cons. That's the more important discussion imo.
Do the benefits of internet voting outweigh the cons?
At best you might be able to scam someone into sending you a few hundred dollars via Zelle. Some scam centers do this 24/7, but it isn’t that easy, and apparently they rely on human trafficking to acquire free labor.
The complex systems backing internet banking (including the people and processes) are immense in scale. They evolved over decades and were honed and improved as real problems occurred. Needless to say, there is no room for iterative trial and error in elections.
If you hack the bank you get very little, at least today. If you hack an election you get everything. No thanks. No to electronic voting.
Bank fraud happens all of the time and at scale. However, it is entirely insurable and reversible.
Election fraud is not reversible. Trust cannot be restored in the way that a bank account can.
Yeah see this is where I thought this was going.
Phones can be insecure, but in aggregate they are secure enough for literally every other component of life to be conducted on them.
>Malware (or insiders) at the server can change votes. Internet servers are constantly being hacked from all over the world, often with serious results.
Again, great point. Accepting this point will the government erase all the private identifiable data it has collected on me from its systems? Probably not, because they have made a cost/benefit analysis that suggests the risk is middling compared to the reward.
>Malware at the county election office can change votes (in those systems where the internet ballots are printed in the county office for scanning). County election computers are not more secure than other government or commercial servers, which are regularly hacked with disastrous results.
This seems like a weird seppo thing.
Currently the risk of an election being seen as fraudulent is high, and the reward of online voting is low.
But we dont have to conceptualise the modern boring election when we look at online elections. We can look at alternative models, closer to real time use and other gains that tip things back in its favor.
Actually the biggest issue I see with online democracy is apathy and minimum quorum sizes.
This can easily solved be done via letting people forge receipts. Then anyone can forge a vote to give to someone offering to buy them.
The receipt is in fact the best part of such systems as with paper voting it is impossible to verify if your ballot was counted or if it got "lost."
You can't forge a new ballot, because ballot IDs are necessarily public, and are cryptographically tied to a voter ID in order to ensure votes are valid and that everybody only votes once.
But it seems like nothing is stopping you from looking up ballots at random until you find the votes you want, and then claiming that was your vote. And if someone else got paid for the same one, then claim they're the one lying, not you?
Our livelihoods are increasingly (almost entirely) digital and endure great efforts to abuse. But banking and/or retail operate on a different spectrum. For one they make money. The costs associated allowing their business online may never make sense for a non-profit based activity like voting.
Do we have any examples of internet activity as tempting to infiltrate/pervert that is secure and doesn’t extract value?
Anyways it seems greater damage will be done before we even reach a provably secure system. So paper/pencil voting would be better.
But fear not - even if we abolish voting machines we aren’t out of the hole just yet. We have good company with concepts like Citizens United as well as activities like sweepstakes that try to sway the populace to throw away a vote for a chance at a million. Illegal - sure - but that won’t stop the ostensible infinitely wealthy from enduring a slap on the wrist - or more appropriately a verbal reprimand (which is all that happened last time) for their part in electioneering. And if that didn’t work we have an onslaught of reAlIty and bots that poison our conversations in order to form our world views.
I’m jaded. I’m overly pessimistic. I’ll go now.
I'm a professor in Georgia Tech's CS dept that works on problems related to security, privacy, and public policy. (CV: https://mikespecter.com/)
Happy to answer any questions you all have.
Actually, Benaloh's challenge also does not offer receipt freeness. The adversarial strategy in such a model is to outsource the challenger itself in a hash function which decides whether to accept or discard the vote. It may look impractical at first, but one can build an app that could do that efficiently.
It can be said that all existing end-to-end verifiable remote e-voting systems compromise individual verifiability when reconciling it with receipt-freeness by introducing an assumption about the hardware-based protection of voters' secrets. If they leak or are predetermined by a corrupt vendor implementation, the malware on the voter's client can manipulate the vote at submission, and the adversary later fakes verification for the voter by exploiting that knowledge.
Still, I believe it's a solvable problem which needs more attention. Bingo evoting system is almost there, for instance, with verifiably random generated trackers, but needs a voting booth with a Bingo machine taken at home.
Tom Scott: Why Electronic Voting Is Still A Bad Idea https://youtu.be/LkH2r-sNjQs
Sure, there are ways to cheat with paper votes too. But counting paper ballots should always be open to watch for voters interested in observing the process. And voting should be done in secret, disallowing photos, to make it hard to "prove" the vote to possible buyers.
This is just an attempt at control using the majority of cases that most websites and applications are insecure. If enough effort and time is invested of course we can create a fairly robust and secure voting system.
Hackers get into people's bank accounts, medical records, etc. all the time. We know that these systems are massively insecure. Also, none of those things are kept secret from everyone involved. Your bank gets to know how much you paid for something. Your doctor gets to know what your xray showed. The judge can see what court documents you filed. There are a lot of eyes on that data and trails to catch problems. Nobody is allowed to know how you vote. It's a very different problem than the online submission of bank transactions and court records.
There are also robust systems for correcting the record when something goes wrong. Sadly still not enough in place to protect the people whose data gets stolen or leaked, but that's another topic.
We use the internet for too much, more systems should be airgapped. It’s a miracle that there hasn’t been a tragedy yet from a hack of critical infrastructure. Even things like water treatment and energy systems can be vulnerable: https://www.cnbc.com/2024/10/08/american-water-largest-us-wa...
Voting is a uniquely hard process, where most kinds of validation are actually attacks.
No one (including yourself) can be allowed to look up how you voted later.
Then our voting systems could be electronic, secure, open, verifiable, and mostly private; assuming effective oversight / this organization does not issue fraudulent tokens or leak keys or identities (big assumption, but I don't think it's impossible.)
Maybe this isn't what you meant by verifiable, but there are systems with this property and they are bad.
They can force you to show them a ballot, the idea is that all ballot ID's get made public. You could be showing them anybody's and they'll never have any way of knowing.
I think that's fine and the best we can do, but the person I replied to said you can verify your vote is tallied correctly. That implies checking what the actual vote was.
(However you would verify your vote, imagine the person who is coercing you is just standing over your shoulder with threat of force. An example might be an abusive husband who does not want to allow their wife to vote freely/against him. A briber might simply force you to allow them to look over your shoulder before they'll pay you off.)
Vs. paper ballots in a polling place: a coercer would not be permitted in the poll booth with me. I get to vote, and when I leave, … I can tell them whatever, but it does not need to match my vote. It utterly defeats bribery, as the briber has no way to verify that I'm doing what they way.
This is an edge cases which could be made illegal. If someone forces someone else to vote you could hang them.
Another reason (besides what I mentioned in another post below) why such a secure system will never see the light, even if we can technically build it, is that the average person will start to question: why do we still need to vote for representatives if we have such a system in place? Can't we as citizens vote directly on bills/acts? Which makes sense since the current system was designed before all these tech and connectivity.
Steelmanning: They're putting the effort in so we don't have to. Either they find a way and it'll be awesome, or at some point they become an object lesson.
edit: Or third path: They muddle along just well enough with a system that can't work in theory, but ends up nearly working in practice, stochastically? (see also: email, wikipedia, or a hundred other broken things that can't possibly work but are still hanging on. )
A single compromise once can have incredibly bad long term consequences for the majority of a ruling elite gain power indefinitely.
It seems like pen and paper is currently the best verifiable and immutable voting approach.
That's why we have checksums. We've used computing to put people on different astronomical bodies. There is a way, but it comes with a huge cost. Cryptocurrency strongly hints towards a way to make internet voting viable.
> It seems like pen and paper is currently the best verifiable and immutable voting approach.
The simplest answer is usually the best, but then you shouldn't constrain voting to a single day otherwise it disadvantages large swaths of the population.
* “internet voting is insecure”
who wins?
Internet money needs to be the opposite, and reversible through the courts.
Why? Honestly Internet voting would improve overall turnout, which seems more important. And we probably could accomplish anonymity with some clever cryptography.
That is why you typically show id, get a ballot and there is no relationship between the two.
And we could use cryptography to vote anonymously after authentication online.
You go into the voting booth alone.
It is an unsolvable problem for mail in voting, which is why it should be prohibited in most cases.
Double envelope systems, observable counting systems and standardized ballots that can checked for non uniqueness before voting are how they do it.
People have thought hard about this, and it has worked fine for may states for decades now.
One local scammer made off with a $5m government refund for a fraudulent business tax filing. You can't make this stuff up if you tried...
At some point, one is just amazed at the size of the cons people pull online. =3
Without saying too much about my home country I believe it's doable.
Fine. But by that standard, in a world where someone can bring their phone or AI glasses into the voting booth to record the whole voting process, how can any voting system be deemed secure? Anyone can show anyone else how they voted.
You can record a picture of a ballot and then spoil it and things like that.
This article is right about secret internet voting: it’s fundamentally incompatible with unsupervised devices and global networks. But secrecy is the constraint that breaks everything.
If you instead require public, verifiable voting, most of the "unsolved" problems disappear. The core requirement becomes: everyone can independently verify inclusion and correct tallying.
That’s where blockchains are a genuine game-changer: - They provide a public, append-only, tamper-evident system of record.
- Anyone can recompute the tally from first principles — no trusted servers, no “checker apps,” no special dispute resolution.
- Server compromise or insider attacks stop being catastrophic; fraud becomes immediately visible rather than silently scalable.
- Malware can still affect an individual’s vote, but it can’t secretly change the election at scale — the main failure mode highlighted in this post.
If trust is the goal, opacity is the wrong primitive. The secret ballot is mistaken path solving a non existent and purely theoretical problem of vote buying.
In a world where we expect everything to be easily accessible, the hardships placed by all the steps required to vote (registration, confirming residency location, waiting in line for polling booth) is seriously impacting voter participation. We need to get with the times and modernize this voting infrastructure.
[1] https://www.usenix.org/conference/usenixsecurity20/presentat... [2] https://academic.oup.com/cybersecurity/article/7/1/tyaa025/6...
Many countries do exactly that, sometimes with a few exceptions (ex: expats, disabilities, ...).
One problem with internet voting that does not apply to money is the "receipt-free" aspect. That is, a voter should not be able to prove that he voted for a particular candidate, as it would allow for vote buying, threats, etc... And it is a hard problem. With money transactions, you generally want the opposite, which is an easier problem.
* It does apply to most other internet systems.
* Things like banking fraud can be detected and remedied. Election fraud is much harder to detect and even harder to remedy.
* Voting requires anonymity. Most internet systems are not anonymous: you are identified by your IP address at the very least.
There's absolutely no justification (or excuse) for anything else.
It is much better to have less votes than to allow any avenues for manufacturing the results.
if we assume the user connection is secure (ie, about as secure as banking), can we have secure internet voting?
Here is the thing you are missing. With Internet voting we can have votes way more often. Limiting the damage caused by fraud. Yeah you could have malware on your phone that changes your inputs to a sandboxed voting app, and the malware also tracks your real votes so when you request an audit it shows you what you actually voted for. In reality that is extremely difficult to pull off over a long period of time.
I don't care about any of the names on the list, as far as I'm concerned they are missing the forest for the trees.
* records last > 500 years with no electricity . corruption is obvious at first glance. ( bad records don't appear to be good).
* counting is easily distributed by number of workers
* readily visually inspected with no special tools . ideal for auditing
* records stay in order at rest.
* easy to detect & protect against tampering
* easy to train new users . CRUD tooling costs pennies per operator
* cheaper to scale writes & reads
TCO and risk-assessment for paper records exceeds digital on nearly every measure.
1. People vote on paper ballots by filling in an oval next the candidate they wish to vote for. They fill the oval with a marker provided by the election officials.
2. These ballots can be counted by hand, but they can also be counted by optical scan machines to get fast results. Optical scan machines do not have to be computerized--they have been around since the 1950s long before there were computers small enough and/or cheap enough to use for this. No computer means no software to get hacked.
Almost half of registered voters live in districts that already use that kind of ballot and already count it with optical scan machines.
3. By the use of some nifty chemistry and some clever cryptography an end-to-end auditable voting system can be overlayed on this.
End-to-end auditable voting systems (also called end-to-end voter verifiable systems) have these properties:
• Individuals can verify that their ballot was included in the final count and they vote was attributed correctly.
• Any third party can verify that the ballots were counted correctly. The candidates, the parties, news organization, civil rights groups, and anyone else can check.
• Voters cannot prove to third parties who they voted for. This is called coercion-resistance.
Here is such a system, developed by several well known cryptographers including David Chaum and Ron Rivest [1]. Here's a paper in HTML with the details [2]. Here's a PDF of that paper [3]. Here's a paper showing that it is coercion-resistant.
This is compatible with existing optical scan machines, so the places already using them don't need new machines.
The magic happens in printing the ballots. Inside each oval they print a code in a special invisible ink. When the special marker provided by the election officials is used to fill in the oval that code becomes visible.
If you want to be able to later verify that your particular vote was included and counted correctly you memorize or write down that code. If you don't care about this you can ignore it.
After the voting is done officials can publish all the codes that were revealed and voters can check to make sure their code was included. They officials publish other information that through the use of clever cryptographic techniques allows anyone to use the published codes to verify the totals for all the candidates without revealing the mapping from codes to candidates.
This gives us all the good points of paper systems that can be hand counted, plus fast machine counting that can be done with simple single purpose machines that have no software to be hacked, yet with the kind of end-to-end auditing that usually requires computerized voting systems to achieve. And it is inexpensive to implement and operate.
[1] https://en.wikipedia.org/wiki/Scantegrity
[2] https://www.usenix.org/legacy/event/evt08/tech/full_papers/c...
[3] https://www.usenix.org/legacy/event/evt08/tech/full_papers/c...
Solution: the basic unit (paper ballot in this case) can be understood by any adult with basic education, which means anyone can detect cheating, not just a technical wizard. The only skill you need is reading.
Give me a solution that follows the same principle and I'd consider it.
Nobody cares about results coming faster except journalists that have to fill 2-3 TV hours with nonsense until there's some numbers.
No engineer that's worth of the title would advocate for electronic voting -- unless they're in the business of selling electronic voting. See the Premise.
There must always be a paper trail and a blockchain ledger provides the most reliable and secure means to maintain integrity.
How comes the democrats try to block every single voter ID act? Sounds to me there's something to hide.
There has also been some very shady counting happening in 2020: where during the last hours suddenly 100% of the votes coming in in some states where all for Biden.
Note that Trump, in his speech today in 2026 at Davos, said that the 2020 were rigged and that prosecution was coming (he then added something like: "oops that was a secret, well now it's not a secret anymore").
I'd add that, in my opinion, bringing in millions of illegals then trying to regularize them and allow them to vote is also a form of election rigging, even if it's legal.
This is essentially (esp. once combined with the rest of your comment) misinformation: fraudulent voting by non-citizens effectively doesn't occur[1]. To sum it up,
> A Brennan Center for Justice study of 2016 data from 42 jurisdictions found an estimated 30 incidents of suspected noncitizen voting out of 23.5 million votes cast (or .0001% of votes).
I.e., a rounding error.
> How comes the democrats try to block every single voter ID act? Sounds to me there's something to hide.
Generally, the counter argument is that further requirements stifle voters, while not solving any real problem, since the above concern is not backed by actual facts demonstrating it to be a valid concern.
> There has also been some very shady counting happening in 2020: where during the last hours suddenly 100% of the votes coming in in some states where all for Biden.
You're assuming the vote is uniform, and it's pretty trivial to show it's not; look at any vote-by-county map, and you'll see urban centers are far more Democrat heavy. Expecting the tallying to then be uniform is illogical.
> Note that Trump, […], said
His words are beyond bereft of trust[2].
> I'd add that, in my opinion, bringing in millions of illegals then trying to regularize them and allow them to vote is also a form of election rigging, even if it's legal.
[citation needed], but this isn't a thing. No jurisdiction I know of permits non-naturalized immigrants, legal or otherwise, to register to vote. If they've been naturalized, voting is their right, same as it is mine.
[1]: https://en.wikipedia.org/wiki/Electoral_fraud_in_the_United_...
[2]: https://en.wikipedia.org/wiki/False_or_misleading_statements...
See, here we always had issues with corruption, and thats why we had to implement it.
The thing is that we always had major issues at the city level elections, because many small groups dominate different regions, and they just controlled the election officials, influenced voters, disappeared with ballot bags, and did all types of crazy stuff. It was pretty common at the eighties exchange votes for gas, dentures or even tubal ligation.
For all this reasons, a specific voting registry was created in 1985, and an electronic voting machine was used for the first time in municipal elections in 1995. This solved most issues, and elections started to be a lot easier, there was A LOT of confusion in the past. After it was available in all cities in the country, they started to do national elections.
The main idea here is that this is a government endeavour, not a private company. There are so many security layers that I think that only another external government actor would have resources to attack it.
These machines have special hardware, the encryption keys are loaded at the election day by the government, the machines are there only for the 8 hours of voting, then came back to a government deposit, they account for every machine, they are audited before and after, they randomly choose the election officials, the machine prints a receipt for the voter and the stats of votes of that machine. Each person has an election location and room/machine, so schools are used. If a machine has problems, they have to on the fly generate new keys for a substitution. In 2024 they used 570.000 machines at the election.
When the election day finishes, they place at the door of the room the machine receipts, so any ONG or international organization can verify. After it they take the machine to a central place where they connect to them and trasmit the data, and in one hour we know the president. During these decades we had presidents from the right and from the left, and all cities and states, so you can say it works just by seeing all this power cycling all the time.
I agree with the article in the sense that we need paper confirmation, and that we cannot trust the voter machine, but I think Brazil solved this by making sure to control the machine, and printing receipts and making then available to any public organization.
I particularly think that only one thing is missing in this technology, technically speaking, I would like to have a personal key with an ecc key created by me, that would allow me to insert this card when voting, so it would encrypt my vote, store and send to the server, so I could, using my card (even online) check for my voting history, connecting all the endpoints. It is still anonymous, but verifiable by me.
More information here: https://international.tse.jus.br/en/electronic-ballot-box/pr...
It's bullshit, we don't control anything. Our voting machines are Linux computers that never survived a public auditing, so the government stopped let the public audit them.
If either China or the US decided to seriously invest into corrupting the hardware, it would be a several years long process but would actually cost less than our presidential campaigns. There are probably several ways to corrupt the machines software without anybody noticing (it a Linux PC, full of opaque firmware), that we won't know about because the details aren't public.
Without a paper confirmation that we could audit, nobody can't claim it's working. What would expect the results to be if it was compromised?
Entities can register to see the source code in a controlled room. In 2024 for example the party União Brasil checked the code.
In 2025 during the official audit 149 entities registered to check the code and attack the machine. Universities, ONGs, political parties, etc.
Please check you facts before posting what you think
Reference: https://www.tse.jus.br/comunicacao/noticias/2025/Dezembro/te...
Some of the attacks performed: https://www.tse.jus.br/eleicoes/arquivos/relatorio-parcial-d...
One thing I agree with you. It would require another big country effort to break it.
The idea that a malware could be on a phone “altering things automatically” feels like a 90s FUD cliche. If an online voting system existed, it won't be like a poll that you see on Twitter, for instance; it will be far more involved. For example, we can have blockchain as the network, and not just transparent to all, but even after you vote you can still check your vote and see if it was potentially altered, and a proper electronic chain of custody can also ensure that the vote was counted per the process, and all of that is visible to anyone who would like to check and even count ALL the votes yourself, again, just like how transparent blockchain is.
And saying paper voting is more secure isn't true at all, because these votes will be counted electronically at some point, either by a machine or just a simple Excel sheet, opening the same risks as the previous one except here, if it would happen, you will never know and you as a voter can't trace the vote from when you voted all the way until it was counted. The voting process should be designed in a way with zero trust in mind, just like how secure systems are designed now, like storage, encryption, vpn, etc., and voting should too.
I personally believe that we can build a very secure, robust, and trustworthy system that can be used for voting online, but I think no one wants that for all sorts of political purposes, either by actually altering the results that could go unnoticed, or at least keeping the window open to blame the results on a faulty system.
"The internet isn't secure enough to trust for voting" could be generalized to
"The internet isn't secure enough to trust for _____" just a reasonably as it could be to
"______ isn't secure enough to trust for voting" as most of the other commenters have chosen to do.
The fact that one of the generalizations is more popular doesn't make the other wrong, and addressing both (as, say, the GP or people talking about internet banking do) adds both depth and breadth to the discussion.
I would love to go back to paper elections, even with all its problems (hanging chads anyone?). Let's make attack scaling as difficult as possible.