"A major problem with the current voting paradigm is that the voting machines are privately owned. What kind of sense does it make for our voting infrastructure to be privately owned? This is insane because every time someone wants to inspect voting machines to ensure the results of an election, they’re rejected on the grounds that the software is proprietary."

- @zmitchell on lobste.rs

Unless every eligible voter gets a keypair, and voting is done through some form of anonymous-yet-verifiable scheme, voting should be done on paper. Computers don't actually work when you need them to.

(Even that has it's own set of problems, like finding a place to securely store keys, keys effectively being a national ID card which some people don't like, how to prevent someone from phishing votes, etc etc. Basically, just use paper.)


Generated list of unique IDs. Voter walks in, has identity verified, is given a paper with a QR code. Machine scans QR code, lets them vote, prints out paper with unique ID in barcode form, with additional barcoding on the voter's vote.

Additionally, a checksum is printed on the paper which is a result of the combination of unique ID, voter's vote, and time of vote. This must match what is present in the machine's record or the vote is discounted.

unique ID does not correlate to person

@brandon (I’m going to try to break your system, just for fun.)

So we generate a list of unique ids from voter registration. How do you assign them to people while having it be non-reversible? Hashes won’t work because lots of people have access to the voter registration database.

Voter ID can’t be verified because people in the US have no mandatory national ID. They basically just trust you.

@njha You don't assign the IDs to a person. It's either generated "on the fly" or pre-generated and the registered voter is marked as having voted by idk, putting a checkmark beside their name. The list of registered voters and list of IDs are never associated with each other and have no link

Voters don't have to present some form of ID such as a driver's license or birth certificate?

@brandon How about a timing attack to correlate voting and ID assignment to figure out who voted for who.

And yes, that's correct. en.wikipedia.org/wiki/Voter_ID


@njha Btw, I really like exercises like this 👌 Fun for the brain

Sign in to participate in the conversation

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.