There is an interesting article on LWN about Free Software and voting: https://lwn.net/Articles/797557/
Several commenters argued that electronic voting itself should not be done. E.g. one of the first commenters (Roberto) wrote that:
It is indeed pretty sad to see that in 2019 we still need to explain, again and again, why electronic voting is not feasible. I have been involved in public debate about electronic voting since the early 2000, when it was unfortunately introduced in France. Here is a recent summary of the key points, in English, that should make a nice reading.
http://www.dicosmo.org/MyOpinions/index.php?post/2016/02/25/A-rule-of-thumb-...
Do you agree with this criticism or what do you think about that topic?
Best regards, Matthias
PS: Btw. there was also a good episode of John Oliver explaining this to a broader audience: $youtube-dl https://www.youtube.com/watch?v=svEuG_ekNT0
[[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
I am against using computers to enter votes. See stallman.org/evoting.html.
We used to have a GNU package, GNU FREE, for holding elections. We decided, the developer and I, to withdraw it because software should not be used for that purpose.
Hi Richard,
On 06.11.19 04:33, Richard Stallman wrote:
I am against using computers to enter votes. See stallman.org/evoting.html.
We used to have a GNU package, GNU FREE, for holding elections. We decided, the developer and I, to withdraw it because software should not be used for that purpose.
As I did see no mention of it on your page, did you consider the Debian voting process?
Best Michael
[[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
We used to have a GNU package, GNU FREE, for holding elections. We decided, the developer and I, to withdraw it because software should not be used for that purpose.
As I did see no mention of it on your page, did you consider the Debian voting process?
I should explain that I have been talking about government elections for public office and referenda. Everything I have said here about voting applies to those elections.
I don't know how Debian handles elections, but voting in a private organization is a different issue from public elections.
Hi Richard,
Richard Stallman rms@gnu.org writes:
I am against using computers to enter votes. See stallman.org/evoting.html.
I agree completely. Voting computers violate basic principles of elections by making vote counting completely intransparent. That is something that John Oliver (as much as I like him) fails to mention altogether. I am glad voting machines have been deemed unconstitutional in Germany. I hope other countries will follow suit. It also makes financial sense because counting paper votes is way cheaper than machines that need to be replaced every couple of years.
We used to have a GNU package, GNU FREE, for holding elections. We decided, the developer and I, to withdraw it because software should not be used for that purpose.
I think such a tool could be useful for within organizations or in case where the stakes are lower than in a political election. There may be cases where the convenience of voting online may be more important than complete transparency.
Happy hacking! Florian
[[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
I think such a tool could be useful for within organizations or in case where the stakes are lower than in a political election.
I agree. However, in those cases the job may be easy. Votes wihtin a fairly small organization don't need the same sort of care that public elections require. Indeed, a secret ballot may not be needed, The secret ballow is what makes the public elections difficult.
Le 05/11/2019 à 08:55, Matthias Kirschner a écrit :
Do you agree with this criticism or what do you think about that topic?
Hi, this is Roberto Di Cosmo, one of the oldest and most important free computing activists in Europe. I'd like to read its book « Technologie et Marché : journal d'un consommateur insatisfait ».
A few months ago, I attended https://www.agendadulibre.org/events/19086. The activist presented us a solution that could almost work. It would need that every voter had a couple of public/private key and a very specific workflow.
But anyway, another problem is: should we still act like if elections had the effects our dictators say they have? In the same family of events in Paris area, the subject is more and more on the table, especially around the question of the liberty deputies really have, or, more realistically, don't have. One of the main talk is, in french: https://numaparis.ubicast.tv/videos/isa-attard-hacker-le-parlement/
I attend another talk from her(she's a former deputy and disgusted) two days ago, she said that telling people that voting has effect is a lie.
I'd like to make a Webpage with all these talks in chronological order, to show the growing of the reflexions on the subject as time runs(and why not an offline archive in the same order). And for a lot of others things but have so much other things to do... and it's very much data to store...
One of the argument in the event 19086 was that electronic voting would improve democracy by enabling others types of votes counts, better than the "majority in two turns" one.
Hi Stephane,
On 06.11.19 09:50, Stephane Ascoet wrote:
Le 05/11/2019 à 08:55, Matthias Kirschner a écrit :
Do you agree with this criticism or what do you think about that topic?
Hi, this is Roberto Di Cosmo, one of the oldest and most important free computing activists in Europe. I'd like to read its book « Technologie et Marché : journal d'un consommateur insatisfait ».
A few months ago, I attended https://www.agendadulibre.org/events/19086. The activist presented us a solution that could almost work. It would need that every voter had a couple of public/private key and a very specific workflow.
But anyway, another problem is: should we still act like if elections had the effects our dictators say they have?
Please, that is another discussion entirely.
Michael
For "real" political elections, the increased risk of manipulation (and the increased ease in hiding it), will always overcome any advantage which electronic voting might provide. For all the rest, it depends on the threat model: "cui prodest?" Who could have enough of an incentive to spend time, money and effort in manipulating any specific vote? For real political election the answer is always "a lot of people", so there is no reason to ever allow electronic voting for those.
Hi Bruno,
bruno@tracciabi.li writes:
For all the rest, it depends on the threat model: "cui prodest?" Who could have enough of an incentive to spend time, money and effort in manipulating any specific vote? For real political election the answer is always "a lot of people", so there is no reason to ever allow electronic voting for those.
I agree that manipulation is a real threat that should also rule out voting machines. However, manipulation is not the only issue with voting machines and one important question around election systems is always "How difficult is it for voter to understand?". That can be a reason not to use a voting system, even on paper, that avoids certain defects, but most people may not understand properly. The same is true for electronic voting: While anyone can check if a ballot box is empty in the morning, is sealed properly, and can then watch the vote count, only a few experts can understand what a voting machine does and even they need access to the hardware, and ideally to the source code.
Happy hacking! Florian
I am spending most of my activistic time between free software and the fighst against attempt to introduce e-voting in Italy.
I'm definitively against e-voting and free software can't really help.
For anyone willing to join our Italian group fighting by policy lobbying, media monitoring and participation, lecturing to fight any politician proposal (happening every 6-9 months), please join us at https://crvd.org .
Fabio
On 05/11/2019 08:55, Matthias Kirschner wrote:
There is an interesting article on LWN about Free Software and voting: https://lwn.net/Articles/797557/
Several commenters argued that electronic voting itself should not be done. E.g. one of the first commenters (Roberto) wrote that:
It is indeed pretty sad to see that in 2019 we still need to explain, again and again, why electronic voting is not feasible. I have been involved in public debate about electronic voting since the early 2000, when it was unfortunately introduced in France. Here is a recent summary of the key points, in English, that should make a nice reading.
http://www.dicosmo.org/MyOpinions/index.php?post/2016/02/25/A-rule-of-thumb-...
Do you agree with this criticism or what do you think about that topic?
Best regards, Matthias
PS: Btw. there was also a good episode of John Oliver explaining this to a broader audience: $youtube-dl https://www.youtube.com/watch?v=svEuG_ekNT0
Hi Matthias,
sorry for being late to the party.
On Tue, Nov 05, 2019 at 08:55:31AM +0100, Matthias Kirschner wrote:
Do you agree with this criticism or what do you think about that topic?
I wholeheartedly agree with any criticism of so-called electronic (in fact rather: software defined) voting.
In fact, I find it highly problematic not only in public elections, but I also find it very problematic for any kind of democratic voting even within "private" entities. I find it ridiculous that e.g. German political parties use electronic voting systems to elect their candidates. They even do that with "rented" equipment from service providers, including systems that uses insecure wireless protocols. What a nightmare.
Similar systems are used quite frequently for general assembly of NGOs as well as shareholder meetings up to the largest publicly traded companies.
Of course the question of how much of a problem computerized voting in private entities is depends on the type of entity. For some kind of company of whom I'm not a share holder, it may be less of (at least my) problem. But for political parties which nominate who will be on the list of people that I can then vote for in public elections? I would consider that quite problematic...
Luckily, in Germany we at least don't have to worry about voting computers in government / public elections anymore.
Some historical background, for those outside of Germany or who didn't witness the events ~ 10 years ago.
More than a decade ago, I was (an insignificant) part of a group at CCC that learned that in fact several German states had passed regulation to use "voting machines" (voting computers) in public elections. We then went to observe several elections and documented the way how the (back then NEDAP) voting computers were stored in insecure facilities (with tilted window overnight at the city council room where they were stored), etc.
Some other folks at CCC at the time then went on to port a chess program to the voting computer to defeat the argument by the manufacturer that this device is not a general-purpose computer but can only be used for counting votes.
The Dutch [hacker] initiative "wij vertrouwen stemcomputers niet" (http://wijvertrouwenstemcomputersniet.nl/English) had just done groundbreaking technical research against the same Nedap voting machines a year or so before.
At some point in a conversation with Till Jaeger (whom I met frequently around that time related to gpl-violations.org) that subject came up, and to him (like me) it was big news that this was actually already legal in Germany.
The rest of the story is history: The matter went to the German constitutional court. And much to the surprise of many (myself included) that constitutional court actually requested the CCC to prepare and provide (one of several) subject matter expert opinions.
In March 2009, the German constitutional court ruled that the use of voting machines in the 2005 federal German elections was unconstitutional. See https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/DE/200... and an English press release of the court at https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/EN/200... as well as an English translation of the court order at https://www.bundesverfassungsgericht.de/SharedDocs/Entscheidungen/EN/2009/03...
That case made by Ulrich Wieser (http://ulrichwiesner.de/index.html) represented by Prof. Dr. Ulrich Karpen and "our" Dr. Till Jaeger, de-facto removed the use of electronic/computerized voting from Germany, as the rules for federal elections propagate implicitly or explicitly down to other public elections.
Please note that the court didn't rule that computerized voting is outlawed. It just raised the bar extremely high, making it so hard that I see it practically impossible to ever build voting computers that comply with that high bar. The court basically states that the common voter must be able to reliably determine if his vote has been counted unfalsified alongside the entire chain of counting. The court stresses that this assessment/determination must be possible *without* the voter having special subject matter expertise. The court also states it is not possible for the voter to "delegate" that trust to some kind of government type approval of voting computers.
I perceived this ruling as an incredible victory int the continued fight for freedom of the German society, and I'll use this opportunity to thank everyone involved back then, from the many individual at the CCC to Ulrich Wiesner, Till Jaeger and last but not least the judges at the German federal constitutional court at that time.
Regards, Harald
One short follow-up.
Some people in the discussion have brought up the topic of the Debian voting mechanism. While I'm not familiar with its details, I think the situation here is extremely different:
In Debian elections, everyone eligible for a vote (I presume Debian developers) is a person highly skilled in information technology. In such an exceptional situation, a sufficiently simple and reasonably well-designed/verifiable (and Free Software) electronic/computerized voting system may be acceptable, as every voter can at least to some extent be expected to understand and reproduce the system of couting the votes.
But in pretty much any other election/vote, where voters aren't only reasonably skilled software developers I would argue it's impossible that every voter is able to understand the voting process and hence doesn't simply have to blindly trust the creators [or professional auditors] of the system.
Regards, Harald
On Fri, 15 Nov 2019, Harald Welte wrote:
In Debian elections, everyone eligible for a vote (I presume Debian developers) is a person highly skilled in information technology. In such an exceptional situation, a sufficiently simple and reasonably well-designed/verifiable (and Free Software) electronic/computerized voting system may be acceptable, as every voter can at least to some extent be expected to understand and reproduce the system of couting the votes.
Ironically the Debian voting system was used for years by very skilled IT people before a fatal flaw was found that completely broke the secrecy of the elections in 2012:
https://lists.debian.org/debian-devel/2012/04/msg00528.html
-Timo
Hi Harald,
Thank you very much for the detailed and very nice summary of what happened back then in Germany. It was indeed an important victory for democracy.
Harald Welte laforge@gnumonks.org writes:
In fact, I find it highly problematic not only in public elections, but I also find it very problematic for any kind of democratic voting even within "private" entities. I find it ridiculous that e.g. German political parties use electronic voting systems to elect their candidates.
[snip]
But for political parties which nominate who will be on the list of people that I can then vote for in public elections? I would consider that quite problematic...
The party doesn't even have to vote on their candidates, they could just nominate them if they wanted to, so I think whether or not they use voting computers is an internal matter.
Happy hacking! Florian
Because it is so relevant:
Tom Scott did a video about why electronic voting is (still) a bad idea: https://invidio.us/watch?v=LkH2r-sNjQs
Happy Hacking Paul
Le 10/12/2019 à 17:50, Paul Schaub a écrit :
Because it is so relevant:
Tom Scott did a video about why electronic voting is (still) a bad idea: https://invidio.us/watch?v=LkH2r-sNjQs
Hello, very interesting video indeed. The facts and questions are well explained.
But at the end I've been really surprised by the sort of integrated advertisment. This kind of making sort of ruins the possibility to widely share such a video, ending by promoting a not so free solution. What do you think ?
Michel Roche
Hi Michel,
Yeah, its really a shame that its becoming more and more a trend to plug advertisements at the end of a video (at least on the platform where this video was originally uploaded).
I agree that it ruins lots of potential of the video. However I think one can still learn a lot from it.
Paul
Le 10/12/2019 à 17:50, Paul Schaub a écrit :
Tom Scott did a video about why electronic voting is (still) a bad idea: https://invidio.us/watch?v=LkH2r-sNjQs
Hi, at the end he talks very quickly about the blockchain way, witch was the one explored in the conference https://www.agendadulibre.org/events/19086 I told you before. There was at least two flaws, I don't remember the first one. The second one was the lack of knowledge about keys and computing in general in the average voter person.
The Cambridge museum where the video takes place seems to be very interesting...
RMS said:
We used to have a GNU package, GNU FREE, for holding elections.
Dear Richard, could you write more about the purpose of this (former) package?
Hi,
Am Freitag 15 November 2019 12:24:49 schrieb Harald Welte:
I wholeheartedly agree with any criticism of so-called electronic (in fact rather: software defined) voting.
meanwhile there was another LWN article:
Cryptography and elections https://lwn.net/Articles/810465/ By Jake Edge, January 28, 2020
covering an LCA talk by Vanessa Teague with the take-away:
"Transparent and verifiable electronic elections are technically feasible, but for a variety of reasons, the techniques used are not actually viable for running most elections—and definitely not for remote voting."
In fact, I find it highly problematic not only in public elections, but I also find it very problematic for any kind of democratic voting even within "private" entities.
There is a company in Germany (sorry seems to be German only) https://www.polyas.de/online-wahlen/sicherheit they claim to have a Common-Criteria certification from the German Federal Office for Information Security, number BSI-CC-PP-0037-2008
From my experience the crypto expertise by the BSI is often fine and transparent. (Disclosure: my company has won several public tenders from the BSI in the last years - only doing work on Free Software). I've never looked into this certification.
Did some independent researchers take a look at Polyas' approaches already?
Regards, Bernhard