From the electoral code, rough translation: "Independent observers are allowed to verify whether the digital fingerprint of the system in the data centers matches the publicly announced one"
The more people insist such verification is possible, the less you should trust them, they don't understand the issues[1]. It might be possible to come up with some provably verifiable scheme but they are very sophisticated and revised often because people still come up with ways to skew them[2].
While I love Tom Scott's videos, Andrew Appel (CS Prof. at Princeton) has a much better explanation[1] of the history of voting and why electronic voting is a terrible idea.
We have hundreds of years of experience learning how to secure paper ballots. Complexity creates attack surface, and usually fails to provide all of the security features provided by a simple paper ballot that is hand counted in view of all parties.
A couple of examples from the first minute of the video:
- A ridiculous example of "electronic voting" is presented - voters download ballot papers, fill them, then email or fax them back. This obviously sucks in multiple ways. Therefore, all kinds of "electronic voting" must be broken.
- Physical voting is very old, therefore it must have become solid and tamper-proof by now. This is not true. Physical voting is vulnerable to all kinds of manipulations, and they do happen on large scales.
The wrong claims continue forward. Just because that dude sounds smart doesn't mean his clip has any value.
This "ridiculous" example is very real and famously practised to this day MASSIVELY in many countries [1]. It is the prime example of what most people understand as e-voting. He does address other types of voting as well later, including the "open-source bullet-proof machines".
The guy explicitly says physical voting can be compromised easily too, but it requires much more people and it will exhibit patterns such as location stats, violence or outbursts of whistleblowers and it is more or less contained unless the whole country is on it in which case - good for them anyway. While with e-voting, you could technically be a very small group of people and you can model your fake results to be statistically plausible much better with no patterns.
This video is a highly cited source on the issue, admittedly aimed at less educated viewers, but quite accurate. There have been no rebuttals since it was posted and there are serious computer scientists putting their name on it. If you want to write a substantial rebuttal, I am sure it will be huge news in the community.
Even the simplest verifiable voting system is so complicated normal people will be confused how to use it and take advantage of it.
Well this article throws a bunch of different things out there suggesting that, first, Bulgaria will adopt verified electronic voting, and second, that electronic voting is sound enough and ready for deployment. Both of these points are false or unclear at best. Then the blog seems to suggest there is some sort of middle ground between verified voting and non-verified voting and it's OK to make some half-assed step in this direction, which is exactly what the video warns against.
When people talk about electronic voting, typically this means the US-type of voting. And when someone talks about verifiable electronic voting, then they should start by making it clear that this is orders of magnitude more ambitious, it hasn't been deployed anywhere and Bulgaria will be the first country in the world to do it. This is a project of historical scale including the known practical difficulties with the current methods. It should not be advertised like a proven system working in EU and US like it is now. And like I said even if Bulgaria really adopts any sort of verifiable voting there will be so many confused people due to the nature of the process it will skew the results.
Finally, again as the video explains paper vote counting may not be perfect, but it does require more people to involved in the fraud. This is a very important point. Results are available per area and each party makes sure the sum makes sense at least from a small sample.
I would assume that the primary method is the same method that police use to match evidence gathered at a crime and evidence provided at a trial, ie trust. Independent observers is more of a safeguard, there to increase trust and make it riskier for a malicious actor to tamper with an election.
I don't see a way. However this would work:
The government machine counts, and prints coupons. These coupons are scanned on a second machine installed from GitHub. At the end of the day both machines print their total count on paper (otherwise we cannot grantee anonymity.) These 2 results are compared and passed along.
And then the only guaranteed way to ensure anonymity is to destroy the government machine. Less drastic would be wiping the HDD, but who says there is no hidden ROM ?
