Tom: "I trust that the device you're watching this video on is completely Malware free" Me: "I'm glad you do because I don't"

Me every other day: Yes Windows. I absolutely trust that software I just downloaded from a random webpage. Now shut up and run it with elevated privileges.

@@matteoalberghini3816 the word is "standard", that means only already discovered malware are being found, and new malware gets made all the time, exploting new security holes.

Any anti-virus software < Tech literacy, Even the most basic of hackers can beat an anti-virus. Anti Virus Programs mostly identify virus from a database of file checksums. If a file has the same checksum as something in the database it's a virus. If not it isn't, even if it is. All you have to do to change the checksums is use a program called an obfuscatetor which adds useless data to the file, which changes the checksum value, then use an existing virus that already exists, and boom you beat pretty much all existing anti-viruses.

@@ThatFadedAsian well, that is how they used to work (Yes, they still do, but not only). Now day they also analys behaivour of programs. Because of what you said. I uses Linux, so I have no problems with viruses. 😜 (of course not, but it still better then Windows, even though Linux isn't proytected from viruses, especially social viruses or viruses attacking web browsers).

It's so funny that every time you say "no one does that" it's exactly what the Brazilian system has done for 30 years

Actually not. Tom clearly didn't do any research, this video was based purely on his knowledge about technology, not on actual electronic voting systems.

I was going to say exactly that.

Danilo The code is not actually open to the general public. Even if it was, there would be the problem of checking if the code is proper on each machine, and also the dubiousness of the code that checks said machines.

Danilo Para derrubar uma árvore, você corta o tronco, não os galhos. Da mesma forma, a urna é o menos provável de sofrer um ataque, pois é muito difusa. O principal problema é onde se contabiliza todos os votos. Ainda assim, é muito improvável que haja fraude.

@@Rogi1198 improvável 🤨 coff coff

I've often heard people say, "You trust using the Internet to place orders for expensive merchandise. Why not for voting?" But there are major differences. The company has every incentive to process my order accurately. The people counting votes may or may not want an accurate count. If someone changed my order, either deliberately or by mistake, I'll know something went wrong when I get the wrong merchandise, and I'll complain and demand they fix it. If they count my vote wrong, will I even know? How can you have anonymity and also prove that your vote was miscounted?

If I was purchasing merchandise at prices comparable to the stakes of a general election, I'd be exceptionally wary of how the finances are processed. If I was spending a billion dollars on a painting for example, I'd probably only be willing to do so while in the same room as the painting and the people accepting payment for it. If I could, I'd find a means of physical payment such as gold, if not I'd ensure my trust is well-placed in the bank to cover the amount if something goes awry.

@@gallectee6032 that would kill anonymity

@@chriswarr641 Not if you make it anonymous.

@@gallectee6032 Genius! Now how do we know if the code is ours? How do we know it's actually tied back to our intended result?

As someone who does poll work in Canada, the paper ballots and all the record keeping we do makes it next to impossible to tamper with the vote. Even as poll supervisor it would be impossible for me to do without getting caught.

too bad not many canadians vote 😢

"I dont know how to do it. It's impossible" - Some dude after 12 min of being explained how it's possible.

@@AApyrofreakPaper voting. Nothing digital

@@AApyrofreak can u read?

Here in America, it doesn't matter if you get caught, if the party that has the most power favors what you do.

In Denmark, which has one of the most digitized infrastructures, I was given a piece of paper with some names and boxes and a pencil. Afterwards I folded the paper and placed it into a box. The box was in constant view by multiple election officials. Results were counted before sunrise the next day.

Yep as an Australian, the big question I have is “what is wrong with paper ballots?” Our elections generally are called within hours of closing. If there is a delay for recounts it is usually the postal votes which come in late that are to blame. A paper ballot is cheap, easy and doesn’t need improvement or refinement. Even if every issue with electronic voting was resolved I would still wonder why it was preferable let alone necessary.

@Alexander Löf In the Netherlands we just get a single ballot with all partylists and their candidates on them, and colour in a circle next to the candidate of our choice (vote goes primarily to the partylist that candidate is on, but also counts as a preferential vote for that candidate which may help them secure a seat they otherwise might not get). No need for seperate ballots that could give something away.

@@nienke7713 The reason for a ballot for every party is so that you don't need to write/colour in anything to vote for a specific party. You fold the ballot for the party you want and put it in the box. If you want to vote for specific candidates within a party, you pick another type of party ballot with candidate names on them and fill in a box. The thing is, most people don't vote for a specific candidate and only vote for the party as a whole (76.9% of total votes last election) and so it becomes much easier and effective to just fold the party ballot and you're done. Also, if you let people scribble and colour ballots it can cause trouble if it's a rather vague and poorly drawn circle, or it can be used to identify someone's vote. So I personally prefer the Swedish voting process with several voting ballots.

We do the same in Germany. The counting of the votes is also public and everyone can observe.

@@emilchandran546 Electronic voting being easy to count is a good plus, but far from the main reason people want it. The main reason is to increase voting accessibility and voter turnout. Probably not as hard in other countries but in the U.S. it's hard for people of lower-economic standing to go vote and there's also been a huge issue with getting newer generations to vote (heck, I missed last election). If I have to take time to drive down to a polling station and submit my vote, there's a low chance I'll do it/can do it, but if I can just take out my phone and go to some "secure" online voting platform and press a few buttons I'm almost guranteed to vote.

Even if software is open source ... Years ago a web site for programmers that I frequented at the time ran a contest: Submit a sample program to count votes that would bias the results but which looks valid to someone studying the code. The winning entry relied on a buffer overflow in a C program, for those who understand what that means. The point is, cheating software doesn't have to be blatant and obvious. You can put subtle "errors" in a program that make it wrong, but that would not be obvious even to an expert studying the code. And let's face it: elections today are high stakes. A political party might be very willing to spend a few million dollars to hire a team of experts to create voting software with such subtle "errors". Do it right, and even if you are caught you could plead that it was a mistake and not a deliberate fraud.

thnks mark

Surely though, while that would pass a cursory look, if it were actually to be implemented at scale, there would be enough eyeballs that even the subtlest of fuckery would get seen, right?

@@dominicbeaumont4932 🥴💓

A party? Nah, they wouldn't. Their "friends" in business would, however…

Honestly, who needs an antivirus if you can just watch this video where Tom Scott himself checks your computer and assures you it's clean

Tom Scott shall rule the world ahahahah

@@pixel-hy4jx aHaHa

plot twist: the video changes if you have a malware or outdated OS and tells you

thousandth like

@@System64MC Like a secret ending in a video game? Damn, now I feel like downloading malware to unlock the ending and get that one last achievement

At my poling place, they use a touchscreen monitor to display the ballots to you, but that’s it. You still get handed a paper ballot, and you still turn in a paper ballot. All the computer dies is take your input and punch a hole in the right spot on the paper. It then tells you to verify that the correct markings were made. I, as a visually impaired person, very much appreciate this.

The machines I voted on in California you voted on the machine, but then it printed out a physical receipt of your choices, and that was the ballot that got counted. You then had the opportunity to examine the printout, and if you changed your mind or there was an error you could reject it and it'd be shredded.

That's probably the best way to do it. The printed ballots can be easily machine readable, and also easily human readable. You can get the results out to the public really fast, even if you spend days verifying the results afterwards. As long as the margin of error between the machine read result and the human read result remains extremely low, there's no problem.

If the machine knows that you are physically impaired it can punch or print different holes that your impaired eyes cannot see . Flipping all the visually impaired votes may only be enough for a closely contested issue, unless combined with other attacks .

It is still computer read and counted. The paper ballot could be correct, the reader program just changes the totals in a convincing way.

this just makes me think about the story where a flipped bit in a 2003 belgium election count resulted in a candidate receiving over 4000 unexpected votes

I think it was some malfunction

@@corrupted4726 Ultimately it was a cosmic ray striking one of the transistors. The error was spotted and corrected

@@botigamer9011 there was also another similar event that happened during a super Mario 64 speed run, where a random cosmic ray flipped a bit in the system and caused Mario’s y-coordinate to jump up a bunch. It caused a significantly faster speed run but because it wasn’t intentional I don’t think the run was counted

4096

​@@wren_.I guess you guys are men of culture as well

In the US, people didn’t even trust mail-in paper voting, so the lack of trust in electronic voting might end up getting people to overthrow the government.

honestly, I'm amazed they haven't done it already.

Mail-in ballots should not be accepted - in-person, verified identification, paper ballots only. No exceptions. On vacation on election day? Too bad. Too sick to leave the hospital? Poll workers can come to you if you demand it.

I have been a poll worker for elections in Portugal for many years now and I completely agree. Election security is one of the things we should be most conservative about. Here in Portugal, we have to individually count all the ballots we receive before the voting starts, and we must cross-check that by the number of people who have voted, based on the registration rolls, with the number of ballots that have been entered into the ballot box, and the difference must match the number of ballots that remains unused at the end of the day. All the counting is done under the observation of the party delegates and you are forbidden by law to hold any pen or writing instrument while handling the ballots. If there is any discrepancy in any voting table, even something as small as a missing signature or one lost ballot, you get called into court and you have to explain it to the judges.

Very similar to the UK, this is the way.

The only times I've heard of electronic voting in some form is overseas voters (Military or Overseas Citizens) in my home state where they can fax or email a ballot to the county elections office to vote in an election. The main thing is that you are still filling out a paper ballot and having to scan or fax your ballot to the elections office who treat your ballot as an Alternative Format Ballot that is verified of the signature and then put onto an official ballot so that it can be run through the machine and tabulated.

That's the good thing about Africa, our election results are known before we even go to the polls so we don't have to worry about all of this...

Why vote when your honourable dictators do it for you

Lmao. Same here in Easter Europe. We have voting, but every so often they find a truck full of valid voting tickets somewhere in a ditch. Also, people that died decades ago still voting.

I dont care who gets to vote as long as I get to nominate the candidates.

Ah isn't the internet wonderful

this shouldn't be funny, but i laughed nonetheless.

Hackers: Can easily put the election in favor of a candidate Also Hackers: Runs DOOM on hardware not specifically built for gaming

The voting machines are most likely a 100% standard PC, probably running 100% standard windows. Any modern computer, even the bottom of the barrel economy boxes, can run Doom without being made for gaming. It's just a matter of getting the program into it.

@@stale2665 It's probably also still running Windows XP

You can run Doom on ANYTHING. The obvious example is a graphing calculator but i prefer running it on a Geiger counter with a screen and the controls is the radiation received

"Seal them all up and transport them to the place where they will get counted....No one does that." Indian election commission: 👀

more like everyone does that, does anyone use internet to send the data ?

​@@devforfun5618 Brazil uses a private VPN with proprietary encryption. All the data is sent straight to the supercomputer that does the counting.

@@mihawkhalk I don't think that happens...

@@patrikeluisbritz4912 I live in Brazil, the result comes out on the same day right after the sessions close They don't carry the polls.

I love how the honestly designed Nedap ES3B Voting machine was hacked to play chess despite it being able to only execute code in its ROM (not altered for the hack). Though a buffer overflow bug in a file save dialogue box, a new virtual machine was created on the stack out of crafted return addresses to parts of functions in ROM. Then there are the blatantly dishonest voting machines and tabulators made be Sequoia Systems (with Good/Evil switch SW4), Diebold’s "explorer.glb” back door feature, and the mandated single user and password to be shared by everyone because the system must be restarted every time a new user has to log in.

In Switzerland, due to our direct democracy, we vote a lot (4 times a year each time about a handful of topics) - everything is done decentralized using paper ballots sent by mail or directly put into the ballot box. Results are usually published 4-6h after the polling station closed. Now the left is pushing to introduce e-voting in combination with e-identification. As a software engineer I have a really bad feeling about that especially since the scale of the manipulation factor outweighs the convenient factor by magnitudes.

There are a lot of ways to make e voting safe, india is a good example

​@@_Tao__did you even see the video? Might need a rewatch

​@@Zyper_SebxrThe video isn't a fountain of knowledge and absolutely correct just because it aligns with your view on the topic.

Seeing as you just straight up said "the left" I feel you have some political bias on this.

So, in Romania we have normal Paper Voting. You are identified with and ID Paper (Birth Certificate, ID Card, Driver License, Passport), then you are handled your ballot and a special non-erasable ink stamp. You go into the booth, you stamp your party/candidate/candidate list of choice then go out, put the paper into the ballot box and sign a paper which confirms that you voted. That's kind of it. The votes are counted by every election station's organizing committee and then passed to the local level then county and national if it is a Presidential Election.

"I am endorsing dashlane for two reasons; One, they have given me money, obviously" Ah Tom, never change.

xDDDD

Well he’s not getting this ad again 😂

@@xdev_henry I mean, Dashlane had to approve this ad, so...

@@xdev_henry He is legally required to disclose the fact that it's a paid promotion - the only difference is that he did it in an unsusually informal way in this video

He's got me hooked

One solution a friend of mine came up with was to pick a random ballot (like randomized qr-codes) and memorize the ballot number. Later on, every ballot's voting result is published in an open database. That means, everybody can count the votes themselves to verify the official result, and everybody can verify that their own vote was counted correctly. That you can also see the other votes without knowing who they were cast by, isn't really a problem, because you know the end result anyway. It took me a few days to figure out that it actually breaks anonymity in a very problematic way...

Can you please explain how it breaks anonymity?

this could work, but i don't think most people would be able to memorize a number maybe if it was a password like gifcat generates by combining two words to make it easy to remember but then it also makes it impossible to prove your vote was incorrectly registered, since there is not way to know for sure your ballot is the one you claim it is, you could just be misremembering the code it pass the anonymity filter but fails the trust filter, one would only need to convince a bunch of people to claim their vote was changed

@@devforfun5618 claiming your vote was changed or was cheated, happens anyways. The problem is that people can go see for themselves. You literally could just let people write down the number to verify later.

in my county in texas, we switched to a hybrid system. we fill out paper ballots, but use electronic machines to count and store the votes. even that isn't good enough for me. I'm not opposed to using machines to count the votes, but my suggestion is we use an analog design, rather than relying on digital computers; no easy way to tamper with the machine without physically modifying it in a way that makes any such change relatively easy to spot; thus maximizing trust in the machine. on election day, the votes are counted and only once all the votes are received (maintaining the anonymity of the voters) does the machine spit out the final tally, the revelation of which should be publicly broadcast

A couple of decades ago, I was in an organisation that implemented a bought-in electronic voting system for its somewhat-large board of directors. Votes were cast in live meetings by pressing buttons on a console, with a special ID card inserted to identify who was sat there at the time. The results, including a list of who voted which way, were printed twenty seconds later for the chairman to read out and share with the world. As a proof of concept, I was able to inject a completely different set of results before it even reached the printer, adding votes from people not in the room, deleting votes from people who were there, changing other people's votes on the way past, changing the totals, etc. My edits were blatantly obvious, and done manually while the system was still being commissioned, but it wouldn't have been difficult to automate the whole process and to be far more subtle about it. It was very embarrassing that someone working at my level in the organisation could do such damage so easily, while sat at my desk in another building! And even more embarrassing when it became clear how easy it had all been: Servers with blank admin passwords are never a good idea! It all needed secured very, very quickly,... and very, very quietly.

they thought they didn't need password on the testing phase

@@devforfun5618 This was the final commissioning test, about two days before going live: There was zero provision in their system for adding a password on that link, and no time to change it. (And we had a bunch of other stuff to do in those two days. It was a hectic time with very public, externally driven deadlines.)

In New Mexico we use paper ballots which we feed into an air-gapped computer. I feel comfortable with that combination. I've wanted internet voting for years, to increase voter turnout, however you've taught me why that's not a good idea, at least not yet. Some of the problems you brought up may never be solved. Thanks for the food for thought!

Blockchain has entered the chat.

​@@sharpenedge How can blockchain solve any of this?

How do you know the computer is air-gapped? Is there any part of this process that doesn't just degenerate to blind trust?

@@iamtheiconoclast3 no, but same with regular voting. so what can you do

@@iamtheiconoclast3 blockchain would be perfect for this. A vote can only be counted if the whole blockchain can process it. Any mistakes and the vote would fail. Impossible to hack

I would love to see a follow up about this covering ZKP (zero knowledge proof) computing, and it’s implications on the feasibility of electronic or even digital voting.

poor tom has to make a new video every 5 years with the same exact title every time

I think the basis of Tom's reasoning is that no matter how much you try to use technological advances: 1- It's hard to verify the correctness by people who aren't expert 2- it's even harder to make sure it's robust (many things considered secure in the past are now considered totally unfit for use...) 3- a single exploit could completely flip the nation results instead of just a couple hundred forged votes So ZKP are an even bigger pain....

Imagine going into a voting booth and seeing the Doom title screen.

rip and tear

Best election ever.

the demons have the faces of the candidates

@@Greaust who's doom guy?

@@oshkiv4684 the guy from Doom

Tbh, I always think it's so cool to have electronic election, especially in our current era with almost every aspect of our life aided by technology. But turns out sometimes, something so simple and... old, is still more resistant against any attempt of cheating.

you can literally take the papers and throw them away tho

@@imnotreallyjess4318 Well that's definitely alarming, and there should of course be measures to minimize the risks regardless of ballot system (like Tom also mentions, there are risks with "traditional" paper ballots too). But electronic voting introduces several risks that are *much* harder for the general public to verify, like hardware and software integrity of the devices used to register, store and tally the votes. That said, human beings being human beings (no pun intended) is definitely a risk factor - and will continue to be so regardless of the voting system used. Things such as what Tom calls "granny farming" is not inherently solved with an electronic voting/ballot system. Bribing, coercing, "convincing", threatening, peer pressure, misleading, propaganda... there are a lot of ways you theoretically can influence the opinion and vote of another, or the actions of those managing things like an election. But those aren't per se solved by electronic voting systems either. It may influence some attack vectors in a good way (such as involving less people) but also in a bad way (making a point of attack more effective/less detectable). TL;DR: we're screwed regardless. /your friendly neighborhood misanthrope

Sadly, it takes a lot less to sow doubt on elections. Politicians who gain by sowing distrust, don't need any actual wrong doing.

2:05pm NZDT 10 October 2022 I fully agree with this. In New Zealand in our council/mayor elections which happened 2 days ago, only about 40% of voter turnout, which is typical in New Zealand for those elections. So talk about doing the elections online to increase voter turnout. As soon as I heard that, I thought back to this video which I’d seen 1-2 years ago. I still agree with this video.

7:26 fascinating moment of "oh wow it's not just we don't have the technology to do electronic voting, it really is impossible that such technology could ever exist". Good job Tom.

it is currently called blockchain, an immutable ledger and privacy. Trustless as in no need for trust, this guy must have been born in 1822

@@BCFalls1 did you watch the video? He explains why blockchain can't solve this.

I feel like these days people make everything more complicated by wanting to use technology. The system works just fine with the volunteers and paper ballots, why would you change that?

Point made (and I've used similar arguments against electronic voting before, so thank you for the great material!), but as for the Doom thing: given that hackers and geeks will attempt to run Doom on literally anything with a chip, we've hit the point where if you CAN'T run Doom on something, it can be argued that that object is not, in fact, a computer.

somebody figured out how to run Doom on AO3 (archive of our own, a fanfiction archive in case you didn't know what it was)

Of course a voting machine is able to run doom, but its software should let you do it!

From a practical security standpoint, running Doom on a machine demonstrates that execution of non-trivial arbitrary code is possible.

And if you _can_ run Doom on it, Bethesda will try to release Skyrim for it.

In the state of Georgia, USA we use computers to vote that then print paper ballots for you to look at and make sure they are correct. Then you place that paper in a scanner that deposits the paper in a sealed container. When the election is complete they read the electronic scanned data. They also randomly audit areas by hand counting the paper votes and comparing them to the scanned data. All paper ballots are kept in case there is an issue, then they call all be hand counted. This way they can get immediate results but they can also revarify the results if they find any issues.

Why would you want immediate results that could be overturned when you already have exit-polls that nobody will be confused by.

@@Quintinohthree So far the immediate results have never been overturned because they have proven accurate every time. But if for some reason the immediate electronic results do not match the paper ballot audit we can still go back and hand count everything. Why would you ever want to wait days or weeks for results when you don't have to???

This makes sense. Spot checking randomly is good enough unless you have suspiciously skewed batches. Then prioritize those batches (e.g. "Why are there two boxes that the machine tally says went 90% to one candidate? Let's look at the paper ballots."

Isn't that just the world's most expensive pencil?

Sure...

Should reintroduce some elements of sortition to the voting system. No good if your vote is secured but your politicians were already bought before hand. Example: Step 1). Candidate secure signatures Step 2). People vote normally Step 3). Top 20 candidates by random gets eliminated down to 2 (method depending on local culture) Step 4). The two play Rock Paper Scissors Step 5). The winner becomes the president Would make an interesting election too.

PLEAAAAAASE come to BRAZIL to check how we have been doing it for YEARS! It is said here to be absolutly secure.

I worked the election in Florida. We use paper but it automatically tally’s and at the end of the night connects to an Ethernet and then sends it. It also prints out a slip that is then shown to all party members present who report it to their team. It was so odd to me that it was all paper but still used technology to send it. In the end there was a hand recount for some elections.

Printing a slip means you trust that machine to print the truth, and thus everyone ever involved with its creation and handling . In the classic system everyone watches the people doing that job .

Well, Tom, you changed my mind! BUT also gave me good challenges to think about :)

"To break an electronic election you don't actually have to break it, you just have to cast enough doubt." *Winces in United States*

PS. CNN

the funny thing is he's bashing physical mail-in voting and not the far easier to compromise electronic part. as much as a collapsing democracy can be funny

@@thekingoffailure9967 To be fair voting by mail isnt exactly safe either. My solution would be to extend the voting period and have a time booking system for when one can vote.

Please send help

@@pflernak You don't even need a time booking system. Plenty of places have two week or more advance voting periods, no excuse required. What you do need is enough polling places and staff that lines never exceed ten minutes. That breaks the intentional voter suppression that you have in the US.

Some places in the US have a screen which you vote on, and then it prints out a ballot for you with your vote(s) on it, which you then insert into the machine.

But what's the point then? It's just a very expensive and untrustworthy printer.

Completely agree with this, the day governments permanently switch to electronic voting will be a worrying day indeed if it happens. I have another question, any IT experts feel free to enlighten me as I'm clueless about electronic software on the most part: How come mobile and online banking has become a thing? Yes, I obviously keep my phone safe and there is a passcode which only I have to access my accounts, but how are my and other peoples' accounts so well protected from hackers/meddlers? Or are they not, and there are cyberattacks on banks' systems all the time, which they just don't tell the public about and somehow solve? I.e. how has the software used for online banking become so safe that people can trust it with their livelihoods?

It hasn't. Bank hacks can and do happen. It is rare that they attack the bank's security system, it is much more common to get bank info through phishing and other methods, because it is easier

Biggest diffrence is the logs that record what happens.

Can Monero be used as a voting system? In the sense that everyone in the country would have 1 currency unit of monero money and in the voting day they would split the currency unit throught the wallet of each possible person running on the election. At the end we would count the money each one has and whoever has more would win.

So in Pennsylvania, a new polling station is popping up. We have stations that print a ballot (which you can confirm through a glass window), then cancel or submit. If everything looks good, it’s submitted to the secure ballot box (locked and located at the back of each machine). It’s a paper/electronic hybrid.

I like this model. Brazilian congress approved the same desing, but god knows why the far-left Supreme Court backed by the most corrupt Brazilian Party suspended the change to this model.

Aka; the world's most expensive pencil... a load of extra effort for no benefit.

@@Lashb1ade essentially, except that the ballot is also recorded electronically.

Funny that simple addition has been made into something so complex

In 15 years: Tom - "Here is why Quantum voting is an even WORSE idea!"

Photon effect could cause your votes to be redshifted or blueshifted! XD

You can't duplicate thing in quantum state

In 25 years: Tom - "Here is why Skynet voting is the end of the World"

Well actually quantum encryption solves the problem

@@damiankaleomontero496 if you trust the encryptor and counter. Edit: and quantum encryption breaking doesn't get invented.

What if the electronic ballot also printed out the vote on a sealed glass box for you to see if it matches your vote and then dropped the paper vote on a standard ballot? That way we can get the trust and reliability of old ballots and the fast time to count votes of the electronic ballot. In case someone asks to have the votes recounted it can be done on the paper ballots.

this happens in georgia

this happens in India. Clear example of the British lacking humility as usual.

Then... explain the actual advantage, if you still have to produce, manage and archive paper ballots?

@@PeTTs0n88 the time to count the votes. Count the electronic copy, give the preliminary results and count the paper votes.

@@lionspectro Couldn't you just stick with just the paper ballots then? The cost of building, maintaining and securing the electronic machines on top of a paper system should be... quite expensive, no?

Scott, can you make a video about the Brazillian Eletronic voting?

I like how this video is being recommended when it's voting time in the EU, also I love how Northern Ireland wasn't showed as part of the UK, shows how it shall belong to Ireland 🙃

It was though, at 2:47?

Starting with the requirement that votes _absolutely must be anonymous_ strikes me as the core problem with the reasoning against electronic voting. Is it irrational to ask: "How sure are we that votes MUST be anonymous? How sure are we there's nothing we can do to mitigate the possible issues with signed voting?" Just thinking about it briefly, it seems to me like there would be plenty of ways to be effectively anonymous without actually _being_ anonymous, so that votes could be audited after the fact.

Fair questions. We do not have a consensus to have less anonymity, thus electronic voting systems are constrained in how they work. A voting machine vending cannot simply decide for the voters that keeping records of individual voters is okay.

Wow, I am watching the same questions that was answered 30 years ago and every two years my government still needs to answer again to this people.

This should be a recurring series for Tom Scott! *Tom checks every 5 years:* _Is electronic voting still a bad idea? Yup_

Just reupload the same video, but change the intro.

With how uk politics has been lately its more likely to be every 2 yeare

Fixed Tom Parliament Act

I think electronic voting will happen in future, it's kind of inevitable to keep advancing in technology, using more and more automation while relying on ancient and imperfect system of manually counting votes on sometimes rather large sheets of papers with countless possible combinations. Automation will include scanning the ballots, counting the votes, then it will be matter of time before recording the vote itself will go electronic. Depends on voting system used but let me tell you that there are elections with many rules and voting options that not only it does already confuse the voters how they can actually and effectively cast their votes but the election commission (or how it's called) doing the counting doesn't exactly follow the rather thick rule book aka the law, and the volunteers are often retired people who have serious issues with any advanced counting and doing it for hours of undivided attention and not making a mistake, systematic or numerical. We have many reports how preferential votes were miscounted on paper ballots and more often than not the results are either kept as it is because it didn't have enough potential impact on the results or people don't find all the suspicious cases or the complaint isn't even filled. Because then that whole district would have to repeat the voting, less people would come second time and some party might feel they would get even worse result while holding up the final official result.

This guy completely ignores what blockchain technology is. As a computer guy you have to be critical enough to spot when someone is losing track of technology.

In the Netherlands we have DigiD, a digital ID. It's already used to arrange all things you need and is completely trusted, I don't understand why they don't use this as an addition on physical voting (addition because elderly people might find it difficult so let them mail it in, they already do that anyways).

All electronics aside, I see one major problem with electronic voting: how do you know the person IDing themselves and voting for someone isn't being seen and/or pressured? They're at home, how do you verify this if you don't see them go into the booth alone? I'm not saying bad men with guns, I'm saying an overeager youngster and their grandparents. "Oh, granny, I'll do the complicated computer thing for you! And now we're going to check this box here and klick there and done!" (You can make the webpage as clear as you want, but at our family home here in Estonia granny lived downstairs and the computer was upstairs.) "Well, I marked your vote down as purple party, they're the normal ones!" "I always thought you went for the yellow like me!" Etc etc.

@@mirjam3553 ? You created a not very common scenario where a small amount of votes (one) is altered, how would this affect an election where millions of votes are at play?

@@msrodrigues2000 Oh, an individual will of course only affect a few people at most. But I see a problem with this: if you can cast reasonable suspicion on an unspecified and unverifiable number of votes, how sure can you actually be of the results? Probably not enough to sway an election, true... But in a country with not that many citizens and an aging population with relatively immobile rural elderly precentage the problem compounds on itself. With party lines often running young-urban and old-rural, it becomes worse. And as Tom hinted, it only needs to be "could happen" to lose some credibility. (Along the same lines, maybe polling places should not allow phones in the ballot-filling booth. "We wll pay you x amount if you take a selfie with a ballot you filled with the number of our candidate.")

It does make proving who you voted for really scalable.

breaks the anonymity requirement - if you can prove who you voted for, there is an avenue for coercion or corruption

As an American alot of us don't trust the machines either but sadly that's what we have.

We use paper ballots in the United States

​@@xp8969Paper counting machines are still a problem .

In Iran, we solved this problem already. We know the election result before the election.

😂😂😂😂😂👍💚💚

For my city it’s a mix of both, we have a computer and paper ballots, you get a paper ballot and scan it thru a computer which takes tally. There’s a paper trail and a computer Tally. They both have to match

I’m all for tech and advance and stuff… but I also know, that everything that happens on any kind of computer, CAN be altered. So voting on paper is just the one and only safe way to do this… for now

Blockchains can't be altered...

@@NLozar22 someone sometime will find a way.

@@RicassoST Mhmm, nope. You can fork to a new branch, but that then is a new blockchain. Saying a blockchain can be altered is like saying bachelors can be married.

One of my favorite things ever is people just wanting to play doom on every concievable device.

Doom on a TI-84 is nice. Personally have a copy of it.

I've got it on my Samsung smart fridge

seems like skyrim is trying to overtake that achievement

@@rabywastaken nice dude

The only way electronic voting can ever be truly secure is through massive redundancy. An ID code for each voter, when you use a machine to vote it prints one copy of the ballot for each party on the ballot, as well as storing it to be counted by the computer. Each party group does their own count with their copies, as well as the computerised count, and if there is any discrepancy it's measured, and if sufficient enough to matter then a recount is ordered. Then the only way to tamper with it in a meaningful capacity would be to get to every machine used to count, in every party, and get all of them counting just the right amount of wrong.

If those machines are all the same design, the designer can make them all make the same wrong, nationwide . Human counting and marking don't have that single mastermind problem .

“A centralised system should not be used as it can’t be trusted”… “this video is sponsored by… a centralised password system… to store all your most sensitive data!!” 😂

Lmfao However ironic that is, I trust it more than electronic voting. Not buying it anyway, but still.

@@doughoffman9463 and whats ur point

@@doughoffman9463 oh

Well, a lot of them just got hacked this week. I think you have a point.

@@EulerAlvarenga1 LastPass moment

In Belgium we use electronic voting. It is just like on paper: you go to the voting office, go in a voting box and you vote on a computer. That prints your vote on paper (with a bar code) so you can check it. You fold it and have to put it in a box, just like on paper.

That's just an expensive pen.

Here in brazil we consider that as paper vote since you compare both numbers, the electronic votes and the physical votes, if the two match its all good, if not then there's something wrong, here we just vote on the electronic, you press a few buttons, the machine says "you voted for X candidate" and that's it

Hello fellow Merksem dude

You could crowd source ballot checking by placing a unique id number or bar or qr code on each ballot. Have a bottom tear off receipt that the voter takes and can track progress of their ballot through the QA process. They could go to the tracker site on line, enter their ballot id number and see where their ballot is and where it has been (how many and which inspectors viewed it) and what candidates are selected (have the selections changed at any point). Voters can report any irregularities with their ballot through the same app.

Then you lose anonymity.

@@jjacob7426 not necessarily. there should be a away that protects anonymity while still being able to ensure integrity of the ballot. some way to apply multifactor authentication and accountability of accuracy.

@@GlitterPoolParty if you have a receipt which can show who you voted for, then you've lost anonymity. Tom gave good examples of if companies started offering discounts if you voted for party A.

@@jjacob7426 it wouldnt be a reciept of who you voted for, it would be a receipt of the vin # of your ballot that you could then check online to ensure the same candidates you selected are the same that the system counts. you could make pencil note of your selections for your own recollection but the ballot would be processed the same way but keeping the vin# with the ballot

Bad idea é assar hambúrguer e salsicha e chamar de churrasco

kkkkkkkkkkk melhor comentário

Ele é britânico

KKKKKKKKKKKKKKKKKKKKK

Ur clearly not a 'Murican, in more ways than one...

You forgot a big issue with "phone voting:" totally break of the "anonymous constraint." Do you want to "sell" your vote? (Maybe you are forced by your boss or someone with a power position) It is quite easy: cast your vote in front of your "customer." I cannot see any way to prevent this if I can vote with my phone.

Ability to change ones vote up until the deadline is one way. Not entirely safe, but its hard to control several people at once at least. And it would possibly create a great spike in traffic the last minutes of many people feel the need for it.

It doesn't...even simple software like Google forms allow you to capture feedback anonymously. The problem here is can you trust Google and its code.

@@Lunkanize So a phone-company can just run a script that will vote their CEO/CTO/main-shareholder in as president literally one milisecond before the election ends.... No way THAT could possibly go wrong, right?

@@ankitraj9684 Your vote being anonymous from the person holding the vote and from Google are two different things here. In a potential national election - they simply aren't. The "person" hosting the voting for who gets to lead the state IS the state.

I say just make "vote selling" a 20,000$ settlement, if you can prove in court someone had you do this, they now owe you 20,000$ and you get to keep whatever they already paid you

And it looks like the Tory leadership contest could go online. Methinks they didn't ask for the opinion of a cybersecurity expert.

In india , people used to throw rum/other chemicals in the ballot box in places where it was predicted that opposing candidate may get more votes. So our election commission introduced EVM with paper printing the symbol of party/candidate whom you have voted.

In India the electronic voting machines are used which print a ballot and drop them in the box and the ballot can be verified by the voter and both the ballet and electronic data are verified by counting

But then what's the point of the machine? Why not just use papers and a pencil, which is cheaper and more trustworthy than a machine?

@@DanCojocaru2000 In a nation of 1.5 billion people I think getting evms would be cheaper than so much paper that needs to be transported and provided security to

@@kolo280 Who cares abour saving a bit of money when the price is losing your ability to confidently vote?

After having watched LPL for a while, seeing the "tamper proof" seal and padlock at 1:41 made me laugh.

Tamper proof seals are a thing.

It's good video. I agree. Though old method is tedious and resources consuming but it's trust worthy.

The people who understand computers the most, trust them the least (at least, as far as privacy, security, and financials go)

The same is true the other way around too, computer experts are not experts on current voting systems so they are oblivious to it's o n Fair share of problems.

@@BattousaiHBr Those aren't mutually exclusive areas of expertise.

As an I.T. guy who has seen many things, I couldn’t have said it better myself.

@@BattousaiHBr Some are, some aren't. Any person with a basic interest in the security of a voting system will see flaws in some systems that has been solved by others. And some that hasn't been solved, and some are up for debate whether they're problems at all. Regardless that interest does have some correlation with computer knowledge, particularly with the knowledge of IT-security.

'The people who understand computers the most' are building their linux kernel from source and therefore trust their computer the most

This is one of the best videos I've ever seen. Relatively complex concepts explained so my gran could understand

Thank you for your carefully thought out presentation. Unfortunately across the pond, we experience problems with trust for multiple electronic systems, and then the gaslighting always begins. The cynical phrase for those of us on a specific side is this, "are we within the margin of cheating?"

The issue comes from claims of fraud when results are not in ones favor, which is sadly becoming a common practice. This wouldnt be such an issue if there was a way to prove wrong doing, but unfortunately these claims go unproven. In my voting area (cant speak for everywhere) I vote electronically via a paper ballot which gets scanned on my way out. This way if the digital tally is questioned, it can always be backed (recounted) via pen/paper.

We have been voting with ID-cards probably 10+ years already.. No problems at all.

We must demand paper ballots, voting in person, counted by ALL political parties on the ballot. None of the party members leave on the last voting day till the counts are agreed to and sent to the state.

Bingo!

Seems like a good way to get completely paralyzed by a party that doesn't want to agree though

When you have enough money and enough criminal energy you can make everything happen. The task is to make it more difficult. A hacker can manipulate a vote in the internet from everywhere in the world. For voting machines its a little bit more difficult. For paper voting you need a lot of people in a lot of locations. There are people who monitor this votes and there are people who can see or film you when you exchange the sealed boxes. A vital part of this monitoring is to escort these boxes for every second between voting and counting.

Which is why the good systems don't move the boxes out of the voting hall .

"It needs to be obvious to everyone, no matter their technical knowledge, that the system can be trusted." Scary thing about electronic voting is that the more you know and learn, the less you think that it can be trusted.

Which is the problem. Tom is very naiv in saying that trust is the main problem. People are too trusting, especially if they can't change it.

Funny thing about representative democracy is the more that you know and learn, the less you think it can be trusted.

@@richdobbs6595 then you consider the alternatives. Most of them have major downsides (usually 'doesn't scale past small town size without breaking')

@@QuintarFarenor What are you even saying? You think it is a good thing that people can't trust their elections? You think that elections shouldn't strive to be trustable?

@@icedragon769 You're absolutely misunderstanding: I'm saying that people are TOO trusting! sure we need to make votes more trustworthy but we need to make people more sceptical too and I think that's a bit more important even. I'm in and from Germany, we have only paper votes. Even then I think people are too trusting.

I've got some good ideas for how it *could* work involving hashing and checksums which could successfully verify that each vote was genuinely cast and that every vote tallies up to someone who is eligible to vote, but much like you say, how to you instil the trust in the public, how do you prove that the vote recorded was the vote intended. I don't know anyone who trusts anyone in power these days, governments have abused their power so much and in such serious ways, populations around the world just have zero trust or faith in the process.

You design a trustless system. Come on drug dealers did it with silk road. I cut, you choose.

Wouldn't it be possible to send out keys to people who requests digital voting? The vote is bounded to the key and before accepting the votes you can put the whole list online, so everybode can check if his code has still the same vote attached to it.

Such things are possible, but that runs into a problem with our traditions of anonymity. Once upon a time, some polling systems gave you a receipt on who you voted for. That was stopped because sometimes employers were demanding that their workers provide that receipt as proof they voted "correctly". If everyone were willing to give up on anonymity entirely, a very secure and verifiable system would be easy. We are not willing to go that far.

@@ComradeOgilvy1984 With this method you can at least just look up a key that fits the expectations of your boss. But I totally understand your point.

And what if it doesn't match? You can't tell anyone, because that would break anonymity.

@@cityuser But that problem would also exist with votes on paper. The difference is that you can check your vote weeks after you sent it. By voting on paper you throw it into a case and have to trust that it gets where it belongs to.

i find it funny that im brazillian and there is a warning-like message saying that the brazillian electronic voting system is secure, btw im not saying its not safe i just find it funny that is appearing on a tom scott video

Unless you have the private key to your vote, it would be impossible to verify that your vote is actually yours or that it was counted. We all need Bitcoins for voting so that we can spend our vote with our own keys, not giving the government keys to our votes!

@@raiden72 you need to go outside and touch some grass, even if its artificial

Modern technology means that cameras could survey the ballot paper before it's taken into the voting booth and from the moment it leaves it right through to the end of the count. The video could be stored so that the security of the ballot papers throughout the process to the end of the count could be checked later.

That would require an insane amount of storage space, has the potential to break the anonymity, and videos can be edited

Instead every ballot is personally guarded by the voter who casts it even inside the booth . Cameras can be abused to look for subtle hints and angles revealing what was voted .

Trust and politics in one sentence...

Just realised Tom did this in one-take.

Respect. 😅

Ironic that you wrote ironic how you write one take in one take in one take

Is it really one take if i erase my message before posting it??

Ironic that you wrote ironic that you wrote ironic how you write one take in one take.

@@DuckboyMcgee The following statement is true. The previous statement is false.

Tom scott saying my devices are free of malware makes me happy about myself

Why not just gather people in a huge hall with a decibel meter and read out the nominees.. the nominee which records the loudest yes wins Your welcome

Could we make hybrid voting machines? You go to a booth, you press the button of your choice, then the machine spits out a paper inside it (not outside) that you can see behind a small glass window, and the paper gets physically sent to a nice stack of paper that can be read from OCR with human control. (OCR is already trusted for post mail services, so it's a nice speed-up for couting votes with a human backup behind for added security.) How does that sound?

That is exactly what has been done in india for a while.

that's called paper ballots

I think that electronic voting can be, and _should_ be utilized by elected representatives for the passage of legislation. There is no good reason to continue to have members of Congress gather at the same place at the same time, given that _their_ votes are part of the public record anyway.

That might actually be a good idea...maybe.

They gather in one place for the discussion before the vote, not the counting . Since they're there anyway, why bother with machines .

@@johndododoe1411 That's just semantics. Why gather _at all?_

Also, here in Brazil, people don't just vote on their phones or computers. That's complete nonsense. No one does that. We go to locations determined by the local government, but instead of a booth where you insert your paper, there is an electronic device.

I want to add that we have a thing called Public Security Test that allows anyone interested in trying to hack to register for this test.

Also these Brazilians votting devices do not have Internet access.

And we don't have to wait 3662574 years to know the results. We know in the same day.

And any of these arguments refute any of his points. And Brazilian elections cannot be audited. Do you actually believe in the reliability of Brazilian election system?

@@plinsavi how it can not be be audited? I just said that the system is available for public eyes to check its safety.

How about voting by computer AND voting on paper? At the same time. If there is a too large difference in both statistics of votes, then there may be a problem.

at that point why not just rely on paper?

Voting is eletronic in Brazil. And it feels like it always has been. Growing up I could not conceive why developed countries still vote the archaic way using papers.

Because there's nothing wrong with paper ballots.

It's not a matter of archaic or not, it's a matter of scope Here in Brazil, transporting that amount of paper through the land safely is a tall task, and its way more likely to lose votes in the process, specially with our not-that-good transporting systems. Then there is the problem of counting these millions and millions of votes correctly. In Europe for example, it's not that big of a problem, paper voting is easily transported and the number is waaaaay more reasonable. At that point, why switch to electronic? The electronic system here in Brazil is great, but starting some like that is very expensive, and it's a cost that isn't justifiable for them

I am so sorry to hear that you grew up in brazil. Wish you the best in life

I’ve only ever mailed in a paper ballot, wish that would have been mentioned

It's funny how he talks about trusting software and then recommends one that holds a lot of your personal information. Like i trust him but still its a little fun.

In Brazil electronic votes has been used about 20 years!!!

Things found at DEFCON this year included: - Encryption keys for a poll book stored in plain text in a standard xml file. - Root access to a ballot marking machine achieved by connecting a USB keyboard and pressing the windows key. - Hackers were able to remove a CF card containing voter data using nothing but an inexpensive screwdriver, then replacing it with one that allowed the hackers to play pong. - Lots of absent or simple OS and BIOS passwords that allowed machines to be used as low end PCs.

It would be cool to see if someone could mod a voting machine to be secure from those exploits and as a result have their ideas implimented.

@@abhatia3863 It would be cool to see if states would knock it off with this voting machine crap instead of trying to "fix" them.

I feel a great disturbance in the Force, as if millions of computer science majors suddenly cried out in terror and were suddenly silenced.

@@octorokpie you can campaign for a different voting system and I can want to see E voting improved. No need to get tribal about it.

"- Root access to a ballot marking machine achieved by connecting a USB keyboard and pressing the windows key." Wait what? So not even a single layer of protection...

Electronic voting could totally work if you had to log in using your identity card. A list of anonymous voter id's with the corresponding votes can be made public so that everyone can check their vote is correctly registered. This way you would hhave transparency and anonymity.

How do you know and guarantee the identity isn't being kept and associated? Seeing the type of leaders we have around the world in 2022, I think that possibility would scare a lot into not voting at all.

Here is deal , I am rich person and I am going to give you money if you vote x party , and you have to record your screen while doing it or you can give me your Id details , so i can do it.Get it?

Not anonymous

but it is , before you vote you need to show your ID, they type your ID so the system is open to your vote. after that the machine is blocket untill the next ID is typed

did you just read what you wrote, anonymous identity card? How does that make sense?

Another problem with online voting is complete lack of anonymity. If everyone in your family usually vote for yellow party, but you want to vote for green party, and someone is standing right behind you... Some will feel pressure to vote for yellow just to keep the peace. At my dorm we would always go voting together to motivate everyone and make it more cozy, but in the booth you are completely alone. Also don't forget all the people who don't have a computer or smartphone because they don't know how to operate it or can't afford it. Most people can work a pen and paper, and (in Denmark at least), if you are blind or handicapped you can bring multiple officials in the booth with you to make sure your vote is cast correctly.

He is not talking about Internet voting, that would be truly terrible. He is talking about electronic voting where you have to go to the booth personally to cast your vote.

If this guy says this in Brazil, he can be prosecuted for threatening democracy.

That's why I like Brazil's electronic vote. Because we are so corrupt, the system is tested and modified when they find a flaw.

Tom, I'm really happy that you at least partially endorse FOSS. I don't think I've heard that from you before so I was pleasantly surprised!

"Vote red, or you'll regret it." Said Tom, wearing his signature red shirt.

Tommunism

10 years down the line: Tulags come into existence

@@PalkkiTT time zones will be abolished as well

@@randompheidoleminor3011 And Icelandic-Mexican food.

After having seen Dan Olson's "Line Goes Up", 9:43 is highly relatable.

It is possible to do electronic voting that is trustworthy, secure and easy to explain. You could also run it in parallel with normal systems. Problem is, it would also be very expensive and people would not like all the hoops they would have to go through. Also, governments don’t want that as it would be impossible to control.

I agree. how much of that expense would be caused by whoever's anticipated to lose at the time just clogging up the system with duplicitous disingenuous "concerns"? if we had a means (really if we had the willingness) of identifying things like that... shady politics, all the things people do to block the right way when they find themselves in the wrong side and don't want to relinquish power... the transition could be made cleanly but we don't have any testicular fortitude. you notice how election results are so close to 50/50 for the last decade or so? there's always around enough people to do anything and it seems like everyone is doing the wrong thing.

Which system would that be?

Se a humanidade não fosse um lixo, o voto não secreto permitiria checar com mais facilidade depois

I suggest that elections can be made more secure by adding a 2x2 inch box in a corner and ask each voter to add a specific word or drawing that will make the ballot unique but non attributable to the voter. A scanner can then detect duplicates or handwriting patterns of multiple votes by the same person.

But why?