Stealing Elections

You’re probably going to be shocked when I say this, but I believe that Donald Trump and his assclowns are right: there is a tremendous amount of vote fraud in US elections.

I absolutely believe that the US government needs to put some serious muscle behind the Federal Election Commission (FEC) including some serious money, and probably their own SWAT team with machine guns and helicopters, as well as a bunch of forensic accountants. They should be a separate department that is not under the existing branches of government, though they would report to DOJ, Congress, the public (press) and executive. Those latter two openly and simultaneously. This muscled-up FEC would manage redistricting, and would control/manage polling locations, poll times, poll restrictions, identity policies, and vote collection systems, networks, and tabulation systems.

Elections Corsica-style, from Asterix

Because, as you’ve probably already figured out, I consider voter suppression to be electoral fraud. It’s my opinion that the democrats ought to trampoline off of the 2020 election’s many fraud challenges to reply, “yes, you are right, let’s look at all of this.” As many people pointed out, correctly, during the many republican fraud challenges, that it’s obviously intentional vote manipulation to challenge the votes only in predominantly black districts, or just the districts that they lost. Not only were they screaming “fraud!” they were trying to implement electoral fraud while they were doing so.

Voting has to be considered as a system, and it should be considered highly suspicious if someone wants to challenge just one part of a system while upholding the rest of the system. I’m trying to think of a good example in engineering where someone might want to do that, but I’m coming up blank: if there’s something wrong with a certain model of aircraft (let’s say the Boeing 737 Max) then you don’t just look at the ones flying out of Detroit, you look at all of them because they all are based on the same design and therefore might have the same implementation problem.

It’s absurd and it’s an international embarrassment that the US is currently engaging in “shit hole” behavior that gets reported thus: [kos]

Saturday Night Owls: The GOP has introduced 100+ voter suppression bills in 28 states in 2021

That’s electoral fraud, OK? It doesn’t matter which party is doing it: it’s a crime.

According to the Brennan Center’s report, “These proposals primarily seek to: (1) limit mail voting access; (2) impose stricter voter ID requirements; (3) limit successful pro-voter registration policies; and (4) enable more aggressive voter roll purges.”

This is clearly not something that can be left to the states. Nor is districting, or deciding where polling locations will be placed, when they are open, and when someone can or cannot vote by mail.

I have mentioned elsewhere (and here, before) [stderr] that cryptographer David Chaum owns an impressive set of patents covering most clever uses of cryptography for voting. The US government should buy out Chaum’s patents and make them free; considering what gets wasted on this issue, it’d be a drop in a torrent. Some of you are probably familiar enough with population dynamics and statistics that you’ve had the thought that a predictive model for a vote could be established with arbitrary accuracy (100% accuracy comes when you look at 100% of the votes!) by sub-sampling random votes from the pool, assuming there was a pool. By the way, the fact that there’s not a pool is really bad news and betrays some of the problems with US election systems. Anyhow, if you wonder why we have to listen to stupid pundits like Nate Silver, instead of actual sub-sample statistics – it’s because Chaum holds the patent for doing that and the various vote machine companies and governments don’t want to pay a cent more than they have to, to do this stuff right. The fact that the US has a hodgepodge of vote machines and jurisdictions is held up by some as “wow, that’s great, the incompatibility makes it harder to steal!” – which is spectacularly bullshit logic because the incompatibility is a result of local jurisdictional control that allows the jurisdictions to suppress votes. That’s the real game all along and everyone with 2 working neurons and a metabolism ought to be able to figure that out.

The system is arranged so that states are able to run elections that are relevant to the state, except that denies the obvious fact that state elections are also relevant to national elections and politics.

It is utterly absurd that a political party, in this case the Republicans, that have documented internal plans to gerrymander based on race, are allowed to complain about a stolen election. Nobody went to jail for that, in spite of the fact that it is obvious conspiracy to violate citizens’ 14th Amendment and 15th Amendment rights.

I’m still a bit mind-blown that in Georgia, in 2018, Brian Kemp was able to run against Stacey Abrams, suppress an unknown number of votes by throwing voters off of the rolls, and then “won” by a narrow margin – and there was nobody storming the Georgia state-house with pitchforks and torches. It is Orwellian mind-flip to be able to complain about electoral fraud while also shrugging off voter suppression.

Stop the steal. Republicans, I’m talking to you.

Yes, voting machines should be a federal government project, not overseen by the states. Voting systems should be designed openly by a team of experts who look at the complete system from the collection node to the summarizing and tabulating nodes, and which also take into account mail-in and certification for proxies as well as early and late vote collection. A complete system architecture needs to include logging and auditing, network security, endpoint operating system (I recommend no operating system at all, or a microkernel that can be audited) and endpoint software. Each point of the system should be regression-testable and every patch should be independently reviewed by a red team and a blue team. The ballots themselves should be checksummed and hashed, each ballot should be unique, and there must be a paper trail – when a voter votes they get a stub with their ballot and hashcode, and they can verify that it has been counted by looking for the hashcode in a public database given the ballot number. One of the huge exposures the US’ current bodge of voting machine crap has is that it’s hard for a given voter to really know if their ballot has been counted – gosh, darn, that ought to make you suspicious! Because that’s not how voting should be done in the most powerful technocracy yadda yadda.

Oh, yes, make the system open source and freely usable; let other governments use it, too. That way, if someone starts getting hinky results, the first move is to diff all the source code and look for changes, and trawl the system logs. This stuff is _not_ rocket science: every significant stock trading app, banking app, or e-commerce app has to handle transactions reliably, too – we know how to build this kind of stuff. We should not have systems that are so bad that someone like Rudi Giuliani, who is bat-shittier than a mammoth cave full of bats, can claim that they are flawed. He’s lying, of course, but the systems need to be above reproach and the current process is absurd. Giuliani couldn’t say it but I will: I don’t trust a voting system that a vote suppressin’ rat bastard like Brian Kemp had anything to do with.


  1. MattP (must mock his crappy brain) says

    That shitstain’s supreme ratfuckery was the last election performed with the paperless system(s) that had been in service since at least 2006 when I first started voting. Court-mandated replacement uses similar touch screens to print a letter-size paper ballot the voter can inspect before being fed into a scanner mounted in the locked lid of a big plastic tub/wheely-bin. Still no receipt to let the voter inspect/verify that the vote was actually tabulated correctly, but so much better than what we were stuck with before.

  2. GerrardOfTitanServer says

    Sorry Marcus, you’re wrong. There is no safe way to do electronic voting. It must be paper ballots. You can make the code right, but there’s too many incentives to mess with it via side attacks of all sorts, and too much for the public to worry about “did something go wrong?” which we wouldn’t have with paper ballots, e.g. we would restore a lot of trust in the system if it was paper ballots, which is itself a very desirable trait.

  3. brucegee1962 says

    Great point about voter suppression being fraud. I don’t know if there’s been anyone systematically looking into it at all; I doubt there is much data to go on.
    What about a nationwide survey of non-voters that asks:
    1) Did you attempt to vote and fail for some reason?
    2) If you did not vote, would you have liked to vote if it had been easier?
    3) What system of voting would make it easier for you to vote?

  4. Ketil Tveiten says

    The perfect voting machine is old tech: pen and paper. Nothing else can be trusted. I’m suprised Marcus of all people is even talking about electronic machines as something that isn’t insane.

  5. jrkrideau says

    In civilized countries it is not that difficult: Australian Electoral Commission, Elections Canada. One simply must want all qualified voters to vote.

    I think I mentioned it here before. but when I was in the hospital as a Federal election date loomed, Elections Canada staff and volunteers swept through the hospital to provide advanced ballots to patients.

    Heck we even have polling stations in maximum security prisons.

  6. says

    Ketil Tvieten@#5:
    I’m suprised Marcus of all people is even talking about electronic machines as something that isn’t insane.

    My whole point whizzed by you: vote suppression is electoral fraud and it’s also a problem with paper votes. What’s insane here is the massive level of suppression that is being tolerated.

    It is possible to build voting systems in which a voter can verify their vote and the total # of votes counted can be compared to the number cast.

    I even mentioned paper reciepts; that implies a paper audit trail, ja?

  7. says

    Sorry Marcus, you’re wrong. There is no safe way to do electronic voting. It must be paper ballots.

    Paper receipts (I mentioned) and hash serialized ballots – that is a paper audit trail. I said that didn’t I?

    Meanwhile, voter suppression is massive fraud that is not detected by paper ballots. Thus, paper ballots are not a panacea.

  8. Ketil Tveiten says

    I feel like we’re talking past each other here, these are independent issues:

    Paper can’t be hacked, and so is the most secure way to get the vote from the voter to the vote-counting. Any extra machine added here regardless of bells, whistles, printed receipts or hashing, is just extra attack surface.

    Getting the voter to the voting on the other hand, is what vote suppression is about. That is fixed by laws rather than by machines. If the Democratic Party weren’t so hooked on losing, they’d play hardball and force through a new Voting Rights Act, which said something like «All citizens shall have the right to vote in all elections to [relevant offices]. This right may not be lost for any reason, and the government shall assure every citizen has the means and opportunity to vote without undue burden». That pulls the rug out from underneath any of the usual tricks, excepting gerrymandering.

  9. jenorafeuer says

    I will note that even here in Canada, there have been voter suppression cases. They haven’t been as wide-spread and organized as the ones in the U.S., and they’ve tended to be more often at the provincial level than the federal (mostly because Elections Canada at the federal level handles things more directly), but they’ve happened.

    Here in Toronto, one year we not only had robocalls giving people wrong information, and tires or brake lines slashed in the driveways of people with certain candidate election signs in their yards, but there was one case where a number of poll workers got called up and threatened. And the list of poll workers isn’t exactly public knowledge, which suggests that one of the party representatives got his hands on the list and tried to shut things down in a riding that the party figured it was going to lose anyway.

  10. John Morales says


    Any extra machine added here regardless of bells, whistles, printed receipts or hashing, is just extra attack surface.

    I don’t see how; I think Marcus made it clear that the machine prints the voter’s vote, which the voter can peruse and then hand in. The results it electronically generates and sends can therefore always be matched to the physical paper.

    (Rather, the security of paper with the convenience of machines)

  11. says

    Paper can’t be hacked

    You’re kidding! Right?

    Look – the reasons checques have serial numbers is not because paper can’t be hacked. There is a huge and fascinating history to document forgery, e.g.: hacking paper. Paper can also be altered, replaced, or destroyed (as they did in Georgia after Kemp “won”)

    The patents I keep pointing out that Chaum owns are as much to do with cryptographic tamper proofing and injection/deletion proofing of paper ballots as digital, because those techniques are necessary for producing tamper-detectable paper or digital ballots. His patents are not about stuff like “how to use SCP to move files” it’s stuff like I said: building tamper evident ballots, whether they are paper or not.

    For the “paper can’t be hacked” dogma: Florida. “Hanging chads” OK? Are we on the same page now? If ballots were hashed and sequenced (not necessarily linearly increasing sequences, they would typically be sequential hashes) we’d know how many of those “chads” were mis-coded and how many ballots were discarded and potentially any voter could tell of their ballot had gone in the garbage. Paper systems can’t do that but computerized systems with paper audit trails can.

    There’s a saying “the adequate is the enemy of good” which would apply here except the paper-based systems aren’t that good. The whole system is subject to suppression on a massive scale. How many Georgia write-in voters know their vote was counted correctly? Meanwhile Kemp suppressed unknown votes between 50,000 and 200,000 and the system is so bad that nobody can tell that.

    By the way, a properly designed system would detect deletions and additions. They caught that one Trumpist who dumpstered a bunch of ballots because he was stupid and didn’t understand dumpsters. But a well-designed system would have flagged the anomalous non-return of an unusual number of votes in one area.

  12. says

    Any extra machine added here regardless of bells, whistles, printed receipts or hashing, is just extra attack surface.

    I know. That is why you have to have an audit trail that can be rationalized against any machine – because it’s not on that machine, it’s elsewhere.

    Next you’re going to say that double-entry bookkeeping has a larger attack surface. :) That is not how this works.

    If every ballot printed has a sequential 128-bit hash on it, you can tell if a ballot is fake because you can do the sequential hashes until you find it. You can save the sequential hashes in a database and scrub it to see how many ballots vanished and where they vanished from. If we assume cryptographic hashing works (I do) we can use just the hashes to model if one district is anomalous – we sent them 4000 ballots and they returned 5000 – and they are anomalously tilted toward one party with a certain P-value.

    I’ve already said that the collection endpoints should be running high integrity software and it goes without saying that the servers that rationalize and cross-check the databases would not be working against writeable copies of the database.

    Such systems need to be designed by non-idiots. Current systems are not that kind of system. But paper is not better automatically. Well-designed systems would judiciously combine computing and paper and be non-idiot designs.

    They’d be cost effective compared to “I lost lets do 5 recounts” too.

    Meanwhile: vote suppression. The republicans closed polling locations to discourage voting. How much? We don’t know. Why don’t we know? Because the overall system is not cross-checked. How many voters were there in an area, how many came through, how many voters couldn’t make it? Do a few billion hashes and a well-designed system could point in the right direction. If a voter feels they may be subject to suppression let them request a ballot hash code and if they can’t cast the ballot they can prove it.

    All this arguing about paper assumes that paper systems are not constructed so as to be manipulated by the Brian Kemps of the world. The reason the Brian Kemps of the world like them is so they can steal elections, paper and all.

  13. says

    Bruce Schneier explained this pretty succinctly once:

    Voting systems have another requirement that makes security even harder to achieve: the requirement for a secret ballot. Because we have to securely separate the election-roll system that determines who can vote from the system that collects and tabulates the votes, we can’t use the security systems available to banking and other high-value applications.
    We can securely bank online, but can’t securely vote online. If we could do away with anonymity — if everyone could check that their vote was counted correctly — then it would be easy to secure the vote. But that would lead to other problems. Before the US had the secret ballot, voter coercion and vote-buying were widespread.
    We can’t, so we need to accept that our voting systems are insecure. We need an election system that is resilient to the threats. And for many parts of the system, that means paper.

    I know how one of my ancestors voted for the Union Act of 1800 because voting was public record back then, you stood up on voting day and declared in public who/what you were voting for, and if you didn’t vote the way the landlord wanted you to, you would pretty quickly find yourself being evicted.
    I fully agree that voting should be federalized and run by an explicitly non-partisan FEC or the likes.
    But while we are at it let’s get rid of the moronic primaries and reruns and put in a modern single transferable vote system and then make it mandatory for citizens to vote and conduct all voting by mail.
    Likelihood of any of that happening?

  14. says

    If we could do away with anonymity — if everyone could check that their vote was counted correctly

    You can do that without giving away anonymity. Bruce is a cryptographer; he knows better than to assert something like that. His claim is based on current design. So yeah if you have a set of stupid requirements you’ll get stupid systems.

    The question is how much knowledge do you risk conveying and how much knowledge does the existing system also convey? Current voting systems are not anonymous – you are registered, go to vote at a certain place and a certain time – if someone wanted to narrow down who voted what it’s plausible.

    A system in which a voter was given a unique key for their ballot which they took to the polls with them would allow them to vote anywhere which defeats geo/time location and the ballot key would not be stored anywhere. It’s actually a useful use-case for chained hashes. Before someone says that a hash key is a problem, please consider that a driver’s license is just a low-quality pre-exchanged key that is exchanged out of band and which by the way completely melts your anonymity when you show it to the registrar. I get really frosted when people keep talking as though it’s impossible to do voting better than the shit we already accept because, uh, that shit is acceptable.

    One might argue that ballots could be fingerprinted NSA-style with colored shifted inks but if you’re willing to assume that level of malfeasance then may as well assume outright fraud (which is where we are today)

    There is a gigantic amount of room for improvement before it’s worth worrying about Orwellian edge-cases. (I’ll argue that de-anonymizing voters is relevant in a totalitarian state in which case why bother with elections, just announce that the president for life won with his usual 110% of the vote)

  15. chigau (違う) says

    Have y’all ever considered that your country is a load of fetid dingo kidneys and there is NO HOPE?

  16. Cutty Snark says

    Perhaps slightly off topic, but I found some of the points raised regarding election forensics by Mebane and Hicken to be quite interesting, and that the Election Forensics Toolkit was a useful starting point for me when looking into the statistics behind such analyses.

    I think Marcus raises a good point regarding the relative impacts of voter fraud and voter suppression, and of course then there may be arguments to be made regarding rotten boroughs, etc.

    As far as I can tell, it seems unlikely to me there will ever be a system which perfectly reflects the voting public and their wishes, but it is possible to construct a system which does this better – unless, of course, avoiding such a system is the point…

  17. Ketil Tveiten says

    @Marcus: thanks for clarifying. Still though, what you’re talking about is patching holes in the boat, when your real problem is a crew that deliberately runs the boat into the rocks. In sensible countries, we have low-tech trust-based solutions that are in principle vulnerable to shenanigans, but work because the responsible organisations are nonpartisan and work is put in to avoid conflicts of interest. A Kemp situation where a candidate can also be the person responsible for running the election would be unthinkable in a more civilized country. So like I say, it’s easier to fix these things with laws than with technology. Chain hashing and encryption won’t re-enfranchise disenfranchised people, see what I mean?

  18. Dunc says

    Technically, I think the proposal makes a great deal of sense. The problem I foresee is getting people to trust it… You have to remember that the vast majority of the population doesn’t know a hash function from a hash brown, and at least a significant plurality of them don’t really trust any mathematics beyond division (and I don’t mean none of that fancy-scmacy long division, neither). And suspicion is a perfectly reasonable response to someone trying to sell you a complex solution you don’t understand to an apparently simple problem… And that’s before the propagandists and conspiracy theorists get started on it. How long before some nutjob starts claiming that the hashcode on your ballot receipt is the Mark of the Beast? I’d give it maybe five minutes, if you’re lucky…

  19. sonofrojblake says

    Amongst all the talk of attack surfaces and hashes and cryptography and hacking paper, this jumped out:

    voter suppression is massive fraud that is not detected by paper ballots

    Well, yeah – but voter suppression is massive fraud that is, almost by definition, fucking obvious, a matter of public record, at least so far. Otherwise we wouldn’t be talking about it. The suppression tactics consist, as far as I can see and in the main, of deliberately, publicly and using the law making it difficult to vote for those segments of society seen as likely to vote the “wrong” way.

    You can tinker at the edges with fancy voting machines and hashing paper receipts and other such stuff, but until the Democrats are prepared to use their power to absolutely PREVENT gerrymandering, limiting number of polling places, limiting opening hours and other such nonsense, you’re pissing into the wind.

    The big problem any advocate of voting reform always has is that by definition, their ask to the people in power goes like this: “You know that system that got you the big office, the expense account and the cushy job? Could you change that please?”.

    Obvious example: Gore lost to Bush… except he didn’t, but that didn’t matter. There was then eight years of Republicans. In any sane universe, the first day Obama got in he’d have made the moves to change the system so a Gore/Bush situation couldn’t be repeated. And what did he do? (Seriously: I don’t know. Anything at all? Certainly nothing that stopped Trump winning despite losing the popular vote.)

  20. says

    This all seems to boil down to a common problem: You can’t have a sensible system if you don’t have sensible people. When people are motivated to corrupt the process, the process will be corrupt. There’s nothing to be done about that, because they won’t let it be done.

    It’ easy to come up with ways of fixing problems, but it’s all pissing in the wind if people don’t want the problems fixed.

  21. lorn says

    Yes, election security is a potential problem. But , as far as I can tell, the issue hasn’t come up … yet.

    So far the far cruder, and more gratuitously racist, measures have been the bind. Never forget, cruelty is the point. Voter culls were done based on some mix of having the same name as a felon and having a black sounding name. Simply limiting the number of places to register or vote works. Demanding certain ID’s, like concealed carry permits versus student ID’s, or multiple picture ID’s can lower participation by the poor and minority communities.

    Gerrymandering is rampant. Get rid of gerrymandering and the entire election process cools off because what is ‘red meat’ to one is insulting crap to another, and you will need to cater to all sides in a non-gerrymandered district.

  22. brucegee1962 says

    Gerrymandering needs its own discussion, but as far as I can tell, there isn’t any good way to “get rid” of it. Even if you make it completely non-partisan, there is still a question of what your priority is. Do you want compactness — ie. the lowest possible ratio of border:area, as close as possible to a series of perfect hexagons? Or do you want close races, with every district near to 50/50 between the parties? Or do you want representation, with farmers represented by someone who understands and will advocate for farming issues and city-dwellers represented by other city-dwellers? Because those are all contradictory desires.

  23. says

    > Gerrymandering needs its own discussion, but as far as I can tell, there isn’t any good way to “get rid” of it

    Sure there is, use a Proportional representation system.
    Take a state that has 5 congress critters today, then make it one big district with 5 reps.
    Each party would put up at least 5 candidates in the hopes of winning all the seats, so you would have maybe 20-30 people on the ballot.
    People can vote for just the one congress critter they like, put a check mark after their name
    Or they can vote straight party ticket and only vote for the 5 congress critters on the ballot from their party in order of preference.
    Or they can vote in whatever order they want for the congress critters they like all the way down the ballot.
    Ultimately you’ll likely get 4 congress critters representing the city folk and one representing the country folk.

    Read more at:

Leave a Reply