Voting method reflections

Fri 28 January 2022
Transparent voting box (Photo credit: Wikipedia)

This article presents personal thoughts on voting methods. More specifically, it presents guarantees offer by the traditional non-electronic voting method and won’t elaborate on electronic voting.


First, let’s define few specifications I’d like to develop.

  • any voter can understand how his vote is taken into account
  • any voter can vote sincerely (usually done thanks to secrecy):
    • no fear for retaliation
    • any one can check the voter does not suffer pressure when he selecting its ballot
  • any voter can check results

Paper voting methods description

Let’s note that all the following steps can be understand by a school pupil, and thus by most if not all voters.

At the pooling station

The voting booth

The first steps consist in going into a voting booth with voting material. The booth is designed such that any one can count the number of people inside (usually by leaving part of the legs visible). The voter brings all the voting material inside the booth. When there is no one inside, anyone can inspect the booth. This ensure the voter can select its ballot alone, without any external pressure. I hardly see how this can be done with online voting.

The ballot envelope

Once the ballot is put in its envelope, the secrecy of the vote is ensure by the opacity of the envelope. The integrity of the vote is guaranteed by the properties of the paper and the ink used for the ballot.

Here is a point a failure. Although anyone should be familiar with paper, envelope and ink and thus easily trust this old school technology, it is easy to imagine envelope whose opacity vary over time or a combination of invisible ink that appears over time and other ink that disappear over time. A ballot whose printing change between the voting booth and unpacking is imaginable.

Envelopes are all identical so that it is hard to distinguish votes from each other, and thus trace back an envelope to a voter.

The ballot box

The ballot box is locked with multiple keys (usually two). Each key is held by an assessor. There are usually two assessors. Opening the box require both assessor to agree.

Once the voting period is open, the box is visible to anyone. Anyone can then see the box, anytime during the whole voting period. At least two assessors have a constant view over the box. Thus it is hard to recover a specific envelope from inside the box (whatever the goal).

The ballot box is transparent. This way, the voter can see its envelope falling into the box. Moreover, anyone can see (any time during the whole voting period) the voting box filing level. This make it hard to add, modify or remove envelopes that have been put in the ballot box.

The best way to check the filing of the voting box for electronic method is to display publicly the number of votes in live.

The box opening

The box is open publicly. To be open, the two assessor must agree. This ensure no single person can corrupt the content of the box while opening it.

Envelopes are put on large table at once. This process (kind of) shuffle the envelopes. Envelopes are then grouped by piles, each pile containing a specific number of envelopes (e.g. 100). It is hard to predict in which pile a specific envelope will be located, making harder the possibility to trace back a vote to a voter.

For electronic methods, this shuffle can be done but requires no one can access the partial ballot results (even in case of reboot – which requires some persistent storage –, even remotely). I let the reader imagine what happen if someone has access to partial results (in the extreme case, just before and just after a vote, for example at startup and just after the first vote of the day)

Envelopes are opened one by one, read and counted by at least two different persons. If there is not anomaly detected, the result of the box it forwarded to higher level.

For electronic voting methods, the step is quite faster but trust must be given to at least:

  • people writing the software (avoidable with open source software)
  • people checking the code (requires skills only few people have)
  • people deploying the software (the software running must be the one foreseen)
  • the hardware (bugs can be caused by unforseenable hardware problems)

The counting

At least in France for national votes result for each polling station is published. Then aggregation are done at several levels (polling station, municipality, district, department, region). It is quite easy to follow and check aggregation from one specific pooling station to the national level.

This part is not voting method-dependent.

In any case, if a fraud is detected at a pooling station level and if discarding this pooling station does not change the outcome, the pooling station’s result is discarded.

For the traditional methods, organising a fraud is feasible. Not easy, but feasible. Given the number of people to corrupt, the bigger the fraud, the harder it is to realize. Fraud at pooling station level are possible, and discarding the result from few pooling station can be done. Once done, it is quite easy to redo the math given the results for each other pooling station are public.

Personal thoughts

If you know someone that can vote but is not able to check every steps of the process, the voting method is bad. Given two bad voting methods, prefer the one with fewer non reviewable steps.

Category: reflections Tagged: geopolitics reflection vote

Page 1 of 1