Recommended Federal Guidelines for Elections

I recommend that Congress pass and adopt the following Federal Guidelines for Elections.

Whereas honest, reliable, and reviewable elections are an essential part of our system of governance, and whereas the electoral process is subject to various accidental or deliberate inaccuracies, which can be (and history informs us sometimes are) sufficiently gross as to influence the result of the election, the following recommendations are offered.

The primary sources of inaccuracies include:

  • Voting by unauthorized people, such as non-citizens or under-age citizens.
  • More than one vote by an authorized citizen.
  • Loss or corruption of a legitimate vote.
  • Miscalculation of voting totals and results.
  • Inability of each political candidate or party to review and recount the ballots and results.
  • Sometimes mass insertion of fraudulent ballots.
  • Inability to track each accepted ballot back to its submitter, to verify their eligibility to vote.

The following federal guidelines address such sources as these.

  • Each and every ballot shall be individually accepted by a registered officer or agent of the government of the State receiving the ballot, be that a poll worker, a public notary, or other such identifiable registered official or agent of the government, who has sworn to faithfully execute the laws applicable to their position. Such officials or agents might include notaries public or USPS postal clerks and carriers, if so authorized, en masse or individually, to act as agents of the State receiving the ballot.
  • The time and place of this acceptance shall be recorded with that ballot, along with the identify of the voter and of the accepting official or agent. There must be some reasonable grounds, in this process of acceptance, that the receiving official or agent has verified the identify of the submitter of the ballot.
  • A separate, non-erasable, public, append-only (only add new data items, not modify or remove old data items) distributed ledger “audit trail” database of these acceptances shall be maintained, updated in near real-time, with sufficient anonymization to preserve individual vote privacy while enabling at least public, precinct level analysis of ballots being handled in the system, and (once tallied) of the summary vote totals by precinct. This provides one of the most robust ways available, long term, for private citizens to detect potential fraud or defects in the electoral process. Some would say that this audit trail calls for the use of “blockchain” technology, though for technical reasons, I would recommend more capable distributed ledgers such as Hedera’s hashgraph.
  • Any individual or entity with reasonably sufficient Internet, computing and storage facilities may participate in the distributed ledger database recording this audit trail, without permission or pre-authorization of any sort, beyond reasonable (as in not triggering typical low level spam, hacking, and denial of service filters) access to a public IP address, so that there is no enforced single or small set of control points at which that database can become, deliberately or accidentally, corrupted by the misfeasance or malfeasance of a few.
  • On the other hand, to prevent some adversary with sufficient resources from overwhelming and corrupting the audit trail, additions to the audit trail should only be permitted by sufficiently large, self-forming or officially blessed parties, which should include at least the various parties and candidates in each contest, and which audit trails should be kept forever separable by such parties, so that an audit trail variant from such a party deemed untrustworthy, or just not relevant to a particular purpose, can be ignored, whenever so desired, by those examining the audit trail data.
  • The actual votes made on any particular ballot would not be part of this public “audit trail”. Only the actual, retained, paper ballot for those votes would retain that primary source for that data.
  • Precinct level and above voting results, including when and where and by whom tallied, would however be part of this public audit trail.
  • The identify of those voting, and when and where they submitted their ballot to an authorized official or agent, is public information, not anonymized confidential information.
  • To “anonymize”, does not mean “include in the audit trail distributed ledger database, albeit encrypted somehow”, but rather “keep in a separate, secure database controlled by election officials and/or others so designated by state legislatures”, with each such record in that separate database, such as the votes on a particular ballot, given a Unique ID or similar, unique, random looking, identifier, to which the public audit trail can refer, without revealing confidential voting data of individual voting choices.
  • Access to that separate secure database, with individual ballot data, may be, and must be able to be, granted to state or federal law enforcement agents, given a proper search warrant.
  • Each significant step in the transmission, storage, handling and processing of each ballot, individually or in batches of identified ballots, shall be recorded in this public audit trail as well.
  • Ballots shall exist on individual pieces of paper, one or a few pieces per ballot, that are, at least, easily human readable by most authorized voters, and that may also be machine readable.
  • Records of both the actual paper ballots and of the public audit trail shall be available, by authorized election officials, agents, and representatives of all election contestants, with sufficient anonymization, for at least three years after an election.
  • If a number of ballots sufficient to make a difference in the outcome of a particular election can no longer be tracked back to authorized voters, one vote per authorized voter, no votes by unauthorized voters, with an unbroken chain of custody as recorded in the public audit trail, then that election shall be considered “inconclusive”. Each election shall have some back up plan for how the issues or positions being considered on the ballot shall be decided, in the event that that election is inconclusive.
  • Ballots in shipment or storage, individually or in batches, shall be sealed in containers or envelopes that are identified and trackable, showing at least at their origin, and again whenever reopened, when, where, and by which authorized government official or agents the sealing, and later reopening, of that envelope or container, occurred, and which ballot or ballots were in that envelope or container.

Be it also resolved to pass a Constitutional Amendment that only legal citizens of the United States may vote in the election of Federal representatives, officers, electors, or other such issues and matters as may come to vote on a Federal level.

Of course, the above, except for the detail that only citizens should be allowed to vote, is way too much detail, of technologically evolving matters, to consider including in the Constitution. The legislatures of each state retain the over-riding authority to handle such elections within their individual states. However, the House of Representatives might choose, when accepting state electors for a Presidential election, to consider the failure of a state to follow such guidelines, or anything adequately close, along with evidence of a fraudulent or defective election that might have been exposed or inhibited had such guidelines been followed, as grounds for not accepting those electors. That would be an essentially political decision that is left to the House of Representatives, as stated in the Constitution.

Thus by doing the above:

  • It will be more difficult to covertly add fraudulent or defective votes, especially in large quantity.
  • It will be more difficult to covertly discard legitimate votes, especially in large quantity.
  • It will be practical for election officials to thoroughly audit and recount elections, including the entire chain of custody of each ballot.
  • It will be easier for private citizens to examine all the precinct and above activity, without authorization or practical limitation.
  • Each step of the process shall be auditable to an appropriate level of privacy, by all parties concerned, including any private citizen examining the process, handling and results of any federal election.
  • The always present potential for a “failed” or “spoiled” election shall be recognized, whether by fraudulent or accidental cause, and the process for identifying and handling such understood and agreed to, prior to the election.

The level of tracking of ballots in the above described “audit trail” would have seemed impractically challenging technically,in past decades. It is now fairly routine and quite reliable in handling package shipping and delivery by various major corporations.

2 Likes

In short – We need to handle voting with the same practical and reliable practices that a bank uses to track and control the movement of money. Banks always know who did what, and when, with a secure audit trail, paper trail, and multiple security checks. Sufficient controls are applied to strongly discourage theft. The teller, or ATM machine, can give you $40 from your account, once you’ve provided reasonable proof that it’s your account, and they can see that your account has that available balance. But when they want to move $100,000 in cash, they hire armored cars and guards with guns.

No one would want even their child to open their first account, with the $10 they got for Christmas, at a bank where the bank owner had been probably been bribed a million dollars to install a totally unauditable system, from a company with a long record of bank fraud.

Our ballot is worthy of the same level security that the corner bank or gas station uses to stop an employee from taking a dollar bill from the till.

Unfortunately, our ballot security is controlled by politicians, and it’s not in their interest to impose broad scale, practical, and effective ballot security procedures and equipment.

It would be like having the United Federation of Bank Robbers in charge of our bank’s security.

2 Likes

Will you submit all this to your State Gov’t?!! :smiley: I like X=22’s idea of each voter getting a receipt show exactly who they voted for. How wonderful that all this corruption is being exposed so ALL the world can see what has been going on & each country can proceed with all their plans to correct this issue!! :partying_face:

2 Likes

I will probably be sticking these links in the wrong thread, but they are related to election stuff, and blockchain, and so on, and furthermore, I don’t even know if they would be useful to anyone here, but here goes anyway:

More on the Security of the 2020 US Election
On Blockchain Voting
Blockchain and Trust
pdf about hacking Dominion stuff by DefCon last year
pdf #2 about hacking Dominion stuff by DefCon last year

What’s called “blockchain” is the first specific, widely recognized, means of creating secure distributed ledgers, accessed and updated by independent entities, over a shared public network (the Internet), with minimal trust in each other".

First some double entry bookkeeping history:

Since the 1960’s, corporations, governments, and other institutions and organizations have come to depend on databases. See for example A Timeline of Database History, in case you’re not an old computer fart like myself and didn’t live through this yourself.

These Databases are computerized implementations of Double Entry Bookkeeping, which has been with us at least since Italian mathematician Fra Luca Pacioli and his close friend Leonardo da Vinci published their book “Summa de arithmetica, geometria, proportioni et proportionalita”.

Double-entry bookkeeping is the concept that every accounting transaction impacts a company’s finances in two ways. The general ledger is the record of the two sides of each transaction.

  • Double-entry bookkeeping says each accounting transaction has two sides.
  • The general ledger is a record of the two sides of the transaction—a debit and a credit.

Each entry has a “debit” side and a “credit” side, recorded in the general ledger. Asset accounts increase when debited and decrease when credited. Conversely, liabilities and equity increase when credited and decrease when debited. If an asset increases with a debit, then the credit side of the entry will either affect another asset by decreasing it, or affect a liability or equity account, increasing it, in order to keep the assets = liabilities + equity equation in balance.

Whether double-entry bookkeeping is done using pen and paper by wisened accountants with green eye shades, or on IBM’s latest computer, it’s basically the same thing, and has been for at least 600 years.

The ability to audit a set of books, to verify the asset and debit entries both against paper documentation and against each other, makes such accounting more reliable and trustworthy than more simple means, such as your neigborhood bookie or drug dealer or pimp might use.

The key:

Double Entry Bookkeeping helps each separate financial player in a significant monetary economy reliably track their own cash flows and financial assets and debts. Each maintainer of such a books keeps their own books, carefully making sure no other party can manipulate them.

Distributed Ledgers:

Distributed ledgers are the first “new” thing, in such basic account technology, in at least 600 years.

Taking advantage of the Internet, and of some cool new computer algorithms, now multiple independent parties can cooperatively maintain a shared set of books, with minimal trust between. No one of the parties can “go in and write the database to cook the books,” such as to steal some money.

Essentially it takes a majority of the parties that are managing such a set of books to agree on any update to the database, before that update is accepted.

The key Distributed Ledger problem:

The key problem with any distributed ledger is determining what a “majority” is, if you don’t know who’s voting.

Blockchains:

Blockchains solve this key problem by making each “voter” solve a computer problem that reliably (for currently available computers) takes a lot of work, say, ten minutes of burning up a custom computer.

I couldn’t find a good estimate of how many computers in the world are currently working the “Bitcoin” resolution, but I do find estimates that we’re currently spending more electrical power mining Bitcoin than the power requirements of all of Denmark, or equivalently more than humans spend mining gold world-wide.

The Blockchain technology behind Bitcoin is intentionally and necessarily slow and expensive. That’s part of how any one participant on this planet, even (apparently) the NSA, cannot overwhelm the blockchain and cook the books.

If this were the only distributed ledger, distributed trust, accounting system available, then this inherent cost of each transaction would severely limit the uses of Blockchain.

Other Distributed Ledger Technologies:

There are basically two kinds of work being done to address this limitation (Blockchain transactions are very slow and expensive):

  1. Layer an inherently fast and efficient transaction processing system, albeit without Blockchain’s inherent distributed security, on top of a more secure, much slower, Blockchain. The fast transaction system records its work, in an irreversible fashion, in a “batch” mode. Batch up thousands or tens of thousands of cheap, fast and easy transactions into a single data block, and perhaps a few times an hour, record the signature of that block on a Blockchain. Once that happens, those cheap, fast and easy transactions become irreversibly recorded. Currently the biggest such effort is Ethereum. Another favorite of mine is EOS.

  2. Other distributed ledger synchronization algorithms, not just “Blockchain” based, are being researched and developed by innovative computer science engineers. My favorite (as someone who has had a professional and personal interest in such algorithms for many decades) of these alternatives is Hedera’s Hashgraph, but it’s not for the algorithmic faint of heart.

So what does this have to do with voting?

Tracking, counting, and auditing voting ballots is another important application for secure, distributed, computer systems.

My fundamental Election Security proposal (see the first post on this thread, above) is for a sort of “Two Factor” voting system, where:

  1. The human readable ballot is the primary document, just like the dollar bill in my wallet is the primary document representing one unit of U.S. Currency
  2. Sort of like Fedex, DHL, UPS and Amazon track their packages and warehouse stock, end to end, we should use a computer system to track each ballot through the system, so as to protect “the chain of custod” of each ballot and allow auditing that can detect introducing false ballots, or removing good ballots (such as for the “wrong” candidate.)

Both the actual paper ballot, one per legal vote, and the audit trail of the handling of every ballot in the system, must be tracked. Without the audit trail, we can not be confident that the “chain of custody” of each ballot has been maintained, end-to-end.

But it’s essential that “ballot” tracking enable all those handling or examining ballots to update that tracking database, while stopping fraudulent updates. If the auditing database is centrally administered by some “Election Authority”, then it’s wide open to actual and alleged fraud, as we’re seeing once again in this 2020 Presidential Election.

I hear various proponents of election reform recommend using “blockchains” to make elections more secure. So far as I can tell, most such advocates understand our election process better than I do, but understand blockchains less well than I do. “Blockchain” has become a “magic” word for safe and secure shared computer tech, whenever used.

This could be like selling a home security system using a good padlock … and Ty-Wraps®:
istockphoto-930535684-1024x1024

If you don’t understand how blockchains, or other such “secure distributed ledgers”, work, just having a blockchain can be a useless distraction, a form of “Security through Magic”.

Summary:

Secure Distributed Ledger technology, a fundamentally new distributed accounting, whether using Blockchains or using other such algorithms, provides a way top provide a full audit trail of each ballot, each step of the way, with public viewing access to all non-confidential information of each ballot, every step of the way.

The combination of such a distributed, secure, audit trail and tracking each ballot on paper that the voter can see represents their intent, provides a fundamentally new way to dramatically improve election security.

However …:

I am cynically convinced that most of the inside political operatives who control our current election system do not want a genuinely more secure system.

The use, even in basically useless ways, of “magic buzzwords” such “Blockchain” puts us, including our election officials and our legislatures and politicians (most of whom do not have Computer Science degrees in Distributed Algorithms) at considerable risk of being sold fraudulently useless eye candy, “Security through Magic”, providing no real useful security.

1 Like