Trump signed an executive order today about mail in voting.
-
3. When the ballot envelope reaches the election office, it's processed in two stages:
3a) First, the outer envelope is checked to verify that it contains the unique identifying information for the voter (usually a unique ID number), that that ballot wasn't already processed, and that the signature matches what's on file. If there is any discrepancy, the ballot is held for exception processing.
3b) If the verification was OK, the inner envelope (with the ballot inside) is sent to tallying.
...A useful feature available in California is they can send you texts or emails at this step saying that they got your ballot, and when it was counted.
(Though you do have to sign up for the ballot notifications)And I'm guessing if there was a problem you'd get a different message explaining how to fix the ballot. (But I haven't seen that one)
-
@mattblaze I'm concerned that the existence of the EO, even unimplemented, will have a chilling effect on people who might feel their vote is less likely to be counted.
@jmjm @mattblaze But Utah and Oregon have universal mail-in voting. That's how everyone votes.
-
It's worth trying to understand what problem this executive order is purporting to solve. It's not clear; you have to squint.
Trump and many of the election deniers have created a widespread impression that mail-in ballots are unsecured, and that there are no (or only ineffective) safeguards against sending in counterfeit, fake, or duplicated ballots and having them counted.
But, despite being repeated frequently, this impression is completely false and baseless, as I'll discuss.
@mattblaze two faced double tongue. Creeps
-
So in summary, mail-in ballots are secured by mechanisms and processes that replicate all the steps of the check-in process at in-person precinct polling stations, but with the ADDITIONAL safeguard that the voter needs to provide a unique document that was sent to their address for each election.
The idea that mail-in voting invites fraud is simply not supported by reality.
@mattblaze @mattblaze We do all mail-in ballots in WA and it works just fine. We don't have walk-in polling centers anymore.
One advantage is you get a receipt and can go to a web site to see that your vote was received and counted.
-
@mattblaze @mattblaze We do all mail-in ballots in WA and it works just fine. We don't have walk-in polling centers anymore.
One advantage is you get a receipt and can go to a web site to see that your vote was received and counted.
Or rejected, which is great if (let's say) your name changed and you signed your old name.
Vote in mail is the best and I hate that I now live in a State without it, but I'll keep fighting for it because more people vote with mail in ballots (which is why some are trying to kill it)
-
@mattblaze Oh, we know what problems it purports to solve: the insecurity of mail-in ballots and non-citizens voting. What is unclear is how this actually solves either (non-existent) problem.
We also know what problem they're actually trying to solve: Democrats voting.@SteveBellovin
> the insecurity ...
Mail in ballots are secure, we know this, once they arrive - as described by Matt Blaze in this thread.> problem they're actually trying to solve: Democrats voting.
This EO deals exactly with this, IMO in a viable way:
1. The voter lists handed over by the State (voluntarily or not) contain the very data that will be used to make a barcode to be placed on the *outside* of the outer envelope.
2. Each and every such envelope *must* travel through at least one high-volume mail sorting machine. In this point, a bug in the software seeing a "suspected non-citizen" barcode can put their ballot aside for later inspection. While some 5,000 DBCS machines are in operation, it is only a few types of them. And only those close to the CCL-s matter. (In few States tabulation occurs at County/Municipal level)
@mattblaze
It is well in your capacity to call to secure procedure against the above scenario.a) simplest: The outer envelope ID should be registered at arrival then after separating it should be *published* online.
b) robust: Hash(ID) printed on the inside additional wraper on the top and bottom. Voter is instructed to tear this wrapper to two, one to be returned, second for a protest had their H(ID) was not registered upon arrival.Kind regards, your welcome, Ohir Ripe
-
@SteveBellovin
> the insecurity ...
Mail in ballots are secure, we know this, once they arrive - as described by Matt Blaze in this thread.> problem they're actually trying to solve: Democrats voting.
This EO deals exactly with this, IMO in a viable way:
1. The voter lists handed over by the State (voluntarily or not) contain the very data that will be used to make a barcode to be placed on the *outside* of the outer envelope.
2. Each and every such envelope *must* travel through at least one high-volume mail sorting machine. In this point, a bug in the software seeing a "suspected non-citizen" barcode can put their ballot aside for later inspection. While some 5,000 DBCS machines are in operation, it is only a few types of them. And only those close to the CCL-s matter. (In few States tabulation occurs at County/Municipal level)
@mattblaze
It is well in your capacity to call to secure procedure against the above scenario.a) simplest: The outer envelope ID should be registered at arrival then after separating it should be *published* online.
b) robust: Hash(ID) printed on the inside additional wraper on the top and bottom. Voter is instructed to tear this wrapper to two, one to be returned, second for a protest had their H(ID) was not registered upon arrival.Kind regards, your welcome, Ohir Ripe
c) at least advise States that parted with their voter lists to securely make *new* IDs and as close to the ballot package distribution as possible. Ideally this new ID should be generated and printed when clerk signs the package to be mailed out.
-
@mattblaze So the extreme hypothetical conspiracy would be to somehow obtain the voter unique ballot IDs, create duplicates, and send them in before the voter can send in the legit ballot. I'm not suggesting it's even plausible! Just mulling over what it would take to create actual voter fraud. And even then, as you say, a large number of duplicates would cause a red flag.
-
@mattblaze So the extreme hypothetical conspiracy would be to somehow obtain the voter unique ballot IDs, create duplicates, and send them in before the voter can send in the legit ballot. I'm not suggesting it's even plausible! Just mulling over what it would take to create actual voter fraud. And even then, as you say, a large number of duplicates would cause a red flag.
@mattblaze Through perhaps it need not be that elaborate in timing. The whole election fraud BS is intended merely to sow doubt and provide cover for extralegal refusal to honor the result. So the key would be to obtain the ballot IDs and submit duplicates to cause the red flag even if the false ballot is rejected instead of counted.
-
So in summary, mail-in ballots are secured by mechanisms and processes that replicate all the steps of the check-in process at in-person precinct polling stations, but with the ADDITIONAL safeguard that the voter needs to provide a unique document that was sent to their address for each election.
The idea that mail-in voting invites fraud is simply not supported by reality.
@mattblaze The funny thing is the US does one step more to check mail-in ballots than, for example, Germany. Here, we have the same two envelope system. We don't sign the outer envelope but a special form, called "Wahlschein"¹ that has to be in the outer envelope. Poll workers check identifying details and that the voter signed but they do not compare it to any signature on file. If it's signed, it's good.
¹) It's possible a Wahlschein has been invalidated and that's checked as well.
-
So in summary, mail-in ballots are secured by mechanisms and processes that replicate all the steps of the check-in process at in-person precinct polling stations, but with the ADDITIONAL safeguard that the voter needs to provide a unique document that was sent to their address for each election.
The idea that mail-in voting invites fraud is simply not supported by reality.
@mattblaze there is one type of ballot stuffing that theoretically could be tried. You find out who is registered but almost never votes, request a ballot for them, and then vote "on their behalf". But that's actually easier to do in person than by mail because signatures aren't typically verified with in-person voting. This can be done in places where identification isn't checked at the polling place or is relatively weakly checked.
And you need to be mighty confident that the real voter won't show up. And even then the amount of effort involved in each ballot makes the ROI really low.
*And* of course this scenario is entirely orthogonal to the ostensible vulnerability this EO describes.
I know you're already aware of (perhaps all of) the vulnerabilities that exist in the system today. I bring this up for completeness, not to dispute what you said or to suggest that I think you hadn't considered it. I therefore mention it because other people read these threads and can benefit from them.
-
Trump signed an executive order today about mail in voting. It's an attempt to restrict postal delivery of mail in ballots to people on a DHS-compiled list of citizens.
Rick Hasen has a nice summary (tl;dr: not much to get worked up over here, for both legal and practical reasons):
Breaking: President Trump Signs New Executive Order on Elections: It is Underwhelming Compared to What Was Threatened. It's Key Part is Likely Unconstitutional: Directing the Post Office to Reject Mail Ballots Except from Those on Federally Approved Voter Lists #ELB
President Trump has signed a second executive order purporting to regulate federal elections (especially mail ballots). His first executive order from March 2025 has already been enjoined in key parts for violating the Constitution. As Judge Kollar-Kotelly wrote in one … Continue reading Breaking: President Trump Signs New Executive Order on Elections: It is Underwhelming Compared to What Was Threatened. It’s Key Part is Likely Unconstitutional: Directing the Post Office to Reject Mail Ballots Except from Those on Federally Approved Voter Lists →
Election Law Blog (electionlawblog.org)
@mattblaze Sounds like the USPS just got put in the middle of the election process. Where is the money coming from to fund that EO.
-
So in summary, mail-in ballots are secured by mechanisms and processes that replicate all the steps of the check-in process at in-person precinct polling stations, but with the ADDITIONAL safeguard that the voter needs to provide a unique document that was sent to their address for each election.
The idea that mail-in voting invites fraud is simply not supported by reality.
Let me get this straight: a #Trump appointee, the Postmaster General, is in charge of delivering to each citizen a permit to vote--the bar-coded return envelope for the #ballot
No chance for shenanigans there. Expect mail delivery to be on time in rural MAGA counties. Mail delivery in Brooklyn, the Bronx, Boston, and Baltimore suffers unexplained delays.
-
@mattblaze there is one type of ballot stuffing that theoretically could be tried. You find out who is registered but almost never votes, request a ballot for them, and then vote "on their behalf". But that's actually easier to do in person than by mail because signatures aren't typically verified with in-person voting. This can be done in places where identification isn't checked at the polling place or is relatively weakly checked.
And you need to be mighty confident that the real voter won't show up. And even then the amount of effort involved in each ballot makes the ROI really low.
*And* of course this scenario is entirely orthogonal to the ostensible vulnerability this EO describes.
I know you're already aware of (perhaps all of) the vulnerabilities that exist in the system today. I bring this up for completeness, not to dispute what you said or to suggest that I think you hadn't considered it. I therefore mention it because other people read these threads and can benefit from them.
In New Jersey, no ID is required to vote. Nevertheless, my current signature and the one on file is subject to ocular inspection and comparison before I'm allowed in the booth.
-
In New Jersey, no ID is required to vote. Nevertheless, my current signature and the one on file is subject to ocular inspection and comparison before I'm allowed in the booth.
@Stinson_108 @mattblaze yeah the "fun" part about these topics is the regional variations. Matt talks about this all the time, with good reason. It also means that it's pretty much impossible to come up with a single voting fraud strategy that can work nationwide.
-
4) The inner envelopes (of accepted ballots) are opened only later, in batches after they've been separated from the outer envelopes with the identifying information. This preserves ballot secrecy. Then the opened ballots are sent to the tally machines (generally optical scanners) and retained.
This workflow has a number of important properties.
...
@mattblaze
In my CA county, there is only the outer return envelope with the signature. No inner, just the ballot that is stored for counting on election day. -
So in summary, mail-in ballots are secured by mechanisms and processes that replicate all the steps of the check-in process at in-person precinct polling stations, but with the ADDITIONAL safeguard that the voter needs to provide a unique document that was sent to their address for each election.
The idea that mail-in voting invites fraud is simply not supported by reality.
@mattblaze Trump doesn't care about reality. He lives in alternative facts.
-
@mattblaze Trump doesn't care about reality. He lives in alternative facts.
@dapangma ok. But perhaps there are people here who *do* care. That’s who my post is for.
-
@dapangma ok. But perhaps there are people here who *do* care. That’s who my post is for.
@mattblaze @dapangma Thanks Matt!
-
R relay@relay.infosec.exchange shared this topic
