Trump signed an executive order today about mail in voting.
-
1. Marked ballots are generally returned in two nested envelopes or wrappers; the inner wrapper has no identifying information, while the outer one is unique to the voter and has both identifying information and, generally, the voter's signature. In most cases the only way to obtain a valid ballot and envelope is to have it mailed to the address on file with the local election office.
2. The voter returns (by mail, dropbox, etc) their ballot in the two envelopes and signs the outer one.
...
3. When the ballot envelope reaches the election office, it's processed in two stages:
3a) First, the outer envelope is checked to verify that it contains the unique identifying information for the voter (usually a unique ID number), that that ballot wasn't already processed, and that the signature matches what's on file. If there is any discrepancy, the ballot is held for exception processing.
3b) If the verification was OK, the inner envelope (with the ballot inside) is sent to tallying.
... -
3. When the ballot envelope reaches the election office, it's processed in two stages:
3a) First, the outer envelope is checked to verify that it contains the unique identifying information for the voter (usually a unique ID number), that that ballot wasn't already processed, and that the signature matches what's on file. If there is any discrepancy, the ballot is held for exception processing.
3b) If the verification was OK, the inner envelope (with the ballot inside) is sent to tallying.
...@mattblaze
I conjecture that voters mostly fall in two groups:
1) Those who've never used vote-by-mail and maybe have suspicions.
2) Those who've used it for years and would never voluntarily stop using it. -
3. When the ballot envelope reaches the election office, it's processed in two stages:
3a) First, the outer envelope is checked to verify that it contains the unique identifying information for the voter (usually a unique ID number), that that ballot wasn't already processed, and that the signature matches what's on file. If there is any discrepancy, the ballot is held for exception processing.
3b) If the verification was OK, the inner envelope (with the ballot inside) is sent to tallying.
...4) The inner envelopes (of accepted ballots) are opened only later, in batches after they've been separated from the outer envelopes with the identifying information. This preserves ballot secrecy. Then the opened ballots are sent to the tally machines (generally optical scanners) and retained.
This workflow has a number of important properties.
...
-
4) The inner envelopes (of accepted ballots) are opened only later, in batches after they've been separated from the outer envelopes with the identifying information. This preserves ballot secrecy. Then the opened ballots are sent to the tally machines (generally optical scanners) and retained.
This workflow has a number of important properties.
...
- First, you can only send in a ballot accompanied (on the outer envelope) by something that was sent specifically to the voter, with unique identifying information that a third party couldn't obtain (the ballot ID number). And each ballot ID can only be processed once, since it's checked off a list once it's accepted.
- Second, the submitter of the ballot has to sign the voter's signature. So we know not only that the ballot was sent to them, but have a signature to compare it with.
...
-
4) The inner envelopes (of accepted ballots) are opened only later, in batches after they've been separated from the outer envelopes with the identifying information. This preserves ballot secrecy. Then the opened ballots are sent to the tally machines (generally optical scanners) and retained.
This workflow has a number of important properties.
...
@mattblaze I'm concerned that the existence of the EO, even unimplemented, will have a chilling effect on people who might feel their vote is less likely to be counted.
-
- First, you can only send in a ballot accompanied (on the outer envelope) by something that was sent specifically to the voter, with unique identifying information that a third party couldn't obtain (the ballot ID number). And each ballot ID can only be processed once, since it's checked off a list once it's accepted.
- Second, the submitter of the ballot has to sign the voter's signature. So we know not only that the ballot was sent to them, but have a signature to compare it with.
...
- Third, exceptions are extremely rare and would be quickly noticed. If an even moderate number of duplicate ballots or ballots with invalid ID numbers were to come it, that would be a HUGE deal (and I'm not aware of any place in the US where it's actually happened). It would rapidly trigger a major investigation, likely involving both state/local and federal authorities.
...
-
- Third, exceptions are extremely rare and would be quickly noticed. If an even moderate number of duplicate ballots or ballots with invalid ID numbers were to come it, that would be a HUGE deal (and I'm not aware of any place in the US where it's actually happened). It would rapidly trigger a major investigation, likely involving both state/local and federal authorities.
...
@mattblaze this part. People can be nefarious. The checks and balances thwart it from becoming impactful. Volunteer for your local elections!!!
-
- Third, exceptions are extremely rare and would be quickly noticed. If an even moderate number of duplicate ballots or ballots with invalid ID numbers were to come it, that would be a HUGE deal (and I'm not aware of any place in the US where it's actually happened). It would rapidly trigger a major investigation, likely involving both state/local and federal authorities.
...
So in summary, mail-in ballots are secured by mechanisms and processes that replicate all the steps of the check-in process at in-person precinct polling stations, but with the ADDITIONAL safeguard that the voter needs to provide a unique document that was sent to their address for each election.
The idea that mail-in voting invites fraud is simply not supported by reality.
-
1. Marked ballots are generally returned in two nested envelopes or wrappers; the inner wrapper has no identifying information, while the outer one is unique to the voter and has both identifying information and, generally, the voter's signature. In most cases the only way to obtain a valid ballot and envelope is to have it mailed to the address on file with the local election office.
2. The voter returns (by mail, dropbox, etc) their ballot in the two envelopes and signs the outer one.
...
@mattblaze when I've done mail-in voting (in Canada, and for a US professional organization), it's been like this.
-
3. When the ballot envelope reaches the election office, it's processed in two stages:
3a) First, the outer envelope is checked to verify that it contains the unique identifying information for the voter (usually a unique ID number), that that ballot wasn't already processed, and that the signature matches what's on file. If there is any discrepancy, the ballot is held for exception processing.
3b) If the verification was OK, the inner envelope (with the ballot inside) is sent to tallying.
...A useful feature available in California is they can send you texts or emails at this step saying that they got your ballot, and when it was counted.
(Though you do have to sign up for the ballot notifications)And I'm guessing if there was a problem you'd get a different message explaining how to fix the ballot. (But I haven't seen that one)
-
@mattblaze I'm concerned that the existence of the EO, even unimplemented, will have a chilling effect on people who might feel their vote is less likely to be counted.
@jmjm @mattblaze But Utah and Oregon have universal mail-in voting. That's how everyone votes.
-
It's worth trying to understand what problem this executive order is purporting to solve. It's not clear; you have to squint.
Trump and many of the election deniers have created a widespread impression that mail-in ballots are unsecured, and that there are no (or only ineffective) safeguards against sending in counterfeit, fake, or duplicated ballots and having them counted.
But, despite being repeated frequently, this impression is completely false and baseless, as I'll discuss.
@mattblaze two faced double tongue. Creeps
-
So in summary, mail-in ballots are secured by mechanisms and processes that replicate all the steps of the check-in process at in-person precinct polling stations, but with the ADDITIONAL safeguard that the voter needs to provide a unique document that was sent to their address for each election.
The idea that mail-in voting invites fraud is simply not supported by reality.
@mattblaze @mattblaze We do all mail-in ballots in WA and it works just fine. We don't have walk-in polling centers anymore.
One advantage is you get a receipt and can go to a web site to see that your vote was received and counted.
-
@mattblaze @mattblaze We do all mail-in ballots in WA and it works just fine. We don't have walk-in polling centers anymore.
One advantage is you get a receipt and can go to a web site to see that your vote was received and counted.
Or rejected, which is great if (let's say) your name changed and you signed your old name.
Vote in mail is the best and I hate that I now live in a State without it, but I'll keep fighting for it because more people vote with mail in ballots (which is why some are trying to kill it)
-
@mattblaze Oh, we know what problems it purports to solve: the insecurity of mail-in ballots and non-citizens voting. What is unclear is how this actually solves either (non-existent) problem.
We also know what problem they're actually trying to solve: Democrats voting.@SteveBellovin
> the insecurity ...
Mail in ballots are secure, we know this, once they arrive - as described by Matt Blaze in this thread.> problem they're actually trying to solve: Democrats voting.
This EO deals exactly with this, IMO in a viable way:
1. The voter lists handed over by the State (voluntarily or not) contain the very data that will be used to make a barcode to be placed on the *outside* of the outer envelope.
2. Each and every such envelope *must* travel through at least one high-volume mail sorting machine. In this point, a bug in the software seeing a "suspected non-citizen" barcode can put their ballot aside for later inspection. While some 5,000 DBCS machines are in operation, it is only a few types of them. And only those close to the CCL-s matter. (In few States tabulation occurs at County/Municipal level)
@mattblaze
It is well in your capacity to call to secure procedure against the above scenario.a) simplest: The outer envelope ID should be registered at arrival then after separating it should be *published* online.
b) robust: Hash(ID) printed on the inside additional wraper on the top and bottom. Voter is instructed to tear this wrapper to two, one to be returned, second for a protest had their H(ID) was not registered upon arrival.Kind regards, your welcome, Ohir Ripe
-
@SteveBellovin
> the insecurity ...
Mail in ballots are secure, we know this, once they arrive - as described by Matt Blaze in this thread.> problem they're actually trying to solve: Democrats voting.
This EO deals exactly with this, IMO in a viable way:
1. The voter lists handed over by the State (voluntarily or not) contain the very data that will be used to make a barcode to be placed on the *outside* of the outer envelope.
2. Each and every such envelope *must* travel through at least one high-volume mail sorting machine. In this point, a bug in the software seeing a "suspected non-citizen" barcode can put their ballot aside for later inspection. While some 5,000 DBCS machines are in operation, it is only a few types of them. And only those close to the CCL-s matter. (In few States tabulation occurs at County/Municipal level)
@mattblaze
It is well in your capacity to call to secure procedure against the above scenario.a) simplest: The outer envelope ID should be registered at arrival then after separating it should be *published* online.
b) robust: Hash(ID) printed on the inside additional wraper on the top and bottom. Voter is instructed to tear this wrapper to two, one to be returned, second for a protest had their H(ID) was not registered upon arrival.Kind regards, your welcome, Ohir Ripe
c) at least advise States that parted with their voter lists to securely make *new* IDs and as close to the ballot package distribution as possible. Ideally this new ID should be generated and printed when clerk signs the package to be mailed out.
-
@mattblaze So the extreme hypothetical conspiracy would be to somehow obtain the voter unique ballot IDs, create duplicates, and send them in before the voter can send in the legit ballot. I'm not suggesting it's even plausible! Just mulling over what it would take to create actual voter fraud. And even then, as you say, a large number of duplicates would cause a red flag.
-
@mattblaze So the extreme hypothetical conspiracy would be to somehow obtain the voter unique ballot IDs, create duplicates, and send them in before the voter can send in the legit ballot. I'm not suggesting it's even plausible! Just mulling over what it would take to create actual voter fraud. And even then, as you say, a large number of duplicates would cause a red flag.
@mattblaze Through perhaps it need not be that elaborate in timing. The whole election fraud BS is intended merely to sow doubt and provide cover for extralegal refusal to honor the result. So the key would be to obtain the ballot IDs and submit duplicates to cause the red flag even if the false ballot is rejected instead of counted.
-
So in summary, mail-in ballots are secured by mechanisms and processes that replicate all the steps of the check-in process at in-person precinct polling stations, but with the ADDITIONAL safeguard that the voter needs to provide a unique document that was sent to their address for each election.
The idea that mail-in voting invites fraud is simply not supported by reality.
@mattblaze The funny thing is the US does one step more to check mail-in ballots than, for example, Germany. Here, we have the same two envelope system. We don't sign the outer envelope but a special form, called "Wahlschein"¹ that has to be in the outer envelope. Poll workers check identifying details and that the voter signed but they do not compare it to any signature on file. If it's signed, it's good.
¹) It's possible a Wahlschein has been invalidated and that's checked as well.
-
So in summary, mail-in ballots are secured by mechanisms and processes that replicate all the steps of the check-in process at in-person precinct polling stations, but with the ADDITIONAL safeguard that the voter needs to provide a unique document that was sent to their address for each election.
The idea that mail-in voting invites fraud is simply not supported by reality.
@mattblaze there is one type of ballot stuffing that theoretically could be tried. You find out who is registered but almost never votes, request a ballot for them, and then vote "on their behalf". But that's actually easier to do in person than by mail because signatures aren't typically verified with in-person voting. This can be done in places where identification isn't checked at the polling place or is relatively weakly checked.
And you need to be mighty confident that the real voter won't show up. And even then the amount of effort involved in each ballot makes the ROI really low.
*And* of course this scenario is entirely orthogonal to the ostensible vulnerability this EO describes.
I know you're already aware of (perhaps all of) the vulnerabilities that exist in the system today. I bring this up for completeness, not to dispute what you said or to suggest that I think you hadn't considered it. I therefore mention it because other people read these threads and can benefit from them.
