Today I want to continue our discussion of the secret ballot. (Previous posts: 1, 2.) One purpose of the secret ballot is to prevent coercion: if ballots are strongly secret, then the voter cannot produce evidence of how he voted, allowing him to lie safely to the would-be coercer about how he voted.
Talk about coercion usually centers on lead-pipe scenarios, where somebody issues a direct threat to a voter. Nice kneecaps you have there … be a shame if something unfortunate should happen to them.
But coercion needn’t be so direct. Consider this scenario: Big Johnny is a powerful man in town. Disturbing rumors swirl around him, but nothing has ever been proven. Big Johnny is pals with the mayor, and it’s no secret that Big Johnny wants the mayor reelected. The word goes around town that Big Johnny can tell how you vote, though nobody is quite sure how he does it. When you get to the polling place, Big Johnny’s cousin is one of the poll workers. You’re no fan of the mayor, but you don’t know much about his opponent. How do you vote?
What’s interesting about this scenario is that it doesn’t require Big Johnny to do anything. No lawbreaking is necessary, and the scheme works even if Big Johnny can’t actually tell how you vote, as long as the rumor that he can is at all plausible. You’re free to vote for the other guy, but Big Johnny’s influence will tend to push your vote toward the mayor. It’s soft coercion.
This sort of scheme would work today. E-voting systems are far from transparent. Do you know what is recorded in the machine’s memory cartridge? Big Johnny’s pals can get the cartridge. Is your vote time-stamped? Big Johnny’s cousin knows when you voted. Are the votes recorded in the order they were cast? Big Johnny’s cousin knows that you were the 37th voter today.
Paper ballots aren’t immune to such problems, either. Are you sure the blank paper ballot they gave you wasn’t marked? Remember: scanners can see things you can’t. And high-res scanners might be able to recognize tiny imperfections in that sheet of paper, or distinctive ink-splatters in its printing. Sure, the ballots are counted by hand, right there in the precinct, but what happens to them afterward?
There’s no perfect defense against this problem, but a good start is to insist on transparency in the election technology, and to research useful technologies and procedures. It’s a hard problem, and we have a long way to go.
What I don’t understand is this: what on earth is wrong with the age old pencil-paper-lockbox system? Our illustrious neighbors to the north do exactly this, and they usually have meaningful results within 2 hours of polls closing.
At some point, even with a relatively secret ballot, soft coercion of the (probably) illegal kind would seem to blend seamlessly into the kind of even softer coercion implicit in patronage systems and pork-barreling. Everyone knows the vote totals by precinct (they’re probably necessary to ensure a credible election), and those totals often determine how city, state and federal budgets get spent. The political organizers who do the best job of turning out votes in their precinct are in line for staff and civil-service jobs, and and that area of the city that voted against the mayor will be first in line for a highway or a housing project and last for business tax abatements.
That kind of coercion doesn’t reach down to the individual voter directly, but in communities where people know one another’s views, other community members can (or believe they can) get a pretty good idea of how others most likely voted, and thus what contribution they made to the gaining or withholding of government largesse. And then the lead pipes to the kneecaps…
(In the city where I grew up, at one point the mayor responded to a neighborhood that had helped scuttle his much-wanted highway extension by proposing a new traffic plan that made all the streets in the neighborhood one-way away from the only nearby arterial road. It was a salutary lesson.)
Defending against both overt and covert surveillance from a number of threat-sources requires mobility and unpredictability. Any fixed location is potentially vulnerable to some degree: a kitchen table may have a husband; a curtained voting booth may have a hidden camera in the ceiling tiles. Not even a Moscow embassy safe room….
The defender should be allowed to manage her own risks according to her own assessments. The system must provide the defender with opportunities and enforce sufficient time.
The voter should be allowed to obtain multiple ballots, and to fill them out and put them in envelopes at times and places of the voter’s own choosing. That’s not to say that the polling place shouldn’t provide private booths—instead, it probably should. But no one should be required to use the booth to mark their ballot. This has the potential to give any watcher a severe headache.
To ease the ballot distribution problem, the voter might be mailed one or more ballots and envelopes, at least ten days before the election. This helps with the voter’s problem of identifying her correct ballot, even if she picks up additional ballots elsewhere, or perhaps even prints copies from the ‘net. The ballots should be randomized before they’re mailed to the voters—even though every voter can add entropy to this subsystem.
Then the voter drops the envelope into the ballot box at her polling place during election day—under the eyes of the poll-watchers and the cameras.
have you looked at: http://punchscan.org/ ?
It’s an interesting and detailled approach of the problem.
Xcott Craver: Good point. In many organizations/hierarchies, people withholding their honest opinion (because of imagined retribution) is probably a larger problem (e.g. from management’s perspective) than actual censorship. But OTOH that’s precisely the way coercion and intimidation works. Most intimidators won’t follow up (in full) on all of their threats, and immediately, but probably on some and sometime, and you don’t know which and when.
Soft coersion is very important to emphasize, because when people imagine lead pipe scenarios, they then mistakenly conclude that coersion can’t be a huge factor in a national election..
However, with mail-in ballots, you can have a widespread coersive chilling effect even without any plan or intention by any party to coerce.
Example: you have a family that votes together by absentee ballot, and the household has an openly expressed political stance. Dad listens to pundit radio in the morning, and frequently rants about the idiots in the opposite party.
Mom is leaning towards voting for the opposite party, but would rather not reveal this. If she can’t vote secretly without arousing suspicion, she won’t amend her vote. That is (soft) coersion.
But in this case, Dad isn’t actually trying to coerce anyone, and might be alarmed to find that he produced this unwanted situation. He certainly can’t be prosecuted for voter intimidation.
In short, you can have widespread and unintended “soft coersion” if ballots are public enough to be visible within a peer group our household.
Perhaps “coersion” is even the wrong word. Peer pressure, or the local political climate, can have the same effect as coersion if the ballot becomes too public.
Are you sure the blank paper ballot they gave you wasn’t marked? Remember: scanners can see things you can’t.
With paper ballots, unless you start incorporating currency-grade anti-counterfeiting measures, controlling the supply of unmarked ballots seems to present an indefensibly over-extended security perimeter.
Pulling back the security perimeter so that the voter’s credentials are authenticated immediately prior to depositing their ballot seems the best defense. That does require privacy envelopes. Which opens up the possibility for continous video coverage of the ballot-box at the precinct. And, as a side-effect, the surveillance area could be wide enough to make a documentary record of any challenge to a voter’s credentials.
That just leaves the administrative problem of making sure that voters don’t pick up the wrong ballot at multi-district polling places—while avoiding linkage between the voter and the issued ballot.
It’s strange that vote-buying seems to go on all the time even though confirmation is not possible, or at least is not required. It must be reasonably successful or else it wouldn’t happen.
One thing they can do is to ask people after the vote if they voted for who they were supposed to. Most people aren’t that good at lying, especially if they’re scared. I’m waiting for the techno-fix for this one.
I’ve been having some thoughts along the same lines. As mentioned in a recent entry on the secret ballot, I disagree with the idea that vote-buying requires a mathematically sound proof of a vote, which seems a fairly frequent assumption in discussions of voting security and crypto.
There is also more to the issue in terms of what vote-buying costs the buyer and what vote-selling costs the seller (both in risk of prosecution and in time or effort required).