Election security under IRV
No matter what reason there may be to distinguish between tactics and strategy in voting, the main point related to either one is that if you as the voter are exercising the power the system gives you, you cannot do so based on your preferences alone, but have to take into account your estimate of the stances of the other voters. This is a consequence of the Gibbard theorem. For a system to be ethical, it must accord equal power to the voters.
Anyway, all this is off topic of election security.
you cannot do so based on your preferences alone, but have to take into account your estimate of the stances of the other voters [...] For a system to be ethical, it must accord equal power to the voters.
And thus, for a system to be ethical, it must only allow two candidates ¯\_(ツ)_/¯
Sass last edited by
@jack-waugh Anonymity of votes used to be sacred in election security because of fears over voter coercion and vote selling. However, modern data has demonstrated that fear to be overblown.
Today, voters have internet-connected cameras as a commodity, yet vote-by-mail has remained (when executed correctly) the most secure form of voting in the US. Why? Because it costs more per vote to coerce or buy voters than it does to just campaign. It's not economically scalable, and also scaled decentralized attacks are almost impossible to keep secret.
Now, there is a counter argument that allowing for the possibility of a single voter to be coerced by a domestic abuser is ethically unacceptable. That debate is more philosophical -- it's a risk vs benefits analysis at its core. However, it seems most relevant people seem to believe the benefits outweigh the risks in this case so far, though that could change as IRV shifts to even higher-profile elections.
In my opinion, I say release the ballot data, at least for now. Though, that does not solve the problem of making IRV susceptible to scaled election attacks. Good luck getting every precinct to create a hundred different piles of matching ballots for each race and then reporting all of that info to the public in a secure way with no mistakes during a hand recount. Practically speaking, tabulation will be centralized to single point of failure, like the entire state of Maine already does.
rob Banned last edited by
This post is deleted!
In my opinion, I say release the ballot data, at least for now. Though, that does not solve the problem of making IRV susceptible to scaled election attacks.
Are you saying it is significantly more susceptible to such attacks than any other ranked or rated system?
Practically speaking, tabulation will be centralized to single point of failure, like the entire state of Maine already does.
I have not seen anyone else complaining about this being a security issue. That doesn't mean it isn't, but ... it just makes me suspicious that you have another bias against IRV and this sort of fits the narrative. And maybe that isn't it, I just would like to see if anyone else, such as election security experts, is concerned about this. Any links or anything?
(which is evidence of disingenuity from FairVote and the Hare RCV promoters).
"Ranked choice" seems to me to be a reasonable attempt to communicate to the public that 1) RCV/IRV is not actually "instant" (which is lame, but reality), and 2) it just communicates what seems most significant to voters. I understood San Francisco to have used the term first in 2005 ( https://web.archive.org/web/20081202040611/http://fairvote.org/media/irv/sanfrancisco/RCVCandidateGuide04.pdf ), and I'm just not convinced it was to hide its connection to IRV, especially not to any future failure in Burlington. Most people here that I have talked to have no idea how the tabulation works and really don't care, they just know that they rank the candidates on the ballot and they don't have to vote insincerely. I'd expect that if it changed to a Condorcet system, "runoff based" or not, they'd care less than they cared when it was increased from being able to rank 3 to being able to rank 10. (which was not very much)
Score changed its name from Range, and FPTP and Choose-one and plurality are all used for the same thing. (I think "choose one" is the best, FPTP is just confusing and meaningless, while regular people don't seem to know what "plurality" means)
The good news is we can turn it to our advantage if we want to be pragmatic. Instead of calling Condorcet "Condorcet", just call it a more sophisticated variation of RCV. It might help reduce potential resistance to Condorcet by just treating it as a minor upgrade from RCV-Hare.
And I'm, sure as hell, not done talking about Burlington 2009.
Ok. Seems like a poor strategy, but hey, maybe it's a good tactic.
(in all seriousness, on strategy vs. tactic, it'd be great if you just explained what you meant relative to voting, rather than equating it to military stuff which to many -- including myself -- is just completely different. I still don't know what you mean, and I'm pretty sure I'm not stupid. Just tell us.)
Good luck getting every precinct to create a hundred different piles of matching ballots for each race and then reporting all of that info to the public in a secure way with no mistakes during a hand recount.
I guess Rob's vision here is that in the first count (as distinct from a hand recount), the precinct will have the voters cast their ballots through scanners, and a system set up and tested in advance by IT people will publish the data, without necessarily doing matching (although it could). So then anyone with IT skills and a computer and an Internet connection could replicate the tally. I don't know whether this would convince the "stop the steal" crowd that the count is accurate. I'm not sure whether anything could. But I think Score would come closer to convincing them than any preferential system, because it's really trivial to sum by the precincts. The ballots could be sorted by hand and counted with CPU-free, photocell-free, mechanical counting machines, pile by pile, and several machines could replicate the count, and several witnesses from different ideologies could make sure everything is on the up-and-up with respect to the sorting.
Choose-one is bad when it is combined with plurality in a single-winner election. But choose-one does not have to be bad in Choice of Representation (advocated for the Wisconsin legislature on Facebook by Jim Mueller of Wisconsin). The way that would work is each citizen chooses her representative, all the representatives take office in the legislature, and they vote on legislation with the proxy power of those who chose them.
That's why I don't abbreviate FPtP to "choose one".
@jack-waugh Ok, but "first past the post" is non-sensical. I know it us supposed to be a horse racing metaphor, but I have yet to hear an explanation for how it applies, that makes any sense at all. For one thing, there is no "finish line" to be crossed in voting, other than the scores of other candidates.
Even if you accept that the "first past the post" simply means "the candidate that gets the highest score," still, it should apply equally to Score and Approval.
As for "choose one" potentially getting confused with its usage for multiple winner elections, when I use it, I have already assumed the context is that we are speaking of single winner races.
I guess Rob's vision here is that in the first count (as distinct from a hand recount), the precinct will have the voters cast their ballots through scanners, and a system set up and tested in advance by IT people will publish the data, without necessarily doing matching (although it could). So then anyone with IT skills and a computer and an Internet connection could replicate the tally.
To be clear, in a perfect world we'd use a condorcet method where each precinct could submit a pairwise matrix and that would be good enough to determine the outcome 100% of the time.
Technically not all Condorcet methods this is true for, but at least it is true if there is a Condorcet winner.
But yeah, the main point I was making is that, as long as they publish the full ballot data within a reasonable period of time (which the vast majority do), any attempt to cheat in the ways suggested would probably result in someone going to jail. I have not seen a reasonable way someone could do this effectively and avoid having it be detected
If the concern is not cheating, but just some random mistakes along the way, ok, different thing. I tend to think those tend to cancel out. Better voting machines help, paper trail helps, etc. I think any desire for absolute perfection in this regard is outweighed by the massive problems caused by the choose-one method. I mean, we are literally watching democracy fall apart in front of our eyes.
What is happening here, within this communicty, is that some of us are trying to fight two enemies (choose-one and RCV-Hare), which is simply bound to fail. I'd rather join forces with the RCV-Hare folks and defeat the true enemy, choose-one.