Voting: where are the open standards, open source elections systems?

Your vote is not like paying your money into a proprietary-algorithm
investing robo-advisor, an arbitrarily-managed mutual fund, a
clothing subscription service, jelly of the month club, assorted
farm produce delivery, or randomized donation giving fund.  Even
worse, imagine a purchase where your money cannot be tracked,
because there is no log of the specific transactions, no delivery
of the exact specified purchase, and no accountability.

For decades, flaws in voting systems have been widely documented
and frequently identified and exploited. Many countries have had
widely reported fraud examples, court cases, and disputes.

This past six years, the United States has had continuous discussion
and news.  United States Representative Mark Pocan, Senator Ron
Wyden, Senator Amy Klobuchar, Senator Elizabeth Warren, and many
others shared their concerns about vulnerabilities and a lack of
transparency in the election technology industry.  In particular,
there were concerns with the few voting machine and software vendors
used for 90% of all eligible voters.  Many examples of fraud over
many years had been highlighted.  The book, "Securing the Vote:
Protecting American Democracy" (2018), was a committee-driven
analysis of election system problems, then-current technologies,
and recommendations.  This set of election researchers and famed
computer scientists concluded "There is no realistic mechanism to
fully secure vote casting and tabulation computer systems from
cyber threats."

Fifteen months ago, 59 computer scientists and specialists in
election security (including consultants for the above book and
many of which are your peers) were signatories for a statement
again warning about security weaknesses in voting systems, advocating
for better security for election systems, and recommending
post-election risk-limiting audits.

While the 2020 general election was still being counted in multiple
states, they also collectively stated that no technical vulnerability
had altered the outcome of any US election and that "no credible
evidence has been put forth that supports a conclusion that the
2020 election outcome in any state has been altered through technical
compromise." This could be considered disingenuous as many of their
personal and professional writings were biased to one election
outcome and they never shared any of their own research about how
their previous elections issues or other fraud findings no longer
applied.

Since at least one of the signatories is someone I respect and
have participated in projects with and had specifically and personally
contributed to my own work, I was interested and more curious about
this.  I soon found a plethora of issues widely and extensively
documented.  I am your peer, your co-developer. I am honored to
use your open source contributions and the entire Internet world
uses software that I personally committed and contributed to.

I spent time doing my own research, I collected data, I wrote simple
analysis tools, and I found thousands and thousands of anomalies.
For example, for one state:  applications dated before possible,
applications applied for after ballot was received, applications
after deadlines, applications dated after ballots mailed out,
applications dated after already processed, ballots dated before
applications were submitted, ballots dated after original and
extended deadlines, missing application dates, missing voter
birthdates, missing voting district details, huge county or district
variations in percentage of voters doing mail-in ballots, high
percentage of unique surnames beyond normal citizen rates, many
birth months and days matching application month and days, unknown
or inconsistent party affiliations or application types, impossibly
too old ages (such as 35 voters over 110 years old), voters born
in 1800s (and not using default 1/1 type dates), over 3000 voters
over 90 years old voted in primary election but not popular general
election (even if all died, another 3000 voters would have aged
up), and even an infant and young teenager voted.

In one state, there appeared to be over 322 thousand unique voter
identifiers for mail-in ballots in a primary election that did not
exist in the general election a few months later.  22% of primary
mail-in voters decided to vote in person (during pandemic), or
died, or moved, or decided not to vote, or data was lost.

Some counties had no or very few anomalies, while others had tens
of thousands.  The total number of voters should not effect whether
one county has different quality assurance processes.  Subsequent
voter databases fixed typos or changed problem dates, but continued
to introduce many more mistakes.  Also anomalies were seen from 57
counties with 1.4 times one applicant party designation over the
rest combined.  Voter registration databases over several time
periods with full identification details and dates for elections
voted in had counties that weren't updated even for months after
the specific general election. (So counties had many anomalies,
many mistakes recorded in some records, while other databases chose
not to record the same significant counties at all.)

The documentation for the databases didn't cover the amount of
provided details nor explain how anomalies were allowed or why
there was significant missing data.  Many attempted communications
with county elections management staffs to gain clarifications and
even FOIA documentation requests went unanswered. At least one
state FOIA was responded to which provided several documents and
elections email communications but specifically stated that the
documentation for management to my specific areas were proprietary
and could not be disclosed.

This is just a small vague summary of my own research.  I also
reviewed many others' research.  For example, one state's own
contracted audit report appeared to be written and published many
months after the state reported its results which was only a
validation that software wasn't modified because their undisclosed
SHA-256 values has not changed (and it didn't include the system
kernel, other shared libraries, plugins, nor configuration files).
This state provided no other public audit results other than this
hash match.

If quality and correctness is not a focus, if transparency is not
a focus, then fraud is certainly easier.

I want a standards setting process that is open to any technical
contributor with the goal to provide debated, high quality, open
documents on managing, implementing, and proving elections.

I want competing open source softwares that are peer-reviewed,
continually tested, and always audited for managing, implementing,
and proving elections,

Imagine the IETF and FreeBSD.

The most significant problem in common elections is no identified
individual tracking of voted selections within context of entire
identified population's individual voted selections.  If a single
person's results can be shown by itself without all the others,
you have no way to know if that vote is presented individually the
real way, while counted a different way within the group.  And if
the entire target population of voters' individual identities and
votes are not available, you have no idea if voters are excluded
and phantom voters are inserted.

The main arguments against disclosing identity with corresponding
vote selections are coercion, harassment, and payoff for proving
they voted the way another desired. Those are risks. What else can
be done?

I had defined a detailed proposal which includes public logging
of every vote and merged votes and every decision with checksums
and crypto-signatures at every step fully output for all to read
or collect in near real-time.  One uses non-easily-identifiable
tokens provided both by the system and by the voter, where voters
can track their own votes in the final results and intermediate
stages.  But this does not answer for the (many) others' tokens if
they are real voters.  Closed black-box elections can easily see
that some percentage of a possible registered pool did not vote
and can insert additional "tokens" with votes.  (And using tokens
can still be abused for proof for payments or coercion.)

The original Internet was developed with the assumptions of trust
and honor. It was soon seen there was no honor system and for 30
years, new -- even experimental -- Internet technologies have been
overlayed over the former infrastructures to help prove identities
of senders and recipients while also anonymizing and de-identifying
communications, to encrypt communications, and more designed to
not trust everything.

There is no acceptable technical way for anonymous voting to be
done via any way whether it is software or hand counted.  Once the
ballot is separated from the voter (without any link), you have no
way to prove that any vote counts accurately represent the original
voters decision. Currently, the assumption of checks and balances
is done by multiple human monitors or software solutions. But again,
this is faulty due to relying entirely on a honor system.

Is there any way to have anonymous voting? What are your solutions?

Who is openly designing and developing open standards and open
source software for voting systems?

Does anyone care?

Do you like non-standardized, proprietary, closed-box elections?

Using open source software, providing thousands of documents,
thousands of eyeballs, and thousands of steps for hardening elections
does not make an election correct.  Any time there is a software,
there is a bug.  Any time there is a human, there is a flaw.