>In physical, it isn't enough to protect where the votes are done. They have to be transported back and ultimately counted somewhere.

No, they don't. At least in my country they are counted in place.

All the observers sit next to the ballot for the whole process, and when the voting ends, the box is opened and the votes are counted. The observers being several people appointed at random (like a jury) to check vote credentials and count the votes at the end + appointed representatives from each party present.

Everything is recorded on paper, the votes are stamped and kept, and the tally is then reported for that voting district.

Even if the people appointed at random wanted to tamper, they'd have to work all together + get the party representatives to agree with it, because it all happens in the open, ("reading vote #N, says party X, do we agree it says party X? (shows the vote around) registering vote #N for party X (people look as the vote is recorded, two people sign next to the vote's registration)).

Usually after the ballots are closed (election ends), it takes 5-10 hours for those people to count all the votes for a district. Then the number is announced. All country districts are announced publicly, so any individual party representative or "jury" member of any district can challenge if the numbers announced (and used for the final country-wide tally) are not accurate.

They are not allowed to leave the room, and there's also a policeman present outside.

I've been an "Election Judge" twice in Chicago. I administered my polling location twice. After voting ends, we physically collect the votes and transport them by our own vehicles to a polling location to be counted.

Well, not in my country. We do it in place.

Which proves that "votes have to be transported to be counted" is not some inevitable byproduct of the paper-voting process as the parent made it sound like.

Perhaps Chicago could adopt counting in place?

So, how many agents are we talking about here? How are they counted at the location you too them to? Two easy targets to identify.

I'm not claiming they are impossible to harden. Just not as easy as people are claiming. And super expensive. Such that if you were truly intent to defrauds place, you would focus on poor sections first.

And our best method of defense is probably our extensive polling tests nowadays. The more we have, the more corroborating evidence we have to an outcome. This protects both forms of counting.

Vulnerable to what, though? Physically changing votes takes time, and swapping them leaves a paper trail. If someone miscounts paper votes, you can just recount them.

With a computer, you flip a bit and there's no record. Votes are miscounted? Tough, those numbers are a real as any other numbers. And how much time does it take to swap a vote? Less than a microsecond?

> With a computer, you flip a bit and there's no record

That’s a turn of phrase I didn’t expect on HN.

Do we work in a field where programs don’t have logs, gateways don’t exist, checksums and securing data integrity is not a thing ?

I think HN understands better than most that any digital data is fragile and ephemeral. Theres entire fields around just preventing tampering with it.

But then do we understand as well how physical data works, what's the actual shortcomings etc. ?

Personaly I don't think I do, yet even at my personal level I have anecdotes of ink just fading out of paper, or countless of widespread voting frauds from decades ago.

I have the feeling we are putting paper and physical media handling to a higher standard because we don't know as much about it.

Yes. Physical data is well understood. Inks fade, so you use a different formula and keep it out of the light as much as possible. Inks use chemicals, so even if it’s not visible you can still see where the writing was done, inks are pressed into the paper and change the physical structure of the paper in the process.

It takes a concerted effort to change paper ballots.

The issue is not physical data though. We are talking about a voting system, with agents, suppliers, observers, ballots and people handling them.

For instance some paper elections in Africa have crazy high voter prticipation when not so many people showed up.

That’s an extreme and we could point the finger at blatant corruption. We’re not at these extremes, but where are we on the spectrum?

For instance we don’t have any clear idea of how much corruption we have, to the point that “perceived corruption” is the best approximation.

What I’m going at is, to evaluate how much trust we put in an electronic voting system, we’d need better views at the current system than “paper is better because it’s physical” (that’s not your argument, I take a less nuanced position as example)

> a field where programs don’t have logs, gateways don’t exist, checksums and securing data integrity is not a thing

Yes, that's the field of voting machine construction - it's lowest-bidder garbage built by and sold to people with no concept of reliability.

It's so bad that Diebold had to spin off and rebrand their voting machine division, out of fear that security and reliability issues with the EVMs would tarnish their main ATM business.

The ATM security is also pretty bad (and constantly plagued with skimmers), it's just that you can refund money but you can't refund votes.

We also work in the field with a history of all these measures being circumvented.

The closest parallel we have is DRM, and the track record there is.. less than stellar.

Picoseconds or at most a couple of nanoseconds