Election security under IRV

rb-j

@rob said in Election security under IRV:

Nobody is disputing that Condorcet is a noble goal to strive for. I think what [we] are both saying is that it's a little bit of a pipe dream in today's political climate and we desperately need reform, like now. IRV is not as good as a Condorcet method, but it's better than FPTP, and I think we should take whatever we can get to save what's left of American democracy.

I am curious if you are giving undue weight to this one IRV misfire, in a close election with only 9000 voters, simply because you live there and knew the candidates. Forgive my candidness, but my view is that, saying that this one such a Huge Big Deal, given what we've witnessed nationally over the last few years, is utterly ludicrous and just makes no sense.

(ok, I am swearing off talking about Burlington. Seriously I'm done!!!)

I'm gonna respond to this later. And I'm, sure as hell, not done talking about Burlington 2009.

A Former User

@rb-j Yes, that was me. I delete & rotate my account every few months for online privacy.

Social choice theory is a mathematical topic, and as a mathematician I like to use formal definitions, conjectures, theorems, and proofs. Otherwise it is way too easy to just spin wheels forever arguing about semantics, because nobody agrees on what it means to be "tactical" vs what it means to be "strategic."

I know what I would consider, mathematically, to be a "strategic" vote. There are a number of terms related to strategic voting. These might be like

• Incentive-compatibility
• Rationality
• Manipulability
• (In)sincere preference

These are all basically synonyms, although I can give you a formal definition for some particular model if desired. There are indeed different types of manipulations and strategy resistances as well, some examples might be "resistant to manipulation by coalitions" or "resistant to manipulation by boundedly-rational agents" or "sincerity is a Bayes-Nash equilibrium" (this last property is enjoyed by Approval, for example).

You seem to be suggesting that "tactical" voting is tangibly different from "strategic" voting. What I am asking you to do is to elaborate on that in more mathematical detail so that I can actually have something to work off of. Otherwise you'll just be yelling at clouds.

Jack Waugh

No matter what reason there may be to distinguish between tactics and strategy in voting, the main point related to either one is that if you as the voter are exercising the power the system gives you, you cannot do so based on your preferences alone, but have to take into account your estimate of the stances of the other voters. This is a consequence of the Gibbard theorem. For a system to be ethical, it must accord equal power to the voters.

Anyway, all this is off topic of election security.

A Former User

@jack-waugh said in Election security under IRV:

you cannot do so based on your preferences alone, but have to take into account your estimate of the stances of the other voters [...] For a system to be ethical, it must accord equal power to the voters.

And thus, for a system to be ethical, it must only allow two candidates ¯\_(ツ)_/¯

Sass

@jack-waugh Anonymity of votes used to be sacred in election security because of fears over voter coercion and vote selling. However, modern data has demonstrated that fear to be overblown.

Today, voters have internet-connected cameras as a commodity, yet vote-by-mail has remained (when executed correctly) the most secure form of voting in the US. Why? Because it costs more per vote to coerce or buy voters than it does to just campaign. It's not economically scalable, and also scaled decentralized attacks are almost impossible to keep secret.

Now, there is a counter argument that allowing for the possibility of a single voter to be coerced by a domestic abuser is ethically unacceptable. That debate is more philosophical -- it's a risk vs benefits analysis at its core. However, it seems most relevant people seem to believe the benefits outweigh the risks in this case so far, though that could change as IRV shifts to even higher-profile elections.

In my opinion, I say release the ballot data, at least for now. Though, that does not solve the problem of making IRV susceptible to scaled election attacks. Good luck getting every precinct to create a hundred different piles of matching ballots for each race and then reporting all of that info to the public in a secure way with no mistakes during a hand recount. Practically speaking, tabulation will be centralized to single point of failure, like the entire state of Maine already does.

rob

This post is deleted!

rob

@sass said in Election security under IRV:

In my opinion, I say release the ballot data, at least for now. Though, that does not solve the problem of making IRV susceptible to scaled election attacks.

Are you saying it is significantly more susceptible to such attacks than any other ranked or rated system?

@sass said in Election security under IRV:

Practically speaking, tabulation will be centralized to single point of failure, like the entire state of Maine already does.

I have not seen anyone else complaining about this being a security issue. That doesn't mean it isn't, but ... it just makes me suspicious that you have another bias against IRV and this sort of fits the narrative. And maybe that isn't it, I just would like to see if anyone else, such as election security experts, is concerned about this. Any links or anything?

@rb-j said in Election security under IRV:

(which is evidence of disingenuity from FairVote and the Hare RCV promoters).

"Ranked choice" seems to me to be a reasonable attempt to communicate to the public that 1) RCV/IRV is not actually "instant" (which is lame, but reality), and 2) it just communicates what seems most significant to voters. I understood San Francisco to have used the term first in 2005 ( https://web.archive.org/web/20081202040611/http://fairvote.org/media/irv/sanfrancisco/RCVCandidateGuide04.pdf ), and I'm just not convinced it was to hide its connection to IRV, especially not to any future failure in Burlington. Most people here that I have talked to have no idea how the tabulation works and really don't care, they just know that they rank the candidates on the ballot and they don't have to vote insincerely. I'd expect that if it changed to a Condorcet system, "runoff based" or not, they'd care less than they cared when it was increased from being able to rank 3 to being able to rank 10. (which was not very much)

Score changed its name from Range, and FPTP and Choose-one and plurality are all used for the same thing. (I think "choose one" is the best, FPTP is just confusing and meaningless, while regular people don't seem to know what "plurality" means)

The good news is we can turn it to our advantage if we want to be pragmatic. Instead of calling Condorcet "Condorcet", just call it a more sophisticated variation of RCV. It might help reduce potential resistance to Condorcet by just treating it as a minor upgrade from RCV-Hare.

@rb-j said in Election security under IRV:

And I'm, sure as hell, not done talking about Burlington 2009.

Ok. Seems like a poor strategy, but hey, maybe it's a good tactic.

(in all seriousness, on strategy vs. tactic, it'd be great if you just explained what you meant relative to voting, rather than equating it to military stuff which to many -- including myself -- is just completely different. I still don't know what you mean, and I'm pretty sure I'm not stupid. Just tell us.)

Jack Waugh

@sass said in Election security under IRV:

Good luck getting every precinct to create a hundred different piles of matching ballots for each race and then reporting all of that info to the public in a secure way with no mistakes during a hand recount.

I guess Rob's vision here is that in the first count (as distinct from a hand recount), the precinct will have the voters cast their ballots through scanners, and a system set up and tested in advance by IT people will publish the data, without necessarily doing matching (although it could). So then anyone with IT skills and a computer and an Internet connection could replicate the tally. I don't know whether this would convince the "stop the steal" crowd that the count is accurate. I'm not sure whether anything could. But I think Score would come closer to convincing them than any preferential system, because it's really trivial to sum by the precincts. The ballots could be sorted by hand and counted with CPU-free, photocell-free, mechanical counting machines, pile by pile, and several machines could replicate the count, and several witnesses from different ideologies could make sure everything is on the up-and-up with respect to the sorting.

Jack Waugh

@sass said in Election security under IRV:

like the entire state of Maine already does.

Just to reiterate that the original of that quote was in italics.

Jack Waugh

@rob said in Election security under IRV:

Choose-one

Choose-one is bad when it is combined with plurality in a single-winner election. But choose-one does not have to be bad in Choice of Representation (advocated for the Wisconsin legislature on Facebook by Jim Mueller of Wisconsin). The way that would work is each citizen chooses her representative, all the representatives take office in the legislature, and they vote on legislation with the proxy power of those who chose them.

That's why I don't abbreviate FPtP to "choose one".

rob

@jack-waugh Ok, but "first past the post" is non-sensical. I know it us supposed to be a horse racing metaphor, but I have yet to hear an explanation for how it applies, that makes any sense at all. For one thing, there is no "finish line" to be crossed in voting, other than the scores of other candidates.

Even if you accept that the "first past the post" simply means "the candidate that gets the highest score," still, it should apply equally to Score and Approval.

As for "choose one" potentially getting confused with its usage for multiple winner elections, when I use it, I have already assumed the context is that we are speaking of single winner races.

rob

@jack-waugh said in Election security under IRV:

I guess Rob's vision here is that in the first count (as distinct from a hand recount), the precinct will have the voters cast their ballots through scanners, and a system set up and tested in advance by IT people will publish the data, without necessarily doing matching (although it could). So then anyone with IT skills and a computer and an Internet connection could replicate the tally.

To be clear, in a perfect world we'd use a condorcet method where each precinct could submit a pairwise matrix and that would be good enough to determine the outcome 100% of the time.

Technically not all Condorcet methods this is true for, but at least it is true if there is a Condorcet winner.

But yeah, the main point I was making is that, as long as they publish the full ballot data within a reasonable period of time (which the vast majority do), any attempt to cheat in the ways suggested would probably result in someone going to jail. I have not seen a reasonable way someone could do this effectively and avoid having it be detected

If the concern is not cheating, but just some random mistakes along the way, ok, different thing. I tend to think those tend to cancel out. Better voting machines help, paper trail helps, etc. I think any desire for absolute perfection in this regard is outweighed by the massive problems caused by the choose-one method. I mean, we are literally watching democracy fall apart in front of our eyes.

What is happening here, within this communicty, is that some of us are trying to fight two enemies (choose-one and RCV-Hare), which is simply bound to fail. I'd rather join forces with the RCV-Hare folks and defeat the true enemy, choose-one.