Colorado scrambles to change voting-system passwords after accidental leak

Original Article ↗ Hacker News Discussion ↗

Colorado’s voting system and the password leak

  • Colorado uses paper ballots for all voters (mostly mail-in), then scans and tabulates them; ballots are retained for audits and recounts.
  • The leaked spreadsheet appears to contain partial BIOS passwords for tabulation machines; access also requires physical presence, badges, and in some cases a second password.
  • Commenters debate the real risk: some think the leak mainly increases insider risk; others worry about physical tampering and weak BIOS implementations.
  • Colorado runs risk‑limiting audits with bipartisan oversight; commenters argue this would detect large-scale manipulation even if software were compromised.

Electronic vs. paper voting

  • Many argue for pure paper ballots hand‑counted in public as the simplest and most trustworthy system, citing other countries that get same‑day results.
  • Others note US ballots can have 20–30 contests, making full hand counts slow and error‑prone; optical‑scan counting plus paper backup is seen as a pragmatic compromise.
  • Historical failures (e.g., punch cards and “hanging chads”) are used both to criticize bad “paper+machines” designs and to justify current paper‑backed scanners.

Mail‑in voting and coercion

  • Supporters of all‑mail systems (e.g., Colorado, Oregon) point to high turnout, signature matching, ballot tracking, and low documented fraud.
  • Critics fear family, employers, or churches filling out or inspecting others’ ballots, and say secrecy is weakened compared to private booths.
  • There’s debate over how common coercion actually is; some provide anecdotes, others insist evidence is sparse but risk is still real.

Voter fraud, voter ID, and disenfranchisement

  • One camp claims US elections have “virtually zero” impactful fraud and that fraud narratives are political weapons; they highlight many failed lawsuits and audits finding little.
  • Another camp believes fraud and “irregularities” (especially around mail ballots and rule changes in 2020) are under‑detected and erode legitimacy.
  • Voter‑ID requirements are contested: proponents see them as basic security; opponents cite research and logic that IDs are unevenly held and harder to obtain for minorities and the poor.

Cryptographic and blockchain voting ideas

  • Some propose cryptographic systems (Merkle trees, mixnets, zero‑knowledge proofs, phone‑based verification) so each voter can confirm their vote is included without revealing it to others.
  • Others, including cryptography‑literate posters, argue end‑to‑end verifiable e‑voting is practically unachievable in a way average voters can trust, and greatly expands the attack surface.
  • A minority explicitly argues that public, non‑secret ballots are the “only honest” way; most others strongly defend the secret ballot to prevent coercion and vote‑buying.

Trust, audits, and on‑the‑ground experience

  • Multiple commenters urge people to serve as poll workers or observers to see real procedures, checks, and error handling.
  • Some say that experience increased their confidence; at least one says it decreased it.
  • Broad agreement: beyond technical security, perceived legitimacy matters; even small glitches or leaks can fuel large political narratives.