The biggest security vulnerability of voting machines are that a single person can count thousands of votes. And that is by design.
Election security is a confusing business. It is, by design, the only thing you should not trust your government with, because your trust in the government comes from the election process.
If you trust your government with the election, that's a circular trust problem and it's abused to the maximal extent possible.
Which is why voting machines can't be secure, ever. Nothing the government does can truly convince the lay person it can trust a government provided voting machine, because in the security settings of election, the government is the adversary.
It is actually the only time you should consider the government as an adversary and malicious - because that is when you verify and force it to be good.
It matters less to win the election than to know that the government is accountable to the majority. I prefer the opposite political side to win in an accountable and trustworthy way (such as that I know their interest align with the majority of the population) than to have my side win and then answer to no one.
This is an extremely pessimistic view, but it’s evidently played out in the US, which (usually) espouses democratic principles, so it’s probably justified in some regard.
In Australia, I believe that the officials and processes are highly trusted by the general public (or at least by those who participate in it).
This (anecdotal) perception of trust has been earned through various means: a famous ad campaign in the 80’s featured John Farnham’s “You’re the voice” promoted an individual’s agency and participation, and a fairly hilarious Twitter account provided much needed outreach to a wider audience. There’s a somewhat impish yet popular pundit named Anthony Greene who has earned a reputation for delivering enthusiastic and entertaining analyses and observations during each election.
The volunteers and temps who run and scrutinise elections are also just regular folk, and the commission exercise transparency and due diligence where necessary. They’re also independent of the government in so far as they do not implement policies like other departments: they merely activate the electoral procedures, once they have been triggered by an act of parliament.
The thought of a sitting government or their agents affecting the outcome of an election is really only plausible in the context of branch stacking, or engineering the timing to suit their strategic interests. Murdoch media is viewed as a significant threat to democracy.
The view that ‘all government elections are run by the government so they can’t be trusted’ is bordering on conspiracy theory logic. In many jurisdictions, they are executed by good people working for agencies that operate at arm’s length, with effective measures to prevent, deter and avoid misdeeds.
The structure of the election process itself, is what determines whether it is a plausible conspiracy or probably impossible.
In an election where each vote is counted by hand, it's indeed quite hard and implausible for the government to conspire to rig it.
If, however, the government presented you with a process which had very few points of failure - a single person counting tens of thousands of votes using machines, or mail ballots where all the workers never needed to see the voter, and rely on government supplied information to validate the person exists - these do not require huge conspiracy but only a select few.
It is indeed bordering on conspiracy theory, and the border is exactly on proper process.
Another way to "measure" the security of an election process, is instead of looking at votes gap, look at how many people are needed to conspire to change the results. If your answer is very few, for example, a hacker with access to voting machine, the worker which counted thousands of votes, or the voting machine manufacturer, or the dude with the mail ballots database, it is a possible conspiracy, because it is possible that very few people aren't honest.
A properly designed election process really does require an implausible conspiracy to rig.
An improperly designed election, is almost like a backdoor, and the conspiracy theory defense no longer works.
By the way, there's another side to the coin: in a properly designed election, fraud claims simply do not happen, because it would take hundreds of individual and independent claims of fraud, to be able to claim that the results should be different.
Because the most simple solution, hand counting, works, if the government fails to give you proper verification, it is already the government's fault.
This is also the explanation that should be given in any functioning democracy. You shouldn't need PR campaign or media to establish trust in elections. Well designed democratic elections, by design, the losing side as a verifier can tell they were fair by the protocol itself. The losing side can try to see how many parts of the process they don't trust, and almost always in normally decentralized election, they could discount those parts and the results would barely change.
If your government fails this verification, skips the rational explanation and instead gives you cliche media campaign, and uses an inherently bad process, that's the part where you should already stop and distrust it.
At that point, the government already broke through all the security boundaries of the election process, and it's impossible to know that they didn't exploit it.
This is still hung up on the premise that ‘the government’ will conspire to rig or manipulate it. The government isn’t an amorphous entity that responds to its master’s demands: there are arms that operate independently, responding to legislation, rather than orders, and the people working there know that.
They are public servants, not political servants.
Also, the challenges of observability aren’t insurmountable in a digital system. They can be addressed through independent oversight and trusted platform concepts.
People counting votes do make mistakes too. That’s why a vote isn’t counted by a single person - it’s counted by several to avoid human error.
> The government isn’t an amorphous entity that responds to its master’s demands
and yet history tells us that governments do conspire and that the times we've been made aware of it happening after the fact are likely not the only times it has happened.
In the case of voting machines the government doesn't even need to be directly involved. If all of the code used isn't open source and publicly available, if the hardware is closed and inaccessible to the public for auditing and review by experts, and if there is no paper trail to interdependently verify the results then the entire system is impossible to trust by design.
The government is the "Eve" of this protocol. What happens in practice is that the government is controlled by political parties, and these have enough leverage to put their confidants into sensitive positions.
And the challenge of observability is that your adversary here, Eve, or the government, is the one providing the information. Therefore you can't rely on that information in the verification.
Human error hardly matters. And normal elections shouldn't have razor thin margins, razor thin margins are already evidence of tampering.
The irony is that instead they use the razor thin margins to justify ridiculous methods of counting.
Several people are used to counting to prevent malicious opportunities, not innocent errors. Innocent errors have zero probability of changing anything.
the issue i see from outside the us is how complicated they have made their election ballots. Our provincial and federal ballots are write a single X in circle beside the name of the politician one is voting for. the walking over with it covered to cast it. the automation, if at all, is a vote tabulation machine. but the ballots are able to be recounted too. The US seems to have 101 issues on theirs too and that make’s manual tabulation tedious. also, there doesnt seem to be anyone fixing line ups. when i lived in Toronto, i walked in, voted, walked out. anything more than a total of 15min is considered very long to wait. there are polling stations in every neighbourhood.
For instance: election administration should use the Australian Ballot system (private voting, public counting), ballots cast at polls sites, ballots tabulated onsite the moment the polls close. Election workers composed of members from all parties (and independents), who must jointly certify the tabulation and chain of custody.
And so forth.
As a hot take, your pessimistic comment is not constructive, and only serves to further undermine confidence in our democracy.
Source: Am a recovering election integrity activist. I spent a decade of my life on this issue. It's so utterly exhausting to rehash, from scratch, this topic every four years.
> Georgia Secretary of State Brad Raffensperger has been aware of our findings for nearly two years, but—astonishingly—he recently announced that the state will not install Dominion’s security update until after the 2024 Presidential election, giving would-be adversaries another 18 months to develop and execute attacks that exploit the known-vulnerable machines.
This is extremely disturbing. Why is this not a scandal?
I did read the article, albeit poorly as I must have: skipped past that section by mistake -or- read it while distracted but either way MITRE seemed brand new to me when I read it in the comment.
>This is extremely disturbing. Why is this not a scandal?
Absolutely is a scandal but it is being censored on the common social media. Being able to see the scandal would require you to goto different social media.
But what's the severity of this compared to actual caught cheating? Or how about the voting spots which outright refused republican challengers from entry? or how about the voters who were wearing maga hats and such who were told they couldnt vote there, pets were allowed to vote though.
As an outside observer, Georgia doesnt have free and fair elections.
you mean the consistent GOP runners who keep getting busted for cheating? Wonder why we never heard anything from Trump's election investigation committee? Because they couldn't actually find proof of cheating
The full security analysis can be found here[1]. It covers supply chain attacks, hardware implants, and (IMO mostly interestingly) a broad lack of strong credentials and protections against voter identity spoofing.
These vulnerabilities are concerning (as is GA's inexplicable decision to defer patching them), but as the article notes: no evidence has emerged that anyone has actually leveraged these weaknesses to compromise the results of elections in Georgia.
Sure, no evidence has arisen that these have been used in the past: but I would like to note that this directly flies in the face of CISA’s past claims that “this past election was the most secure on record”.
Well now thanks to these guys the powers that be have a crystal clear development road map for locking in the next elections. Ever notice how nobody ever actually cares about patching security vulns in voting machines? It's always lip service and inconsequential paid studies forever and ever.
I think an important thing to remember is that _nobody_ wants to pay for security. Most companies do this too! Likewise most humans; we build on flood plains and then cry when our houses get flooded, instead of building flood abatements.
Rather than hypothesizing a conspiracy, I think the most parsimonious explanation is just that humans are short-sighted and don’t want to spend resources on “unlikely to happen but bad if it does”. On this, perhaps we get what we deserve not what we need.
I've talked to many extremely smart people who have a blind spot the size of an electoral system on this issue.
Much like funding healthcare or education, or drug policy, this is a solved problem, with known effective solutions. We just don't do it. It's bizarre.
Like - these same very smart people I talk to will laugh at Carlin's jokes about how the system is rigged; big club that we're not in; have to be asleep to believe it, etc. But on this issue their brains turn off, like a switch. Goddam spooky is what it is.
I agree, but this has become a republican talking point of election fraud conspiracy theories (which have proven in numerous neutral courts to be unsubstantiated). So now this issue has become poisoned and can't be discussed in any rational manner in the US.
It's strange because I still remember how even back in 2006 the german CCC[1] demonstrated flaws[2] in the voting machines used in a german election, and successfully made the case in front of the german supreme court which declared their use illegal[3]. So this issue has a long history of opposition in the hacker community.
>™Electronic voting equipment is a scam, is dangerous and should absolutely not be trusted under any circumstances
This kind of a claim without qualifications is not useful. There exist designs that could be secured.
> After 2020, they immediately received updated narratives and began to claim that electronic voting was infallible
This does not sound credible to me - legitimate news sources repeatedly asserted that no evidence of tampering had been found. This is bolstered by multiple court cases which had the opportunity to present evidence of tampering and none was shown. That said, if you can show legit news services who claimed it was "infallible" (or equivalent with less hyperbole), I'm curious enough to read it.
Doesn't it seem disjoint, given the level of technology we're told state actors can bring to bear, and given the apparently poor implementation of these system, to believe "legitimate news sources" (or those feeding them their talking points) would reasonably be expect to be able to even detect fraud if it did occur?
It would seem that root access to the ICX BMD’s running android 5.1.1 would provide sufficient privileges to cover one tracks, I’d assume state level attackers would have the required knowledge to do so.
It prints the selected votes on a piece of paper that can be viewed by person who entered the vote and counted by hand (which was done in 2020)
No system is 100% secure and while Georgia in particular seems to have some improvements they should be making, it’s important to be rational about implications the existence given vulnerabilities have on accuracy of an actual election.
Were the votes that were counted on paper (or even the electronic ones) then made available online for voters to check that their vote was recorded as cast?
Why does the IRS have the technology the positively identify a citizen remotely to allow them access to information that's arguably more sensitive than a vote and yet we can't use this tech for that purpose?
Why is this the second time that a Dominion machine was found by a third party to fail under scrutiny by security experts and CISA _then_ comes in to investigate whether the exploits were, well, exploited amidst the well-documented "fortification"?
Why doesn't Georgia want to update these vulnerable systems before the presidential election?
Why aren't all elections given a third-party statistical forensic analysis?
Why, if the machines _are_ flawed (as we found out in 2022), did Dominion win a slander case against Fox et al?
Why in the ... is Dominon, a private company (and apparently a poor dev shop), the bastion of our democracy?
I think the implications are pretty clear.
“The very word 'secrecy' is repugnant in a free and open society; and we are as a people inherently and historically opposed to secret societies, to secret oaths and to secret proceedings. We decided long ago that the dangers of excessive and unwarranted concealment of pertinent facts far outweighed the dangers which are cited to justify it.” -JFK
> Were the votes that were counted on paper (or even the electronic ones) then made available online for voters to check that their vote was recorded as cast?
This is the worst idea ever and would allow voter intimidation tactics from organized groups. "Show us who you voted for (and it better be the right person) or we ostracize you from our church/club/family." There's a reason the ballot is secret, and it's for the protection of the voter.
Sorry, I don't buy the argument. Surely it's a more present danger that the will of the people not be done than someone continuing to associate with a group which would ostracize them for thinking differently than them.
Sure, I get how divisive politics are, but I find it frankly pathetic the contributions that our own politicians and media have purposefully made in forming a view in the public's mind that someone who thinks different is a mortal enemy. Because of how it's become we're told that we either shouldn't or can't talk about such things in the places where we engage in the majority of our face-to-face human interaction: work and family.
The problem of "protecting" the voter is not insoluable and I find the absolutist view of absolute secrecy as the only solution to be a cop out.
> Surely it's a more present danger that the will of the people not be done than someone continuing to associate with a group which would ostracize them for thinking differently than them.
No? You are presenting a hypothetical danger to voting, whereas your idea would lead to many, many individual votes being manipulated. People could be paid for their vote, intimidated, beat up, killed and everything in between.
The individual vote being secret is fundamental to democracy. You can't have a democracy without secret voting.
Remember: it's not just about your immediate social circle. What if the government wants to make sure you vote/don't vote in the next election, since they know your last vote?
On your last point, if you voted and in which elections is already public record. Government has a pretty good idea who you voted for and can and already does this to the extent they can get away with it.
>You can’t have a democracy without secret voting
You could before 1890 in the US, and plenty of other countries, what’s changed?
About 25 percent of voters voted by mail in the 2020 election. Mandatory secrecy that couldn’t be enforced for a quarter of voters didn’t ruin our democracy. I’m not sure secrecy should be mandatory, maybe it should be optional.
> On your last point, if you voted and in which elections is already public record. Government has a pretty good idea who you voted for and can and already does this to the extent they can get away with it.
And yet the government doesn't know for sure. There is plausible deniability, and always a bit of uncertainty.
> You could before 1890 in the US, and plenty of other countries, what’s changed?
No, you couldn't before 1890 in the US. It wasn't a democracy in the modern sense.
> About 25 percent of voters voted by mail in the 2020 election. Mandatory secrecy that couldn’t be enforced for a quarter of voters didn’t ruin our democracy.
Mail-in voting has multiple measures in place to ensure secrecy of vote. Yes, technically they could be worked around, but so could any other voting method - the important part is that the government would have to expend massive resources to do this on a broad scale, which would quickly become public.
> I’m not sure secrecy should be mandatory, maybe it should be optional.
I agree plausible deniability may guard against political coercion, but only when all votes are anonymous - that is not the case. The ability to vote in private should be a protected right in a democratic society.
I’m referring to citizens being allowed to confirm their ballot on record, verifiably, and publicly if they so choose. It’s already completely legal to share filled out ballot photographs in 30 states…(in 5 of them only photos of mail-in ballots allowed)[0].
I hope my state modifies it’s laws to allow this, currently it’s outlawed - as it is in Georgia. One commentator suggested members of the public would manually validate some of the ballot QR codes and easily detect fraud, but Georgia outlaws it - I think that’s bad law. In spite of this variation on how “secret ballots” are implemented by member states, US is still a democracy, which you seem to agree.
There is a balance that has to be struck between election transparency and voting secrecy. Where I live, all recording of any ballot and in any polling location is outlawed. I think the only recording that should be illegal is that of other peoples ballots - as where and when you voted is already of public record, and I think one should be free to share their own ballot however they choose.
> I agree plausible deniability may guard against political coercion, but only when all votes are anonymous - that is not the case. The ability to vote in private should be a protected right in a democratic society.
Can you explain why the private vote only works when all votes are anonymous? If you know every other vote you can determine which it is, but even if a couple of votes are unknown you can't determine it 100% anymore. So why does it need to be all?
> I’m referring to citizens being allowed to confirm their ballot on record, verifiably, and publicly if they so choose. It’s already completely legal to share filled out ballot photographs in 30 states…(in 5 of them only photos of mail-in ballots allowed)[0].
This won't surprise you, but I think it's a big mistake. This makes it easy to pressure people into taking photos of their ballots to prove they voted "correctly".
> One commentator suggested members of the public would manually validate some of the ballot QR codes and easily detect fraud, but Georgia outlaws it - I think that’s bad law. In spite of this variation on how “secret ballots” are implemented by member states, US is still a democracy, which you seem to agree.
If it's really outlawed, I agree that it's bad. There should be a process for anyone to become an election observer and check for irregularities, as long as the secrecy of the vote is kept.
> There is a balance that has to be struck between election transparency and voting secrecy. Where I live, all recording of any ballot and in any polling location is outlawed. I think the only recording that should be illegal is that of other peoples ballots - as where and when you voted is already of public record, and I think one should be free to share their own ballot however they choose.
I understand your reasoning, and I can't disagree fully. But the danger of voter intimidation and suppression is real and is growing. Honestly, some of the photos from your last election absolutely shocked me - seeing people in military gear at voting booths and dropoff stations is terrifying, especially when they start recording people who they believe might be against them. Those people could follow and kill you because you look like you vote differently from them! The way to full-on authoritarianism is very, very short from your current state of affairs. While things are in such a bad state, any further movement towards weakening the secrecy of the vote could be the final nail in the coffin.
>Can you explain why the private vote only works when all votes are anonymous?
As you alluded to further down, if it is not illegal for people to publish a photograph of their ballot or a recording of their vote submission - then they can be coerced into doing just that. The idea of a secret ballot providing systemic protection against coercive influence only really works by requiring all ballots to be cast in secret, in my opinion.
>This won’t surprise you…
You are certainly not alone in the opinion that allowing ballot photographs to be made public is a big mistake, and maybe it will prove to be.
The citizens making a show of force toward voters is concerning, and I wish things were more civil and less partisan… but indeed, tensions have been escalating for several years.
Even if it is an unfounded belief and evidenced of outcome changing election fraud doesn’t exist, a growing minority of citizens losing confidence and loudly calling into question the integrity of elections is a very dangerous development.
In recent elections, election administrators on both sides of the aisle from several states have displayed incompetent failures to follow electoral processes that are designed to ensure transparency and fulfill audit requirements. This, of course, only makes matters worse. I hope it’s mostly online sensationalism and this sentiment will be quelled… bc when significant minorities of a population start to dispute the authority of leadership, stricter authoritarianism tends to be the government response, which tends to lead toward civil unrest and violent events. I share the concerns you warn about.
Are you open to eliminating the secret ballot? I would be, I think the verifiably and integrity of election results would be greatly improved by making voting records public, I see no easy way to do the same while maintaining ballot secrecy. I’m open to the possibility there is a good transparent secret ballot system, but I haven’t heard of one that isn’t massively vulnerable to the possibility of fraudulent efforts by election administration officials.
I'm not against it, coercion/bribery always seemed to be a bit of an underwhelming justification for it; I just have a difficult time seeing it being done at scale (at least at the same scale as mutating the records can apparently be done), and like you said, it seems to excessively complicate the task.
Even thinking of the possibilty of self-auditing, it leaves a large hole in the conceptual capability of validating the aggregate numbers.
What I'd like to see is a human-to-human system, even if electronic (a la "venmo me"), where groups of people gather, discuss the issues, and cast their votes to eachother in a tree. The recievers meet and transfer their counts to the root of their branch, and so on to the tree's root.
Every group knows their aggregate count, and even if you made the values of each node in the tree public it may be possible to keep the actual votes private outside of the individuals that make up each of the leafs.
And while I'm at it, why not get even more revolutionary (pun intended): the concept of a representative democracy was formed in a time when the most efficent method of communication was to put either man or paper on a horse and make an arduous cross-country journey.
IMO, our current method of deciding what we should do with our collective power to be hopelessly outmoded. After all, that's the whole point of the federal government, to coordinate the pool of our resources towards common goals greater than we, either individually or as a (US)state-sized entity, could accomplish alone.
If we can effectively solve the problem of distributed consensus (hmmm, where have I heard that term), what purpose then do our "representatives" hold in a system where we can directly voice our will for the future direction of our union and the allocation of its resources?
In a system where we can instantly share our desires on some motion, and can shed the pomp, circumstance, and huge machinations of a once every [insert term here] concensus ceremony, we coud directly drive towards executing on a daily basis if we so desired.
This could even open up the possibility that individuals could delegate their opinion to one or a group of subject-matter experts they feel an alignment with under specific topics, forming subject-oriented representatives rather than popularity-oriented.
The thing is that these are ideas(maybe good, maybe bad), ideas can be tested, and in a fast-moving system ideas can be iterated on quickly and driven by data. We've found this methodology to be extremely effective in so many facets in our lives that it astounds me we don't consider a similar approach to improving the lot of all humanity in this crazy world.
I’m not ready to abandon representative democracy, but I agree technological advances have made a more direct democracy system sound feasible. I’m in the US where the design rules stated congressional representatives were never to exceed a 35,000:1 ratio, but the representatives removed that rule.
Yeah, it’s an idea I think about sometimes but don’t really get to try on in words. I get frustrated when reps hide unpopular actions behind bureaucracies and unelected bureaucrats against the people’s voice or best interests, like your example or something like net neutrality.
It’s getting more common to shift the system towards their ability to move unilaterally. In my home state, for example, this last legislative session they changed the referendum law to be non-compulsory on their part, with the argument that citizens are weaponizing it to stall land developers.
That was the only political redress we had available as it is becoming more common for the capital-captured legislature to ok plans that are unhealthy for the continued thriving of our communities in the name of money. As an example, severely oversubscribed water shares in the face of ultra high density housing is becoming a serious problem that they conveniently ignore when approving developments.
There are definitely more and lesser measures that would facilitate a shift back towards the citizenry, but it feels like less and less of a possibility every day our options get diluted in small ways.
What’s the implication being made, is it that Dominion won?
As far as I’m aware:
Fact: the machines are flawed
Fact: Judge ruled Fox had made false statements which harmed Dominion, sent Fox’s level of culpability to be weighed by the jury but the case was settled before deliberations.
I appreciate the thought provoking dialectic. I found, in particular, your insinuation regarding my irreparable mental deficiencies to be particularly helpful in solidifying your point of view.
The section titled “Isn’t there a paper trail? Why is malware a risk?” explains a bit about this. The printout is read by QR code so it’s possible to list the correct selections but modify the QR code that gets read. It also addresses the percentage of voters who verify and how thoroughly (it’s not many).
“If an attacker changes only the QR code, voters have no way to detect the change by looking at their ballots, since voters can’t read the QR code. The change might be detected in a manual recount or a risk-limiting audit (RLA) based on a review of the printed text, but that is unlikely given Georgia’s weak audit requirements, which have recently been further diluted.”
Also it’s a poor decision by Georgia to not install security updates until after next election, but that’s the state’s position currently. I watched some of the Georgia congressional hearings regarding election security, audits, and safe guards after the 2020 election and it seems like their board of election was a total shit show. It seems like paper ballots and counting could prevent all of the problems or alleged problems they experienced in the last two major elections.
Again, there is definitely room for improvement but I don’t believe the data in the QR code encrypted, and it only takes one person to record them selves voting and a different vote getting printed on that piece of paper for this to become a big deal. It just seems very unlikely that even a small percentage of the votes getting changes would go completely unnoticed.
I don’t think it would be legal to do that (record). EDIT: It’s illegal, GA 21-2-413. I’m not sure how the validation works, but I assume that there is an identifier in the QR code, and it likely doesn’t have plaintext candidate names so I’m not sure if you could even validate the QR code with available data, but it would most certainly be a crime.
The scenario they exposed as possible is : voter receives a printout paper ballot with the vote selection printed correctly in text, but the included QR code has modified selection(s). That paper is then fed into the reader/scanner/tabulation machine. No further confirmation.
The whole point of the printout is for voters to confirm their selections, the whole QR code step is a design flaw. Just print regular ballots with filled in circles that can go through a standard tabulation machine and still be read/checked by humans if you really need to add a (required) touchscreen interface to the process.
“If an attacker changes only the QR code, voters have no way to detect the change by looking at their ballots, since voters can’t read the QR code. The change might be detected in a manual recount or a risk-limiting audit (RLA) based on a review of the printed text, but that is unlikely given Georgia’s weak audit requirements, which have recently been further diluted.”
It seems very unlikely that lots of votes getting changed would get noticed to me. Maybe I have a misunderstanding of the process. An RLA would help, but Georgia has had difficulty in conducting audits due to incompetence of officials and people not following process rules, QR codes seem like unnecessary complexity.
> No person shall use photographic or other electronic monitoring or recording devices, cameras, or cellular telephones while such person is in a polling place while voting is taking place; provided, however, that a poll manager, in his or her discretion, may allow the use of photographic devices in the polling place under such conditions and limitations as the election superintendent finds appropriate, and provided, further, that no photography shall be allowed of a ballot or the face of a voting machine or DRE unit or electronic ballot marker while an elector is voting such ballot or machine or DRE unit or using such electronic ballot marker, and no photography shall be allowed of an electors list, electronic electors list, or the use of an electors list or electronic electors list. This subsection shall not prohibit the use of photographic or other electronic monitoring or recording devices, cameras, or cellular telephones by poll officials for official purposes
Yeah that’s pretty strict. It seems at least remotely plausible now. But still, I doubt the content of the QR code data is encrypted (probably cryptographically signed) especially given the vote is already written in plain text. And if votes of any significant percentage could make a difference were being switched someone would have a video (assuming the QR code data contains the chosen vote in plane text)
Election security is a confusing business. It is, by design, the only thing you should not trust your government with, because your trust in the government comes from the election process.
If you trust your government with the election, that's a circular trust problem and it's abused to the maximal extent possible.
Which is why voting machines can't be secure, ever. Nothing the government does can truly convince the lay person it can trust a government provided voting machine, because in the security settings of election, the government is the adversary.
It is actually the only time you should consider the government as an adversary and malicious - because that is when you verify and force it to be good.
It matters less to win the election than to know that the government is accountable to the majority. I prefer the opposite political side to win in an accountable and trustworthy way (such as that I know their interest align with the majority of the population) than to have my side win and then answer to no one.