Slashdot Mirror
Blockchain-Based Elections Would Be a Disaster For Democracy (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: If you talk to experts on election security (I studied with several of them in graduate school) they'll tell you that we're nowhere close to being ready for online voting. "Mobile voting is a horrific idea," said election security expert Joe Hall when I asked him about a West Virginia experiment with blockchain-based mobile voting back in August. But on Tuesday, The New York Times published an opinion piece claiming the opposite. "Building a workable, scalable, and inclusive online voting system is now possible, thanks to blockchain technologies," writes Alex Tapscott, whom the Times describes as co-founder of the Blockchain Research Institute. Tapscott is wrong -- and dangerously so. Online voting would be a huge threat to the integrity of our elections -- and to public faith in election outcomes.
Tapscott focuses on the idea that blockchain technology would allow people to vote anonymously while still being able to verify that their vote was included in the final total. Even assuming this is mathematically possible -- and I think it probably is -- this idea ignores the many, many ways that foreign governments could compromise an online vote without breaking the core cryptographic algorithms. For example, foreign governments could hack into the computer systems that governments use to generate and distribute cryptographic credentials to voters. They could bribe election officials to supply them with copies of voters' credentials. They could hack into the PCs or smartphones voters use to cast their votes. They could send voters phishing emails to trick them into revealing their voting credentials -- or simply trick them into thinking they've cast a vote when they haven't.
Tapscott focuses on the idea that blockchain technology would allow people to vote anonymously while still being able to verify that their vote was included in the final total. Even assuming this is mathematically possible -- and I think it probably is -- this idea ignores the many, many ways that foreign governments could compromise an online vote without breaking the core cryptographic algorithms. For example, foreign governments could hack into the computer systems that governments use to generate and distribute cryptographic credentials to voters. They could bribe election officials to supply them with copies of voters' credentials. They could hack into the PCs or smartphones voters use to cast their votes. They could send voters phishing emails to trick them into revealing their voting credentials -- or simply trick them into thinking they've cast a vote when they haven't.
will be implemented in blockchain and decided by AI voters!
I like how "blockchain technology" now means everything. Certainly everything related to cryptography. Sure, you could do something like have everyone cryptographically sign their vote and then you could have it anonymously verifiable. What does that have to do with a block chain?
There is no possibility to remove corruption from democracy, let's embrace it instead.
Trump indicted in 5... 4... 3...
I suppose you could sign every individual's key with an official key to verify each physical person. However, it's not anonymous when you do that.
Otherwise what is the point? Pure blockchain would allow a single person to vote millions of times.
right here
Can we just have vote by mail in all 50 states already? It's 2018. I shouldn't have to go to the polls. If somebody's trying to force you to the polls it's because they don't want you to vote.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Anonymous??? For fucks sake. Oh look, we just got 17 billion anonymous votes for Trump. Funny, not that many people on the world yet.
I suppose it's barely possible that my vote isn't being counted, but I would be VERY surprised if that were the case, other than trivial clerical errors. The problems we need to solve are things like "People are not database records", and "People don't listen" and "People who listen screw up all the time" and "Infrastructure is selected by committees of people, and people are terrible at their jobs". Basically we're way past the point where mere technical issues dominate the problem space, the big problems are social and political issues which aren't reasonable to blockchain your way out of.
Also, believe me, if you take someone who suspects that the system is rigged against them, introducing a digital voter ID and an explanation involving crypto math is NOT going to make them comfortable. I would have thought that would be self-evident from a few minutes paying attention to Facebook.
The point is not that voting by blockchain could be hacked or rigged. The point is that with pretty much any system that relies on computers to tally the votes, the results can not be independently verified end-to-end by laymen. Everyone can understand how voting by paper ballot works, how the ballots are counted, and how the count is verified, and that means everyone can participate in safeguarding or verifying an accurate count. That is where "public faith in elections" comes from.
Besides: rigging a paper based election is possible but the number of people you need to involve scales linearly with the amount of votes you want to falsify, increasing chances of being caught. That's not the same for computer based voting; fraud is much easier to hide, and easier to carry out on a massive scale.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
If I can verify my vote, someone can peel my skin with a carrot peeler until I verify it.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Who would be capable of auditing such a system, and the results? The more confusing, complicated, and obfuscated a voting system is, the more fraud will happen.
The problem with mail-in voting is that it's possible to coerce people to vote a certain way. I'm not even talking about broad conspiracies to alter the vote en masse. For example, I wouldn't be surprised if many spouses said they were voting one way, for the sake of marital harmony, but in fact voted another.
You can lead a horse to water, but you can't make it dissolve.
There's a fundamental problem with online voting... and it would be a huge problem, even IF you could absolutely guarantee 100% security: it's a serious threat to secret ballots. Right now, in most places, if an ultra-frail person shows up to vote who needs assistance, they election officials will provide a poll worker to help them, but WON'T allow a family member or anyone else to accompany them, for that precise reason.
Right now, a husband and wife can easily cancel out each other's votes. If online voting is allowed, there's little to stop the spouse with more power in the relation ship (or who's less ambivalent about voting) from voting on the other's behalf after getting the spouse to log in.
There are other opportunities for coercion... say, an employer (or union, or any other group) who decides to "encourage voting" via the internet "right now" (in at least semi-public view, with at least some social pressure to vote the "right" way). Think: a politically-active church that, instead of marching its congregation off to early voting at a polling place nearby, passes around tablets after the second collection while encouraging people to vote the "right" way in front of their friends, neighbors, and family members.
Let's not forget the possibility of rounding up a bunch of poor people and offering to pay them $20 apiece if they come "vote online" and cast verified ballots for the "right" candidates.
THIS is why voting needs to occur in private, but in a public location where individual voters CAN'T be coerced by anyone.
The right to a secret, coercion-free ballot is absolutely fundamental. It's at least equal in importance with security, and is arguably part of "integrity". It's a fundamental problem with internet voting that simply CAN'T be solved.
Obviously, it's also a potential problem with absentee ballots sent by mail... the difference is, absentee ballots are an edge case, generally used by a relatively small number of voters. Yeah, there are some elections now held by mail only... but they're for local races that few people care about anyway. The more powerful the office, the greater the stakes.
There are a lot of values between possible, it's a good idea and possible, like landing someone on Mars.
Blockchain-Based Anything Would Be a Disaster For Everything
"A political party sending in 10000 extra postal votes under names that should not be voting any more?"
If someone is not at the address they are registered, the ballot will be returned. People are required to sign their name on the outside of the envelope the ballot is mailed in and it is matched to the signature on the voting roll. If there is a question, it can be challenged. Once the signature is verified, the ballot is removed from the envelope it was mailed in while still in its own inside privacy envelope so the vote can't be read. These are all put with other ballots and are counted on the day of the election so that it is impossible to connect a particular ballot to the person who cast it.
Would be public knowledge in 3-5 years when quantum computers crack modern algorithms.
they already do that. It's not as easy to lie to your spouse as you think. And I am way, way more concerned with this kind of coercion.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Blockchain could probably be an effective way to allow the electorate to verify that their results were tallied correctly. Imagine each vote is added to a closed blockchain that's merged internally. Once the results are tallied the chain used for the tally is moved from air-gapped systems to the public internet. Once that happens the results are essentially fixed. The voters could have been given their key in the chain to check that it exists.
Using any of this to actually cast the votes is a terrible idea. We need a more strict consensus algorithm and chain of custody to handle that part.
"[We'll be] really getting inside your head and making it an unpleasant place to be" -- Trent Reznor
Spousal coercion is not far fetched at all. Why prevent a spouse from voting when you can effectively double your own vote? Or in some communities in the state where I live, multiply your vote by 3, 5, 7 etc. to sustain the local officials who keep the State and Federal officials from looking too closely at your lifestyle choices.
I've been programming computer for 40 years and I'll be hard pressed to follow what happens inside a "black box" voting machine, so imagine someone with no computer knowledge!
What is blockchain useful for? Verifying that the log history hasn't been altered with. Voting is the one scenario where what you're worried about is a bad actor mis-tallying the votes; ie, modifying the "history" of the votes. With blockchain, when you vote a majority of the other voters have to sign off on what you voted for. Then, your client keeps an offline copy. Each voter can then check that against their voting wallet to see what the result of the election is. If a bad actor somehow pulls off a 51% attack, the history will no longer match lots of voters offline snapshot of the state of the chain after they voted. It would be super easy to catch.
For example, foreign governments could hack into the computer systems that governments use to generate and distribute cryptographic credentials to voters.
What stops them from breaking into the computer system that distributes voter registration information to mess with who votes where?
They could bribe election officials to supply them with copies of voters' credentials.
Pretty sure bribery is an issue with all forms of voting that's not blockchain. Because with the blockchain 51% of the voters have their wallets to see what the results should be.
They could hack into the PCs or smartphones voters use to cast their votes.
And yet we somehow do online banking and online shopping. While they're at it, they could hack into the PC's tallying the paper ballots. Significantly smaller target than 51% of the voters.
They could send voters phishing emails to trick them into revealing their voting credentials
They could confuse voters by having them send in paper ballots to the wrong place.
Perfection can't be the enemy of the better.
The sole purpose of voting is to convince the losers they lost a fair election, so the winner's can govern with a mandate.
to be convincing There are only three things about any voting system that are important
1. the secret ballot
2. THat everyone can see how it works and and thus see how it's secured
3. That there's a way to recount that is traceable to the voters own hand written ballot.
Anything else is dross. Crytposystems, proof your vote was counted, etc, all nice but not important if you lose any of the above 3.
All these online voting systems utterly destroy the secret ballot and the also harm the other two.
Sheer stupidity.
Some drink at the fountain of knowledge. Others just gargle.
You have the computer that generates credentials offline, physically inaccessible and tamper-resistant. Very basic airwall type stuff. You can't hack what you can't reach. Physically transfer votes to a tape drive bridging the gap.
Voters never transmit voting credentials. Why would you need to? It's a shared secret, or one half of a public/private key pair. Transmit a vote encrypted by the credential and it'll only decrypt if valid.
The other issues are more significant. You can't do anything about a PC, so you'd need to make a voting tablet that was adequately secure. However, that's expensive and you can't prove who used it or that they weren't coerced. I'd prefer polling stations for that reason.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
wood be better. :)
[($)]
I don't think this happens in America, but in some countries people sell their vote, for money, food, jobs or to show "respect". As a result they elect mafious politicians who not only are grossly incompetent, but also deliberately keep their electors in a state of need, in which they will be easily led to sell their vote again and again.
With the secret ballot, those politicians need various tricks to have their "clients" prove that they voted whom they had to vote. If they could instead have them vote by phone, comfortably in front of them or of one of their "representatives", their racket would be much easier, and this would further degrade the quality of the government.
This video outlines the current problem with voting and provides links to the only solution that works...
https://www.youtube.com/watch?v=tUU67FDsWuE
And yet we somehow do online banking and online shopping. While they're at it, they could hack into the PC's tallying the paper ballots. Significantly smaller target than 51% of the voters.
*Precisely* this kind of hack of PC's tallying votes is already suspected to be happening at a significant scale in the US. It isn't a situation that is made better by more use of computers, whereas it is a situation made better by more use of manual counting.
and thus not to be addressed by a technical focus.
Granted, you can use technical tools to support the process, but they'll always have to be subordinate.
Take paper ballots, counted by hand. "How antiquated", you might say. But is there a better way to build up trust and transparency than to recruit people to survey and hand-count the process? Let this be a feast of democracy!
OTOH -- do you trust the apps running on your smartphone? I wouldn't.
many ways that foreign governments could compromise an online vote
I would look to the non-foreign possibilities first. The people most motivated to influence elections are the parties taking part. Either "officially" or some out-of-control breakaway factions.
They would also have greater access to all points of the voting process and be more able to leverage individuals who controlled it. We know from commercial and industrial hacking and espionage that most of the leaks come from within an organisation, yet most of the defences are outward-looking. It seems that those considering blockchain based voting are making the same mistakes and ignoring the much greater, internal, threat.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
It's not possible because slashdot reader disagrees - classic slashdot know it all blockchain is hype attitude. We should just let the country be run by the slashdot folks!
I remember a company I once worked for. It was a voice verification technology. A mike picks up your voice and decides it's you.
One day we learned that the Defense Department was investing. We joked "Why to Guard the nuclear arsenal?" Answer "Yeah". Our reaction. "The world is doomed."
Every technical person left the company. Including the people responsible for the recognition science. This was a company that literally had 200% annual turnover.
A few years later, Bush v Gore. I'm listening to some guy as a guest on a radio talk show. He's talking about implementing a internet voting system using voice verification using you guessed it this companies technologies.
You know what? I've been hearing about dead voting all my life. About districts that report more votes then registered voters. About people being register who moved a long time ago.
Instead all sorts of new voting systems which have all sorts fo new flaws lets first fix the present flaws.
https://xkcd.com/2030/
Long live the Speaker Bracelet
Rolo D. Monkey
It seems trivial to use paper ballots, give the voter a receipt, and let them check online to see if the ballot was counted - not how they voted, but that the ballot was processed. Vote by mail only requires that the receipt be included in the ballot materials mailed to voters.
God this is simple. I get this sort of service with product rebates and even those sub-dollar class action settlements. The tech is straightforward, the cost reasonable, it's just that easy. Yes, it will require decommissioning some voting machines, and some of those are due for retirement, so yes some cost.
Now, if you reject this idea because it cannot ensure your vote was counted ACCURATELY, well, rather than simple bookkeeping, you're concerned with fraud. That's different. One way out, mandatory recounting/reprocessing. Another idea, multi-partisan observers at all steps of the process. I observed a recount more than 20 years ago, and it was instructive, but in that instance it didn't diminish my faith in my election officials, just in the partisan political hacks trying to destroy the process, even then. A few years later and when a recount was called for by the law, the kerfuffle over finding the ballot boxes, stored in a locked room overnight, were unsealed, opened and cigarette butts/ashtrays/ashes were found on them. That worried me, and state police stood guard after that, though the recount proceeded without controversy and confirmed the original results.
It's a tricky business, apparently.
deleting the extra space after periods so i can stay relevant, yeah.
Can it be done, probably? A lot of smart people develop lots of things. It's the vast majority of the population that can't tell the difference between a web browser, their monitor, and "the internet" that would have to use such a system.
Tapscott and his son are basically corporate snake oil salesman existing solely in the world of conferences, buzzwords and thinktanks.
The only problem blockchain 'solves' in voting is not enough public funding going to private companies that sell 'solutions' to less than tech savvy county voting boards.
This is the problem when technologies reach popular fad status. Every idiot thinks that it is somehow a magic bullet that will fix all your woes, even the non-technical ones.
It happens over and over and over again without fail. Considering that this happens every few years, it now blows my mind that we keep falling for it considering that the last episode couldn't possibly have been so long ago that it faded from memory. And yet here we are.
Blockchain is a great technology. But FFS learn how it actually works and what it's limits are before flapping your gums about how it can cure cancer, homelessness, all while slicing veggies effortlessly.
we can buy your vote. No one will know, because you are anonymous. How many people would be willing to go vote , for whomever for $50?
I could see a whole black market for votes developing.
âoeTolerance applies only to persons, but never to truth. Intolerance applies only to truth, but never to persons.
Call me when blockchain can scale to handle 120 million transactions in a day.
WRONG
If you can verify that your vote was included, then obviously it wasn't anonymous.
This is basic logic. Blockchain is useless for voting, unless you are okay with the voting history of everyone being public.
It isn't a situation that is made better by more use of computers, whereas it is a situation made better by more use of manual counting.
But every voter having a wallet for their precinct, is a way for every voter to be part of manual counting. Not just those who manually do the counting and then report in the tallies, and hope that the person they're talking to writes the tallies down correctly.
WRONG AGAIN
Blockchain is useless for voting because in order to verify the vote it must be possible to map votes to people.
This is against the rules of voting in the US, and many other countries to prevent people from selling their vote, or being coerced to vote a certain way.
If you are not able to map votes to people, then the blockchain becomes just as secure as the current system.
As for us being able to do online banking: we don't care that the bank is able to identify us and track all our transactions.
The bank is a central authority who we trust to a significant degree.
Anonymous voting is not allowed. Only a U.S. Citizen can vote.
I want to see the headlines: "Unknown candidate 1337 h4x0r wins in a surprise write-in landslide."
That'll put the kibosh on this nonsense right quick.
A ballot is a blank sheet of paper.
You write on it the offices and the candidates you're voting for.
Spelling counts.
It's really not taking part in a manual count, though, is it? It's trusting that a screen is telling you something meaningful about the integrity of an election.
I don't think that even when we would remove all, or at least most briers to cast a vote from your phone or a computer it will happen any time soon.
The politicians and power structures are there to care about them selfs first... The quick, secure and convenient voting would change the system completely. Why would we only vote every few years or so and choose representative? Why not vote on any and all issues that I am interested in? Well that would take power from politicians and put it into the hands of populis, exactly what all power is most afraid of. No costly elections, no 'I am the best candidate' mentality and 'Vote for me and I promise....' since we as citizens could steer the boat and most of all change our mind, we would have voice and group of highly skilled technocrats who would fulfil the choice of the people... Look at UK and their 'we changed our mind about Brexit" problem. How come Donald or any other power figure can pass laws and make decisions that will affect most people for years to come but are very unpopular when polled? I wish that we can have direct democracy with technocrats, not this few hundred years old system of governance that is just perpetuating old and outdated ideas. Let's think like we are in 21 century no stuck in 19th.
Estonia is the only country who uses blockchain technology combined with Government issued ID-cards for authentication to make online voting happen. Until now there are no known successful attempts to hack the system.
Estonia as a country has used this technology for years for local and government elections. This is combined with government issued ID-cards that are used for authentication. ID-card information is not stored in the blockchain just the votes. Every person can later double check if there vote was tampered or not. Until not here are no known successful hack attempts. You can vote over special app, what is available for Windows, Linux, Mac and also for iOS and Android. More information about how it is organized on the official page: https://www.valimised.ee/en
I'm so tired of hearing about this. My new number one criteria for hiring is that if you mention the blockchain I know that you don't know shit about shit. Blockchain has fuck zero to do with voting. It solves almost no real world problem.