Slashdot Mirror
Blockchain-Based Elections Would Be a Disaster For Democracy (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: If you talk to experts on election security (I studied with several of them in graduate school) they'll tell you that we're nowhere close to being ready for online voting. "Mobile voting is a horrific idea," said election security expert Joe Hall when I asked him about a West Virginia experiment with blockchain-based mobile voting back in August. But on Tuesday, The New York Times published an opinion piece claiming the opposite. "Building a workable, scalable, and inclusive online voting system is now possible, thanks to blockchain technologies," writes Alex Tapscott, whom the Times describes as co-founder of the Blockchain Research Institute. Tapscott is wrong -- and dangerously so. Online voting would be a huge threat to the integrity of our elections -- and to public faith in election outcomes.
Tapscott focuses on the idea that blockchain technology would allow people to vote anonymously while still being able to verify that their vote was included in the final total. Even assuming this is mathematically possible -- and I think it probably is -- this idea ignores the many, many ways that foreign governments could compromise an online vote without breaking the core cryptographic algorithms. For example, foreign governments could hack into the computer systems that governments use to generate and distribute cryptographic credentials to voters. They could bribe election officials to supply them with copies of voters' credentials. They could hack into the PCs or smartphones voters use to cast their votes. They could send voters phishing emails to trick them into revealing their voting credentials -- or simply trick them into thinking they've cast a vote when they haven't.
Tapscott focuses on the idea that blockchain technology would allow people to vote anonymously while still being able to verify that their vote was included in the final total. Even assuming this is mathematically possible -- and I think it probably is -- this idea ignores the many, many ways that foreign governments could compromise an online vote without breaking the core cryptographic algorithms. For example, foreign governments could hack into the computer systems that governments use to generate and distribute cryptographic credentials to voters. They could bribe election officials to supply them with copies of voters' credentials. They could hack into the PCs or smartphones voters use to cast their votes. They could send voters phishing emails to trick them into revealing their voting credentials -- or simply trick them into thinking they've cast a vote when they haven't.
will be implemented in blockchain and decided by AI voters!
I like how "blockchain technology" now means everything. Certainly everything related to cryptography. Sure, you could do something like have everyone cryptographically sign their vote and then you could have it anonymously verifiable. What does that have to do with a block chain?
Trump indicted in 5... 4... 3...
right here
Can we just have vote by mail in all 50 states already? It's 2018. I shouldn't have to go to the polls. If somebody's trying to force you to the polls it's because they don't want you to vote.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Anonymous??? For fucks sake. Oh look, we just got 17 billion anonymous votes for Trump. Funny, not that many people on the world yet.
Trump already has, but he's not for democracy either.
I suppose it's barely possible that my vote isn't being counted, but I would be VERY surprised if that were the case, other than trivial clerical errors. The problems we need to solve are things like "People are not database records", and "People don't listen" and "People who listen screw up all the time" and "Infrastructure is selected by committees of people, and people are terrible at their jobs". Basically we're way past the point where mere technical issues dominate the problem space, the big problems are social and political issues which aren't reasonable to blockchain your way out of.
Also, believe me, if you take someone who suspects that the system is rigged against them, introducing a digital voter ID and an explanation involving crypto math is NOT going to make them comfortable. I would have thought that would be self-evident from a few minutes paying attention to Facebook.
The point is not that voting by blockchain could be hacked or rigged. The point is that with pretty much any system that relies on computers to tally the votes, the results can not be independently verified end-to-end by laymen. Everyone can understand how voting by paper ballot works, how the ballots are counted, and how the count is verified, and that means everyone can participate in safeguarding or verifying an accurate count. That is where "public faith in elections" comes from.
Besides: rigging a paper based election is possible but the number of people you need to involve scales linearly with the amount of votes you want to falsify, increasing chances of being caught. That's not the same for computer based voting; fraud is much easier to hide, and easier to carry out on a massive scale.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
If I can verify my vote, someone can peel my skin with a carrot peeler until I verify it.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
You would think that if there was more than a minuscule amount of voter/voting fraud happening, people would be slinging proof from the rooftops. The lack of proof leads credence to the fact that is not a large factor for anything, which means our current processes, while not that great are still reliable.
Postal voting seems much better to me in some cases. For instance, I had about 90 questions on my ballot (2 very long and double sided pages). If I wasn't able to remember or write down all the things I wanted, that would be near impossible to remember for something so crucial while filling it out. Having the mail in form in front of me so I can deliberate and look up information seems like a much better way to do this, no?
The problem with mail-in voting is that it's possible to coerce people to vote a certain way. I'm not even talking about broad conspiracies to alter the vote en masse. For example, I wouldn't be surprised if many spouses said they were voting one way, for the sake of marital harmony, but in fact voted another.
You can lead a horse to water, but you can't make it dissolve.
There's a fundamental problem with online voting... and it would be a huge problem, even IF you could absolutely guarantee 100% security: it's a serious threat to secret ballots. Right now, in most places, if an ultra-frail person shows up to vote who needs assistance, they election officials will provide a poll worker to help them, but WON'T allow a family member or anyone else to accompany them, for that precise reason.
Right now, a husband and wife can easily cancel out each other's votes. If online voting is allowed, there's little to stop the spouse with more power in the relation ship (or who's less ambivalent about voting) from voting on the other's behalf after getting the spouse to log in.
There are other opportunities for coercion... say, an employer (or union, or any other group) who decides to "encourage voting" via the internet "right now" (in at least semi-public view, with at least some social pressure to vote the "right" way). Think: a politically-active church that, instead of marching its congregation off to early voting at a polling place nearby, passes around tablets after the second collection while encouraging people to vote the "right" way in front of their friends, neighbors, and family members.
Let's not forget the possibility of rounding up a bunch of poor people and offering to pay them $20 apiece if they come "vote online" and cast verified ballots for the "right" candidates.
THIS is why voting needs to occur in private, but in a public location where individual voters CAN'T be coerced by anyone.
The right to a secret, coercion-free ballot is absolutely fundamental. It's at least equal in importance with security, and is arguably part of "integrity". It's a fundamental problem with internet voting that simply CAN'T be solved.
Obviously, it's also a potential problem with absentee ballots sent by mail... the difference is, absentee ballots are an edge case, generally used by a relatively small number of voters. Yeah, there are some elections now held by mail only... but they're for local races that few people care about anyway. The more powerful the office, the greater the stakes.
let's embrace it instead.
Judging by the class of people that win all the time, the voters already have.
"A political party sending in 10000 extra postal votes under names that should not be voting any more?"
If someone is not at the address they are registered, the ballot will be returned. People are required to sign their name on the outside of the envelope the ballot is mailed in and it is matched to the signature on the voting roll. If there is a question, it can be challenged. Once the signature is verified, the ballot is removed from the envelope it was mailed in while still in its own inside privacy envelope so the vote can't be read. These are all put with other ballots and are counted on the day of the election so that it is impossible to connect a particular ballot to the person who cast it.
Would be public knowledge in 3-5 years when quantum computers crack modern algorithms.
they already do that. It's not as easy to lie to your spouse as you think. And I am way, way more concerned with this kind of coercion.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Blockchain could probably be an effective way to allow the electorate to verify that their results were tallied correctly. Imagine each vote is added to a closed blockchain that's merged internally. Once the results are tallied the chain used for the tally is moved from air-gapped systems to the public internet. Once that happens the results are essentially fixed. The voters could have been given their key in the chain to check that it exists.
Using any of this to actually cast the votes is a terrible idea. We need a more strict consensus algorithm and chain of custody to handle that part.
"[We'll be] really getting inside your head and making it an unpleasant place to be" -- Trent Reznor
I've been programming computer for 40 years and I'll be hard pressed to follow what happens inside a "black box" voting machine, so imagine someone with no computer knowledge!
What is blockchain useful for? Verifying that the log history hasn't been altered with. Voting is the one scenario where what you're worried about is a bad actor mis-tallying the votes; ie, modifying the "history" of the votes. With blockchain, when you vote a majority of the other voters have to sign off on what you voted for. Then, your client keeps an offline copy. Each voter can then check that against their voting wallet to see what the result of the election is. If a bad actor somehow pulls off a 51% attack, the history will no longer match lots of voters offline snapshot of the state of the chain after they voted. It would be super easy to catch.
For example, foreign governments could hack into the computer systems that governments use to generate and distribute cryptographic credentials to voters.
What stops them from breaking into the computer system that distributes voter registration information to mess with who votes where?
They could bribe election officials to supply them with copies of voters' credentials.
Pretty sure bribery is an issue with all forms of voting that's not blockchain. Because with the blockchain 51% of the voters have their wallets to see what the results should be.
They could hack into the PCs or smartphones voters use to cast their votes.
And yet we somehow do online banking and online shopping. While they're at it, they could hack into the PC's tallying the paper ballots. Significantly smaller target than 51% of the voters.
They could send voters phishing emails to trick them into revealing their voting credentials
They could confuse voters by having them send in paper ballots to the wrong place.
Perfection can't be the enemy of the better.
The sole purpose of voting is to convince the losers they lost a fair election, so the winner's can govern with a mandate.
to be convincing There are only three things about any voting system that are important
1. the secret ballot
2. THat everyone can see how it works and and thus see how it's secured
3. That there's a way to recount that is traceable to the voters own hand written ballot.
Anything else is dross. Crytposystems, proof your vote was counted, etc, all nice but not important if you lose any of the above 3.
All these online voting systems utterly destroy the secret ballot and the also harm the other two.
Sheer stupidity.
Some drink at the fountain of knowledge. Others just gargle.
You have the computer that generates credentials offline, physically inaccessible and tamper-resistant. Very basic airwall type stuff. You can't hack what you can't reach. Physically transfer votes to a tape drive bridging the gap.
Voters never transmit voting credentials. Why would you need to? It's a shared secret, or one half of a public/private key pair. Transmit a vote encrypted by the credential and it'll only decrypt if valid.
The other issues are more significant. You can't do anything about a PC, so you'd need to make a voting tablet that was adequately secure. However, that's expensive and you can't prove who used it or that they weren't coerced. I'd prefer polling stations for that reason.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
wood be better. :)
[($)]
I don't think this happens in America, but in some countries people sell their vote, for money, food, jobs or to show "respect". As a result they elect mafious politicians who not only are grossly incompetent, but also deliberately keep their electors in a state of need, in which they will be easily led to sell their vote again and again.
With the secret ballot, those politicians need various tricks to have their "clients" prove that they voted whom they had to vote. If they could instead have them vote by phone, comfortably in front of them or of one of their "representatives", their racket would be much easier, and this would further degrade the quality of the government.
And yet we somehow do online banking and online shopping. While they're at it, they could hack into the PC's tallying the paper ballots. Significantly smaller target than 51% of the voters.
*Precisely* this kind of hack of PC's tallying votes is already suspected to be happening at a significant scale in the US. It isn't a situation that is made better by more use of computers, whereas it is a situation made better by more use of manual counting.
many ways that foreign governments could compromise an online vote
I would look to the non-foreign possibilities first. The people most motivated to influence elections are the parties taking part. Either "officially" or some out-of-control breakaway factions.
They would also have greater access to all points of the voting process and be more able to leverage individuals who controlled it. We know from commercial and industrial hacking and espionage that most of the leaks come from within an organisation, yet most of the defences are outward-looking. It seems that those considering blockchain based voting are making the same mistakes and ignoring the much greater, internal, threat.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
It's not like admitted non-citizens who are registered are told they cannot vote... Oh wait, they are told they CAN vote... Get yourself registered (Moter-Voter law makes that trivial - there is ZERO check about citizenship other than a "I am a citizen" checkbox), and you can come in and vote as a non-citizen!
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
I remember a company I once worked for. It was a voice verification technology. A mike picks up your voice and decides it's you.
One day we learned that the Defense Department was investing. We joked "Why to Guard the nuclear arsenal?" Answer "Yeah". Our reaction. "The world is doomed."
Every technical person left the company. Including the people responsible for the recognition science. This was a company that literally had 200% annual turnover.
A few years later, Bush v Gore. I'm listening to some guy as a guest on a radio talk show. He's talking about implementing a internet voting system using voice verification using you guessed it this companies technologies.
You know what? I've been hearing about dead voting all my life. About districts that report more votes then registered voters. About people being register who moved a long time ago.
Instead all sorts of new voting systems which have all sorts fo new flaws lets first fix the present flaws.
https://xkcd.com/2030/
Long live the Speaker Bracelet
Rolo D. Monkey
It seems trivial to use paper ballots, give the voter a receipt, and let them check online to see if the ballot was counted - not how they voted, but that the ballot was processed. Vote by mail only requires that the receipt be included in the ballot materials mailed to voters.
God this is simple. I get this sort of service with product rebates and even those sub-dollar class action settlements. The tech is straightforward, the cost reasonable, it's just that easy. Yes, it will require decommissioning some voting machines, and some of those are due for retirement, so yes some cost.
Now, if you reject this idea because it cannot ensure your vote was counted ACCURATELY, well, rather than simple bookkeeping, you're concerned with fraud. That's different. One way out, mandatory recounting/reprocessing. Another idea, multi-partisan observers at all steps of the process. I observed a recount more than 20 years ago, and it was instructive, but in that instance it didn't diminish my faith in my election officials, just in the partisan political hacks trying to destroy the process, even then. A few years later and when a recount was called for by the law, the kerfuffle over finding the ballot boxes, stored in a locked room overnight, were unsealed, opened and cigarette butts/ashtrays/ashes were found on them. That worried me, and state police stood guard after that, though the recount proceeded without controversy and confirmed the original results.
It's a tricky business, apparently.
deleting the extra space after periods so i can stay relevant, yeah.
Can it be done, probably? A lot of smart people develop lots of things. It's the vast majority of the population that can't tell the difference between a web browser, their monitor, and "the internet" that would have to use such a system.
The only problem blockchain 'solves' in voting is not enough public funding going to private companies that sell 'solutions' to less than tech savvy county voting boards.
This is the problem when technologies reach popular fad status. Every idiot thinks that it is somehow a magic bullet that will fix all your woes, even the non-technical ones.
It happens over and over and over again without fail. Considering that this happens every few years, it now blows my mind that we keep falling for it considering that the last episode couldn't possibly have been so long ago that it faded from memory. And yet here we are.
Blockchain is a great technology. But FFS learn how it actually works and what it's limits are before flapping your gums about how it can cure cancer, homelessness, all while slicing veggies effortlessly.
we can buy your vote. No one will know, because you are anonymous. How many people would be willing to go vote , for whomever for $50?
I could see a whole black market for votes developing.
âoeTolerance applies only to persons, but never to truth. Intolerance applies only to truth, but never to persons.
It isn't a situation that is made better by more use of computers, whereas it is a situation made better by more use of manual counting.
But every voter having a wallet for their precinct, is a way for every voter to be part of manual counting. Not just those who manually do the counting and then report in the tallies, and hope that the person they're talking to writes the tallies down correctly.
I want to see the headlines: "Unknown candidate 1337 h4x0r wins in a surprise write-in landslide."
That'll put the kibosh on this nonsense right quick.
A ballot is a blank sheet of paper.
You write on it the offices and the candidates you're voting for.
Spelling counts.
It's really not taking part in a manual count, though, is it? It's trusting that a screen is telling you something meaningful about the integrity of an election.
Estonia as a country has used this technology for years for local and government elections. This is combined with government issued ID-cards that are used for authentication. ID-card information is not stored in the blockchain just the votes. Every person can later double check if there vote was tampered or not. Until not here are no known successful hack attempts. You can vote over special app, what is available for Windows, Linux, Mac and also for iOS and Android. More information about how it is organized on the official page: https://www.valimised.ee/en