
What Happened with West Virginia’s Blockchain Voting Experiment? - randomwalker
https://slate.com/technology/2019/07/west-virginia-blockchain-voting-voatz.html
======
mobilefriendly
I live in West Virginia and anything dealing with the state government has to
start with an assumption that it is being done for corrupt reasons. Ask first
how a contract or project financially benefits key state officials or their
family. I can't emphasize enough how predatory and corrupt the government is
here. Both leading Republican candidates for governor are under federal
corruption investigations. There's a reason West Virginia is losing population
and remains among the poorest states in the USA. Where West Virginia isn't
corrupt, it is incompetent. The state can't even provide safe drinking water
for its people, or even create a framework for official electronic
signatures-- it has no business innovating in voting tech. West Virginia is
the last place you want as your laboratory for voting technology.

~~~
diveloper
Dang, I just moved to WV for a software dev internship for the summer. Is it
okay to drink the water in Charleston?

~~~
professorgerm
Yes. I assume they're referencing the chemical spill several years ago, and
the water has tested clean consistently since.

I've never heard of other issues with the water quality in Charleston
(assuming it's city water and not straight from the Kanawha), and I consider
it some of the better-tasting municipal water in the Mid-Atlantic region.

------
h4l0
Blockchain for voting sounds like a terrible invitation to a terrible party.
Voting is already a delicate subject which is really hard to secure on
information systems. Researchers have spent decades to figure out a perfect
solution but came short.

Blockchain has already surpassed its boundaries for multiple reasons. However,
voting should be beyond that line. There are many questions that need to be
answered before even thinking about using blockchain for voting.

\- How will identification work?

\- What is the proof-of-work scheme?

\- How can you be sure that every vote ends up in the ledger? Transactions
usually get lost and sometimes takes few tries to reach to miner.

\- Most important property is that not a single vote should be traced back to
its caster. Blockchain is all public, how are you going to anonymize
everything? IP addresses of transaction owners are already open.

Edit: Formatting.

~~~
RL_Quine
> _How will identification work?_

That's the whole problem, and always unsolved (because it's hard). You need to
be able to ensure that votes are made by real people, that votes aren't
duplicated, and that votes are included in a count. Some of this is easy, some
of this is near impossible. None of this is solved by a blockchain, which is
at its core simply a remarkably inefficient, if decentralized, timestamping
system. When a "blockchain" is presented as a solution, ask why the
trustworthiness of timestamping was holding back a particular technology
before now.

~~~
orblivion
ZCash (from what I can understand of it) seems like it could be the basis to
use. Suppose everyone sets up a wallet and they get paid one ZVoteCoin at
voter registration. Then they go home and do a shielded transaction (you
didn't even mention anonymity) to their favored candidate. Their wallet should
tell them that the transaction went through.

~~~
RL_Quine
Your solution doesn't provide a solution to the core problem.

How do you identify that voters have a vote, and people that shouldn't have a
vote didn't vote.

~~~
orblivion
> How do you identify that voters have a vote

The voters can see that their own transaction went through. Administrators
(and everyone else) can count total votes cast at the end of the elections by
the balances of the candidates' wallets. That's at least as good as paper
ballots in this specific respect.

> and people that shouldn't have a vote didn't vote.

The voter's wallet can be tied to the voter's registration. Again, at least as
good as what we have now, in this specific respect.

I think I've just made a more elaborated restatement of what I already said.
Could you identify a specific hole in my system? You could point to voting
software _in general_ being a bad idea, and that's fair enough. But it doesn't
sound like that's what you were saying.

~~~
acdha
> The voters can see that their own transaction went through.

How do you prevent vote selling and coercion?

~~~
misterdoubt
Concerns about vote selling and coercion are already gone. It's practically
impossible to actually prevent people from filming their votes as they are
cast, and livestreaming my vote to you is just as good as having you sit in my
doorway for it.

~~~
the_snooze
The beauty of paper ballots is you can spoil them and get a new blank sheet.
Sure, livestream yourself filling out your ballot. That doesn't mean you
actually cast that ballot. The poll workers will tell you to put your camera
away when you're outside the booth on the way to the ballot box.

------
mjparrott
It seems undemocratic to hide behind “proprietary technology” to describe the
vote counting process. It’s a public process.

------
apo
What little has been described offers plenty of attack surface. The white
paper has this to say about how paper copies of votes are printed out:

> When the polls close, members of each county clerk’s staff insert two
> cryptographically secure thumb drives into the vendor’s administrative
> portal laptop. Once the two thumb drives are verified, votes on the
> blockchain are automatically assembled as PDF files for each county. The
> Secretary of State’s office sends each county one PDF file containing all
> the marked ballots submitted by voters of that county. The clerk’s staff
> prints the ballots on cardstock with a ballot printer capable of printing up
> to 20” two-sided ballots (see Fig. 4). Each printed ballot contains the
> anonymous ID of the voter (see highlight in Fig. 5). Tabulation and the
> consolidation of results is done automatically by scanning the paper ballot
> into the precinct tabulator of the primary voting system (see Fig. 6).

[https://sos.wv.gov/FormSearch/Elections/Informational/West-V...](https://sos.wv.gov/FormSearch/Elections/Informational/West-
Virginia-Mobile-Voting-White-Paper-NASS-Submission.pdf)

How do the clerks get these thumb drives? What's the protocol for storage
until used? Who has access to them? What physical security features do the
drives implement?

If I were going to attack this system, the thumb drives seem like a juicy
target with plenty of social engineering opportunities.

------
jrumbut
Just use paper ballots. The only useful election technology is scantron.

We do not need this. It isn't even a solution in search of a problem it's a
problem in search of a place to explode.

A rundown on some of their security:
[https://mobile.twitter.com/GossiTheDog/status/10266038003653...](https://mobile.twitter.com/GossiTheDog/status/1026603800365330432)

~~~
JohnJamesRambo
I do need this. How can I ever check if my vote was counted by paper ballots?

It seems like blockchain would allow everyone to be able to check that their
vote counted, in an anonymous yet totally transparent and verifiable way.

~~~
83457
Are you suggesting a way to verify your vote was counted correctly is needed?
Wouldn't that provide the ability for folks to sell their vote by being able
to show someone else?

~~~
dfxm12
No, you already have the ability to sell your vote.

~~~
MichaelApproved
Without proof that you voted a certain way, people are unlikely to pay you.

That's why some states don't allow you to take a picture of a ballot that you
filled out. They're trying to prevent you from confirming that you voted a
certain way.

~~~
criddell
First, why shouldn't I be allowed to sell or trade my vote?

Secondly, there are states where you can vote by mail. Do you know if vote
selling is a big problem in those states?

~~~
Frondo
I lived in Oregon--which has had exclusively vote by mail for decades--for a
while and never heard anyone bring up vote selling as a risk to election
integrity. No one (journalists, legislators, etc) ever claimed it was
happening.

The state republican party still makes occasional claims of voter fraud, but
those are exceedingly rare -- something like 54 ballots out of 4 million in
the 2016 election cycle -- and they mostly come down to people voting in
Oregon and in another state at the same time.

The only reported case of election fraud I can remember was in 2016 and done
by a republican, in which she tossed out a bunch of democratic voter ballots.
That's it.

For two decades of elections, Oregon hasn't had a problem with election
integrity. They do, however, have a consistently high turnout, which they
attribute to vote-by-mail.

~~~
monocasa
Oregon has a scheme to allow you to replace your mailed in ballot is why.

And this is a real issue, vote buying and cohersion has historically been the
most common voter fraud mechanism in the US. It's a major part of how the Boss
Tweed and his associates ran New York.

------
jimhefferon
> Voatz’s website states that “a paper ballot is generated on election night”
> and is tallied “using the standard counting process at each participating
> county.” What that means is the voter’s vote is sent to the county clerk
> staff as a PDF, and the county clerk staff prints it out and puts it into
> the scanning tabulator.

?So at some point your vote is printed out on a paper, and scanned? Doesn't
seem all that anonymous, for one thing.

~~~
yum_tasty
An anonymous id is attached to the pdf. Not the users specific
name/information.

"The county clerks were able to conduct a pre-tabulation audit (unprecedented
in US election history) by comparing anonymized copies of the voter verified
digital receipts with the marked paper ballots prior to feeding the paper
ballots into the scanners for seamless tabulation alongside the primary voting
system."

~~~
jimhefferon
Can you say more? How do the clerks know it is a voter from their district
without a name, or other identifying information?

~~~
yum_tasty
This is the Voatz blog response to the slate story. It's where I got the above
quote from.

[https://blog.voatz.com/?p=997](https://blog.voatz.com/?p=997)

~~~
jimhefferon
Thanks. I don't get the anonimization. I live in a town of 5000, and I wonder
how many overseas ballots the Town Clerk sees. Total speculation on my part,
but it would not surprise me if it was 1.

------
dcolkitt
Blockchain is a buzzword, but we've already had strong cryptographic protocols
for voting that predate Satoshi.

We've known for decades how to conduct elections where every vote is provably
counted, any individual vote is completely anonymous, and the identity of
every voter participant is provable (i.e. preventing ballot stuffing).

[1][https://en.wikipedia.org/wiki/End-to-
end_auditable_voting_sy...](https://en.wikipedia.org/wiki/End-to-
end_auditable_voting_systems)

~~~
yum_tasty
We've used horses for centuries... How dare anyone suggest that trains, planes
or auto-mobiles could be useful.

~~~
grepthisab
Really bad take. Blockchain offers no benefits to what provably worked in the
past, whereas there are many advantages to planes, etc. over horses.

~~~
yum_tasty
That's completely inaccurate.

1\. Every vote further secures the blockchain voting process. The only way to
overcome this is with a 51% attack, so every vote cast further ensures the
validity of the entire chain.

2\. The chain can be public and anonymous, which gives every voter a
verifiable way of understanding their vote. They can look and ensure that
their vote was cast exactly as they intended, but it also allows
administrators a way to review the votes.

The core part that the article got wrong was that county administrators have a
definite way of pre-tabulating as well as tabulating votes.

------
DanCarvajal
What other states are experimenting with memes?

------
blaser-waffle
"We don’t really know—and that’s worrisome."

Isn't the point of the blockchain that you always know?

~~~
maeln
As far as i understand, the software used ("Voatz") is a private blockchain
and there is no public information about who runs what.

As far as we know, Voatz could control all the peers in their blockchain
making them able to change the vote as they please.

~~~
iamnotacrook
If the blockchain is published can't people check 1) that the votes add up to
the correct totals and 2) that their vote is reflected in the blockchain?

~~~
lukeschlather
A blockchain (at least one used like this) is not the right tool here.

Really, all you need is some sort of publicly-defined machine-readable
representation of your vote that gets a digital signature locally on your
device. You have an open-source app that can sign the vote payload. Then you
send the signed payload to the server where it gets added to a plaintext
repository.

At this point it would be good to use a signed chain (like git for example)
and at this point you "commit" your vote with a timestamp and send the result
back to the client. (Commit hash and timestamp.)

Then later, you could just look for the commit sha and timestamp. Of course
this means anyone with access to your signature can see who you voted for.
Which is a general shortcoming of signature-chain systems.

Another way of doing it might be to have two different blockchains. One has
signatures + votes and the other has only the signatures. The one with only
the signatures is publicly posted, and the one with signatures + votes is
privately audited. The trouble is deciding whether you value anonymity or
integrity more.

Of course, in this case it's not clear what the people involved value, since
the blockchain is private and just a database that anyone can recreate from
scratch at any time.

------
robomartin
"But how secure and accurate was the 2018 vote? It’s impossible to tell
because the state and the company aren’t sharing the basic information experts
say is necessary to properly evaluate whether the blockchain voting pilot was
actually a resounding success."

...and that's when I stopped reading.

------
rebuilder
This seems so preposterous I have a hard time believing the story is being
reported correctly. The state or Voatz are apparently unwilling to prove their
system is secure. What are they going to do if someone disputes the results of
the election?

------
otabdeveloper4
Presumably, it went wherever all the other 'blockchain experiments' went.

------
nebulous1
Transparency/verifiability seems like almost the only half-way decent reason
to use a blockchain for voting. And then they do it using a closed source
undocumented proprietary blockchain.

~~~
josefx
Until your boss fires you for not voting to the company line, of course not
officially. Having a verifiable can turn into a double edged sword for many
reasons.

------
lucasrabreu
Chuck Rhoades stopped it

------
egypturnash
Voatz.

 _Voatz_.

Yes, let's trust a bunch of people who think "Voatz" is a good, adult name for
a tool for a crucial part of the process of democracy.

