
Are Blockchains the Answer for Secure Elections? Probably Not - digital55
https://www.scientificamerican.com/article/are-blockchains-the-answer-for-secure-elections-probably-not/
======
simongr3dal
We can probably spend the next decade trying to theoretically engineer our way
to a method for secure and tamperproof electronic voting.

But how does that ensure that “normal” people (who doesn’t have a solid grasp
of blockchains and cryptography) can verify that the voting machines
themselves actually are running the correct software without having to break
out a chemistry set and a microscope to analyse the ICs?

Can the integrity of every machine ever be verified, and even if the system
discards votes from machines not running the correct software, now people are
having their votes discarded because they used a hacked machine.

With paper ballots it allows pretty much anyone to watch the ballots from
being put in the box to when they are being counted and then they can confirm
that the ballots haven’t been tampered with.

~~~
kosievdmerwe
Yeah pretty much my view. Paper ballots work. If you can't afford to have
paper ballot elections, then your country has bigger issues.

I also question whether electronic voting would be cheaper, since if you want
to avoid foreign tampering you would have to develop the machines
independently and internally in your country. Hardly a cheap proposition.

------
kjeetgill
This is probably the first non-currency use of block chain that actually made
my stop and reconsider the eye-roll I had locked and loaded.

I like the idea of votes essentially sitting in a public ledger. They can be
independently tallied by anyone.

You walk into a voting booth and get IDd. They hand you a random QR code
token, pre-printed, not tied to your identity.

You place your vote. It can publically write your state/county maybe city
information, vote, keyed by your QR token.

I can take my QR to any third party to verify my vote was correct and got
tallied.

~~~
sebiol
Interesting concept of separating your identity from the ID used to vote.

There is one problem though. With the QR code you would be able to show
someone how you voted. Thus making it possible to coerce or buy votes.

~~~
ixwt
Homomorphic encryption might be able to be used to demonstrate your vote has
been tallied, but make it impossible to prove what you voted for. The problem
with this being that you can't vote that your vote was tallied for what you
wanted it to be. But that is also a problem with the counters. A malicious
counter could "miscount" a vote as another vote.

------
seanalltogether
Imagine it's voting day, you go to a polling location and sign in to verify
that you are a real person and allowed to vote. They generate a private/public
key for you on the spot and hand it to you without officially linking your
name and key together on the record, so your vote can remain anonymous. (Or
maybe you're even allowed to generate your own and let polling station just
verify the public key) You vote for who you want, sign the vote with your
private key and then keep your public key for your own personal records. Your
vote is added to a master database and made publicly available for anyone to
verify. You can give your public key to anyone you trust to validate your
vote, or just look it up yourself to make sure nothing was altered.

Now how does running this mechanism through a P2P blockchain make this more
efficient, or more resilient against corruption?

~~~
ericpauley
Your proposed system fails at one of the most essential properties of voting,
repudiation. Voters must not be able to prove who they voted for, or they
could be coerced to vote a certain way.

------
apo
From the first paragraph:

 _With the U.S. heading into a pivotal midterm election, little progress has
been made on ensuring the integrity of voting systems—a concern that retook
the spotlight when the 2016 presidential election ushered Donald Trump into
the White House amid allegations of foreign interference._

Most of the allegations at the center of the media feeding frenzy have nothing
to do with tallying votes, but:

\- influencing voters through platforms like Facebook

\- airing the Democratic Party's dirty laundry regarding Sanders

\- the unsubstantiated claim by a certain President that illegal aliens voted
in droves

One notable exception is Reality Winner, who published classified materials
that among other things linked Russia to an attempt to contact a voting
machine company. She sits in prison today without bail awaiting a trial that
has been years in the making. Few have even heard of her.

The pro-election automation drumbeat seems to have very little basis in fact,
at least in the US.

~~~
votepaunchy
There will be no trial: “In June 2018, it was announced that Winner would
change her plea to guilty. In late June, she pleaded guilty to one count of
felony transmission of national defense information. Winner's plea agreement
with prosecutors calls for her to serve five years and three months behind
bars plus three years of supervised release. She is yet to be sentenced.”

[https://en.m.wikipedia.org/wiki/Reality_Winner](https://en.m.wikipedia.org/wiki/Reality_Winner)

------
Moodles
Other headlines I have read:

"What could blockchain do for music?"

"Blockchain - the future of healthcare?"

"De Beers turns to blockchain to guarantee diamond purity"

"Blockchain Technology Is Becoming Crucial For Space Exploration"

"The Blockchain Art Market is Here"

It is actually quite remarkable how much hype there is for this technology
that hasn't really done anything useful besides cryptocurrency (and even then,
we can argue about how useful that really is...). Seriously though, how on
Earth did the hype get this far? This technology is actually not that
interesting or new or proven to do anything. It's an interesting study of
human psychology. Are there any other examples of technology with a worse hype
to usefulness ratio? At least "machine learning" has actually done something
useful in places.

~~~
petra
If you build your own software that needs to be secure, it is hard and
risky(for your career).

Maybe the blockchain is a way to outsource that responsibility, rightfully,
because of the large community and money invested in making sure it's safe ?
Which manager won't like that ?

And also great, manager have heard of it - because bitcoin is famous.

In addition, blockchain offers a new funding mechanism. Which founder wouldn't
like that ?

And VC's seem to like all those virtual coins.

~~~
Moodles
Please explain, in detail.

~~~
petra
The bitcoin ecosystem, a type of blockchain, manages tons of money, and does
so in the public - open source, open ledger, everyone can try to either crack
or improve it, etc.

And yet it works well. And everybody has heard of it.

So let's say i'm a manager at big corp X, and need to implement a secure
transactions system(for whatever) - Is there a better way to cover my ass than
using a blockchain ? to cover my manager's ass than to choose
bitcoin/blockchain ? What is that way ?

As for VC, this is one article: [https://www.ccn.com/whats-behind-the-multi-
billion-dollar-ve...](https://www.ccn.com/whats-behind-the-multi-billion-
dollar-venture-capital-interest-in-crypto/)

And i think it also helps us understand why some founders would like
blockchain.

Also, a side note: it's extremely easy to make someone interested in the
success of some crypto coin. This means many people now have the motive, and
manipulating the media becomes a possibility , and maybe , it's easier in the
age of internet.

------
fizx
Maybe its worth asking what properties a blockchain would need in order to
provide a secure election, and ask whether those are possible. I'd love to see
results for blockchain-related election technology with similar sorts of
implications to Arrow's Theorem or the CAP Theorem of distributed systems.

Anyone aware of progress here?

~~~
maldeh
This feels a bit backwards to me - is the goal to describe and implement a
"secure election", or to apply blockchain to X?

~~~
dragontamer
Indeed. Furthermore, "secure elections" are a solved problem. Have paper
ballots, and scan them later. If you have any reason to suspect the scanners,
then throw away the scanners and then proceed by hand.

There are statistical methods to count a small number by hand (+ corroborate
with poll results) to ensure a degree of consistency. Chi-squared
distributions and stuff (I'm not a mathematician, but I'm sure there's some
statistical method to verify the results without counting everything by hand).

The main problem with blockchain is that it requires everyone to trust the
blockchain. With humans counting by hand, you don't require any trust. As long
as the ballots are properly stored, you can always recount the results.

~~~
aeternus
You still require trust with the paper ballots, there are multiple threat
models:

\- System needs to ensure everyone votes only once

\- Ensure each person meets the qualifications to vote

\- Ensure ballots cannot be counterfeit or additional ballots inserted somehow

\- Ensure votes are confidential throughout the process

\- Ensure voters cannot prove their votes to others

\- Ensure the people counting are trusted or the results checked / verified

\- Ensure all ballots are actually counted

One significant negative with the paper ballot method is that voters cannot
confirm the last point. I have no way of confirming that my ballot was
actually counted and contributed to the final tally's.

~~~
gruez
>\- Ensure voters cannot prove their votes to others

>\- Ensure all ballots are actually counted

aren't these two contradictory?

~~~
throwawaymath
I believe aeternus means proving the contents of the vote, not simply that
they voted. In that case, no, they're not contradictory.

------
squaredpants
Disclaimer: In no way do I claim to be an infosec engineer, security expert,
elections expert or any kind of expert that is relevant for this discussion.
My knowledge limits itself to distributed systems, cryptography and
development in general as a software engineer and elections as a voter.

From the point of view of a voter, I can summarize what I care about in an
election as follows:

\- My vote is counted in the final tally ("verifiability")

\- Every vote counted was cast by an eligible citizen, with no duplicates
(validity & uniqueness)

\- Every vote cast was properly counted into its correspondent candidate tally
(integrity)

\- The final count results from the sum of all the votes that meet the above
requirements

Now, paper ballets do all of this pretty well. But I should stress the
"pretty" part, as plenty of shenanigans can happen at a local level that put
these properties at risk. The thinking goes that since voting, especially in
the US, is pretty decentralized, the final tally ends up trending towards a
true result. Also, records are kept so that if the results are put into
question, they can be verified. However, that has not stopped elections from
being rigged in many parts of the world. In fact, even in the US this has
happened previously [1], albeit not public elections per-se (but still
politically-relevant ones).

Now, I'm not saying that the _magical_ blockchain can fix all of this.
Clearly, when it comes to validity, things can quickly get increasingly
difficult to tackle. For instance, proving your citizenship provides a single
point of failure vulnerable to government malfeasance if such is desired. If a
government entity is responsible for issuing voting rights, they can simply
make up a law or straight up strip you of your voting rights, therefore
censoring you. I would tackle this by making voting an inalienable right, but
clearly that is not the case in some countries (e.g. felony disenfranchisement
in the US and other places). Another problem is the recovery of
lost/stolen/phished voting "keys"/id (in a hypothetical blockchain
environment). I would tackle this with a revoke/reissue mechanism, but again,
the central entity that can revoke and reissue a key/id for you can be a point
of failure. So clearly blockchain does not fix everything.

Now there are some things that I believe "the blockchain", or some system that
is "cryptographically" secured and verifiable, can help. Mainly, in the
insurance of the integrity and uniqueness of the vote and the final tally. I
would love to be able to check, if I had the private key, that my vote counted
towards a particular candidate/party, whilst retaining my voting privacy. In
this particular use-case, there are concerns of stolen keys being used to
lookup voting histories, but I much rather tackle this problem than simply
disregard such a system altogether. Clearly, there is a level of trust that I
have to have on the current top brass at my local institutions if I want to
cast a vote to throw them out. I'm simply not confortable with paper ballets
in such instances, although I obviously prefer them to "voting machines" that
have no devised threat model whatsoever.

I know cryptocurrencies have created a space that relishes on get-rich-quick
stories, scams, buzzword parties and other sad sights, but I like to always
chose the cautious path of not throwing the baby out with the bathwater. To
extend the saying, we might need both the baby and the bathwater badly in the
future...

[1] - [http://www.sun-sentinel.com/local/broward/fl-sb-broward-
elec...](http://www.sun-sentinel.com/local/broward/fl-sb-broward-elections-
supervisor-broke-law-snipes-canova-20180514-story.html)

------
rabidrat
Obligatory (recent) xkcd: [https://xkcd.com/2030/](https://xkcd.com/2030/)

------
whymauri
I like how this article does not fall for "Betteridge's law of headlines": Any
headline that ends in a question mark can be answered by the word no. I
appreciate the straight answer in the headline.

That being said, reading a headline obviously does not equate to reading a
whole article.

