In the digital age, it seems strange that people all around the world still use paper to vote. Of course, given bitcoin’s promise to remove paper from the financial system, many in the industry are beginning to ask if the same block chain technology can be applied to help modernize the democratic process.
There’s good reason, as the traditional paper voting system has its flaws. In 2012, when the last US election occurred, one in every eight voter registrations was invalid or inaccurate, and 2.7 million voters were registered in multiple states. That’s a terrible statistic in a system used to decide the future of any nation, let alone one as powerful as the US.
Some might argue that the paper voting system could use a little digital efficiency. Internet voting might not only be more accurate, but it could also be more frequent. Organising a paper-based vote on monthly issues would be impractical, but voting from your tablet or mobile phone on, say, whether to allow your local MP or senator to continue in their role might encourage a little more accountability in the seat of power.
Forget it, says Barbara Simons. “At this point we cannot do Internet voting securely,” warns the former IBM computer scientist who has conducted extensive research into Internet voting. Readers will point out that Internet voting is already happening, but she’s saying that we cannot guarantee its integrity.
Simons, a former president of the Association for Computing Machinery, participated in a National Workshop on Internet Voting commissioned by former US President Bill Clinton, and authored a book, ‘Broken Ballots‘. She is a long-standing critic of online voting, and her research caused the US Department of Defense to nix an Internet voting system it was considering.
“A lot of people think ‘I can bank online, so why can’t I vote online?’,” says Simons. “But, millions disappear from online bank accounts each year.”
There are several challenges facing Internet voting systems. One of the biggest is auditability. How can you prove that a vote was cast the proper way?
Sending your vote from a kiosk, mobile phone or home computer to a server – or even selecting options using an automated phone-based voting system – doesn’t guarantee that it gets registered properly at the other end, or even registered at all. The voter doesn’t have access to that server, or to the network along which their vote travels. And when it comes to a recount, there is no paper trail.
“The beauty of paper ballots is that you can do recounts,” says Simons.
Some are mulling block chain-based systems to help solve the tangled problem of Internet voting. Block chains are already used to encode information from – and about – a particular source, made at a particular point of time.
Blocks in a block chain are ‘sealed’ with a cryptographic hash, which can be used to verify the contents of that block at a later date. If anyone tries to alter the historical record of transactions in a network, or to introduce new ones, then they’d have to go back and alter that block in the block chain. That would create a new hash that wouldn’t match the existing hash on record for that block.
The fraudster could simply replace that hash with a new one, but it takes a lot of computing power to calculate a hash on the bitcoin network. And the hash for a bitcoin block is used to help compute the hash of the next block in the block chain. That means that the further back in time you try to alter a transaction, the more hashes you’d have to recalculate, and the more computing power it would take.
That is how bitcoin is able to guarantee its validity as a public ledger for all transactions in its history. But, if you can do that for financial transactions, the argument goes, then why can’t you do it for votes? After all, votes are another kind of transaction that has to be recorded. The Liberal Alliance party in Denmark is said to be in favour of a block chain-based vote.
BitCongress is using the Ethereum platform to build a scrypt-based altcoin called votecoin, that will use its network to hash and verify votes. It will use an application, Axiomity, both to organise and decide the parameters for votes, and to handle the voting process, explains founder Morgan Rockwell, who is also behind Bitcoin Kinetics.
Rockwell told CoinDesk:
“The numbers that detail the cryptocurrency component, the voting methods, the GUI for Axiomity all are being set up to allow custom implementation of votecoin for multiple case uses.”
He added that votes will be hashed into a block chain.
A block chain-based system might provide a useful way to prove that a particular vote was cast by someone with a specific private key, and thereby guarantee the integrity of the votes once they were cast. But, what about guaranteeing the integrity of the voting process itself?
The big problem with Internet-based voting software, experts say, is that it’s difficult to prove that the voting machines themselves have not been compromised.
“If we’re doing remote internet voting on the voters own machines, then we need some assurance that those machines aren’t owned,” says Christopher Camp, founder of Restart Democracy, a nonprofit organization focused on driving innovations in technology to help promote democracy.
Camp explained:
“There is no simple solution. The rate of tech geeks who are having bitcoin lifted off them is a sign that this is a deep problem. And bitcoin owners are people who likely have decent security hygiene and high-entropy passwords.”
How might a client-side compromise work? Let’s say that Bob is about to vote on the next president. Bob is using a PC-based system, with open-source code that anyone can inspect and the machine is under his control. Bob uses biometric authentication to prove to the voting program that he is who he says he is.
Bob then enters his private key – securely stored on a piece of paper in a locked safe – to access his votecoin and cast his vote. Using the public key, he votes for Jane to be president.
So far, so good. But, a rookit installed by Jane’s opponent Mike via a drive-by download has altered the software’s functionality. The software uses Bob’s carefully-validated ID to alter the vote. That vote, fully authenticated, is then hashed into the block chain for posterity – as a vote for Mike.
This is not far fetched. Similar things happen in banking all the time, says Simons:
“Malware is put on the victims’ machines, and malware steals money from the victim’s bank accounts without their knowledge. There’s a famous virus called Zeus that has stolen millions of dollars from online bank accounts.”
Zeus does that by waiting for the victim to authenticate themselves to the bank, and then carrying out its own actions using that authentication.
But, surely the same software used to vote could scan the block chain and double-check that Mike’s vote was cast correctly? Perhaps. But then, if the software is running on a compromised machine and has been altered to tamper with a vote, then it isn’t to be trusted. Banking trojans also rewrite bank statements to fool users, after all.
Rockwell doesn’t have an easy answer for this.
“The reality is that problem cannot be easily solved by any electronic method,” he says. “BitCongress is not being created to replace all forms of voting; it is merely for a simple block chain-based option to give a public ledger of votes to the public eye.”
Some have tried to solve these problems using end-to-end auditable voting systems, which at least try to facilitate electronic voting, if not Internet voting.
Typically, votes are made via a kiosk, which produces some kind of paper record of the ballot, but they allow votes to be processed electronically rather than hand-counted, for efficiency and expediency. An E2E verificable system will typically cryptographically encode the physical ballots somehow, so that a later audit can be conducted if necessary to match the paper ballot with the registered vote.
Scantegrity, a system used to cryptographically verify optical voting records, tries to solve the problem of verifying physical ballot validity by including a cryptographic code printed on the voting ballot. Auditors can use the cryptographic code later on to check that the vote registered on the system corresponded with the vote on the ballot.
But, Scantegrity relies heavily on data registered before an election (such as unique codes that can be used by voters, for example). What if an election official added more codes to the list of allowable voting codes, and then ‘stuffed the ballot’ to make new, fake votes?
Jeremy Clark of Carleton University and Aleks Essex at the University of Waterloo hope to use block chains to solve that problem. They published a paper describing commitcoin. This is an implementation of a system that uses cryptographic proof of work systems to prove that they committed a message before a certain date.
The pair have suggested that this system could be used not to manage an entire voting system, but rather to prove the integrity of election data (such as a list of valid voting codes) before an event. That way, if someone tried to add more voting codes, it could be compared with the original, verifiable list.
Clark has also worked on a remote voting system known as Remotegrity. This allows voters to use the Internet, though it relies on the postal system as a side channel. Voters can’t rely entirely on the voting system, but must instead receive lists of candidates via the mail.
The candidates are represented by numbers, randomised across different mailings and they use these numbers when voting on the Internet. That prevents a compromised computer from changing their vote.
Clark explained:
“I think the long term solution is to marry a modified version of Remotegrity with the block chain, so that you end up with a Distributed Autonomous version of Remotegrity.”
The block chain may be a useful means of guaranteeing vote integrity at the back end, but as these experts point out, guaranteeing vote integrity from end to end is a sticky problem – especially if you’re trying to make push-button democracy a reality.
On the other hand, in an electoral system where a quarter of eligible US voters aren’t even registered, rootkits are one problem in a constellation of democracy-threatening issues.
Digital voting image via Shutterstock