by John Murray Research Director
In the run-up to the US elections, fresh attention is being paid to voting machine technology and the challenges of designing reliable systems that can provide adequate data security and reliable backup paper trails to support recounts and settle disputed results.
In the aftermath of the 2016 election, with its accusations of foreign interference, states and counties across the country have been rolling out new and upgraded machines that provide all-in-one ballot-marking, vote-counting, and backup printing capabilities. But even standalone voting terminals are vulnerable to intentional tampering and accidental configuration errors, and the privately-held vendors of such machines are unwilling to expose their proprietary systems to external scrutiny and independent evaluation. Some states’ systems still rely on outdated platforms like Windows 2000, and modernization efforts are haphazard and cash-strapped.
With online voting, the situation is even more precarious, because of the high potential for adversarial attacks. Cybersecurity researchers often find flaws with proprietary online-voting systems, but there are legal moves to make it more difficult to find such vulnerabilities. In a briefing filed to the US Supreme Court last month, Voatz, a vendor of e-voting products that are used in eleven states, argued that security researchers shouldn’t have legal protections when looking for flaws without permission. The company’s briefing was motivated by the findings of computer science researchers at MIT and the University of Michigan, who demonstrated that its e-voting platform was riddled with security flaws. But investigations of security vulnerabilities, by their very nature, involve accessing computers in ways unanticipated by the computer owners and often in contravention of the owners’ stated policies.
In this complicated environment, blockchain technology has been proposed in recent years as a solution to these challenges. Proponents point out that distributed ledgers are ideal for handling sensitive data in settings where trustworthiness is in short supply. The very nature of blockchains means that previous entries cannot be modified without all users seeing the modification, which makes them tamperproof. And, it’s claimed, if they are suitable for handling financial transactions in a safe and reliable fashion, then surely they’re more than adequate for secure voting systems.
But all the simple assurances of physically marking up paper ballots in a bricks-and-mortar polling station turn out to be devilishly difficult to fully replicate in online systems. For example, an e-voting system needs to ensure that a person is eligible to vote and has the proper identifying credentials. At the same time, it must be impossible to trace any specific vote back to the person who submitted it. But the system should also be able to prove to an individual that their vote was actually counted — and, when necessary, re-counted — correctly. And yet, it cannot issue a detailed receipt to the voter, as that would enable coercion and vote-selling.
As the Electronic Frontier Foundation has pointed out, no current computer technology, including blockchain voting, can meet these criteria and guarantee the secure, verifiable, and private return of voted ballots over the internet. Even the most ardent e-voting proponents concede that there are limitations to the blockchain approach at the moment in that voter anonymity can be compromised to some degree by the proximity of given blocks in the system. However, they suggest this will be surmountable with additional research.
And, for that matter, no form of remote voting can completely eliminate the potential for intimidation and vote-selling, since even people using mail-in ballots can be pressured, by family members or others, into making particular vote selections.
So perhaps blockchains are, at least for now, best applied in arenas where they’re best-suited, like supply-chain logistics and digital assets management — and cryptocurrencies of course.
If you would like to attend the next Global Investor Conference, taking place December 8th & 9th, 2020, you may click here to register.
Kshetri, N., and J. Voas. “Blockchain-Enabled E-Voting.” IEEE Software, vol. 35, no. 4, July 2018, pp. 95–99., doi:10.1109/MS.2018.2801546.
Mehrotra, Kartikay. “2020 Elections: Voting Machines Expose Hacking Risks.” Bloomberg.com, Bloomberg, 8 Nov. 2019, www.bloomberg.com/news/articles/2019-11-08/expensive-glitchy-voting-machines-expose-2020-hacking-risks.
“No to Online Voting in Virginia-Verified Voting Letter.” Electronic Frontier Foundation, 5 Feb. 2019, www.eff.org/document/
Ng, Alfred. “Online-Voting Company Pushes to Make It Harder for Researchers to Find Security Flaws.” CNET, CNET, 3 Sept. 2020, www.cnet.com/news/
Perez, Edward. “The Marketplace for Election Technology Is Broken. Democracy Is at Stake.” The Marketplace for Voting Machines Is Heavily Concentrated. What That Means for the 2020 Election | Barron’s, Barrons, 3 Oct. 2020, www.barrons.com/articles/