Blockchains for Voting: An idea whose time will never come
By Duncan Buell, NCR Professor of Computer Science and Engineering, University of South Carolina and Advisor to U.S. Vote Foundation
If you were to ask computing and election security experts for the two things they would most strongly oppose when it comes to elections, nearly all would probably answer: Internet voting and the use of blockchains in elections. There is nearly universal agreement that the Internet today is not sufficiently secure for something as important as elections, and that making it secure will be very hard indeed.
Not only do blockchains add no value to the election process; blockchains actually introduce new vulnerabilities to the voting process. Nonetheless, several startup companies are promoting Internet voting and claiming their use of blockchains is a benefit. Not surprisingly, it seems that no purveyor of blockchain voting is willing to allow independent testing by experts to see if their claims are justified.
The Internet, in general, is not a place for elections. It is difficult, if not impossible, to authenticate a person attempting to vote over the Internet. It is impossible to guarantee that the voter’s computer has not been infected with malware. It is impossible to guarantee that a denial-of-service attack won’t take place. And it is impossible in current systems and those likely to be available in the near future to produce votes that can be audited without stripping out the voters’ right to a secret ballot.
Blockchain transaction technology, with all the hype around it, stands to become a further use of an inappropriate and unnecessary technology for voting. Unfortunately, it seems to be touted as the answer to all possible problems, appropriate or not. Just because blockchains are the shiny new thing on the Internet is no reason to use them for elections, any more than the shiny new Tesla Model 3 is the right vehicle for transporting bricks to a construction site.
Blockchains were devised as a way to distribute trust on a network without a central authority. But elections have a central authority—the election office—which is legally The Authority. The election office does not need a mechanism for distributed trust. In addition, blockchains can be very slow, spending a lot of the time verifying that no one is cheating. But verifying that no one is cheating is the responsibility of the election office, and their time and effort would be much better spent verifying that their own central servers are secure and trustworthy, rather than trying to find cheating by unknown bad actors somewhere off on other computers in cyberspace.
Internet voting, with or without blockchains, does not provide an auditable result or a way for voters to ensure that their votes are counted. The record of the votes is electronic, subject to computer failure, network failure, unintentional mistakes, and deliberate hacks. Computer security is nearly always a game of defense; we ought not to turn democracy over to a process where we can’t tell that things have gone wrong until after they have gone wrong.
And finally, one must realize that no single company will invent the entire process on its own. As with all things on the Internet, there are layers upon layers of software, all of which would need to be trusted, and trusted to work together. As has repeatedly been seen, in hack after hack, this reliability just doesn’t happen. With enough software in the process (facial recognition, fingerprint recognition, network transmission, cryptography in the transmitted messages (and more), there will somewhere be a vulnerability, and it will not be exposed until it’s too late.
Voting is important, because our democracy is important. The use of insecure, irrelevant technology by companies who have refused to allow their technology to undergo independent testing should be viewed as a danger, not a benefit. And we should not lose sight of the fact that less than one day after a major US city announced it would use the Internet and blockchains for voting, the same announcement was made by Vladimir Putin’s United Russia party.
The use of this technology by United Russia should cast serious doubt on its vulnerability and susceptibility to hacking. Do we really believe that Putin wants his elections to be as legitimate as what we would hope US elections to be? Or that he would implement blockchain technology in elections unless it gave the smokescreen of “security” while allowing systemic, widespread manipulation of the vote?